Kenji Arai
/
mbed-os_TYBLE16
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
Embed:
(wiki syntax)
Show/hide line numbers
bignum.h
Go to the documentation of this file.
00001 /** 00002 * \file bignum.h 00003 * 00004 * \brief Multi-precision integer library 00005 */ 00006 /* 00007 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00008 * SPDX-License-Identifier: Apache-2.0 00009 * 00010 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00011 * not use this file except in compliance with the License. 00012 * You may obtain a copy of the License at 00013 * 00014 * http://www.apache.org/licenses/LICENSE-2.0 00015 * 00016 * Unless required by applicable law or agreed to in writing, software 00017 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00018 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00019 * See the License for the specific language governing permissions and 00020 * limitations under the License. 00021 * 00022 * This file is part of mbed TLS (https://tls.mbed.org) 00023 */ 00024 #ifndef MBEDTLS_BIGNUM_H 00025 #define MBEDTLS_BIGNUM_H 00026 00027 #if !defined(MBEDTLS_CONFIG_FILE) 00028 #include "mbedtls/config.h" 00029 #else 00030 #include MBEDTLS_CONFIG_FILE 00031 #endif 00032 00033 #include <stddef.h> 00034 #include <stdint.h> 00035 00036 #if defined(MBEDTLS_FS_IO) 00037 #include <stdio.h> 00038 #endif 00039 00040 #define MBEDTLS_ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */ 00041 #define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Bad input parameters to function. */ 00042 #define MBEDTLS_ERR_MPI_INVALID_CHARACTER -0x0006 /**< There is an invalid character in the digit string. */ 00043 #define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008 /**< The buffer is too small to write to. */ 00044 #define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A /**< The input arguments are negative or result in illegal output. */ 00045 #define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C /**< The input argument for division is zero, which is not allowed. */ 00046 #define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E /**< The input arguments are not acceptable. */ 00047 #define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 /**< Memory allocation failed. */ 00048 00049 #define MBEDTLS_MPI_CHK(f) \ 00050 do \ 00051 { \ 00052 if( ( ret = (f) ) != 0 ) \ 00053 goto cleanup; \ 00054 } while( 0 ) 00055 00056 /* 00057 * Maximum size MPIs are allowed to grow to in number of limbs. 00058 */ 00059 #define MBEDTLS_MPI_MAX_LIMBS 10000 00060 00061 #if !defined(MBEDTLS_MPI_WINDOW_SIZE) 00062 /* 00063 * Maximum window size used for modular exponentiation. Default: 6 00064 * Minimum value: 1. Maximum value: 6. 00065 * 00066 * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used 00067 * for the sliding window calculation. (So 64 by default) 00068 * 00069 * Reduction in size, reduces speed. 00070 */ 00071 #define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 00072 #endif /* !MBEDTLS_MPI_WINDOW_SIZE */ 00073 00074 #if !defined(MBEDTLS_MPI_MAX_SIZE) 00075 /* 00076 * Maximum size of MPIs allowed in bits and bytes for user-MPIs. 00077 * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits ) 00078 * 00079 * Note: Calculations can temporarily result in larger MPIs. So the number 00080 * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher. 00081 */ 00082 #define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 00083 #endif /* !MBEDTLS_MPI_MAX_SIZE */ 00084 00085 #define MBEDTLS_MPI_MAX_BITS ( 8 * MBEDTLS_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */ 00086 00087 /* 00088 * When reading from files with mbedtls_mpi_read_file() and writing to files with 00089 * mbedtls_mpi_write_file() the buffer should have space 00090 * for a (short) label, the MPI (in the provided radix), the newline 00091 * characters and the '\0'. 00092 * 00093 * By default we assume at least a 10 char label, a minimum radix of 10 00094 * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars). 00095 * Autosized at compile time for at least a 10 char label, a minimum radix 00096 * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size. 00097 * 00098 * This used to be statically sized to 1250 for a maximum of 4096 bit 00099 * numbers (1234 decimal chars). 00100 * 00101 * Calculate using the formula: 00102 * MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) + 00103 * LabelSize + 6 00104 */ 00105 #define MBEDTLS_MPI_MAX_BITS_SCALE100 ( 100 * MBEDTLS_MPI_MAX_BITS ) 00106 #define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332 00107 #define MBEDTLS_MPI_RW_BUFFER_SIZE ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 ) 00108 00109 /* 00110 * Define the base integer type, architecture-wise. 00111 * 00112 * 32 or 64-bit integer types can be forced regardless of the underlying 00113 * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 00114 * respectively and undefining MBEDTLS_HAVE_ASM. 00115 * 00116 * Double-width integers (e.g. 128-bit in 64-bit architectures) can be 00117 * disabled by defining MBEDTLS_NO_UDBL_DIVISION. 