iPXE
Macros | Typedefs | Functions | Variables
bigint.h File Reference

Big integer support. More...

#include <assert.h>
#include <bits/bigint.h>

Go to the source code of this file.

Macros

#define bigint_t(size)
 Define a big-integer type.
#define bigint_required_size(len)
 Determine number of elements required for a big-integer type.
#define bigint_size(bigint)
 Determine number of elements in big-integer type.
#define bigint_ntoa(value)
 Transcribe big integer (for debugging)
#define bigint_init(value, data, len)
 Initialise big integer.
#define bigint_done(value, out, len)
 Finalise big integer.
#define bigint_add(addend, value)
 Add big integers.
#define bigint_subtract(subtrahend, value)
 Subtract big integers.
#define bigint_shl(value)
 Shift big integer left.
#define bigint_shr(value)
 Shift big integer right.
#define bigint_is_zero(value)
 Test if big integer is equal to zero.
#define bigint_is_geq(value, reference)
 Compare big integers.
#define bigint_set_bit(value, bit)
 Set bit in big integer.
#define bigint_clear_bit(value, bit)
 Clear bit in big integer.
#define bigint_bit_is_set(value, bit)
 Test if bit is set in big integer.
#define bigint_msb_is_set(value)
 Test if most significant bit is set in big integer.
#define bigint_max_set_bit(value)
 Find highest bit set in big integer.
#define bigint_grow(source, dest)
 Grow big integer.
#define bigint_shrink(source, dest)
 Shrink big integer.
#define bigint_copy(source, dest)
 Copy big integer.
#define bigint_swap(first, second, swap)
 Conditionally swap big integers (in constant time)
#define bigint_multiply(multiplicand, multiplier, result)
 Multiply big integers.
#define bigint_reduce(modulus, result)
 Reduce big integer R^2 modulo N.
#define bigint_mod_invert(invertend, inverse)
 Compute inverse of odd big integer modulo any power of two.
#define bigint_montgomery_relaxed(modulus, value, result)
 Perform relaxed Montgomery reduction (REDC) of a big integer.
#define bigint_montgomery(modulus, value, result)
 Perform classic Montgomery reduction (REDC) of a big integer.
#define bigint_ladder(result, multiple, exponent, op, ctx, tmp)
 Perform generalised exponentiation via a Montgomery ladder.
#define bigint_mod_exp(base, modulus, exponent, result, tmp)
 Perform modular exponentiation of big integers.
#define bigint_mod_exp_tmp_len(modulus)
 Calculate temporary working space required for moduluar exponentiation.

Typedefs

typedef void bigint_ladder_op_t(const bigint_element_t *operand0, bigint_element_t *result0, unsigned int size, const void *ctx, void *tmp)
 A big integer Montgomery ladder commutative operation.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 FILE_SECBOOT (PERMITTED)
static __attribute__ ((always_inline)) void bigint_set_bit_raw(bigint_element_t *value0
 Set bit in big integer.
 return (!!(value->element[index] &(1UL<< subindex)))
const char * bigint_ntoa_raw (const bigint_element_t *value0, unsigned int size)
 Transcribe big integer (for debugging)
void bigint_init_raw (bigint_element_t *value0, unsigned int size, const void *data, size_t len)
void bigint_done_raw (const bigint_element_t *value0, unsigned int size, void *out, size_t len)
int bigint_add_raw (const bigint_element_t *addend0, bigint_element_t *value0, unsigned int size)
int bigint_subtract_raw (const bigint_element_t *subtrahend0, bigint_element_t *value0, unsigned int size)
int bigint_shl_raw (bigint_element_t *value0, unsigned int size)
int bigint_shr_raw (bigint_element_t *value0, unsigned int size)
int bigint_is_zero_raw (const bigint_element_t *value0, unsigned int size)
int bigint_is_geq_raw (const bigint_element_t *value0, const bigint_element_t *reference0, unsigned int size)
int bigint_bit_is_set_raw (const bigint_element_t *value0, unsigned int size, unsigned int bit)
int bigint_max_set_bit_raw (const bigint_element_t *value0, unsigned int size)
void bigint_grow_raw (const bigint_element_t *source0, unsigned int source_size, bigint_element_t *dest0, unsigned int dest_size)
void bigint_shrink_raw (const bigint_element_t *source0, unsigned int source_size, bigint_element_t *dest0, unsigned int dest_size)
void bigint_swap_raw (bigint_element_t *first0, bigint_element_t *second0, unsigned int size, int swap)
 Conditionally swap big integers (in constant time)
void bigint_multiply_one (const bigint_element_t multiplicand, const bigint_element_t multiplier, bigint_element_t *result, bigint_element_t *carry)
void bigint_multiply_raw (const bigint_element_t *multiplicand0, unsigned int multiplicand_size, const bigint_element_t *multiplier0, unsigned int multiplier_size, bigint_element_t *result0)
 Multiply big integers.
void bigint_reduce_raw (const bigint_element_t *modulus0, bigint_element_t *result0, unsigned int size)
 Reduce big integer R^2 modulo N.
void bigint_mod_invert_raw (const bigint_element_t *invertend0, bigint_element_t *inverse0, unsigned int size)
 Compute inverse of odd big integer modulo any power of two.
int bigint_montgomery_relaxed_raw (const bigint_element_t *modulus0, bigint_element_t *value0, bigint_element_t *result0, unsigned int size)
 Perform relaxed Montgomery reduction (REDC) of a big integer.
void bigint_montgomery_raw (const bigint_element_t *modulus0, bigint_element_t *value0, bigint_element_t *result0, unsigned int size)
 Perform classic Montgomery reduction (REDC) of a big integer.
void bigint_ladder_raw (bigint_element_t *result0, bigint_element_t *multiple0, unsigned int size, const bigint_element_t *exponent0, unsigned int exponent_size, bigint_ladder_op_t *op, const void *ctx, void *tmp)
 Perform generalised exponentiation via a Montgomery ladder.
void bigint_mod_exp_ladder (const bigint_element_t *multiplier0, bigint_element_t *result0, unsigned int size, const void *ctx, void *tmp)
 Perform modular multiplication as part of a Montgomery ladder.
void bigint_mod_exp_raw (const bigint_element_t *base0, const bigint_element_t *modulus0, const bigint_element_t *exponent0, bigint_element_t *result0, unsigned int size, unsigned int exponent_size, void *tmp)
 Perform modular exponentiation of big integers.

Variables

static unsigned int size
static unsigned int unsigned int bit
unsigned int index = ( bit / ( 8 * sizeof ( value->element[0] ) ) )
unsigned int subindex = ( bit % ( 8 * sizeof ( value->element[0] ) ) )
value element [index] = ( 1UL << subindex )

Detailed Description

Big integer support.

Definition in file bigint.h.

Macro Definition Documentation

◆ bigint_t

#define bigint_t ( size)
Value:
struct { \
bigint_element_t element[ (size) ]; \
}
bigint_element_t
uint32_t bigint_element_t
Element of a big integer.
Definition bigint.h:16
size
uint16_t size
Buffer size.
Definition dwmac.h:3
element
value element[index]
Definition bigint.h:398

Define a big-integer type.

Parameters
sizeNumber of elements
Return values
bigint_tBig integer type

Definition at line 20 of file bigint.h.

20#define bigint_t( size ) \
21 struct { \
22 bigint_element_t element[ (size) ]; \
23 }

Referenced by bigint_add_okx(), bigint_add_sample(), bigint_bit_is_set_okx(), bigint_bit_is_set_sample(), bigint_copy_sample(), bigint_done_sample(), bigint_grow_sample(), bigint_init_sample(), bigint_is_geq_okx(), bigint_is_geq_sample(), bigint_is_zero_okx(), bigint_is_zero_sample(), bigint_ladder_raw(), bigint_max_set_bit_okx(), bigint_max_set_bit_sample(), bigint_mod_exp_ladder(), bigint_mod_exp_okx(), bigint_mod_exp_raw(), bigint_mod_exp_sample(), bigint_mod_invert_okx(), bigint_mod_invert_raw(), bigint_mod_invert_sample(), bigint_montgomery_okx(), bigint_montgomery_raw(), bigint_montgomery_relaxed_raw(), bigint_montgomery_sample(), bigint_multiply_okx(), bigint_multiply_raw(), bigint_multiply_sample(), bigint_ntoa_raw(), bigint_reduce_okx(), bigint_reduce_raw(), bigint_reduce_sample(), bigint_shl_okx(), bigint_shl_sample(), bigint_shr_okx(), bigint_shr_sample(), bigint_shrink_sample(), bigint_subtract_okx(), bigint_subtract_sample(), bigint_swap_okx(), bigint_swap_sample(), x25519_multiply_step1::bigint_t(), x25519_multiply_step2::bigint_t(), dhe_key(), ecdsa_alloc(), ecdsa_init_values(), ecdsa_invert(), ecdsa_parse_signature(), ecdsa_prepend_signature(), ecdsa_sign_rs(), ecdsa_verify_rs(), elliptic_curve_okx(), rsa_alloc(), rsa_cipher(), rsa_init(), weierstrass_add_raw(), weierstrass_done_raw(), weierstrass_exec(), weierstrass_init_curve(), weierstrass_init_raw(), weierstrass_is_infinity(), weierstrass_multiply(), and weierstrass_verify_raw().

◆ bigint_required_size

#define bigint_required_size ( len)
Value:
( (len) ? ( ( (len) + sizeof ( bigint_element_t ) - 1 ) / \
sizeof ( bigint_element_t ) ) : 1 )
len
ring len
Length.
Definition dwmac.h:226

Determine number of elements required for a big-integer type.

Parameters
lenMaximum length of big integer, in bytes
Return values
sizeNumber of elements

Definition at line 31 of file bigint.h.

