sandbox / mbedtls

mbedtls ported to mbed-classic

Fork of mbedtls by Christopher Haster

source/bignum.c@1:24750b9ad5ef, 2016-01-22 (annotated)

Committer:
Christopher Haster
Date:
Fri Jan 22 16:44:49 2016 -0600
Revision:
1:24750b9ad5ef
Initial move of mbedtls to mercurial

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Christopher Haster 1:24750b9ad5ef 1 /*
Christopher Haster 1:24750b9ad5ef 2 * Multi-precision integer library
Christopher Haster 1:24750b9ad5ef 3 *
Christopher Haster 1:24750b9ad5ef 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Christopher Haster 1:24750b9ad5ef 5 * SPDX-License-Identifier: Apache-2.0
Christopher Haster 1:24750b9ad5ef 6 *
Christopher Haster 1:24750b9ad5ef 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
Christopher Haster 1:24750b9ad5ef 8 * not use this file except in compliance with the License.
Christopher Haster 1:24750b9ad5ef 9 * You may obtain a copy of the License at
Christopher Haster 1:24750b9ad5ef 10 *
Christopher Haster 1:24750b9ad5ef 11 * http://www.apache.org/licenses/LICENSE-2.0
Christopher Haster 1:24750b9ad5ef 12 *
Christopher Haster 1:24750b9ad5ef 13 * Unless required by applicable law or agreed to in writing, software
Christopher Haster 1:24750b9ad5ef 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
Christopher Haster 1:24750b9ad5ef 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Christopher Haster 1:24750b9ad5ef 16 * See the License for the specific language governing permissions and
Christopher Haster 1:24750b9ad5ef 17 * limitations under the License.
Christopher Haster 1:24750b9ad5ef 18 *
Christopher Haster 1:24750b9ad5ef 19 * This file is part of mbed TLS (https://tls.mbed.org)
Christopher Haster 1:24750b9ad5ef 20 */
Christopher Haster 1:24750b9ad5ef 21 /*
Christopher Haster 1:24750b9ad5ef 22 * This MPI implementation is based on:
Christopher Haster 1:24750b9ad5ef 23 *
Christopher Haster 1:24750b9ad5ef 24 * http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf
Christopher Haster 1:24750b9ad5ef 25 * http://www.stillhq.com/extracted/gnupg-api/mpi/
Christopher Haster 1:24750b9ad5ef 26 * http://math.libtomcrypt.com/files/tommath.pdf
Christopher Haster 1:24750b9ad5ef 27 */
Christopher Haster 1:24750b9ad5ef 28
Christopher Haster 1:24750b9ad5ef 29 #if !defined(MBEDTLS_CONFIG_FILE)
Christopher Haster 1:24750b9ad5ef 30 #include "mbedtls/config.h"
Christopher Haster 1:24750b9ad5ef 31 #else
Christopher Haster 1:24750b9ad5ef 32 #include MBEDTLS_CONFIG_FILE
Christopher Haster 1:24750b9ad5ef 33 #endif
Christopher Haster 1:24750b9ad5ef 34
Christopher Haster 1:24750b9ad5ef 35 #if defined(MBEDTLS_BIGNUM_C)
Christopher Haster 1:24750b9ad5ef 36
Christopher Haster 1:24750b9ad5ef 37 #include "mbedtls/bignum.h"
Christopher Haster 1:24750b9ad5ef 38 #include "mbedtls/bn_mul.h"
Christopher Haster 1:24750b9ad5ef 39
Christopher Haster 1:24750b9ad5ef 40 #include <string.h>
Christopher Haster 1:24750b9ad5ef 41
Christopher Haster 1:24750b9ad5ef 42 #if defined(MBEDTLS_PLATFORM_C)
Christopher Haster 1:24750b9ad5ef 43 #include "mbedtls/platform.h"
Christopher Haster 1:24750b9ad5ef 44 #else
Christopher Haster 1:24750b9ad5ef 45 #include <stdio.h>
Christopher Haster 1:24750b9ad5ef 46 #include <stdlib.h>
Christopher Haster 1:24750b9ad5ef 47 #define mbedtls_printf printf
Christopher Haster 1:24750b9ad5ef 48 #define mbedtls_calloc calloc
Christopher Haster 1:24750b9ad5ef 49 #define mbedtls_free free
Christopher Haster 1:24750b9ad5ef 50 #endif
Christopher Haster 1:24750b9ad5ef 51
Christopher Haster 1:24750b9ad5ef 52 /* Implementation that should never be optimized out by the compiler */
Christopher Haster 1:24750b9ad5ef 53 static void mbedtls_zeroize( void *v, size_t n ) {
Christopher Haster 1:24750b9ad5ef 54 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
Christopher Haster 1:24750b9ad5ef 55 }
Christopher Haster 1:24750b9ad5ef 56
Christopher Haster 1:24750b9ad5ef 57 #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
Christopher Haster 1:24750b9ad5ef 58 #define biL (ciL << 3) /* bits in limb */
Christopher Haster 1:24750b9ad5ef 59 #define biH (ciL << 2) /* half limb size */
Christopher Haster 1:24750b9ad5ef 60
Christopher Haster 1:24750b9ad5ef 61 #define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
Christopher Haster 1:24750b9ad5ef 62
Christopher Haster 1:24750b9ad5ef 63 /*
Christopher Haster 1:24750b9ad5ef 64 * Convert between bits/chars and number of limbs
Christopher Haster 1:24750b9ad5ef 65 * Divide first in order to avoid potential overflows
Christopher Haster 1:24750b9ad5ef 66 */
Christopher Haster 1:24750b9ad5ef 67 #define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) )
Christopher Haster 1:24750b9ad5ef 68 #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
Christopher Haster 1:24750b9ad5ef 69
Christopher Haster 1:24750b9ad5ef 70 /*
Christopher Haster 1:24750b9ad5ef 71 * Initialize one MPI
Christopher Haster 1:24750b9ad5ef 72 */
Christopher Haster 1:24750b9ad5ef 73 void mbedtls_mpi_init( mbedtls_mpi *X )
Christopher Haster 1:24750b9ad5ef 74 {
Christopher Haster 1:24750b9ad5ef 75 if( X == NULL )
Christopher Haster 1:24750b9ad5ef 76 return;
Christopher Haster 1:24750b9ad5ef 77
Christopher Haster 1:24750b9ad5ef 78 X->s = 1;
Christopher Haster 1:24750b9ad5ef 79 X->n = 0;
Christopher Haster 1:24750b9ad5ef 80 X->p = NULL;
Christopher Haster 1:24750b9ad5ef 81 }
Christopher Haster 1:24750b9ad5ef 82
Christopher Haster 1:24750b9ad5ef 83 /*
Christopher Haster 1:24750b9ad5ef 84 * Unallocate one MPI
Christopher Haster 1:24750b9ad5ef 85 */
Christopher Haster 1:24750b9ad5ef 86 void mbedtls_mpi_free( mbedtls_mpi *X )
Christopher Haster 1:24750b9ad5ef 87 {
Christopher Haster 1:24750b9ad5ef 88 if( X == NULL )
Christopher Haster 1:24750b9ad5ef 89 return;
Christopher Haster 1:24750b9ad5ef 90
Christopher Haster 1:24750b9ad5ef 91 if( X->p != NULL )
Christopher Haster 1:24750b9ad5ef 92 {
Christopher Haster 1:24750b9ad5ef 93 mbedtls_zeroize( X->p, X->n * ciL );
Christopher Haster 1:24750b9ad5ef 94 mbedtls_free( X->p );
Christopher Haster 1:24750b9ad5ef 95 }
Christopher Haster 1:24750b9ad5ef 96
Christopher Haster 1:24750b9ad5ef 97 X->s = 1;
Christopher Haster 1:24750b9ad5ef 98 X->n = 0;
Christopher Haster 1:24750b9ad5ef 99 X->p = NULL;
Christopher Haster 1:24750b9ad5ef 100 }
Christopher Haster 1:24750b9ad5ef 101
Christopher Haster 1:24750b9ad5ef 102 /*
Christopher Haster 1:24750b9ad5ef 103 * Enlarge to the specified number of limbs
Christopher Haster 1:24750b9ad5ef 104 */
Christopher Haster 1:24750b9ad5ef 105 int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
Christopher Haster 1:24750b9ad5ef 106 {
Christopher Haster 1:24750b9ad5ef 107 mbedtls_mpi_uint *p;
Christopher Haster 1:24750b9ad5ef 108
Christopher Haster 1:24750b9ad5ef 109 if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
Christopher Haster 1:24750b9ad5ef 110 return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 111
Christopher Haster 1:24750b9ad5ef 112 if( X->n < nblimbs )
Christopher Haster 1:24750b9ad5ef 113 {
Christopher Haster 1:24750b9ad5ef 114 if( ( p = mbedtls_calloc( nblimbs, ciL ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 115 return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 116
Christopher Haster 1:24750b9ad5ef 117 if( X->p != NULL )
Christopher Haster 1:24750b9ad5ef 118 {
Christopher Haster 1:24750b9ad5ef 119 memcpy( p, X->p, X->n * ciL );
Christopher Haster 1:24750b9ad5ef 120 mbedtls_zeroize( X->p, X->n * ciL );
Christopher Haster 1:24750b9ad5ef 121 mbedtls_free( X->p );
Christopher Haster 1:24750b9ad5ef 122 }
Christopher Haster 1:24750b9ad5ef 123
Christopher Haster 1:24750b9ad5ef 124 X->n = nblimbs;
Christopher Haster 1:24750b9ad5ef 125 X->p = p;
Christopher Haster 1:24750b9ad5ef 126 }
Christopher Haster 1:24750b9ad5ef 127
Christopher Haster 1:24750b9ad5ef 128 return( 0 );
Christopher Haster 1:24750b9ad5ef 129 }
Christopher Haster 1:24750b9ad5ef 130
Christopher Haster 1:24750b9ad5ef 131 /*
Christopher Haster 1:24750b9ad5ef 132 * Resize down as much as possible,
Christopher Haster 1:24750b9ad5ef 133 * while keeping at least the specified number of limbs
Christopher Haster 1:24750b9ad5ef 134 */
Christopher Haster 1:24750b9ad5ef 135 int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
Christopher Haster 1:24750b9ad5ef 136 {
Christopher Haster 1:24750b9ad5ef 137 mbedtls_mpi_uint *p;
Christopher Haster 1:24750b9ad5ef 138 size_t i;
Christopher Haster 1:24750b9ad5ef 139
Christopher Haster 1:24750b9ad5ef 140 /* Actually resize up in this case */
Christopher Haster 1:24750b9ad5ef 141 if( X->n <= nblimbs )
Christopher Haster 1:24750b9ad5ef 142 return( mbedtls_mpi_grow( X, nblimbs ) );
Christopher Haster 1:24750b9ad5ef 143
Christopher Haster 1:24750b9ad5ef 144 for( i = X->n - 1; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 145 if( X->p[i] != 0 )
Christopher Haster 1:24750b9ad5ef 146 break;
Christopher Haster 1:24750b9ad5ef 147 i++;
Christopher Haster 1:24750b9ad5ef 148
Christopher Haster 1:24750b9ad5ef 149 if( i < nblimbs )
Christopher Haster 1:24750b9ad5ef 150 i = nblimbs;
Christopher Haster 1:24750b9ad5ef 151
Christopher Haster 1:24750b9ad5ef 152 if( ( p = mbedtls_calloc( i, ciL ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 153 return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 154
Christopher Haster 1:24750b9ad5ef 155 if( X->p != NULL )
Christopher Haster 1:24750b9ad5ef 156 {
Christopher Haster 1:24750b9ad5ef 157 memcpy( p, X->p, i * ciL );
Christopher Haster 1:24750b9ad5ef 158 mbedtls_zeroize( X->p, X->n * ciL );
Christopher Haster 1:24750b9ad5ef 159 mbedtls_free( X->p );
Christopher Haster 1:24750b9ad5ef 160 }
Christopher Haster 1:24750b9ad5ef 161
Christopher Haster 1:24750b9ad5ef 162 X->n = i;
Christopher Haster 1:24750b9ad5ef 163 X->p = p;
Christopher Haster 1:24750b9ad5ef 164
Christopher Haster 1:24750b9ad5ef 165 return( 0 );
Christopher Haster 1:24750b9ad5ef 166 }
Christopher Haster 1:24750b9ad5ef 167
Christopher Haster 1:24750b9ad5ef 168 /*
Christopher Haster 1:24750b9ad5ef 169 * Copy the contents of Y into X
Christopher Haster 1:24750b9ad5ef 170 */
Christopher Haster 1:24750b9ad5ef 171 int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
Christopher Haster 1:24750b9ad5ef 172 {
Christopher Haster 1:24750b9ad5ef 173 int ret;
Christopher Haster 1:24750b9ad5ef 174 size_t i;
Christopher Haster 1:24750b9ad5ef 175
Christopher Haster 1:24750b9ad5ef 176 if( X == Y )
Christopher Haster 1:24750b9ad5ef 177 return( 0 );
Christopher Haster 1:24750b9ad5ef 178
Christopher Haster 1:24750b9ad5ef 179 if( Y->p == NULL )
Christopher Haster 1:24750b9ad5ef 180 {
Christopher Haster 1:24750b9ad5ef 181 mbedtls_mpi_free( X );
Christopher Haster 1:24750b9ad5ef 182 return( 0 );
Christopher Haster 1:24750b9ad5ef 183 }
Christopher Haster 1:24750b9ad5ef 184
Christopher Haster 1:24750b9ad5ef 185 for( i = Y->n - 1; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 186 if( Y->p[i] != 0 )
Christopher Haster 1:24750b9ad5ef 187 break;
Christopher Haster 1:24750b9ad5ef 188 i++;
Christopher Haster 1:24750b9ad5ef 189
Christopher Haster 1:24750b9ad5ef 190 X->s = Y->s;
Christopher Haster 1:24750b9ad5ef 191
Christopher Haster 1:24750b9ad5ef 192 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) );
Christopher Haster 1:24750b9ad5ef 193
Christopher Haster 1:24750b9ad5ef 194 memset( X->p, 0, X->n * ciL );
Christopher Haster 1:24750b9ad5ef 195 memcpy( X->p, Y->p, i * ciL );
Christopher Haster 1:24750b9ad5ef 196
Christopher Haster 1:24750b9ad5ef 197 cleanup:
Christopher Haster 1:24750b9ad5ef 198
Christopher Haster 1:24750b9ad5ef 199 return( ret );
Christopher Haster 1:24750b9ad5ef 200 }
Christopher Haster 1:24750b9ad5ef 201
Christopher Haster 1:24750b9ad5ef 202 /*
Christopher Haster 1:24750b9ad5ef 203 * Swap the contents of X and Y
Christopher Haster 1:24750b9ad5ef 204 */
Christopher Haster 1:24750b9ad5ef 205 void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
Christopher Haster 1:24750b9ad5ef 206 {
Christopher Haster 1:24750b9ad5ef 207 mbedtls_mpi T;
Christopher Haster 1:24750b9ad5ef 208
Christopher Haster 1:24750b9ad5ef 209 memcpy( &T, X, sizeof( mbedtls_mpi ) );
Christopher Haster 1:24750b9ad5ef 210 memcpy( X, Y, sizeof( mbedtls_mpi ) );
Christopher Haster 1:24750b9ad5ef 211 memcpy( Y, &T, sizeof( mbedtls_mpi ) );
Christopher Haster 1:24750b9ad5ef 212 }
Christopher Haster 1:24750b9ad5ef 213
Christopher Haster 1:24750b9ad5ef 214 /*
Christopher Haster 1:24750b9ad5ef 215 * Conditionally assign X = Y, without leaking information
Christopher Haster 1:24750b9ad5ef 216 * about whether the assignment was made or not.
Christopher Haster 1:24750b9ad5ef 217 * (Leaking information about the respective sizes of X and Y is ok however.)
Christopher Haster 1:24750b9ad5ef 218 */
Christopher Haster 1:24750b9ad5ef 219 int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign )
Christopher Haster 1:24750b9ad5ef 220 {
Christopher Haster 1:24750b9ad5ef 221 int ret = 0;
Christopher Haster 1:24750b9ad5ef 222 size_t i;
Christopher Haster 1:24750b9ad5ef 223
Christopher Haster 1:24750b9ad5ef 224 /* make sure assign is 0 or 1 in a time-constant manner */
Christopher Haster 1:24750b9ad5ef 225 assign = (assign | (unsigned char)-assign) >> 7;
Christopher Haster 1:24750b9ad5ef 226
Christopher Haster 1:24750b9ad5ef 227 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
Christopher Haster 1:24750b9ad5ef 228
Christopher Haster 1:24750b9ad5ef 229 X->s = X->s * ( 1 - assign ) + Y->s * assign;
Christopher Haster 1:24750b9ad5ef 230
Christopher Haster 1:24750b9ad5ef 231 for( i = 0; i < Y->n; i++ )
Christopher Haster 1:24750b9ad5ef 232 X->p[i] = X->p[i] * ( 1 - assign ) + Y->p[i] * assign;
Christopher Haster 1:24750b9ad5ef 233
Christopher Haster 1:24750b9ad5ef 234 for( ; i < X->n; i++ )
Christopher Haster 1:24750b9ad5ef 235 X->p[i] *= ( 1 - assign );
Christopher Haster 1:24750b9ad5ef 236
Christopher Haster 1:24750b9ad5ef 237 cleanup:
Christopher Haster 1:24750b9ad5ef 238 return( ret );
Christopher Haster 1:24750b9ad5ef 239 }
Christopher Haster 1:24750b9ad5ef 240
Christopher Haster 1:24750b9ad5ef 241 /*
Christopher Haster 1:24750b9ad5ef 242 * Conditionally swap X and Y, without leaking information
Christopher Haster 1:24750b9ad5ef 243 * about whether the swap was made or not.
Christopher Haster 1:24750b9ad5ef 244 * Here it is not ok to simply swap the pointers, which whould lead to
Christopher Haster 1:24750b9ad5ef 245 * different memory access patterns when X and Y are used afterwards.