00118 */ 00119 #if !defined(MBEDTLS_HAVE_INT32) 00120 #if defined(_MSC_VER) && defined(_M_AMD64) 00121 /* Always choose 64-bit when using MSC */ 00122 #if !defined(MBEDTLS_HAVE_INT64) 00123 #define MBEDTLS_HAVE_INT64 00124 #endif /* !MBEDTLS_HAVE_INT64 */ 00125 typedef int64_t mbedtls_mpi_sint; 00126 typedef uint64_t mbedtls_mpi_uint; 00127 #elif defined(__GNUC__) && ( \ 00128 defined(__amd64__) || defined(__x86_64__) || \ 00129 defined(__ppc64__) || defined(__powerpc64__) || \ 00130 defined(__ia64__) || defined(__alpha__) || \ 00131 ( defined(__sparc__) && defined(__arch64__) ) || \ 00132 defined(__s390x__) || defined(__mips64) || \ 00133 defined(__aarch64__) ) 00134 #if !defined(MBEDTLS_HAVE_INT64) 00135 #define MBEDTLS_HAVE_INT64 00136 #endif /* MBEDTLS_HAVE_INT64 */ 00137 typedef int64_t mbedtls_mpi_sint; 00138 typedef uint64_t mbedtls_mpi_uint; 00139 #if !defined(MBEDTLS_NO_UDBL_DIVISION) 00140 /* mbedtls_t_udbl defined as 128-bit unsigned int */ 00141 typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); 00142 #define MBEDTLS_HAVE_UDBL 00143 #endif /* !MBEDTLS_NO_UDBL_DIVISION */ 00144 #elif defined(__ARMCC_VERSION) && defined(__aarch64__) 00145 /* 00146 * __ARMCC_VERSION is defined for both armcc and armclang and 00147 * __aarch64__ is only defined by armclang when compiling 64-bit code 00148 */ 00149 #if !defined(MBEDTLS_HAVE_INT64) 00150 #define MBEDTLS_HAVE_INT64 00151 #endif /* !MBEDTLS_HAVE_INT64 */ 00152 typedef int64_t mbedtls_mpi_sint; 00153 typedef uint64_t mbedtls_mpi_uint; 00154 #if !defined(MBEDTLS_NO_UDBL_DIVISION) 00155 /* mbedtls_t_udbl defined as 128-bit unsigned int */ 00156 typedef __uint128_t mbedtls_t_udbl; 00157 #define MBEDTLS_HAVE_UDBL 00158 #endif /* !MBEDTLS_NO_UDBL_DIVISION */ 00159 #elif defined(MBEDTLS_HAVE_INT64) 00160 /* Force 64-bit integers with unknown compiler */ 00161 typedef int64_t mbedtls_mpi_sint; 00162 typedef uint64_t mbedtls_mpi_uint; 00163 #endif 00164 #endif /* !MBEDTLS_HAVE_INT32 */ 00165 00166 #if !defined(MBEDTLS_HAVE_INT64) 00167 /* Default to 32-bit compilation */ 00168 #if !defined(MBEDTLS_HAVE_INT32) 00169 #define MBEDTLS_HAVE_INT32 00170 #endif /* !MBEDTLS_HAVE_INT32 */ 00171 typedef int32_t mbedtls_mpi_sint; 00172 typedef uint32_t mbedtls_mpi_uint; 00173 #if !defined(MBEDTLS_NO_UDBL_DIVISION) 00174 typedef uint64_t mbedtls_t_udbl; 00175 #define MBEDTLS_HAVE_UDBL 00176 #endif /* !MBEDTLS_NO_UDBL_DIVISION */ 00177 #endif /* !MBEDTLS_HAVE_INT64 */ 00178 00179 #ifdef __cplusplus 00180 extern "C" { 00181 #endif 00182 00183 /** 00184 * \brief MPI structure 00185 */ 00186 typedef struct mbedtls_mpi 00187 { 00188 int s ; /*!< integer sign */ 00189 size_t n ; /*!< total # of limbs */ 00190 mbedtls_mpi_uint *p ; /*!< pointer to limbs */ 00191 } 00192 mbedtls_mpi; 00193 00194 /** 00195 * \brief Initialize an MPI context. 00196 * 00197 * This makes the MPI ready to be set or freed, 00198 * but does not define a value for the MPI. 00199 * 00200 * \param X The MPI context to initialize. This must not be \c NULL. 00201 */ 00202 void mbedtls_mpi_init( mbedtls_mpi *X ); 00203 00204 /** 00205 * \brief This function frees the components of an MPI context. 00206 * 00207 * \param X The MPI context to be cleared. This may be \c NULL, 00208 * in which case this function is a no-op. If it is 00209 * not \c NULL, it must point to an initialized MPI. 00210 */ 00211 void mbedtls_mpi_free( mbedtls_mpi *X ); 00212 00213 /** 00214 * \brief Enlarge an MPI to the specified number of limbs. 00215 * 00216 * \note This function does nothing if the MPI is 00217 * already large enough. 00218 * 00219 * \param X The MPI to grow. It must be initialized. 00220 * \param nblimbs The target number of limbs. 00221 * 00222 * \return \c 0 if successful. 00223 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 00224 * \return Another negative error code on other kinds of failure. 00225 */ 00226 int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ); 00227 00228 /** 00229 * \brief This function resizes an MPI downwards, keeping at least the 00230 * specified number of limbs. 00231 * 00232 * If \c X is smaller than \c nblimbs, it is resized up 00233 * instead. 00234 * 00235 * \param X The MPI to shrink. This must point to an initialized MPI. 00236 * \param nblimbs The minimum number of limbs to keep. 00237 * 00238 * \return \c 0 if successful. 00239 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed 00240 * (this can only happen when resizing up). 00241 * \return Another negative error code on other kinds of failure. 00242 */ 00243 int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ); 00244 00245 /** 00246 * \brief Make a copy of an MPI. 00247 * 00248 * \param X The destination MPI. This must point to an initialized MPI. 00249 * \param Y The source MPI. This must point to an initialized MPI. 00250 * 00251 * \note The limb-buffer in the destination MPI is enlarged 00252 * if necessary to hold the value in the source MPI. 00253 * 00254 * \return \c 0 if successful. 00255 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 00256 * \return Another negative error code on other kinds of failure. 