31#define bigint_required_size( len ) \
32 ( (len) ? ( ( (len) + sizeof ( bigint_element_t ) - 1 ) / \
33 sizeof ( bigint_element_t ) ) : 1 )

Referenced by bigint_add_okx(), bigint_bit_is_set_okx(), bigint_is_geq_okx(), bigint_is_zero_okx(), bigint_max_set_bit_okx(), bigint_mod_exp_okx(), bigint_mod_invert_okx(), bigint_montgomery_okx(), bigint_multiply_okx(), bigint_reduce_okx(), bigint_shl_okx(), bigint_shr_okx(), bigint_subtract_okx(), bigint_swap_okx(), bigint_t(), x25519_multiply_step1::bigint_t(), x25519_multiply_step2::bigint_t(), dhe_key(), ecdsa_alloc(), elliptic_curve_okx(), rsa_alloc(), and weierstrass_multiply().

◆ bigint_size

#define bigint_size ( bigint)
Value:
( sizeof ( *(bigint) ) / sizeof ( (bigint)->element[0] ) )

Determine number of elements in big-integer type.

Parameters
bigintBig integer
Return values
sizeNumber of elements

Definition at line 41 of file bigint.h.

41#define bigint_size( bigint ) \
42 ( sizeof ( *(bigint) ) / sizeof ( (bigint)->element[0] ) )

Referenced by bigint_add_okx(), bigint_is_geq_okx(), bigint_mod_exp_okx(), bigint_multiply_okx(), bigint_reduce_okx(), bigint_subtract_okx(), and weierstrass_add_ladder().

◆ bigint_ntoa

#define bigint_ntoa ( value)
Value:
( { \
unsigned int size = bigint_size (value); \
bigint_ntoa_raw ( (value)->element, size ); \
} )
value
pseudo_bit_t value[0x00020]
Definition arbel.h:2
bigint_size
#define bigint_size(bigint)
Determine number of elements in big-integer type.
Definition bigint.h:41

Transcribe big integer (for debugging)

Parameters
valueBig integer to be transcribed
Return values
stringBig integer in string form (may be abbreviated)

Definition at line 50 of file bigint.h.

50#define bigint_ntoa( value ) ( { \
51 unsigned int size = bigint_size (value); \
52 bigint_ntoa_raw ( (value)->element, size ); \
53 } )

Referenced by bigint_add_okx(), bigint_bit_is_set_okx(), bigint_is_geq_okx(), bigint_is_zero_okx(), bigint_max_set_bit_okx(), bigint_mod_exp_okx(), bigint_mod_invert_okx(), bigint_montgomery_okx(), bigint_multiply_okx(), bigint_reduce_okx(), bigint_shl_okx(), bigint_shr_okx(), bigint_subtract_okx(), ecdsa_init_values(), ecdsa_sign_rs(), ecdsa_verify_rs(), weierstrass_add_raw(), weierstrass_done_raw(), weierstrass_exec(), weierstrass_init_curve(), weierstrass_init_raw(), weierstrass_is_infinity(), and weierstrass_multiply().

◆ bigint_init

#define bigint_init ( value,
data,
len )
Value:
do { \
unsigned int size = bigint_size (value); \
assert ( (len) <= ( size * sizeof ( (value)->element[0] ) ) ); \
bigint_init_raw ( (value)->element, size, (data), (len) ); \
} while ( 0 )
data
uint8_t data[48]
Additional event data.
Definition ena.h:11

Initialise big integer.

Parameters
valueBig integer to initialise
dataRaw data
lenLength of raw data

Definition at line 62 of file bigint.h.

62#define bigint_init( value, data, len ) do { \
63 unsigned int size = bigint_size (value); \
64 assert ( (len) <= ( size * sizeof ( (value)->element[0] ) ) ); \
65 bigint_init_raw ( (value)->element, size, (data), (len) ); \
66 } while ( 0 )

Referenced by bigint_add_okx(), bigint_bit_is_set_okx(), bigint_init_sample(), bigint_is_geq_okx(), bigint_is_zero_okx(), bigint_max_set_bit_okx(), bigint_mod_exp_okx(), bigint_mod_exp_raw(), bigint_mod_invert_okx(), bigint_montgomery_okx(), bigint_multiply_okx(), bigint_reduce_okx(), bigint_shl_okx(), bigint_shr_okx(), bigint_subtract_okx(), bigint_swap_okx(), dhe_key(), ecdsa_init_values(), ecdsa_parse_signature(), ecdsa_sign_rs(), ecdsa_verify_rs(), elliptic_curve_okx(), rsa_cipher(), rsa_init(), weierstrass_init_curve(), weierstrass_init_raw(), weierstrass_is_infinity(), weierstrass_multiply(), x25519_init_constants(), x25519_invert_okx(), x25519_is_zero(), x25519_key(), x25519_ladder(), and x25519_multiply_okx().

◆ bigint_done

#define bigint_done ( value,
out,
len )
Value:
do { \
unsigned int size = bigint_size (value); \
bigint_done_raw ( (value)->element, size, (out), (len) ); \
} while ( 0 )
out
__be32 out[4]
Definition CIB_PRM.h:8

Finalise big integer.

Parameters
valueBig integer to finalise
outOutput buffer
lenLength of output buffer

Definition at line 75 of file bigint.h.

75#define bigint_done( value, out, len ) do { \
76 unsigned int size = bigint_size (value); \
77 bigint_done_raw ( (value)->element, size, (out), (len) ); \
78 } while ( 0 )

Referenced by bigint_add_okx(), bigint_done_sample(), bigint_mod_exp_okx(), bigint_mod_invert_okx(), bigint_montgomery_okx(), bigint_multiply_okx(), bigint_reduce_okx(), bigint_shl_okx(), bigint_shr_okx(), bigint_subtract_okx(), bigint_swap_okx(), dhe_key(), ecdsa_prepend_signature(), ecdsa_verify_rs(), elliptic_curve_okx(), rsa_cipher(), weierstrass_done_raw(), and x25519_key().

◆ bigint_add

#define bigint_add ( addend,
value )
Value:
( { \
unsigned int size = bigint_size (addend); \
bigint_add_raw ( (addend)->element, (value)->element, size ); \
} )

Add big integers.

Parameters
addendBig integer to add
valueBig integer to be added to
Return values
carryCarry out

Definition at line 87 of file bigint.h.

87#define bigint_add( addend, value ) ( { \
88 unsigned int size = bigint_size (addend); \
89 bigint_add_raw ( (addend)->element, (value)->element, size ); \
90 } )

Referenced by bigint_add_okx(), bigint_add_sample(), bigint_mod_exp_raw(), bigint_mod_invert_raw(), bigint_montgomery_relaxed_raw(), bigint_reduce_raw(), ecdsa_sign_rs(), elliptic_curve_okx(), weierstrass_exec(), weierstrass_init_curve(), x25519_add(), x25519_init_constants(), x25519_multiply(), and x25519_subtract().

◆ bigint_subtract

#define bigint_subtract ( subtrahend,
value )
Value:
( { \
unsigned int size = bigint_size (subtrahend); \
bigint_subtract_raw ( (subtrahend)->element, (value)->element, \
size ); \
} )

Subtract big integers.

Parameters
subtrahendBig integer to subtract
valueBig integer to be subtracted from
Return values
borrowBorrow out

Definition at line 99 of file bigint.h.

99#define bigint_subtract( subtrahend, value ) ( { \
100 unsigned int size = bigint_size (subtrahend); \
101 bigint_subtract_raw ( (subtrahend)->element, (value)->element, \
102 size ); \
103 } )

Referenced by bigint_mod_exp_raw(), bigint_montgomery_raw(), bigint_reduce_raw(), bigint_subtract_okx(), bigint_subtract_sample(), ecdsa_init_values(), ecdsa_verify_rs(), weierstrass_exec(), weierstrass_init_curve(), x25519_reduce_by(), and x25519_subtract().

◆ bigint_shl

#define bigint_shl ( value)
Value:
( { \
unsigned int size = bigint_size (value); \
bigint_shl_raw ( (value)->element, size ); \
} )

Shift big integer left.

Parameters
valueBig integer
Return values
outBit shifted out

Definition at line 111 of file bigint.h.

111#define bigint_shl( value ) ( { \
112 unsigned int size = bigint_size (value); \
113 bigint_shl_raw ( (value)->element, size ); \
114 } )

Referenced by bigint_reduce_raw(), bigint_shl_okx(), and bigint_shl_sample().

◆ bigint_shr

#define bigint_shr ( value)
Value:
( { \
unsigned int size = bigint_size (value); \
bigint_shr_raw ( (value)->element, size ); \
} )

Shift big integer right.

Parameters
valueBig integer
Return values
outBit shifted out

Definition at line 122 of file bigint.h.

122#define bigint_shr( value ) ( { \
123 unsigned int size = bigint_size (value); \
124 bigint_shr_raw ( (value)->element, size ); \
125 } )

Referenced by bigint_mod_exp_raw(), bigint_mod_invert_raw(), bigint_shr_okx(), and bigint_shr_sample().

◆ bigint_is_zero

#define bigint_is_zero ( value)
Value:
( { \
unsigned int size = bigint_size (value); \
bigint_is_zero_raw ( (value)->element, size ); } )

Test if big integer is equal to zero.

Parameters
valueBig integer
sizeNumber of elements
Return values
is_zeroBig integer is equal to zero

Definition at line 134 of file bigint.h.

134#define bigint_is_zero( value ) ( { \
135 unsigned int size = bigint_size (value); \
136 bigint_is_zero_raw ( (value)->element, size ); } )

Referenced by bigint_is_zero_okx(), bigint_is_zero_sample(), ecdsa_parse_signature(), ecdsa_sign_rs(), ecdsa_verify_rs(), weierstrass_init_raw(), weierstrass_is_infinity(), weierstrass_verify_raw(), and x25519_is_zero().

◆ bigint_is_geq

#define bigint_is_geq ( value,
reference )
Value:
( { \
unsigned int size = bigint_size (value); \
bigint_is_geq_raw ( (value)->element, (reference)->element, \
size ); } )

Compare big integers.

Parameters
valueBig integer
referenceReference big integer
Return values
geqBig integer is greater than or equal to the reference

Definition at line 145 of file bigint.h.

