Austin Blackstone / Mbed 2 deprecated client-lwip-lightswitch-demo-expanded

mbed client lightswitch demo

Dependencies:   mbed Socket lwip-eth lwip-sys lwip

Fork of mbed-client-classic-example-lwip by Austin Blackstone

mbedtls/source/bignum.c@11:cada08fc8a70, 2016-06-09 (annotated)

Committer:
mbedAustin
Date:
Thu Jun 09 17:08:36 2016 +0000
Revision:
11:cada08fc8a70
Commit for public Consumption

Who changed what in which revision?

UserRevisionLine numberNew contents of line
mbedAustin 11:cada08fc8a70 1 /*
mbedAustin 11:cada08fc8a70 2 * Multi-precision integer library
mbedAustin 11:cada08fc8a70 3 *
mbedAustin 11:cada08fc8a70 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
mbedAustin 11:cada08fc8a70 5 * SPDX-License-Identifier: Apache-2.0
mbedAustin 11:cada08fc8a70 6 *
mbedAustin 11:cada08fc8a70 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
mbedAustin 11:cada08fc8a70 8 * not use this file except in compliance with the License.
mbedAustin 11:cada08fc8a70 9 * You may obtain a copy of the License at
mbedAustin 11:cada08fc8a70 10 *
mbedAustin 11:cada08fc8a70 11 * http://www.apache.org/licenses/LICENSE-2.0
mbedAustin 11:cada08fc8a70 12 *
mbedAustin 11:cada08fc8a70 13 * Unless required by applicable law or agreed to in writing, software
mbedAustin 11:cada08fc8a70 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
mbedAustin 11:cada08fc8a70 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
mbedAustin 11:cada08fc8a70 16 * See the License for the specific language governing permissions and
mbedAustin 11:cada08fc8a70 17 * limitations under the License.
mbedAustin 11:cada08fc8a70 18 *
mbedAustin 11:cada08fc8a70 19 * This file is part of mbed TLS (https://tls.mbed.org)
mbedAustin 11:cada08fc8a70 20 */
mbedAustin 11:cada08fc8a70 21 /*
mbedAustin 11:cada08fc8a70 22 * This MPI implementation is based on:
mbedAustin 11:cada08fc8a70 23 *
mbedAustin 11:cada08fc8a70 24 * http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf
mbedAustin 11:cada08fc8a70 25 * http://www.stillhq.com/extracted/gnupg-api/mpi/
mbedAustin 11:cada08fc8a70 26 * http://math.libtomcrypt.com/files/tommath.pdf
mbedAustin 11:cada08fc8a70 27 */
mbedAustin 11:cada08fc8a70 28
mbedAustin 11:cada08fc8a70 29 #if !defined(MBEDTLS_CONFIG_FILE)
mbedAustin 11:cada08fc8a70 30 #include "mbedtls/config.h"
mbedAustin 11:cada08fc8a70 31 #else
mbedAustin 11:cada08fc8a70 32 #include MBEDTLS_CONFIG_FILE
mbedAustin 11:cada08fc8a70 33 #endif
mbedAustin 11:cada08fc8a70 34
mbedAustin 11:cada08fc8a70 35 #if defined(MBEDTLS_BIGNUM_C)
mbedAustin 11:cada08fc8a70 36
mbedAustin 11:cada08fc8a70 37 #include "mbedtls/bignum.h"
mbedAustin 11:cada08fc8a70 38 #include "mbedtls/bn_mul.h"
mbedAustin 11:cada08fc8a70 39
mbedAustin 11:cada08fc8a70 40 #include <string.h>
mbedAustin 11:cada08fc8a70 41
mbedAustin 11:cada08fc8a70 42 #if defined(MBEDTLS_PLATFORM_C)
mbedAustin 11:cada08fc8a70 43 #include "mbedtls/platform.h"
mbedAustin 11:cada08fc8a70 44 #else
mbedAustin 11:cada08fc8a70 45 #include <stdio.h>
mbedAustin 11:cada08fc8a70 46 #include <stdlib.h>
mbedAustin 11:cada08fc8a70 47 #define mbedtls_printf printf
mbedAustin 11:cada08fc8a70 48 #define mbedtls_calloc calloc
mbedAustin 11:cada08fc8a70 49 #define mbedtls_free free
mbedAustin 11:cada08fc8a70 50 #endif
mbedAustin 11:cada08fc8a70 51
mbedAustin 11:cada08fc8a70 52 /* Implementation that should never be optimized out by the compiler */
mbedAustin 11:cada08fc8a70 53 static void mbedtls_zeroize( void *v, size_t n ) {
mbedAustin 11:cada08fc8a70 54 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
mbedAustin 11:cada08fc8a70 55 }
mbedAustin 11:cada08fc8a70 56
mbedAustin 11:cada08fc8a70 57 #define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
mbedAustin 11:cada08fc8a70 58 #define biL (ciL << 3) /* bits in limb */
mbedAustin 11:cada08fc8a70 59 #define biH (ciL << 2) /* half limb size */
mbedAustin 11:cada08fc8a70 60
mbedAustin 11:cada08fc8a70 61 #define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
mbedAustin 11:cada08fc8a70 62
mbedAustin 11:cada08fc8a70 63 /*
mbedAustin 11:cada08fc8a70 64 * Convert between bits/chars and number of limbs
mbedAustin 11:cada08fc8a70 65 * Divide first in order to avoid potential overflows
mbedAustin 11:cada08fc8a70 66 */
mbedAustin 11:cada08fc8a70 67 #define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) )
mbedAustin 11:cada08fc8a70 68 #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
mbedAustin 11:cada08fc8a70 69
mbedAustin 11:cada08fc8a70 70 /*
mbedAustin 11:cada08fc8a70 71 * Initialize one MPI
mbedAustin 11:cada08fc8a70 72 */
mbedAustin 11:cada08fc8a70 73 void mbedtls_mpi_init( mbedtls_mpi *X )
mbedAustin 11:cada08fc8a70 74 {
mbedAustin 11:cada08fc8a70 75 if( X == NULL )
mbedAustin 11:cada08fc8a70 76 return;
mbedAustin 11:cada08fc8a70 77
mbedAustin 11:cada08fc8a70 78 X->s = 1;
mbedAustin 11:cada08fc8a70 79 X->n = 0;
mbedAustin 11:cada08fc8a70 80 X->p = NULL;
mbedAustin 11:cada08fc8a70 81 }
mbedAustin 11:cada08fc8a70 82
mbedAustin 11:cada08fc8a70 83 /*
mbedAustin 11:cada08fc8a70 84 * Unallocate one MPI
mbedAustin 11:cada08fc8a70 85 */
mbedAustin 11:cada08fc8a70 86 void mbedtls_mpi_free( mbedtls_mpi *X )
mbedAustin 11:cada08fc8a70 87 {
mbedAustin 11:cada08fc8a70 88 if( X == NULL )
mbedAustin 11:cada08fc8a70 89 return;
mbedAustin 11:cada08fc8a70 90
mbedAustin 11:cada08fc8a70 91 if( X->p != NULL )
mbedAustin 11:cada08fc8a70 92 {
mbedAustin 11:cada08fc8a70 93 mbedtls_zeroize( X->p, X->n * ciL );
mbedAustin 11:cada08fc8a70 94 mbedtls_free( X->p );
mbedAustin 11:cada08fc8a70 95 }
mbedAustin 11:cada08fc8a70 96
mbedAustin 11:cada08fc8a70 97 X->s = 1;
mbedAustin 11:cada08fc8a70 98 X->n = 0;
mbedAustin 11:cada08fc8a70 99 X->p = NULL;
mbedAustin 11:cada08fc8a70 100 }
mbedAustin 11:cada08fc8a70 101
mbedAustin 11:cada08fc8a70 102 /*
mbedAustin 11:cada08fc8a70 103 * Enlarge to the specified number of limbs
mbedAustin 11:cada08fc8a70 104 */
mbedAustin 11:cada08fc8a70 105 int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
mbedAustin 11:cada08fc8a70 106 {
mbedAustin 11:cada08fc8a70 107 mbedtls_mpi_uint *p;
mbedAustin 11:cada08fc8a70 108
mbedAustin 11:cada08fc8a70 109 if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
mbedAustin 11:cada08fc8a70 110 return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
mbedAustin 11:cada08fc8a70 111
mbedAustin 11:cada08fc8a70 112 if( X->n < nblimbs )
mbedAustin 11:cada08fc8a70 113 {
mbedAustin 11:cada08fc8a70 114 if( ( p = mbedtls_calloc( nblimbs, ciL ) ) == NULL )
mbedAustin 11:cada08fc8a70 115 return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
mbedAustin 11:cada08fc8a70 116
mbedAustin 11:cada08fc8a70 117 if( X->p != NULL )
mbedAustin 11:cada08fc8a70 118 {
mbedAustin 11:cada08fc8a70 119 memcpy( p, X->p, X->n * ciL );
mbedAustin 11:cada08fc8a70 120 mbedtls_zeroize( X->p, X->n * ciL );
mbedAustin 11:cada08fc8a70 121 mbedtls_free( X->p );
mbedAustin 11:cada08fc8a70 122 }
mbedAustin 11:cada08fc8a70 123
mbedAustin 11:cada08fc8a70 124 X->n = nblimbs;
mbedAustin 11:cada08fc8a70 125 X->p = p;
mbedAustin 11:cada08fc8a70 126 }
mbedAustin 11:cada08fc8a70 127
mbedAustin 11:cada08fc8a70 128 return( 0 );
mbedAustin 11:cada08fc8a70 129 }
mbedAustin 11:cada08fc8a70 130
mbedAustin 11:cada08fc8a70 131 /*
mbedAustin 11:cada08fc8a70 132 * Resize down as much as possible,
mbedAustin 11:cada08fc8a70 133 * while keeping at least the specified number of limbs
mbedAustin 11:cada08fc8a70 134 */
mbedAustin 11:cada08fc8a70 135 int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
mbedAustin 11:cada08fc8a70 136 {
mbedAustin 11:cada08fc8a70 137 mbedtls_mpi_uint *p;
mbedAustin 11:cada08fc8a70 138 size_t i;
mbedAustin 11:cada08fc8a70 139
mbedAustin 11:cada08fc8a70 140 /* Actually resize up in this case */
mbedAustin 11:cada08fc8a70 141 if( X->n <= nblimbs )
mbedAustin 11:cada08fc8a70 142 return( mbedtls_mpi_grow( X, nblimbs ) );
mbedAustin 11:cada08fc8a70 143
mbedAustin 11:cada08fc8a70 144 for( i = X->n - 1; i > 0; i-- )
mbedAustin 11:cada08fc8a70 145 if( X->p[i] != 0 )
mbedAustin 11:cada08fc8a70 146 break;
mbedAustin 11:cada08fc8a70 147 i++;
mbedAustin 11:cada08fc8a70 148
mbedAustin 11:cada08fc8a70 149 if( i < nblimbs )
mbedAustin 11:cada08fc8a70 150 i = nblimbs;
mbedAustin 11:cada08fc8a70 151
mbedAustin 11:cada08fc8a70 152 if( ( p = mbedtls_calloc( i, ciL ) ) == NULL )
mbedAustin 11:cada08fc8a70 153 return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
mbedAustin 11:cada08fc8a70 154
mbedAustin 11:cada08fc8a70 155 if( X->p != NULL )
mbedAustin 11:cada08fc8a70 156 {
mbedAustin 11:cada08fc8a70 157 memcpy( p, X->p, i * ciL );
mbedAustin 11:cada08fc8a70 158 mbedtls_zeroize( X->p, X->n * ciL );
mbedAustin 11:cada08fc8a70 159 mbedtls_free( X->p );
mbedAustin 11:cada08fc8a70 160 }
mbedAustin 11:cada08fc8a70 161
mbedAustin 11:cada08fc8a70 162 X->n = i;
mbedAustin 11:cada08fc8a70 163 X->p = p;
mbedAustin 11:cada08fc8a70 164
mbedAustin 11:cada08fc8a70 165 return( 0 );
mbedAustin 11:cada08fc8a70 166 }
mbedAustin 11:cada08fc8a70 167
mbedAustin 11:cada08fc8a70 168 /*
mbedAustin 11:cada08fc8a70 169 * Copy the contents of Y into X
mbedAustin 11:cada08fc8a70 170 */
mbedAustin 11:cada08fc8a70 171 int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
mbedAustin 11:cada08fc8a70 172 {
mbedAustin 11:cada08fc8a70 173 int ret;
mbedAustin 11:cada08fc8a70 174 size_t i;
mbedAustin 11:cada08fc8a70 175
mbedAustin 11:cada08fc8a70 176 if( X == Y )
mbedAustin 11:cada08fc8a70 177 return( 0 );
mbedAustin 11:cada08fc8a70 178
mbedAustin 11:cada08fc8a70 179 if( Y->p == NULL )
mbedAustin 11:cada08fc8a70 180 {
mbedAustin 11:cada08fc8a70 181 mbedtls_mpi_free( X );
mbedAustin 11:cada08fc8a70 182 return( 0 );
mbedAustin 11:cada08fc8a70 183 }
mbedAustin 11:cada08fc8a70 184
mbedAustin 11:cada08fc8a70 185 for( i = Y->n - 1; i > 0; i-- )
mbedAustin 11:cada08fc8a70 186 if( Y->p[i] != 0 )
mbedAustin 11:cada08fc8a70 187 break;
mbedAustin 11:cada08fc8a70 188 i++;
mbedAustin 11:cada08fc8a70 189
mbedAustin 11:cada08fc8a70 190 X->s = Y->s;
mbedAustin 11:cada08fc8a70 191
mbedAustin 11:cada08fc8a70 192 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) );
mbedAustin 11:cada08fc8a70 193
mbedAustin 11:cada08fc8a70 194 memset( X->p, 0, X->n * ciL );
mbedAustin 11:cada08fc8a70 195 memcpy( X->p, Y->p, i * ciL );
mbedAustin 11:cada08fc8a70 196
mbedAustin 11:cada08fc8a70 197 cleanup:
mbedAustin 11:cada08fc8a70 198
mbedAustin 11:cada08fc8a70 199 return( ret );
mbedAustin 11:cada08fc8a70 200 }
mbedAustin 11:cada08fc8a70 201
mbedAustin 11:cada08fc8a70 202 /*
mbedAustin 11:cada08fc8a70 203 * Swap the contents of X and Y
mbedAustin 11:cada08fc8a70 204 */
mbedAustin 11:cada08fc8a70 205 void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
mbedAustin 11:cada08fc8a70 206 {
mbedAustin 11:cada08fc8a70 207 mbedtls_mpi T;
mbedAustin 11:cada08fc8a70 208
mbedAustin 11:cada08fc8a70 209 memcpy( &T, X, sizeof( mbedtls_mpi ) );
mbedAustin 11:cada08fc8a70 210 memcpy( X, Y, sizeof( mbedtls_mpi ) );
mbedAustin 11:cada08fc8a70 211 memcpy( Y, &T, sizeof( mbedtls_mpi ) );
mbedAustin 11:cada08fc8a70 212 }
mbedAustin 11:cada08fc8a70 213
mbedAustin 11:cada08fc8a70 214 /*
mbedAustin 11:cada08fc8a70 215 * Conditionally assign X = Y, without leaking information
mbedAustin 11:cada08fc8a70 216 * about whether the assignment was made or not.
mbedAustin 11:cada08fc8a70 217 * (Leaking information about the respective sizes of X and Y is ok however.)
mbedAustin 11:cada08fc8a70 218 */
mbedAustin 11:cada08fc8a70 219 int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign )
mbedAustin 11:cada08fc8a70 220 {
mbedAustin 11:cada08fc8a70 221 int ret = 0;
mbedAustin 11:cada08fc8a70 222 size_t i;
mbedAustin 11:cada08fc8a70 223
mbedAustin 11:cada08fc8a70 224 /* make sure assign is 0 or 1 in a time-constant manner */
mbedAustin 11:cada08fc8a70 225 assign = (assign | (unsigned char)-assign) >> 7;
mbedAustin 11:cada08fc8a70 226
mbedAustin 11:cada08fc8a70 227 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
mbedAustin 11:cada08fc8a70 228
mbedAustin 11:cada08fc8a70 229 X->s = X->s * ( 1 - assign ) + Y->s * assign;
mbedAustin 11:cada08fc8a70 230
mbedAustin 11:cada08fc8a70 231 for( i = 0; i < Y->n; i++ )
mbedAustin 11:cada08fc8a70 232 X->p[i] = X->p[i] * ( 1 - assign ) + Y->p[i] * assign;
mbedAustin 11:cada08fc8a70 233
mbedAustin 11:cada08fc8a70 234 for( ; i < X->n; i++ )
mbedAustin 11:cada08fc8a70 235 X->p[i] *= ( 1 - assign );
mbedAustin 11:cada08fc8a70 236
mbedAustin 11:cada08fc8a70 237 cleanup:
mbedAustin 11:cada08fc8a70 238 return( ret );
mbedAustin 11:cada08fc8a70 239 }
mbedAustin 11:cada08fc8a70 240
mbedAustin 11:cada08fc8a70 241 /*
mbedAustin 11:cada08fc8a70 242 * Conditionally swap X and Y, without leaking information
mbedAustin 11:cada08fc8a70 243 * about whether the swap was made or not.
mbedAustin 11:cada08fc8a70 244 * Here it is not ok to simply swap the pointers, which whould lead to
mbedAustin 11:cada08fc8a70 245 * different memory access patterns when X and Y are used afterwards.
