150     MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, ECDSA_RS_ECP, ops));
203 static int derive_mpi(const mbedtls_ecp_group *grp, mbedtls_mpi *x,  in derive_mpi()  argument
207     size_t n_size = (grp->nbits + 7) / 8;  in derive_mpi()
211     if (use_size * 8 > grp->nbits) {  in derive_mpi()
212         MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(x, use_size * 8 - grp->nbits));  in derive_mpi()
216     if (mbedtls_mpi_cmp_mpi(x, &grp->N) >= 0) {  in derive_mpi()
217         MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(x, x, &grp->N));  in derive_mpi()
243 int mbedtls_ecdsa_sign_restartable(mbedtls_ecp_group *grp,  in mbedtls_ecdsa_sign_restartable()  argument
258     if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) {  in mbedtls_ecdsa_sign_restartable()
263     if (mbedtls_mpi_cmp_int(d, 1) < 0 || mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) {  in mbedtls_ecdsa_sign_restartable()
308             MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, pk, f_rng, p_rng));  in mbedtls_ecdsa_sign_restartable()
317             MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &R, pk, &grp->G,  in mbedtls_ecdsa_sign_restartable()
321             MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pr, &R.X, &grp->N));  in mbedtls_ecdsa_sign_restartable()
340         MBEDTLS_MPI_CHK(derive_mpi(grp, &e, buf, blen));  in mbedtls_ecdsa_sign_restartable()
346         MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, &t, f_rng_blind,  in mbedtls_ecdsa_sign_restartable()
356         MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pk, pk, &grp->N));  in mbedtls_ecdsa_sign_restartable()
357         MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(s, pk, &grp->N));  in mbedtls_ecdsa_sign_restartable()
359         MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(s, s, &grp->N));  in mbedtls_ecdsa_sign_restartable()
380 int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,  in mbedtls_ecdsa_sign()  argument
385     return mbedtls_ecdsa_sign_restartable(grp, r, s, d, buf, blen,  in mbedtls_ecdsa_sign()
397 int mbedtls_ecdsa_sign_det_restartable(mbedtls_ecp_group *grp,  in mbedtls_ecdsa_sign_det_restartable()  argument
409     size_t grp_len = (grp->nbits + 7) / 8;  in mbedtls_ecdsa_sign_det_restartable()
436     MBEDTLS_MPI_CHK(derive_mpi(grp, &h, buf, blen));  in mbedtls_ecdsa_sign_det_restartable()
450     ret = mbedtls_ecdsa_sign(grp, r, s, d, buf, blen,  in mbedtls_ecdsa_sign_det_restartable()
453     ret = mbedtls_ecdsa_sign_restartable(grp, r, s, d, buf, blen,  in mbedtls_ecdsa_sign_det_restartable()
470 int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r,  in mbedtls_ecdsa_sign_det_ext()  argument
478     return mbedtls_ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg,  in mbedtls_ecdsa_sign_det_ext()
488 int mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp,  in mbedtls_ecdsa_verify_restartable()  argument
505     if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) {  in mbedtls_ecdsa_verify_restartable()
527     if (mbedtls_mpi_cmp_int(r, 1) < 0 || mbedtls_mpi_cmp_mpi(r, &grp->N) >= 0 ||  in mbedtls_ecdsa_verify_restartable()
528         mbedtls_mpi_cmp_int(s, 1) < 0 || mbedtls_mpi_cmp_mpi(s, &grp->N) >= 0) {  in mbedtls_ecdsa_verify_restartable()
536     MBEDTLS_MPI_CHK(derive_mpi(grp, &e, buf, blen));  in mbedtls_ecdsa_verify_restartable()
543     MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&s_inv, s, &grp->N));  in mbedtls_ecdsa_verify_restartable()
546     MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu1, pu1, &grp->N));  in mbedtls_ecdsa_verify_restartable()
549     MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu2, pu2, &grp->N));  in mbedtls_ecdsa_verify_restartable()
561     MBEDTLS_MPI_CHK(mbedtls_ecp_muladd_restartable(grp,  in mbedtls_ecdsa_verify_restartable()
562                                                    &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP));  in mbedtls_ecdsa_verify_restartable()
573     MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&R.X, &R.X, &grp->N));  in mbedtls_ecdsa_verify_restartable()
596 int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,  in mbedtls_ecdsa_verify()  argument
602     return mbedtls_ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL);  in mbedtls_ecdsa_verify()
657     MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_det_restartable(&ctx->grp, &r, &s, &ctx->d,  in mbedtls_ecdsa_write_signature_restartable()
666     MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign(&ctx->grp, &r, &s, &ctx->d,  in mbedtls_ecdsa_write_signature_restartable()
670     MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_restartable(&ctx->grp, &r, &s, &ctx->d,  in mbedtls_ecdsa_write_signature_restartable()
747     if ((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen,  in mbedtls_ecdsa_read_signature_restartable()
752     if ((ret = mbedtls_ecdsa_verify_restartable(&ctx->grp, hash, hlen,  in mbedtls_ecdsa_read_signature_restartable()
780     ret = mbedtls_ecp_group_load(&ctx->grp, gid);  in mbedtls_ecdsa_genkey()
785     return mbedtls_ecp_gen_keypair(&ctx->grp, &ctx->d,  in mbedtls_ecdsa_genkey()
796     if ((ret = mbedtls_ecp_group_copy(&ctx->grp, &key->grp)) != 0 ||  in mbedtls_ecdsa_from_keypair()