Christopher Haster 1:24750b9ad5ef 246 */
Christopher Haster 1:24750b9ad5ef 247 int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap )
Christopher Haster 1:24750b9ad5ef 248 {
Christopher Haster 1:24750b9ad5ef 249 int ret, s;
Christopher Haster 1:24750b9ad5ef 250 size_t i;
Christopher Haster 1:24750b9ad5ef 251 mbedtls_mpi_uint tmp;
Christopher Haster 1:24750b9ad5ef 252
Christopher Haster 1:24750b9ad5ef 253 if( X == Y )
Christopher Haster 1:24750b9ad5ef 254 return( 0 );
Christopher Haster 1:24750b9ad5ef 255
Christopher Haster 1:24750b9ad5ef 256 /* make sure swap is 0 or 1 in a time-constant manner */
Christopher Haster 1:24750b9ad5ef 257 swap = (swap | (unsigned char)-swap) >> 7;
Christopher Haster 1:24750b9ad5ef 258
Christopher Haster 1:24750b9ad5ef 259 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
Christopher Haster 1:24750b9ad5ef 260 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) );
Christopher Haster 1:24750b9ad5ef 261
Christopher Haster 1:24750b9ad5ef 262 s = X->s;
Christopher Haster 1:24750b9ad5ef 263 X->s = X->s * ( 1 - swap ) + Y->s * swap;
Christopher Haster 1:24750b9ad5ef 264 Y->s = Y->s * ( 1 - swap ) + s * swap;
Christopher Haster 1:24750b9ad5ef 265
Christopher Haster 1:24750b9ad5ef 266
Christopher Haster 1:24750b9ad5ef 267 for( i = 0; i < X->n; i++ )
Christopher Haster 1:24750b9ad5ef 268 {
Christopher Haster 1:24750b9ad5ef 269 tmp = X->p[i];
Christopher Haster 1:24750b9ad5ef 270 X->p[i] = X->p[i] * ( 1 - swap ) + Y->p[i] * swap;
Christopher Haster 1:24750b9ad5ef 271 Y->p[i] = Y->p[i] * ( 1 - swap ) + tmp * swap;
Christopher Haster 1:24750b9ad5ef 272 }
Christopher Haster 1:24750b9ad5ef 273
Christopher Haster 1:24750b9ad5ef 274 cleanup:
Christopher Haster 1:24750b9ad5ef 275 return( ret );
Christopher Haster 1:24750b9ad5ef 276 }
Christopher Haster 1:24750b9ad5ef 277
Christopher Haster 1:24750b9ad5ef 278 /*
Christopher Haster 1:24750b9ad5ef 279 * Set value from integer
Christopher Haster 1:24750b9ad5ef 280 */
Christopher Haster 1:24750b9ad5ef 281 int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
Christopher Haster 1:24750b9ad5ef 282 {
Christopher Haster 1:24750b9ad5ef 283 int ret;
Christopher Haster 1:24750b9ad5ef 284
Christopher Haster 1:24750b9ad5ef 285 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
Christopher Haster 1:24750b9ad5ef 286 memset( X->p, 0, X->n * ciL );
Christopher Haster 1:24750b9ad5ef 287
Christopher Haster 1:24750b9ad5ef 288 X->p[0] = ( z < 0 ) ? -z : z;
Christopher Haster 1:24750b9ad5ef 289 X->s = ( z < 0 ) ? -1 : 1;
Christopher Haster 1:24750b9ad5ef 290
Christopher Haster 1:24750b9ad5ef 291 cleanup:
Christopher Haster 1:24750b9ad5ef 292
Christopher Haster 1:24750b9ad5ef 293 return( ret );
Christopher Haster 1:24750b9ad5ef 294 }
Christopher Haster 1:24750b9ad5ef 295
Christopher Haster 1:24750b9ad5ef 296 /*
Christopher Haster 1:24750b9ad5ef 297 * Get a specific bit
Christopher Haster 1:24750b9ad5ef 298 */
Christopher Haster 1:24750b9ad5ef 299 int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos )
Christopher Haster 1:24750b9ad5ef 300 {
Christopher Haster 1:24750b9ad5ef 301 if( X->n * biL <= pos )
Christopher Haster 1:24750b9ad5ef 302 return( 0 );
Christopher Haster 1:24750b9ad5ef 303
Christopher Haster 1:24750b9ad5ef 304 return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 );
Christopher Haster 1:24750b9ad5ef 305 }
Christopher Haster 1:24750b9ad5ef 306
Christopher Haster 1:24750b9ad5ef 307 /*
Christopher Haster 1:24750b9ad5ef 308 * Set a bit to a specific value of 0 or 1
Christopher Haster 1:24750b9ad5ef 309 */
Christopher Haster 1:24750b9ad5ef 310 int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val )
Christopher Haster 1:24750b9ad5ef 311 {
Christopher Haster 1:24750b9ad5ef 312 int ret = 0;
Christopher Haster 1:24750b9ad5ef 313 size_t off = pos / biL;
Christopher Haster 1:24750b9ad5ef 314 size_t idx = pos % biL;
Christopher Haster 1:24750b9ad5ef 315
Christopher Haster 1:24750b9ad5ef 316 if( val != 0 && val != 1 )
Christopher Haster 1:24750b9ad5ef 317 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 318
Christopher Haster 1:24750b9ad5ef 319 if( X->n * biL <= pos )
Christopher Haster 1:24750b9ad5ef 320 {
Christopher Haster 1:24750b9ad5ef 321 if( val == 0 )
Christopher Haster 1:24750b9ad5ef 322 return( 0 );
Christopher Haster 1:24750b9ad5ef 323
Christopher Haster 1:24750b9ad5ef 324 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, off + 1 ) );
Christopher Haster 1:24750b9ad5ef 325 }
Christopher Haster 1:24750b9ad5ef 326
Christopher Haster 1:24750b9ad5ef 327 X->p[off] &= ~( (mbedtls_mpi_uint) 0x01 << idx );
Christopher Haster 1:24750b9ad5ef 328 X->p[off] |= (mbedtls_mpi_uint) val << idx;
Christopher Haster 1:24750b9ad5ef 329
Christopher Haster 1:24750b9ad5ef 330 cleanup:
Christopher Haster 1:24750b9ad5ef 331
Christopher Haster 1:24750b9ad5ef 332 return( ret );
Christopher Haster 1:24750b9ad5ef 333 }
Christopher Haster 1:24750b9ad5ef 334
Christopher Haster 1:24750b9ad5ef 335 /*
Christopher Haster 1:24750b9ad5ef 336 * Return the number of less significant zero-bits
Christopher Haster 1:24750b9ad5ef 337 */
Christopher Haster 1:24750b9ad5ef 338 size_t mbedtls_mpi_lsb( const mbedtls_mpi *X )
Christopher Haster 1:24750b9ad5ef 339 {
Christopher Haster 1:24750b9ad5ef 340 size_t i, j, count = 0;
Christopher Haster 1:24750b9ad5ef 341
Christopher Haster 1:24750b9ad5ef 342 for( i = 0; i < X->n; i++ )
Christopher Haster 1:24750b9ad5ef 343 for( j = 0; j < biL; j++, count++ )
Christopher Haster 1:24750b9ad5ef 344 if( ( ( X->p[i] >> j ) & 1 ) != 0 )
Christopher Haster 1:24750b9ad5ef 345 return( count );
Christopher Haster 1:24750b9ad5ef 346
Christopher Haster 1:24750b9ad5ef 347 return( 0 );
Christopher Haster 1:24750b9ad5ef 348 }
Christopher Haster 1:24750b9ad5ef 349
Christopher Haster 1:24750b9ad5ef 350 /*
Christopher Haster 1:24750b9ad5ef 351 * Return the number of bits
Christopher Haster 1:24750b9ad5ef 352 */
Christopher Haster 1:24750b9ad5ef 353 size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X )
Christopher Haster 1:24750b9ad5ef 354 {
Christopher Haster 1:24750b9ad5ef 355 size_t i, j;
Christopher Haster 1:24750b9ad5ef 356
Christopher Haster 1:24750b9ad5ef 357 if( X->n == 0 )
Christopher Haster 1:24750b9ad5ef 358 return( 0 );
Christopher Haster 1:24750b9ad5ef 359
Christopher Haster 1:24750b9ad5ef 360 for( i = X->n - 1; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 361 if( X->p[i] != 0 )
Christopher Haster 1:24750b9ad5ef 362 break;
Christopher Haster 1:24750b9ad5ef 363
Christopher Haster 1:24750b9ad5ef 364 for( j = biL; j > 0; j-- )
Christopher Haster 1:24750b9ad5ef 365 if( ( ( X->p[i] >> ( j - 1 ) ) & 1 ) != 0 )
Christopher Haster 1:24750b9ad5ef 366 break;
Christopher Haster 1:24750b9ad5ef 367
Christopher Haster 1:24750b9ad5ef 368 return( ( i * biL ) + j );
Christopher Haster 1:24750b9ad5ef 369 }
Christopher Haster 1:24750b9ad5ef 370
Christopher Haster 1:24750b9ad5ef 371 /*
Christopher Haster 1:24750b9ad5ef 372 * Return the total size in bytes
Christopher Haster 1:24750b9ad5ef 373 */
Christopher Haster 1:24750b9ad5ef 374 size_t mbedtls_mpi_size( const mbedtls_mpi *X )
Christopher Haster 1:24750b9ad5ef 375 {
Christopher Haster 1:24750b9ad5ef 376 return( ( mbedtls_mpi_bitlen( X ) + 7 ) >> 3 );
Christopher Haster 1:24750b9ad5ef 377 }
Christopher Haster 1:24750b9ad5ef 378
Christopher Haster 1:24750b9ad5ef 379 /*
Christopher Haster 1:24750b9ad5ef 380 * Convert an ASCII character to digit value
Christopher Haster 1:24750b9ad5ef 381 */
Christopher Haster 1:24750b9ad5ef 382 static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c )
Christopher Haster 1:24750b9ad5ef 383 {
Christopher Haster 1:24750b9ad5ef 384 *d = 255;
Christopher Haster 1:24750b9ad5ef 385
Christopher Haster 1:24750b9ad5ef 386 if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30;
Christopher Haster 1:24750b9ad5ef 387 if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37;
Christopher Haster 1:24750b9ad5ef 388 if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57;
Christopher Haster 1:24750b9ad5ef 389
Christopher Haster 1:24750b9ad5ef 390 if( *d >= (mbedtls_mpi_uint) radix )
Christopher Haster 1:24750b9ad5ef 391 return( MBEDTLS_ERR_MPI_INVALID_CHARACTER );
Christopher Haster 1:24750b9ad5ef 392
Christopher Haster 1:24750b9ad5ef 393 return( 0 );
Christopher Haster 1:24750b9ad5ef 394 }
Christopher Haster 1:24750b9ad5ef 395
Christopher Haster 1:24750b9ad5ef 396 /*
Christopher Haster 1:24750b9ad5ef 397 * Import from an ASCII string
Christopher Haster 1:24750b9ad5ef 398 */
Christopher Haster 1:24750b9ad5ef 399 int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
Christopher Haster 1:24750b9ad5ef 400 {
Christopher Haster 1:24750b9ad5ef 401 int ret;
Christopher Haster 1:24750b9ad5ef 402 size_t i, j, slen, n;
Christopher Haster 1:24750b9ad5ef 403 mbedtls_mpi_uint d;
Christopher Haster 1:24750b9ad5ef 404 mbedtls_mpi T;
Christopher Haster 1:24750b9ad5ef 405
Christopher Haster 1:24750b9ad5ef 406 if( radix < 2 || radix > 16 )
Christopher Haster 1:24750b9ad5ef 407 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 408
Christopher Haster 1:24750b9ad5ef 409 mbedtls_mpi_init( &T );
Christopher Haster 1:24750b9ad5ef 410
Christopher Haster 1:24750b9ad5ef 411 slen = strlen( s );
Christopher Haster 1:24750b9ad5ef 412
Christopher Haster 1:24750b9ad5ef 413 if( radix == 16 )
Christopher Haster 1:24750b9ad5ef 414 {
Christopher Haster 1:24750b9ad5ef 415 if( slen > MPI_SIZE_T_MAX >> 2 )
Christopher Haster 1:24750b9ad5ef 416 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 417
Christopher Haster 1:24750b9ad5ef 418 n = BITS_TO_LIMBS( slen << 2 );
Christopher Haster 1:24750b9ad5ef 419
Christopher Haster 1:24750b9ad5ef 420 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) );
Christopher Haster 1:24750b9ad5ef 421 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
Christopher Haster 1:24750b9ad5ef 422
Christopher Haster 1:24750b9ad5ef 423 for( i = slen, j = 0; i > 0; i--, j++ )
Christopher Haster 1:24750b9ad5ef 424 {
Christopher Haster 1:24750b9ad5ef 425 if( i == 1 && s[i - 1] == '-' )
Christopher Haster 1:24750b9ad5ef 426 {
Christopher Haster 1:24750b9ad5ef 427 X->s = -1;
Christopher Haster 1:24750b9ad5ef 428 break;
Christopher Haster 1:24750b9ad5ef 429 }
Christopher Haster 1:24750b9ad5ef 430
Christopher Haster 1:24750b9ad5ef 431 MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
Christopher Haster 1:24750b9ad5ef 432 X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
Christopher Haster 1:24750b9ad5ef 433 }
Christopher Haster 1:24750b9ad5ef 434 }
Christopher Haster 1:24750b9ad5ef 435 else
Christopher Haster 1:24750b9ad5ef 436 {
Christopher Haster 1:24750b9ad5ef 437 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
Christopher Haster 1:24750b9ad5ef 438
Christopher Haster 1:24750b9ad5ef 439 for( i = 0; i < slen; i++ )
Christopher Haster 1:24750b9ad5ef 440 {
Christopher Haster 1:24750b9ad5ef 441 if( i == 0 && s[i] == '-' )
Christopher Haster 1:24750b9ad5ef 442 {
Christopher Haster 1:24750b9ad5ef 443 X->s = -1;
Christopher Haster 1:24750b9ad5ef 444 continue;
Christopher Haster 1:24750b9ad5ef 445 }
Christopher Haster 1:24750b9ad5ef 446
Christopher Haster 1:24750b9ad5ef 447 MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
Christopher Haster 1:24750b9ad5ef 448 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) );
Christopher Haster 1:24750b9ad5ef 449
Christopher Haster 1:24750b9ad5ef 450 if( X->s == 1 )
Christopher Haster 1:24750b9ad5ef 451 {
Christopher Haster 1:24750b9ad5ef 452 MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
Christopher Haster 1:24750b9ad5ef 453 }
Christopher Haster 1:24750b9ad5ef 454 else
Christopher Haster 1:24750b9ad5ef 455 {
Christopher Haster 1:24750b9ad5ef 456 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, &T, d ) );
Christopher Haster 1:24750b9ad5ef 457 }
Christopher Haster 1:24750b9ad5ef 458 }
Christopher Haster 1:24750b9ad5ef 459 }
Christopher Haster 1:24750b9ad5ef 460
Christopher Haster 1:24750b9ad5ef 461 cleanup:
Christopher Haster 1:24750b9ad5ef 462
Christopher Haster 1:24750b9ad5ef 463 mbedtls_mpi_free( &T );
Christopher Haster 1:24750b9ad5ef 464
Christopher Haster 1:24750b9ad5ef 465 return( ret );
Christopher Haster 1:24750b9ad5ef 466 }
Christopher Haster 1:24750b9ad5ef 467
Christopher Haster 1:24750b9ad5ef 468 /*
Christopher Haster 1:24750b9ad5ef 469 * Helper to write the digits high-order first
Christopher Haster 1:24750b9ad5ef 470 */
Christopher Haster 1:24750b9ad5ef 471 static int mpi_write_hlp( mbedtls_mpi *X, int radix, char **p )
Christopher Haster 1:24750b9ad5ef 472 {
Christopher Haster 1:24750b9ad5ef 473 int ret;
Christopher Haster 1:24750b9ad5ef 474 mbedtls_mpi_uint r;
Christopher Haster 1:24750b9ad5ef 475
Christopher Haster 1:24750b9ad5ef 476 if( radix < 2 || radix > 16 )
Christopher Haster 1:24750b9ad5ef 477 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 478
Christopher Haster 1:24750b9ad5ef 479 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
Christopher Haster 1:24750b9ad5ef 480 MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
Christopher Haster 1:24750b9ad5ef 481
Christopher Haster 1:24750b9ad5ef 482 if( mbedtls_mpi_cmp_int( X, 0 ) != 0 )
Christopher Haster 1:24750b9ad5ef 483 MBEDTLS_MPI_CHK( mpi_write_hlp( X, radix, p ) );
Christopher Haster 1:24750b9ad5ef 484
Christopher Haster 1:24750b9ad5ef 485 if( r < 10 )
Christopher Haster 1:24750b9ad5ef 486 *(*p)++ = (char)( r + 0x30 );
Christopher Haster 1:24750b9ad5ef 487 else
Christopher Haster 1:24750b9ad5ef 488 *(*p)++ = (char)( r + 0x37 );
Christopher Haster 1:24750b9ad5ef 489
Christopher Haster 1:24750b9ad5ef 490 cleanup:
Christopher Haster 1:24750b9ad5ef 491
Christopher Haster 1:24750b9ad5ef 492 return( ret );
Christopher Haster 1:24750b9ad5ef 493 }
Christopher Haster 1:24750b9ad5ef 494
Christopher Haster 1:24750b9ad5ef 495 /*
Christopher Haster 1:24750b9ad5ef 496 * Export into an ASCII string
Christopher Haster 1:24750b9ad5ef 497 */
Christopher Haster 1:24750b9ad5ef 498 int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
Christopher Haster 1:24750b9ad5ef 499 char *buf, size_t buflen, size_t *olen )
Christopher Haster 1:24750b9ad5ef 500 {
Christopher Haster 1:24750b9ad5ef 501 int ret = 0;
Christopher Haster 1:24750b9ad5ef 502 size_t n;
Christopher Haster 1:24750b9ad5ef 503 char *p;
Christopher Haster 1:24750b9ad5ef 504 mbedtls_mpi T;
Christopher Haster 1:24750b9ad5ef 505
Christopher Haster 1:24750b9ad5ef 506 if( radix < 2 || radix > 16 )
Christopher Haster 1:24750b9ad5ef 507 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 508
Christopher Haster 1:24750b9ad5ef 509 n = mbedtls_mpi_bitlen( X );
Christopher Haster 1:24750b9ad5ef 510 if( radix >= 4 ) n >>= 1;
Christopher Haster 1:24750b9ad5ef 511 if( radix >= 16 ) n >>= 1;
Christopher Haster 1:24750b9ad5ef 512 n += 3;
Christopher Haster 1:24750b9ad5ef 513
Christopher Haster 1:24750b9ad5ef 514 if( buflen < n )
Christopher Haster 1:24750b9ad5ef 515 {
Christopher Haster 1:24750b9ad5ef 516 *olen = n;
Christopher Haster 1:24750b9ad5ef 517 return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
Christopher Haster 1:24750b9ad5ef 518 }
Christopher Haster 1:24750b9ad5ef 519
Christopher Haster 1:24750b9ad5ef 520 p = buf;
Christopher Haster 1:24750b9ad5ef 521 mbedtls_mpi_init( &T );
Christopher Haster 1:24750b9ad5ef 522
Christopher Haster 1:24750b9ad5ef 523 if( X->s == -1 )
Christopher Haster 1:24750b9ad5ef 524 *p++ = '-';
Christopher Haster 1:24750b9ad5ef 525
Christopher Haster 1:24750b9ad5ef 526 if( radix == 16 )
Christopher Haster 1:24750b9ad5ef 527 {
Christopher Haster 1:24750b9ad5ef 528 int c;
Christopher Haster 1:24750b9ad5ef 529 size_t i, j, k;
Christopher Haster 1:24750b9ad5ef 530
Christopher Haster 1:24750b9ad5ef 531 for( i = X->n, k = 0; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 532 {
Christopher Haster 1:24750b9ad5ef 533 for( j = ciL; j > 0; j-- )
Christopher Haster 1:24750b9ad5ef 534 {
Christopher Haster 1:24750b9ad5ef 535 c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF;
Christopher Haster 1:24750b9ad5ef 536
Christopher Haster 1:24750b9ad5ef 537 if( c == 0 && k == 0 && ( i + j ) != 2 )
Christopher Haster 1:24750b9ad5ef 538 continue;
Christopher Haster 1:24750b9ad5ef 539
Christopher Haster 1:24750b9ad5ef 540 *(p++) = "0123456789ABCDEF" [c / 16];
Christopher Haster 1:24750b9ad5ef 541 *(p++) = "0123456789ABCDEF" [c % 16];
Christopher Haster 1:24750b9ad5ef 542 k = 1;
Christopher Haster 1:24750b9ad5ef 543 }
Christopher Haster 1:24750b9ad5ef 544 }
Christopher Haster 1:24750b9ad5ef 545 }
Christopher Haster 1:24750b9ad5ef 546 else
Christopher Haster 1:24750b9ad5ef 547 {
Christopher Haster 1:24750b9ad5ef 548 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T, X ) );
Christopher Haster 1:24750b9ad5ef 549
Christopher Haster 1:24750b9ad5ef 550 if( T.s == -1 )
Christopher Haster 1:24750b9ad5ef 551 T.s = 1;
Christopher Haster 1:24750b9ad5ef 552
Christopher Haster 1:24750b9ad5ef 553 MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p ) );
Christopher Haster 1:24750b9ad5ef 554 }
Christopher Haster 1:24750b9ad5ef 555
Christopher Haster 1:24750b9ad5ef 556 *p++ = '\0';
Christopher Haster 1:24750b9ad5ef 557 *olen = p - buf;
Christopher Haster 1:24750b9ad5ef 558
Christopher Haster 1:24750b9ad5ef 559 cleanup:
Christopher Haster 1:24750b9ad5ef 560