mbedAustin 11:cada08fc8a70 246 */
mbedAustin 11:cada08fc8a70 247 int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap )
mbedAustin 11:cada08fc8a70 248 {
mbedAustin 11:cada08fc8a70 249 int ret, s;
mbedAustin 11:cada08fc8a70 250 size_t i;
mbedAustin 11:cada08fc8a70 251 mbedtls_mpi_uint tmp;
mbedAustin 11:cada08fc8a70 252
mbedAustin 11:cada08fc8a70 253 if( X == Y )
mbedAustin 11:cada08fc8a70 254 return( 0 );
mbedAustin 11:cada08fc8a70 255
mbedAustin 11:cada08fc8a70 256 /* make sure swap is 0 or 1 in a time-constant manner */
mbedAustin 11:cada08fc8a70 257 swap = (swap | (unsigned char)-swap) >> 7;
mbedAustin 11:cada08fc8a70 258
mbedAustin 11:cada08fc8a70 259 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
mbedAustin 11:cada08fc8a70 260 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) );
mbedAustin 11:cada08fc8a70 261
mbedAustin 11:cada08fc8a70 262 s = X->s;
mbedAustin 11:cada08fc8a70 263 X->s = X->s * ( 1 - swap ) + Y->s * swap;
mbedAustin 11:cada08fc8a70 264 Y->s = Y->s * ( 1 - swap ) + s * swap;
mbedAustin 11:cada08fc8a70 265
mbedAustin 11:cada08fc8a70 266
mbedAustin 11:cada08fc8a70 267 for( i = 0; i < X->n; i++ )
mbedAustin 11:cada08fc8a70 268 {
mbedAustin 11:cada08fc8a70 269 tmp = X->p[i];
mbedAustin 11:cada08fc8a70 270 X->p[i] = X->p[i] * ( 1 - swap ) + Y->p[i] * swap;
mbedAustin 11:cada08fc8a70 271 Y->p[i] = Y->p[i] * ( 1 - swap ) + tmp * swap;
mbedAustin 11:cada08fc8a70 272 }
mbedAustin 11:cada08fc8a70 273
mbedAustin 11:cada08fc8a70 274 cleanup:
mbedAustin 11:cada08fc8a70 275 return( ret );
mbedAustin 11:cada08fc8a70 276 }
mbedAustin 11:cada08fc8a70 277
mbedAustin 11:cada08fc8a70 278 /*
mbedAustin 11:cada08fc8a70 279 * Set value from integer
mbedAustin 11:cada08fc8a70 280 */
mbedAustin 11:cada08fc8a70 281 int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
mbedAustin 11:cada08fc8a70 282 {
mbedAustin 11:cada08fc8a70 283 int ret;
mbedAustin 11:cada08fc8a70 284
mbedAustin 11:cada08fc8a70 285 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
mbedAustin 11:cada08fc8a70 286 memset( X->p, 0, X->n * ciL );
mbedAustin 11:cada08fc8a70 287
mbedAustin 11:cada08fc8a70 288 X->p[0] = ( z < 0 ) ? -z : z;
mbedAustin 11:cada08fc8a70 289 X->s = ( z < 0 ) ? -1 : 1;
mbedAustin 11:cada08fc8a70 290
mbedAustin 11:cada08fc8a70 291 cleanup:
mbedAustin 11:cada08fc8a70 292
mbedAustin 11:cada08fc8a70 293 return( ret );
mbedAustin 11:cada08fc8a70 294 }
mbedAustin 11:cada08fc8a70 295
mbedAustin 11:cada08fc8a70 296 /*
mbedAustin 11:cada08fc8a70 297 * Get a specific bit
mbedAustin 11:cada08fc8a70 298 */
mbedAustin 11:cada08fc8a70 299 int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos )
mbedAustin 11:cada08fc8a70 300 {
mbedAustin 11:cada08fc8a70 301 if( X->n * biL <= pos )
mbedAustin 11:cada08fc8a70 302 return( 0 );
mbedAustin 11:cada08fc8a70 303
mbedAustin 11:cada08fc8a70 304 return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 );
mbedAustin 11:cada08fc8a70 305 }
mbedAustin 11:cada08fc8a70 306
mbedAustin 11:cada08fc8a70 307 /*
mbedAustin 11:cada08fc8a70 308 * Set a bit to a specific value of 0 or 1
mbedAustin 11:cada08fc8a70 309 */
mbedAustin 11:cada08fc8a70 310 int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val )
mbedAustin 11:cada08fc8a70 311 {
mbedAustin 11:cada08fc8a70 312 int ret = 0;
mbedAustin 11:cada08fc8a70 313 size_t off = pos / biL;
mbedAustin 11:cada08fc8a70 314 size_t idx = pos % biL;
mbedAustin 11:cada08fc8a70 315
mbedAustin 11:cada08fc8a70 316 if( val != 0 && val != 1 )
mbedAustin 11:cada08fc8a70 317 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
mbedAustin 11:cada08fc8a70 318
mbedAustin 11:cada08fc8a70 319 if( X->n * biL <= pos )
mbedAustin 11:cada08fc8a70 320 {
mbedAustin 11:cada08fc8a70 321 if( val == 0 )
mbedAustin 11:cada08fc8a70 322 return( 0 );
mbedAustin 11:cada08fc8a70 323
mbedAustin 11:cada08fc8a70 324 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, off + 1 ) );
mbedAustin 11:cada08fc8a70 325 }
mbedAustin 11:cada08fc8a70 326
mbedAustin 11:cada08fc8a70 327 X->p[off] &= ~( (mbedtls_mpi_uint) 0x01 << idx );
mbedAustin 11:cada08fc8a70 328 X->p[off] |= (mbedtls_mpi_uint) val << idx;
mbedAustin 11:cada08fc8a70 329
mbedAustin 11:cada08fc8a70 330 cleanup:
mbedAustin 11:cada08fc8a70 331
mbedAustin 11:cada08fc8a70 332 return( ret );
mbedAustin 11:cada08fc8a70 333 }
mbedAustin 11:cada08fc8a70 334
mbedAustin 11:cada08fc8a70 335 /*
mbedAustin 11:cada08fc8a70 336 * Return the number of less significant zero-bits
mbedAustin 11:cada08fc8a70 337 */
mbedAustin 11:cada08fc8a70 338 size_t mbedtls_mpi_lsb( const mbedtls_mpi *X )
mbedAustin 11:cada08fc8a70 339 {
mbedAustin 11:cada08fc8a70 340 size_t i, j, count = 0;
mbedAustin 11:cada08fc8a70 341
mbedAustin 11:cada08fc8a70 342 for( i = 0; i < X->n; i++ )
mbedAustin 11:cada08fc8a70 343 for( j = 0; j < biL; j++, count++ )
mbedAustin 11:cada08fc8a70 344 if( ( ( X->p[i] >> j ) & 1 ) != 0 )
mbedAustin 11:cada08fc8a70 345 return( count );
mbedAustin 11:cada08fc8a70 346
mbedAustin 11:cada08fc8a70 347 return( 0 );
mbedAustin 11:cada08fc8a70 348 }
mbedAustin 11:cada08fc8a70 349
mbedAustin 11:cada08fc8a70 350 /*
mbedAustin 11:cada08fc8a70 351 * Return the number of bits
mbedAustin 11:cada08fc8a70 352 */
mbedAustin 11:cada08fc8a70 353 size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X )
mbedAustin 11:cada08fc8a70 354 {
mbedAustin 11:cada08fc8a70 355 size_t i, j;
mbedAustin 11:cada08fc8a70 356
mbedAustin 11:cada08fc8a70 357 if( X->n == 0 )
mbedAustin 11:cada08fc8a70 358 return( 0 );
mbedAustin 11:cada08fc8a70 359
mbedAustin 11:cada08fc8a70 360 for( i = X->n - 1; i > 0; i-- )
mbedAustin 11:cada08fc8a70 361 if( X->p[i] != 0 )
mbedAustin 11:cada08fc8a70 362 break;
mbedAustin 11:cada08fc8a70 363
mbedAustin 11:cada08fc8a70 364 for( j = biL; j > 0; j-- )
mbedAustin 11:cada08fc8a70 365 if( ( ( X->p[i] >> ( j - 1 ) ) & 1 ) != 0 )
mbedAustin 11:cada08fc8a70 366 break;
mbedAustin 11:cada08fc8a70 367
mbedAustin 11:cada08fc8a70 368 return( ( i * biL ) + j );
mbedAustin 11:cada08fc8a70 369 }
mbedAustin 11:cada08fc8a70 370
mbedAustin 11:cada08fc8a70 371 /*
mbedAustin 11:cada08fc8a70 372 * Return the total size in bytes
mbedAustin 11:cada08fc8a70 373 */
mbedAustin 11:cada08fc8a70 374 size_t mbedtls_mpi_size( const mbedtls_mpi *X )
mbedAustin 11:cada08fc8a70 375 {
mbedAustin 11:cada08fc8a70 376 return( ( mbedtls_mpi_bitlen( X ) + 7 ) >> 3 );
mbedAustin 11:cada08fc8a70 377 }
mbedAustin 11:cada08fc8a70 378
mbedAustin 11:cada08fc8a70 379 /*
mbedAustin 11:cada08fc8a70 380 * Convert an ASCII character to digit value
mbedAustin 11:cada08fc8a70 381 */
mbedAustin 11:cada08fc8a70 382 static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c )
mbedAustin 11:cada08fc8a70 383 {
mbedAustin 11:cada08fc8a70 384 *d = 255;
mbedAustin 11:cada08fc8a70 385
mbedAustin 11:cada08fc8a70 386 if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30;
mbedAustin 11:cada08fc8a70 387 if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37;
mbedAustin 11:cada08fc8a70 388 if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57;
mbedAustin 11:cada08fc8a70 389
mbedAustin 11:cada08fc8a70 390 if( *d >= (mbedtls_mpi_uint) radix )
mbedAustin 11:cada08fc8a70 391 return( MBEDTLS_ERR_MPI_INVALID_CHARACTER );
mbedAustin 11:cada08fc8a70 392
mbedAustin 11:cada08fc8a70 393 return( 0 );
mbedAustin 11:cada08fc8a70 394 }
mbedAustin 11:cada08fc8a70 395
mbedAustin 11:cada08fc8a70 396 /*
mbedAustin 11:cada08fc8a70 397 * Import from an ASCII string
mbedAustin 11:cada08fc8a70 398 */
mbedAustin 11:cada08fc8a70 399 int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
mbedAustin 11:cada08fc8a70 400 {
mbedAustin 11:cada08fc8a70 401 int ret;
mbedAustin 11:cada08fc8a70 402 size_t i, j, slen, n;
mbedAustin 11:cada08fc8a70 403 mbedtls_mpi_uint d;
mbedAustin 11:cada08fc8a70 404 mbedtls_mpi T;
mbedAustin 11:cada08fc8a70 405
mbedAustin 11:cada08fc8a70 406 if( radix < 2 || radix > 16 )
mbedAustin 11:cada08fc8a70 407 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
mbedAustin 11:cada08fc8a70 408
mbedAustin 11:cada08fc8a70 409 mbedtls_mpi_init( &T );
mbedAustin 11:cada08fc8a70 410
mbedAustin 11:cada08fc8a70 411 slen = strlen( s );
mbedAustin 11:cada08fc8a70 412
mbedAustin 11:cada08fc8a70 413 if( radix == 16 )
mbedAustin 11:cada08fc8a70 414 {
mbedAustin 11:cada08fc8a70 415 if( slen > MPI_SIZE_T_MAX >> 2 )
mbedAustin 11:cada08fc8a70 416 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
mbedAustin 11:cada08fc8a70 417
mbedAustin 11:cada08fc8a70 418 n = BITS_TO_LIMBS( slen << 2 );
mbedAustin 11:cada08fc8a70 419
mbedAustin 11:cada08fc8a70 420 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) );
mbedAustin 11:cada08fc8a70 421 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
mbedAustin 11:cada08fc8a70 422
mbedAustin 11:cada08fc8a70 423 for( i = slen, j = 0; i > 0; i--, j++ )
mbedAustin 11:cada08fc8a70 424 {
mbedAustin 11:cada08fc8a70 425 if( i == 1 && s[i - 1] == '-' )
mbedAustin 11:cada08fc8a70 426 {
mbedAustin 11:cada08fc8a70 427 X->s = -1;
mbedAustin 11:cada08fc8a70 428 break;
mbedAustin 11:cada08fc8a70 429 }
mbedAustin 11:cada08fc8a70 430
mbedAustin 11:cada08fc8a70 431 MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
mbedAustin 11:cada08fc8a70 432 X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
mbedAustin 11:cada08fc8a70 433 }
mbedAustin 11:cada08fc8a70 434 }
mbedAustin 11:cada08fc8a70 435 else
mbedAustin 11:cada08fc8a70 436 {
mbedAustin 11:cada08fc8a70 437 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
mbedAustin 11:cada08fc8a70 438
mbedAustin 11:cada08fc8a70 439 for( i = 0; i < slen; i++ )
mbedAustin 11:cada08fc8a70 440 {
mbedAustin 11:cada08fc8a70 441 if( i == 0 && s[i] == '-' )
mbedAustin 11:cada08fc8a70 442 {
mbedAustin 11:cada08fc8a70 443 X->s = -1;
mbedAustin 11:cada08fc8a70 444 continue;
mbedAustin 11:cada08fc8a70 445 }
mbedAustin 11:cada08fc8a70 446
mbedAustin 11:cada08fc8a70 447 MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
mbedAustin 11:cada08fc8a70 448 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) );
mbedAustin 11:cada08fc8a70 449
mbedAustin 11:cada08fc8a70 450 if( X->s == 1 )
mbedAustin 11:cada08fc8a70 451 {
mbedAustin 11:cada08fc8a70 452 MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
mbedAustin 11:cada08fc8a70 453 }
mbedAustin 11:cada08fc8a70 454 else
mbedAustin 11:cada08fc8a70 455 {
mbedAustin 11:cada08fc8a70 456 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, &T, d ) );
mbedAustin 11:cada08fc8a70 457 }
mbedAustin 11:cada08fc8a70 458 }
mbedAustin 11:cada08fc8a70 459 }
mbedAustin 11:cada08fc8a70 460
mbedAustin 11:cada08fc8a70 461 cleanup:
mbedAustin 11:cada08fc8a70 462
mbedAustin 11:cada08fc8a70 463 mbedtls_mpi_free( &T );
mbedAustin 11:cada08fc8a70 464
mbedAustin 11:cada08fc8a70 465 return( ret );
mbedAustin 11:cada08fc8a70 466 }
mbedAustin 11:cada08fc8a70 467
mbedAustin 11:cada08fc8a70 468 /*
mbedAustin 11:cada08fc8a70 469 * Helper to write the digits high-order first
mbedAustin 11:cada08fc8a70 470 */
mbedAustin 11:cada08fc8a70 471 static int mpi_write_hlp( mbedtls_mpi *X, int radix, char **p )
mbedAustin 11:cada08fc8a70 472 {
mbedAustin 11:cada08fc8a70 473 int ret;
mbedAustin 11:cada08fc8a70 474 mbedtls_mpi_uint r;
mbedAustin 11:cada08fc8a70 475
mbedAustin 11:cada08fc8a70 476 if( radix < 2 || radix > 16 )
mbedAustin 11:cada08fc8a70 477 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
mbedAustin 11:cada08fc8a70 478
mbedAustin 11:cada08fc8a70 479 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
mbedAustin 11:cada08fc8a70 480 MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
mbedAustin 11:cada08fc8a70 481
mbedAustin 11:cada08fc8a70 482 if( mbedtls_mpi_cmp_int( X, 0 ) != 0 )
mbedAustin 11:cada08fc8a70 483 MBEDTLS_MPI_CHK( mpi_write_hlp( X, radix, p ) );
mbedAustin 11:cada08fc8a70 484
mbedAustin 11:cada08fc8a70 485 if( r < 10 )
mbedAustin 11:cada08fc8a70 486 *(*p)++ = (char)( r + 0x30 );
mbedAustin 11:cada08fc8a70 487 else
mbedAustin 11:cada08fc8a70 488 *(*p)++ = (char)( r + 0x37 );
mbedAustin 11:cada08fc8a70 489
mbedAustin 11:cada08fc8a70 490 cleanup:
mbedAustin 11:cada08fc8a70 491
mbedAustin 11:cada08fc8a70 492 return( ret );
mbedAustin 11:cada08fc8a70 493 }
mbedAustin 11:cada08fc8a70 494
mbedAustin 11:cada08fc8a70 495 /*
mbedAustin 11:cada08fc8a70 496 * Export into an ASCII string
mbedAustin 11:cada08fc8a70 497 */
mbedAustin 11:cada08fc8a70 498 int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
mbedAustin 11:cada08fc8a70 499 char *buf, size_t buflen, size_t *olen )
mbedAustin 11:cada08fc8a70 500 {
mbedAustin 11:cada08fc8a70 501 int ret = 0;
mbedAustin 11:cada08fc8a70 502 size_t n;
mbedAustin 11:cada08fc8a70 503 char *p;
mbedAustin 11:cada08fc8a70 504 mbedtls_mpi T;
mbedAustin 11:cada08fc8a70 505
mbedAustin 11:cada08fc8a70 506 if( radix < 2 || radix > 16 )
mbedAustin 11:cada08fc8a70 507 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
mbedAustin 11:cada08fc8a70 508
mbedAustin 11:cada08fc8a70 509 n = mbedtls_mpi_bitlen( X );
mbedAustin 11:cada08fc8a70 510 if( radix >= 4 ) n >>= 1;
mbedAustin 11:cada08fc8a70 511 if( radix >= 16 ) n >>= 1;
mbedAustin 11:cada08fc8a70 512 n += 3;
mbedAustin 11:cada08fc8a70 513
mbedAustin 11:cada08fc8a70 514 if( buflen < n )
mbedAustin 11:cada08fc8a70 515 {
mbedAustin 11:cada08fc8a70 516 *olen = n;
mbedAustin 11:cada08fc8a70 517 return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
mbedAustin 11:cada08fc8a70 518 }
mbedAustin 11:cada08fc8a70 519
mbedAustin 11:cada08fc8a70 520 p = buf;
mbedAustin 11:cada08fc8a70 521 mbedtls_mpi_init( &T );
mbedAustin 11:cada08fc8a70 522
mbedAustin 11:cada08fc8a70 523 if( X->s == -1 )
mbedAustin 11:cada08fc8a70 524 *p++ = '-';
mbedAustin 11:cada08fc8a70 525
mbedAustin 11:cada08fc8a70 526 if( radix == 16 )
mbedAustin 11:cada08fc8a70 527 {
mbedAustin 11:cada08fc8a70 528 int c;
mbedAustin 11:cada08fc8a70 529 size_t i, j, k;
mbedAustin 11:cada08fc8a70 530
mbedAustin 11:cada08fc8a70 531 for( i = X->n, k = 0; i > 0; i-- )
mbedAustin 11:cada08fc8a70 532 {
mbedAustin 11:cada08fc8a70 533 for( j = ciL; j > 0; j-- )
mbedAustin 11:cada08fc8a70 534 {
mbedAustin 11:cada08fc8a70 535 c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF;
mbedAustin 11:cada08fc8a70 536
mbedAustin 11:cada08fc8a70 537 if( c == 0 && k == 0 && ( i + j ) != 2 )
mbedAustin 11:cada08fc8a70 538 continue;
mbedAustin 11:cada08fc8a70 539
mbedAustin 11:cada08fc8a70 540 *(p++) = "0123456789ABCDEF" [c / 16];
mbedAustin 11:cada08fc8a70 541 *(p++) = "0123456789ABCDEF" [c % 16];
mbedAustin 11:cada08fc8a70 542 k = 1;
mbedAustin 11:cada08fc8a70 543 }
mbedAustin 11:cada08fc8a70 544 }
mbedAustin 11:cada08fc8a70 545 }
mbedAustin 11:cada08fc8a70 546 else
mbedAustin 11:cada08fc8a70 547 {
mbedAustin 11:cada08fc8a70 548 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T, X ) );
mbedAustin 11:cada08fc8a70 549
mbedAustin 11:cada08fc8a70 550 if( T.s == -1 )
mbedAustin 11:cada08fc8a70 551 T.s = 1;
mbedAustin 11:cada08fc8a70 552
mbedAustin 11:cada08fc8a70 553 MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p ) );
mbedAustin 11:cada08fc8a70 554 }
mbedAustin 11:cada08fc8a70 555
mbedAustin 11:cada08fc8a70 556 *p++ = '\0';
mbedAustin 11:cada08fc8a70 557 *olen = p - buf;
mbedAustin 11:cada08fc8a70 558