145#define bigint_is_geq( value, reference ) ( { \
146 unsigned int size = bigint_size (value); \
147 bigint_is_geq_raw ( (value)->element, (reference)->element, \
148 size ); } )

Referenced by bigint_is_geq_okx(), bigint_is_geq_sample(), bigint_montgomery_raw(), bigint_reduce_raw(), ecdsa_parse_signature(), and ecdsa_sign_rs().

◆ bigint_set_bit

#define bigint_set_bit ( value,
bit )
Value:
do { \
unsigned int size = bigint_size (value); \
bigint_set_bit_raw ( (value)->element, size, bit ); \
} while ( 0 )
bit
static unsigned int unsigned int bit
Definition bigint.h:392

Set bit in big integer.

Parameters
valueBig integer
bitBit to set

Definition at line 156 of file bigint.h.

156#define bigint_set_bit( value, bit ) do { \
157 unsigned int size = bigint_size (value); \
158 bigint_set_bit_raw ( (value)->element, size, bit ); \
159 } while ( 0 )

Referenced by bigint_reduce_raw().

◆ bigint_clear_bit

#define bigint_clear_bit ( value,
bit )
Value:
do { \
unsigned int size = bigint_size (value); \
bigint_clear_bit_raw ( (value)->element, size, bit ); \
} while ( 0 )

Clear bit in big integer.

Parameters
valueBig integer
bitBit to set

Definition at line 167 of file bigint.h.

167#define bigint_clear_bit( value, bit ) do { \
168 unsigned int size = bigint_size (value); \
169 bigint_clear_bit_raw ( (value)->element, size, bit ); \
170 } while ( 0 )

◆ bigint_bit_is_set

#define bigint_bit_is_set ( value,
bit )
Value:
( { \
unsigned int size = bigint_size (value); \
bigint_bit_is_set_raw ( (value)->element, size, bit ); } )

Test if bit is set in big integer.

Parameters
valueBig integer
bitBit to test
Return values
is_setBit is set

Definition at line 179 of file bigint.h.

179#define bigint_bit_is_set( value, bit ) ( { \
180 unsigned int size = bigint_size (value); \
181 bigint_bit_is_set_raw ( (value)->element, size, bit ); } )

Referenced by bigint_add_okx(), bigint_bit_is_set_okx(), bigint_bit_is_set_sample(), bigint_ladder_raw(), bigint_mod_exp_raw(), bigint_mod_invert_raw(), bigint_montgomery_relaxed_raw(), and bigint_shl_okx().

◆ bigint_msb_is_set

#define bigint_msb_is_set ( value)
Value:
( { \
unsigned int size = bigint_size (value); \
bigint_msb_is_set_raw ( (value)->element, size ); } )

Test if most significant bit is set in big integer.

Parameters
valueBig integer
Return values
is_setMost significant bit is set

Definition at line 189 of file bigint.h.

189#define bigint_msb_is_set( value ) ( { \
190 unsigned int size = bigint_size (value); \
191 bigint_msb_is_set_raw ( (value)->element, size ); } )

◆ bigint_max_set_bit

#define bigint_max_set_bit ( value)
Value:
( { \
unsigned int size = bigint_size (value); \
bigint_max_set_bit_raw ( (value)->element, size ); } )

Find highest bit set in big integer.

Parameters
valueBig integer
Return values
max_bitHighest bit set + 1 (or 0 if no bits set)

Definition at line 199 of file bigint.h.

199#define bigint_max_set_bit( value ) ( { \
200 unsigned int size = bigint_size (value); \
201 bigint_max_set_bit_raw ( (value)->element, size ); } )

Referenced by bigint_max_set_bit_okx(), bigint_max_set_bit_sample(), bigint_mod_exp_raw(), and bigint_reduce_raw().

◆ bigint_grow

#define bigint_grow ( source,
dest )
Value:
do { \
unsigned int source_size = bigint_size (source); \
unsigned int dest_size = bigint_size (dest); \
bigint_grow_raw ( (source)->element, source_size, \
(dest)->element, dest_size ); \
} while ( 0 )
source_size
static unsigned int source_size
Definition bigint.h:251
dest_size
static unsigned int uint32_t unsigned int dest_size
Definition bigint.h:252
dest
if(len >=6 *4) __asm__ __volatile__("movsl" if(len >=5 *4) __asm__ __volatile__("movsl" if(len >=4 *4) __asm__ __volatile__("movsl" if(len >=3 *4) __asm__ __volatile__("movsl" if(len >=2 *4) __asm__ __volatile__("movsl" if(len >=1 *4) __asm__ __volatile__("movsl" if((len % 4) >=2) __asm__ __volatile__("movsw" if((len % 2) >=1) __asm__ __volatile__("movsb" retur dest)
Definition string.h:151

Grow big integer.

Parameters
sourceSource big integer
destDestination big integer

Definition at line 209 of file bigint.h.

209#define bigint_grow( source, dest ) do { \
210 unsigned int source_size = bigint_size (source); \
211 unsigned int dest_size = bigint_size (dest); \
212 bigint_grow_raw ( (source)->element, source_size, \
213 (dest)->element, dest_size ); \
214 } while ( 0 )

Referenced by bigint_grow_sample(), bigint_mod_exp_raw(), ecdsa_init_values(), weierstrass_done_raw(), weierstrass_verify_raw(), and x25519_multiply().

◆ bigint_shrink

#define bigint_shrink ( source,
dest )
Value:
do { \
unsigned int source_size = bigint_size (source); \
unsigned int dest_size = bigint_size (dest); \
bigint_shrink_raw ( (source)->element, source_size, \
(dest)->element, dest_size ); \
} while ( 0 )

Shrink big integer.

Parameters
sourceSource big integer
destDestination big integer

Definition at line 222 of file bigint.h.

222#define bigint_shrink( source, dest ) do { \
223 unsigned int source_size = bigint_size (source); \
224 unsigned int dest_size = bigint_size (dest); \
225 bigint_shrink_raw ( (source)->element, source_size, \
226 (dest)->element, dest_size ); \
227 } while ( 0 )

Referenced by bigint_mod_exp_ladder(), and bigint_shrink_sample().

◆ bigint_copy

#define bigint_copy ( source,
dest )
Value:
do { \
build_assert ( sizeof ( *(source) ) == sizeof ( *(dest) ) ); \
bigint_shrink ( (source), (dest) ); \
} while ( 0 )

Copy big integer.

Parameters
sourceSource big integer
destDestination big integer

Definition at line 235 of file bigint.h.

235#define bigint_copy( source, dest ) do { \
236 build_assert ( sizeof ( *(source) ) == sizeof ( *(dest) ) ); \
237 bigint_shrink ( (source), (dest) ); \
238 } while ( 0 )

Referenced by bigint_copy_sample(), bigint_mod_exp_raw(), bigint_montgomery_relaxed_raw(), ecdsa_init_values(), ecdsa_invert(), weierstrass_done_raw(), weierstrass_exec(), weierstrass_init_curve(), weierstrass_init_raw(), weierstrass_multiply(), x25519_add(), x25519_init_constants(), x25519_invert(), x25519_ladder(), x25519_reduce_by(), and x25519_subtract().

◆ bigint_swap

#define bigint_swap ( first,
second,
swap )
Value:
do { \
unsigned int size = bigint_size (first); \
bigint_swap_raw ( (first)->element, (second)->element, size, \
(swap) ); \
} while ( 0 )
first
uint32_t first
First block in range.
Definition pccrr.h:1

Conditionally swap big integers (in constant time)

Parameters
firstBig integer to be conditionally swapped
secondBig integer to be conditionally swapped
swapSwap first and second big integers

Definition at line 247 of file bigint.h.

247#define bigint_swap( first, second, swap ) do { \
248 unsigned int size = bigint_size (first); \
249 bigint_swap_raw ( (first)->element, (second)->element, size, \
250 (swap) ); \
251 } while ( 0 )

Referenced by bigint_ladder_raw(), bigint_montgomery_raw(), bigint_swap_okx(), bigint_swap_sample(), x25519_reduce_by(), and x25519_step().

◆ bigint_multiply

#define bigint_multiply ( multiplicand,
multiplier,
result )
Value:
do { \
unsigned int multiplicand_size = bigint_size (multiplicand); \
unsigned int multiplier_size = bigint_size (multiplier); \
bigint_multiply_raw ( (multiplicand)->element, \
multiplicand_size, (multiplier)->element, \
multiplier_size, (result)->element ); \
} while ( 0 )
result
uint16_t result
Definition hyperv.h:33
multiplier
static const uint32_t multiplier
Port multiplier number.
Definition bigint.h:335

Multiply big integers.

Parameters
multiplicandBig integer to be multiplied
multiplierBig integer to be multiplied
resultBig integer to hold result

Definition at line 260 of file bigint.h.

260#define bigint_multiply( multiplicand, multiplier, result ) do { \
261 unsigned int multiplicand_size = bigint_size (multiplicand); \
262 unsigned int multiplier_size = bigint_size (multiplier); \
263 bigint_multiply_raw ( (multiplicand)->element, \
264 multiplicand_size, (multiplier)->element, \
265 multiplier_size, (result)->element ); \
266 } while ( 0 )

Referenced by bigint_mod_exp_ladder(), bigint_mod_exp_raw(), bigint_multiply_okx(), bigint_multiply_sample(), ecdsa_invert(), ecdsa_sign_rs(), ecdsa_verify_rs(), weierstrass_done_raw(), weierstrass_exec(), weierstrass_init_curve(), weierstrass_init_raw(), and x25519_multiply().

◆ bigint_reduce

#define bigint_reduce ( modulus,
result )
Value:
do { \
unsigned int size = bigint_size (modulus); \
bigint_reduce_raw ( (modulus)->element, (result)->element, \
size ); \
} while ( 0 )

Reduce big integer R^2 modulo N.

Parameters
modulusBig integer modulus
resultBig integer to hold result

Definition at line 274 of file bigint.h.