00257 */ 00258 int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ); 00259 00260 /** 00261 * \brief Swap the contents of two MPIs. 00262 * 00263 * \param X The first MPI. It must be initialized. 00264 * \param Y The second MPI. It must be initialized. 00265 */ 00266 void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ); 00267 00268 /** 00269 * \brief Perform a safe conditional copy of MPI which doesn't 00270 * reveal whether the condition was true or not. 00271 * 00272 * \param X The MPI to conditionally assign to. This must point 00273 * to an initialized MPI. 00274 * \param Y The MPI to be assigned from. This must point to an 00275 * initialized MPI. 00276 * \param assign The condition deciding whether to perform the 00277 * assignment or not. Possible values: 00278 * * \c 1: Perform the assignment `X = Y`. 00279 * * \c 0: Keep the original value of \p X. 00280 * 00281 * \note This function is equivalent to 00282 * `if( assign ) mbedtls_mpi_copy( X, Y );` 00283 * except that it avoids leaking any information about whether 00284 * the assignment was done or not (the above code may leak 00285 * information through branch prediction and/or memory access 00286 * patterns analysis). 00287 * 00288 * \return \c 0 if successful. 00289 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 00290 * \return Another negative error code on other kinds of failure. 00291 */ 00292 int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign ); 00293 00294 /** 00295 * \brief Perform a safe conditional swap which doesn't 00296 * reveal whether the condition was true or not. 00297 * 00298 * \param X The first MPI. This must be initialized. 00299 * \param Y The second MPI. This must be initialized. 00300 * \param assign The condition deciding whether to perform 00301 * the swap or not. Possible values: 00302 * * \c 1: Swap the values of \p X and \p Y. 00303 * * \c 0: Keep the original values of \p X and \p Y. 00304 * 00305 * \note This function is equivalent to 00306 * if( assign ) mbedtls_mpi_swap( X, Y ); 00307 * except that it avoids leaking any information about whether 00308 * the assignment was done or not (the above code may leak 00309 * information through branch prediction and/or memory access 00310 * patterns analysis). 00311 * 00312 * \return \c 0 if successful. 00313 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 00314 * \return Another negative error code on other kinds of failure. 00315 * 00316 */ 00317 int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign ); 00318 00319 /** 00320 * \brief Store integer value in MPI. 00321 * 00322 * \param X The MPI to set. This must be initialized. 00323 * \param z The value to use. 00324 * 00325 * \return \c 0 if successful. 00326 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 00327 * \return Another negative error code on other kinds of failure. 00328 */ 00329 int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ); 00330 00331 /** 00332 * \brief Get a specific bit from an MPI. 00333 * 00334 * \param X The MPI to query. This must be initialized. 00335 * \param pos Zero-based index of the bit to query. 00336 * 00337 * \return \c 0 or \c 1 on success, depending on whether bit \c pos 00338 * of \c X is unset or set. 00339 * \return A negative error code on failure. 00340 */ 00341 int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ); 00342 00343 /** 00344 * \brief Modify a specific bit in an MPI. 00345 * 00346 * \note This function will grow the target MPI if necessary to set a 00347 * bit to \c 1 in a not yet existing limb. It will not grow if 00348 * the bit should be set to \c 0. 00349 * 00350 * \param X The MPI to modify. This must be initialized. 00351 * \param pos Zero-based index of the bit to modify. 00352 * \param val The desired value of bit \c pos: \c 0 or \c 1. 00353 * 00354 * \return \c 0 if successful. 00355 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 00356 * \return Another negative error code on other kinds of failure. 00357 */ 00358 int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ); 00359 00360 /** 00361 * \brief Return the number of bits of value \c 0 before the 00362 * least significant bit of value \c 1. 00363 * 00364 * \note This is the same as the zero-based index of 00365 * the least significant bit of value \c 1. 00366 * 00367 * \param X The MPI to query. 00368 * 00369 * \return The number of bits of value \c 0 before the least significant 00370 * bit of value \c 1 in \p X. 00371 */ 00372 size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ); 00373 00374 /** 00375 * \brief Return the number of bits up to and including the most 00376 * significant bit of value \c 1. 00377 * 00378 * * \note This is same as the one-based index of the most 00379 * significant bit of value \c 1. 00380 * 00381 * \param X The MPI to query. This must point to an initialized MPI. 00382 * 00383 * \return The number of bits up to and including the most 00384 * significant bit of value \c 1. 