mbedAustin 11:cada08fc8a70 559 cleanup:
mbedAustin 11:cada08fc8a70 560
mbedAustin 11:cada08fc8a70 561 mbedtls_mpi_free( &T );
mbedAustin 11:cada08fc8a70 562
mbedAustin 11:cada08fc8a70 563 return( ret );
mbedAustin 11:cada08fc8a70 564 }
mbedAustin 11:cada08fc8a70 565
mbedAustin 11:cada08fc8a70 566 #if defined(MBEDTLS_FS_IO)
mbedAustin 11:cada08fc8a70 567 /*
mbedAustin 11:cada08fc8a70 568 * Read X from an opened file
mbedAustin 11:cada08fc8a70 569 */
mbedAustin 11:cada08fc8a70 570 int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin )
mbedAustin 11:cada08fc8a70 571 {
mbedAustin 11:cada08fc8a70 572 mbedtls_mpi_uint d;
mbedAustin 11:cada08fc8a70 573 size_t slen;
mbedAustin 11:cada08fc8a70 574 char *p;
mbedAustin 11:cada08fc8a70 575 /*
mbedAustin 11:cada08fc8a70 576 * Buffer should have space for (short) label and decimal formatted MPI,
mbedAustin 11:cada08fc8a70 577 * newline characters and '\0'
mbedAustin 11:cada08fc8a70 578 */
mbedAustin 11:cada08fc8a70 579 char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
mbedAustin 11:cada08fc8a70 580
mbedAustin 11:cada08fc8a70 581 memset( s, 0, sizeof( s ) );
mbedAustin 11:cada08fc8a70 582 if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
mbedAustin 11:cada08fc8a70 583 return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
mbedAustin 11:cada08fc8a70 584
mbedAustin 11:cada08fc8a70 585 slen = strlen( s );
mbedAustin 11:cada08fc8a70 586 if( slen == sizeof( s ) - 2 )
mbedAustin 11:cada08fc8a70 587 return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
mbedAustin 11:cada08fc8a70 588
mbedAustin 11:cada08fc8a70 589 if( s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; }
mbedAustin 11:cada08fc8a70 590 if( s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; }
mbedAustin 11:cada08fc8a70 591
mbedAustin 11:cada08fc8a70 592 p = s + slen;
mbedAustin 11:cada08fc8a70 593 while( --p >= s )
mbedAustin 11:cada08fc8a70 594 if( mpi_get_digit( &d, radix, *p ) != 0 )
mbedAustin 11:cada08fc8a70 595 break;
mbedAustin 11:cada08fc8a70 596
mbedAustin 11:cada08fc8a70 597 return( mbedtls_mpi_read_string( X, radix, p + 1 ) );
mbedAustin 11:cada08fc8a70 598 }
mbedAustin 11:cada08fc8a70 599
mbedAustin 11:cada08fc8a70 600 /*
mbedAustin 11:cada08fc8a70 601 * Write X into an opened file (or stdout if fout == NULL)
mbedAustin 11:cada08fc8a70 602 */
mbedAustin 11:cada08fc8a70 603 int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout )
mbedAustin 11:cada08fc8a70 604 {
mbedAustin 11:cada08fc8a70 605 int ret;
mbedAustin 11:cada08fc8a70 606 size_t n, slen, plen;
mbedAustin 11:cada08fc8a70 607 /*
mbedAustin 11:cada08fc8a70 608 * Buffer should have space for (short) label and decimal formatted MPI,
mbedAustin 11:cada08fc8a70 609 * newline characters and '\0'
mbedAustin 11:cada08fc8a70 610 */
mbedAustin 11:cada08fc8a70 611 char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
mbedAustin 11:cada08fc8a70 612
mbedAustin 11:cada08fc8a70 613 memset( s, 0, sizeof( s ) );
mbedAustin 11:cada08fc8a70 614
mbedAustin 11:cada08fc8a70 615 MBEDTLS_MPI_CHK( mbedtls_mpi_write_string( X, radix, s, sizeof( s ) - 2, &n ) );
mbedAustin 11:cada08fc8a70 616
mbedAustin 11:cada08fc8a70 617 if( p == NULL ) p = "";
mbedAustin 11:cada08fc8a70 618
mbedAustin 11:cada08fc8a70 619 plen = strlen( p );
mbedAustin 11:cada08fc8a70 620 slen = strlen( s );
mbedAustin 11:cada08fc8a70 621 s[slen++] = '\r';
mbedAustin 11:cada08fc8a70 622 s[slen++] = '\n';
mbedAustin 11:cada08fc8a70 623
mbedAustin 11:cada08fc8a70 624 if( fout != NULL )
mbedAustin 11:cada08fc8a70 625 {
mbedAustin 11:cada08fc8a70 626 if( fwrite( p, 1, plen, fout ) != plen ||
mbedAustin 11:cada08fc8a70 627 fwrite( s, 1, slen, fout ) != slen )
mbedAustin 11:cada08fc8a70 628 return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
mbedAustin 11:cada08fc8a70 629 }
mbedAustin 11:cada08fc8a70 630 else
mbedAustin 11:cada08fc8a70 631 mbedtls_printf( "%s%s", p, s );
mbedAustin 11:cada08fc8a70 632
mbedAustin 11:cada08fc8a70 633 cleanup:
mbedAustin 11:cada08fc8a70 634
mbedAustin 11:cada08fc8a70 635 return( ret );
mbedAustin 11:cada08fc8a70 636 }
mbedAustin 11:cada08fc8a70 637 #endif /* MBEDTLS_FS_IO */
mbedAustin 11:cada08fc8a70 638
mbedAustin 11:cada08fc8a70 639 /*
mbedAustin 11:cada08fc8a70 640 * Import X from unsigned binary data, big endian
mbedAustin 11:cada08fc8a70 641 */
mbedAustin 11:cada08fc8a70 642 int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
mbedAustin 11:cada08fc8a70 643 {
mbedAustin 11:cada08fc8a70 644 int ret;
mbedAustin 11:cada08fc8a70 645 size_t i, j, n;
mbedAustin 11:cada08fc8a70 646
mbedAustin 11:cada08fc8a70 647 for( n = 0; n < buflen; n++ )
mbedAustin 11:cada08fc8a70 648 if( buf[n] != 0 )
mbedAustin 11:cada08fc8a70 649 break;
mbedAustin 11:cada08fc8a70 650
mbedAustin 11:cada08fc8a70 651 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) );
mbedAustin 11:cada08fc8a70 652 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
mbedAustin 11:cada08fc8a70 653
mbedAustin 11:cada08fc8a70 654 for( i = buflen, j = 0; i > n; i--, j++ )
mbedAustin 11:cada08fc8a70 655 X->p[j / ciL] |= ((mbedtls_mpi_uint) buf[i - 1]) << ((j % ciL) << 3);
mbedAustin 11:cada08fc8a70 656
mbedAustin 11:cada08fc8a70 657 cleanup:
mbedAustin 11:cada08fc8a70 658
mbedAustin 11:cada08fc8a70 659 return( ret );
mbedAustin 11:cada08fc8a70 660 }
mbedAustin 11:cada08fc8a70 661
mbedAustin 11:cada08fc8a70 662 /*
mbedAustin 11:cada08fc8a70 663 * Export X into unsigned binary data, big endian
mbedAustin 11:cada08fc8a70 664 */
mbedAustin 11:cada08fc8a70 665 int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen )
mbedAustin 11:cada08fc8a70 666 {
mbedAustin 11:cada08fc8a70 667 size_t i, j, n;
mbedAustin 11:cada08fc8a70 668
mbedAustin 11:cada08fc8a70 669 n = mbedtls_mpi_size( X );
mbedAustin 11:cada08fc8a70 670
mbedAustin 11:cada08fc8a70 671 if( buflen < n )
mbedAustin 11:cada08fc8a70 672 return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
mbedAustin 11:cada08fc8a70 673
mbedAustin 11:cada08fc8a70 674 memset( buf, 0, buflen );
mbedAustin 11:cada08fc8a70 675
mbedAustin 11:cada08fc8a70 676 for( i = buflen - 1, j = 0; n > 0; i--, j++, n-- )
mbedAustin 11:cada08fc8a70 677 buf[i] = (unsigned char)( X->p[j / ciL] >> ((j % ciL) << 3) );
mbedAustin 11:cada08fc8a70 678
mbedAustin 11:cada08fc8a70 679 return( 0 );
mbedAustin 11:cada08fc8a70 680 }
mbedAustin 11:cada08fc8a70 681
mbedAustin 11:cada08fc8a70 682 /*
mbedAustin 11:cada08fc8a70 683 * Left-shift: X <<= count
mbedAustin 11:cada08fc8a70 684 */
mbedAustin 11:cada08fc8a70 685 int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count )
mbedAustin 11:cada08fc8a70 686 {
mbedAustin 11:cada08fc8a70 687 int ret;
mbedAustin 11:cada08fc8a70 688 size_t i, v0, t1;
mbedAustin 11:cada08fc8a70 689 mbedtls_mpi_uint r0 = 0, r1;
mbedAustin 11:cada08fc8a70 690
mbedAustin 11:cada08fc8a70 691 v0 = count / (biL );
mbedAustin 11:cada08fc8a70 692 t1 = count & (biL - 1);
mbedAustin 11:cada08fc8a70 693
mbedAustin 11:cada08fc8a70 694 i = mbedtls_mpi_bitlen( X ) + count;
mbedAustin 11:cada08fc8a70 695
mbedAustin 11:cada08fc8a70 696 if( X->n * biL < i )
mbedAustin 11:cada08fc8a70 697 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, BITS_TO_LIMBS( i ) ) );
mbedAustin 11:cada08fc8a70 698
mbedAustin 11:cada08fc8a70 699 ret = 0;
mbedAustin 11:cada08fc8a70 700
mbedAustin 11:cada08fc8a70 701 /*
mbedAustin 11:cada08fc8a70 702 * shift by count / limb_size
mbedAustin 11:cada08fc8a70 703 */
mbedAustin 11:cada08fc8a70 704 if( v0 > 0 )
mbedAustin 11:cada08fc8a70 705 {
mbedAustin 11:cada08fc8a70 706 for( i = X->n; i > v0; i-- )
mbedAustin 11:cada08fc8a70 707 X->p[i - 1] = X->p[i - v0 - 1];
mbedAustin 11:cada08fc8a70 708
mbedAustin 11:cada08fc8a70 709 for( ; i > 0; i-- )
mbedAustin 11:cada08fc8a70 710 X->p[i - 1] = 0;
mbedAustin 11:cada08fc8a70 711 }
mbedAustin 11:cada08fc8a70 712
mbedAustin 11:cada08fc8a70 713 /*
mbedAustin 11:cada08fc8a70 714 * shift by count % limb_size
mbedAustin 11:cada08fc8a70 715 */
mbedAustin 11:cada08fc8a70 716 if( t1 > 0 )
mbedAustin 11:cada08fc8a70 717 {
mbedAustin 11:cada08fc8a70 718 for( i = v0; i < X->n; i++ )
mbedAustin 11:cada08fc8a70 719 {
mbedAustin 11:cada08fc8a70 720 r1 = X->p[i] >> (biL - t1);
mbedAustin 11:cada08fc8a70 721 X->p[i] <<= t1;
mbedAustin 11:cada08fc8a70 722 X->p[i] |= r0;
mbedAustin 11:cada08fc8a70 723 r0 = r1;
mbedAustin 11:cada08fc8a70 724 }
mbedAustin 11:cada08fc8a70 725 }
mbedAustin 11:cada08fc8a70 726
mbedAustin 11:cada08fc8a70 727 cleanup:
mbedAustin 11:cada08fc8a70 728
mbedAustin 11:cada08fc8a70 729 return( ret );
mbedAustin 11:cada08fc8a70 730 }
mbedAustin 11:cada08fc8a70 731
mbedAustin 11:cada08fc8a70 732 /*
mbedAustin 11:cada08fc8a70 733 * Right-shift: X >>= count
mbedAustin 11:cada08fc8a70 734 */
mbedAustin 11:cada08fc8a70 735 int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count )
mbedAustin 11:cada08fc8a70 736 {
mbedAustin 11:cada08fc8a70 737 size_t i, v0, v1;
mbedAustin 11:cada08fc8a70 738 mbedtls_mpi_uint r0 = 0, r1;
mbedAustin 11:cada08fc8a70 739
mbedAustin 11:cada08fc8a70 740 v0 = count / biL;
mbedAustin 11:cada08fc8a70 741 v1 = count & (biL - 1);
mbedAustin 11:cada08fc8a70 742
mbedAustin 11:cada08fc8a70 743 if( v0 > X->n || ( v0 == X->n && v1 > 0 ) )
mbedAustin 11:cada08fc8a70 744 return mbedtls_mpi_lset( X, 0 );
mbedAustin 11:cada08fc8a70 745
mbedAustin 11:cada08fc8a70 746 /*
mbedAustin 11:cada08fc8a70 747 * shift by count / limb_size
mbedAustin 11:cada08fc8a70 748 */
mbedAustin 11:cada08fc8a70 749 if( v0 > 0 )
mbedAustin 11:cada08fc8a70 750 {
mbedAustin 11:cada08fc8a70 751 for( i = 0; i < X->n - v0; i++ )
mbedAustin 11:cada08fc8a70 752 X->p[i] = X->p[i + v0];
mbedAustin 11:cada08fc8a70 753
mbedAustin 11:cada08fc8a70 754 for( ; i < X->n; i++ )
mbedAustin 11:cada08fc8a70 755 X->p[i] = 0;
mbedAustin 11:cada08fc8a70 756 }
mbedAustin 11:cada08fc8a70 757
mbedAustin 11:cada08fc8a70 758 /*
mbedAustin 11:cada08fc8a70 759 * shift by count % limb_size
mbedAustin 11:cada08fc8a70 760 */
mbedAustin 11:cada08fc8a70 761 if( v1 > 0 )
mbedAustin 11:cada08fc8a70 762 {
mbedAustin 11:cada08fc8a70 763 for( i = X->n; i > 0; i-- )
mbedAustin 11:cada08fc8a70 764 {
mbedAustin 11:cada08fc8a70 765 r1 = X->p[i - 1] << (biL - v1);
mbedAustin 11:cada08fc8a70 766 X->p[i - 1] >>= v1;
mbedAustin 11:cada08fc8a70 767 X->p[i - 1] |= r0;
mbedAustin 11:cada08fc8a70 768 r0 = r1;
mbedAustin 11:cada08fc8a70 769 }
mbedAustin 11:cada08fc8a70 770 }
mbedAustin 11:cada08fc8a70 771
mbedAustin 11:cada08fc8a70 772 return( 0 );
mbedAustin 11:cada08fc8a70 773 }
mbedAustin 11:cada08fc8a70 774
mbedAustin 11:cada08fc8a70 775 /*
mbedAustin 11:cada08fc8a70 776 * Compare unsigned values
mbedAustin 11:cada08fc8a70 777 */
mbedAustin 11:cada08fc8a70 778 int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y )
mbedAustin 11:cada08fc8a70 779 {
mbedAustin 11:cada08fc8a70 780 size_t i, j;
mbedAustin 11:cada08fc8a70 781
mbedAustin 11:cada08fc8a70 782 for( i = X->n; i > 0; i-- )
mbedAustin 11:cada08fc8a70 783 if( X->p[i - 1] != 0 )
mbedAustin 11:cada08fc8a70 784 break;
mbedAustin 11:cada08fc8a70 785
mbedAustin 11:cada08fc8a70 786 for( j = Y->n; j > 0; j-- )
mbedAustin 11:cada08fc8a70 787 if( Y->p[j - 1] != 0 )
mbedAustin 11:cada08fc8a70 788 break;
mbedAustin 11:cada08fc8a70 789
mbedAustin 11:cada08fc8a70 790 if( i == 0 && j == 0 )
mbedAustin 11:cada08fc8a70 791 return( 0 );
mbedAustin 11:cada08fc8a70 792
mbedAustin 11:cada08fc8a70 793 if( i > j ) return( 1 );
mbedAustin 11:cada08fc8a70 794 if( j > i ) return( -1 );
mbedAustin 11:cada08fc8a70 795
mbedAustin 11:cada08fc8a70 796 for( ; i > 0; i-- )
mbedAustin 11:cada08fc8a70 797 {
mbedAustin 11:cada08fc8a70 798 if( X->p[i - 1] > Y->p[i - 1] ) return( 1 );
mbedAustin 11:cada08fc8a70 799 if( X->p[i - 1] < Y->p[i - 1] ) return( -1 );
mbedAustin 11:cada08fc8a70 800 }
mbedAustin 11:cada08fc8a70 801
mbedAustin 11:cada08fc8a70 802 return( 0 );
mbedAustin 11:cada08fc8a70 803 }
mbedAustin 11:cada08fc8a70 804
mbedAustin 11:cada08fc8a70 805 /*
mbedAustin 11:cada08fc8a70 806 * Compare signed values
mbedAustin 11:cada08fc8a70 807 */
mbedAustin 11:cada08fc8a70 808 int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y )
mbedAustin 11:cada08fc8a70 809 {
mbedAustin 11:cada08fc8a70 810 size_t i, j;
mbedAustin 11:cada08fc8a70 811
mbedAustin 11:cada08fc8a70 812 for( i = X->n; i > 0; i-- )
mbedAustin 11:cada08fc8a70 813 if( X->p[i - 1] != 0 )
mbedAustin 11:cada08fc8a70 814 break;
mbedAustin 11:cada08fc8a70 815
mbedAustin 11:cada08fc8a70 816 for( j = Y->n; j > 0; j-- )
mbedAustin 11:cada08fc8a70 817 if( Y->p[j - 1] != 0 )
mbedAustin 11:cada08fc8a70 818 break;
mbedAustin 11:cada08fc8a70 819
mbedAustin 11:cada08fc8a70 820 if( i == 0 && j == 0 )
mbedAustin 11:cada08fc8a70 821 return( 0 );
mbedAustin 11:cada08fc8a70 822
mbedAustin 11:cada08fc8a70 823 if( i > j ) return( X->s );
mbedAustin 11:cada08fc8a70 824 if( j > i ) return( -Y->s );
mbedAustin 11:cada08fc8a70 825
mbedAustin 11:cada08fc8a70 826 if( X->s > 0 && Y->s < 0 ) return( 1 );
mbedAustin 11:cada08fc8a70 827 if( Y->s > 0 && X->s < 0 ) return( -1 );
mbedAustin 11:cada08fc8a70 828
mbedAustin 11:cada08fc8a70 829 for( ; i > 0; i-- )
mbedAustin 11:cada08fc8a70 830 {
mbedAustin 11:cada08fc8a70 831 if( X->p[i - 1] > Y->p[i - 1] ) return( X->s );
mbedAustin 11:cada08fc8a70 832 if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s );
mbedAustin 11:cada08fc8a70 833 }
mbedAustin 11:cada08fc8a70 834
mbedAustin 11:cada08fc8a70 835 return( 0 );
mbedAustin 11:cada08fc8a70 836 }
mbedAustin 11:cada08fc8a70 837
mbedAustin 11:cada08fc8a70 838 /*
mbedAustin 11:cada08fc8a70 839 * Compare signed values
mbedAustin 11:cada08fc8a70 840 */
mbedAustin 11:cada08fc8a70 841 int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
mbedAustin 11:cada08fc8a70 842 {
mbedAustin 11:cada08fc8a70 843 mbedtls_mpi Y;
mbedAustin 11:cada08fc8a70 844 mbedtls_mpi_uint p[1];
mbedAustin 11:cada08fc8a70 845
mbedAustin 11:cada08fc8a70 846 *p = ( z < 0 ) ? -z : z;
mbedAustin 11:cada08fc8a70 847 Y.s = ( z < 0 ) ? -1 : 1;
mbedAustin 11:cada08fc8a70 848 Y.n = 1;
mbedAustin 11:cada08fc8a70 849 Y.p = p;
mbedAustin 11:cada08fc8a70 850
mbedAustin 11:cada08fc8a70 851 return( mbedtls_mpi_cmp_mpi( X, &Y ) );
mbedAustin 11:cada08fc8a70 852 }
mbedAustin 11:cada08fc8a70 853
mbedAustin 11:cada08fc8a70 854 /*
mbedAustin 11:cada08fc8a70 855 * Unsigned addition: X = |A| + |B| (HAC 14.7)
mbedAustin 11:cada08fc8a70 856 */
mbedAustin 11:cada08fc8a70 857 int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
mbedAustin 11:cada08fc8a70 858 {
mbedAustin 11:cada08fc8a70 859 int ret;
mbedAustin 11:cada08fc8a70 860 size_t i, j;
mbedAustin 11:cada08fc8a70 861 mbedtls_mpi_uint *o, *p, c;
mbedAustin 11:cada08fc8a70 862
mbedAustin 11:cada08fc8a70 863 if( X == B )
mbedAustin 11:cada08fc8a70 864 {
mbedAustin 11:cada08fc8a70 865 const mbedtls_mpi *T = A; A = X; B = T;
mbedAustin 11:cada08fc8a70 866 }
mbedAustin 11:cada08fc8a70 867
mbedAustin 11:cada08fc8a70 868 if( X != A )
mbedAustin 11:cada08fc8a70 869 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
mbedAustin 11:cada08fc8a70 870
mbedAustin 11:cada08fc8a70 871 /*
mbedAustin 11:cada08fc8a70 872 * X should always be positive as a result of unsigned additions.