Christopher Haster 1:24750b9ad5ef 561 mbedtls_mpi_free( &T );
Christopher Haster 1:24750b9ad5ef 562
Christopher Haster 1:24750b9ad5ef 563 return( ret );
Christopher Haster 1:24750b9ad5ef 564 }
Christopher Haster 1:24750b9ad5ef 565
Christopher Haster 1:24750b9ad5ef 566 #if defined(MBEDTLS_FS_IO)
Christopher Haster 1:24750b9ad5ef 567 /*
Christopher Haster 1:24750b9ad5ef 568 * Read X from an opened file
Christopher Haster 1:24750b9ad5ef 569 */
Christopher Haster 1:24750b9ad5ef 570 int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin )
Christopher Haster 1:24750b9ad5ef 571 {
Christopher Haster 1:24750b9ad5ef 572 mbedtls_mpi_uint d;
Christopher Haster 1:24750b9ad5ef 573 size_t slen;
Christopher Haster 1:24750b9ad5ef 574 char *p;
Christopher Haster 1:24750b9ad5ef 575 /*
Christopher Haster 1:24750b9ad5ef 576 * Buffer should have space for (short) label and decimal formatted MPI,
Christopher Haster 1:24750b9ad5ef 577 * newline characters and '\0'
Christopher Haster 1:24750b9ad5ef 578 */
Christopher Haster 1:24750b9ad5ef 579 char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
Christopher Haster 1:24750b9ad5ef 580
Christopher Haster 1:24750b9ad5ef 581 memset( s, 0, sizeof( s ) );
Christopher Haster 1:24750b9ad5ef 582 if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
Christopher Haster 1:24750b9ad5ef 583 return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
Christopher Haster 1:24750b9ad5ef 584
Christopher Haster 1:24750b9ad5ef 585 slen = strlen( s );
Christopher Haster 1:24750b9ad5ef 586 if( slen == sizeof( s ) - 2 )
Christopher Haster 1:24750b9ad5ef 587 return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
Christopher Haster 1:24750b9ad5ef 588
Christopher Haster 1:24750b9ad5ef 589 if( s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; }
Christopher Haster 1:24750b9ad5ef 590 if( s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; }
Christopher Haster 1:24750b9ad5ef 591
Christopher Haster 1:24750b9ad5ef 592 p = s + slen;
Christopher Haster 1:24750b9ad5ef 593 while( --p >= s )
Christopher Haster 1:24750b9ad5ef 594 if( mpi_get_digit( &d, radix, *p ) != 0 )
Christopher Haster 1:24750b9ad5ef 595 break;
Christopher Haster 1:24750b9ad5ef 596
Christopher Haster 1:24750b9ad5ef 597 return( mbedtls_mpi_read_string( X, radix, p + 1 ) );
Christopher Haster 1:24750b9ad5ef 598 }
Christopher Haster 1:24750b9ad5ef 599
Christopher Haster 1:24750b9ad5ef 600 /*
Christopher Haster 1:24750b9ad5ef 601 * Write X into an opened file (or stdout if fout == NULL)
Christopher Haster 1:24750b9ad5ef 602 */
Christopher Haster 1:24750b9ad5ef 603 int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout )
Christopher Haster 1:24750b9ad5ef 604 {
Christopher Haster 1:24750b9ad5ef 605 int ret;
Christopher Haster 1:24750b9ad5ef 606 size_t n, slen, plen;
Christopher Haster 1:24750b9ad5ef 607 /*
Christopher Haster 1:24750b9ad5ef 608 * Buffer should have space for (short) label and decimal formatted MPI,
Christopher Haster 1:24750b9ad5ef 609 * newline characters and '\0'
Christopher Haster 1:24750b9ad5ef 610 */
Christopher Haster 1:24750b9ad5ef 611 char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
Christopher Haster 1:24750b9ad5ef 612
Christopher Haster 1:24750b9ad5ef 613 memset( s, 0, sizeof( s ) );
Christopher Haster 1:24750b9ad5ef 614
Christopher Haster 1:24750b9ad5ef 615 MBEDTLS_MPI_CHK( mbedtls_mpi_write_string( X, radix, s, sizeof( s ) - 2, &n ) );
Christopher Haster 1:24750b9ad5ef 616
Christopher Haster 1:24750b9ad5ef 617 if( p == NULL ) p = "";
Christopher Haster 1:24750b9ad5ef 618
Christopher Haster 1:24750b9ad5ef 619 plen = strlen( p );
Christopher Haster 1:24750b9ad5ef 620 slen = strlen( s );
Christopher Haster 1:24750b9ad5ef 621 s[slen++] = '\r';
Christopher Haster 1:24750b9ad5ef 622 s[slen++] = '\n';
Christopher Haster 1:24750b9ad5ef 623
Christopher Haster 1:24750b9ad5ef 624 if( fout != NULL )
Christopher Haster 1:24750b9ad5ef 625 {
Christopher Haster 1:24750b9ad5ef 626 if( fwrite( p, 1, plen, fout ) != plen ||
Christopher Haster 1:24750b9ad5ef 627 fwrite( s, 1, slen, fout ) != slen )
Christopher Haster 1:24750b9ad5ef 628 return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
Christopher Haster 1:24750b9ad5ef 629 }
Christopher Haster 1:24750b9ad5ef 630 else
Christopher Haster 1:24750b9ad5ef 631 mbedtls_printf( "%s%s", p, s );
Christopher Haster 1:24750b9ad5ef 632
Christopher Haster 1:24750b9ad5ef 633 cleanup:
Christopher Haster 1:24750b9ad5ef 634
Christopher Haster 1:24750b9ad5ef 635 return( ret );
Christopher Haster 1:24750b9ad5ef 636 }
Christopher Haster 1:24750b9ad5ef 637 #endif /* MBEDTLS_FS_IO */
Christopher Haster 1:24750b9ad5ef 638
Christopher Haster 1:24750b9ad5ef 639 /*
Christopher Haster 1:24750b9ad5ef 640 * Import X from unsigned binary data, big endian
Christopher Haster 1:24750b9ad5ef 641 */
Christopher Haster 1:24750b9ad5ef 642 int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
Christopher Haster 1:24750b9ad5ef 643 {
Christopher Haster 1:24750b9ad5ef 644 int ret;
Christopher Haster 1:24750b9ad5ef 645 size_t i, j, n;
Christopher Haster 1:24750b9ad5ef 646
Christopher Haster 1:24750b9ad5ef 647 for( n = 0; n < buflen; n++ )
Christopher Haster 1:24750b9ad5ef 648 if( buf[n] != 0 )
Christopher Haster 1:24750b9ad5ef 649 break;
Christopher Haster 1:24750b9ad5ef 650
Christopher Haster 1:24750b9ad5ef 651 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) );
Christopher Haster 1:24750b9ad5ef 652 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
Christopher Haster 1:24750b9ad5ef 653
Christopher Haster 1:24750b9ad5ef 654 for( i = buflen, j = 0; i > n; i--, j++ )
Christopher Haster 1:24750b9ad5ef 655 X->p[j / ciL] |= ((mbedtls_mpi_uint) buf[i - 1]) << ((j % ciL) << 3);
Christopher Haster 1:24750b9ad5ef 656
Christopher Haster 1:24750b9ad5ef 657 cleanup:
Christopher Haster 1:24750b9ad5ef 658
Christopher Haster 1:24750b9ad5ef 659 return( ret );
Christopher Haster 1:24750b9ad5ef 660 }
Christopher Haster 1:24750b9ad5ef 661
Christopher Haster 1:24750b9ad5ef 662 /*
Christopher Haster 1:24750b9ad5ef 663 * Export X into unsigned binary data, big endian
Christopher Haster 1:24750b9ad5ef 664 */
Christopher Haster 1:24750b9ad5ef 665 int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen )
Christopher Haster 1:24750b9ad5ef 666 {
Christopher Haster 1:24750b9ad5ef 667 size_t i, j, n;
Christopher Haster 1:24750b9ad5ef 668
Christopher Haster 1:24750b9ad5ef 669 n = mbedtls_mpi_size( X );
Christopher Haster 1:24750b9ad5ef 670
Christopher Haster 1:24750b9ad5ef 671 if( buflen < n )
Christopher Haster 1:24750b9ad5ef 672 return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
Christopher Haster 1:24750b9ad5ef 673
Christopher Haster 1:24750b9ad5ef 674 memset( buf, 0, buflen );
Christopher Haster 1:24750b9ad5ef 675
Christopher Haster 1:24750b9ad5ef 676 for( i = buflen - 1, j = 0; n > 0; i--, j++, n-- )
Christopher Haster 1:24750b9ad5ef 677 buf[i] = (unsigned char)( X->p[j / ciL] >> ((j % ciL) << 3) );
Christopher Haster 1:24750b9ad5ef 678
Christopher Haster 1:24750b9ad5ef 679 return( 0 );
Christopher Haster 1:24750b9ad5ef 680 }
Christopher Haster 1:24750b9ad5ef 681
Christopher Haster 1:24750b9ad5ef 682 /*
Christopher Haster 1:24750b9ad5ef 683 * Left-shift: X <<= count
Christopher Haster 1:24750b9ad5ef 684 */
Christopher Haster 1:24750b9ad5ef 685 int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count )
Christopher Haster 1:24750b9ad5ef 686 {
Christopher Haster 1:24750b9ad5ef 687 int ret;
Christopher Haster 1:24750b9ad5ef 688 size_t i, v0, t1;
Christopher Haster 1:24750b9ad5ef 689 mbedtls_mpi_uint r0 = 0, r1;
Christopher Haster 1:24750b9ad5ef 690
Christopher Haster 1:24750b9ad5ef 691 v0 = count / (biL );
Christopher Haster 1:24750b9ad5ef 692 t1 = count & (biL - 1);
Christopher Haster 1:24750b9ad5ef 693
Christopher Haster 1:24750b9ad5ef 694 i = mbedtls_mpi_bitlen( X ) + count;
Christopher Haster 1:24750b9ad5ef 695
Christopher Haster 1:24750b9ad5ef 696 if( X->n * biL < i )
Christopher Haster 1:24750b9ad5ef 697 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, BITS_TO_LIMBS( i ) ) );
Christopher Haster 1:24750b9ad5ef 698
Christopher Haster 1:24750b9ad5ef 699 ret = 0;
Christopher Haster 1:24750b9ad5ef 700
Christopher Haster 1:24750b9ad5ef 701 /*
Christopher Haster 1:24750b9ad5ef 702 * shift by count / limb_size
Christopher Haster 1:24750b9ad5ef 703 */
Christopher Haster 1:24750b9ad5ef 704 if( v0 > 0 )
Christopher Haster 1:24750b9ad5ef 705 {
Christopher Haster 1:24750b9ad5ef 706 for( i = X->n; i > v0; i-- )
Christopher Haster 1:24750b9ad5ef 707 X->p[i - 1] = X->p[i - v0 - 1];
Christopher Haster 1:24750b9ad5ef 708
Christopher Haster 1:24750b9ad5ef 709 for( ; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 710 X->p[i - 1] = 0;
Christopher Haster 1:24750b9ad5ef 711 }
Christopher Haster 1:24750b9ad5ef 712
Christopher Haster 1:24750b9ad5ef 713 /*
Christopher Haster 1:24750b9ad5ef 714 * shift by count % limb_size
Christopher Haster 1:24750b9ad5ef 715 */
Christopher Haster 1:24750b9ad5ef 716 if( t1 > 0 )
Christopher Haster 1:24750b9ad5ef 717 {
Christopher Haster 1:24750b9ad5ef 718 for( i = v0; i < X->n; i++ )
Christopher Haster 1:24750b9ad5ef 719 {
Christopher Haster 1:24750b9ad5ef 720 r1 = X->p[i] >> (biL - t1);
Christopher Haster 1:24750b9ad5ef 721 X->p[i] <<= t1;
Christopher Haster 1:24750b9ad5ef 722 X->p[i] |= r0;
Christopher Haster 1:24750b9ad5ef 723 r0 = r1;
Christopher Haster 1:24750b9ad5ef 724 }
Christopher Haster 1:24750b9ad5ef 725 }
Christopher Haster 1:24750b9ad5ef 726
Christopher Haster 1:24750b9ad5ef 727 cleanup:
Christopher Haster 1:24750b9ad5ef 728
Christopher Haster 1:24750b9ad5ef 729 return( ret );
Christopher Haster 1:24750b9ad5ef 730 }
Christopher Haster 1:24750b9ad5ef 731
Christopher Haster 1:24750b9ad5ef 732 /*
Christopher Haster 1:24750b9ad5ef 733 * Right-shift: X >>= count
Christopher Haster 1:24750b9ad5ef 734 */
Christopher Haster 1:24750b9ad5ef 735 int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count )
Christopher Haster 1:24750b9ad5ef 736 {
Christopher Haster 1:24750b9ad5ef 737 size_t i, v0, v1;
Christopher Haster 1:24750b9ad5ef 738 mbedtls_mpi_uint r0 = 0, r1;
Christopher Haster 1:24750b9ad5ef 739
Christopher Haster 1:24750b9ad5ef 740 v0 = count / biL;
Christopher Haster 1:24750b9ad5ef 741 v1 = count & (biL - 1);
Christopher Haster 1:24750b9ad5ef 742
Christopher Haster 1:24750b9ad5ef 743 if( v0 > X->n || ( v0 == X->n && v1 > 0 ) )
Christopher Haster 1:24750b9ad5ef 744 return mbedtls_mpi_lset( X, 0 );
Christopher Haster 1:24750b9ad5ef 745
Christopher Haster 1:24750b9ad5ef 746 /*
Christopher Haster 1:24750b9ad5ef 747 * shift by count / limb_size
Christopher Haster 1:24750b9ad5ef 748 */
Christopher Haster 1:24750b9ad5ef 749 if( v0 > 0 )
Christopher Haster 1:24750b9ad5ef 750 {
Christopher Haster 1:24750b9ad5ef 751 for( i = 0; i < X->n - v0; i++ )
Christopher Haster 1:24750b9ad5ef 752 X->p[i] = X->p[i + v0];
Christopher Haster 1:24750b9ad5ef 753
Christopher Haster 1:24750b9ad5ef 754 for( ; i < X->n; i++ )
Christopher Haster 1:24750b9ad5ef 755 X->p[i] = 0;
Christopher Haster 1:24750b9ad5ef 756 }
Christopher Haster 1:24750b9ad5ef 757
Christopher Haster 1:24750b9ad5ef 758 /*
Christopher Haster 1:24750b9ad5ef 759 * shift by count % limb_size
Christopher Haster 1:24750b9ad5ef 760 */
Christopher Haster 1:24750b9ad5ef 761 if( v1 > 0 )
Christopher Haster 1:24750b9ad5ef 762 {
Christopher Haster 1:24750b9ad5ef 763 for( i = X->n; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 764 {
Christopher Haster 1:24750b9ad5ef 765 r1 = X->p[i - 1] << (biL - v1);
Christopher Haster 1:24750b9ad5ef 766 X->p[i - 1] >>= v1;
Christopher Haster 1:24750b9ad5ef 767 X->p[i - 1] |= r0;
Christopher Haster 1:24750b9ad5ef 768 r0 = r1;
Christopher Haster 1:24750b9ad5ef 769 }
Christopher Haster 1:24750b9ad5ef 770 }
Christopher Haster 1:24750b9ad5ef 771
Christopher Haster 1:24750b9ad5ef 772 return( 0 );
Christopher Haster 1:24750b9ad5ef 773 }
Christopher Haster 1:24750b9ad5ef 774
Christopher Haster 1:24750b9ad5ef 775 /*
Christopher Haster 1:24750b9ad5ef 776 * Compare unsigned values
Christopher Haster 1:24750b9ad5ef 777 */
Christopher Haster 1:24750b9ad5ef 778 int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y )
Christopher Haster 1:24750b9ad5ef 779 {
Christopher Haster 1:24750b9ad5ef 780 size_t i, j;
Christopher Haster 1:24750b9ad5ef 781
Christopher Haster 1:24750b9ad5ef 782 for( i = X->n; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 783 if( X->p[i - 1] != 0 )
Christopher Haster 1:24750b9ad5ef 784 break;
Christopher Haster 1:24750b9ad5ef 785
Christopher Haster 1:24750b9ad5ef 786 for( j = Y->n; j > 0; j-- )
Christopher Haster 1:24750b9ad5ef 787 if( Y->p[j - 1] != 0 )
Christopher Haster 1:24750b9ad5ef 788 break;
Christopher Haster 1:24750b9ad5ef 789
Christopher Haster 1:24750b9ad5ef 790 if( i == 0 && j == 0 )
Christopher Haster 1:24750b9ad5ef 791 return( 0 );
Christopher Haster 1:24750b9ad5ef 792
Christopher Haster 1:24750b9ad5ef 793 if( i > j ) return( 1 );
Christopher Haster 1:24750b9ad5ef 794 if( j > i ) return( -1 );
Christopher Haster 1:24750b9ad5ef 795
Christopher Haster 1:24750b9ad5ef 796 for( ; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 797 {
Christopher Haster 1:24750b9ad5ef 798 if( X->p[i - 1] > Y->p[i - 1] ) return( 1 );
Christopher Haster 1:24750b9ad5ef 799 if( X->p[i - 1] < Y->p[i - 1] ) return( -1 );
Christopher Haster 1:24750b9ad5ef 800 }
Christopher Haster 1:24750b9ad5ef 801
Christopher Haster 1:24750b9ad5ef 802 return( 0 );
Christopher Haster 1:24750b9ad5ef 803 }
Christopher Haster 1:24750b9ad5ef 804
Christopher Haster 1:24750b9ad5ef 805 /*
Christopher Haster 1:24750b9ad5ef 806 * Compare signed values
Christopher Haster 1:24750b9ad5ef 807 */
Christopher Haster 1:24750b9ad5ef 808 int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y )
Christopher Haster 1:24750b9ad5ef 809 {
Christopher Haster 1:24750b9ad5ef 810 size_t i, j;
Christopher Haster 1:24750b9ad5ef 811
Christopher Haster 1:24750b9ad5ef 812 for( i = X->n; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 813 if( X->p[i - 1] != 0 )
Christopher Haster 1:24750b9ad5ef 814 break;
Christopher Haster 1:24750b9ad5ef 815
Christopher Haster 1:24750b9ad5ef 816 for( j = Y->n; j > 0; j-- )
Christopher Haster 1:24750b9ad5ef 817 if( Y->p[j - 1] != 0 )
Christopher Haster 1:24750b9ad5ef 818 break;
Christopher Haster 1:24750b9ad5ef 819
Christopher Haster 1:24750b9ad5ef 820 if( i == 0 && j == 0 )
Christopher Haster 1:24750b9ad5ef 821 return( 0 );
Christopher Haster 1:24750b9ad5ef 822
Christopher Haster 1:24750b9ad5ef 823 if( i > j ) return( X->s );
Christopher Haster 1:24750b9ad5ef 824 if( j > i ) return( -Y->s );
Christopher Haster 1:24750b9ad5ef 825
Christopher Haster 1:24750b9ad5ef 826 if( X->s > 0 && Y->s < 0 ) return( 1 );
Christopher Haster 1:24750b9ad5ef 827 if( Y->s > 0 && X->s < 0 ) return( -1 );
Christopher Haster 1:24750b9ad5ef 828
Christopher Haster 1:24750b9ad5ef 829 for( ; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 830 {
Christopher Haster 1:24750b9ad5ef 831 if( X->p[i - 1] > Y->p[i - 1] ) return( X->s );
Christopher Haster 1:24750b9ad5ef 832 if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s );
Christopher Haster 1:24750b9ad5ef 833 }
Christopher Haster 1:24750b9ad5ef 834
Christopher Haster 1:24750b9ad5ef 835 return( 0 );
Christopher Haster 1:24750b9ad5ef 836 }
Christopher Haster 1:24750b9ad5ef 837
Christopher Haster 1:24750b9ad5ef 838 /*
Christopher Haster 1:24750b9ad5ef 839 * Compare signed values
Christopher Haster 1:24750b9ad5ef 840 */
Christopher Haster 1:24750b9ad5ef 841 int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
Christopher Haster 1:24750b9ad5ef 842 {
Christopher Haster 1:24750b9ad5ef 843 mbedtls_mpi Y;
Christopher Haster 1:24750b9ad5ef 844 mbedtls_mpi_uint p[1];
Christopher Haster 1:24750b9ad5ef 845
Christopher Haster 1:24750b9ad5ef 846 *p = ( z < 0 ) ? -z : z;
Christopher Haster 1:24750b9ad5ef 847 Y.s = ( z < 0 ) ? -1 : 1;
Christopher Haster 1:24750b9ad5ef 848 Y.n = 1;
Christopher Haster 1:24750b9ad5ef 849 Y.p = p;
Christopher Haster 1:24750b9ad5ef 850
Christopher Haster 1:24750b9ad5ef 851 return( mbedtls_mpi_cmp_mpi( X, &Y ) );
Christopher Haster 1:24750b9ad5ef 852 }
Christopher Haster 1:24750b9ad5ef 853
Christopher Haster 1:24750b9ad5ef 854 /*
Christopher Haster 1:24750b9ad5ef 855 * Unsigned addition: X = |A| + |B| (HAC 14.7)
Christopher Haster 1:24750b9ad5ef 856 */
Christopher Haster 1:24750b9ad5ef 857 int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
Christopher Haster 1:24750b9ad5ef 858 {
Christopher Haster 1:24750b9ad5ef 859 int ret;
Christopher Haster 1:24750b9ad5ef 860 size_t i, j;
Christopher Haster 1:24750b9ad5ef 861 mbedtls_mpi_uint *o, *p, c;
Christopher Haster 1:24750b9ad5ef 862
Christopher Haster 1:24750b9ad5ef 863 if( X == B )
Christopher Haster 1:24750b9ad5ef 864 {
Christopher Haster 1:24750b9ad5ef 865 const mbedtls_mpi *T = A; A = X; B = T;
Christopher Haster 1:24750b9ad5ef 866 }
Christopher Haster 1:24750b9ad5ef 867
Christopher Haster 1:24750b9ad5ef 868 if( X != A )
Christopher Haster 1:24750b9ad5ef 869 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
Christopher Haster 1:24750b9ad5ef 870
Christopher Haster 1:24750b9ad5ef 871 /*
Christopher Haster 1:24750b9ad5ef 872 * X should always be positive as a result of unsigned additions.