00385 */ 00386 size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ); 00387 00388 /** 00389 * \brief Return the total size of an MPI value in bytes. 00390 * 00391 * \param X The MPI to use. This must point to an initialized MPI. 00392 * 00393 * \note The value returned by this function may be less than 00394 * the number of bytes used to store \p X internally. 00395 * This happens if and only if there are trailing bytes 00396 * of value zero. 00397 * 00398 * \return The least number of bytes capable of storing 00399 * the absolute value of \p X. 00400 */ 00401 size_t mbedtls_mpi_size( const mbedtls_mpi *X ); 00402 00403 /** 00404 * \brief Import an MPI from an ASCII string. 00405 * 00406 * \param X The destination MPI. This must point to an initialized MPI. 00407 * \param radix The numeric base of the input string. 00408 * \param s Null-terminated string buffer. 00409 * 00410 * \return \c 0 if successful. 00411 * \return A negative error code on failure. 00412 */ 00413 int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ); 00414 00415 /** 00416 * \brief Export an MPI to an ASCII string. 00417 * 00418 * \param X The source MPI. This must point to an initialized MPI. 00419 * \param radix The numeric base of the output string. 00420 * \param buf The buffer to write the string to. This must be writable 00421 * buffer of length \p buflen Bytes. 00422 * \param buflen The available size in Bytes of \p buf. 00423 * \param olen The address at which to store the length of the string 00424 * written, including the final \c NULL byte. This must 00425 * not be \c NULL. 00426 * 00427 * \note You can call this function with `buflen == 0` to obtain the 00428 * minimum required buffer size in `*olen`. 00429 * 00430 * \return \c 0 if successful. 00431 * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf 00432 * is too small to hold the value of \p X in the desired base. 00433 * In this case, `*olen` is nonetheless updated to contain the 00434 * size of \p buf required for a successful call. 00435 * \return Another negative error code on different kinds of failure. 00436 */ 00437 int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, 00438 char *buf, size_t buflen, size_t *olen ); 00439 00440 #if defined(MBEDTLS_FS_IO) 00441 /** 00442 * \brief Read an MPI from a line in an opened file. 00443 * 00444 * \param X The destination MPI. This must point to an initialized MPI. 00445 * \param radix The numeric base of the string representation used 00446 * in the source line. 00447 * \param fin The input file handle to use. This must not be \c NULL. 00448 * 00449 * \note On success, this function advances the file stream 00450 * to the end of the current line or to EOF. 00451 * 00452 * The function returns \c 0 on an empty line. 00453 * 00454 * Leading whitespaces are ignored, as is a 00455 * '0x' prefix for radix \c 16. 00456 * 00457 * \return \c 0 if successful. 00458 * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the file read buffer 00459 * is too small. 00460 * \return Another negative error code on failure. 00461 */ 00462 int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ); 00463 00464 /** 00465 * \brief Export an MPI into an opened file. 00466 * 00467 * \param p A string prefix to emit prior to the MPI data. 00468 * For example, this might be a label, or "0x" when 00469 * printing in base \c 16. This may be \c NULL if no prefix 00470 * is needed. 00471 * \param X The source MPI. This must point to an initialized MPI. 00472 * \param radix The numeric base to be used in the emitted string. 00473 * \param fout The output file handle. This may be \c NULL, in which case 00474 * the output is written to \c stdout. 00475 * 00476 * \return \c 0 if successful. 00477 * \return A negative error code on failure. 00478 */ 00479 int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, 00480 int radix, FILE *fout ); 00481 #endif /* MBEDTLS_FS_IO */ 00482 00483 /** 00484 * \brief Import an MPI from unsigned big endian binary data. 00485 * 00486 * \param X The destination MPI. This must point to an initialized MPI. 00487 * \param buf The input buffer. This must be a readable buffer of length 00488 * \p buflen Bytes. 00489 * \param buflen The length of the input buffer \p p in Bytes. 00490 * 00491 * \return \c 0 if successful. 00492 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 00493 * \return Another negative error code on different kinds of failure. 00494 */ 00495 int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, 00496 size_t buflen ); 00497 00498 /** 00499 * \brief Import X from unsigned binary data, little endian 00500 * 00501 * \param X The destination MPI. This must point to an initialized MPI. 00502 * \param buf The input buffer. This must be a readable buffer of length 00503 * \p buflen Bytes. 00504 * \param buflen The length of the input buffer \p p in Bytes. 00505 * 00506 * \return \c 0 if successful. 00507 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 00508 * \return Another negative error code on different kinds of failure. 