mbedAustin 11:cada08fc8a70 873 */
mbedAustin 11:cada08fc8a70 874 X->s = 1;
mbedAustin 11:cada08fc8a70 875
mbedAustin 11:cada08fc8a70 876 for( j = B->n; j > 0; j-- )
mbedAustin 11:cada08fc8a70 877 if( B->p[j - 1] != 0 )
mbedAustin 11:cada08fc8a70 878 break;
mbedAustin 11:cada08fc8a70 879
mbedAustin 11:cada08fc8a70 880 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
mbedAustin 11:cada08fc8a70 881
mbedAustin 11:cada08fc8a70 882 o = B->p; p = X->p; c = 0;
mbedAustin 11:cada08fc8a70 883
mbedAustin 11:cada08fc8a70 884 for( i = 0; i < j; i++, o++, p++ )
mbedAustin 11:cada08fc8a70 885 {
mbedAustin 11:cada08fc8a70 886 *p += c; c = ( *p < c );
mbedAustin 11:cada08fc8a70 887 *p += *o; c += ( *p < *o );
mbedAustin 11:cada08fc8a70 888 }
mbedAustin 11:cada08fc8a70 889
mbedAustin 11:cada08fc8a70 890 while( c != 0 )
mbedAustin 11:cada08fc8a70 891 {
mbedAustin 11:cada08fc8a70 892 if( i >= X->n )
mbedAustin 11:cada08fc8a70 893 {
mbedAustin 11:cada08fc8a70 894 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + 1 ) );
mbedAustin 11:cada08fc8a70 895 p = X->p + i;
mbedAustin 11:cada08fc8a70 896 }
mbedAustin 11:cada08fc8a70 897
mbedAustin 11:cada08fc8a70 898 *p += c; c = ( *p < c ); i++; p++;
mbedAustin 11:cada08fc8a70 899 }
mbedAustin 11:cada08fc8a70 900
mbedAustin 11:cada08fc8a70 901 cleanup:
mbedAustin 11:cada08fc8a70 902
mbedAustin 11:cada08fc8a70 903 return( ret );
mbedAustin 11:cada08fc8a70 904 }
mbedAustin 11:cada08fc8a70 905
mbedAustin 11:cada08fc8a70 906 /*
mbedAustin 11:cada08fc8a70 907 * Helper for mbedtls_mpi subtraction
mbedAustin 11:cada08fc8a70 908 */
mbedAustin 11:cada08fc8a70 909 static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d )
mbedAustin 11:cada08fc8a70 910 {
mbedAustin 11:cada08fc8a70 911 size_t i;
mbedAustin 11:cada08fc8a70 912 mbedtls_mpi_uint c, z;
mbedAustin 11:cada08fc8a70 913
mbedAustin 11:cada08fc8a70 914 for( i = c = 0; i < n; i++, s++, d++ )
mbedAustin 11:cada08fc8a70 915 {
mbedAustin 11:cada08fc8a70 916 z = ( *d < c ); *d -= c;
mbedAustin 11:cada08fc8a70 917 c = ( *d < *s ) + z; *d -= *s;
mbedAustin 11:cada08fc8a70 918 }
mbedAustin 11:cada08fc8a70 919
mbedAustin 11:cada08fc8a70 920 while( c != 0 )
mbedAustin 11:cada08fc8a70 921 {
mbedAustin 11:cada08fc8a70 922 z = ( *d < c ); *d -= c;
mbedAustin 11:cada08fc8a70 923 c = z; i++; d++;
mbedAustin 11:cada08fc8a70 924 }
mbedAustin 11:cada08fc8a70 925 }
mbedAustin 11:cada08fc8a70 926
mbedAustin 11:cada08fc8a70 927 /*
mbedAustin 11:cada08fc8a70 928 * Unsigned subtraction: X = |A| - |B| (HAC 14.9)
mbedAustin 11:cada08fc8a70 929 */
mbedAustin 11:cada08fc8a70 930 int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
mbedAustin 11:cada08fc8a70 931 {
mbedAustin 11:cada08fc8a70 932 mbedtls_mpi TB;
mbedAustin 11:cada08fc8a70 933 int ret;
mbedAustin 11:cada08fc8a70 934 size_t n;
mbedAustin 11:cada08fc8a70 935
mbedAustin 11:cada08fc8a70 936 if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
mbedAustin 11:cada08fc8a70 937 return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
mbedAustin 11:cada08fc8a70 938
mbedAustin 11:cada08fc8a70 939 mbedtls_mpi_init( &TB );
mbedAustin 11:cada08fc8a70 940
mbedAustin 11:cada08fc8a70 941 if( X == B )
mbedAustin 11:cada08fc8a70 942 {
mbedAustin 11:cada08fc8a70 943 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
mbedAustin 11:cada08fc8a70 944 B = &TB;
mbedAustin 11:cada08fc8a70 945 }
mbedAustin 11:cada08fc8a70 946
mbedAustin 11:cada08fc8a70 947 if( X != A )
mbedAustin 11:cada08fc8a70 948 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
mbedAustin 11:cada08fc8a70 949
mbedAustin 11:cada08fc8a70 950 /*
mbedAustin 11:cada08fc8a70 951 * X should always be positive as a result of unsigned subtractions.
mbedAustin 11:cada08fc8a70 952 */
mbedAustin 11:cada08fc8a70 953 X->s = 1;
mbedAustin 11:cada08fc8a70 954
mbedAustin 11:cada08fc8a70 955 ret = 0;
mbedAustin 11:cada08fc8a70 956
mbedAustin 11:cada08fc8a70 957 for( n = B->n; n > 0; n-- )
mbedAustin 11:cada08fc8a70 958 if( B->p[n - 1] != 0 )
mbedAustin 11:cada08fc8a70 959 break;
mbedAustin 11:cada08fc8a70 960
mbedAustin 11:cada08fc8a70 961 mpi_sub_hlp( n, B->p, X->p );
mbedAustin 11:cada08fc8a70 962
mbedAustin 11:cada08fc8a70 963 cleanup:
mbedAustin 11:cada08fc8a70 964
mbedAustin 11:cada08fc8a70 965 mbedtls_mpi_free( &TB );
mbedAustin 11:cada08fc8a70 966
mbedAustin 11:cada08fc8a70 967 return( ret );
mbedAustin 11:cada08fc8a70 968 }
mbedAustin 11:cada08fc8a70 969
mbedAustin 11:cada08fc8a70 970 /*
mbedAustin 11:cada08fc8a70 971 * Signed addition: X = A + B
mbedAustin 11:cada08fc8a70 972 */
mbedAustin 11:cada08fc8a70 973 int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
mbedAustin 11:cada08fc8a70 974 {
mbedAustin 11:cada08fc8a70 975 int ret, s = A->s;
mbedAustin 11:cada08fc8a70 976
mbedAustin 11:cada08fc8a70 977 if( A->s * B->s < 0 )
mbedAustin 11:cada08fc8a70 978 {
mbedAustin 11:cada08fc8a70 979 if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
mbedAustin 11:cada08fc8a70 980 {
mbedAustin 11:cada08fc8a70 981 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
mbedAustin 11:cada08fc8a70 982 X->s = s;
mbedAustin 11:cada08fc8a70 983 }
mbedAustin 11:cada08fc8a70 984 else
mbedAustin 11:cada08fc8a70 985 {
mbedAustin 11:cada08fc8a70 986 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
mbedAustin 11:cada08fc8a70 987 X->s = -s;
mbedAustin 11:cada08fc8a70 988 }
mbedAustin 11:cada08fc8a70 989 }
mbedAustin 11:cada08fc8a70 990 else
mbedAustin 11:cada08fc8a70 991 {
mbedAustin 11:cada08fc8a70 992 MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
mbedAustin 11:cada08fc8a70 993 X->s = s;
mbedAustin 11:cada08fc8a70 994 }
mbedAustin 11:cada08fc8a70 995
mbedAustin 11:cada08fc8a70 996 cleanup:
mbedAustin 11:cada08fc8a70 997
mbedAustin 11:cada08fc8a70 998 return( ret );
mbedAustin 11:cada08fc8a70 999 }
mbedAustin 11:cada08fc8a70 1000
mbedAustin 11:cada08fc8a70 1001 /*
mbedAustin 11:cada08fc8a70 1002 * Signed subtraction: X = A - B
mbedAustin 11:cada08fc8a70 1003 */
mbedAustin 11:cada08fc8a70 1004 int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
mbedAustin 11:cada08fc8a70 1005 {
mbedAustin 11:cada08fc8a70 1006 int ret, s = A->s;
mbedAustin 11:cada08fc8a70 1007
mbedAustin 11:cada08fc8a70 1008 if( A->s * B->s > 0 )
mbedAustin 11:cada08fc8a70 1009 {
mbedAustin 11:cada08fc8a70 1010 if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
mbedAustin 11:cada08fc8a70 1011 {
mbedAustin 11:cada08fc8a70 1012 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
mbedAustin 11:cada08fc8a70 1013 X->s = s;
mbedAustin 11:cada08fc8a70 1014 }
mbedAustin 11:cada08fc8a70 1015 else
mbedAustin 11:cada08fc8a70 1016 {
mbedAustin 11:cada08fc8a70 1017 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
mbedAustin 11:cada08fc8a70 1018 X->s = -s;
mbedAustin 11:cada08fc8a70 1019 }
mbedAustin 11:cada08fc8a70 1020 }
mbedAustin 11:cada08fc8a70 1021 else
mbedAustin 11:cada08fc8a70 1022 {
mbedAustin 11:cada08fc8a70 1023 MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
mbedAustin 11:cada08fc8a70 1024 X->s = s;
mbedAustin 11:cada08fc8a70 1025 }
mbedAustin 11:cada08fc8a70 1026
mbedAustin 11:cada08fc8a70 1027 cleanup:
mbedAustin 11:cada08fc8a70 1028
mbedAustin 11:cada08fc8a70 1029 return( ret );
mbedAustin 11:cada08fc8a70 1030 }
mbedAustin 11:cada08fc8a70 1031
mbedAustin 11:cada08fc8a70 1032 /*
mbedAustin 11:cada08fc8a70 1033 * Signed addition: X = A + b
mbedAustin 11:cada08fc8a70 1034 */
mbedAustin 11:cada08fc8a70 1035 int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
mbedAustin 11:cada08fc8a70 1036 {
mbedAustin 11:cada08fc8a70 1037 mbedtls_mpi _B;
mbedAustin 11:cada08fc8a70 1038 mbedtls_mpi_uint p[1];
mbedAustin 11:cada08fc8a70 1039
mbedAustin 11:cada08fc8a70 1040 p[0] = ( b < 0 ) ? -b : b;
mbedAustin 11:cada08fc8a70 1041 _B.s = ( b < 0 ) ? -1 : 1;
mbedAustin 11:cada08fc8a70 1042 _B.n = 1;
mbedAustin 11:cada08fc8a70 1043 _B.p = p;
mbedAustin 11:cada08fc8a70 1044
mbedAustin 11:cada08fc8a70 1045 return( mbedtls_mpi_add_mpi( X, A, &_B ) );
mbedAustin 11:cada08fc8a70 1046 }
mbedAustin 11:cada08fc8a70 1047
mbedAustin 11:cada08fc8a70 1048 /*
mbedAustin 11:cada08fc8a70 1049 * Signed subtraction: X = A - b
mbedAustin 11:cada08fc8a70 1050 */
mbedAustin 11:cada08fc8a70 1051 int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
mbedAustin 11:cada08fc8a70 1052 {
mbedAustin 11:cada08fc8a70 1053 mbedtls_mpi _B;
mbedAustin 11:cada08fc8a70 1054 mbedtls_mpi_uint p[1];
mbedAustin 11:cada08fc8a70 1055
mbedAustin 11:cada08fc8a70 1056 p[0] = ( b < 0 ) ? -b : b;
mbedAustin 11:cada08fc8a70 1057 _B.s = ( b < 0 ) ? -1 : 1;
mbedAustin 11:cada08fc8a70 1058 _B.n = 1;
mbedAustin 11:cada08fc8a70 1059 _B.p = p;
mbedAustin 11:cada08fc8a70 1060
mbedAustin 11:cada08fc8a70 1061 return( mbedtls_mpi_sub_mpi( X, A, &_B ) );
mbedAustin 11:cada08fc8a70 1062 }
mbedAustin 11:cada08fc8a70 1063
mbedAustin 11:cada08fc8a70 1064 /*
mbedAustin 11:cada08fc8a70 1065 * Helper for mbedtls_mpi multiplication
mbedAustin 11:cada08fc8a70 1066 */
mbedAustin 11:cada08fc8a70 1067 static
mbedAustin 11:cada08fc8a70 1068 #if defined(__APPLE__) && defined(__arm__)
mbedAustin 11:cada08fc8a70 1069 /*
mbedAustin 11:cada08fc8a70 1070 * Apple LLVM version 4.2 (clang-425.0.24) (based on LLVM 3.2svn)
mbedAustin 11:cada08fc8a70 1071 * appears to need this to prevent bad ARM code generation at -O3.
mbedAustin 11:cada08fc8a70 1072 */
mbedAustin 11:cada08fc8a70 1073 __attribute__ ((noinline))
mbedAustin 11:cada08fc8a70 1074 #endif
mbedAustin 11:cada08fc8a70 1075 void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mpi_uint b )
mbedAustin 11:cada08fc8a70 1076 {
mbedAustin 11:cada08fc8a70 1077 mbedtls_mpi_uint c = 0, t = 0;
mbedAustin 11:cada08fc8a70 1078
mbedAustin 11:cada08fc8a70 1079 #if defined(MULADDC_HUIT)
mbedAustin 11:cada08fc8a70 1080 for( ; i >= 8; i -= 8 )
mbedAustin 11:cada08fc8a70 1081 {
mbedAustin 11:cada08fc8a70 1082 MULADDC_INIT
mbedAustin 11:cada08fc8a70 1083 MULADDC_HUIT
mbedAustin 11:cada08fc8a70 1084 MULADDC_STOP
mbedAustin 11:cada08fc8a70 1085 }
mbedAustin 11:cada08fc8a70 1086
mbedAustin 11:cada08fc8a70 1087 for( ; i > 0; i-- )
mbedAustin 11:cada08fc8a70 1088 {
mbedAustin 11:cada08fc8a70 1089 MULADDC_INIT
mbedAustin 11:cada08fc8a70 1090 MULADDC_CORE
mbedAustin 11:cada08fc8a70 1091 MULADDC_STOP
mbedAustin 11:cada08fc8a70 1092 }
mbedAustin 11:cada08fc8a70 1093 #else /* MULADDC_HUIT */
mbedAustin 11:cada08fc8a70 1094 for( ; i >= 16; i -= 16 )
mbedAustin 11:cada08fc8a70 1095 {
mbedAustin 11:cada08fc8a70 1096 MULADDC_INIT
mbedAustin 11:cada08fc8a70 1097 MULADDC_CORE MULADDC_CORE
mbedAustin 11:cada08fc8a70 1098 MULADDC_CORE MULADDC_CORE
mbedAustin 11:cada08fc8a70 1099 MULADDC_CORE MULADDC_CORE
mbedAustin 11:cada08fc8a70 1100 MULADDC_CORE MULADDC_CORE
mbedAustin 11:cada08fc8a70 1101
mbedAustin 11:cada08fc8a70 1102 MULADDC_CORE MULADDC_CORE
mbedAustin 11:cada08fc8a70 1103 MULADDC_CORE MULADDC_CORE
mbedAustin 11:cada08fc8a70 1104 MULADDC_CORE MULADDC_CORE
mbedAustin 11:cada08fc8a70 1105 MULADDC_CORE MULADDC_CORE
mbedAustin 11:cada08fc8a70 1106 MULADDC_STOP
mbedAustin 11:cada08fc8a70 1107 }
mbedAustin 11:cada08fc8a70 1108
mbedAustin 11:cada08fc8a70 1109 for( ; i >= 8; i -= 8 )
mbedAustin 11:cada08fc8a70 1110 {
mbedAustin 11:cada08fc8a70 1111 MULADDC_INIT
mbedAustin 11:cada08fc8a70 1112 MULADDC_CORE MULADDC_CORE
mbedAustin 11:cada08fc8a70 1113 MULADDC_CORE MULADDC_CORE
mbedAustin 11:cada08fc8a70 1114
mbedAustin 11:cada08fc8a70 1115 MULADDC_CORE MULADDC_CORE
mbedAustin 11:cada08fc8a70 1116 MULADDC_CORE MULADDC_CORE
mbedAustin 11:cada08fc8a70 1117 MULADDC_STOP
mbedAustin 11:cada08fc8a70 1118 }
mbedAustin 11:cada08fc8a70 1119
mbedAustin 11:cada08fc8a70 1120 for( ; i > 0; i-- )
mbedAustin 11:cada08fc8a70 1121 {
mbedAustin 11:cada08fc8a70 1122 MULADDC_INIT
mbedAustin 11:cada08fc8a70 1123 MULADDC_CORE
mbedAustin 11:cada08fc8a70 1124 MULADDC_STOP
mbedAustin 11:cada08fc8a70 1125 }
mbedAustin 11:cada08fc8a70 1126 #endif /* MULADDC_HUIT */
mbedAustin 11:cada08fc8a70 1127
mbedAustin 11:cada08fc8a70 1128 t++;
mbedAustin 11:cada08fc8a70 1129
mbedAustin 11:cada08fc8a70 1130 do {
mbedAustin 11:cada08fc8a70 1131 *d += c; c = ( *d < c ); d++;
mbedAustin 11:cada08fc8a70 1132 }
mbedAustin 11:cada08fc8a70 1133 while( c != 0 );
mbedAustin 11:cada08fc8a70 1134 }
mbedAustin 11:cada08fc8a70 1135
mbedAustin 11:cada08fc8a70 1136 /*
mbedAustin 11:cada08fc8a70 1137 * Baseline multiplication: X = A * B (HAC 14.12)
mbedAustin 11:cada08fc8a70 1138 */
mbedAustin 11:cada08fc8a70 1139 int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
mbedAustin 11:cada08fc8a70 1140 {
mbedAustin 11:cada08fc8a70 1141 int ret;
mbedAustin 11:cada08fc8a70 1142 size_t i, j;
mbedAustin 11:cada08fc8a70 1143 mbedtls_mpi TA, TB;
mbedAustin 11:cada08fc8a70 1144
mbedAustin 11:cada08fc8a70 1145 mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
mbedAustin 11:cada08fc8a70 1146
mbedAustin 11:cada08fc8a70 1147 if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; }
mbedAustin 11:cada08fc8a70 1148 if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; }
mbedAustin 11:cada08fc8a70 1149
mbedAustin 11:cada08fc8a70 1150 for( i = A->n; i > 0; i-- )
mbedAustin 11:cada08fc8a70 1151 if( A->p[i - 1] != 0 )
mbedAustin 11:cada08fc8a70 1152 break;
mbedAustin 11:cada08fc8a70 1153
mbedAustin 11:cada08fc8a70 1154 for( j = B->n; j > 0; j-- )
mbedAustin 11:cada08fc8a70 1155 if( B->p[j - 1] != 0 )
mbedAustin 11:cada08fc8a70 1156 break;
mbedAustin 11:cada08fc8a70 1157
mbedAustin 11:cada08fc8a70 1158 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
mbedAustin 11:cada08fc8a70 1159 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
mbedAustin 11:cada08fc8a70 1160
mbedAustin 11:cada08fc8a70 1161 for( i++; j > 0; j-- )
mbedAustin 11:cada08fc8a70 1162 mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] );
mbedAustin 11:cada08fc8a70 1163
mbedAustin 11:cada08fc8a70 1164 X->s = A->s * B->s;
mbedAustin 11:cada08fc8a70 1165
mbedAustin 11:cada08fc8a70 1166 cleanup:
mbedAustin 11:cada08fc8a70 1167
mbedAustin 11:cada08fc8a70 1168 mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TA );
mbedAustin 11:cada08fc8a70 1169
mbedAustin 11:cada08fc8a70 1170 return( ret );
mbedAustin 11:cada08fc8a70 1171 }