274#define bigint_reduce( modulus, result ) do { \
275 unsigned int size = bigint_size (modulus); \
276 bigint_reduce_raw ( (modulus)->element, (result)->element, \
277 size ); \
278 } while ( 0 )

Referenced by bigint_mod_exp_raw(), bigint_reduce_okx(), bigint_reduce_sample(), ecdsa_init_values(), and weierstrass_init_curve().

◆ bigint_mod_invert

#define bigint_mod_invert ( invertend,
inverse )
Value:
do { \
unsigned int size = bigint_size ( inverse ); \
bigint_mod_invert_raw ( (invertend)->element, \
(inverse)->element, size ); \
} while ( 0 )

Compute inverse of odd big integer modulo any power of two.

Parameters
invertendOdd big integer to be inverted
inverseBig integer to hold result

Definition at line 286 of file bigint.h.

286#define bigint_mod_invert( invertend, inverse ) do { \
287 unsigned int size = bigint_size ( inverse ); \
288 bigint_mod_invert_raw ( (invertend)->element, \
289 (inverse)->element, size ); \
290 } while ( 0 )

Referenced by bigint_mod_exp_raw(), bigint_mod_invert_okx(), bigint_mod_invert_sample(), and bigint_montgomery_relaxed_raw().

◆ bigint_montgomery_relaxed

#define bigint_montgomery_relaxed ( modulus,
value,
result )
Value:
( { \
unsigned int size = bigint_size (modulus); \
bigint_montgomery_relaxed_raw ( (modulus)->element, \
(value)->element, \
(result)->element, size ); \
} )

Perform relaxed Montgomery reduction (REDC) of a big integer.

Parameters
modulusBig integer odd modulus
valueBig integer to be reduced
resultBig integer to hold result
Return values
carryCarry out

Definition at line 300 of file bigint.h.

300#define bigint_montgomery_relaxed( modulus, value, result ) ( { \
301 unsigned int size = bigint_size (modulus); \
302 bigint_montgomery_relaxed_raw ( (modulus)->element, \
303 (value)->element, \
304 (result)->element, size ); \
305 } )

Referenced by bigint_mod_exp_raw(), bigint_montgomery_raw(), weierstrass_done_raw(), weierstrass_exec(), and weierstrass_init_raw().

◆ bigint_montgomery

#define bigint_montgomery ( modulus,
value,
result )
Value:
do { \
unsigned int size = bigint_size (modulus); \
bigint_montgomery_raw ( (modulus)->element, (value)->element, \
(result)->element, size ); \
} while ( 0 )

Perform classic Montgomery reduction (REDC) of a big integer.

Parameters
modulusBig integer odd modulus
valueBig integer to be reduced
resultBig integer to hold result

Definition at line 314 of file bigint.h.

314#define bigint_montgomery( modulus, value, result ) do { \
315 unsigned int size = bigint_size (modulus); \
316 bigint_montgomery_raw ( (modulus)->element, (value)->element, \
317 (result)->element, size ); \
318 } while ( 0 )

Referenced by bigint_mod_exp_ladder(), bigint_mod_exp_raw(), bigint_montgomery_okx(), bigint_montgomery_sample(), ecdsa_init_values(), ecdsa_invert(), ecdsa_sign_rs(), ecdsa_verify_rs(), weierstrass_done_raw(), weierstrass_init_curve(), and weierstrass_verify_raw().

◆ bigint_ladder

#define bigint_ladder ( result,
multiple,
exponent,
op,
ctx,
tmp )
Value:
do { \
unsigned int size = bigint_size (result); \
unsigned int exponent_size = bigint_size (exponent); \
bigint_ladder_raw ( (result)->element, (multiple)->element, \
size, (exponent)->element, exponent_size, \
(op), (ctx), (tmp) ); \
} while ( 0 )
ctx
struct golan_eq_context ctx
Definition CIB_PRM.h:0
tmp
unsigned long tmp
Definition linux_pci.h:65
op
static uint16_t struct vmbus_xfer_pages_operations * op
Definition netvsc.h:327

Perform generalised exponentiation via a Montgomery ladder.

Parameters
resultBig integer result (initialised to identity element)
multipleBig integer multiple (initialised to generator)
exponentBig integer exponent
opMontgomery ladder commutative operation
ctxOperation context (if needed)
tmpTemporary working space (if needed)

Definition at line 330 of file bigint.h.

330#define bigint_ladder( result, multiple, exponent, op, ctx, tmp ) do { \
331 unsigned int size = bigint_size (result); \
332 unsigned int exponent_size = bigint_size (exponent); \
333 bigint_ladder_raw ( (result)->element, (multiple)->element, \
334 size, (exponent)->element, exponent_size, \
335 (op), (ctx), (tmp) ); \
336 } while ( 0 )

Referenced by bigint_mod_exp_raw(), ecdsa_invert(), weierstrass_done_raw(), and weierstrass_multiply().

◆ bigint_mod_exp

#define bigint_mod_exp ( base,
modulus,
exponent,
result,
tmp )
Value:
do { \
unsigned int size = bigint_size (base); \
unsigned int exponent_size = bigint_size (exponent); \
bigint_mod_exp_raw ( (base)->element, (modulus)->element, \
(exponent)->element, (result)->element, \
size, exponent_size, tmp ); \
} while ( 0 )
base
uint32_t base
Base.
Definition librm.h:3

Perform modular exponentiation of big integers.

Parameters
baseBig integer base
modulusBig integer modulus
exponentBig integer exponent
resultBig integer to hold result
tmpTemporary working space

Definition at line 347 of file bigint.h.

347#define bigint_mod_exp( base, modulus, exponent, result, tmp ) do { \
348 unsigned int size = bigint_size (base); \
349 unsigned int exponent_size = bigint_size (exponent); \
350 bigint_mod_exp_raw ( (base)->element, (modulus)->element, \
351 (exponent)->element, (result)->element, \
352 size, exponent_size, tmp ); \
353 } while ( 0 )

Referenced by bigint_mod_exp_okx(), bigint_mod_exp_sample(), dhe_key(), and rsa_cipher().

◆ bigint_mod_exp_tmp_len

#define bigint_mod_exp_tmp_len ( modulus)
Value:
( { \
unsigned int size = bigint_size (modulus); \
sizeof ( struct { \
bigint_t ( size ) temp[4]; \
} ); } )

Calculate temporary working space required for moduluar exponentiation.

Parameters
modulusBig integer modulus
Return values
lenLength of temporary working space

Definition at line 361 of file bigint.h.

361#define bigint_mod_exp_tmp_len( modulus ) ( { \
362 unsigned int size = bigint_size (modulus); \
363 sizeof ( struct { \
364 bigint_t ( size ) temp[4]; \
365 } ); } )

Referenced by bigint_mod_exp_okx(), bigint_mod_exp_raw(), dhe_key(), and rsa_alloc().

Typedef Documentation

◆ bigint_ladder_op_t

typedef void bigint_ladder_op_t(const bigint_element_t *operand0, bigint_element_t *result0, unsigned int size, const void *ctx, void *tmp)

A big integer Montgomery ladder commutative operation.

Parameters
operandElement 0 of first input operand (may overlap result)
resultElement 0 of second input operand and result
sizeNumber of elements in operands and result
ctxOperation context (if needed)
tmpTemporary working space (if needed)

Definition at line 378 of file bigint.h.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ FILE_SECBOOT()

FILE_SECBOOT ( PERMITTED )

◆ __attribute__()

__attribute__ ( (always_inline) )
inlinestatic

Set bit in big integer.

Test if most significant bit is set in big integer.

Test if bit is set in big integer.

Clear bit in big integer.

Parameters
value0Element 0 of big integer
sizeNumber of elements
bitBit to set
value0Element 0 of big integer
sizeNumber of elements
bitBit to clear
value0Element 0 of big integer
sizeNumber of elements
bitBit to test
Return values
is_setBit is set
Parameters
value0Element 0 of big integer
sizeNumber of elements
Return values
is_setMost significant bit is set

◆ return()

return ( !! value->element[index] &(1UL<< subindex))

References index, subindex, and value.

◆ bigint_ntoa_raw()

const char * bigint_ntoa_raw ( const bigint_element_t * value0,
unsigned int size )

Transcribe big integer (for debugging)

Parameters
value0Element 0 of big integer to be transcribed
sizeNumber of elements
Return values
stringBig integer in string form (may be abbreviated)

Definition at line 48 of file bigint.c.

49 {
50 const bigint_t ( size ) __attribute__ (( may_alias ))
51 *value = ( ( const void * ) value0 );
52 bigint_element_t element;
53 static char buf[256];
54 unsigned int count;
55 int threshold;
56 uint8_t byte;
57 char *tmp;
58 int i;
59
60 /* Calculate abbreviation threshold, if any */
61 count = ( size * sizeof ( element ) );
62 threshold = count;
63 if ( count >= ( ( sizeof ( buf ) - 1 /* NUL */ ) / 2 /* "xx" */ ) ) {
64 threshold -= ( ( sizeof ( buf ) - 3 /* "..." */
65 - ( BIGINT_NTOA_LSB_MIN * 2 /* "xx" */ )
66 - 1 /* NUL */ ) / 2 /* "xx" */ );
67 }
68
69 /* Transcribe bytes, abbreviating with "..." if necessary */
70 for ( tmp = buf, i = ( count - 1 ) ; i >= 0 ; i-- ) {
71 element = value->element[ i / sizeof ( element ) ];
72 byte = ( element >> ( 8 * ( i % sizeof ( element ) ) ) );
73 tmp += sprintf ( tmp, "%02x", byte );
74 if ( i == threshold ) {
75 tmp += sprintf ( tmp, "..." );
76 i = BIGINT_NTOA_LSB_MIN;
77 }
78 }
79 assert ( tmp < ( buf + sizeof ( buf ) ) );
80
81 return buf;
82}
uint8_t
unsigned char uint8_t
Definition stdint.h:10
value0
static uint32_t * value0
Definition bigint.h:61
assert
#define assert(condition)
Assert a condition at run-time.
Definition assert.h:50
BIGINT_NTOA_LSB_MIN
#define BIGINT_NTOA_LSB_MIN
Minimum number of least significant bytes included in transcription.
Definition bigint.c:39
count
static unsigned int count
Number of entries.
Definition dwmac.h:220
__attribute__
#define __attribute__(x)
Definition compiler.h:10
bigint_t
#define bigint_t(size)
Define a big-integer type.
Definition bigint.h:20
byte
unsigned char byte
Definition smc9000.h:38
sprintf
#define sprintf(buf, fmt,...)
Write a formatted string to a buffer.
Definition stdio.h:37

References __attribute__, assert, BIGINT_NTOA_LSB_MIN, bigint_t, count, element, size, sprintf, tmp, value, and value0.