00509 */ 00510 int mbedtls_mpi_read_binary_le( mbedtls_mpi *X, 00511 const unsigned char *buf, size_t buflen ); 00512 00513 /** 00514 * \brief Export X into unsigned binary data, big endian. 00515 * Always fills the whole buffer, which will start with zeros 00516 * if the number is smaller. 00517 * 00518 * \param X The source MPI. This must point to an initialized MPI. 00519 * \param buf The output buffer. This must be a writable buffer of length 00520 * \p buflen Bytes. 00521 * \param buflen The size of the output buffer \p buf in Bytes. 00522 * 00523 * \return \c 0 if successful. 00524 * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't 00525 * large enough to hold the value of \p X. 00526 * \return Another negative error code on different kinds of failure. 00527 */ 00528 int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, 00529 size_t buflen ); 00530 00531 /** 00532 * \brief Export X into unsigned binary data, little endian. 00533 * Always fills the whole buffer, which will end with zeros 00534 * if the number is smaller. 00535 * 00536 * \param X The source MPI. This must point to an initialized MPI. 00537 * \param buf The output buffer. This must be a writable buffer of length 00538 * \p buflen Bytes. 00539 * \param buflen The size of the output buffer \p buf in Bytes. 00540 * 00541 * \return \c 0 if successful. 00542 * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't 00543 * large enough to hold the value of \p X. 00544 * \return Another negative error code on different kinds of failure. 00545 */ 00546 int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X, 00547 unsigned char *buf, size_t buflen ); 00548 00549 /** 00550 * \brief Perform a left-shift on an MPI: X <<= count 00551 * 00552 * \param X The MPI to shift. This must point to an initialized MPI. 00553 * \param count The number of bits to shift by. 00554 * 00555 * \return \c 0 if successful. 00556 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00557 * \return Another negative error code on different kinds of failure. 00558 */ 00559 int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ); 00560 00561 /** 00562 * \brief Perform a right-shift on an MPI: X >>= count 00563 * 00564 * \param X The MPI to shift. This must point to an initialized MPI. 00565 * \param count The number of bits to shift by. 00566 * 00567 * \return \c 0 if successful. 00568 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00569 * \return Another negative error code on different kinds of failure. 00570 */ 00571 int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ); 00572 00573 /** 00574 * \brief Compare the absolute values of two MPIs. 00575 * 00576 * \param X The left-hand MPI. This must point to an initialized MPI. 00577 * \param Y The right-hand MPI. This must point to an initialized MPI. 00578 * 00579 * \return \c 1 if `|X|` is greater than `|Y|`. 00580 * \return \c -1 if `|X|` is lesser than `|Y|`. 00581 * \return \c 0 if `|X|` is equal to `|Y|`. 00582 */ 00583 int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ); 00584 00585 /** 00586 * \brief Compare two MPIs. 00587 * 00588 * \param X The left-hand MPI. This must point to an initialized MPI. 00589 * \param Y The right-hand MPI. This must point to an initialized MPI. 00590 * 00591 * \return \c 1 if \p X is greater than \p Y. 00592 * \return \c -1 if \p X is lesser than \p Y. 00593 * \return \c 0 if \p X is equal to \p Y. 00594 */ 00595 int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ); 00596 00597 /** 00598 * \brief Compare an MPI with an integer. 00599 * 00600 * \param X The left-hand MPI. This must point to an initialized MPI. 00601 * \param z The integer value to compare \p X to. 00602 * 00603 * \return \c 1 if \p X is greater than \p z. 00604 * \return \c -1 if \p X is lesser than \p z. 00605 * \return \c 0 if \p X is equal to \p z. 00606 */ 00607 int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ); 00608 00609 /** 00610 * \brief Perform an unsigned addition of MPIs: X = |A| + |B| 00611 * 00612 * \param X The destination MPI. This must point to an initialized MPI. 00613 * \param A The first summand. This must point to an initialized MPI. 00614 * \param B The second summand. This must point to an initialized MPI. 00615 * 00616 * \return \c 0 if successful. 00617 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00618 * \return Another negative error code on different kinds of failure. 00619 */ 00620 int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, 00621 const mbedtls_mpi *B ); 00622 00623 /** 00624 * \brief Perform an unsigned subtraction of MPIs: X = |A| - |B| 00625 * 00626 * \param X The destination MPI. This must point to an initialized MPI. 00627 * \param A The minuend. This must point to an initialized MPI. 00628 * \param B The subtrahend. This must point to an initialized MPI. 00629 * 00630 * \return \c 0 if successful. 00631 * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A. 00632 * \return Another negative error code on different kinds of failure. 