mbedAustin 11:cada08fc8a70 1172
mbedAustin 11:cada08fc8a70 1173 /*
mbedAustin 11:cada08fc8a70 1174 * Baseline multiplication: X = A * b
mbedAustin 11:cada08fc8a70 1175 */
mbedAustin 11:cada08fc8a70 1176 int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b )
mbedAustin 11:cada08fc8a70 1177 {
mbedAustin 11:cada08fc8a70 1178 mbedtls_mpi _B;
mbedAustin 11:cada08fc8a70 1179 mbedtls_mpi_uint p[1];
mbedAustin 11:cada08fc8a70 1180
mbedAustin 11:cada08fc8a70 1181 _B.s = 1;
mbedAustin 11:cada08fc8a70 1182 _B.n = 1;
mbedAustin 11:cada08fc8a70 1183 _B.p = p;
mbedAustin 11:cada08fc8a70 1184 p[0] = b;
mbedAustin 11:cada08fc8a70 1185
mbedAustin 11:cada08fc8a70 1186 return( mbedtls_mpi_mul_mpi( X, A, &_B ) );
mbedAustin 11:cada08fc8a70 1187 }
mbedAustin 11:cada08fc8a70 1188
mbedAustin 11:cada08fc8a70 1189 /*
mbedAustin 11:cada08fc8a70 1190 * Division by mbedtls_mpi: A = Q * B + R (HAC 14.20)
mbedAustin 11:cada08fc8a70 1191 */
mbedAustin 11:cada08fc8a70 1192 int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
mbedAustin 11:cada08fc8a70 1193 {
mbedAustin 11:cada08fc8a70 1194 int ret;
mbedAustin 11:cada08fc8a70 1195 size_t i, n, t, k;
mbedAustin 11:cada08fc8a70 1196 mbedtls_mpi X, Y, Z, T1, T2;
mbedAustin 11:cada08fc8a70 1197
mbedAustin 11:cada08fc8a70 1198 if( mbedtls_mpi_cmp_int( B, 0 ) == 0 )
mbedAustin 11:cada08fc8a70 1199 return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
mbedAustin 11:cada08fc8a70 1200
mbedAustin 11:cada08fc8a70 1201 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
mbedAustin 11:cada08fc8a70 1202 mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
mbedAustin 11:cada08fc8a70 1203
mbedAustin 11:cada08fc8a70 1204 if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
mbedAustin 11:cada08fc8a70 1205 {
mbedAustin 11:cada08fc8a70 1206 if( Q != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_lset( Q, 0 ) );
mbedAustin 11:cada08fc8a70 1207 if( R != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, A ) );
mbedAustin 11:cada08fc8a70 1208 return( 0 );
mbedAustin 11:cada08fc8a70 1209 }
mbedAustin 11:cada08fc8a70 1210
mbedAustin 11:cada08fc8a70 1211 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &X, A ) );
mbedAustin 11:cada08fc8a70 1212 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, B ) );
mbedAustin 11:cada08fc8a70 1213 X.s = Y.s = 1;
mbedAustin 11:cada08fc8a70 1214
mbedAustin 11:cada08fc8a70 1215 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) );
mbedAustin 11:cada08fc8a70 1216 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z, 0 ) );
mbedAustin 11:cada08fc8a70 1217 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, 2 ) );
mbedAustin 11:cada08fc8a70 1218 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T2, 3 ) );
mbedAustin 11:cada08fc8a70 1219
mbedAustin 11:cada08fc8a70 1220 k = mbedtls_mpi_bitlen( &Y ) % biL;
mbedAustin 11:cada08fc8a70 1221 if( k < biL - 1 )
mbedAustin 11:cada08fc8a70 1222 {
mbedAustin 11:cada08fc8a70 1223 k = biL - 1 - k;
mbedAustin 11:cada08fc8a70 1224 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &X, k ) );
mbedAustin 11:cada08fc8a70 1225 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, k ) );
mbedAustin 11:cada08fc8a70 1226 }
mbedAustin 11:cada08fc8a70 1227 else k = 0;
mbedAustin 11:cada08fc8a70 1228
mbedAustin 11:cada08fc8a70 1229 n = X.n - 1;
mbedAustin 11:cada08fc8a70 1230 t = Y.n - 1;
mbedAustin 11:cada08fc8a70 1231 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, biL * ( n - t ) ) );
mbedAustin 11:cada08fc8a70 1232
mbedAustin 11:cada08fc8a70 1233 while( mbedtls_mpi_cmp_mpi( &X, &Y ) >= 0 )
mbedAustin 11:cada08fc8a70 1234 {
mbedAustin 11:cada08fc8a70 1235 Z.p[n - t]++;
mbedAustin 11:cada08fc8a70 1236 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &Y ) );
mbedAustin 11:cada08fc8a70 1237 }
mbedAustin 11:cada08fc8a70 1238 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, biL * ( n - t ) ) );
mbedAustin 11:cada08fc8a70 1239
mbedAustin 11:cada08fc8a70 1240 for( i = n; i > t ; i-- )
mbedAustin 11:cada08fc8a70 1241 {
mbedAustin 11:cada08fc8a70 1242 if( X.p[i] >= Y.p[t] )
mbedAustin 11:cada08fc8a70 1243 Z.p[i - t - 1] = ~0;
mbedAustin 11:cada08fc8a70 1244 else
mbedAustin 11:cada08fc8a70 1245 {
mbedAustin 11:cada08fc8a70 1246 #if defined(MBEDTLS_HAVE_UDBL)
mbedAustin 11:cada08fc8a70 1247 mbedtls_t_udbl r;
mbedAustin 11:cada08fc8a70 1248
mbedAustin 11:cada08fc8a70 1249 r = (mbedtls_t_udbl) X.p[i] << biL;
mbedAustin 11:cada08fc8a70 1250 r |= (mbedtls_t_udbl) X.p[i - 1];
mbedAustin 11:cada08fc8a70 1251 r /= Y.p[t];
mbedAustin 11:cada08fc8a70 1252 if( r > ( (mbedtls_t_udbl) 1 << biL ) - 1 )
mbedAustin 11:cada08fc8a70 1253 r = ( (mbedtls_t_udbl) 1 << biL ) - 1;
mbedAustin 11:cada08fc8a70 1254
mbedAustin 11:cada08fc8a70 1255 Z.p[i - t - 1] = (mbedtls_mpi_uint) r;
mbedAustin 11:cada08fc8a70 1256 #else
mbedAustin 11:cada08fc8a70 1257 /*
mbedAustin 11:cada08fc8a70 1258 * __udiv_qrnnd_c, from gmp/longlong.h
mbedAustin 11:cada08fc8a70 1259 */
mbedAustin 11:cada08fc8a70 1260 mbedtls_mpi_uint q0, q1, r0, r1;
mbedAustin 11:cada08fc8a70 1261 mbedtls_mpi_uint d0, d1, d, m;
mbedAustin 11:cada08fc8a70 1262
mbedAustin 11:cada08fc8a70 1263 d = Y.p[t];
mbedAustin 11:cada08fc8a70 1264 d0 = ( d << biH ) >> biH;
mbedAustin 11:cada08fc8a70 1265 d1 = ( d >> biH );
mbedAustin 11:cada08fc8a70 1266
mbedAustin 11:cada08fc8a70 1267 q1 = X.p[i] / d1;
mbedAustin 11:cada08fc8a70 1268 r1 = X.p[i] - d1 * q1;
mbedAustin 11:cada08fc8a70 1269 r1 <<= biH;
mbedAustin 11:cada08fc8a70 1270 r1 |= ( X.p[i - 1] >> biH );
mbedAustin 11:cada08fc8a70 1271
mbedAustin 11:cada08fc8a70 1272 m = q1 * d0;
mbedAustin 11:cada08fc8a70 1273 if( r1 < m )
mbedAustin 11:cada08fc8a70 1274 {
mbedAustin 11:cada08fc8a70 1275 q1--, r1 += d;
mbedAustin 11:cada08fc8a70 1276 while( r1 >= d && r1 < m )
mbedAustin 11:cada08fc8a70 1277 q1--, r1 += d;
mbedAustin 11:cada08fc8a70 1278 }
mbedAustin 11:cada08fc8a70 1279 r1 -= m;
mbedAustin 11:cada08fc8a70 1280
mbedAustin 11:cada08fc8a70 1281 q0 = r1 / d1;
mbedAustin 11:cada08fc8a70 1282 r0 = r1 - d1 * q0;
mbedAustin 11:cada08fc8a70 1283 r0 <<= biH;
mbedAustin 11:cada08fc8a70 1284 r0 |= ( X.p[i - 1] << biH ) >> biH;
mbedAustin 11:cada08fc8a70 1285
mbedAustin 11:cada08fc8a70 1286 m = q0 * d0;
mbedAustin 11:cada08fc8a70 1287 if( r0 < m )
mbedAustin 11:cada08fc8a70 1288 {
mbedAustin 11:cada08fc8a70 1289 q0--, r0 += d;
mbedAustin 11:cada08fc8a70 1290 while( r0 >= d && r0 < m )
mbedAustin 11:cada08fc8a70 1291 q0--, r0 += d;
mbedAustin 11:cada08fc8a70 1292 }
mbedAustin 11:cada08fc8a70 1293 r0 -= m;
mbedAustin 11:cada08fc8a70 1294
mbedAustin 11:cada08fc8a70 1295 Z.p[i - t - 1] = ( q1 << biH ) | q0;
mbedAustin 11:cada08fc8a70 1296 #endif /* MBEDTLS_HAVE_UDBL && !64-bit Apple with Clang 5.0 */
mbedAustin 11:cada08fc8a70 1297 }
mbedAustin 11:cada08fc8a70 1298
mbedAustin 11:cada08fc8a70 1299 Z.p[i - t - 1]++;
mbedAustin 11:cada08fc8a70 1300 do
mbedAustin 11:cada08fc8a70 1301 {
mbedAustin 11:cada08fc8a70 1302 Z.p[i - t - 1]--;
mbedAustin 11:cada08fc8a70 1303
mbedAustin 11:cada08fc8a70 1304 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T1, 0 ) );
mbedAustin 11:cada08fc8a70 1305 T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1];
mbedAustin 11:cada08fc8a70 1306 T1.p[1] = Y.p[t];
mbedAustin 11:cada08fc8a70 1307 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) );
mbedAustin 11:cada08fc8a70 1308
mbedAustin 11:cada08fc8a70 1309 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T2, 0 ) );
mbedAustin 11:cada08fc8a70 1310 T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2];
mbedAustin 11:cada08fc8a70 1311 T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1];
mbedAustin 11:cada08fc8a70 1312 T2.p[2] = X.p[i];
mbedAustin 11:cada08fc8a70 1313 }
mbedAustin 11:cada08fc8a70 1314 while( mbedtls_mpi_cmp_mpi( &T1, &T2 ) > 0 );
mbedAustin 11:cada08fc8a70 1315
mbedAustin 11:cada08fc8a70 1316 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) );
mbedAustin 11:cada08fc8a70 1317 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
mbedAustin 11:cada08fc8a70 1318 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) );
mbedAustin 11:cada08fc8a70 1319
mbedAustin 11:cada08fc8a70 1320 if( mbedtls_mpi_cmp_int( &X, 0 ) < 0 )
mbedAustin 11:cada08fc8a70 1321 {
mbedAustin 11:cada08fc8a70 1322 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &Y ) );
mbedAustin 11:cada08fc8a70 1323 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
mbedAustin 11:cada08fc8a70 1324 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &X, &X, &T1 ) );
mbedAustin 11:cada08fc8a70 1325 Z.p[i - t - 1]--;
mbedAustin 11:cada08fc8a70 1326 }
mbedAustin 11:cada08fc8a70 1327 }
mbedAustin 11:cada08fc8a70 1328
mbedAustin 11:cada08fc8a70 1329 if( Q != NULL )
mbedAustin 11:cada08fc8a70 1330 {
mbedAustin 11:cada08fc8a70 1331 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( Q, &Z ) );
mbedAustin 11:cada08fc8a70 1332 Q->s = A->s * B->s;
mbedAustin 11:cada08fc8a70 1333 }
mbedAustin 11:cada08fc8a70 1334
mbedAustin 11:cada08fc8a70 1335 if( R != NULL )
mbedAustin 11:cada08fc8a70 1336 {
mbedAustin 11:cada08fc8a70 1337 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &X, k ) );
mbedAustin 11:cada08fc8a70 1338 X.s = A->s;
mbedAustin 11:cada08fc8a70 1339 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, &X ) );
mbedAustin 11:cada08fc8a70 1340
mbedAustin 11:cada08fc8a70 1341 if( mbedtls_mpi_cmp_int( R, 0 ) == 0 )
mbedAustin 11:cada08fc8a70 1342 R->s = 1;
mbedAustin 11:cada08fc8a70 1343 }
mbedAustin 11:cada08fc8a70 1344
mbedAustin 11:cada08fc8a70 1345 cleanup:
mbedAustin 11:cada08fc8a70 1346
mbedAustin 11:cada08fc8a70 1347 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
mbedAustin 11:cada08fc8a70 1348 mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
mbedAustin 11:cada08fc8a70 1349
mbedAustin 11:cada08fc8a70 1350 return( ret );
mbedAustin 11:cada08fc8a70 1351 }
mbedAustin 11:cada08fc8a70 1352
mbedAustin 11:cada08fc8a70 1353 /*
mbedAustin 11:cada08fc8a70 1354 * Division by int: A = Q * b + R
mbedAustin 11:cada08fc8a70 1355 */
mbedAustin 11:cada08fc8a70 1356 int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b )
mbedAustin 11:cada08fc8a70 1357 {
mbedAustin 11:cada08fc8a70 1358 mbedtls_mpi _B;
mbedAustin 11:cada08fc8a70 1359 mbedtls_mpi_uint p[1];
mbedAustin 11:cada08fc8a70 1360
mbedAustin 11:cada08fc8a70 1361 p[0] = ( b < 0 ) ? -b : b;
mbedAustin 11:cada08fc8a70 1362 _B.s = ( b < 0 ) ? -1 : 1;
mbedAustin 11:cada08fc8a70 1363 _B.n = 1;
mbedAustin 11:cada08fc8a70 1364 _B.p = p;
mbedAustin 11:cada08fc8a70 1365
mbedAustin 11:cada08fc8a70 1366 return( mbedtls_mpi_div_mpi( Q, R, A, &_B ) );
mbedAustin 11:cada08fc8a70 1367 }
mbedAustin 11:cada08fc8a70 1368
mbedAustin 11:cada08fc8a70 1369 /*
mbedAustin 11:cada08fc8a70 1370 * Modulo: R = A mod B
mbedAustin 11:cada08fc8a70 1371 */
mbedAustin 11:cada08fc8a70 1372 int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
mbedAustin 11:cada08fc8a70 1373 {
mbedAustin 11:cada08fc8a70 1374 int ret;
mbedAustin 11:cada08fc8a70 1375
mbedAustin 11:cada08fc8a70 1376 if( mbedtls_mpi_cmp_int( B, 0 ) < 0 )
mbedAustin 11:cada08fc8a70 1377 return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
mbedAustin 11:cada08fc8a70 1378
mbedAustin 11:cada08fc8a70 1379 MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( NULL, R, A, B ) );
mbedAustin 11:cada08fc8a70 1380
mbedAustin 11:cada08fc8a70 1381 while( mbedtls_mpi_cmp_int( R, 0 ) < 0 )
mbedAustin 11:cada08fc8a70 1382 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( R, R, B ) );
mbedAustin 11:cada08fc8a70 1383
mbedAustin 11:cada08fc8a70 1384 while( mbedtls_mpi_cmp_mpi( R, B ) >= 0 )
mbedAustin 11:cada08fc8a70 1385 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( R, R, B ) );
mbedAustin 11:cada08fc8a70 1386
mbedAustin 11:cada08fc8a70 1387 cleanup:
mbedAustin 11:cada08fc8a70 1388
mbedAustin 11:cada08fc8a70 1389 return( ret );
mbedAustin 11:cada08fc8a70 1390 }
mbedAustin 11:cada08fc8a70 1391
mbedAustin 11:cada08fc8a70 1392 /*
mbedAustin 11:cada08fc8a70 1393 * Modulo: r = A mod b
mbedAustin 11:cada08fc8a70 1394 */
mbedAustin 11:cada08fc8a70 1395 int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b )
mbedAustin 11:cada08fc8a70 1396 {
mbedAustin 11:cada08fc8a70 1397 size_t i;
mbedAustin 11:cada08fc8a70 1398 mbedtls_mpi_uint x, y, z;
mbedAustin 11:cada08fc8a70 1399
mbedAustin 11:cada08fc8a70 1400 if( b == 0 )
mbedAustin 11:cada08fc8a70 1401 return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
mbedAustin 11:cada08fc8a70 1402
mbedAustin 11:cada08fc8a70 1403 if( b < 0 )
mbedAustin 11:cada08fc8a70 1404 return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
mbedAustin 11:cada08fc8a70 1405
mbedAustin 11:cada08fc8a70 1406 /*
mbedAustin 11:cada08fc8a70 1407 * handle trivial cases
mbedAustin 11:cada08fc8a70 1408 */
mbedAustin 11:cada08fc8a70 1409 if( b == 1 )
mbedAustin 11:cada08fc8a70 1410 {
mbedAustin 11:cada08fc8a70 1411 *r = 0;
mbedAustin 11:cada08fc8a70 1412 return( 0 );
mbedAustin 11:cada08fc8a70 1413 }
mbedAustin 11:cada08fc8a70 1414
mbedAustin 11:cada08fc8a70 1415 if( b == 2 )
mbedAustin 11:cada08fc8a70 1416 {
mbedAustin 11:cada08fc8a70 1417 *r = A->p[0] & 1;
mbedAustin 11:cada08fc8a70 1418 return( 0 );
mbedAustin 11:cada08fc8a70 1419 }
mbedAustin 11:cada08fc8a70 1420
mbedAustin 11:cada08fc8a70 1421 /*
mbedAustin 11:cada08fc8a70 1422 * general case
mbedAustin 11:cada08fc8a70 1423 */
mbedAustin 11:cada08fc8a70 1424 for( i = A->n, y = 0; i > 0; i-- )
mbedAustin 11:cada08fc8a70 1425 {
mbedAustin 11:cada08fc8a70 1426 x = A->p[i - 1];
mbedAustin 11:cada08fc8a70 1427 y = ( y << biH ) | ( x >> biH );
mbedAustin 11:cada08fc8a70 1428 z = y / b;
mbedAustin 11:cada08fc8a70 1429 y -= z * b;
mbedAustin 11:cada08fc8a70 1430
mbedAustin 11:cada08fc8a70 1431 x <<= biH;
mbedAustin 11:cada08fc8a70 1432 y = ( y << biH ) | ( x >> biH );
mbedAustin 11:cada08fc8a70 1433 z = y / b;
mbedAustin 11:cada08fc8a70 1434 y -= z * b;
mbedAustin 11:cada08fc8a70 1435 }
mbedAustin 11:cada08fc8a70 1436
mbedAustin 11:cada08fc8a70 1437 /*
mbedAustin 11:cada08fc8a70 1438 * If A is negative, then the current y represents a negative value.
mbedAustin 11:cada08fc8a70 1439 * Flipping it to the positive side.