◆ bigint_init_raw()

void bigint_init_raw ( bigint_element_t * value0,
unsigned int size,
const void * data,
size_t len )

References data, len, size, and value0.

◆ bigint_done_raw()

void bigint_done_raw ( const bigint_element_t * value0,
unsigned int size,
void * out,
size_t len )

References len, out, size, and value0.

◆ bigint_add_raw()

int bigint_add_raw ( const bigint_element_t * addend0,
bigint_element_t * value0,
unsigned int size )

References size, and value0.

◆ bigint_subtract_raw()

int bigint_subtract_raw ( const bigint_element_t * subtrahend0,
bigint_element_t * value0,
unsigned int size )

References size, and value0.

◆ bigint_shl_raw()

int bigint_shl_raw ( bigint_element_t * value0,
unsigned int size )

References size, and value0.

◆ bigint_shr_raw()

int bigint_shr_raw ( bigint_element_t * value0,
unsigned int size )

References size, and value0.

◆ bigint_is_zero_raw()

int bigint_is_zero_raw ( const bigint_element_t * value0,
unsigned int size )

References size, and value0.

◆ bigint_is_geq_raw()

int bigint_is_geq_raw ( const bigint_element_t * value0,
const bigint_element_t * reference0,
unsigned int size )

References reference0, size, and value0.

◆ bigint_bit_is_set_raw()

int bigint_bit_is_set_raw ( const bigint_element_t * value0,
unsigned int size,
unsigned int bit )

References bit, size, and value0.

◆ bigint_max_set_bit_raw()

int bigint_max_set_bit_raw ( const bigint_element_t * value0,
unsigned int size )

References size, and value0.

◆ bigint_grow_raw()

void bigint_grow_raw ( const bigint_element_t * source0,
unsigned int source_size,
bigint_element_t * dest0,
unsigned int dest_size )

References dest0, dest_size, and source_size.

◆ bigint_shrink_raw()

void bigint_shrink_raw ( const bigint_element_t * source0,
unsigned int source_size,
bigint_element_t * dest0,
unsigned int dest_size )

References dest0, dest_size, size, and source_size.

◆ bigint_swap_raw()

void bigint_swap_raw ( bigint_element_t * first0,
bigint_element_t * second0,
unsigned int size,
int swap )

Conditionally swap big integers (in constant time)

Parameters
first0Element 0 of big integer to be conditionally swapped
second0Element 0 of big integer to be conditionally swapped
sizeNumber of elements in big integers
swapSwap first and second big integers

Definition at line 92 of file bigint.c.

93 {
94 bigint_element_t mask;
95 bigint_element_t xor;
96 unsigned int i;
97
98 /* Construct mask */
99 mask = ( ( bigint_element_t ) ( ! swap ) - 1 );
100
101 /* Conditionally swap elements */
102 for ( i = 0 ; i < size ; i++ ) {
103 xor = ( mask & ( first0[i] ^ second0[i] ) );
104 first0[i] ^= xor;
105 second0[i] ^= xor;
106 }
107}
xor
static u32 xor(u32 a, u32 b)
Definition tlan.h:457

References size, and xor().

◆ bigint_multiply_one()

void bigint_multiply_one ( const bigint_element_t multiplicand,
const bigint_element_t multiplier,
bigint_element_t * result,
bigint_element_t * carry )

References carry, ctx, multiplier, op, result, size, tmp, and value0.

Referenced by bigint_montgomery_relaxed_raw(), and bigint_multiply_raw().

◆ bigint_multiply_raw()

void bigint_multiply_raw ( const bigint_element_t * multiplicand0,
unsigned int multiplicand_size,
const bigint_element_t * multiplier0,
unsigned int multiplier_size,
bigint_element_t * result0 )

Multiply big integers.

Parameters
multiplicand0Element 0 of big integer to be multiplied
multiplicand_sizeNumber of elements in multiplicand
multiplier0Element 0 of big integer to be multiplied
multiplier_sizeNumber of elements in multiplier
result0Element 0 of big integer to hold result

Definition at line 118 of file bigint.c.

122 {
123 unsigned int result_size = ( multiplicand_size + multiplier_size );
124 const bigint_t ( multiplicand_size ) __attribute__ (( may_alias ))
125 *multiplicand = ( ( const void * ) multiplicand0 );
126 const bigint_t ( multiplier_size ) __attribute__ (( may_alias ))
127 *multiplier = ( ( const void * ) multiplier0 );
128 bigint_t ( result_size ) __attribute__ (( may_alias ))
129 *result = ( ( void * ) result0 );
130 bigint_element_t multiplicand_element;
131 const bigint_element_t *multiplier_element;
132 bigint_element_t *result_element;
133 bigint_element_t carry_element;
134 unsigned int i;
135 unsigned int j;
136
137 /* Zero required portion of result
138 *
139 * All elements beyond the length of the multiplier will be
140 * written before they are read, and so do not need to be
141 * zeroed in advance.
142 */
143 memset ( result, 0, sizeof ( *multiplier ) );
144
145 /* Multiply integers one element at a time, adding the low
146 * half of the double-element product directly into the
147 * result, and maintaining a running single-element carry.
148 *
149 * The running carry can never overflow beyond a single
150 * element. At each step, the calculation we perform is:
151 *
152 * carry:result[i+j] := ( ( multiplicand[i] * multiplier[j] )
153 * + result[i+j] + carry )
154 *
155 * The maximum value (for n-bit elements) is therefore:
156 *
157 * (2^n - 1)*(2^n - 1) + (2^n - 1) + (2^n - 1) = 2^(2n) - 1
158 *
159 * This is precisely the maximum value for a 2n-bit integer,
160 * and so the carry out remains within the range of an n-bit
161 * integer, i.e. a single element.
162 */
163 for ( i = 0 ; i < multiplicand_size ; i++ ) {
164 multiplicand_element = multiplicand->element[i];
165 multiplier_element = &multiplier->element[0];
166 result_element = &result->element[i];
167 carry_element = 0;
168 for ( j = 0 ; j < multiplier_size ; j++ ) {
169 bigint_multiply_one ( multiplicand_element,
170 *(multiplier_element++),
171 result_element++,
172 &carry_element );
173 }
174 *result_element = carry_element;
175 }
176}
bigint_multiply_one
void bigint_multiply_one(const bigint_element_t multiplicand, const bigint_element_t multiplier, bigint_element_t *result, bigint_element_t *carry)
memset
void * memset(void *dest, int character, size_t len) __nonnull

References __attribute__, bigint_multiply_one(), bigint_t, memset(), multiplier, and result.

◆ bigint_reduce_raw()

void bigint_reduce_raw ( const bigint_element_t * modulus0,
bigint_element_t * result0,
unsigned int size )

Reduce big integer R^2 modulo N.

Parameters
modulus0Element 0 of big integer modulus
result0Element 0 of big integer to hold result
sizeNumber of elements in modulus and result

Reduce the value R^2 modulo N, where R=2^n and n is the number of bits in the representation of the modulus N, including any leading zero bits.

Definition at line 189 of file bigint.c.