00633 * 00634 */ 00635 int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, 00636 const mbedtls_mpi *B ); 00637 00638 /** 00639 * \brief Perform a signed addition of MPIs: X = A + B 00640 * 00641 * \param X The destination MPI. This must point to an initialized MPI. 00642 * \param A The first summand. This must point to an initialized MPI. 00643 * \param B The second summand. This must point to an initialized MPI. 00644 * 00645 * \return \c 0 if successful. 00646 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00647 * \return Another negative error code on different kinds of failure. 00648 */ 00649 int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, 00650 const mbedtls_mpi *B ); 00651 00652 /** 00653 * \brief Perform a signed subtraction of MPIs: X = A - B 00654 * 00655 * \param X The destination MPI. This must point to an initialized MPI. 00656 * \param A The minuend. This must point to an initialized MPI. 00657 * \param B The subtrahend. This must point to an initialized MPI. 00658 * 00659 * \return \c 0 if successful. 00660 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00661 * \return Another negative error code on different kinds of failure. 00662 */ 00663 int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, 00664 const mbedtls_mpi *B ); 00665 00666 /** 00667 * \brief Perform a signed addition of an MPI and an integer: X = A + b 00668 * 00669 * \param X The destination MPI. This must point to an initialized MPI. 00670 * \param A The first summand. This must point to an initialized MPI. 00671 * \param b The second summand. 00672 * 00673 * \return \c 0 if successful. 00674 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00675 * \return Another negative error code on different kinds of failure. 00676 */ 00677 int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, 00678 mbedtls_mpi_sint b ); 00679 00680 /** 00681 * \brief Perform a signed subtraction of an MPI and an integer: 00682 * X = A - b 00683 * 00684 * \param X The destination MPI. This must point to an initialized MPI. 00685 * \param A The minuend. This must point to an initialized MPI. 00686 * \param b The subtrahend. 00687 * 00688 * \return \c 0 if successful. 00689 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00690 * \return Another negative error code on different kinds of failure. 00691 */ 00692 int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, 00693 mbedtls_mpi_sint b ); 00694 00695 /** 00696 * \brief Perform a multiplication of two MPIs: X = A * B 00697 * 00698 * \param X The destination MPI. This must point to an initialized MPI. 00699 * \param A The first factor. This must point to an initialized MPI. 00700 * \param B The second factor. This must point to an initialized MPI. 00701 * 00702 * \return \c 0 if successful. 00703 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00704 * \return Another negative error code on different kinds of failure. 00705 * 00706 */ 00707 int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, 00708 const mbedtls_mpi *B ); 00709 00710 /** 00711 * \brief Perform a multiplication of an MPI with an unsigned integer: 00712 * X = A * b 00713 * 00714 * \param X The destination MPI. This must point to an initialized MPI. 00715 * \param A The first factor. This must point to an initialized MPI. 00716 * \param b The second factor. 00717 * 00718 * \return \c 0 if successful. 00719 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00720 * \return Another negative error code on different kinds of failure. 00721 * 00722 */ 00723 int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, 00724 mbedtls_mpi_uint b ); 00725 00726 /** 00727 * \brief Perform a division with remainder of two MPIs: 00728 * A = Q * B + R 00729 * 00730 * \param Q The destination MPI for the quotient. 00731 * This may be \c NULL if the value of the 00732 * quotient is not needed. 00733 * \param R The destination MPI for the remainder value. 00734 * This may be \c NULL if the value of the 00735 * remainder is not needed. 00736 * \param A The dividend. This must point to an initialized MPi. 00737 * \param B The divisor. This must point to an initialized MPI. 00738 * 00739 * \return \c 0 if successful. 00740 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 00741 * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero. 00742 * \return Another negative error code on different kinds of failure. 00743 */ 00744 int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, 00745 const mbedtls_mpi *B ); 00746 00747 /** 00748 * \brief Perform a division with remainder of an MPI by an integer: 00749 * A = Q * b + R 00750 * 00751 * \param Q The destination MPI for the quotient. 00752 * This may be \c NULL if the value of the 00753 * quotient is not needed. 00754 * \param R The destination MPI for the remainder value. 00755 * This may be \c NULL if the value of the 00756 * remainder is not needed. 00757 * \param A The dividend. This must point to an initialized MPi. 00758 * \param b The divisor. 00759 * 00760 * \return \c 0 if successful. 00761 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. 00762 * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero. 00763 * \return Another negative error code on different kinds of failure. 