mbedAustin 11:cada08fc8a70 1440 */
mbedAustin 11:cada08fc8a70 1441 if( A->s < 0 && y != 0 )
mbedAustin 11:cada08fc8a70 1442 y = b - y;
mbedAustin 11:cada08fc8a70 1443
mbedAustin 11:cada08fc8a70 1444 *r = y;
mbedAustin 11:cada08fc8a70 1445
mbedAustin 11:cada08fc8a70 1446 return( 0 );
mbedAustin 11:cada08fc8a70 1447 }
mbedAustin 11:cada08fc8a70 1448
mbedAustin 11:cada08fc8a70 1449 /*
mbedAustin 11:cada08fc8a70 1450 * Fast Montgomery initialization (thanks to Tom St Denis)
mbedAustin 11:cada08fc8a70 1451 */
mbedAustin 11:cada08fc8a70 1452 static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
mbedAustin 11:cada08fc8a70 1453 {
mbedAustin 11:cada08fc8a70 1454 mbedtls_mpi_uint x, m0 = N->p[0];
mbedAustin 11:cada08fc8a70 1455 unsigned int i;
mbedAustin 11:cada08fc8a70 1456
mbedAustin 11:cada08fc8a70 1457 x = m0;
mbedAustin 11:cada08fc8a70 1458 x += ( ( m0 + 2 ) & 4 ) << 1;
mbedAustin 11:cada08fc8a70 1459
mbedAustin 11:cada08fc8a70 1460 for( i = biL; i >= 8; i /= 2 )
mbedAustin 11:cada08fc8a70 1461 x *= ( 2 - ( m0 * x ) );
mbedAustin 11:cada08fc8a70 1462
mbedAustin 11:cada08fc8a70 1463 *mm = ~x + 1;
mbedAustin 11:cada08fc8a70 1464 }
mbedAustin 11:cada08fc8a70 1465
mbedAustin 11:cada08fc8a70 1466 /*
mbedAustin 11:cada08fc8a70 1467 * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
mbedAustin 11:cada08fc8a70 1468 */
mbedAustin 11:cada08fc8a70 1469 static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
mbedAustin 11:cada08fc8a70 1470 const mbedtls_mpi *T )
mbedAustin 11:cada08fc8a70 1471 {
mbedAustin 11:cada08fc8a70 1472 size_t i, n, m;
mbedAustin 11:cada08fc8a70 1473 mbedtls_mpi_uint u0, u1, *d;
mbedAustin 11:cada08fc8a70 1474
mbedAustin 11:cada08fc8a70 1475 memset( T->p, 0, T->n * ciL );
mbedAustin 11:cada08fc8a70 1476
mbedAustin 11:cada08fc8a70 1477 d = T->p;
mbedAustin 11:cada08fc8a70 1478 n = N->n;
mbedAustin 11:cada08fc8a70 1479 m = ( B->n < n ) ? B->n : n;
mbedAustin 11:cada08fc8a70 1480
mbedAustin 11:cada08fc8a70 1481 for( i = 0; i < n; i++ )
mbedAustin 11:cada08fc8a70 1482 {
mbedAustin 11:cada08fc8a70 1483 /*
mbedAustin 11:cada08fc8a70 1484 * T = (T + u0*B + u1*N) / 2^biL
mbedAustin 11:cada08fc8a70 1485 */
mbedAustin 11:cada08fc8a70 1486 u0 = A->p[i];
mbedAustin 11:cada08fc8a70 1487 u1 = ( d[0] + u0 * B->p[0] ) * mm;
mbedAustin 11:cada08fc8a70 1488
mbedAustin 11:cada08fc8a70 1489 mpi_mul_hlp( m, B->p, d, u0 );
mbedAustin 11:cada08fc8a70 1490 mpi_mul_hlp( n, N->p, d, u1 );
mbedAustin 11:cada08fc8a70 1491
mbedAustin 11:cada08fc8a70 1492 *d++ = u0; d[n + 1] = 0;
mbedAustin 11:cada08fc8a70 1493 }
mbedAustin 11:cada08fc8a70 1494
mbedAustin 11:cada08fc8a70 1495 memcpy( A->p, d, ( n + 1 ) * ciL );
mbedAustin 11:cada08fc8a70 1496
mbedAustin 11:cada08fc8a70 1497 if( mbedtls_mpi_cmp_abs( A, N ) >= 0 )
mbedAustin 11:cada08fc8a70 1498 mpi_sub_hlp( n, N->p, A->p );
mbedAustin 11:cada08fc8a70 1499 else
mbedAustin 11:cada08fc8a70 1500 /* prevent timing attacks */
mbedAustin 11:cada08fc8a70 1501 mpi_sub_hlp( n, A->p, T->p );
mbedAustin 11:cada08fc8a70 1502 }
mbedAustin 11:cada08fc8a70 1503
mbedAustin 11:cada08fc8a70 1504 /*
mbedAustin 11:cada08fc8a70 1505 * Montgomery reduction: A = A * R^-1 mod N
mbedAustin 11:cada08fc8a70 1506 */
mbedAustin 11:cada08fc8a70 1507 static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
mbedAustin 11:cada08fc8a70 1508 {
mbedAustin 11:cada08fc8a70 1509 mbedtls_mpi_uint z = 1;
mbedAustin 11:cada08fc8a70 1510 mbedtls_mpi U;
mbedAustin 11:cada08fc8a70 1511
mbedAustin 11:cada08fc8a70 1512 U.n = U.s = (int) z;
mbedAustin 11:cada08fc8a70 1513 U.p = &z;
mbedAustin 11:cada08fc8a70 1514
mbedAustin 11:cada08fc8a70 1515 mpi_montmul( A, &U, N, mm, T );
mbedAustin 11:cada08fc8a70 1516 }
mbedAustin 11:cada08fc8a70 1517
mbedAustin 11:cada08fc8a70 1518 /*
mbedAustin 11:cada08fc8a70 1519 * Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
mbedAustin 11:cada08fc8a70 1520 */
mbedAustin 11:cada08fc8a70 1521 int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR )
mbedAustin 11:cada08fc8a70 1522 {
mbedAustin 11:cada08fc8a70 1523 int ret;
mbedAustin 11:cada08fc8a70 1524 size_t wbits, wsize, one = 1;
mbedAustin 11:cada08fc8a70 1525 size_t i, j, nblimbs;
mbedAustin 11:cada08fc8a70 1526 size_t bufsize, nbits;
mbedAustin 11:cada08fc8a70 1527 mbedtls_mpi_uint ei, mm, state;
mbedAustin 11:cada08fc8a70 1528 mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
mbedAustin 11:cada08fc8a70 1529 int neg;
mbedAustin 11:cada08fc8a70 1530
mbedAustin 11:cada08fc8a70 1531 if( mbedtls_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 )
mbedAustin 11:cada08fc8a70 1532 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
mbedAustin 11:cada08fc8a70 1533
mbedAustin 11:cada08fc8a70 1534 if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
mbedAustin 11:cada08fc8a70 1535 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
mbedAustin 11:cada08fc8a70 1536
mbedAustin 11:cada08fc8a70 1537 /*
mbedAustin 11:cada08fc8a70 1538 * Init temps and window size
mbedAustin 11:cada08fc8a70 1539 */
mbedAustin 11:cada08fc8a70 1540 mpi_montg_init( &mm, N );
mbedAustin 11:cada08fc8a70 1541 mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T );
mbedAustin 11:cada08fc8a70 1542 mbedtls_mpi_init( &Apos );
mbedAustin 11:cada08fc8a70 1543 memset( W, 0, sizeof( W ) );
mbedAustin 11:cada08fc8a70 1544
mbedAustin 11:cada08fc8a70 1545 i = mbedtls_mpi_bitlen( E );
mbedAustin 11:cada08fc8a70 1546
mbedAustin 11:cada08fc8a70 1547 wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
mbedAustin 11:cada08fc8a70 1548 ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1;
mbedAustin 11:cada08fc8a70 1549
mbedAustin 11:cada08fc8a70 1550 if( wsize > MBEDTLS_MPI_WINDOW_SIZE )
mbedAustin 11:cada08fc8a70 1551 wsize = MBEDTLS_MPI_WINDOW_SIZE;
mbedAustin 11:cada08fc8a70 1552
mbedAustin 11:cada08fc8a70 1553 j = N->n + 1;
mbedAustin 11:cada08fc8a70 1554 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
mbedAustin 11:cada08fc8a70 1555 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) );
mbedAustin 11:cada08fc8a70 1556 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) );
mbedAustin 11:cada08fc8a70 1557
mbedAustin 11:cada08fc8a70 1558 /*
mbedAustin 11:cada08fc8a70 1559 * Compensate for negative A (and correct at the end)
mbedAustin 11:cada08fc8a70 1560 */
mbedAustin 11:cada08fc8a70 1561 neg = ( A->s == -1 );
mbedAustin 11:cada08fc8a70 1562 if( neg )
mbedAustin 11:cada08fc8a70 1563 {
mbedAustin 11:cada08fc8a70 1564 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Apos, A ) );
mbedAustin 11:cada08fc8a70 1565 Apos.s = 1;
mbedAustin 11:cada08fc8a70 1566 A = &Apos;
mbedAustin 11:cada08fc8a70 1567 }
mbedAustin 11:cada08fc8a70 1568
mbedAustin 11:cada08fc8a70 1569 /*
mbedAustin 11:cada08fc8a70 1570 * If 1st call, pre-compute R^2 mod N
mbedAustin 11:cada08fc8a70 1571 */
mbedAustin 11:cada08fc8a70 1572 if( _RR == NULL || _RR->p == NULL )
mbedAustin 11:cada08fc8a70 1573 {
mbedAustin 11:cada08fc8a70 1574 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &RR, 1 ) );
mbedAustin 11:cada08fc8a70 1575 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &RR, N->n * 2 * biL ) );
mbedAustin 11:cada08fc8a70 1576 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &RR, &RR, N ) );
mbedAustin 11:cada08fc8a70 1577
mbedAustin 11:cada08fc8a70 1578 if( _RR != NULL )
mbedAustin 11:cada08fc8a70 1579 memcpy( _RR, &RR, sizeof( mbedtls_mpi ) );
mbedAustin 11:cada08fc8a70 1580 }
mbedAustin 11:cada08fc8a70 1581 else
mbedAustin 11:cada08fc8a70 1582 memcpy( &RR, _RR, sizeof( mbedtls_mpi ) );
mbedAustin 11:cada08fc8a70 1583
mbedAustin 11:cada08fc8a70 1584 /*
mbedAustin 11:cada08fc8a70 1585 * W[1] = A * R^2 * R^-1 mod N = A * R mod N
mbedAustin 11:cada08fc8a70 1586 */
mbedAustin 11:cada08fc8a70 1587 if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 )
mbedAustin 11:cada08fc8a70 1588 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) );
mbedAustin 11:cada08fc8a70 1589 else
mbedAustin 11:cada08fc8a70 1590 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
mbedAustin 11:cada08fc8a70 1591
mbedAustin 11:cada08fc8a70 1592 mpi_montmul( &W[1], &RR, N, mm, &T );
mbedAustin 11:cada08fc8a70 1593
mbedAustin 11:cada08fc8a70 1594 /*
mbedAustin 11:cada08fc8a70 1595 * X = R^2 * R^-1 mod N = R mod N
mbedAustin 11:cada08fc8a70 1596 */
mbedAustin 11:cada08fc8a70 1597 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) );
mbedAustin 11:cada08fc8a70 1598 mpi_montred( X, N, mm, &T );
mbedAustin 11:cada08fc8a70 1599
mbedAustin 11:cada08fc8a70 1600 if( wsize > 1 )
mbedAustin 11:cada08fc8a70 1601 {
mbedAustin 11:cada08fc8a70 1602 /*
mbedAustin 11:cada08fc8a70 1603 * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1)
mbedAustin 11:cada08fc8a70 1604 */
mbedAustin 11:cada08fc8a70 1605 j = one << ( wsize - 1 );
mbedAustin 11:cada08fc8a70 1606
mbedAustin 11:cada08fc8a70 1607 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) );
mbedAustin 11:cada08fc8a70 1608 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) );
mbedAustin 11:cada08fc8a70 1609
mbedAustin 11:cada08fc8a70 1610 for( i = 0; i < wsize - 1; i++ )
mbedAustin 11:cada08fc8a70 1611 mpi_montmul( &W[j], &W[j], N, mm, &T );
mbedAustin 11:cada08fc8a70 1612
mbedAustin 11:cada08fc8a70 1613 /*
mbedAustin 11:cada08fc8a70 1614 * W[i] = W[i - 1] * W[1]
mbedAustin 11:cada08fc8a70 1615 */
mbedAustin 11:cada08fc8a70 1616 for( i = j + 1; i < ( one << wsize ); i++ )
mbedAustin 11:cada08fc8a70 1617 {
mbedAustin 11:cada08fc8a70 1618 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
mbedAustin 11:cada08fc8a70 1619 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
mbedAustin 11:cada08fc8a70 1620
mbedAustin 11:cada08fc8a70 1621 mpi_montmul( &W[i], &W[1], N, mm, &T );
mbedAustin 11:cada08fc8a70 1622 }
mbedAustin 11:cada08fc8a70 1623 }
mbedAustin 11:cada08fc8a70 1624
mbedAustin 11:cada08fc8a70 1625 nblimbs = E->n;
mbedAustin 11:cada08fc8a70 1626 bufsize = 0;
mbedAustin 11:cada08fc8a70 1627 nbits = 0;
mbedAustin 11:cada08fc8a70 1628 wbits = 0;
mbedAustin 11:cada08fc8a70 1629 state = 0;
mbedAustin 11:cada08fc8a70 1630
mbedAustin 11:cada08fc8a70 1631 while( 1 )
mbedAustin 11:cada08fc8a70 1632 {
mbedAustin 11:cada08fc8a70 1633 if( bufsize == 0 )
mbedAustin 11:cada08fc8a70 1634 {
mbedAustin 11:cada08fc8a70 1635 if( nblimbs == 0 )
mbedAustin 11:cada08fc8a70 1636 break;
mbedAustin 11:cada08fc8a70 1637
mbedAustin 11:cada08fc8a70 1638 nblimbs--;
mbedAustin 11:cada08fc8a70 1639
mbedAustin 11:cada08fc8a70 1640 bufsize = sizeof( mbedtls_mpi_uint ) << 3;
mbedAustin 11:cada08fc8a70 1641 }
mbedAustin 11:cada08fc8a70 1642
mbedAustin 11:cada08fc8a70 1643 bufsize--;
mbedAustin 11:cada08fc8a70 1644
mbedAustin 11:cada08fc8a70 1645 ei = (E->p[nblimbs] >> bufsize) & 1;
mbedAustin 11:cada08fc8a70 1646
mbedAustin 11:cada08fc8a70 1647 /*
mbedAustin 11:cada08fc8a70 1648 * skip leading 0s
mbedAustin 11:cada08fc8a70 1649 */
mbedAustin 11:cada08fc8a70 1650 if( ei == 0 && state == 0 )
mbedAustin 11:cada08fc8a70 1651 continue;
mbedAustin 11:cada08fc8a70 1652
mbedAustin 11:cada08fc8a70 1653 if( ei == 0 && state == 1 )
mbedAustin 11:cada08fc8a70 1654 {
mbedAustin 11:cada08fc8a70 1655 /*
mbedAustin 11:cada08fc8a70 1656 * out of window, square X
mbedAustin 11:cada08fc8a70 1657 */
mbedAustin 11:cada08fc8a70 1658 mpi_montmul( X, X, N, mm, &T );
mbedAustin 11:cada08fc8a70 1659 continue;
mbedAustin 11:cada08fc8a70 1660 }
mbedAustin 11:cada08fc8a70 1661
mbedAustin 11:cada08fc8a70 1662 /*
mbedAustin 11:cada08fc8a70 1663 * add ei to current window
mbedAustin 11:cada08fc8a70 1664 */
mbedAustin 11:cada08fc8a70 1665 state = 2;
mbedAustin 11:cada08fc8a70 1666
mbedAustin 11:cada08fc8a70 1667 nbits++;
mbedAustin 11:cada08fc8a70 1668 wbits |= ( ei << ( wsize - nbits ) );
mbedAustin 11:cada08fc8a70 1669
mbedAustin 11:cada08fc8a70 1670 if( nbits == wsize )
mbedAustin 11:cada08fc8a70 1671 {
mbedAustin 11:cada08fc8a70 1672 /*
mbedAustin 11:cada08fc8a70 1673 * X = X^wsize R^-1 mod N
mbedAustin 11:cada08fc8a70 1674 */
mbedAustin 11:cada08fc8a70 1675 for( i = 0; i < wsize; i++ )
mbedAustin 11:cada08fc8a70 1676 mpi_montmul( X, X, N, mm, &T );
mbedAustin 11:cada08fc8a70 1677
mbedAustin 11:cada08fc8a70 1678 /*
mbedAustin 11:cada08fc8a70 1679 * X = X * W[wbits] R^-1 mod N
mbedAustin 11:cada08fc8a70 1680 */
mbedAustin 11:cada08fc8a70 1681 mpi_montmul( X, &W[wbits], N, mm, &T );
mbedAustin 11:cada08fc8a70 1682
mbedAustin 11:cada08fc8a70 1683 state--;
mbedAustin 11:cada08fc8a70 1684 nbits = 0;
mbedAustin 11:cada08fc8a70 1685 wbits = 0;
mbedAustin 11:cada08fc8a70 1686 }
mbedAustin 11:cada08fc8a70 1687 }
mbedAustin 11:cada08fc8a70 1688
mbedAustin 11:cada08fc8a70 1689 /*
mbedAustin 11:cada08fc8a70 1690 * process the remaining bits
mbedAustin 11:cada08fc8a70 1691 */
mbedAustin 11:cada08fc8a70 1692 for( i = 0; i < nbits; i++ )
mbedAustin 11:cada08fc8a70 1693 {
mbedAustin 11:cada08fc8a70 1694 mpi_montmul( X, X, N, mm, &T );
mbedAustin 11:cada08fc8a70 1695
mbedAustin 11:cada08fc8a70 1696 wbits <<= 1;
mbedAustin 11:cada08fc8a70 1697
mbedAustin 11:cada08fc8a70 1698 if( ( wbits & ( one << wsize ) ) != 0 )
mbedAustin 11:cada08fc8a70 1699 mpi_montmul( X, &W[1], N, mm, &T );
mbedAustin 11:cada08fc8a70 1700 }
mbedAustin 11:cada08fc8a70 1701
mbedAustin 11:cada08fc8a70 1702 /*
mbedAustin 11:cada08fc8a70 1703 * X = A^E * R * R^-1 mod N = A^E mod N
mbedAustin 11:cada08fc8a70 1704 */
mbedAustin 11:cada08fc8a70 1705 mpi_montred( X, N, mm, &T );
mbedAustin 11:cada08fc8a70 1706
mbedAustin 11:cada08fc8a70 1707 if( neg )
mbedAustin 11:cada08fc8a70 1708 {
mbedAustin 11:cada08fc8a70 1709 X->s = -1;
mbedAustin 11:cada08fc8a70 1710 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, N, X ) );
mbedAustin 11:cada08fc8a70 1711 }
mbedAustin 11:cada08fc8a70 1712
mbedAustin 11:cada08fc8a70 1713 cleanup:
mbedAustin 11:cada08fc8a70 1714
mbedAustin 11:cada08fc8a70 1715 for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ )
mbedAustin 11:cada08fc8a70 1716 mbedtls_mpi_free( &W[i] );
mbedAustin 11:cada08fc8a70 1717
mbedAustin 11:cada08fc8a70 1718 mbedtls_mpi_free( &W[1] ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &Apos );
mbedAustin 11:cada08fc8a70 1719
mbedAustin 11:cada08fc8a70 1720 if( _RR == NULL || _RR->p == NULL )
mbedAustin 11:cada08fc8a70 1721 mbedtls_mpi_free( &RR );
mbedAustin 11:cada08fc8a70 1722
mbedAustin 11:cada08fc8a70 1723 return( ret );
mbedAustin 11:cada08fc8a70 1724 }
mbedAustin 11:cada08fc8a70 1725
mbedAustin 11:cada08fc8a70 1726 /*
mbedAustin 11:cada08fc8a70 1727 * Greatest common divisor: G = gcd(A, B) (HAC 14.54)
mbedAustin 11:cada08fc8a70 1728 */
mbedAustin 11:cada08fc8a70 1729 int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B )
mbedAustin 11:cada08fc8a70 1730 {
mbedAustin 11:cada08fc8a70 1731 int ret;
mbedAustin 11:cada08fc8a70 1732 size_t lz, lzt;
mbedAustin 11:cada08fc8a70 1733 mbedtls_mpi TG, TA, TB;
mbedAustin 11:cada08fc8a70 1734
mbedAustin 11:cada08fc8a70 1735 mbedtls_mpi_init( &TG ); mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
mbedAustin 11:cada08fc8a70 1736
mbedAustin 11:cada08fc8a70 1737 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) );
mbedAustin 11:cada08fc8a70 1738 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
mbedAustin 11:cada08fc8a70 1739
mbedAustin 11:cada08fc8a70 1740 lz = mbedtls_mpi_lsb( &TA );
mbedAustin 11:cada08fc8a70 1741 lzt = mbedtls_mpi_lsb( &TB );
mbedAustin 11:cada08fc8a70 1742
mbedAustin 11:cada08fc8a70 1743 if( lzt < lz )
mbedAustin 11:cada08fc8a70 1744 lz = lzt;
mbedAustin 11:cada08fc8a70 1745
mbedAustin 11:cada08fc8a70 1746 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, lz ) );
mbedAustin 11:cada08fc8a70 1747 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, lz ) );
mbedAustin 11:cada08fc8a70 1748
mbedAustin 11:cada08fc8a70 1749 TA.s = TB.s = 1;
mbedAustin 11:cada08fc8a70 1750
mbedAustin 11:cada08fc8a70 1751 while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 )
mbedAustin 11:cada08fc8a70 1752 {
mbedAustin 11:cada08fc8a70 1753 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) );
mbedAustin 11:cada08fc8a70 1754 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) );
mbedAustin 11:cada08fc8a70 1755
mbedAustin 11:cada08fc8a70 1756 if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
mbedAustin 11:cada08fc8a70 1757 {
mbedAustin 11:cada08fc8a70 1758 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) );
mbedAustin 11:cada08fc8a70 1759 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, 1 ) );
mbedAustin 11:cada08fc8a70 1760 }
mbedAustin 11:cada08fc8a70 1761 else
mbedAustin 11:cada08fc8a70 1762 {
mbedAustin 11:cada08fc8a70 1763 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) );
mbedAustin 11:cada08fc8a70 1764 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) );
mbedAustin 11:cada08fc8a70 1765 }
mbedAustin 11:cada08fc8a70 1766 }
mbedAustin 11:cada08fc8a70 1767
mbedAustin 11:cada08fc8a70 1768 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) );
mbedAustin 11:cada08fc8a70 1769 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) );
mbedAustin 11:cada08fc8a70 1770
mbedAustin 11:cada08fc8a70 1771 cleanup:
mbedAustin 11:cada08fc8a70 1772
mbedAustin 11:cada08fc8a70 1773 mbedtls_mpi_free( &TG ); mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TB );
mbedAustin 11:cada08fc8a70 1774
mbedAustin 11:cada08fc8a70 1775 return( ret );
mbedAustin 11:cada08fc8a70 1776 }
mbedAustin 11:cada08fc8a70 1777
mbedAustin 11:cada08fc8a70 1778 /*
mbedAustin 11:cada08fc8a70 1779 * Fill X with size bytes of random.
mbedAustin 11:cada08fc8a70 1780 *
mbedAustin 11:cada08fc8a70 1781 * Use a temporary bytes representation to make sure the result is the same
mbedAustin 11:cada08fc8a70 1782 * regardless of the platform endianness (useful when f_rng is actually
mbedAustin 11:cada08fc8a70 1783 * deterministic, eg for tests).
