77     mbedtls_mpi r;          /* r value              */  member
93     mbedtls_mpi_init(&ctx->r);  in ecdsa_restart_sig_init()
107     mbedtls_mpi_free(&ctx->r);  in ecdsa_restart_sig_free()
244                                    mbedtls_mpi *r, mbedtls_mpi *s,  in mbedtls_ecdsa_sign_restartable()  argument
253     mbedtls_ecp_point R;  in mbedtls_ecdsa_sign_restartable()  local
255     mbedtls_mpi *pk = &k, *pr = r;  in mbedtls_ecdsa_sign_restartable()
267     mbedtls_ecp_point_init(&R);  in mbedtls_ecdsa_sign_restartable()
278         pr = &rs_ctx->sig->r;  in mbedtls_ecdsa_sign_restartable()
299          * and set r = xR mod n  in mbedtls_ecdsa_sign_restartable()
317             MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &R, pk, &grp->G,  in mbedtls_ecdsa_sign_restartable()
321             MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pr, &R.X, &grp->N));  in mbedtls_ecdsa_sign_restartable()
350          * Step 6: compute s = (e + r * d) / k = t (e + rd) / (kt) mod n  in mbedtls_ecdsa_sign_restartable()
364         MBEDTLS_MPI_CHK(mbedtls_mpi_copy(r, pr));  in mbedtls_ecdsa_sign_restartable()
369     mbedtls_ecp_point_free(&R);  in mbedtls_ecdsa_sign_restartable()
380 int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,  in mbedtls_ecdsa_sign()  argument
385     return mbedtls_ecdsa_sign_restartable(grp, r, s, d, buf, blen,  in mbedtls_ecdsa_sign()
398                                        mbedtls_mpi *r, mbedtls_mpi *s,  in mbedtls_ecdsa_sign_det_restartable()  argument
450     ret = mbedtls_ecdsa_sign(grp, r, s, d, buf, blen,  in mbedtls_ecdsa_sign_det_restartable()
453     ret = mbedtls_ecdsa_sign_restartable(grp, r, s, d, buf, blen,  in mbedtls_ecdsa_sign_det_restartable()
470 int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r,  in mbedtls_ecdsa_sign_det_ext()  argument
478     return mbedtls_ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg,  in mbedtls_ecdsa_sign_det_ext()
491                                      const mbedtls_mpi *r,  in mbedtls_ecdsa_verify_restartable()  argument
497     mbedtls_ecp_point R;  in mbedtls_ecdsa_verify_restartable()  local
500     mbedtls_ecp_point_init(&R);  in mbedtls_ecdsa_verify_restartable()
525      * Step 1: make sure r and s are in range 1..n-1  in mbedtls_ecdsa_verify_restartable()
527     if (mbedtls_mpi_cmp_int(r, 1) < 0 || mbedtls_mpi_cmp_mpi(r, &grp->N) >= 0 ||  in mbedtls_ecdsa_verify_restartable()
539      * Step 4: u1 = e / s mod n, u2 = r / s mod n  in mbedtls_ecdsa_verify_restartable()
548     MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu2, r, &s_inv));  in mbedtls_ecdsa_verify_restartable()
559      * Step 5: R = u1 G + u2 Q  in mbedtls_ecdsa_verify_restartable()
562                                                    &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP));  in mbedtls_ecdsa_verify_restartable()
564     if (mbedtls_ecp_is_zero(&R)) {  in mbedtls_ecdsa_verify_restartable()
573     MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&R.X, &R.X, &grp->N));  in mbedtls_ecdsa_verify_restartable()
576      * Step 8: check if v (that is, R.X) is equal to r  in mbedtls_ecdsa_verify_restartable()
578     if (mbedtls_mpi_cmp_mpi(&R.X, r) != 0) {  in mbedtls_ecdsa_verify_restartable()
584     mbedtls_ecp_point_free(&R);  in mbedtls_ecdsa_verify_restartable()
599                          const mbedtls_mpi *r,  in mbedtls_ecdsa_verify()  argument
602     return mbedtls_ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL);  in mbedtls_ecdsa_verify()
609 static int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s,  in ecdsa_signature_to_asn1()  argument
619     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&p, buf, r));  in ecdsa_signature_to_asn1()
648     mbedtls_mpi r, s;  in mbedtls_ecdsa_write_signature_restartable()  local
653     mbedtls_mpi_init(&r);  in mbedtls_ecdsa_write_signature_restartable()
657     MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_det_restartable(&ctx->grp, &r, &s, &ctx->d,  in mbedtls_ecdsa_write_signature_restartable()
666     MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign(&ctx->grp, &r, &s, &ctx->d,  in mbedtls_ecdsa_write_signature_restartable()
670     MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_restartable(&ctx->grp, &r, &s, &ctx->d,  in mbedtls_ecdsa_write_signature_restartable()
676     MBEDTLS_MPI_CHK(ecdsa_signature_to_asn1(&r, &s, sig, sig_size, slen));  in mbedtls_ecdsa_write_signature_restartable()
679     mbedtls_mpi_free(&r);  in mbedtls_ecdsa_write_signature_restartable()
723     mbedtls_mpi r, s;  in mbedtls_ecdsa_read_signature_restartable()  local
724     mbedtls_mpi_init(&r);  in mbedtls_ecdsa_read_signature_restartable()
739     if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 ||  in mbedtls_ecdsa_read_signature_restartable()
748                                     &ctx->Q, &r, &s)) != 0) {  in mbedtls_ecdsa_read_signature_restartable()
753                                                 &ctx->Q, &r, &s, rs_ctx)) != 0) {  in mbedtls_ecdsa_read_signature_restartable()
766     mbedtls_mpi_free(&r);  in mbedtls_ecdsa_read_signature_restartable()