Christopher Haster 1:24750b9ad5ef 873 */
Christopher Haster 1:24750b9ad5ef 874 X->s = 1;
Christopher Haster 1:24750b9ad5ef 875
Christopher Haster 1:24750b9ad5ef 876 for( j = B->n; j > 0; j-- )
Christopher Haster 1:24750b9ad5ef 877 if( B->p[j - 1] != 0 )
Christopher Haster 1:24750b9ad5ef 878 break;
Christopher Haster 1:24750b9ad5ef 879
Christopher Haster 1:24750b9ad5ef 880 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
Christopher Haster 1:24750b9ad5ef 881
Christopher Haster 1:24750b9ad5ef 882 o = B->p; p = X->p; c = 0;
Christopher Haster 1:24750b9ad5ef 883
Christopher Haster 1:24750b9ad5ef 884 for( i = 0; i < j; i++, o++, p++ )
Christopher Haster 1:24750b9ad5ef 885 {
Christopher Haster 1:24750b9ad5ef 886 *p += c; c = ( *p < c );
Christopher Haster 1:24750b9ad5ef 887 *p += *o; c += ( *p < *o );
Christopher Haster 1:24750b9ad5ef 888 }
Christopher Haster 1:24750b9ad5ef 889
Christopher Haster 1:24750b9ad5ef 890 while( c != 0 )
Christopher Haster 1:24750b9ad5ef 891 {
Christopher Haster 1:24750b9ad5ef 892 if( i >= X->n )
Christopher Haster 1:24750b9ad5ef 893 {
Christopher Haster 1:24750b9ad5ef 894 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + 1 ) );
Christopher Haster 1:24750b9ad5ef 895 p = X->p + i;
Christopher Haster 1:24750b9ad5ef 896 }
Christopher Haster 1:24750b9ad5ef 897
Christopher Haster 1:24750b9ad5ef 898 *p += c; c = ( *p < c ); i++; p++;
Christopher Haster 1:24750b9ad5ef 899 }
Christopher Haster 1:24750b9ad5ef 900
Christopher Haster 1:24750b9ad5ef 901 cleanup:
Christopher Haster 1:24750b9ad5ef 902
Christopher Haster 1:24750b9ad5ef 903 return( ret );
Christopher Haster 1:24750b9ad5ef 904 }
Christopher Haster 1:24750b9ad5ef 905
Christopher Haster 1:24750b9ad5ef 906 /*
Christopher Haster 1:24750b9ad5ef 907 * Helper for mbedtls_mpi subtraction
Christopher Haster 1:24750b9ad5ef 908 */
Christopher Haster 1:24750b9ad5ef 909 static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d )
Christopher Haster 1:24750b9ad5ef 910 {
Christopher Haster 1:24750b9ad5ef 911 size_t i;
Christopher Haster 1:24750b9ad5ef 912 mbedtls_mpi_uint c, z;
Christopher Haster 1:24750b9ad5ef 913
Christopher Haster 1:24750b9ad5ef 914 for( i = c = 0; i < n; i++, s++, d++ )
Christopher Haster 1:24750b9ad5ef 915 {
Christopher Haster 1:24750b9ad5ef 916 z = ( *d < c ); *d -= c;
Christopher Haster 1:24750b9ad5ef 917 c = ( *d < *s ) + z; *d -= *s;
Christopher Haster 1:24750b9ad5ef 918 }
Christopher Haster 1:24750b9ad5ef 919
Christopher Haster 1:24750b9ad5ef 920 while( c != 0 )
Christopher Haster 1:24750b9ad5ef 921 {
Christopher Haster 1:24750b9ad5ef 922 z = ( *d < c ); *d -= c;
Christopher Haster 1:24750b9ad5ef 923 c = z; i++; d++;
Christopher Haster 1:24750b9ad5ef 924 }
Christopher Haster 1:24750b9ad5ef 925 }
Christopher Haster 1:24750b9ad5ef 926
Christopher Haster 1:24750b9ad5ef 927 /*
Christopher Haster 1:24750b9ad5ef 928 * Unsigned subtraction: X = |A| - |B| (HAC 14.9)
Christopher Haster 1:24750b9ad5ef 929 */
Christopher Haster 1:24750b9ad5ef 930 int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
Christopher Haster 1:24750b9ad5ef 931 {
Christopher Haster 1:24750b9ad5ef 932 mbedtls_mpi TB;
Christopher Haster 1:24750b9ad5ef 933 int ret;
Christopher Haster 1:24750b9ad5ef 934 size_t n;
Christopher Haster 1:24750b9ad5ef 935
Christopher Haster 1:24750b9ad5ef 936 if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
Christopher Haster 1:24750b9ad5ef 937 return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
Christopher Haster 1:24750b9ad5ef 938
Christopher Haster 1:24750b9ad5ef 939 mbedtls_mpi_init( &TB );
Christopher Haster 1:24750b9ad5ef 940
Christopher Haster 1:24750b9ad5ef 941 if( X == B )
Christopher Haster 1:24750b9ad5ef 942 {
Christopher Haster 1:24750b9ad5ef 943 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
Christopher Haster 1:24750b9ad5ef 944 B = &TB;
Christopher Haster 1:24750b9ad5ef 945 }
Christopher Haster 1:24750b9ad5ef 946
Christopher Haster 1:24750b9ad5ef 947 if( X != A )
Christopher Haster 1:24750b9ad5ef 948 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
Christopher Haster 1:24750b9ad5ef 949
Christopher Haster 1:24750b9ad5ef 950 /*
Christopher Haster 1:24750b9ad5ef 951 * X should always be positive as a result of unsigned subtractions.
Christopher Haster 1:24750b9ad5ef 952 */
Christopher Haster 1:24750b9ad5ef 953 X->s = 1;
Christopher Haster 1:24750b9ad5ef 954
Christopher Haster 1:24750b9ad5ef 955 ret = 0;
Christopher Haster 1:24750b9ad5ef 956
Christopher Haster 1:24750b9ad5ef 957 for( n = B->n; n > 0; n-- )
Christopher Haster 1:24750b9ad5ef 958 if( B->p[n - 1] != 0 )
Christopher Haster 1:24750b9ad5ef 959 break;
Christopher Haster 1:24750b9ad5ef 960
Christopher Haster 1:24750b9ad5ef 961 mpi_sub_hlp( n, B->p, X->p );
Christopher Haster 1:24750b9ad5ef 962
Christopher Haster 1:24750b9ad5ef 963 cleanup:
Christopher Haster 1:24750b9ad5ef 964
Christopher Haster 1:24750b9ad5ef 965 mbedtls_mpi_free( &TB );
Christopher Haster 1:24750b9ad5ef 966
Christopher Haster 1:24750b9ad5ef 967 return( ret );
Christopher Haster 1:24750b9ad5ef 968 }
Christopher Haster 1:24750b9ad5ef 969
Christopher Haster 1:24750b9ad5ef 970 /*
Christopher Haster 1:24750b9ad5ef 971 * Signed addition: X = A + B
Christopher Haster 1:24750b9ad5ef 972 */
Christopher Haster 1:24750b9ad5ef 973 int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
Christopher Haster 1:24750b9ad5ef 974 {
Christopher Haster 1:24750b9ad5ef 975 int ret, s = A->s;
Christopher Haster 1:24750b9ad5ef 976
Christopher Haster 1:24750b9ad5ef 977 if( A->s * B->s < 0 )
Christopher Haster 1:24750b9ad5ef 978 {
Christopher Haster 1:24750b9ad5ef 979 if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
Christopher Haster 1:24750b9ad5ef 980 {
Christopher Haster 1:24750b9ad5ef 981 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
Christopher Haster 1:24750b9ad5ef 982 X->s = s;
Christopher Haster 1:24750b9ad5ef 983 }
Christopher Haster 1:24750b9ad5ef 984 else
Christopher Haster 1:24750b9ad5ef 985 {
Christopher Haster 1:24750b9ad5ef 986 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
Christopher Haster 1:24750b9ad5ef 987 X->s = -s;
Christopher Haster 1:24750b9ad5ef 988 }
Christopher Haster 1:24750b9ad5ef 989 }
Christopher Haster 1:24750b9ad5ef 990 else
Christopher Haster 1:24750b9ad5ef 991 {
Christopher Haster 1:24750b9ad5ef 992 MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
Christopher Haster 1:24750b9ad5ef 993 X->s = s;
Christopher Haster 1:24750b9ad5ef 994 }
Christopher Haster 1:24750b9ad5ef 995
Christopher Haster 1:24750b9ad5ef 996 cleanup:
Christopher Haster 1:24750b9ad5ef 997
Christopher Haster 1:24750b9ad5ef 998 return( ret );
Christopher Haster 1:24750b9ad5ef 999 }
Christopher Haster 1:24750b9ad5ef 1000
Christopher Haster 1:24750b9ad5ef 1001 /*
Christopher Haster 1:24750b9ad5ef 1002 * Signed subtraction: X = A - B
Christopher Haster 1:24750b9ad5ef 1003 */
Christopher Haster 1:24750b9ad5ef 1004 int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
Christopher Haster 1:24750b9ad5ef 1005 {
Christopher Haster 1:24750b9ad5ef 1006 int ret, s = A->s;
Christopher Haster 1:24750b9ad5ef 1007
Christopher Haster 1:24750b9ad5ef 1008 if( A->s * B->s > 0 )
Christopher Haster 1:24750b9ad5ef 1009 {
Christopher Haster 1:24750b9ad5ef 1010 if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
Christopher Haster 1:24750b9ad5ef 1011 {
Christopher Haster 1:24750b9ad5ef 1012 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
Christopher Haster 1:24750b9ad5ef 1013 X->s = s;
Christopher Haster 1:24750b9ad5ef 1014 }
Christopher Haster 1:24750b9ad5ef 1015 else
Christopher Haster 1:24750b9ad5ef 1016 {
Christopher Haster 1:24750b9ad5ef 1017 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
Christopher Haster 1:24750b9ad5ef 1018 X->s = -s;
Christopher Haster 1:24750b9ad5ef 1019 }
Christopher Haster 1:24750b9ad5ef 1020 }
Christopher Haster 1:24750b9ad5ef 1021 else
Christopher Haster 1:24750b9ad5ef 1022 {
Christopher Haster 1:24750b9ad5ef 1023 MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
Christopher Haster 1:24750b9ad5ef 1024 X->s = s;
Christopher Haster 1:24750b9ad5ef 1025 }
Christopher Haster 1:24750b9ad5ef 1026
Christopher Haster 1:24750b9ad5ef 1027 cleanup:
Christopher Haster 1:24750b9ad5ef 1028
Christopher Haster 1:24750b9ad5ef 1029 return( ret );
Christopher Haster 1:24750b9ad5ef 1030 }
Christopher Haster 1:24750b9ad5ef 1031
Christopher Haster 1:24750b9ad5ef 1032 /*
Christopher Haster 1:24750b9ad5ef 1033 * Signed addition: X = A + b
Christopher Haster 1:24750b9ad5ef 1034 */
Christopher Haster 1:24750b9ad5ef 1035 int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
Christopher Haster 1:24750b9ad5ef 1036 {
Christopher Haster 1:24750b9ad5ef 1037 mbedtls_mpi _B;
Christopher Haster 1:24750b9ad5ef 1038 mbedtls_mpi_uint p[1];
Christopher Haster 1:24750b9ad5ef 1039
Christopher Haster 1:24750b9ad5ef 1040 p[0] = ( b < 0 ) ? -b : b;
Christopher Haster 1:24750b9ad5ef 1041 _B.s = ( b < 0 ) ? -1 : 1;
Christopher Haster 1:24750b9ad5ef 1042 _B.n = 1;
Christopher Haster 1:24750b9ad5ef 1043 _B.p = p;
Christopher Haster 1:24750b9ad5ef 1044
Christopher Haster 1:24750b9ad5ef 1045 return( mbedtls_mpi_add_mpi( X, A, &_B ) );
Christopher Haster 1:24750b9ad5ef 1046 }
Christopher Haster 1:24750b9ad5ef 1047
Christopher Haster 1:24750b9ad5ef 1048 /*
Christopher Haster 1:24750b9ad5ef 1049 * Signed subtraction: X = A - b
Christopher Haster 1:24750b9ad5ef 1050 */
Christopher Haster 1:24750b9ad5ef 1051 int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
Christopher Haster 1:24750b9ad5ef 1052 {
Christopher Haster 1:24750b9ad5ef 1053 mbedtls_mpi _B;
Christopher Haster 1:24750b9ad5ef 1054 mbedtls_mpi_uint p[1];
Christopher Haster 1:24750b9ad5ef 1055
Christopher Haster 1:24750b9ad5ef 1056 p[0] = ( b < 0 ) ? -b : b;
Christopher Haster 1:24750b9ad5ef 1057 _B.s = ( b < 0 ) ? -1 : 1;
Christopher Haster 1:24750b9ad5ef 1058 _B.n = 1;
Christopher Haster 1:24750b9ad5ef 1059 _B.p = p;
Christopher Haster 1:24750b9ad5ef 1060
Christopher Haster 1:24750b9ad5ef 1061 return( mbedtls_mpi_sub_mpi( X, A, &_B ) );
Christopher Haster 1:24750b9ad5ef 1062 }
Christopher Haster 1:24750b9ad5ef 1063
Christopher Haster 1:24750b9ad5ef 1064 /*
Christopher Haster 1:24750b9ad5ef 1065 * Helper for mbedtls_mpi multiplication
Christopher Haster 1:24750b9ad5ef 1066 */
Christopher Haster 1:24750b9ad5ef 1067 static
Christopher Haster 1:24750b9ad5ef 1068 #if defined(__APPLE__) && defined(__arm__)
Christopher Haster 1:24750b9ad5ef 1069 /*
Christopher Haster 1:24750b9ad5ef 1070 * Apple LLVM version 4.2 (clang-425.0.24) (based on LLVM 3.2svn)
Christopher Haster 1:24750b9ad5ef 1071 * appears to need this to prevent bad ARM code generation at -O3.
Christopher Haster 1:24750b9ad5ef 1072 */
Christopher Haster 1:24750b9ad5ef 1073 __attribute__ ((noinline))
Christopher Haster 1:24750b9ad5ef 1074 #endif
Christopher Haster 1:24750b9ad5ef 1075 void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mpi_uint b )
Christopher Haster 1:24750b9ad5ef 1076 {
Christopher Haster 1:24750b9ad5ef 1077 mbedtls_mpi_uint c = 0, t = 0;
Christopher Haster 1:24750b9ad5ef 1078
Christopher Haster 1:24750b9ad5ef 1079 #if defined(MULADDC_HUIT)
Christopher Haster 1:24750b9ad5ef 1080 for( ; i >= 8; i -= 8 )
Christopher Haster 1:24750b9ad5ef 1081 {
Christopher Haster 1:24750b9ad5ef 1082 MULADDC_INIT
Christopher Haster 1:24750b9ad5ef 1083 MULADDC_HUIT
Christopher Haster 1:24750b9ad5ef 1084 MULADDC_STOP
Christopher Haster 1:24750b9ad5ef 1085 }
Christopher Haster 1:24750b9ad5ef 1086
Christopher Haster 1:24750b9ad5ef 1087 for( ; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 1088 {
Christopher Haster 1:24750b9ad5ef 1089 MULADDC_INIT
Christopher Haster 1:24750b9ad5ef 1090 MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1091 MULADDC_STOP
Christopher Haster 1:24750b9ad5ef 1092 }
Christopher Haster 1:24750b9ad5ef 1093 #else /* MULADDC_HUIT */
Christopher Haster 1:24750b9ad5ef 1094 for( ; i >= 16; i -= 16 )
Christopher Haster 1:24750b9ad5ef 1095 {
Christopher Haster 1:24750b9ad5ef 1096 MULADDC_INIT
Christopher Haster 1:24750b9ad5ef 1097 MULADDC_CORE MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1098 MULADDC_CORE MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1099 MULADDC_CORE MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1100 MULADDC_CORE MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1101
Christopher Haster 1:24750b9ad5ef 1102 MULADDC_CORE MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1103 MULADDC_CORE MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1104 MULADDC_CORE MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1105 MULADDC_CORE MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1106 MULADDC_STOP
Christopher Haster 1:24750b9ad5ef 1107 }
Christopher Haster 1:24750b9ad5ef 1108
Christopher Haster 1:24750b9ad5ef 1109 for( ; i >= 8; i -= 8 )
Christopher Haster 1:24750b9ad5ef 1110 {
Christopher Haster 1:24750b9ad5ef 1111 MULADDC_INIT
Christopher Haster 1:24750b9ad5ef 1112 MULADDC_CORE MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1113 MULADDC_CORE MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1114
Christopher Haster 1:24750b9ad5ef 1115 MULADDC_CORE MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1116 MULADDC_CORE MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1117 MULADDC_STOP
Christopher Haster 1:24750b9ad5ef 1118 }
Christopher Haster 1:24750b9ad5ef 1119
Christopher Haster 1:24750b9ad5ef 1120 for( ; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 1121 {
Christopher Haster 1:24750b9ad5ef 1122 MULADDC_INIT
Christopher Haster 1:24750b9ad5ef 1123 MULADDC_CORE
Christopher Haster 1:24750b9ad5ef 1124 MULADDC_STOP
Christopher Haster 1:24750b9ad5ef 1125 }
Christopher Haster 1:24750b9ad5ef 1126 #endif /* MULADDC_HUIT */
Christopher Haster 1:24750b9ad5ef 1127
Christopher Haster 1:24750b9ad5ef 1128 t++;
Christopher Haster 1:24750b9ad5ef 1129
Christopher Haster 1:24750b9ad5ef 1130 do {
Christopher Haster 1:24750b9ad5ef 1131 *d += c; c = ( *d < c ); d++;
Christopher Haster 1:24750b9ad5ef 1132 }
Christopher Haster 1:24750b9ad5ef 1133 while( c != 0 );
Christopher Haster 1:24750b9ad5ef 1134 }
Christopher Haster 1:24750b9ad5ef 1135
Christopher Haster 1:24750b9ad5ef 1136 /*
Christopher Haster 1:24750b9ad5ef 1137 * Baseline multiplication: X = A * B (HAC 14.12)
Christopher Haster 1:24750b9ad5ef 1138 */
Christopher Haster 1:24750b9ad5ef 1139 int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
Christopher Haster 1:24750b9ad5ef 1140 {
Christopher Haster 1:24750b9ad5ef 1141 int ret;
Christopher Haster 1:24750b9ad5ef 1142 size_t i, j;
Christopher Haster 1:24750b9ad5ef 1143 mbedtls_mpi TA, TB;
Christopher Haster 1:24750b9ad5ef 1144
Christopher Haster 1:24750b9ad5ef 1145 mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
Christopher Haster 1:24750b9ad5ef 1146
Christopher Haster 1:24750b9ad5ef 1147 if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; }
Christopher Haster 1:24750b9ad5ef 1148 if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; }
Christopher Haster 1:24750b9ad5ef 1149
Christopher Haster 1:24750b9ad5ef 1150 for( i = A->n; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 1151 if( A->p[i - 1] != 0 )
Christopher Haster 1:24750b9ad5ef 1152 break;
Christopher Haster 1:24750b9ad5ef 1153
Christopher Haster 1:24750b9ad5ef 1154 for( j = B->n; j > 0; j-- )
Christopher Haster 1:24750b9ad5ef 1155 if( B->p[j - 1] != 0 )
Christopher Haster 1:24750b9ad5ef 1156 break;
Christopher Haster 1:24750b9ad5ef 1157
Christopher Haster 1:24750b9ad5ef 1158 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
Christopher Haster 1:24750b9ad5ef 1159 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
Christopher Haster 1:24750b9ad5ef 1160
Christopher Haster 1:24750b9ad5ef 1161 for( i++; j > 0; j-- )
Christopher Haster 1:24750b9ad5ef 1162 mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] );
Christopher Haster 1:24750b9ad5ef 1163
Christopher Haster 1:24750b9ad5ef 1164 X->s = A->s * B->s;
Christopher Haster 1:24750b9ad5ef 1165
Christopher Haster 1:24750b9ad5ef 1166 cleanup:
Christopher Haster 1:24750b9ad5ef 1167
Christopher Haster 1:24750b9ad5ef 1168 mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TA );
