Lines Matching +full:- +full:z
2 * \brief Multi-precision integer library, ESP32 hardware accelerated parts
6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8 * SPDX-License-Identifier: Apache-2.0
14 * http://www.apache.org/licenses/LICENSE-2.0
42 * - Naming convention x_words, y_words, z_words for number of words (limbs) used in a particular
45 …* - Naming convention hw_words for the hardware length of the operation. This number maybe be roun…
49 …* - Timing behaviour of these functions will depend on the length of the inputs. This is fundament…
73 for (size_t i = mpi->n; i > 0; i--) { in mpi_words()
74 if (mpi->p[i - 1] != 0) { in mpi_words()
85 * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1,
86 * where B^-1(B-1) mod N=1. Actually, only the least significant part of
95 uint64_t two_2_i_minus_1 = 2; /* 2^(i-1) */ in modular_inverse()
97 uint64_t N = M->p[0]; in modular_inverse()
108 return (mbedtls_mpi_uint)(UINT32_MAX - t + 1); in modular_inverse()
143 /* Z = (X * Y) mod M
147 int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_m… in esp_mpi_mul_mpi_mod() argument
172 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Z, z_words)); in esp_mpi_mul_mpi_mod()
174 esp_mpi_read_result_hw_op(Z, z_words); in esp_mpi_mul_mpi_mod()
175 Z->s = X->s * Y->s; in esp_mpi_mul_mpi_mod()
188 * Return the most significant one-bit.
193 if (X != NULL && X->n != 0) { in mbedtls_mpi_msb()
194 for (i = X->n - 1; i >= 0; i--) { in mbedtls_mpi_msb()
195 if (X->p[i] != 0) { in mbedtls_mpi_msb()
196 for (j = biL - 1; j >= 0; j--) { in mbedtls_mpi_msb()
197 if ((X->p[i] & (1 << j)) != 0) { in mbedtls_mpi_msb()
208 * Montgomery exponentiation: Z = X ^ Y mod M (HAC 14.94)
210 static int mpi_montgomery_exp_calc( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, con… in mpi_montgomery_exp_calc() argument
236 // 1.2 z = R mod m in mpi_montgomery_exp_calc()
237 // now z = R mod m = Mont (R^2 mod m, 1) mod M (as Mont(x) = X&R^-1 mod M) in mpi_montgomery_exp_calc()
238 MBEDTLS_MPI_CHK( esp_mont_hw_op(Z, Rinv, &one, M, Mprime, hw_words, true) ); in mpi_montgomery_exp_calc()
241 for (int i = t; i >= 0; i--) { in mpi_montgomery_exp_calc()
242 // 2.1 z = mont(z,z) in mpi_montgomery_exp_calc()
244 MBEDTLS_MPI_CHK( esp_mont_hw_op(Z, Z, Z, M, Mprime, hw_words, true) ); in mpi_montgomery_exp_calc()
247 // 2.2 if y[i] = 1 then z = mont(A, x_) in mpi_montgomery_exp_calc()
249 MBEDTLS_MPI_CHK( esp_mont_hw_op(Z, Z, &X_, M, Mprime, hw_words, true) ); in mpi_montgomery_exp_calc()
253 // 3 z = Mont(z, 1) in mpi_montgomery_exp_calc()
254 MBEDTLS_MPI_CHK( esp_mont_hw_op(Z, Z, &one, M, Mprime, hw_words, true) ); in mpi_montgomery_exp_calc()
269 * Z = X ^ Y mod M
271 * _Rinv is optional pre-calculated version of Rinv (via calculate_rinv()).
