Lines Matching +full:- +full:r
9 * - **Modulus parameters**: the modulus is passed as a pointer to a structure
13 * named \c N and is usually input-only. Functions which take a parameter
15 * - **Bignum parameters**: Bignums are passed as pointers to an array of
19 * - Bignum parameters called \c A, \c B, ... are inputs and are not
22 * - Bignum parameters called \c X, \c Y, ... are outputs or input-output.
23 * The initial bignum value of output-only parameters is ignored, but
25 * functions (typically constant-flow) require that the limbs in an
27 * - Bignum parameters called \c p are inputs used to set up a modulus or
29 * - \c T is a temporary storage area. The initial content of such a
31 * - Some functions use different names, such as \c r for the residue.
32 * - **Bignum sizes**: bignum sizes are always expressed in limbs. Both
38 * - **Bignum representation**: the representation of inputs and outputs is
40 * - **Parameter ordering**: for bignum parameters, outputs come before inputs.
42 * - **Aliasing**: in general, output bignums may be aliased to one or more
46 * - **Overlap**: apart from aliasing of residue pointers (where two residue
49 * - **Error handling**: functions generally check compatibility of input
53 * - **Modular representatives**: all functions expect inputs to be in the
54 * range [0, \c N - 1] and guarantee outputs in the range [0, \c N - 1].
66 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
91 * - A nist curve (MBEDTLS_ECP_DP_SECPXXXR1_ENABLED) & MBEDTLS_ECP_NIST_OPTIM.
92 * - A Kobliz Curve.
93 * - A Fast Reduction Curve CURVE25519 or CURVE448. */
112 mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */
139 * The value at the pointed-to memory will be the initial value of \p r and must
140 * hold a value that is less than the modulus. This value will be used as-is
141 * and interpreted according to the value of the `N->int_rep` field.
143 * The modulus \p N will be the modulus associated with \p r. The residue \p r
146 * \param[out] r The address of the residue to setup.
147 * \param[in] N The address of the modulus related to \p r.
148 * \param[in] p The address of the limb array containing the value of \p r.
149 * The memory pointed to by \p p will be used by \p r and must
153 * pointed to by `N->p`) and already in the representation
154 * indicated by `N->int_rep`.
162 int mbedtls_mpi_mod_residue_setup(mbedtls_mpi_mod_residue *r,
172 * This function invalidates \p r and it must not be used until after
175 * \param[out] r The address of residue to release.
177 void mbedtls_mpi_mod_residue_release(mbedtls_mpi_mod_residue *r);
200 /** Setup an optimised-reduction compatible modulus structure.
232 * \note Currently handles the case when `N->int_rep` is
246 * the multiplication `A * B * R^-1` mod N where
247 * `R = 2^(biL * N->limbs)`.
256 * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
264 * \brief Perform a fixed-size modular subtraction.
266 * Calculate `A - B modulo N`.
274 * form (that is, are < \p N) - that will have been done by
322 * \brief Perform a fixed-size modular addition.
333 * form (that is, are < \p N) - that will have been done by
361 * \note There are `N - min` possible outputs. The lower bound
388 * based on the value of the `N->int_rep` field.
390 * The modulus \p N will be the modulus associated with \p r. The residue \p r
395 * \param[out] r The address of the residue. It must have exactly the same
403 * \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p r isn't
408 int mbedtls_mpi_mod_read(mbedtls_mpi_mod_residue *r,
416 * The modulus \p N must be the modulus associated with \p r (see
420 * based on the value of `N->int_rep` field.
422 * \warning If the buffer is smaller than `N->bits`, the number of
423 * leading zeroes is leaked through timing. If \p r is
425 * (`N->bits`+7)/8.
427 * \param[in] r The address of the residue. It must have the same number of
428 * limbs as the modulus \p N. (\p r is an input parameter, but
431 * \param[in] N The address of the modulus associated with \p r.
439 * large enough to hold the value of \p r (without leading
446 int mbedtls_mpi_mod_write(const mbedtls_mpi_mod_residue *r,