mbedAustin 11:cada08fc8a70 1784 */
mbedAustin 11:cada08fc8a70 1785 int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
mbedAustin 11:cada08fc8a70 1786 int (*f_rng)(void *, unsigned char *, size_t),
mbedAustin 11:cada08fc8a70 1787 void *p_rng )
mbedAustin 11:cada08fc8a70 1788 {
mbedAustin 11:cada08fc8a70 1789 int ret;
mbedAustin 11:cada08fc8a70 1790 unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
mbedAustin 11:cada08fc8a70 1791
mbedAustin 11:cada08fc8a70 1792 if( size > MBEDTLS_MPI_MAX_SIZE )
mbedAustin 11:cada08fc8a70 1793 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
mbedAustin 11:cada08fc8a70 1794
mbedAustin 11:cada08fc8a70 1795 MBEDTLS_MPI_CHK( f_rng( p_rng, buf, size ) );
mbedAustin 11:cada08fc8a70 1796 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
mbedAustin 11:cada08fc8a70 1797
mbedAustin 11:cada08fc8a70 1798 cleanup:
mbedAustin 11:cada08fc8a70 1799 return( ret );
mbedAustin 11:cada08fc8a70 1800 }
mbedAustin 11:cada08fc8a70 1801
mbedAustin 11:cada08fc8a70 1802 /*
mbedAustin 11:cada08fc8a70 1803 * Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64)
mbedAustin 11:cada08fc8a70 1804 */
mbedAustin 11:cada08fc8a70 1805 int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N )
mbedAustin 11:cada08fc8a70 1806 {
mbedAustin 11:cada08fc8a70 1807 int ret;
mbedAustin 11:cada08fc8a70 1808 mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
mbedAustin 11:cada08fc8a70 1809
mbedAustin 11:cada08fc8a70 1810 if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 )
mbedAustin 11:cada08fc8a70 1811 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
mbedAustin 11:cada08fc8a70 1812
mbedAustin 11:cada08fc8a70 1813 mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TU ); mbedtls_mpi_init( &U1 ); mbedtls_mpi_init( &U2 );
mbedAustin 11:cada08fc8a70 1814 mbedtls_mpi_init( &G ); mbedtls_mpi_init( &TB ); mbedtls_mpi_init( &TV );
mbedAustin 11:cada08fc8a70 1815 mbedtls_mpi_init( &V1 ); mbedtls_mpi_init( &V2 );
mbedAustin 11:cada08fc8a70 1816
mbedAustin 11:cada08fc8a70 1817 MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, A, N ) );
mbedAustin 11:cada08fc8a70 1818
mbedAustin 11:cada08fc8a70 1819 if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
mbedAustin 11:cada08fc8a70 1820 {
mbedAustin 11:cada08fc8a70 1821 ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
mbedAustin 11:cada08fc8a70 1822 goto cleanup;
mbedAustin 11:cada08fc8a70 1823 }
mbedAustin 11:cada08fc8a70 1824
mbedAustin 11:cada08fc8a70 1825 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, N ) );
mbedAustin 11:cada08fc8a70 1826 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) );
mbedAustin 11:cada08fc8a70 1827 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, N ) );
mbedAustin 11:cada08fc8a70 1828 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, N ) );
mbedAustin 11:cada08fc8a70 1829
mbedAustin 11:cada08fc8a70 1830 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) );
mbedAustin 11:cada08fc8a70 1831 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) );
mbedAustin 11:cada08fc8a70 1832 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) );
mbedAustin 11:cada08fc8a70 1833 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) );
mbedAustin 11:cada08fc8a70 1834
mbedAustin 11:cada08fc8a70 1835 do
mbedAustin 11:cada08fc8a70 1836 {
mbedAustin 11:cada08fc8a70 1837 while( ( TU.p[0] & 1 ) == 0 )
mbedAustin 11:cada08fc8a70 1838 {
mbedAustin 11:cada08fc8a70 1839 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TU, 1 ) );
mbedAustin 11:cada08fc8a70 1840
mbedAustin 11:cada08fc8a70 1841 if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 )
mbedAustin 11:cada08fc8a70 1842 {
mbedAustin 11:cada08fc8a70 1843 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &U1, &U1, &TB ) );
mbedAustin 11:cada08fc8a70 1844 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &TA ) );
mbedAustin 11:cada08fc8a70 1845 }
mbedAustin 11:cada08fc8a70 1846
mbedAustin 11:cada08fc8a70 1847 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U1, 1 ) );
mbedAustin 11:cada08fc8a70 1848 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U2, 1 ) );
mbedAustin 11:cada08fc8a70 1849 }
mbedAustin 11:cada08fc8a70 1850
mbedAustin 11:cada08fc8a70 1851 while( ( TV.p[0] & 1 ) == 0 )
mbedAustin 11:cada08fc8a70 1852 {
mbedAustin 11:cada08fc8a70 1853 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TV, 1 ) );
mbedAustin 11:cada08fc8a70 1854
mbedAustin 11:cada08fc8a70 1855 if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 )
mbedAustin 11:cada08fc8a70 1856 {
mbedAustin 11:cada08fc8a70 1857 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, &TB ) );
mbedAustin 11:cada08fc8a70 1858 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &TA ) );
mbedAustin 11:cada08fc8a70 1859 }
mbedAustin 11:cada08fc8a70 1860
mbedAustin 11:cada08fc8a70 1861 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V1, 1 ) );
mbedAustin 11:cada08fc8a70 1862 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V2, 1 ) );
mbedAustin 11:cada08fc8a70 1863 }
mbedAustin 11:cada08fc8a70 1864
mbedAustin 11:cada08fc8a70 1865 if( mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0 )
mbedAustin 11:cada08fc8a70 1866 {
mbedAustin 11:cada08fc8a70 1867 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) );
mbedAustin 11:cada08fc8a70 1868 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) );
mbedAustin 11:cada08fc8a70 1869 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) );
mbedAustin 11:cada08fc8a70 1870 }
mbedAustin 11:cada08fc8a70 1871 else
mbedAustin 11:cada08fc8a70 1872 {
mbedAustin 11:cada08fc8a70 1873 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) );
mbedAustin 11:cada08fc8a70 1874 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) );
mbedAustin 11:cada08fc8a70 1875 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) );
mbedAustin 11:cada08fc8a70 1876 }
mbedAustin 11:cada08fc8a70 1877 }
mbedAustin 11:cada08fc8a70 1878 while( mbedtls_mpi_cmp_int( &TU, 0 ) != 0 );
mbedAustin 11:cada08fc8a70 1879
mbedAustin 11:cada08fc8a70 1880 while( mbedtls_mpi_cmp_int( &V1, 0 ) < 0 )
mbedAustin 11:cada08fc8a70 1881 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, N ) );
mbedAustin 11:cada08fc8a70 1882
mbedAustin 11:cada08fc8a70 1883 while( mbedtls_mpi_cmp_mpi( &V1, N ) >= 0 )
mbedAustin 11:cada08fc8a70 1884 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, N ) );
mbedAustin 11:cada08fc8a70 1885
mbedAustin 11:cada08fc8a70 1886 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) );
mbedAustin 11:cada08fc8a70 1887
mbedAustin 11:cada08fc8a70 1888 cleanup:
mbedAustin 11:cada08fc8a70 1889
mbedAustin 11:cada08fc8a70 1890 mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TU ); mbedtls_mpi_free( &U1 ); mbedtls_mpi_free( &U2 );
mbedAustin 11:cada08fc8a70 1891 mbedtls_mpi_free( &G ); mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TV );
mbedAustin 11:cada08fc8a70 1892 mbedtls_mpi_free( &V1 ); mbedtls_mpi_free( &V2 );
mbedAustin 11:cada08fc8a70 1893
mbedAustin 11:cada08fc8a70 1894 return( ret );
mbedAustin 11:cada08fc8a70 1895 }
mbedAustin 11:cada08fc8a70 1896
mbedAustin 11:cada08fc8a70 1897 #if defined(MBEDTLS_GENPRIME)
mbedAustin 11:cada08fc8a70 1898
mbedAustin 11:cada08fc8a70 1899 static const int small_prime[] =
mbedAustin 11:cada08fc8a70 1900 {
mbedAustin 11:cada08fc8a70 1901 3, 5, 7, 11, 13, 17, 19, 23,
mbedAustin 11:cada08fc8a70 1902 29, 31, 37, 41, 43, 47, 53, 59,
mbedAustin 11:cada08fc8a70 1903 61, 67, 71, 73, 79, 83, 89, 97,
mbedAustin 11:cada08fc8a70 1904 101, 103, 107, 109, 113, 127, 131, 137,
mbedAustin 11:cada08fc8a70 1905 139, 149, 151, 157, 163, 167, 173, 179,
mbedAustin 11:cada08fc8a70 1906 181, 191, 193, 197, 199, 211, 223, 227,
mbedAustin 11:cada08fc8a70 1907 229, 233, 239, 241, 251, 257, 263, 269,
mbedAustin 11:cada08fc8a70 1908 271, 277, 281, 283, 293, 307, 311, 313,
mbedAustin 11:cada08fc8a70 1909 317, 331, 337, 347, 349, 353, 359, 367,
mbedAustin 11:cada08fc8a70 1910 373, 379, 383, 389, 397, 401, 409, 419,
mbedAustin 11:cada08fc8a70 1911 421, 431, 433, 439, 443, 449, 457, 461,
mbedAustin 11:cada08fc8a70 1912 463, 467, 479, 487, 491, 499, 503, 509,
mbedAustin 11:cada08fc8a70 1913 521, 523, 541, 547, 557, 563, 569, 571,
mbedAustin 11:cada08fc8a70 1914 577, 587, 593, 599, 601, 607, 613, 617,
mbedAustin 11:cada08fc8a70 1915 619, 631, 641, 643, 647, 653, 659, 661,
mbedAustin 11:cada08fc8a70 1916 673, 677, 683, 691, 701, 709, 719, 727,
mbedAustin 11:cada08fc8a70 1917 733, 739, 743, 751, 757, 761, 769, 773,
mbedAustin 11:cada08fc8a70 1918 787, 797, 809, 811, 821, 823, 827, 829,
mbedAustin 11:cada08fc8a70 1919 839, 853, 857, 859, 863, 877, 881, 883,
mbedAustin 11:cada08fc8a70 1920 887, 907, 911, 919, 929, 937, 941, 947,
mbedAustin 11:cada08fc8a70 1921 953, 967, 971, 977, 983, 991, 997, -103
mbedAustin 11:cada08fc8a70 1922 };
mbedAustin 11:cada08fc8a70 1923
mbedAustin 11:cada08fc8a70 1924 /*
mbedAustin 11:cada08fc8a70 1925 * Small divisors test (X must be positive)
mbedAustin 11:cada08fc8a70 1926 *
mbedAustin 11:cada08fc8a70 1927 * Return values:
mbedAustin 11:cada08fc8a70 1928 * 0: no small factor (possible prime, more tests needed)
mbedAustin 11:cada08fc8a70 1929 * 1: certain prime
mbedAustin 11:cada08fc8a70 1930 * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: certain non-prime
mbedAustin 11:cada08fc8a70 1931 * other negative: error
mbedAustin 11:cada08fc8a70 1932 */
mbedAustin 11:cada08fc8a70 1933 static int mpi_check_small_factors( const mbedtls_mpi *X )
mbedAustin 11:cada08fc8a70 1934 {
mbedAustin 11:cada08fc8a70 1935 int ret = 0;
mbedAustin 11:cada08fc8a70 1936 size_t i;
mbedAustin 11:cada08fc8a70 1937 mbedtls_mpi_uint r;
mbedAustin 11:cada08fc8a70 1938
mbedAustin 11:cada08fc8a70 1939 if( ( X->p[0] & 1 ) == 0 )
mbedAustin 11:cada08fc8a70 1940 return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
mbedAustin 11:cada08fc8a70 1941
mbedAustin 11:cada08fc8a70 1942 for( i = 0; small_prime[i] > 0; i++ )
mbedAustin 11:cada08fc8a70 1943 {
mbedAustin 11:cada08fc8a70 1944 if( mbedtls_mpi_cmp_int( X, small_prime[i] ) <= 0 )
mbedAustin 11:cada08fc8a70 1945 return( 1 );
mbedAustin 11:cada08fc8a70 1946
mbedAustin 11:cada08fc8a70 1947 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, small_prime[i] ) );
mbedAustin 11:cada08fc8a70 1948
mbedAustin 11:cada08fc8a70 1949 if( r == 0 )
mbedAustin 11:cada08fc8a70 1950 return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
mbedAustin 11:cada08fc8a70 1951 }
mbedAustin 11:cada08fc8a70 1952
mbedAustin 11:cada08fc8a70 1953 cleanup:
mbedAustin 11:cada08fc8a70 1954 return( ret );
mbedAustin 11:cada08fc8a70 1955 }
mbedAustin 11:cada08fc8a70 1956
mbedAustin 11:cada08fc8a70 1957 /*
mbedAustin 11:cada08fc8a70 1958 * Miller-Rabin pseudo-primality test (HAC 4.24)
mbedAustin 11:cada08fc8a70 1959 */
mbedAustin 11:cada08fc8a70 1960 static int mpi_miller_rabin( const mbedtls_mpi *X,
mbedAustin 11:cada08fc8a70 1961 int (*f_rng)(void *, unsigned char *, size_t),
mbedAustin 11:cada08fc8a70 1962 void *p_rng )
mbedAustin 11:cada08fc8a70 1963 {
mbedAustin 11:cada08fc8a70 1964 int ret, count;
mbedAustin 11:cada08fc8a70 1965 size_t i, j, k, n, s;
mbedAustin 11:cada08fc8a70 1966 mbedtls_mpi W, R, T, A, RR;
mbedAustin 11:cada08fc8a70 1967
mbedAustin 11:cada08fc8a70 1968 mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
mbedAustin 11:cada08fc8a70 1969 mbedtls_mpi_init( &RR );
mbedAustin 11:cada08fc8a70 1970
mbedAustin 11:cada08fc8a70 1971 /*
mbedAustin 11:cada08fc8a70 1972 * W = |X| - 1
mbedAustin 11:cada08fc8a70 1973 * R = W >> lsb( W )
mbedAustin 11:cada08fc8a70 1974 */
mbedAustin 11:cada08fc8a70 1975 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &W, X, 1 ) );
mbedAustin 11:cada08fc8a70 1976 s = mbedtls_mpi_lsb( &W );
mbedAustin 11:cada08fc8a70 1977 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R, &W ) );
mbedAustin 11:cada08fc8a70 1978 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) );
mbedAustin 11:cada08fc8a70 1979
mbedAustin 11:cada08fc8a70 1980 i = mbedtls_mpi_bitlen( X );
mbedAustin 11:cada08fc8a70 1981 /*
mbedAustin 11:cada08fc8a70 1982 * HAC, table 4.4
mbedAustin 11:cada08fc8a70 1983 */
mbedAustin 11:cada08fc8a70 1984 n = ( ( i >= 1300 ) ? 2 : ( i >= 850 ) ? 3 :
mbedAustin 11:cada08fc8a70 1985 ( i >= 650 ) ? 4 : ( i >= 350 ) ? 8 :
mbedAustin 11:cada08fc8a70 1986 ( i >= 250 ) ? 12 : ( i >= 150 ) ? 18 : 27 );
mbedAustin 11:cada08fc8a70 1987
mbedAustin 11:cada08fc8a70 1988 for( i = 0; i < n; i++ )
mbedAustin 11:cada08fc8a70 1989 {
mbedAustin 11:cada08fc8a70 1990 /*
mbedAustin 11:cada08fc8a70 1991 * pick a random A, 1 < A < |X| - 1
mbedAustin 11:cada08fc8a70 1992 */
mbedAustin 11:cada08fc8a70 1993 MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
mbedAustin 11:cada08fc8a70 1994
mbedAustin 11:cada08fc8a70 1995 if( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 )
mbedAustin 11:cada08fc8a70 1996 {
mbedAustin 11:cada08fc8a70 1997 j = mbedtls_mpi_bitlen( &A ) - mbedtls_mpi_bitlen( &W );
mbedAustin 11:cada08fc8a70 1998 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j + 1 ) );
mbedAustin 11:cada08fc8a70 1999 }
mbedAustin 11:cada08fc8a70 2000 A.p[0] |= 3;
mbedAustin 11:cada08fc8a70 2001
mbedAustin 11:cada08fc8a70 2002 count = 0;
mbedAustin 11:cada08fc8a70 2003 do {
mbedAustin 11:cada08fc8a70 2004 MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
mbedAustin 11:cada08fc8a70 2005
mbedAustin 11:cada08fc8a70 2006 j = mbedtls_mpi_bitlen( &A );
mbedAustin 11:cada08fc8a70 2007 k = mbedtls_mpi_bitlen( &W );
mbedAustin 11:cada08fc8a70 2008 if (j > k) {
mbedAustin 11:cada08fc8a70 2009 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j - k ) );
mbedAustin 11:cada08fc8a70 2010 }
mbedAustin 11:cada08fc8a70 2011
mbedAustin 11:cada08fc8a70 2012 if (count++ > 30) {
mbedAustin 11:cada08fc8a70 2013 return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
mbedAustin 11:cada08fc8a70 2014 }
mbedAustin 11:cada08fc8a70 2015
mbedAustin 11:cada08fc8a70 2016 } while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 ||
mbedAustin 11:cada08fc8a70 2017 mbedtls_mpi_cmp_int( &A, 1 ) <= 0 );
mbedAustin 11:cada08fc8a70 2018
mbedAustin 11:cada08fc8a70 2019 /*
mbedAustin 11:cada08fc8a70 2020 * A = A^R mod |X|
mbedAustin 11:cada08fc8a70 2021 */
mbedAustin 11:cada08fc8a70 2022 MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &A, &A, &R, X, &RR ) );
mbedAustin 11:cada08fc8a70 2023
mbedAustin 11:cada08fc8a70 2024 if( mbedtls_mpi_cmp_mpi( &A, &W ) == 0 ||
mbedAustin 11:cada08fc8a70 2025 mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
mbedAustin 11:cada08fc8a70 2026 continue;
mbedAustin 11:cada08fc8a70 2027
mbedAustin 11:cada08fc8a70 2028 j = 1;
mbedAustin 11:cada08fc8a70 2029 while( j < s && mbedtls_mpi_cmp_mpi( &A, &W ) != 0 )
mbedAustin 11:cada08fc8a70 2030 {
mbedAustin 11:cada08fc8a70 2031 /*
mbedAustin 11:cada08fc8a70 2032 * A = A * A mod |X|
mbedAustin 11:cada08fc8a70 2033 */
mbedAustin 11:cada08fc8a70 2034 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &A, &A ) );
mbedAustin 11:cada08fc8a70 2035 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &A, &T, X ) );
mbedAustin 11:cada08fc8a70 2036
mbedAustin 11:cada08fc8a70 2037 if( mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
mbedAustin 11:cada08fc8a70 2038 break;
mbedAustin 11:cada08fc8a70 2039
mbedAustin 11:cada08fc8a70 2040 j++;
mbedAustin 11:cada08fc8a70 2041 }
mbedAustin 11:cada08fc8a70 2042
mbedAustin 11:cada08fc8a70 2043 /*
mbedAustin 11:cada08fc8a70 2044 * not prime if A != |X| - 1 or A == 1
mbedAustin 11:cada08fc8a70 2045 */
mbedAustin 11:cada08fc8a70 2046 if( mbedtls_mpi_cmp_mpi( &A, &W ) != 0 ||
mbedAustin 11:cada08fc8a70 2047 mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
mbedAustin 11:cada08fc8a70 2048 {
mbedAustin 11:cada08fc8a70 2049 ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
mbedAustin 11:cada08fc8a70 2050 break;
mbedAustin 11:cada08fc8a70 2051 }
mbedAustin 11:cada08fc8a70 2052 }
mbedAustin 11:cada08fc8a70 2053
mbedAustin 11:cada08fc8a70 2054 cleanup:
mbedAustin 11:cada08fc8a70 2055 mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
mbedAustin 11:cada08fc8a70 2056 mbedtls_mpi_free( &RR );
mbedAustin 11:cada08fc8a70 2057
mbedAustin 11:cada08fc8a70 2058 return( ret );
mbedAustin 11:cada08fc8a70 2059 }
mbedAustin 11:cada08fc8a70 2060
mbedAustin 11:cada08fc8a70 2061 /*
mbedAustin 11:cada08fc8a70 2062 * Pseudo-primality test: small factors, then Miller-Rabin
mbedAustin 11:cada08fc8a70 2063 */
mbedAustin 11:cada08fc8a70 2064 int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