190 {
191 const bigint_t ( size ) __attribute__ (( may_alias ))
192 *modulus = ( ( const void * ) modulus0 );
193 bigint_t ( size ) __attribute__ (( may_alias ))
194 *result = ( ( void * ) result0 );
195 const unsigned int width = ( 8 * sizeof ( bigint_element_t ) );
196 unsigned int shift;
197 int max;
198 int sign;
199 int msb;
200 int carry;
201
202 /* We have the constants:
203 *
204 * N = modulus
205 *
206 * n = number of bits in the modulus (including any leading zeros)
207 *
208 * R = 2^n
209 *
210 * Let r be the extension of the n-bit result register by a
211 * separate two's complement sign bit, such that -R <= r < R,
212 * and define:
213 *
214 * x = r * 2^k
215 *
216 * as the value being reduced modulo N, where k is a
217 * non-negative integer bit shift.
218 *
219 * We want to reduce the initial value R^2=2^(2n), which we
220 * may trivially represent using r=1 and k=2n.
221 *
222 * We then iterate over decrementing k, maintaining the loop
223 * invariant:
224 *
225 * -N <= r < N
226 *
227 * On each iteration we must first double r, to compensate for
228 * having decremented k:
229 *
230 * k' = k - 1
231 *
232 * r' = 2r
233 *
234 * x = r * 2^k = 2r * 2^(k-1) = r' * 2^k'
235 *
236 * Note that doubling the n-bit result register will create a
237 * value of n+1 bits: this extra bit needs to be handled
238 * separately during the calculation.
239 *
240 * We then subtract N (if r is currently non-negative) or add
241 * N (if r is currently negative) to restore the loop
242 * invariant:
243 *
244 * 0 <= r < N => r" = 2r - N => -N <= r" < N
245 * -N <= r < 0 => r" = 2r + N => -N <= r" < N
246 *
247 * Note that since N may use all n bits, the most significant
248 * bit of the n-bit result register is not a valid two's
249 * complement sign bit for r: the extra sign bit therefore
250 * also needs to be handled separately.
251 *
252 * Once we reach k=0, we have x=r and therefore:
253 *
254 * -N <= x < N
255 *
256 * After this last loop iteration (with k=0), we may need to
257 * add a single multiple of N to ensure that x is positive,
258 * i.e. lies within the range 0 <= x < N.
259 *
260 * Since neither the modulus nor the value R^2 are secret, we
261 * may elide approximately half of the total number of
262 * iterations by constructing the initial representation of
263 * R^2 as r=2^m and k=2n-m (for some m such that 2^m < N).
264 */
265
266 /* Initialise x=R^2 */
267 memset ( result, 0, sizeof ( *result ) );
268 max = ( bigint_max_set_bit ( modulus ) - 2 );
269 if ( max < 0 ) {
270 /* Degenerate case of N=0 or N=1: return a zero result */
271 return;
272 }
273 bigint_set_bit ( result, max );
274 shift = ( ( 2 * size * width ) - max );
275 sign = 0;
276
277 /* Iterate as described above */
278 while ( shift-- ) {
279
280 /* Calculate 2r, storing extra bit separately */
281 msb = bigint_shl ( result );
282
283 /* Add or subtract N according to current sign */
284 if ( sign ) {
285 carry = bigint_add ( modulus, result );
286 } else {
287 carry = bigint_subtract ( modulus, result );
288 }
289
290 /* Calculate new sign of result
291 *
292 * We know the result lies in the range -N <= r < N
293 * and so the tuple (old sign, msb, carry) cannot ever
294 * take the values (0, 1, 0) or (1, 0, 0). We can
295 * therefore treat these as don't-care inputs, which
296 * allows us to simplify the boolean expression by
297 * ignoring the old sign completely.
298 */
299 assert ( ( sign == msb ) || carry );
300 sign = ( msb ^ carry );
301 }
302
303 /* Add N to make result positive if necessary */
304 if ( sign )
305 bigint_add ( modulus, result );
306
307 /* Sanity check */
308 assert ( ! bigint_is_geq ( result, modulus ) );
309}
carry
int carry
Definition bigint.h:68
max
#define max(x, y)
Definition ath.h:41
bigint_set_bit
#define bigint_set_bit(value, bit)
Set bit in big integer.
Definition bigint.h:156
bigint_shl
#define bigint_shl(value)
Shift big integer left.
Definition bigint.h:111
bigint_subtract
#define bigint_subtract(subtrahend, value)
Subtract big integers.
Definition bigint.h:99
bigint_max_set_bit
#define bigint_max_set_bit(value)
Find highest bit set in big integer.
Definition bigint.h:199
bigint_is_geq
#define bigint_is_geq(value, reference)
Compare big integers.
Definition bigint.h:145
bigint_add
#define bigint_add(addend, value)
Add big integers.
Definition bigint.h:87

References __attribute__, assert, bigint_add, bigint_is_geq, bigint_max_set_bit, bigint_set_bit, bigint_shl, bigint_subtract, bigint_t, carry, max, memset(), result, and size.

◆ bigint_mod_invert_raw()

void bigint_mod_invert_raw ( const bigint_element_t * invertend0,
bigint_element_t * inverse0,
unsigned int size )

Compute inverse of odd big integer modulo any power of two.

Parameters
invertend0Element 0 of odd big integer to be inverted
inverse0Element 0 of big integer to hold result
sizeNumber of elements in invertend and result

Definition at line 318 of file bigint.c.

319 {
320 const bigint_t ( size ) __attribute__ (( may_alias ))
321 *invertend = ( ( const void * ) invertend0 );
322 bigint_t ( size ) __attribute__ (( may_alias ))
323 *inverse = ( ( void * ) inverse0 );
324 bigint_element_t accum;
325 bigint_element_t bit;
326 unsigned int i;
327
328 /* Sanity check */
329 assert ( bigint_bit_is_set ( invertend, 0 ) );
330
331 /* Initialise output */
332 memset ( inverse, 0xff, sizeof ( *inverse ) );
333
334 /* Compute inverse modulo 2^(width)
335 *
336 * This method is a lightly modified version of the pseudocode
337 * presented in "A New Algorithm for Inversion mod p^k (Koç,
338 * 2017)".
339 *
340 * Each inner loop iteration calculates one bit of the
341 * inverse. The residue value is the two's complement
342 * negation of the value "b" as used by Koç, to allow for
343 * division by two using a logical right shift (since we have
344 * no arithmetic right shift operation for big integers).
345 *
346 * The residue is stored in the as-yet uncalculated portion of
347 * the inverse. The size of the residue therefore decreases
348 * by one element for each outer loop iteration. Trivial
349 * inspection of the algorithm shows that any higher bits
350 * could not contribute to the eventual output value, and so
351 * we may safely reuse storage this way.
352 *
353 * Due to the suffix property of inverses mod 2^k, the result
354 * represents the least significant bits of the inverse modulo
355 * an arbitrarily large 2^k.
356 */
357 for ( i = size ; i > 0 ; i-- ) {
358 const bigint_t ( i ) __attribute__ (( may_alias ))
359 *addend = ( ( const void * ) invertend );
360 bigint_t ( i ) __attribute__ (( may_alias ))
361 *residue = ( ( void * ) inverse );
362
363 /* Calculate one element's worth of inverse bits */
364 for ( accum = 0, bit = 1 ; bit ; bit <<= 1 ) {
365 if ( bigint_bit_is_set ( residue, 0 ) ) {
366 accum |= bit;
367 bigint_add ( addend, residue );
368 }
369 bigint_shr ( residue );
370 }
371
372 /* Store in the element no longer required to hold residue */
373 inverse->element[ i - 1 ] = accum;
374 }
375
376 /* Correct order of inverse elements */
377 for ( i = 0 ; i < ( size / 2 ) ; i++ ) {
378 accum = inverse->element[i];
379 inverse->element[i] = inverse->element[ size - 1 - i ];
380 inverse->element[ size - 1 - i ] = accum;
381 }
382}
bigint_bit_is_set
#define bigint_bit_is_set(value, bit)
Test if bit is set in big integer.
Definition bigint.h:179
bigint_shr
#define bigint_shr(value)
Shift big integer right.
Definition bigint.h:122

References __attribute__, assert, bigint_add, bigint_bit_is_set, bigint_shr, bigint_t, bit, memset(), and size.

◆ bigint_montgomery_relaxed_raw()

int bigint_montgomery_relaxed_raw ( const bigint_element_t * modulus0,
bigint_element_t * value0,
bigint_element_t * result0,
unsigned int size )

Perform relaxed Montgomery reduction (REDC) of a big integer.

Parameters
modulus0Element 0 of big integer odd modulus
value0Element 0 of big integer to be reduced
result0Element 0 of big integer to hold result
sizeNumber of elements in modulus and result
Return values
carryCarry out

The value to be reduced will be made divisible by the size of the modulus while retaining its residue class (i.e. multiples of the modulus will be added until the low half of the value is zero).

The result may be expressed as

tR = x + mN

where x is the input value, N is the modulus, R=2^n (where n is the number of bits in the representation of the modulus, including any leading zero bits), and m is the number of multiples of the modulus added to make the result tR divisible by R.

The maximum addend is mN <= (R-1)*N (and such an m can be proven to exist since N is limited to being odd and therefore coprime to R).

Since the result of this addition is one bit larger than the input value, a carry out bit is also returned. The caller may be able to prove that the carry out is always zero, in which case it may be safely ignored.

The upper half of the output value (i.e. t) will also be copied to the result pointer. It is permissible for the result pointer to overlap the lower half of the input value.

External knowledge of constraints on the modulus and the input value may be used to prove constraints on the result. The constraint on the modulus may be generally expressed as

R > kN

for some positive integer k. The value k=1 is allowed, and simply expresses that the modulus fits within the number of bits in its own representation.

For classic Montgomery reduction, we have k=1, i.e. R > N and a separate constraint that the input value is in the range x < RN. This gives the result constraint

tR < RN + (R-1)N < 2RN - N < 2RN t < 2N

A single subtraction of the modulus may therefore be required to bring it into the range t < N.

When the input value is known to be a product of two integers A and B, with A < aN and B < bN, we get the result constraint

tR < abN^2 + (R-1)N < (ab/k)RN + RN - N < (1 + ab/k)RN t < (1 + ab/k)N

If we have k=a=b=1, i.e. R > N with A < N and B < N, then the result is in the range t < 2N and may require a single subtraction of the modulus to bring it into the range t < N so that it may be used as an input on a subsequent iteration.

If we have k=4 and a=b=2, i.e. R > 4N with A < 2N and B < 2N, then the result is in the range t < 2N and may immediately be used as an input on a subsequent iteration, without requiring a subtraction.

Larger values of k may be used to allow for larger values of a and b, which can be useful to elide intermediate reductions in a calculation chain that involves additions and subtractions between multiplications (as used in elliptic curve point addition, for example). As a general rule: each intermediate addition or subtraction will require k to be doubled.

When the input value is known to be a single integer A, with A < aN (as used when converting out of Montgomery form), we get the result constraint

tR < aN + (R-1)N < RN + (a-1)N

If we have a=1, i.e. A < N, then the constraint becomes

tR < RN t < N

and so the result is immediately in the range t < N with no subtraction of the modulus required.

For any larger value of a, the result value t=N becomes possible. Additional external knowledge may potentially be used to prove that t=N cannot occur. For example: if the caller is performing modular exponentiation with a prime modulus (or, more generally, a modulus that is coprime to the base), then there is no way for a non-zero base value to end up producing an exact multiple of the modulus. If t=N cannot be disproved, then conversion out of Montgomery form may require an additional subtraction of the modulus.

Definition at line 488 of file bigint.c.