00764 */ 00765 int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, 00766 mbedtls_mpi_sint b ); 00767 00768 /** 00769 * \brief Perform a modular reduction. R = A mod B 00770 * 00771 * \param R The destination MPI for the residue value. 00772 * This must point to an initialized MPI. 00773 * \param A The MPI to compute the residue of. 00774 * This must point to an initialized MPI. 00775 * \param B The base of the modular reduction. 00776 * This must point to an initialized MPI. 00777 * 00778 * \return \c 0 if successful. 00779 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00780 * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero. 00781 * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative. 00782 * \return Another negative error code on different kinds of failure. 00783 * 00784 */ 00785 int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, 00786 const mbedtls_mpi *B ); 00787 00788 /** 00789 * \brief Perform a modular reduction with respect to an integer. 00790 * r = A mod b 00791 * 00792 * \param r The address at which to store the residue. 00793 * This must not be \c NULL. 00794 * \param A The MPI to compute the residue of. 00795 * This must point to an initialized MPi. 00796 * \param b The integer base of the modular reduction. 00797 * 00798 * \return \c 0 if successful. 00799 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00800 * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero. 00801 * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative. 00802 * \return Another negative error code on different kinds of failure. 00803 */ 00804 int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, 00805 mbedtls_mpi_sint b ); 00806 00807 /** 00808 * \brief Perform a sliding-window exponentiation: X = A^E mod N 00809 * 00810 * \param X The destination MPI. This must point to an initialized MPI. 00811 * \param A The base of the exponentiation. 00812 * This must point to an initialized MPI. 00813 * \param E The exponent MPI. This must point to an initialized MPI. 00814 * \param N The base for the modular reduction. This must point to an 00815 * initialized MPI. 00816 * \param _RR A helper MPI depending solely on \p N which can be used to 00817 * speed-up multiple modular exponentiations for the same value 00818 * of \p N. This may be \c NULL. If it is not \c NULL, it must 00819 * point to an initialized MPI. If it hasn't been used after 00820 * the call to mbedtls_mpi_init(), this function will compute 00821 * the helper value and store it in \p _RR for reuse on 00822 * subsequent calls to this function. Otherwise, the function 00823 * will assume that \p _RR holds the helper value set by a 00824 * previous call to mbedtls_mpi_exp_mod(), and reuse it. 00825 * 00826 * \return \c 0 if successful. 00827 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00828 * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or 00829 * even, or if \c E is negative. 00830 * \return Another negative error code on different kinds of failures. 00831 * 00832 */ 00833 int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, 00834 const mbedtls_mpi *E, const mbedtls_mpi *N, 00835 mbedtls_mpi *_RR ); 00836 00837 /** 00838 * \brief Fill an MPI with a number of random bytes. 00839 * 00840 * \param X The destination MPI. This must point to an initialized MPI. 00841 * \param size The number of random bytes to generate. 00842 * \param f_rng The RNG function to use. This must not be \c NULL. 00843 * \param p_rng The RNG parameter to be passed to \p f_rng. This may be 00844 * \c NULL if \p f_rng doesn't need a context argument. 00845 * 00846 * \return \c 0 if successful. 00847 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00848 * \return Another negative error code on failure. 00849 * 00850 * \note The bytes obtained from the RNG are interpreted 00851 * as a big-endian representation of an MPI; this can 00852 * be relevant in applications like deterministic ECDSA. 00853 */ 00854 int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, 00855 int (*f_rng)(void *, unsigned char *, size_t), 00856 void *p_rng ); 00857 00858 /** 00859 * \brief Compute the greatest common divisor: G = gcd(A, B) 00860 * 00861 * \param G The destination MPI. This must point to an initialized MPI. 00862 * \param A The first operand. This must point to an initialized MPI. 00863 * \param B The second operand. This must point to an initialized MPI. 00864 * 00865 * \return \c 0 if successful. 00866 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00867 * \return Another negative error code on different kinds of failure. 00868 */ 00869 int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, 00870 const mbedtls_mpi *B ); 00871 00872 /** 00873 * \brief Compute the modular inverse: X = A^-1 mod N 00874 * 00875 * \param X The destination MPI. This must point to an initialized MPI. 00876 * \param A The MPI to calculate the modular inverse of. This must point 00877 * to an initialized MPI. 00878 * \param N The base of the modular inversion. This must point to an 00879 * initialized MPI. 00880 * 00881 * \return \c 0 if successful. 