mbedAustin 11:cada08fc8a70 2065 int (*f_rng)(void *, unsigned char *, size_t),
mbedAustin 11:cada08fc8a70 2066 void *p_rng )
mbedAustin 11:cada08fc8a70 2067 {
mbedAustin 11:cada08fc8a70 2068 int ret;
mbedAustin 11:cada08fc8a70 2069 mbedtls_mpi XX;
mbedAustin 11:cada08fc8a70 2070
mbedAustin 11:cada08fc8a70 2071 XX.s = 1;
mbedAustin 11:cada08fc8a70 2072 XX.n = X->n;
mbedAustin 11:cada08fc8a70 2073 XX.p = X->p;
mbedAustin 11:cada08fc8a70 2074
mbedAustin 11:cada08fc8a70 2075 if( mbedtls_mpi_cmp_int( &XX, 0 ) == 0 ||
mbedAustin 11:cada08fc8a70 2076 mbedtls_mpi_cmp_int( &XX, 1 ) == 0 )
mbedAustin 11:cada08fc8a70 2077 return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
mbedAustin 11:cada08fc8a70 2078
mbedAustin 11:cada08fc8a70 2079 if( mbedtls_mpi_cmp_int( &XX, 2 ) == 0 )
mbedAustin 11:cada08fc8a70 2080 return( 0 );
mbedAustin 11:cada08fc8a70 2081
mbedAustin 11:cada08fc8a70 2082 if( ( ret = mpi_check_small_factors( &XX ) ) != 0 )
mbedAustin 11:cada08fc8a70 2083 {
mbedAustin 11:cada08fc8a70 2084 if( ret == 1 )
mbedAustin 11:cada08fc8a70 2085 return( 0 );
mbedAustin 11:cada08fc8a70 2086
mbedAustin 11:cada08fc8a70 2087 return( ret );
mbedAustin 11:cada08fc8a70 2088 }
mbedAustin 11:cada08fc8a70 2089
mbedAustin 11:cada08fc8a70 2090 return( mpi_miller_rabin( &XX, f_rng, p_rng ) );
mbedAustin 11:cada08fc8a70 2091 }
mbedAustin 11:cada08fc8a70 2092
mbedAustin 11:cada08fc8a70 2093 /*
mbedAustin 11:cada08fc8a70 2094 * Prime number generation
mbedAustin 11:cada08fc8a70 2095 */
mbedAustin 11:cada08fc8a70 2096 int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
mbedAustin 11:cada08fc8a70 2097 int (*f_rng)(void *, unsigned char *, size_t),
mbedAustin 11:cada08fc8a70 2098 void *p_rng )
mbedAustin 11:cada08fc8a70 2099 {
mbedAustin 11:cada08fc8a70 2100 int ret;
mbedAustin 11:cada08fc8a70 2101 size_t k, n;
mbedAustin 11:cada08fc8a70 2102 mbedtls_mpi_uint r;
mbedAustin 11:cada08fc8a70 2103 mbedtls_mpi Y;
mbedAustin 11:cada08fc8a70 2104
mbedAustin 11:cada08fc8a70 2105 if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS )
mbedAustin 11:cada08fc8a70 2106 return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
mbedAustin 11:cada08fc8a70 2107
mbedAustin 11:cada08fc8a70 2108 mbedtls_mpi_init( &Y );
mbedAustin 11:cada08fc8a70 2109
mbedAustin 11:cada08fc8a70 2110 n = BITS_TO_LIMBS( nbits );
mbedAustin 11:cada08fc8a70 2111
mbedAustin 11:cada08fc8a70 2112 MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
mbedAustin 11:cada08fc8a70 2113
mbedAustin 11:cada08fc8a70 2114 k = mbedtls_mpi_bitlen( X );
mbedAustin 11:cada08fc8a70 2115 if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits + 1 ) );
mbedAustin 11:cada08fc8a70 2116
mbedAustin 11:cada08fc8a70 2117 mbedtls_mpi_set_bit( X, nbits-1, 1 );
mbedAustin 11:cada08fc8a70 2118
mbedAustin 11:cada08fc8a70 2119 X->p[0] |= 1;
mbedAustin 11:cada08fc8a70 2120
mbedAustin 11:cada08fc8a70 2121 if( dh_flag == 0 )
mbedAustin 11:cada08fc8a70 2122 {
mbedAustin 11:cada08fc8a70 2123 while( ( ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ) ) != 0 )
mbedAustin 11:cada08fc8a70 2124 {
mbedAustin 11:cada08fc8a70 2125 if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
mbedAustin 11:cada08fc8a70 2126 goto cleanup;
mbedAustin 11:cada08fc8a70 2127
mbedAustin 11:cada08fc8a70 2128 MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 2 ) );
mbedAustin 11:cada08fc8a70 2129 }
mbedAustin 11:cada08fc8a70 2130 }
mbedAustin 11:cada08fc8a70 2131 else
mbedAustin 11:cada08fc8a70 2132 {
mbedAustin 11:cada08fc8a70 2133 /*
mbedAustin 11:cada08fc8a70 2134 * An necessary condition for Y and X = 2Y + 1 to be prime
mbedAustin 11:cada08fc8a70 2135 * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
mbedAustin 11:cada08fc8a70 2136 * Make sure it is satisfied, while keeping X = 3 mod 4
mbedAustin 11:cada08fc8a70 2137 */
mbedAustin 11:cada08fc8a70 2138
mbedAustin 11:cada08fc8a70 2139 X->p[0] |= 2;
mbedAustin 11:cada08fc8a70 2140
mbedAustin 11:cada08fc8a70 2141 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
mbedAustin 11:cada08fc8a70 2142 if( r == 0 )
mbedAustin 11:cada08fc8a70 2143 MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
mbedAustin 11:cada08fc8a70 2144 else if( r == 1 )
mbedAustin 11:cada08fc8a70 2145 MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
mbedAustin 11:cada08fc8a70 2146
mbedAustin 11:cada08fc8a70 2147 /* Set Y = (X-1) / 2, which is X / 2 because X is odd */
mbedAustin 11:cada08fc8a70 2148 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
mbedAustin 11:cada08fc8a70 2149 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
mbedAustin 11:cada08fc8a70 2150
mbedAustin 11:cada08fc8a70 2151 while( 1 )
mbedAustin 11:cada08fc8a70 2152 {
mbedAustin 11:cada08fc8a70 2153 /*
mbedAustin 11:cada08fc8a70 2154 * First, check small factors for X and Y
mbedAustin 11:cada08fc8a70 2155 * before doing Miller-Rabin on any of them
mbedAustin 11:cada08fc8a70 2156 */
mbedAustin 11:cada08fc8a70 2157 if( ( ret = mpi_check_small_factors( X ) ) == 0 &&
mbedAustin 11:cada08fc8a70 2158 ( ret = mpi_check_small_factors( &Y ) ) == 0 &&
mbedAustin 11:cada08fc8a70 2159 ( ret = mpi_miller_rabin( X, f_rng, p_rng ) ) == 0 &&
mbedAustin 11:cada08fc8a70 2160 ( ret = mpi_miller_rabin( &Y, f_rng, p_rng ) ) == 0 )
mbedAustin 11:cada08fc8a70 2161 {
mbedAustin 11:cada08fc8a70 2162 break;
mbedAustin 11:cada08fc8a70 2163 }
mbedAustin 11:cada08fc8a70 2164
mbedAustin 11:cada08fc8a70 2165 if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
mbedAustin 11:cada08fc8a70 2166 goto cleanup;
mbedAustin 11:cada08fc8a70 2167
mbedAustin 11:cada08fc8a70 2168 /*
mbedAustin 11:cada08fc8a70 2169 * Next candidates. We want to preserve Y = (X-1) / 2 and
mbedAustin 11:cada08fc8a70 2170 * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
mbedAustin 11:cada08fc8a70 2171 * so up Y by 6 and X by 12.
mbedAustin 11:cada08fc8a70 2172 */
mbedAustin 11:cada08fc8a70 2173 MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) );
mbedAustin 11:cada08fc8a70 2174 MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) );
mbedAustin 11:cada08fc8a70 2175 }
mbedAustin 11:cada08fc8a70 2176 }
mbedAustin 11:cada08fc8a70 2177
mbedAustin 11:cada08fc8a70 2178 cleanup:
mbedAustin 11:cada08fc8a70 2179
mbedAustin 11:cada08fc8a70 2180 mbedtls_mpi_free( &Y );
mbedAustin 11:cada08fc8a70 2181
mbedAustin 11:cada08fc8a70 2182 return( ret );
mbedAustin 11:cada08fc8a70 2183 }
mbedAustin 11:cada08fc8a70 2184
mbedAustin 11:cada08fc8a70 2185 #endif /* MBEDTLS_GENPRIME */
mbedAustin 11:cada08fc8a70 2186
mbedAustin 11:cada08fc8a70 2187 #if defined(MBEDTLS_SELF_TEST)
mbedAustin 11:cada08fc8a70 2188
mbedAustin 11:cada08fc8a70 2189 #define GCD_PAIR_COUNT 3
mbedAustin 11:cada08fc8a70 2190
mbedAustin 11:cada08fc8a70 2191 static const int gcd_pairs[GCD_PAIR_COUNT][3] =
mbedAustin 11:cada08fc8a70 2192 {
mbedAustin 11:cada08fc8a70 2193 { 693, 609, 21 },
mbedAustin 11:cada08fc8a70 2194 { 1764, 868, 28 },
mbedAustin 11:cada08fc8a70 2195 { 768454923, 542167814, 1 }
mbedAustin 11:cada08fc8a70 2196 };
mbedAustin 11:cada08fc8a70 2197
mbedAustin 11:cada08fc8a70 2198 /*
mbedAustin 11:cada08fc8a70 2199 * Checkup routine
mbedAustin 11:cada08fc8a70 2200 */
mbedAustin 11:cada08fc8a70 2201 int mbedtls_mpi_self_test( int verbose )
mbedAustin 11:cada08fc8a70 2202 {
mbedAustin 11:cada08fc8a70 2203 int ret, i;
mbedAustin 11:cada08fc8a70 2204 mbedtls_mpi A, E, N, X, Y, U, V;
mbedAustin 11:cada08fc8a70 2205
mbedAustin 11:cada08fc8a70 2206 mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &X );
mbedAustin 11:cada08fc8a70 2207 mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &U ); mbedtls_mpi_init( &V );
mbedAustin 11:cada08fc8a70 2208
mbedAustin 11:cada08fc8a70 2209 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &A, 16,
mbedAustin 11:cada08fc8a70 2210 "EFE021C2645FD1DC586E69184AF4A31E" \
mbedAustin 11:cada08fc8a70 2211 "D5F53E93B5F123FA41680867BA110131" \
mbedAustin 11:cada08fc8a70 2212 "944FE7952E2517337780CB0DB80E61AA" \
mbedAustin 11:cada08fc8a70 2213 "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) );
mbedAustin 11:cada08fc8a70 2214
mbedAustin 11:cada08fc8a70 2215 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 16,
mbedAustin 11:cada08fc8a70 2216 "B2E7EFD37075B9F03FF989C7C5051C20" \
mbedAustin 11:cada08fc8a70 2217 "34D2A323810251127E7BF8625A4F49A5" \
mbedAustin 11:cada08fc8a70 2218 "F3E27F4DA8BD59C47D6DAABA4C8127BD" \
mbedAustin 11:cada08fc8a70 2219 "5B5C25763222FEFCCFC38B832366C29E" ) );
mbedAustin 11:cada08fc8a70 2220
mbedAustin 11:cada08fc8a70 2221 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &N, 16,
mbedAustin 11:cada08fc8a70 2222 "0066A198186C18C10B2F5ED9B522752A" \
mbedAustin 11:cada08fc8a70 2223 "9830B69916E535C8F047518A889A43A5" \
mbedAustin 11:cada08fc8a70 2224 "94B6BED27A168D31D4A52F88925AA8F5" ) );
mbedAustin 11:cada08fc8a70 2225
mbedAustin 11:cada08fc8a70 2226 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &A, &N ) );
mbedAustin 11:cada08fc8a70 2227
mbedAustin 11:cada08fc8a70 2228 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
mbedAustin 11:cada08fc8a70 2229 "602AB7ECA597A3D6B56FF9829A5E8B85" \
mbedAustin 11:cada08fc8a70 2230 "9E857EA95A03512E2BAE7391688D264A" \
mbedAustin 11:cada08fc8a70 2231 "A5663B0341DB9CCFD2C4C5F421FEC814" \
mbedAustin 11:cada08fc8a70 2232 "8001B72E848A38CAE1C65F78E56ABDEF" \
mbedAustin 11:cada08fc8a70 2233 "E12D3C039B8A02D6BE593F0BBBDA56F1" \
mbedAustin 11:cada08fc8a70 2234 "ECF677152EF804370C1A305CAF3B5BF1" \
mbedAustin 11:cada08fc8a70 2235 "30879B56C61DE584A0F53A2447A51E" ) );
mbedAustin 11:cada08fc8a70 2236
mbedAustin 11:cada08fc8a70 2237 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2238 mbedtls_printf( " MPI test #1 (mul_mpi): " );
mbedAustin 11:cada08fc8a70 2239
mbedAustin 11:cada08fc8a70 2240 if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
mbedAustin 11:cada08fc8a70 2241 {
mbedAustin 11:cada08fc8a70 2242 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2243 mbedtls_printf( "failed\n" );
mbedAustin 11:cada08fc8a70 2244
mbedAustin 11:cada08fc8a70 2245 ret = 1;
mbedAustin 11:cada08fc8a70 2246 goto cleanup;
mbedAustin 11:cada08fc8a70 2247 }
mbedAustin 11:cada08fc8a70 2248
mbedAustin 11:cada08fc8a70 2249 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2250 mbedtls_printf( "passed\n" );
mbedAustin 11:cada08fc8a70 2251
mbedAustin 11:cada08fc8a70 2252 MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &X, &Y, &A, &N ) );
mbedAustin 11:cada08fc8a70 2253
mbedAustin 11:cada08fc8a70 2254 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
mbedAustin 11:cada08fc8a70 2255 "256567336059E52CAE22925474705F39A94" ) );
mbedAustin 11:cada08fc8a70 2256
mbedAustin 11:cada08fc8a70 2257 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &V, 16,
mbedAustin 11:cada08fc8a70 2258 "6613F26162223DF488E9CD48CC132C7A" \
mbedAustin 11:cada08fc8a70 2259 "0AC93C701B001B092E4E5B9F73BCD27B" \
mbedAustin 11:cada08fc8a70 2260 "9EE50D0657C77F374E903CDFA4C642" ) );
mbedAustin 11:cada08fc8a70 2261
mbedAustin 11:cada08fc8a70 2262 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2263 mbedtls_printf( " MPI test #2 (div_mpi): " );
mbedAustin 11:cada08fc8a70 2264
mbedAustin 11:cada08fc8a70 2265 if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ||
mbedAustin 11:cada08fc8a70 2266 mbedtls_mpi_cmp_mpi( &Y, &V ) != 0 )
mbedAustin 11:cada08fc8a70 2267 {
mbedAustin 11:cada08fc8a70 2268 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2269 mbedtls_printf( "failed\n" );
mbedAustin 11:cada08fc8a70 2270
mbedAustin 11:cada08fc8a70 2271 ret = 1;
mbedAustin 11:cada08fc8a70 2272 goto cleanup;
mbedAustin 11:cada08fc8a70 2273 }
mbedAustin 11:cada08fc8a70 2274
mbedAustin 11:cada08fc8a70 2275 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2276 mbedtls_printf( "passed\n" );
mbedAustin 11:cada08fc8a70 2277
mbedAustin 11:cada08fc8a70 2278 MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &X, &A, &E, &N, NULL ) );
mbedAustin 11:cada08fc8a70 2279
mbedAustin 11:cada08fc8a70 2280 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
mbedAustin 11:cada08fc8a70 2281 "36E139AEA55215609D2816998ED020BB" \
mbedAustin 11:cada08fc8a70 2282 "BD96C37890F65171D948E9BC7CBAA4D9" \
mbedAustin 11:cada08fc8a70 2283 "325D24D6A3C12710F10A09FA08AB87" ) );
mbedAustin 11:cada08fc8a70 2284
mbedAustin 11:cada08fc8a70 2285 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2286 mbedtls_printf( " MPI test #3 (exp_mod): " );
mbedAustin 11:cada08fc8a70 2287
mbedAustin 11:cada08fc8a70 2288 if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
mbedAustin 11:cada08fc8a70 2289 {
mbedAustin 11:cada08fc8a70 2290 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2291 mbedtls_printf( "failed\n" );
mbedAustin 11:cada08fc8a70 2292
mbedAustin 11:cada08fc8a70 2293 ret = 1;
mbedAustin 11:cada08fc8a70 2294 goto cleanup;
mbedAustin 11:cada08fc8a70 2295 }
mbedAustin 11:cada08fc8a70 2296
mbedAustin 11:cada08fc8a70 2297 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2298 mbedtls_printf( "passed\n" );
mbedAustin 11:cada08fc8a70 2299
mbedAustin 11:cada08fc8a70 2300 MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &X, &A, &N ) );
mbedAustin 11:cada08fc8a70 2301
mbedAustin 11:cada08fc8a70 2302 MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
mbedAustin 11:cada08fc8a70 2303 "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \
mbedAustin 11:cada08fc8a70 2304 "C3DBA76456363A10869622EAC2DD84EC" \
mbedAustin 11:cada08fc8a70 2305 "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) );
mbedAustin 11:cada08fc8a70 2306
mbedAustin 11:cada08fc8a70 2307 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2308 mbedtls_printf( " MPI test #4 (inv_mod): " );
mbedAustin 11:cada08fc8a70 2309
mbedAustin 11:cada08fc8a70 2310 if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
mbedAustin 11:cada08fc8a70 2311 {
mbedAustin 11:cada08fc8a70 2312 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2313 mbedtls_printf( "failed\n" );
mbedAustin 11:cada08fc8a70 2314
mbedAustin 11:cada08fc8a70 2315 ret = 1;
mbedAustin 11:cada08fc8a70 2316 goto cleanup;
mbedAustin 11:cada08fc8a70 2317 }
mbedAustin 11:cada08fc8a70 2318
mbedAustin 11:cada08fc8a70 2319 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2320 mbedtls_printf( "passed\n" );
mbedAustin 11:cada08fc8a70 2321
mbedAustin 11:cada08fc8a70 2322 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2323 mbedtls_printf( " MPI test #5 (simple gcd): " );
mbedAustin 11:cada08fc8a70 2324
mbedAustin 11:cada08fc8a70 2325 for( i = 0; i < GCD_PAIR_COUNT; i++ )
mbedAustin 11:cada08fc8a70 2326 {
mbedAustin 11:cada08fc8a70 2327 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &X, gcd_pairs[i][0] ) );
mbedAustin 11:cada08fc8a70 2328 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Y, gcd_pairs[i][1] ) );
mbedAustin 11:cada08fc8a70 2329
mbedAustin 11:cada08fc8a70 2330 MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &A, &X, &Y ) );
mbedAustin 11:cada08fc8a70 2331
mbedAustin 11:cada08fc8a70 2332 if( mbedtls_mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 )
mbedAustin 11:cada08fc8a70 2333 {
mbedAustin 11:cada08fc8a70 2334 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2335 mbedtls_printf( "failed at %d\n", i );
mbedAustin 11:cada08fc8a70 2336
mbedAustin 11:cada08fc8a70 2337 ret = 1;
mbedAustin 11:cada08fc8a70 2338 goto cleanup;
mbedAustin 11:cada08fc8a70 2339 }
mbedAustin 11:cada08fc8a70 2340 }
mbedAustin 11:cada08fc8a70 2341
mbedAustin 11:cada08fc8a70 2342 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2343 mbedtls_printf( "passed\n" );
mbedAustin 11:cada08fc8a70 2344
mbedAustin 11:cada08fc8a70 2345 cleanup:
mbedAustin 11:cada08fc8a70 2346
mbedAustin 11:cada08fc8a70 2347 if( ret != 0 && verbose != 0 )
mbedAustin 11:cada08fc8a70 2348 mbedtls_printf( "Unexpected error, return code = %08X\n", ret );
mbedAustin 11:cada08fc8a70 2349
mbedAustin 11:cada08fc8a70 2350 mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X );
mbedAustin 11:cada08fc8a70 2351 mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V );
mbedAustin 11:cada08fc8a70 2352
mbedAustin 11:cada08fc8a70 2353 if( verbose != 0 )
mbedAustin 11:cada08fc8a70 2354 mbedtls_printf( "\n" );
mbedAustin 11:cada08fc8a70 2355
mbedAustin 11:cada08fc8a70 2356 return( ret );
mbedAustin 11:cada08fc8a70 2357 }
mbedAustin 11:cada08fc8a70 2358
mbedAustin 11:cada08fc8a70 2359 #endif /* MBEDTLS_SELF_TEST */
mbedAustin 11:cada08fc8a70 2360
mbedAustin 11:cada08fc8a70 2361 #endif /* MBEDTLS_BIGNUM_C */