Christopher Haster 1:24750b9ad5ef 1169
Christopher Haster 1:24750b9ad5ef 1170 return( ret );
Christopher Haster 1:24750b9ad5ef 1171 }
Christopher Haster 1:24750b9ad5ef 1172
Christopher Haster 1:24750b9ad5ef 1173 /*
Christopher Haster 1:24750b9ad5ef 1174 * Baseline multiplication: X = A * b
Christopher Haster 1:24750b9ad5ef 1175 */
Christopher Haster 1:24750b9ad5ef 1176 int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b )
Christopher Haster 1:24750b9ad5ef 1177 {
Christopher Haster 1:24750b9ad5ef 1178 mbedtls_mpi _B;
Christopher Haster 1:24750b9ad5ef 1179 mbedtls_mpi_uint p[1];
Christopher Haster 1:24750b9ad5ef 1180
Christopher Haster 1:24750b9ad5ef 1181 _B.s = 1;
Christopher Haster 1:24750b9ad5ef 1182 _B.n = 1;
Christopher Haster 1:24750b9ad5ef 1183 _B.p = p;
Christopher Haster 1:24750b9ad5ef 1184 p[0] = b;
Christopher Haster 1:24750b9ad5ef 1185
Christopher Haster 1:24750b9ad5ef 1186 return( mbedtls_mpi_mul_mpi( X, A, &_B ) );
Christopher Haster 1:24750b9ad5ef 1187 }
Christopher Haster 1:24750b9ad5ef 1188
Christopher Haster 1:24750b9ad5ef 1189 /*
Christopher Haster 1:24750b9ad5ef 1190 * Division by mbedtls_mpi: A = Q * B + R (HAC 14.20)
Christopher Haster 1:24750b9ad5ef 1191 */
Christopher Haster 1:24750b9ad5ef 1192 int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
Christopher Haster 1:24750b9ad5ef 1193 {
Christopher Haster 1:24750b9ad5ef 1194 int ret;
Christopher Haster 1:24750b9ad5ef 1195 size_t i, n, t, k;
Christopher Haster 1:24750b9ad5ef 1196 mbedtls_mpi X, Y, Z, T1, T2;
Christopher Haster 1:24750b9ad5ef 1197
Christopher Haster 1:24750b9ad5ef 1198 if( mbedtls_mpi_cmp_int( B, 0 ) == 0 )
Christopher Haster 1:24750b9ad5ef 1199 return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
Christopher Haster 1:24750b9ad5ef 1200
Christopher Haster 1:24750b9ad5ef 1201 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
Christopher Haster 1:24750b9ad5ef 1202 mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
Christopher Haster 1:24750b9ad5ef 1203
Christopher Haster 1:24750b9ad5ef 1204 if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
Christopher Haster 1:24750b9ad5ef 1205 {
Christopher Haster 1:24750b9ad5ef 1206 if( Q != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_lset( Q, 0 ) );
Christopher Haster 1:24750b9ad5ef 1207 if( R != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, A ) );
Christopher Haster 1:24750b9ad5ef 1208 return( 0 );
Christopher Haster 1:24750b9ad5ef 1209 }
Christopher Haster 1:24750b9ad5ef 1210
Christopher Haster 1:24750b9ad5ef 1211 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &X, A ) );
Christopher Haster 1:24750b9ad5ef 1212 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, B ) );
Christopher Haster 1:24750b9ad5ef 1213 X.s = Y.s = 1;
Christopher Haster 1:24750b9ad5ef 1214
Christopher Haster 1:24750b9ad5ef 1215 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) );
Christopher Haster 1:24750b9ad5ef 1216 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z, 0 ) );
Christopher Haster 1:24750b9ad5ef 1217 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, 2 ) );
Christopher Haster 1:24750b9ad5ef 1218 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T2, 3 ) );
Christopher Haster 1:24750b9ad5ef 1219
Christopher Haster 1:24750b9ad5ef 1220 k = mbedtls_mpi_bitlen( &Y ) % biL;
Christopher Haster 1:24750b9ad5ef 1221 if( k < biL - 1 )
Christopher Haster 1:24750b9ad5ef 1222 {
Christopher Haster 1:24750b9ad5ef 1223 k = biL - 1 - k;
Christopher Haster 1:24750b9ad5ef 1224 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &X, k ) );
Christopher Haster 1:24750b9ad5ef 1225 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, k ) );
Christopher Haster 1:24750b9ad5ef 1226 }
Christopher Haster 1:24750b9ad5ef 1227 else k = 0;
Christopher Haster 1:24750b9ad5ef 1228
Christopher Haster 1:24750b9ad5ef 1229 n = X.n - 1;
Christopher Haster 1:24750b9ad5ef 1230 t = Y.n - 1;
Christopher Haster 1:24750b9ad5ef 1231 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, biL * ( n - t ) ) );
Christopher Haster 1:24750b9ad5ef 1232
Christopher Haster 1:24750b9ad5ef 1233 while( mbedtls_mpi_cmp_mpi( &X, &Y ) >= 0 )
Christopher Haster 1:24750b9ad5ef 1234 {
Christopher Haster 1:24750b9ad5ef 1235 Z.p[n - t]++;
Christopher Haster 1:24750b9ad5ef 1236 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &Y ) );
Christopher Haster 1:24750b9ad5ef 1237 }
Christopher Haster 1:24750b9ad5ef 1238 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, biL * ( n - t ) ) );
Christopher Haster 1:24750b9ad5ef 1239
Christopher Haster 1:24750b9ad5ef 1240 for( i = n; i > t ; i-- )
Christopher Haster 1:24750b9ad5ef 1241 {
Christopher Haster 1:24750b9ad5ef 1242 if( X.p[i] >= Y.p[t] )
Christopher Haster 1:24750b9ad5ef 1243 Z.p[i - t - 1] = ~0;
Christopher Haster 1:24750b9ad5ef 1244 else
Christopher Haster 1:24750b9ad5ef 1245 {
Christopher Haster 1:24750b9ad5ef 1246 #if defined(MBEDTLS_HAVE_UDBL)
Christopher Haster 1:24750b9ad5ef 1247 mbedtls_t_udbl r;
Christopher Haster 1:24750b9ad5ef 1248
Christopher Haster 1:24750b9ad5ef 1249 r = (mbedtls_t_udbl) X.p[i] << biL;
Christopher Haster 1:24750b9ad5ef 1250 r |= (mbedtls_t_udbl) X.p[i - 1];
Christopher Haster 1:24750b9ad5ef 1251 r /= Y.p[t];
Christopher Haster 1:24750b9ad5ef 1252 if( r > ( (mbedtls_t_udbl) 1 << biL ) - 1 )
Christopher Haster 1:24750b9ad5ef 1253 r = ( (mbedtls_t_udbl) 1 << biL ) - 1;
Christopher Haster 1:24750b9ad5ef 1254
Christopher Haster 1:24750b9ad5ef 1255 Z.p[i - t - 1] = (mbedtls_mpi_uint) r;
Christopher Haster 1:24750b9ad5ef 1256 #else
Christopher Haster 1:24750b9ad5ef 1257 /*
Christopher Haster 1:24750b9ad5ef 1258 * __udiv_qrnnd_c, from gmp/longlong.h
Christopher Haster 1:24750b9ad5ef 1259 */
Christopher Haster 1:24750b9ad5ef 1260 mbedtls_mpi_uint q0, q1, r0, r1;
Christopher Haster 1:24750b9ad5ef 1261 mbedtls_mpi_uint d0, d1, d, m;
Christopher Haster 1:24750b9ad5ef 1262
Christopher Haster 1:24750b9ad5ef 1263 d = Y.p[t];
Christopher Haster 1:24750b9ad5ef 1264 d0 = ( d << biH ) >> biH;
Christopher Haster 1:24750b9ad5ef 1265 d1 = ( d >> biH );
Christopher Haster 1:24750b9ad5ef 1266
Christopher Haster 1:24750b9ad5ef 1267 q1 = X.p[i] / d1;
Christopher Haster 1:24750b9ad5ef 1268 r1 = X.p[i] - d1 * q1;
Christopher Haster 1:24750b9ad5ef 1269 r1 <<= biH;
Christopher Haster 1:24750b9ad5ef 1270 r1 |= ( X.p[i - 1] >> biH );
Christopher Haster 1:24750b9ad5ef 1271
Christopher Haster 1:24750b9ad5ef 1272 m = q1 * d0;
Christopher Haster 1:24750b9ad5ef 1273 if( r1 < m )
Christopher Haster 1:24750b9ad5ef 1274 {
Christopher Haster 1:24750b9ad5ef 1275 q1--, r1 += d;
Christopher Haster 1:24750b9ad5ef 1276 while( r1 >= d && r1 < m )
Christopher Haster 1:24750b9ad5ef 1277 q1--, r1 += d;
Christopher Haster 1:24750b9ad5ef 1278 }
Christopher Haster 1:24750b9ad5ef 1279 r1 -= m;
Christopher Haster 1:24750b9ad5ef 1280
Christopher Haster 1:24750b9ad5ef 1281 q0 = r1 / d1;
Christopher Haster 1:24750b9ad5ef 1282 r0 = r1 - d1 * q0;
Christopher Haster 1:24750b9ad5ef 1283 r0 <<= biH;
Christopher Haster 1:24750b9ad5ef 1284 r0 |= ( X.p[i - 1] << biH ) >> biH;
Christopher Haster 1:24750b9ad5ef 1285
Christopher Haster 1:24750b9ad5ef 1286 m = q0 * d0;
Christopher Haster 1:24750b9ad5ef 1287 if( r0 < m )
Christopher Haster 1:24750b9ad5ef 1288 {
Christopher Haster 1:24750b9ad5ef 1289 q0--, r0 += d;
Christopher Haster 1:24750b9ad5ef 1290 while( r0 >= d && r0 < m )
Christopher Haster 1:24750b9ad5ef 1291 q0--, r0 += d;
Christopher Haster 1:24750b9ad5ef 1292 }
Christopher Haster 1:24750b9ad5ef 1293 r0 -= m;
Christopher Haster 1:24750b9ad5ef 1294
Christopher Haster 1:24750b9ad5ef 1295 Z.p[i - t - 1] = ( q1 << biH ) | q0;
Christopher Haster 1:24750b9ad5ef 1296 #endif /* MBEDTLS_HAVE_UDBL && !64-bit Apple with Clang 5.0 */
Christopher Haster 1:24750b9ad5ef 1297 }
Christopher Haster 1:24750b9ad5ef 1298
Christopher Haster 1:24750b9ad5ef 1299 Z.p[i - t - 1]++;
Christopher Haster 1:24750b9ad5ef 1300 do
Christopher Haster 1:24750b9ad5ef 1301 {
Christopher Haster 1:24750b9ad5ef 1302 Z.p[i - t - 1]--;
Christopher Haster 1:24750b9ad5ef 1303
Christopher Haster 1:24750b9ad5ef 1304 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T1, 0 ) );
Christopher Haster 1:24750b9ad5ef 1305 T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1];
Christopher Haster 1:24750b9ad5ef 1306 T1.p[1] = Y.p[t];
Christopher Haster 1:24750b9ad5ef 1307 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) );
Christopher Haster 1:24750b9ad5ef 1308
Christopher Haster 1:24750b9ad5ef 1309 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T2, 0 ) );
Christopher Haster 1:24750b9ad5ef 1310 T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2];
Christopher Haster 1:24750b9ad5ef 1311 T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1];
Christopher Haster 1:24750b9ad5ef 1312 T2.p[2] = X.p[i];
Christopher Haster 1:24750b9ad5ef 1313 }
Christopher Haster 1:24750b9ad5ef 1314 while( mbedtls_mpi_cmp_mpi( &T1, &T2 ) > 0 );
Christopher Haster 1:24750b9ad5ef 1315
Christopher Haster 1:24750b9ad5ef 1316 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) );
Christopher Haster 1:24750b9ad5ef 1317 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
Christopher Haster 1:24750b9ad5ef 1318 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) );
Christopher Haster 1:24750b9ad5ef 1319
Christopher Haster 1:24750b9ad5ef 1320 if( mbedtls_mpi_cmp_int( &X, 0 ) < 0 )
Christopher Haster 1:24750b9ad5ef 1321 {
Christopher Haster 1:24750b9ad5ef 1322 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &Y ) );
Christopher Haster 1:24750b9ad5ef 1323 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
Christopher Haster 1:24750b9ad5ef 1324 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &X, &X, &T1 ) );
Christopher Haster 1:24750b9ad5ef 1325 Z.p[i - t - 1]--;
Christopher Haster 1:24750b9ad5ef 1326 }
Christopher Haster 1:24750b9ad5ef 1327 }
Christopher Haster 1:24750b9ad5ef 1328
Christopher Haster 1:24750b9ad5ef 1329 if( Q != NULL )
Christopher Haster 1:24750b9ad5ef 1330 {
Christopher Haster 1:24750b9ad5ef 1331 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( Q, &Z ) );
Christopher Haster 1:24750b9ad5ef 1332 Q->s = A->s * B->s;
Christopher Haster 1:24750b9ad5ef 1333 }
Christopher Haster 1:24750b9ad5ef 1334
Christopher Haster 1:24750b9ad5ef 1335 if( R != NULL )
Christopher Haster 1:24750b9ad5ef 1336 {
Christopher Haster 1:24750b9ad5ef 1337 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &X, k ) );
Christopher Haster 1:24750b9ad5ef 1338 X.s = A->s;
Christopher Haster 1:24750b9ad5ef 1339 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, &X ) );
Christopher Haster 1:24750b9ad5ef 1340
Christopher Haster 1:24750b9ad5ef 1341 if( mbedtls_mpi_cmp_int( R, 0 ) == 0 )
Christopher Haster 1:24750b9ad5ef 1342 R->s = 1;
Christopher Haster 1:24750b9ad5ef 1343 }
Christopher Haster 1:24750b9ad5ef 1344
Christopher Haster 1:24750b9ad5ef 1345 cleanup:
Christopher Haster 1:24750b9ad5ef 1346
Christopher Haster 1:24750b9ad5ef 1347 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
Christopher Haster 1:24750b9ad5ef 1348 mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
Christopher Haster 1:24750b9ad5ef 1349
Christopher Haster 1:24750b9ad5ef 1350 return( ret );
Christopher Haster 1:24750b9ad5ef 1351 }
Christopher Haster 1:24750b9ad5ef 1352
Christopher Haster 1:24750b9ad5ef 1353 /*
Christopher Haster 1:24750b9ad5ef 1354 * Division by int: A = Q * b + R
Christopher Haster 1:24750b9ad5ef 1355 */
Christopher Haster 1:24750b9ad5ef 1356 int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b )
Christopher Haster 1:24750b9ad5ef 1357 {
Christopher Haster 1:24750b9ad5ef 1358 mbedtls_mpi _B;
Christopher Haster 1:24750b9ad5ef 1359 mbedtls_mpi_uint p[1];
Christopher Haster 1:24750b9ad5ef 1360
Christopher Haster 1:24750b9ad5ef 1361 p[0] = ( b < 0 ) ? -b : b;
Christopher Haster 1:24750b9ad5ef 1362 _B.s = ( b < 0 ) ? -1 : 1;
Christopher Haster 1:24750b9ad5ef 1363 _B.n = 1;
Christopher Haster 1:24750b9ad5ef 1364 _B.p = p;
Christopher Haster 1:24750b9ad5ef 1365
Christopher Haster 1:24750b9ad5ef 1366 return( mbedtls_mpi_div_mpi( Q, R, A, &_B ) );
Christopher Haster 1:24750b9ad5ef 1367 }
Christopher Haster 1:24750b9ad5ef 1368
Christopher Haster 1:24750b9ad5ef 1369 /*
Christopher Haster 1:24750b9ad5ef 1370 * Modulo: R = A mod B
Christopher Haster 1:24750b9ad5ef 1371 */
Christopher Haster 1:24750b9ad5ef 1372 int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
Christopher Haster 1:24750b9ad5ef 1373 {
Christopher Haster 1:24750b9ad5ef 1374 int ret;
Christopher Haster 1:24750b9ad5ef 1375
Christopher Haster 1:24750b9ad5ef 1376 if( mbedtls_mpi_cmp_int( B, 0 ) < 0 )
Christopher Haster 1:24750b9ad5ef 1377 return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
Christopher Haster 1:24750b9ad5ef 1378
Christopher Haster 1:24750b9ad5ef 1379 MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( NULL, R, A, B ) );
Christopher Haster 1:24750b9ad5ef 1380
Christopher Haster 1:24750b9ad5ef 1381 while( mbedtls_mpi_cmp_int( R, 0 ) < 0 )
Christopher Haster 1:24750b9ad5ef 1382 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( R, R, B ) );
Christopher Haster 1:24750b9ad5ef 1383
Christopher Haster 1:24750b9ad5ef 1384 while( mbedtls_mpi_cmp_mpi( R, B ) >= 0 )
Christopher Haster 1:24750b9ad5ef 1385 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( R, R, B ) );
Christopher Haster 1:24750b9ad5ef 1386
Christopher Haster 1:24750b9ad5ef 1387 cleanup:
Christopher Haster 1:24750b9ad5ef 1388
Christopher Haster 1:24750b9ad5ef 1389 return( ret );
Christopher Haster 1:24750b9ad5ef 1390 }
Christopher Haster 1:24750b9ad5ef 1391
Christopher Haster 1:24750b9ad5ef 1392 /*
Christopher Haster 1:24750b9ad5ef 1393 * Modulo: r = A mod b
Christopher Haster 1:24750b9ad5ef 1394 */
Christopher Haster 1:24750b9ad5ef 1395 int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b )
Christopher Haster 1:24750b9ad5ef 1396 {
Christopher Haster 1:24750b9ad5ef 1397 size_t i;
Christopher Haster 1:24750b9ad5ef 1398 mbedtls_mpi_uint x, y, z;
Christopher Haster 1:24750b9ad5ef 1399
Christopher Haster 1:24750b9ad5ef 1400 if( b == 0 )
Christopher Haster 1:24750b9ad5ef 1401 return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
Christopher Haster 1:24750b9ad5ef 1402
Christopher Haster 1:24750b9ad5ef 1403 if( b < 0 )
Christopher Haster 1:24750b9ad5ef 1404 return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
Christopher Haster 1:24750b9ad5ef 1405
Christopher Haster 1:24750b9ad5ef 1406 /*
Christopher Haster 1:24750b9ad5ef 1407 * handle trivial cases
Christopher Haster 1:24750b9ad5ef 1408 */
Christopher Haster 1:24750b9ad5ef 1409 if( b == 1 )
Christopher Haster 1:24750b9ad5ef 1410 {
Christopher Haster 1:24750b9ad5ef 1411 *r = 0;
Christopher Haster 1:24750b9ad5ef 1412 return( 0 );
Christopher Haster 1:24750b9ad5ef 1413 }
Christopher Haster 1:24750b9ad5ef 1414
Christopher Haster 1:24750b9ad5ef 1415 if( b == 2 )
Christopher Haster 1:24750b9ad5ef 1416 {
Christopher Haster 1:24750b9ad5ef 1417 *r = A->p[0] & 1;
Christopher Haster 1:24750b9ad5ef 1418 return( 0 );
Christopher Haster 1:24750b9ad5ef 1419 }
Christopher Haster 1:24750b9ad5ef 1420
Christopher Haster 1:24750b9ad5ef 1421 /*
Christopher Haster 1:24750b9ad5ef 1422 * general case
Christopher Haster 1:24750b9ad5ef 1423 */
Christopher Haster 1:24750b9ad5ef 1424 for( i = A->n, y = 0; i > 0; i-- )
Christopher Haster 1:24750b9ad5ef 1425 {
Christopher Haster 1:24750b9ad5ef 1426 x = A->p[i - 1];
Christopher Haster 1:24750b9ad5ef 1427 y = ( y << biH ) | ( x >> biH );
Christopher Haster 1:24750b9ad5ef 1428 z = y / b;
Christopher Haster 1:24750b9ad5ef 1429 y -= z * b;
Christopher Haster 1:24750b9ad5ef 1430
Christopher Haster 1:24750b9ad5ef 1431 x <<= biH;
Christopher Haster 1:24750b9ad5ef 1432 y = ( y << biH ) | ( x >> biH );
Christopher Haster 1:24750b9ad5ef 1433 z = y / b;
Christopher Haster 1:24750b9ad5ef 1434 y -= z * b;
Christopher Haster 1:24750b9ad5ef 1435 }
Christopher Haster 1:24750b9ad5ef 1436
Christopher Haster 1:24750b9ad5ef 1437 /*
Christopher Haster 1:24750b9ad5ef 1438 * If A is negative, then the current y represents a negative value.
Christopher Haster 1:24750b9ad5ef 1439 * Flipping it to the positive side.