276 static int esp_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedt… in esp_mpi_exp_mod() argument
297 if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->p[0] & 1) == 0) { in esp_mpi_exp_mod()
306 return mbedtls_mpi_lset(Z, 1); in esp_mpi_exp_mod()
317 if (Rinv->p == NULL) { in esp_mpi_exp_mod()
323 // Montgomery exponentiation: Z = X ^ Y mod M (HAC 14.94) in esp_mpi_exp_mod()
325 ret = mpi_montgomery_exp_calc(Z, X, Y, M, Rinv, num_words, Mprime) ; in esp_mpi_exp_mod()
331 ret = mbedtls_mpi_grow(Z, m_words); in esp_mpi_exp_mod()
336 esp_mpi_read_result_hw_op(Z, m_words); in esp_mpi_exp_mod()
341 if (X->s == -1 && (Y->p[0] & 1) != 0) { in esp_mpi_exp_mod()
342 Z->s = -1; in esp_mpi_exp_mod()
343 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(Z, M, Z)); in esp_mpi_exp_mod()
345 Z->s = 1; in esp_mpi_exp_mod()
358 * Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
383 static int mpi_mult_mpi_failover_mod_mult( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi …
384 static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t…
386 /* Z = X * Y */
387 int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y ) in mbedtls_mpi_mul_mpi() argument
397 /* Short-circuit eval if either argument is 0 or 1. in mbedtls_mpi_mul_mpi()
405 mbedtls_mpi_lset(Z, 0); in mbedtls_mpi_mul_mpi()
409 ret = mbedtls_mpi_copy(Z, Y); in mbedtls_mpi_mul_mpi()
410 Z->s *= X->s; in mbedtls_mpi_mul_mpi()
414 ret = mbedtls_mpi_copy(Z, X); in mbedtls_mpi_mul_mpi()
415 Z->s *= Y->s; in mbedtls_mpi_mul_mpi()
419 /* Grow Z to result size early, avoid interim allocations */ in mbedtls_mpi_mul_mpi()
420 MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, z_words) ); in mbedtls_mpi_mul_mpi()
435 return mpi_mult_mpi_failover_mod_mult(Z, X, Y, z_words); in mbedtls_mpi_mul_mpi()
439 return mpi_mult_mpi_overlong(Z, X, Y, y_words, z_words); in mbedtls_mpi_mul_mpi()
441 return mpi_mult_mpi_overlong(Z, Y, X, x_words, z_words); in mbedtls_mpi_mul_mpi()
450 esp_mpi_read_result_hw_op(Z, z_words); in mbedtls_mpi_mul_mpi()
454 Z->s = X->s * Y->s; in mbedtls_mpi_mul_mpi()
483 Z = X * Y
484 Z = X * (Yp + Ypp<<b)
485 Z = (X * Yp) + (X * Ypp<<b)
490 static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t… in mpi_mult_mpi_overlong() argument
498 .p = Y->p, in mpi_mult_mpi_overlong()
500 .s = Y->s in mpi_mult_mpi_overlong()
504 .p = Y->p + words_slice, in mpi_mult_mpi_overlong()
505 .n = y_words - words_slice, in mpi_mult_mpi_overlong()
506 .s = Y->s in mpi_mult_mpi_overlong()
513 /* Z = Ypp * Y */ in mpi_mult_mpi_overlong()
514 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(Z, X, &Ypp) ); in mpi_mult_mpi_overlong()
516 /* Z = Z << b */ in mpi_mult_mpi_overlong()
517 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l(Z, words_slice * 32) ); in mpi_mult_mpi_overlong()
519 /* Z += Ztemp */ in mpi_mult_mpi_overlong()
520 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi(Z, Z, &Ztemp) ); in mpi_mult_mpi_overlong()
528 /* Special-case of mbedtls_mpi_mult_mpi(), where we use hardware montgomery mod
537 * Modulus is chosen with M=(2^num_bits - 1) (ie M=R-1), so output
546 static int mpi_mult_mpi_failover_mod_mult( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi … in mpi_mult_mpi_failover_mod_mult() argument
554 MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, hw_words) ); in mpi_mult_mpi_failover_mod_mult()
555 esp_mpi_read_result_hw_op(Z, hw_words); in mpi_mult_mpi_failover_mod_mult()
557 Z->s = X->s * Y->s; in mpi_mult_mpi_failover_mod_mult()