491 {
492 const bigint_t ( size ) __attribute__ (( may_alias ))
493 *modulus = ( ( const void * ) modulus0 );
494 union {
495 bigint_t ( size * 2 ) full;
496 struct {
497 bigint_t ( size ) low;
498 bigint_t ( size ) high;
499 } __attribute__ (( packed ));
500 } __attribute__ (( may_alias )) *value = ( ( void * ) value0 );
501 bigint_t ( size ) __attribute__ (( may_alias ))
502 *result = ( ( void * ) result0 );
503 static bigint_t ( 1 ) cached;
504 static bigint_t ( 1 ) negmodinv;
505 bigint_element_t multiple;
506 bigint_element_t carry;
507 unsigned int i;
508 unsigned int j;
509 int overflow;
510
511 /* Sanity checks */
512 assert ( bigint_bit_is_set ( modulus, 0 ) );
513
514 /* Calculate inverse (or use cached version) */
515 if ( cached.element[0] != modulus->element[0] ) {
516 bigint_mod_invert ( modulus, &negmodinv );
517 negmodinv.element[0] = -negmodinv.element[0];
518 cached.element[0] = modulus->element[0];
519 }
520
521 /* Perform multiprecision Montgomery reduction */
522 for ( i = 0 ; i < size ; i++ ) {
523
524 /* Determine scalar multiple for this round */
525 multiple = ( value->low.element[i] * negmodinv.element[0] );
526
527 /* Multiply value to make it divisible by 2^(width*i) */
528 carry = 0;
529 for ( j = 0 ; j < size ; j++ ) {
530 bigint_multiply_one ( multiple, modulus->element[j],
531 &value->full.element[ i + j ],
532 &carry );
533 }
534
535 /* Since value is now divisible by 2^(width*i), we
536 * know that the current low element must have been
537 * zeroed.
538 */
539 assert ( value->low.element[i] == 0 );
540
541 /* Store the multiplication carry out in the result,
542 * avoiding the need to immediately propagate the
543 * carry through the remaining elements.
544 */
545 result->element[i] = carry;
546 }
547
548 /* Add the accumulated carries */
549 overflow = bigint_add ( result, &value->high );
550
551 /* Copy to result buffer */
552 bigint_copy ( &value->high, result );
553
554 return overflow;
555}
bigint_mod_invert
#define bigint_mod_invert(invertend, inverse)
Compute inverse of odd big integer modulo any power of two.
Definition bigint.h:286
bigint_copy
#define bigint_copy(source, dest)
Copy big integer.
Definition bigint.h:235
high
uint32_t high
High 32 bits of address.
Definition myson.h:1
low
uint32_t low
Low 16 bits of address.
Definition myson.h:0
if
if(natsemi->flags &NATSEMI_64BIT) return 1

References __attribute__, assert, bigint_add, bigint_bit_is_set, bigint_copy, bigint_mod_invert, bigint_multiply_one(), bigint_t, carry, high, low, result, size, value, and value0.

◆ bigint_montgomery_raw()

void bigint_montgomery_raw ( const bigint_element_t * modulus0,
bigint_element_t * value0,
bigint_element_t * result0,
unsigned int size )

Perform classic Montgomery reduction (REDC) of a big integer.

Parameters
modulus0Element 0 of big integer odd modulus
value0Element 0 of big integer to be reduced
result0Element 0 of big integer to hold result
sizeNumber of elements in modulus and result

Definition at line 565 of file bigint.c.

568 {
569 const bigint_t ( size ) __attribute__ (( may_alias ))
570 *modulus = ( ( const void * ) modulus0 );
571 union {
572 bigint_t ( size * 2 ) full;
573 struct {
574 bigint_t ( size ) low;
575 bigint_t ( size ) high;
576 } __attribute__ (( packed ));
577 } __attribute__ (( may_alias )) *value = ( ( void * ) value0 );
578 bigint_t ( size ) __attribute__ (( may_alias ))
579 *result = ( ( void * ) result0 );
580 int overflow;
581 int underflow;
582
583 /* Sanity check */
584 assert ( ! bigint_is_geq ( &value->high, modulus ) );
585
586 /* Perform relaxed Montgomery reduction */
587 overflow = bigint_montgomery_relaxed ( modulus, &value->full, result );
588
589 /* Conditionally subtract the modulus once */
590 underflow = bigint_subtract ( modulus, result );
591 bigint_swap ( result, &value->high, ( underflow & ~overflow ) );
592
593 /* Sanity check */
594 assert ( ! bigint_is_geq ( result, modulus ) );
595}
bigint_montgomery_relaxed
#define bigint_montgomery_relaxed(modulus, value, result)
Perform relaxed Montgomery reduction (REDC) of a big integer.
Definition bigint.h:300
bigint_swap
#define bigint_swap(first, second, swap)
Conditionally swap big integers (in constant time)
Definition bigint.h:247

References __attribute__, assert, bigint_is_geq, bigint_montgomery_relaxed, bigint_subtract, bigint_swap, bigint_t, high, low, result, size, value, and value0.

◆ bigint_ladder_raw()

void bigint_ladder_raw ( bigint_element_t * result0,
bigint_element_t * multiple0,
unsigned int size,
const bigint_element_t * exponent0,
unsigned int exponent_size,
bigint_ladder_op_t * op,
const void * ctx,
void * tmp )

Perform generalised exponentiation via a Montgomery ladder.

Parameters
result0Element 0 of result (initialised to identity element)
multiple0Element 0 of multiple (initialised to generator)
sizeNumber of elements in result and multiple
exponent0Element 0 of exponent
exponent_sizeNumber of elements in exponent
opMontgomery ladder commutative operation
ctxOperation context (if needed)
tmpTemporary working space (if needed)

The Montgomery ladder may be used to perform any operation that is isomorphic to exponentiation, i.e. to compute the result

r = g^e = g * g * g * g * .... * g

for an arbitrary commutative operation "*", generator "g" and exponent "e".

The result "r" is computed in constant time (assuming that the underlying operation is constant time) in k steps, where k is the number of bits in the big integer representation of the exponent.

The result "r" must be initialised to the operation's identity element, and the multiple must be initialised to the generator "g". On exit, the multiple will contain

m = r * g = g^(e+1)

Note that the terminology used here refers to exponentiation defined as repeated multiplication, but that the ladder may equally well be used to perform any isomorphic operation (such as multiplication defined as repeated addition).

Definition at line 632 of file bigint.c.

636 {
637 bigint_t ( size ) __attribute__ (( may_alias ))
638 *result = ( ( void * ) result0 );
639 bigint_t ( size ) __attribute__ (( may_alias ))
640 *multiple = ( ( void * ) multiple0 );
641 const bigint_t ( exponent_size ) __attribute__ (( may_alias ))
642 *exponent = ( ( const void * ) exponent0 );
643 const unsigned int width = ( 8 * sizeof ( bigint_element_t ) );
644 unsigned int bit = ( exponent_size * width );
645 int toggle = 0;
646 int previous;
647
648 /* We have two physical storage locations: Rres (the "result"
649 * register) and Rmul (the "multiple" register).
650 *
651 * On entry we have:
652 *
653 * Rres = g^0 = 1 (the identity element)
654 * Rmul = g (the generator)
655 *
656 * For calculation purposes, define two virtual registers R[0]
657 * and R[1], mapped to the underlying physical storage
658 * locations via a boolean toggle state "t":
659 *
660 * R[t] -> Rres
661 * R[~t] -> Rmul
662 *
663 * Define the initial toggle state to be t=0, so that we have:
664 *
665 * R[0] = g^0 = 1 (the identity element)
666 * R[1] = g (the generator)
667 *
668 * The Montgomery ladder then iterates over each bit "b" of
669 * the exponent "e" (from MSB down to LSB), computing:
670 *
671 * R[1] := R[0] * R[1], R[0] := R[0] * R[0] (if b=0)
672 * R[0] := R[1] * R[0], R[1] := R[1] * R[1] (if b=1)
673 *
674 * i.e.
675 *
676 * R[~b] := R[b] * R[~b], R[b] := R[b] * R[b]
677 *
678 * To avoid data-dependent memory access patterns, we
679 * implement this as:
680 *
681 * Rmul := Rres * Rmul
682 * Rres := Rres * Rres
683 *
684 * and update the toggle state "t" (via constant-time
685 * conditional swaps) as needed to ensure that R[b] always
686 * maps to Rres and R[~b] always maps to Rmul.
687 */
688 while ( bit-- ) {
689
690 /* Update toggle state t := b
691 *
692 * If the new toggle state is not equal to the old
693 * toggle state, then we must swap R[0] and R[1] (in
694 * constant time).
695 */
696 previous = toggle;
697 toggle = bigint_bit_is_set ( exponent, bit );
698 bigint_swap ( result, multiple, ( toggle ^ previous ) );
699
700 /* Calculate Rmul = R[~b] := R[b] * R[~b] = Rres * Rmul */
701 op ( result->element, multiple->element, size, ctx, tmp );
702
703 /* Calculate Rres = R[b] := R[b] * R[b] = Rres * Rres */
704 op ( result->element, result->element, size, ctx, tmp );
705 }
706
707 /* Reset toggle state to zero */
708 bigint_swap ( result, multiple, toggle );
709}

References __attribute__, bigint_bit_is_set, bigint_swap, bigint_t, bit, ctx, op, result, size, and tmp.

◆ bigint_mod_exp_ladder()

void bigint_mod_exp_ladder ( const bigint_element_t * multiplier0,
bigint_element_t * result0,
unsigned int size,
const void * ctx,
void * tmp )

Perform modular multiplication as part of a Montgomery ladder.

Parameters
operandElement 0 of first input operand (may overlap result)
resultElement 0 of second input operand and result
sizeNumber of elements in operands and result
ctxOperation context (odd modulus, or NULL)
tmpTemporary working space

Definition at line 720 of file bigint.c.

722 {
723 const bigint_t ( size ) __attribute__ (( may_alias ))
724 *multiplier = ( ( const void * ) multiplier0 );
725 bigint_t ( size ) __attribute__ (( may_alias ))
726 *result = ( ( void * ) result0 );
727 const bigint_t ( size ) __attribute__ (( may_alias ))
728 *modulus = ( ( const void * ) ctx );
729 bigint_t ( size * 2 ) __attribute__ (( may_alias ))
730 *product = ( ( void * ) tmp );
731
732 /* Multiply and reduce */
733 bigint_multiply ( result, multiplier, product );
734 if ( modulus ) {
735 bigint_montgomery ( modulus, product, result );
736 } else {
737 bigint_shrink ( product, result );
738 }
739}
bigint_montgomery
#define bigint_montgomery(modulus, value, result)
Perform classic Montgomery reduction (REDC) of a big integer.
Definition bigint.h:314
bigint_shrink
#define bigint_shrink(source, dest)
Shrink big integer.
Definition bigint.h:222
bigint_multiply
#define bigint_multiply(multiplicand, multiplier, result)
Multiply big integers.
Definition bigint.h:260
product
uint8_t product
Product string.
Definition smbios.h:5

References __attribute__, bigint_montgomery, bigint_multiply, bigint_shrink, bigint_t, ctx, multiplier, product, result, size, and tmp.