Christopher Haster 1:24750b9ad5ef 1440 */
Christopher Haster 1:24750b9ad5ef 1441 if( A->s < 0 && y != 0 )
Christopher Haster 1:24750b9ad5ef 1442 y = b - y;
Christopher Haster 1:24750b9ad5ef 1443
Christopher Haster 1:24750b9ad5ef 1444 *r = y;
Christopher Haster 1:24750b9ad5ef 1445
Christopher Haster 1:24750b9ad5ef 1446 return( 0 );
Christopher Haster 1:24750b9ad5ef 1447 }
Christopher Haster 1:24750b9ad5ef 1448
Christopher Haster 1:24750b9ad5ef 1449 /*
Christopher Haster 1:24750b9ad5ef 1450 * Fast Montgomery initialization (thanks to Tom St Denis)
Christopher Haster 1:24750b9ad5ef 1451 */
Christopher Haster 1:24750b9ad5ef 1452 static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
Christopher Haster 1:24750b9ad5ef 1453 {
Christopher Haster 1:24750b9ad5ef 1454 mbedtls_mpi_uint x, m0 = N->p[0];
Christopher Haster 1:24750b9ad5ef 1455 unsigned int i;
Christopher Haster 1:24750b9ad5ef 1456
Christopher Haster 1:24750b9ad5ef 1457 x = m0;
Christopher Haster 1:24750b9ad5ef 1458 x += ( ( m0 + 2 ) & 4 ) << 1;
Christopher Haster 1:24750b9ad5ef 1459
Christopher Haster 1:24750b9ad5ef 1460 for( i = biL; i >= 8; i /= 2 )
Christopher Haster 1:24750b9ad5ef 1461 x *= ( 2 - ( m0 * x ) );
Christopher Haster 1:24750b9ad5ef 1462
Christopher Haster 1:24750b9ad5ef 1463 *mm = ~x + 1;
Christopher Haster 1:24750b9ad5ef 1464 }
Christopher Haster 1:24750b9ad5ef 1465
Christopher Haster 1:24750b9ad5ef 1466 /*
Christopher Haster 1:24750b9ad5ef 1467 * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
Christopher Haster 1:24750b9ad5ef 1468 */
Christopher Haster 1:24750b9ad5ef 1469 static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
Christopher Haster 1:24750b9ad5ef 1470 const mbedtls_mpi *T )
Christopher Haster 1:24750b9ad5ef 1471 {
Christopher Haster 1:24750b9ad5ef 1472 size_t i, n, m;
Christopher Haster 1:24750b9ad5ef 1473 mbedtls_mpi_uint u0, u1, *d;
Christopher Haster 1:24750b9ad5ef 1474
Christopher Haster 1:24750b9ad5ef 1475 memset( T->p, 0, T->n * ciL );
Christopher Haster 1:24750b9ad5ef 1476
Christopher Haster 1:24750b9ad5ef 1477 d = T->p;
Christopher Haster 1:24750b9ad5ef 1478 n = N->n;
Christopher Haster 1:24750b9ad5ef 1479 m = ( B->n < n ) ? B->n : n;
Christopher Haster 1:24750b9ad5ef 1480
Christopher Haster 1:24750b9ad5ef 1481 for( i = 0; i < n; i++ )
Christopher Haster 1:24750b9ad5ef 1482 {
Christopher Haster 1:24750b9ad5ef 1483 /*
Christopher Haster 1:24750b9ad5ef 1484 * T = (T + u0*B + u1*N) / 2^biL
Christopher Haster 1:24750b9ad5ef 1485 */
Christopher Haster 1:24750b9ad5ef 1486 u0 = A->p[i];
Christopher Haster 1:24750b9ad5ef 1487 u1 = ( d[0] + u0 * B->p[0] ) * mm;
Christopher Haster 1:24750b9ad5ef 1488
Christopher Haster 1:24750b9ad5ef 1489 mpi_mul_hlp( m, B->p, d, u0 );
Christopher Haster 1:24750b9ad5ef 1490 mpi_mul_hlp( n, N->p, d, u1 );
Christopher Haster 1:24750b9ad5ef 1491
Christopher Haster 1:24750b9ad5ef 1492 *d++ = u0; d[n + 1] = 0;
Christopher Haster 1:24750b9ad5ef 1493 }
Christopher Haster 1:24750b9ad5ef 1494
Christopher Haster 1:24750b9ad5ef 1495 memcpy( A->p, d, ( n + 1 ) * ciL );
Christopher Haster 1:24750b9ad5ef 1496
Christopher Haster 1:24750b9ad5ef 1497 if( mbedtls_mpi_cmp_abs( A, N ) >= 0 )
Christopher Haster 1:24750b9ad5ef 1498 mpi_sub_hlp( n, N->p, A->p );
Christopher Haster 1:24750b9ad5ef 1499 else
Christopher Haster 1:24750b9ad5ef 1500 /* prevent timing attacks */
Christopher Haster 1:24750b9ad5ef 1501 mpi_sub_hlp( n, A->p, T->p );
Christopher Haster 1:24750b9ad5ef 1502 }
Christopher Haster 1:24750b9ad5ef 1503
Christopher Haster 1:24750b9ad5ef 1504 /*
Christopher Haster 1:24750b9ad5ef 1505 * Montgomery reduction: A = A * R^-1 mod N
Christopher Haster 1:24750b9ad5ef 1506 */
Christopher Haster 1:24750b9ad5ef 1507 static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
Christopher Haster 1:24750b9ad5ef 1508 {
Christopher Haster 1:24750b9ad5ef 1509 mbedtls_mpi_uint z = 1;
Christopher Haster 1:24750b9ad5ef 1510 mbedtls_mpi U;
Christopher Haster 1:24750b9ad5ef 1511
Christopher Haster 1:24750b9ad5ef 1512 U.n = U.s = (int) z;
Christopher Haster 1:24750b9ad5ef 1513 U.p = &z;
Christopher Haster 1:24750b9ad5ef 1514
Christopher Haster 1:24750b9ad5ef 1515 mpi_montmul( A, &U, N, mm, T );
Christopher Haster 1:24750b9ad5ef 1516 }
Christopher Haster 1:24750b9ad5ef 1517
Christopher Haster 1:24750b9ad5ef 1518 /*
Christopher Haster 1:24750b9ad5ef 1519 * Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
Christopher Haster 1:24750b9ad5ef 1520 */
Christopher Haster 1:24750b9ad5ef 1521 int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR )
Christopher Haster 1:24750b9ad5ef 1522 {
Christopher Haster 1:24750b9ad5ef 1523 int ret;
Christopher Haster 1:24750b9ad5ef 1524 size_t wbits, wsize, one = 1;
Christopher Haster 1:24750b9ad5ef 1525 size_t i, j, nblimbs;
Christopher Haster 1:24750b9ad5ef 1526 size_t bufsize, nbits;
Christopher Haster 1:24750b9ad5ef 1527 mbedtls_mpi_uint ei, mm, state;
Christopher Haster 1:24750b9ad5ef 1528 mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
Christopher Haster 1:24750b9ad5ef 1529 int neg;
Christopher Haster 1:24750b9ad5ef 1530
Christopher Haster 1:24750b9ad5ef 1531 if( mbedtls_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 )
Christopher Haster 1:24750b9ad5ef 1532 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 1533
Christopher Haster 1:24750b9ad5ef 1534 if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
Christopher Haster 1:24750b9ad5ef 1535 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 1536
Christopher Haster 1:24750b9ad5ef 1537 /*
Christopher Haster 1:24750b9ad5ef 1538 * Init temps and window size
Christopher Haster 1:24750b9ad5ef 1539 */
Christopher Haster 1:24750b9ad5ef 1540 mpi_montg_init( &mm, N );
Christopher Haster 1:24750b9ad5ef 1541 mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T );
Christopher Haster 1:24750b9ad5ef 1542 mbedtls_mpi_init( &Apos );
Christopher Haster 1:24750b9ad5ef 1543 memset( W, 0, sizeof( W ) );
Christopher Haster 1:24750b9ad5ef 1544
Christopher Haster 1:24750b9ad5ef 1545 i = mbedtls_mpi_bitlen( E );
Christopher Haster 1:24750b9ad5ef 1546
Christopher Haster 1:24750b9ad5ef 1547 wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
Christopher Haster 1:24750b9ad5ef 1548 ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1;
Christopher Haster 1:24750b9ad5ef 1549
Christopher Haster 1:24750b9ad5ef 1550 if( wsize > MBEDTLS_MPI_WINDOW_SIZE )
Christopher Haster 1:24750b9ad5ef 1551 wsize = MBEDTLS_MPI_WINDOW_SIZE;
Christopher Haster 1:24750b9ad5ef 1552
Christopher Haster 1:24750b9ad5ef 1553 j = N->n + 1;
Christopher Haster 1:24750b9ad5ef 1554 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
Christopher Haster 1:24750b9ad5ef 1555 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) );
Christopher Haster 1:24750b9ad5ef 1556 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) );
Christopher Haster 1:24750b9ad5ef 1557
Christopher Haster 1:24750b9ad5ef 1558 /*
Christopher Haster 1:24750b9ad5ef 1559 * Compensate for negative A (and correct at the end)
Christopher Haster 1:24750b9ad5ef 1560 */
Christopher Haster 1:24750b9ad5ef 1561 neg = ( A->s == -1 );
Christopher Haster 1:24750b9ad5ef 1562 if( neg )
Christopher Haster 1:24750b9ad5ef 1563 {
Christopher Haster 1:24750b9ad5ef 1564 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Apos, A ) );
Christopher Haster 1:24750b9ad5ef 1565 Apos.s = 1;
Christopher Haster 1:24750b9ad5ef 1566 A = &Apos;
Christopher Haster 1:24750b9ad5ef 1567 }
Christopher Haster 1:24750b9ad5ef 1568
Christopher Haster 1:24750b9ad5ef 1569 /*
Christopher Haster 1:24750b9ad5ef 1570 * If 1st call, pre-compute R^2 mod N
Christopher Haster 1:24750b9ad5ef 1571 */
Christopher Haster 1:24750b9ad5ef 1572 if( _RR == NULL || _RR->p == NULL )
Christopher Haster 1:24750b9ad5ef 1573 {
Christopher Haster 1:24750b9ad5ef 1574 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &RR, 1 ) );
Christopher Haster 1:24750b9ad5ef 1575 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &RR, N->n * 2 * biL ) );
Christopher Haster 1:24750b9ad5ef 1576 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &RR, &RR, N ) );
Christopher Haster 1:24750b9ad5ef 1577
Christopher Haster 1:24750b9ad5ef 1578 if( _RR != NULL )
Christopher Haster 1:24750b9ad5ef 1579 memcpy( _RR, &RR, sizeof( mbedtls_mpi ) );
Christopher Haster 1:24750b9ad5ef 1580 }
Christopher Haster 1:24750b9ad5ef 1581 else
Christopher Haster 1:24750b9ad5ef 1582 memcpy( &RR, _RR, sizeof( mbedtls_mpi ) );
Christopher Haster 1:24750b9ad5ef 1583
Christopher Haster 1:24750b9ad5ef 1584 /*
Christopher Haster 1:24750b9ad5ef 1585 * W[1] = A * R^2 * R^-1 mod N = A * R mod N
Christopher Haster 1:24750b9ad5ef 1586 */
Christopher Haster 1:24750b9ad5ef 1587 if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 )
Christopher Haster 1:24750b9ad5ef 1588 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) );
Christopher Haster 1:24750b9ad5ef 1589 else
Christopher Haster 1:24750b9ad5ef 1590 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
Christopher Haster 1:24750b9ad5ef 1591
Christopher Haster 1:24750b9ad5ef 1592 mpi_montmul( &W[1], &RR, N, mm, &T );
Christopher Haster 1:24750b9ad5ef 1593
Christopher Haster 1:24750b9ad5ef 1594 /*
Christopher Haster 1:24750b9ad5ef 1595 * X = R^2 * R^-1 mod N = R mod N
Christopher Haster 1:24750b9ad5ef 1596 */
Christopher Haster 1:24750b9ad5ef 1597 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) );
Christopher Haster 1:24750b9ad5ef 1598 mpi_montred( X, N, mm, &T );
Christopher Haster 1:24750b9ad5ef 1599
Christopher Haster 1:24750b9ad5ef 1600 if( wsize > 1 )
Christopher Haster 1:24750b9ad5ef 1601 {
Christopher Haster 1:24750b9ad5ef 1602 /*
Christopher Haster 1:24750b9ad5ef 1603 * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1)
Christopher Haster 1:24750b9ad5ef 1604 */
Christopher Haster 1:24750b9ad5ef 1605 j = one << ( wsize - 1 );
Christopher Haster 1:24750b9ad5ef 1606
Christopher Haster 1:24750b9ad5ef 1607 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) );
Christopher Haster 1:24750b9ad5ef 1608 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) );
Christopher Haster 1:24750b9ad5ef 1609
Christopher Haster 1:24750b9ad5ef 1610 for( i = 0; i < wsize - 1; i++ )
Christopher Haster 1:24750b9ad5ef 1611 mpi_montmul( &W[j], &W[j], N, mm, &T );
Christopher Haster 1:24750b9ad5ef 1612
Christopher Haster 1:24750b9ad5ef 1613 /*
Christopher Haster 1:24750b9ad5ef 1614 * W[i] = W[i - 1] * W[1]
Christopher Haster 1:24750b9ad5ef 1615 */
Christopher Haster 1:24750b9ad5ef 1616 for( i = j + 1; i < ( one << wsize ); i++ )
Christopher Haster 1:24750b9ad5ef 1617 {
Christopher Haster 1:24750b9ad5ef 1618 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
Christopher Haster 1:24750b9ad5ef 1619 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
Christopher Haster 1:24750b9ad5ef 1620
Christopher Haster 1:24750b9ad5ef 1621 mpi_montmul( &W[i], &W[1], N, mm, &T );
Christopher Haster 1:24750b9ad5ef 1622 }
Christopher Haster 1:24750b9ad5ef 1623 }
Christopher Haster 1:24750b9ad5ef 1624
Christopher Haster 1:24750b9ad5ef 1625 nblimbs = E->n;
Christopher Haster 1:24750b9ad5ef 1626 bufsize = 0;
Christopher Haster 1:24750b9ad5ef 1627 nbits = 0;
Christopher Haster 1:24750b9ad5ef 1628 wbits = 0;
Christopher Haster 1:24750b9ad5ef 1629 state = 0;
Christopher Haster 1:24750b9ad5ef 1630
Christopher Haster 1:24750b9ad5ef 1631 while( 1 )
Christopher Haster 1:24750b9ad5ef 1632 {
Christopher Haster 1:24750b9ad5ef 1633 if( bufsize == 0 )
Christopher Haster 1:24750b9ad5ef 1634 {
Christopher Haster 1:24750b9ad5ef 1635 if( nblimbs == 0 )
Christopher Haster 1:24750b9ad5ef 1636 break;
Christopher Haster 1:24750b9ad5ef 1637
Christopher Haster 1:24750b9ad5ef 1638 nblimbs--;
Christopher Haster 1:24750b9ad5ef 1639
Christopher Haster 1:24750b9ad5ef 1640 bufsize = sizeof( mbedtls_mpi_uint ) << 3;
Christopher Haster 1:24750b9ad5ef 1641 }
Christopher Haster 1:24750b9ad5ef 1642
Christopher Haster 1:24750b9ad5ef 1643 bufsize--;
Christopher Haster 1:24750b9ad5ef 1644
Christopher Haster 1:24750b9ad5ef 1645 ei = (E->p[nblimbs] >> bufsize) & 1;
Christopher Haster 1:24750b9ad5ef 1646
Christopher Haster 1:24750b9ad5ef 1647 /*
Christopher Haster 1:24750b9ad5ef 1648 * skip leading 0s
Christopher Haster 1:24750b9ad5ef 1649 */
Christopher Haster 1:24750b9ad5ef 1650 if( ei == 0 && state == 0 )
Christopher Haster 1:24750b9ad5ef 1651 continue;
Christopher Haster 1:24750b9ad5ef 1652
Christopher Haster 1:24750b9ad5ef 1653 if( ei == 0 && state == 1 )
Christopher Haster 1:24750b9ad5ef 1654 {
Christopher Haster 1:24750b9ad5ef 1655 /*
Christopher Haster 1:24750b9ad5ef 1656 * out of window, square X
Christopher Haster 1:24750b9ad5ef 1657 */
Christopher Haster 1:24750b9ad5ef 1658 mpi_montmul( X, X, N, mm, &T );
Christopher Haster 1:24750b9ad5ef 1659 continue;
Christopher Haster 1:24750b9ad5ef 1660 }
Christopher Haster 1:24750b9ad5ef 1661
Christopher Haster 1:24750b9ad5ef 1662 /*
Christopher Haster 1:24750b9ad5ef 1663 * add ei to current window
Christopher Haster 1:24750b9ad5ef 1664 */
Christopher Haster 1:24750b9ad5ef 1665 state = 2;
Christopher Haster 1:24750b9ad5ef 1666
Christopher Haster 1:24750b9ad5ef 1667 nbits++;
Christopher Haster 1:24750b9ad5ef 1668 wbits |= ( ei << ( wsize - nbits ) );
Christopher Haster 1:24750b9ad5ef 1669
Christopher Haster 1:24750b9ad5ef 1670 if( nbits == wsize )
Christopher Haster 1:24750b9ad5ef 1671 {
Christopher Haster 1:24750b9ad5ef 1672 /*
Christopher Haster 1:24750b9ad5ef 1673 * X = X^wsize R^-1 mod N
Christopher Haster 1:24750b9ad5ef 1674 */
Christopher Haster 1:24750b9ad5ef 1675 for( i = 0; i < wsize; i++ )
Christopher Haster 1:24750b9ad5ef 1676 mpi_montmul( X, X, N, mm, &T );
Christopher Haster 1:24750b9ad5ef 1677
Christopher Haster 1:24750b9ad5ef 1678 /*
Christopher Haster 1:24750b9ad5ef 1679 * X = X * W[wbits] R^-1 mod N
Christopher Haster 1:24750b9ad5ef 1680 */
Christopher Haster 1:24750b9ad5ef 1681 mpi_montmul( X, &W[wbits], N, mm, &T );
Christopher Haster 1:24750b9ad5ef 1682
Christopher Haster 1:24750b9ad5ef 1683 state--;
Christopher Haster 1:24750b9ad5ef 1684 nbits = 0;
Christopher Haster 1:24750b9ad5ef 1685 wbits = 0;
Christopher Haster 1:24750b9ad5ef 1686 }
Christopher Haster 1:24750b9ad5ef 1687 }
Christopher Haster 1:24750b9ad5ef 1688
Christopher Haster 1:24750b9ad5ef 1689 /*
Christopher Haster 1:24750b9ad5ef 1690 * process the remaining bits
Christopher Haster 1:24750b9ad5ef 1691 */
Christopher Haster 1:24750b9ad5ef 1692 for( i = 0; i < nbits; i++ )
Christopher Haster 1:24750b9ad5ef 1693 {
Christopher Haster 1:24750b9ad5ef 1694 mpi_montmul( X, X, N, mm, &T );
Christopher Haster 1:24750b9ad5ef 1695
Christopher Haster 1:24750b9ad5ef 1696 wbits <<= 1;
Christopher Haster 1:24750b9ad5ef 1697
Christopher Haster 1:24750b9ad5ef 1698 if( ( wbits & ( one << wsize ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 1699 mpi_montmul( X, &W[1], N, mm, &T );
Christopher Haster 1:24750b9ad5ef 1700 }
Christopher Haster 1:24750b9ad5ef 1701
Christopher Haster 1:24750b9ad5ef 1702 /*
Christopher Haster 1:24750b9ad5ef 1703 * X = A^E * R * R^-1 mod N = A^E mod N
Christopher Haster 1:24750b9ad5ef 1704 */
Christopher Haster 1:24750b9ad5ef 1705 mpi_montred( X, N, mm, &T );
Christopher Haster 1:24750b9ad5ef 1706
Christopher Haster 1:24750b9ad5ef 1707 if( neg )
Christopher Haster 1:24750b9ad5ef 1708 {
Christopher Haster 1:24750b9ad5ef 1709 X->s = -1;
Christopher Haster 1:24750b9ad5ef 1710 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, N, X ) );
Christopher Haster 1:24750b9ad5ef 1711 }
Christopher Haster 1:24750b9ad5ef 1712
Christopher Haster 1:24750b9ad5ef 1713 cleanup:
Christopher Haster 1:24750b9ad5ef 1714
Christopher Haster 1:24750b9ad5ef 1715 for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ )
Christopher Haster 1:24750b9ad5ef 1716 mbedtls_mpi_free( &W[i] );
Christopher Haster 1:24750b9ad5ef 1717
Christopher Haster 1:24750b9ad5ef 1718 mbedtls_mpi_free( &W[1] ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &Apos );
Christopher Haster 1:24750b9ad5ef 1719
Christopher Haster 1:24750b9ad5ef 1720 if( _RR == NULL || _RR->p == NULL )
Christopher Haster 1:24750b9ad5ef 1721 mbedtls_mpi_free( &RR );
Christopher Haster 1:24750b9ad5ef 1722
Christopher Haster 1:24750b9ad5ef 1723 return( ret );
Christopher Haster 1:24750b9ad5ef 1724 }
Christopher Haster 1:24750b9ad5ef 1725
Christopher Haster 1:24750b9ad5ef 1726 /*
Christopher Haster 1:24750b9ad5ef 1727 * Greatest common divisor: G = gcd(A, B) (HAC 14.54)
Christopher Haster 1:24750b9ad5ef 1728 */
Christopher Haster 1:24750b9ad5ef 1729 int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B )
Christopher Haster 1:24750b9ad5ef 1730 {
Christopher Haster 1:24750b9ad5ef 1731 int ret;
Christopher Haster 1:24750b9ad5ef 1732 size_t lz, lzt;
Christopher Haster 1:24750b9ad5ef 1733 mbedtls_mpi TG, TA, TB;
Christopher Haster 1:24750b9ad5ef 1734
Christopher Haster 1:24750b9ad5ef 1735 mbedtls_mpi_init( &TG ); mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
Christopher Haster 1:24750b9ad5ef 1736
Christopher Haster 1:24750b9ad5ef 1737 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) );
Christopher Haster 1:24750b9ad5ef 1738 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
Christopher Haster 1:24750b9ad5ef 1739
Christopher Haster 1:24750b9ad5ef 1740 lz = mbedtls_mpi_lsb( &TA );
Christopher Haster 1:24750b9ad5ef 1741 lzt = mbedtls_mpi_lsb( &TB );
Christopher Haster 1:24750b9ad5ef 1742
Christopher Haster 1:24750b9ad5ef 1743 if( lzt < lz )
Christopher Haster 1:24750b9ad5ef 1744 lz = lzt;
Christopher Haster 1:24750b9ad5ef 1745
Christopher Haster 1:24750b9ad5ef 1746 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, lz ) );
Christopher Haster 1:24750b9ad5ef 1747 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, lz ) );
Christopher Haster 1:24750b9ad5ef 1748
Christopher Haster 1:24750b9ad5ef 1749 TA.s = TB.s = 1;
Christopher Haster 1:24750b9ad5ef 1750
Christopher Haster 1:24750b9ad5ef 1751 while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 )
Christopher Haster 1:24750b9ad5ef 1752 {
Christopher Haster 1:24750b9ad5ef 1753 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) );
Christopher Haster 1:24750b9ad5ef 1754 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) );
Christopher Haster 1:24750b9ad5ef 1755
Christopher Haster 1:24750b9ad5ef 1756 if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
Christopher Haster 1:24750b9ad5ef 1757 {
Christopher Haster 1:24750b9ad5ef 1758 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) );
Christopher Haster 1:24750b9ad5ef 1759 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, 1 ) );
Christopher Haster 1:24750b9ad5ef 1760 }
Christopher Haster 1:24750b9ad5ef 1761 else
Christopher Haster 1:24750b9ad5ef 1762 {
Christopher Haster 1:24750b9ad5ef 1763 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) );
Christopher Haster 1:24750b9ad5ef 1764 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) );
Christopher Haster 1:24750b9ad5ef 1765 }
Christopher Haster 1:24750b9ad5ef 1766 }
Christopher Haster 1:24750b9ad5ef 1767
Christopher Haster 1:24750b9ad5ef 1768 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) );
Christopher Haster 1:24750b9ad5ef 1769 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) );
Christopher Haster 1:24750b9ad5ef 1770
Christopher Haster 1:24750b9ad5ef 1771 cleanup:
Christopher Haster 1:24750b9ad5ef 1772
Christopher Haster 1:24750b9ad5ef 1773 mbedtls_mpi_free( &TG ); mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TB );
Christopher Haster 1:24750b9ad5ef 1774
Christopher Haster 1:24750b9ad5ef 1775 return( ret );
Christopher Haster 1:24750b9ad5ef 1776 }
Christopher Haster 1:24750b9ad5ef 1777
Christopher Haster 1:24750b9ad5ef 1778 /*
Christopher Haster 1:24750b9ad5ef 1779 * Fill X with size bytes of random.
Christopher Haster 1:24750b9ad5ef 1780 *
Christopher Haster 1:24750b9ad5ef 1781 * Use a temporary bytes representation to make sure the result is the same
Christopher Haster 1:24750b9ad5ef 1782 * regardless of the platform endianness (useful when f_rng is actually
Christopher Haster 1:24750b9ad5ef 1783 * deterministic, eg for tests).