00882 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00883 * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than 00884 * or equal to one. 00885 * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse 00886 * with respect to \p N. 00887 */ 00888 int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, 00889 const mbedtls_mpi *N ); 00890 00891 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 00892 #if defined(MBEDTLS_DEPRECATED_WARNING) 00893 #define MBEDTLS_DEPRECATED __attribute__((deprecated)) 00894 #else 00895 #define MBEDTLS_DEPRECATED 00896 #endif 00897 /** 00898 * \brief Perform a Miller-Rabin primality test with error 00899 * probability of 2<sup>-80</sup>. 00900 * 00901 * \deprecated Superseded by mbedtls_mpi_is_prime_ext() which allows 00902 * specifying the number of Miller-Rabin rounds. 00903 * 00904 * \param X The MPI to check for primality. 00905 * This must point to an initialized MPI. 00906 * \param f_rng The RNG function to use. This must not be \c NULL. 00907 * \param p_rng The RNG parameter to be passed to \p f_rng. 00908 * This may be \c NULL if \p f_rng doesn't use a 00909 * context parameter. 00910 * 00911 * \return \c 0 if successful, i.e. \p X is probably prime. 00912 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00913 * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime. 00914 * \return Another negative error code on other kinds of failure. 00915 */ 00916 MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X, 00917 int (*f_rng)(void *, unsigned char *, size_t), 00918 void *p_rng ); 00919 #undef MBEDTLS_DEPRECATED 00920 #endif /* !MBEDTLS_DEPRECATED_REMOVED */ 00921 00922 /** 00923 * \brief Miller-Rabin primality test. 00924 * 00925 * \warning If \p X is potentially generated by an adversary, for example 00926 * when validating cryptographic parameters that you didn't 00927 * generate yourself and that are supposed to be prime, then 00928 * \p rounds should be at least the half of the security 00929 * strength of the cryptographic algorithm. On the other hand, 00930 * if \p X is chosen uniformly or non-adversially (as is the 00931 * case when mbedtls_mpi_gen_prime calls this function), then 00932 * \p rounds can be much lower. 00933 * 00934 * \param X The MPI to check for primality. 00935 * This must point to an initialized MPI. 00936 * \param rounds The number of bases to perform the Miller-Rabin primality 00937 * test for. The probability of returning 0 on a composite is 00938 * at most 2<sup>-2*\p rounds</sup>. 00939 * \param f_rng The RNG function to use. This must not be \c NULL. 00940 * \param p_rng The RNG parameter to be passed to \p f_rng. 00941 * This may be \c NULL if \p f_rng doesn't use 00942 * a context parameter. 00943 * 00944 * \return \c 0 if successful, i.e. \p X is probably prime. 00945 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00946 * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime. 00947 * \return Another negative error code on other kinds of failure. 00948 */ 00949 int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, 00950 int (*f_rng)(void *, unsigned char *, size_t), 00951 void *p_rng ); 00952 /** 00953 * \brief Flags for mbedtls_mpi_gen_prime() 00954 * 00955 * Each of these flags is a constraint on the result X returned by 00956 * mbedtls_mpi_gen_prime(). 00957 */ 00958 typedef enum { 00959 MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */ 00960 MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2<sup>-80</sup> to 2<sup>-128</sup> */ 00961 } mbedtls_mpi_gen_prime_flag_t; 00962 00963 /** 00964 * \brief Generate a prime number. 00965 * 00966 * \param X The destination MPI to store the generated prime in. 00967 * This must point to an initialized MPi. 00968 * \param nbits The required size of the destination MPI in bits. 00969 * This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS. 00970 * \param flags A mask of flags of type #mbedtls_mpi_gen_prime_flag_t. 00971 * \param f_rng The RNG function to use. This must not be \c NULL. 00972 * \param p_rng The RNG parameter to be passed to \p f_rng. 00973 * This may be \c NULL if \p f_rng doesn't use 00974 * a context parameter. 00975 * 00976 * \return \c 0 if successful, in which case \p X holds a 00977 * probably prime number. 00978 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. 00979 * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between 00980 * \c 3 and #MBEDTLS_MPI_MAX_BITS. 00981 */ 00982 int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, 00983 int (*f_rng)(void *, unsigned char *, size_t), 00984 void *p_rng ); 00985 00986 #if defined(MBEDTLS_SELF_TEST) 00987 00988 /** 00989 * \brief Checkup routine 00990 * 00991 * \return 0 if successful, or 1 if the test failed 00992 */ 00993 int mbedtls_mpi_self_test( int verbose ); 00994 00995 #endif /* MBEDTLS_SELF_TEST */ 00996 00997 #ifdef __cplusplus 00998 } 00999 #endif 01000 01001 #endif /* bignum.h */
Generated on Tue Jul 12 2022 13:54:03 by
1.7.2