Referenced by bigint_mod_exp_raw(), ecdsa_invert(), and weierstrass_done_raw().

◆ bigint_mod_exp_raw()

void bigint_mod_exp_raw ( const bigint_element_t * base0,
const bigint_element_t * modulus0,
const bigint_element_t * exponent0,
bigint_element_t * result0,
unsigned int size,
unsigned int exponent_size,
void * tmp )

Perform modular exponentiation of big integers.

Parameters
base0Element 0 of big integer base
modulus0Element 0 of big integer modulus
exponent0Element 0 of big integer exponent
result0Element 0 of big integer to hold result
sizeNumber of elements in base, modulus, and result
exponent_sizeNumber of elements in exponent
tmpTemporary working space

Definition at line 752 of file bigint.c.

757 {
758 const bigint_t ( size ) __attribute__ (( may_alias )) *base =
759 ( ( const void * ) base0 );
760 const bigint_t ( size ) __attribute__ (( may_alias )) *modulus =
761 ( ( const void * ) modulus0 );
762 const bigint_t ( exponent_size ) __attribute__ (( may_alias ))
763 *exponent = ( ( const void * ) exponent0 );
764 bigint_t ( size ) __attribute__ (( may_alias )) *result =
765 ( ( void * ) result0 );
766 const unsigned int width = ( 8 * sizeof ( bigint_element_t ) );
767 struct {
768 struct {
769 bigint_t ( size ) modulus;
770 bigint_t ( size ) stash;
771 };
772 union {
773 bigint_t ( 2 * size ) full;
774 bigint_t ( size ) low;
775 } product;
776 } *temp = tmp;
777 const uint8_t one[1] = { 1 };
778 bigint_element_t submask;
779 unsigned int subsize;
780 unsigned int scale;
781 unsigned int i;
782
783 /* Sanity check */
784 assert ( sizeof ( *temp ) == bigint_mod_exp_tmp_len ( modulus ) );
785
786 /* Handle degenerate case of zero modulus */
787 if ( ! bigint_max_set_bit ( modulus ) ) {
788 memset ( result, 0, sizeof ( *result ) );
789 return;
790 }
791
792 /* Factor modulus as (N * 2^scale) where N is odd */
793 bigint_copy ( modulus, &temp->modulus );
794 for ( scale = 0 ; ( ! bigint_bit_is_set ( &temp->modulus, 0 ) ) ;
795 scale++ ) {
796 bigint_shr ( &temp->modulus );
797 }
798 subsize = ( ( scale + width - 1 ) / width );
799 submask = ( ( 1UL << ( scale % width ) ) - 1 );
800 if ( ! submask )
801 submask = ~submask;
802
803 /* Calculate (R^2 mod N) */
804 bigint_reduce ( &temp->modulus, &temp->stash );
805
806 /* Initialise result = Montgomery(1, R^2 mod N) */
807 bigint_grow ( &temp->stash, &temp->product.full );
808 bigint_montgomery ( &temp->modulus, &temp->product.full, result );
809
810 /* Convert base into Montgomery form */
811 bigint_multiply ( base, &temp->stash, &temp->product.full );
812 bigint_montgomery ( &temp->modulus, &temp->product.full,
813 &temp->stash );
814
815 /* Calculate x1 = base^exponent modulo N */
816 bigint_ladder ( result, &temp->stash, exponent, bigint_mod_exp_ladder,
817 &temp->modulus, &temp->product );
818
819 /* Convert back out of Montgomery form */
820 bigint_grow ( result, &temp->product.full );
821 bigint_montgomery_relaxed ( &temp->modulus, &temp->product.full,
822 result );
823
824 /* Handle even moduli via Garner's algorithm */
825 if ( subsize ) {
826 const bigint_t ( subsize ) __attribute__ (( may_alias ))
827 *subbase = ( ( const void * ) base );
828 bigint_t ( subsize ) __attribute__ (( may_alias ))
829 *submodulus = ( ( void * ) &temp->modulus );
830 bigint_t ( subsize ) __attribute__ (( may_alias ))
831 *substash = ( ( void * ) &temp->stash );
832 bigint_t ( subsize ) __attribute__ (( may_alias ))
833 *subresult = ( ( void * ) result );
834 union {
835 bigint_t ( 2 * subsize ) full;
836 bigint_t ( subsize ) low;
837 } __attribute__ (( may_alias ))
838 *subproduct = ( ( void * ) &temp->product.full );
839
840 /* Calculate x2 = base^exponent modulo 2^k */
841 bigint_init ( substash, one, sizeof ( one ) );
842 bigint_copy ( subbase, submodulus );
843 bigint_ladder ( substash, submodulus, exponent,
844 bigint_mod_exp_ladder, NULL, subproduct );
845
846 /* Reconstruct N */
847 bigint_copy ( modulus, &temp->modulus );
848 for ( i = 0 ; i < scale ; i++ )
849 bigint_shr ( &temp->modulus );
850
851 /* Calculate N^-1 modulo 2^k */
852 bigint_mod_invert ( submodulus, &subproduct->low );
853 bigint_copy ( &subproduct->low, submodulus );
854
855 /* Calculate y = (x2 - x1) * N^-1 modulo 2^k */
856 bigint_subtract ( subresult, substash );
857 bigint_multiply ( substash, submodulus, &subproduct->full );
858 subproduct->low.element[ subsize - 1 ] &= submask;
859 bigint_grow ( &subproduct->low, &temp->stash );
860
861 /* Reconstruct N */
862 bigint_mod_invert ( submodulus, &subproduct->low );
863 bigint_copy ( &subproduct->low, submodulus );
864
865 /* Calculate x = x1 + N * y */
866 bigint_multiply ( &temp->modulus, &temp->stash,
867 &temp->product.full );
868 bigint_add ( &temp->product.low, result );
869 }
870}
NULL
#define NULL
NULL pointer (VOID *)
Definition Base.h:322
bigint_mod_exp_ladder
void bigint_mod_exp_ladder(const bigint_element_t *multiplier0, bigint_element_t *result0, unsigned int size, const void *ctx, void *tmp)
Perform modular multiplication as part of a Montgomery ladder.
Definition bigint.c:720
bigint_grow
#define bigint_grow(source, dest)
Grow big integer.
Definition bigint.h:209
bigint_ladder
#define bigint_ladder(result, multiple, exponent, op, ctx, tmp)
Perform generalised exponentiation via a Montgomery ladder.
Definition bigint.h:330
bigint_mod_exp_tmp_len
#define bigint_mod_exp_tmp_len(modulus)
Calculate temporary working space required for moduluar exponentiation.
Definition bigint.h:361
bigint_reduce
#define bigint_reduce(modulus, result)
Reduce big integer R^2 modulo N.
Definition bigint.h:274
bigint_init
#define bigint_init(value, data, len)
Initialise big integer.
Definition bigint.h:62

References __attribute__, assert, base, bigint_add, bigint_bit_is_set, bigint_copy, bigint_grow, bigint_init, bigint_ladder, bigint_max_set_bit, bigint_mod_exp_ladder(), bigint_mod_exp_tmp_len, bigint_mod_invert, bigint_montgomery, bigint_montgomery_relaxed, bigint_multiply, bigint_reduce, bigint_shr, bigint_subtract, bigint_t, low, memset(), NULL, product, result, size, and tmp.

Variable Documentation

◆ size

unsigned int size
Initial value:
{
const bigint_t ( size ) __attribute__ (( may_alias )) *value =
( ( const void * ) value0 )

Definition at line 391 of file bigint.h.

◆ bit

unsigned int unsigned int bit
Initial value:
{
bigint_t ( size ) __attribute__ (( may_alias )) *value =
( ( void * ) value0 )

Definition at line 392 of file bigint.h.

Referenced by __volatile__(), __volatile__(), __volatile__(), __volatile__(), _tg3_flag(), _tg3_flag_clear(), _tg3_flag_set(), arbel_bitmask_alloc(), arbel_bitmask_free(), ath5k_hw_bitswap(), b44_wait_bit(), base64_decode(), base64_encode(), bigint_bit_is_set_okx(), bigint_bit_is_set_raw(), bigint_bit_is_set_sample(), bigint_ladder_raw(), bigint_mod_invert_raw(), bigint_shl_okx(), bigint_shr_okx(), bitmap_set(), bitmap_test(), clear_bit(), cpuid_exec(), deflate_init(), des_generate(), des_permute(), gve_poll_rx(), gve_poll_tx(), hermon_bitmask_alloc(), hermon_bitmask_free(), hub_clear_changes(), i2c_recv_bit(), i2c_send_bit(), isqrt(), linda_i2c_write_bit(), mii_bit_xfer(), qib7322_i2c_write_bit(), set_bit(), spi_bit_transfer(), test_and_clear_bit(), test_and_set_bit(), vmbus_signal_monitor(), vxgetlink(), vxsetlink(), x25519_ladder(), and x25519_step().

◆ index

unsigned int index = ( bit / ( 8 * sizeof ( value->element[0] ) ) )

Definition at line 395 of file bigint.h.

◆ subindex

unsigned int subindex = ( bit % ( 8 * sizeof ( value->element[0] ) ) )

Definition at line 396 of file bigint.h.

Referenced by return().

◆ element

value element[index] = ( 1UL << subindex )

Definition at line 398 of file bigint.h.

Referenced by bigint_ntoa_raw(), linda_ib_epb_mod_reg(), and linda_set_serdes_param().

Generated by doxygen 1.14.0