Christopher Haster 1:24750b9ad5ef 1784 */
Christopher Haster 1:24750b9ad5ef 1785 int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
Christopher Haster 1:24750b9ad5ef 1786 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 1787 void *p_rng )
Christopher Haster 1:24750b9ad5ef 1788 {
Christopher Haster 1:24750b9ad5ef 1789 int ret;
Christopher Haster 1:24750b9ad5ef 1790 unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
Christopher Haster 1:24750b9ad5ef 1791
Christopher Haster 1:24750b9ad5ef 1792 if( size > MBEDTLS_MPI_MAX_SIZE )
Christopher Haster 1:24750b9ad5ef 1793 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 1794
Christopher Haster 1:24750b9ad5ef 1795 MBEDTLS_MPI_CHK( f_rng( p_rng, buf, size ) );
Christopher Haster 1:24750b9ad5ef 1796 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
Christopher Haster 1:24750b9ad5ef 1797
Christopher Haster 1:24750b9ad5ef 1798 cleanup:
Christopher Haster 1:24750b9ad5ef 1799 return( ret );
Christopher Haster 1:24750b9ad5ef 1800 }
Christopher Haster 1:24750b9ad5ef 1801
Christopher Haster 1:24750b9ad5ef 1802 /*
Christopher Haster 1:24750b9ad5ef 1803 * Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64)
Christopher Haster 1:24750b9ad5ef 1804 */
Christopher Haster 1:24750b9ad5ef 1805 int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N )
Christopher Haster 1:24750b9ad5ef 1806 {
Christopher Haster 1:24750b9ad5ef 1807 int ret;
Christopher Haster 1:24750b9ad5ef 1808 mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
Christopher Haster 1:24750b9ad5ef 1809
Christopher Haster 1:24750b9ad5ef 1810 if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 )
Christopher Haster 1:24750b9ad5ef 1811 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 1812
Christopher Haster 1:24750b9ad5ef 1813 mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TU ); mbedtls_mpi_init( &U1 ); mbedtls_mpi_init( &U2 );
Christopher Haster 1:24750b9ad5ef 1814 mbedtls_mpi_init( &G ); mbedtls_mpi_init( &TB ); mbedtls_mpi_init( &TV );
Christopher Haster 1:24750b9ad5ef 1815 mbedtls_mpi_init( &V1 ); mbedtls_mpi_init( &V2 );
Christopher Haster 1:24750b9ad5ef 1816
Christopher Haster 1:24750b9ad5ef 1817 MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, A, N ) );
Christopher Haster 1:24750b9ad5ef 1818
Christopher Haster 1:24750b9ad5ef 1819 if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
Christopher Haster 1:24750b9ad5ef 1820 {
Christopher Haster 1:24750b9ad5ef 1821 ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
Christopher Haster 1:24750b9ad5ef 1822 goto cleanup;
Christopher Haster 1:24750b9ad5ef 1823 }
Christopher Haster 1:24750b9ad5ef 1824
Christopher Haster 1:24750b9ad5ef 1825 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, N ) );
Christopher Haster 1:24750b9ad5ef 1826 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) );
Christopher Haster 1:24750b9ad5ef 1827 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, N ) );
Christopher Haster 1:24750b9ad5ef 1828 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, N ) );
Christopher Haster 1:24750b9ad5ef 1829
Christopher Haster 1:24750b9ad5ef 1830 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) );
Christopher Haster 1:24750b9ad5ef 1831 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) );
Christopher Haster 1:24750b9ad5ef 1832 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) );
Christopher Haster 1:24750b9ad5ef 1833 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) );
Christopher Haster 1:24750b9ad5ef 1834
Christopher Haster 1:24750b9ad5ef 1835 do
Christopher Haster 1:24750b9ad5ef 1836 {
Christopher Haster 1:24750b9ad5ef 1837 while( ( TU.p[0] & 1 ) == 0 )
Christopher Haster 1:24750b9ad5ef 1838 {
Christopher Haster 1:24750b9ad5ef 1839 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TU, 1 ) );
Christopher Haster 1:24750b9ad5ef 1840
Christopher Haster 1:24750b9ad5ef 1841 if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 )
Christopher Haster 1:24750b9ad5ef 1842 {
Christopher Haster 1:24750b9ad5ef 1843 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &U1, &U1, &TB ) );
Christopher Haster 1:24750b9ad5ef 1844 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &TA ) );
Christopher Haster 1:24750b9ad5ef 1845 }
Christopher Haster 1:24750b9ad5ef 1846
Christopher Haster 1:24750b9ad5ef 1847 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U1, 1 ) );
Christopher Haster 1:24750b9ad5ef 1848 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U2, 1 ) );
Christopher Haster 1:24750b9ad5ef 1849 }
Christopher Haster 1:24750b9ad5ef 1850
Christopher Haster 1:24750b9ad5ef 1851 while( ( TV.p[0] & 1 ) == 0 )
Christopher Haster 1:24750b9ad5ef 1852 {
Christopher Haster 1:24750b9ad5ef 1853 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TV, 1 ) );
Christopher Haster 1:24750b9ad5ef 1854
Christopher Haster 1:24750b9ad5ef 1855 if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 )
Christopher Haster 1:24750b9ad5ef 1856 {
Christopher Haster 1:24750b9ad5ef 1857 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, &TB ) );
Christopher Haster 1:24750b9ad5ef 1858 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &TA ) );
Christopher Haster 1:24750b9ad5ef 1859 }
Christopher Haster 1:24750b9ad5ef 1860
Christopher Haster 1:24750b9ad5ef 1861 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V1, 1 ) );
Christopher Haster 1:24750b9ad5ef 1862 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V2, 1 ) );
Christopher Haster 1:24750b9ad5ef 1863 }
Christopher Haster 1:24750b9ad5ef 1864
Christopher Haster 1:24750b9ad5ef 1865 if( mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0 )
Christopher Haster 1:24750b9ad5ef 1866 {
Christopher Haster 1:24750b9ad5ef 1867 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) );
Christopher Haster 1:24750b9ad5ef 1868 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) );
Christopher Haster 1:24750b9ad5ef 1869 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) );
Christopher Haster 1:24750b9ad5ef 1870 }
Christopher Haster 1:24750b9ad5ef 1871 else
Christopher Haster 1:24750b9ad5ef 1872 {
Christopher Haster 1:24750b9ad5ef 1873 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) );
Christopher Haster 1:24750b9ad5ef 1874 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) );
Christopher Haster 1:24750b9ad5ef 1875 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) );
Christopher Haster 1:24750b9ad5ef 1876 }
Christopher Haster 1:24750b9ad5ef 1877 }
Christopher Haster 1:24750b9ad5ef 1878 while( mbedtls_mpi_cmp_int( &TU, 0 ) != 0 );
Christopher Haster 1:24750b9ad5ef 1879
Christopher Haster 1:24750b9ad5ef 1880 while( mbedtls_mpi_cmp_int( &V1, 0 ) < 0 )
Christopher Haster 1:24750b9ad5ef 1881 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, N ) );
Christopher Haster 1:24750b9ad5ef 1882
Christopher Haster 1:24750b9ad5ef 1883 while( mbedtls_mpi_cmp_mpi( &V1, N ) >= 0 )
Christopher Haster 1:24750b9ad5ef 1884 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, N ) );
Christopher Haster 1:24750b9ad5ef 1885
Christopher Haster 1:24750b9ad5ef 1886 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) );
Christopher Haster 1:24750b9ad5ef 1887
Christopher Haster 1:24750b9ad5ef 1888 cleanup:
Christopher Haster 1:24750b9ad5ef 1889
Christopher Haster 1:24750b9ad5ef 1890 mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TU ); mbedtls_mpi_free( &U1 ); mbedtls_mpi_free( &U2 );
Christopher Haster 1:24750b9ad5ef 1891 mbedtls_mpi_free( &G ); mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TV );
Christopher Haster 1:24750b9ad5ef 1892 mbedtls_mpi_free( &V1 ); mbedtls_mpi_free( &V2 );
Christopher Haster 1:24750b9ad5ef 1893
Christopher Haster 1:24750b9ad5ef 1894 return( ret );
Christopher Haster 1:24750b9ad5ef 1895 }
Christopher Haster 1:24750b9ad5ef 1896
Christopher Haster 1:24750b9ad5ef 1897 #if defined(MBEDTLS_GENPRIME)
Christopher Haster 1:24750b9ad5ef 1898
Christopher Haster 1:24750b9ad5ef 1899 static const int small_prime[] =
Christopher Haster 1:24750b9ad5ef 1900 {
Christopher Haster 1:24750b9ad5ef 1901 3, 5, 7, 11, 13, 17, 19, 23,
Christopher Haster 1:24750b9ad5ef 1902 29, 31, 37, 41, 43, 47, 53, 59,
Christopher Haster 1:24750b9ad5ef 1903 61, 67, 71, 73, 79, 83, 89, 97,
Christopher Haster 1:24750b9ad5ef 1904 101, 103, 107, 109, 113, 127, 131, 137,
Christopher Haster 1:24750b9ad5ef 1905 139, 149, 151, 157, 163, 167, 173, 179,
Christopher Haster 1:24750b9ad5ef 1906 181, 191, 193, 197, 199, 211, 223, 227,
Christopher Haster 1:24750b9ad5ef 1907 229, 233, 239, 241, 251, 257, 263, 269,
Christopher Haster 1:24750b9ad5ef 1908 271, 277, 281, 283, 293, 307, 311, 313,
Christopher Haster 1:24750b9ad5ef 1909 317, 331, 337, 347, 349, 353, 359, 367,
Christopher Haster 1:24750b9ad5ef 1910 373, 379, 383, 389, 397, 401, 409, 419,
Christopher Haster 1:24750b9ad5ef 1911 421, 431, 433, 439, 443, 449, 457, 461,
Christopher Haster 1:24750b9ad5ef 1912 463, 467, 479, 487, 491, 499, 503, 509,
Christopher Haster 1:24750b9ad5ef 1913 521, 523, 541, 547, 557, 563, 569, 571,
Christopher Haster 1:24750b9ad5ef 1914 577, 587, 593, 599, 601, 607, 613, 617,
Christopher Haster 1:24750b9ad5ef 1915 619, 631, 641, 643, 647, 653, 659, 661,
Christopher Haster 1:24750b9ad5ef 1916 673, 677, 683, 691, 701, 709, 719, 727,
Christopher Haster 1:24750b9ad5ef 1917 733, 739, 743, 751, 757, 761, 769, 773,
Christopher Haster 1:24750b9ad5ef 1918 787, 797, 809, 811, 821, 823, 827, 829,
Christopher Haster 1:24750b9ad5ef 1919 839, 853, 857, 859, 863, 877, 881, 883,
Christopher Haster 1:24750b9ad5ef 1920 887, 907, 911, 919, 929, 937, 941, 947,
Christopher Haster 1:24750b9ad5ef 1921 953, 967, 971, 977, 983, 991, 997, -103
Christopher Haster 1:24750b9ad5ef 1922 };
Christopher Haster 1:24750b9ad5ef 1923
Christopher Haster 1:24750b9ad5ef 1924 /*
Christopher Haster 1:24750b9ad5ef 1925 * Small divisors test (X must be positive)
Christopher Haster 1:24750b9ad5ef 1926 *
Christopher Haster 1:24750b9ad5ef 1927 * Return values:
Christopher Haster 1:24750b9ad5ef 1928 * 0: no small factor (possible prime, more tests needed)
Christopher Haster 1:24750b9ad5ef 1929 * 1: certain prime
Christopher Haster 1:24750b9ad5ef 1930 * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: certain non-prime
Christopher Haster 1:24750b9ad5ef 1931 * other negative: error
Christopher Haster 1:24750b9ad5ef 1932 */
Christopher Haster 1:24750b9ad5ef 1933 static int mpi_check_small_factors( const mbedtls_mpi *X )
Christopher Haster 1:24750b9ad5ef 1934 {
Christopher Haster 1:24750b9ad5ef 1935 int ret = 0;
Christopher Haster 1:24750b9ad5ef 1936 size_t i;
Christopher Haster 1:24750b9ad5ef 1937 mbedtls_mpi_uint r;
Christopher Haster 1:24750b9ad5ef 1938
Christopher Haster 1:24750b9ad5ef 1939 if( ( X->p[0] & 1 ) == 0 )
Christopher Haster 1:24750b9ad5ef 1940 return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
Christopher Haster 1:24750b9ad5ef 1941
Christopher Haster 1:24750b9ad5ef 1942 for( i = 0; small_prime[i] > 0; i++ )
Christopher Haster 1:24750b9ad5ef 1943 {
Christopher Haster 1:24750b9ad5ef 1944 if( mbedtls_mpi_cmp_int( X, small_prime[i] ) <= 0 )
Christopher Haster 1:24750b9ad5ef 1945 return( 1 );
Christopher Haster 1:24750b9ad5ef 1946
Christopher Haster 1:24750b9ad5ef 1947 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, small_prime[i] ) );
Christopher Haster 1:24750b9ad5ef 1948
Christopher Haster 1:24750b9ad5ef 1949 if( r == 0 )
Christopher Haster 1:24750b9ad5ef 1950 return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
Christopher Haster 1:24750b9ad5ef 1951 }
Christopher Haster 1:24750b9ad5ef 1952
Christopher Haster 1:24750b9ad5ef 1953 cleanup:
Christopher Haster 1:24750b9ad5ef 1954 return( ret );
Christopher Haster 1:24750b9ad5ef 1955 }
Christopher Haster 1:24750b9ad5ef 1956
Christopher Haster 1:24750b9ad5ef 1957 /*
Christopher Haster 1:24750b9ad5ef 1958 * Miller-Rabin pseudo-primality test (HAC 4.24)
Christopher Haster 1:24750b9ad5ef 1959 */
Christopher Haster 1:24750b9ad5ef 1960 static int mpi_miller_rabin( const mbedtls_mpi *X,
Christopher Haster 1:24750b9ad5ef 1961 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 1962 void *p_rng )
Christopher Haster 1:24750b9ad5ef 1963 {
Christopher Haster 1:24750b9ad5ef 1964 int ret, count;
Christopher Haster 1:24750b9ad5ef 1965 size_t i, j, k, n, s;
Christopher Haster 1:24750b9ad5ef 1966 mbedtls_mpi W, R, T, A, RR;
Christopher Haster 1:24750b9ad5ef 1967
Christopher Haster 1:24750b9ad5ef 1968 mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
Christopher Haster 1:24750b9ad5ef 1969 mbedtls_mpi_init( &RR );
Christopher Haster 1:24750b9ad5ef 1970
Christopher Haster 1:24750b9ad5ef 1971 /*
Christopher Haster 1:24750b9ad5ef 1972 * W = |X| - 1
Christopher Haster 1:24750b9ad5ef 1973 * R = W >> lsb( W )
Christopher Haster 1:24750b9ad5ef 1974 */
Christopher Haster 1:24750b9ad5ef 1975 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &W, X, 1 ) );
Christopher Haster 1:24750b9ad5ef 1976 s = mbedtls_mpi_lsb( &W );
Christopher Haster 1:24750b9ad5ef 1977 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R, &W ) );
Christopher Haster 1:24750b9ad5ef 1978 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) );
Christopher Haster 1:24750b9ad5ef 1979
Christopher Haster 1:24750b9ad5ef 1980 i = mbedtls_mpi_bitlen( X );
Christopher Haster 1:24750b9ad5ef 1981 /*
Christopher Haster 1:24750b9ad5ef 1982 * HAC, table 4.4
Christopher Haster 1:24750b9ad5ef 1983 */
Christopher Haster 1:24750b9ad5ef 1984 n = ( ( i >= 1300 ) ? 2 : ( i >= 850 ) ? 3 :
Christopher Haster 1:24750b9ad5ef 1985 ( i >= 650 ) ? 4 : ( i >= 350 ) ? 8 :
Christopher Haster 1:24750b9ad5ef 1986 ( i >= 250 ) ? 12 : ( i >= 150 ) ? 18 : 27 );
Christopher Haster 1:24750b9ad5ef 1987
Christopher Haster 1:24750b9ad5ef 1988 for( i = 0; i < n; i++ )
Christopher Haster 1:24750b9ad5ef 1989 {
Christopher Haster 1:24750b9ad5ef 1990 /*
Christopher Haster 1:24750b9ad5ef 1991 * pick a random A, 1 < A < |X| - 1
Christopher Haster 1:24750b9ad5ef 1992 */
Christopher Haster 1:24750b9ad5ef 1993 MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
Christopher Haster 1:24750b9ad5ef 1994
Christopher Haster 1:24750b9ad5ef 1995 if( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 )
Christopher Haster 1:24750b9ad5ef 1996 {
Christopher Haster 1:24750b9ad5ef 1997 j = mbedtls_mpi_bitlen( &A ) - mbedtls_mpi_bitlen( &W );
Christopher Haster 1:24750b9ad5ef 1998 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j + 1 ) );
Christopher Haster 1:24750b9ad5ef 1999 }
Christopher Haster 1:24750b9ad5ef 2000 A.p[0] |= 3;
Christopher Haster 1:24750b9ad5ef 2001
Christopher Haster 1:24750b9ad5ef 2002 count = 0;
Christopher Haster 1:24750b9ad5ef 2003 do {
Christopher Haster 1:24750b9ad5ef 2004 MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
Christopher Haster 1:24750b9ad5ef 2005
Christopher Haster 1:24750b9ad5ef 2006 j = mbedtls_mpi_bitlen( &A );
Christopher Haster 1:24750b9ad5ef 2007 k = mbedtls_mpi_bitlen( &W );
Christopher Haster 1:24750b9ad5ef 2008 if (j > k) {
Christopher Haster 1:24750b9ad5ef 2009 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j - k ) );
Christopher Haster 1:24750b9ad5ef 2010 }
Christopher Haster 1:24750b9ad5ef 2011
Christopher Haster 1:24750b9ad5ef 2012 if (count++ > 30) {
Christopher Haster 1:24750b9ad5ef 2013 return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
Christopher Haster 1:24750b9ad5ef 2014 }
Christopher Haster 1:24750b9ad5ef 2015
Christopher Haster 1:24750b9ad5ef 2016 } while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 ||
Christopher Haster 1:24750b9ad5ef 2017 mbedtls_mpi_cmp_int( &A, 1 ) <= 0 );
Christopher Haster 1:24750b9ad5ef 2018
Christopher Haster 1:24750b9ad5ef 2019 /*
Christopher Haster 1:24750b9ad5ef 2020 * A = A^R mod |X|
Christopher Haster 1:24750b9ad5ef 2021 */
Christopher Haster 1:24750b9ad5ef 2022 MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &A, &A, &R, X, &RR ) );
Christopher Haster 1:24750b9ad5ef 2023
Christopher Haster 1:24750b9ad5ef 2024 if( mbedtls_mpi_cmp_mpi( &A, &W ) == 0 ||
Christopher Haster 1:24750b9ad5ef 2025 mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
Christopher Haster 1:24750b9ad5ef 2026 continue;
Christopher Haster 1:24750b9ad5ef 2027
Christopher Haster 1:24750b9ad5ef 2028 j = 1;
Christopher Haster 1:24750b9ad5ef 2029 while( j < s && mbedtls_mpi_cmp_mpi( &A, &W ) != 0 )
Christopher Haster 1:24750b9ad5ef 2030 {
Christopher Haster 1:24750b9ad5ef 2031 /*
Christopher Haster 1:24750b9ad5ef 2032 * A = A * A mod |X|
Christopher Haster 1:24750b9ad5ef 2033 */
Christopher Haster 1:24750b9ad5ef 2034 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &A, &A ) );
Christopher Haster 1:24750b9ad5ef 2035 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &A, &T, X ) );
Christopher Haster 1:24750b9ad5ef 2036
Christopher Haster 1:24750b9ad5ef 2037 if( mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
Christopher Haster 1:24750b9ad5ef 2038 break;
Christopher Haster 1:24750b9ad5ef 2039
Christopher Haster 1:24750b9ad5ef 2040 j++;
Christopher Haster 1:24750b9ad5ef 2041 }
Christopher Haster 1:24750b9ad5ef 2042
Christopher Haster 1:24750b9ad5ef 2043 /*
Christopher Haster 1:24750b9ad5ef 2044 * not prime if A != |X| - 1 or A == 1
Christopher Haster 1:24750b9ad5ef 2045 */
Christopher Haster 1:24750b9ad5ef 2046 if( mbedtls_mpi_cmp_mpi( &A, &W ) != 0 ||
Christopher Haster 1:24750b9ad5ef 2047 mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
Christopher Haster 1:24750b9ad5ef 2048 {
Christopher Haster 1:24750b9ad5ef 2049 ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
Christopher Haster 1:24750b9ad5ef 2050 break;
Christopher Haster 1:24750b9ad5ef 2051 }
Christopher Haster 1:24750b9ad5ef 2052 }
Christopher Haster 1:24750b9ad5ef 2053
Christopher Haster 1:24750b9ad5ef 2054 cleanup:
Christopher Haster 1:24750b9ad5ef 2055 mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
Christopher Haster 1:24750b9ad5ef 2056 mbedtls_mpi_free( &RR );
Christopher Haster 1:24750b9ad5ef 2057
Christopher Haster 1:24750b9ad5ef 2058 return( ret );
Christopher Haster 1:24750b9ad5ef 2059 }
Christopher Haster 1:24750b9ad5ef 2060
Christopher Haster 1:24750b9ad5ef 2061 /*
Christopher Haster 1:24750b9ad5ef 2062 * Pseudo-primality test: small factors, then Miller-Rabin
Christopher Haster 1:24750b9ad5ef 2063 */
Christopher Haster 1:24750b9ad5ef 2064 int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
Christopher Haster 1:24750b9ad5ef 2065 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 2066 void *p_rng )
Christopher Haster 1:24750b9ad5ef 2067 {
Christopher Haster 1:24750b9ad5ef 2068 int ret;
Christopher Haster 1:24750b9ad5ef 2069 mbedtls_mpi XX;
Christopher Haster 1:24750b9ad5ef 2070
Christopher Haster 1:24750b9ad5ef 2071 XX.s = 1;
Christopher Haster 1:24750b9ad5ef 2072 XX.n = X->n;
Christopher Haster 1:24750b9ad5ef 2073 XX.p = X->p;
Christopher Haster 1:24750b9ad5ef 2074
Christopher Haster 1:24750b9ad5ef 2075 if( mbedtls_mpi_cmp_int( &XX, 0 ) == 0 ||
Christopher Haster 1:24750b9ad5ef 2076 mbedtls_mpi_cmp_int( &XX, 1 ) == 0 )
Christopher Haster 1:24750b9ad5ef 2077 return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
Christopher Haster 1:24750b9ad5ef 2078
Christopher Haster 1:24750b9ad5ef 2079 if( mbedtls_mpi_cmp_int( &XX, 2 ) == 0 )
Christopher Haster 1:24750b9ad5ef 2080 return( 0 );
Christopher Haster 1:24750b9ad5ef 2081
Christopher Haster 1:24750b9ad5ef 2082 if( ( ret = mpi_check_small_factors( &XX ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 2083 {
Christopher Haster 1:24750b9ad5ef 2084 if( ret == 1 )
Christopher Haster 1:24750b9ad5ef 2085 return( 0 );
Christopher Haster 1:24750b9ad5ef 2086
Christopher Haster 1:24750b9ad5ef 2087 return( ret );
Christopher Haster 1:24750b9ad5ef 2088 }
Christopher Haster 1:24750b9ad5ef 2089
Christopher Haster 1:24750b9ad5ef 2090 return( mpi_miller_rabin( &XX, f_rng, p_rng ) );
Christopher Haster 1:24750b9ad5ef 2091 }
Christopher Haster 1:24750b9ad5ef 2092
Christopher Haster 1:24750b9ad5ef 2093 /*
Christopher Haster 1:24750b9ad5ef 2094 * Prime number generation
Christopher Haster 1:24750b9ad5ef 2095 */
Christopher Haster 1:24750b9ad5ef 2096 int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
Christopher Haster 1:24750b9ad5ef 2097 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 2098 void *p_rng )
Christopher Haster 1:24750b9ad5ef 2099 {
Christopher Haster 1:24750b9ad5ef 2100 int ret;
Christopher Haster 1:24750b9ad5ef 2101 size_t k, n;
Christopher Haster 1:24750b9ad5ef 2102 mbedtls_mpi_uint r;
Christopher Haster 1:24750b9ad5ef 2103 mbedtls_mpi Y;
Christopher Haster 1:24750b9ad5ef 2104
Christopher Haster 1:24750b9ad5ef 2105 if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS )
Christopher Haster 1:24750b9ad5ef 2106 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 2107
Christopher Haster 1:24750b9ad5ef 2108 mbedtls_mpi_init( &Y );
Christopher Haster 1:24750b9ad5ef 2109
Christopher Haster 1:24750b9ad5ef 2110 n = BITS_TO_LIMBS( nbits );
Christopher Haster 1:24750b9ad5ef 2111
Christopher Haster 1:24750b9ad5ef 2112 MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
Christopher Haster 1:24750b9ad5ef 2113
Christopher Haster 1:24750b9ad5ef 2114 k = mbedtls_mpi_bitlen( X );
Christopher Haster 1:24750b9ad5ef 2115 if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits + 1 ) );
Christopher Haster 1:24750b9ad5ef 2116
Christopher Haster 1:24750b9ad5ef 2117 mbedtls_mpi_set_bit( X, nbits-1, 1 );
Christopher Haster 1:24750b9ad5ef 2118
Christopher Haster 1:24750b9ad5ef 2119 X->p[0] |= 1;
Christopher Haster 1:24750b9ad5ef 2120
Christopher Haster 1:24750b9ad5ef 2121 if( dh_flag == 0 )
Christopher Haster 1:24750b9ad5ef 2122 {
Christopher Haster 1:24750b9ad5ef 2123 while( ( ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 2124 {
Christopher Haster 1:24750b9ad5ef 2125 if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
Christopher Haster 1:24750b9ad5ef 2126 goto cleanup;
Christopher Haster 1:24750b9ad5ef 2127
Christopher Haster 1:24750b9ad5ef 2128 MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 2 ) );
Christopher Haster 1:24750b9ad5ef 2129 }
Christopher Haster 1:24750b9ad5ef 2130 }
Christopher Haster 1:24750b9ad5ef 2131 else
Christopher Haster 1:24750b9ad5ef 2132 {
Christopher Haster 1:24750b9ad5ef 2133 /*
Christopher Haster 1:24750b9ad5ef 2134 * An necessary condition for Y and X = 2Y + 1 to be prime
Christopher Haster 1:24750b9ad5ef 2135 * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
Christopher Haster 1:24750b9ad5ef 2136 * Make sure it is satisfied, while keeping X = 3 mod 4
Christopher Haster 1:24750b9ad5ef 2137 */
Christopher Haster 1:24750b9ad5ef 2138
Christopher Haster 1:24750b9ad5ef 2139 X->p[0] |= 2;
Christopher Haster 1:24750b9ad5ef 2140
Christopher Haster 1:24750b9ad5ef 2141 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
Christopher Haster 1:24750b9ad5ef 2142 if( r == 0 )
Christopher Haster 1:24750b9ad5ef 2143 MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
Christopher Haster 1:24750b9ad5ef 2144 else if( r == 1 )
Christopher Haster 1:24750b9ad5ef 2145 MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
Christopher Haster 1:24750b9ad5ef 2146
Christopher Haster 1:24750b9ad5ef 2147 /* Set Y = (X-1) / 2, which is X / 2 because X is odd */
Christopher Haster 1:24750b9ad5ef 2148 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
Christopher Haster 1:24750b9ad5ef 2149 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
Christopher Haster 1:24750b9ad5ef 2150
Christopher Haster 1:24750b9ad5ef 2151 while( 1 )
Christopher Haster 1:24750b9ad5ef 2152 {
Christopher Haster 1:24750b9ad5ef 2153 /*
Christopher Haster 1:24750b9ad5ef 2154 * First, check small factors for X and Y
Christopher Haster 1:24750b9ad5ef 2155 * before doing Miller-Rabin on any of them
Christopher Haster 1:24750b9ad5ef 2156 */
Christopher Haster 1:24750b9ad5ef 2157 if( ( ret = mpi_check_small_factors( X ) ) == 0 &&
Christopher Haster 1:24750b9ad5ef 2158 ( ret = mpi_check_small_factors( &Y ) ) == 0 &&
Christopher Haster 1:24750b9ad5ef 2159 ( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 &&
Christopher Haster 1:24750b9ad5ef 2160 ( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 )
Christopher Haster 1:24750b9ad5ef 2161 {
Christopher Haster 1:24750b9ad5ef 2162 break;
Christopher Haster 1:24750b9ad5ef 2163 }
Christopher Haster 1:24750b9ad5ef 2164
Christopher Haster 1:24750b9ad5ef 2165 if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
Christopher Haster 1:24750b9ad5ef 2166 goto cleanup;
Christopher Haster 1:24750b9ad5ef 2167
Christopher Haster 1:24750b9ad5ef 2168 /*
Christopher Haster 1:24750b9ad5ef 2169 * Next candidates. We want to preserve Y = (X-1) / 2 and
Christopher Haster 1:24750b9ad5ef 2170 * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
Christopher Haster 1:24750b9ad5ef 2171 * so up Y by 6 and X by 12.
Christopher Haster 1:24750b9ad5ef 2172 */
Christopher Haster 1:24750b9ad5ef 2173 MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) );
Christopher Haster 1:24750b9ad5ef 2174 MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) );
Christopher Haster 1:24750b9ad5ef 2175 }
Christopher Haster 1:24750b9ad5ef 2176 }
Christopher Haster 1:24750b9ad5ef 2177
Christopher Haster 1:24750b9ad5ef 2178 cleanup:
Christopher Haster 1:24750b9ad5ef 2179
Christopher Haster 1:24750b9ad5ef 2180 mbedtls_mpi_free( &Y );
Christopher Haster 1:24750b9ad5ef 2181
Christopher Haster 1:24750b9ad5ef 2182 return( ret );
Christopher Haster 1:24750b9ad5ef 2183 }
Christopher Haster 1:24750b9ad5ef 2184
Christopher Haster 1:24750b9ad5ef 2185 #endif /* MBEDTLS_GENPRIME */
Christopher Haster 1:24750b9ad5ef 2186
Christopher Haster 1:24750b9ad5ef 2187 #if defined(MBEDTLS_SELF_TEST)
Christopher Haster 1:24750b9ad5ef 2188
Christopher Haster 1:24750b9ad5ef 2189 #define GCD_PAIR_COUNT 3
Christopher Haster 1:24750b9ad5ef 2190
Christopher Haster 1:24750b9ad5ef 2191 static const int gcd_pairs[GCD_PAIR_COUNT][3] =
Christopher Haster 1:24750b9ad5ef 2192 {
Christopher Haster 1:24750b9ad5ef 2193 { 693, 609, 21 },
Christopher Haster 1:24750b9ad5ef 2194 { 1764, 868, 28 },
Christopher Haster 1:24750b9ad5ef 2195 { 768454923, 542167814, 1 }
Christopher Haster 1:24750b9ad5ef 2196 };
Christopher Haster 1:24750b9ad5ef 2197
Christopher Haster 1:24750b9ad5ef 2198 /*
Christopher Haster 1:24750b9ad5ef 2199 * Checkup routine
Christopher Haster 1:24750b9ad5ef 2200 */
Christopher Haster 1:24750b9ad5ef 2201 int mbedtls_mpi_self_test( int verbose )
Christopher Haster 1:24750b9ad5ef 2202 {
Christopher Haster 1:24750b9ad5ef 2203 int ret, i;
Christopher Haster 1:24750b9ad5ef 2204 mbedtls_mpi A, E, N, X, Y, U, V;
Christopher Haster 1:24750b9ad5ef 2205
Christopher Haster 1:24750b9ad5ef 2206 mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &X );
Christopher Haster 1:24750b9ad5ef 2207 mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &U ); mbedtls_mpi_init( &V );
Christopher Haster 1:24750b9ad5ef 2208
Christopher Haster 1:24750b9ad5ef 2209 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &A, 16,
Christopher Haster 1:24750b9ad5ef 2210 "EFE021C2645FD1DC586E69184AF4A31E" \
Christopher Haster 1:24750b9ad5ef 2211 "D5F53E93B5F123FA41680867BA110131" \
Christopher Haster 1:24750b9ad5ef 2212 "944FE7952E2517337780CB0DB80E61AA" \
Christopher Haster 1:24750b9ad5ef 2213 "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) );
Christopher Haster 1:24750b9ad5ef 2214
Christopher Haster 1:24750b9ad5ef 2215 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 16,
Christopher Haster 1:24750b9ad5ef 2216 "B2E7EFD37075B9F03FF989C7C5051C20" \
Christopher Haster 1:24750b9ad5ef 2217 "34D2A323810251127E7BF8625A4F49A5" \
Christopher Haster 1:24750b9ad5ef 2218 "F3E27F4DA8BD59C47D6DAABA4C8127BD" \
Christopher Haster 1:24750b9ad5ef 2219 "5B5C25763222FEFCCFC38B832366C29E" ) );
Christopher Haster 1:24750b9ad5ef 2220
Christopher Haster 1:24750b9ad5ef 2221 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &N, 16,
Christopher Haster 1:24750b9ad5ef 2222 "0066A198186C18C10B2F5ED9B522752A" \
Christopher Haster 1:24750b9ad5ef 2223 "9830B69916E535C8F047518A889A43A5" \
Christopher Haster 1:24750b9ad5ef 2224 "94B6BED27A168D31D4A52F88925AA8F5" ) );
Christopher Haster 1:24750b9ad5ef 2225
Christopher Haster 1:24750b9ad5ef 2226 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &A, &N ) );
Christopher Haster 1:24750b9ad5ef 2227
Christopher Haster 1:24750b9ad5ef 2228 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
Christopher Haster 1:24750b9ad5ef 2229 "602AB7ECA597A3D6B56FF9829A5E8B85" \
Christopher Haster 1:24750b9ad5ef 2230 "9E857EA95A03512E2BAE7391688D264A" \
Christopher Haster 1:24750b9ad5ef 2231 "A5663B0341DB9CCFD2C4C5F421FEC814" \
Christopher Haster 1:24750b9ad5ef 2232 "8001B72E848A38CAE1C65F78E56ABDEF" \
Christopher Haster 1:24750b9ad5ef 2233 "E12D3C039B8A02D6BE593F0BBBDA56F1" \
Christopher Haster 1:24750b9ad5ef 2234 "ECF677152EF804370C1A305CAF3B5BF1" \
Christopher Haster 1:24750b9ad5ef 2235 "30879B56C61DE584A0F53A2447A51E" ) );
Christopher Haster 1:24750b9ad5ef 2236
Christopher Haster 1:24750b9ad5ef 2237 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2238 mbedtls_printf( " MPI test #1 (mul_mpi): " );
Christopher Haster 1:24750b9ad5ef 2239
Christopher Haster 1:24750b9ad5ef 2240 if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
Christopher Haster 1:24750b9ad5ef 2241 {
Christopher Haster 1:24750b9ad5ef 2242 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2243 mbedtls_printf( "failed\n" );
Christopher Haster 1:24750b9ad5ef 2244
Christopher Haster 1:24750b9ad5ef 2245 ret = 1;
Christopher Haster 1:24750b9ad5ef 2246 goto cleanup;
Christopher Haster 1:24750b9ad5ef 2247 }
Christopher Haster 1:24750b9ad5ef 2248
Christopher Haster 1:24750b9ad5ef 2249 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2250 mbedtls_printf( "passed\n" );
Christopher Haster 1:24750b9ad5ef 2251
Christopher Haster 1:24750b9ad5ef 2252 MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &X, &Y, &A, &N ) );
Christopher Haster 1:24750b9ad5ef 2253
Christopher Haster 1:24750b9ad5ef 2254 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
Christopher Haster 1:24750b9ad5ef 2255 "256567336059E52CAE22925474705F39A94" ) );
Christopher Haster 1:24750b9ad5ef 2256
Christopher Haster 1:24750b9ad5ef 2257 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &V, 16,
Christopher Haster 1:24750b9ad5ef 2258 "6613F26162223DF488E9CD48CC132C7A" \
Christopher Haster 1:24750b9ad5ef 2259 "0AC93C701B001B092E4E5B9F73BCD27B" \
Christopher Haster 1:24750b9ad5ef 2260 "9EE50D0657C77F374E903CDFA4C642" ) );
Christopher Haster 1:24750b9ad5ef 2261
Christopher Haster 1:24750b9ad5ef 2262 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2263 mbedtls_printf( " MPI test #2 (div_mpi): " );
Christopher Haster 1:24750b9ad5ef 2264
Christopher Haster 1:24750b9ad5ef 2265 if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ||
Christopher Haster 1:24750b9ad5ef 2266 mbedtls_mpi_cmp_mpi( &Y, &V ) != 0 )
Christopher Haster 1:24750b9ad5ef 2267 {
Christopher Haster 1:24750b9ad5ef 2268 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2269 mbedtls_printf( "failed\n" );
Christopher Haster 1:24750b9ad5ef 2270
Christopher Haster 1:24750b9ad5ef 2271 ret = 1;
Christopher Haster 1:24750b9ad5ef 2272 goto cleanup;
Christopher Haster 1:24750b9ad5ef 2273 }
Christopher Haster 1:24750b9ad5ef 2274
Christopher Haster 1:24750b9ad5ef 2275 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2276 mbedtls_printf( "passed\n" );
Christopher Haster 1:24750b9ad5ef 2277
Christopher Haster 1:24750b9ad5ef 2278 MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &X, &A, &E, &N, NULL ) );
Christopher Haster 1:24750b9ad5ef 2279
Christopher Haster 1:24750b9ad5ef 2280 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
Christopher Haster 1:24750b9ad5ef 2281 "36E139AEA55215609D2816998ED020BB" \
Christopher Haster 1:24750b9ad5ef 2282 "BD96C37890F65171D948E9BC7CBAA4D9" \
Christopher Haster 1:24750b9ad5ef 2283 "325D24D6A3C12710F10A09FA08AB87" ) );
Christopher Haster 1:24750b9ad5ef 2284
Christopher Haster 1:24750b9ad5ef 2285 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2286 mbedtls_printf( " MPI test #3 (exp_mod): " );
Christopher Haster 1:24750b9ad5ef 2287
Christopher Haster 1:24750b9ad5ef 2288 if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
Christopher Haster 1:24750b9ad5ef 2289 {
Christopher Haster 1:24750b9ad5ef 2290 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2291 mbedtls_printf( "failed\n" );
Christopher Haster 1:24750b9ad5ef 2292
Christopher Haster 1:24750b9ad5ef 2293 ret = 1;
Christopher Haster 1:24750b9ad5ef 2294 goto cleanup;
Christopher Haster 1:24750b9ad5ef 2295 }
Christopher Haster 1:24750b9ad5ef 2296
Christopher Haster 1:24750b9ad5ef 2297 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2298 mbedtls_printf( "passed\n" );
Christopher Haster 1:24750b9ad5ef 2299
Christopher Haster 1:24750b9ad5ef 2300 MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &X, &A, &N ) );
Christopher Haster 1:24750b9ad5ef 2301
Christopher Haster 1:24750b9ad5ef 2302 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
Christopher Haster 1:24750b9ad5ef 2303 "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \
Christopher Haster 1:24750b9ad5ef 2304 "C3DBA76456363A10869622EAC2DD84EC" \
Christopher Haster 1:24750b9ad5ef 2305 "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) );
Christopher Haster 1:24750b9ad5ef 2306
Christopher Haster 1:24750b9ad5ef 2307 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2308 mbedtls_printf( " MPI test #4 (inv_mod): " );
Christopher Haster 1:24750b9ad5ef 2309
Christopher Haster 1:24750b9ad5ef 2310 if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
Christopher Haster 1:24750b9ad5ef 2311 {
Christopher Haster 1:24750b9ad5ef 2312 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2313 mbedtls_printf( "failed\n" );
Christopher Haster 1:24750b9ad5ef 2314
Christopher Haster 1:24750b9ad5ef 2315 ret = 1;
Christopher Haster 1:24750b9ad5ef 2316 goto cleanup;
Christopher Haster 1:24750b9ad5ef 2317 }
Christopher Haster 1:24750b9ad5ef 2318
Christopher Haster 1:24750b9ad5ef 2319 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2320 mbedtls_printf( "passed\n" );
Christopher Haster 1:24750b9ad5ef 2321
Christopher Haster 1:24750b9ad5ef 2322 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2323 mbedtls_printf( " MPI test #5 (simple gcd): " );
Christopher Haster 1:24750b9ad5ef 2324
Christopher Haster 1:24750b9ad5ef 2325 for( i = 0; i < GCD_PAIR_COUNT; i++ )
Christopher Haster 1:24750b9ad5ef 2326 {
Christopher Haster 1:24750b9ad5ef 2327 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &X, gcd_pairs[i][0] ) );
Christopher Haster 1:24750b9ad5ef 2328 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Y, gcd_pairs[i][1] ) );
Christopher Haster 1:24750b9ad5ef 2329
Christopher Haster 1:24750b9ad5ef 2330 MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &A, &X, &Y ) );
Christopher Haster 1:24750b9ad5ef 2331
Christopher Haster 1:24750b9ad5ef 2332 if( mbedtls_mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 )
Christopher Haster 1:24750b9ad5ef 2333 {
Christopher Haster 1:24750b9ad5ef 2334 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2335 mbedtls_printf( "failed at %d\n", i );
Christopher Haster 1:24750b9ad5ef 2336
Christopher Haster 1:24750b9ad5ef 2337 ret = 1;
Christopher Haster 1:24750b9ad5ef 2338 goto cleanup;
Christopher Haster 1:24750b9ad5ef 2339 }
Christopher Haster 1:24750b9ad5ef 2340 }
Christopher Haster 1:24750b9ad5ef 2341
Christopher Haster 1:24750b9ad5ef 2342 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2343 mbedtls_printf( "passed\n" );
Christopher Haster 1:24750b9ad5ef 2344
Christopher Haster 1:24750b9ad5ef 2345 cleanup:
Christopher Haster 1:24750b9ad5ef 2346
Christopher Haster 1:24750b9ad5ef 2347 if( ret != 0 && verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2348 mbedtls_printf( "Unexpected error, return code = %08X\n", ret );
Christopher Haster 1:24750b9ad5ef 2349
Christopher Haster 1:24750b9ad5ef 2350 mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X );
Christopher Haster 1:24750b9ad5ef 2351 mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V );
Christopher Haster 1:24750b9ad5ef 2352
Christopher Haster 1:24750b9ad5ef 2353 if( verbose != 0 )
Christopher Haster 1:24750b9ad5ef 2354 mbedtls_printf( "\n" );
Christopher Haster 1:24750b9ad5ef 2355
Christopher Haster 1:24750b9ad5ef 2356 return( ret );
Christopher Haster 1:24750b9ad5ef 2357 }
Christopher Haster 1:24750b9ad5ef 2358
Christopher Haster 1:24750b9ad5ef 2359 #endif /* MBEDTLS_SELF_TEST */
Christopher Haster 1:24750b9ad5ef 2360
Christopher Haster 1:24750b9ad5ef 2361 #endif /* MBEDTLS_BIGNUM_C */