63#if !defined(MBEDTLS_CONFIG_FILE)
66#include MBEDTLS_CONFIG_FILE
69#if defined(MBEDTLS_BIGNUM_C)
77#if defined(MBEDTLS_PLATFORM_C)
82#define mbedtls_printf printf
83#define mbedtls_calloc calloc
84#define mbedtls_free free
87#define MPI_VALIDATE_RET( cond ) \
88 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
89#define MPI_VALIDATE( cond ) \
90 MBEDTLS_INTERNAL_VALIDATE( cond )
92#define ciL (sizeof(mbedtls_mpi_uint))
96#define MPI_SIZE_T_MAX ( (size_t) -1 )
102#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) )
103#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
116 MPI_VALIDATE(
X !=
NULL );
133 mbedtls_mpi_zeroize(
X->p,
X->n );
148 MPI_VALIDATE_RET(
X !=
NULL );
161 mbedtls_mpi_zeroize(
X->p,
X->n );
180 MPI_VALIDATE_RET(
X !=
NULL );
186 if(
X->n <= nblimbs )
190 for(
i =
X->n - 1;
i > 0;
i-- )
204 mbedtls_mpi_zeroize(
X->p,
X->n );
221 MPI_VALIDATE_RET(
X !=
NULL );
222 MPI_VALIDATE_RET(
Y !=
NULL );
233 for(
i =
Y->n - 1;
i > 0;
i-- )
262 MPI_VALIDATE(
X !=
NULL );
263 MPI_VALIDATE(
Y !=
NULL );
282static int mpi_safe_cond_select_sign(
int a,
int b,
unsigned char second )
291 const unsigned mask = second << 1;
294 unsigned ur = ( ua &
~mask ) | ( ub &
mask );
297 return( (
int) ur - 1 );
309 unsigned char assign )
316#pragma warning( push )
317#pragma warning( disable : 4146 )
324#pragma warning( pop )
327 for(
i = 0;
i <
n;
i++ )
341 MPI_VALIDATE_RET(
X !=
NULL );
342 MPI_VALIDATE_RET(
Y !=
NULL );
347#pragma warning( push )
348#pragma warning( disable : 4146 )
352 assign = (assign | (
unsigned char)-assign) >> (
sizeof( assign ) * 8 - 1);
357#pragma warning( pop )
362 X->s = mpi_safe_cond_select_sign(
X->s,
Y->s, assign );
366 for(
i =
Y->n; i < X->
n;
i++ )
367 X->p[
i] &= ~limb_mask;
385 MPI_VALIDATE_RET(
X !=
NULL );
386 MPI_VALIDATE_RET(
Y !=
NULL );
394#pragma warning( push )
395#pragma warning( disable : 4146 )
404#pragma warning( pop )
411 X->s = mpi_safe_cond_select_sign(
X->s,
Y->s,
swap );
412 Y->s = mpi_safe_cond_select_sign(
Y->s,
s,
swap );
415 for(
i = 0;
i <
X->n;
i++ )
418 X->p[
i] = (
X->p[
i] & ~limb_mask ) | (
Y->p[
i] & limb_mask );
419 Y->p[
i] = (
Y->p[
i] & ~limb_mask ) | ( tmp & limb_mask );
432 MPI_VALIDATE_RET(
X !=
NULL );
437 X->p[0] = (
z < 0 ) ? -
z :
z;
438 X->s = (
z < 0 ) ? -1 : 1;
450 MPI_VALIDATE_RET(
X !=
NULL );
452 if(
X->n * biL <=
pos )
455 return( (
X->p[
pos / biL] >> (
pos % biL ) ) & 0x01 );
459#define GET_BYTE( X, i ) \
460 ( ( ( X )->p[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff )
468 size_t off =
pos / biL;
470 MPI_VALIDATE_RET(
X !=
NULL );
472 if(
val != 0 &&
val != 1 )
475 if(
X->n * biL <=
pos )
499 for(
i = 0;
i <
X->n;
i++ )
501 if( ( (
X->p[
i] >>
j ) & 1 ) != 0 )
515 for(
j = 0;
j < biL;
j++ )
517 if(
x &
mask )
break;
535 for(
i =
X->n - 1;
i > 0;
i-- )
539 j = biL - mbedtls_clz(
X->p[
i] );
541 return( (
i * biL ) +
j );
559 if(
c >= 0x30 &&
c <= 0x39 ) *
d =
c - 0x30;
560 if(
c >= 0x41 &&
c <= 0x46 ) *
d =
c - 0x37;
561 if(
c >= 0x61 &&
c <= 0x66 ) *
d =
c - 0x57;
575 size_t i,
j, slen,
n;
579 MPI_VALIDATE_RET(
X !=
NULL );
580 MPI_VALIDATE_RET(
s !=
NULL );
582 if( radix < 2 || radix > 16 )
597 if( slen > MPI_SIZE_T_MAX >> 2 )
600 n = BITS_TO_LIMBS( slen << 2 );
605 for(
i = slen,
j = 0;
i > 0;
i--,
j++ )
608 X->p[
j / ( 2 * ciL )] |=
d << ( (
j % ( 2 * ciL ) ) << 2 );
615 for(
i = 0;
i < slen;
i++ )
637 char **
p,
const size_t buflen )
642 char *p_end = *
p + buflen;
657 *(--p_end) = (
char)(
'0' +
r );
659 *(--p_end) = (
char)(
'A' + (
r - 0xA ) );
676 char *
buf,
size_t buflen,
size_t *olen )
682 MPI_VALIDATE_RET(
X !=
NULL );
683 MPI_VALIDATE_RET( olen !=
NULL );
684 MPI_VALIDATE_RET( buflen == 0 ||
buf !=
NULL );
686 if( radix < 2 || radix > 16 )
690 if( radix >= 4 )
n >>= 1;
694 if( radix >= 16 )
n >>= 1;
724 for(
i =
X->n,
k = 0;
i > 0;
i-- )
726 for(
j = ciL;
j > 0;
j-- )
728 c = (
X->p[
i - 1] >> ( (
j - 1 ) << 3) ) & 0xFF;
730 if(
c == 0 &&
k == 0 && (
i +
j ) != 2 )
733 *(
p++) =
"0123456789ABCDEF" [
c / 16];
734 *(
p++) =
"0123456789ABCDEF" [
c % 16];
759#if defined(MBEDTLS_FS_IO)
774 MPI_VALIDATE_RET(
X !=
NULL );
775 MPI_VALIDATE_RET( fin !=
NULL );
777 if( radix < 2 || radix > 16 )
785 if( slen ==
sizeof(
s ) - 2 )
788 if( slen > 0 &&
s[slen - 1] ==
'\n' ) { slen--;
s[slen] =
'\0'; }
789 if( slen > 0 &&
s[slen - 1] ==
'\r' ) { slen--;
s[slen] =
'\0'; }
793 if( mpi_get_digit( &
d, radix, *
p ) != 0 )
802int mbedtls_mpi_write_file(
const char *
p,
const mbedtls_mpi *
X,
int radix,
FILE *fout )
805 size_t n, slen, plen;
811 MPI_VALIDATE_RET(
X !=
NULL );
813 if( radix < 2 || radix > 16 )
829 if(
fwrite(
p, 1, plen, fout ) != plen ||
830 fwrite(
s, 1, slen, fout ) != slen )
849 unsigned char *x_ptr;
852 for(
i = 0, x_ptr = (
unsigned char*) &
x;
i < ciL;
i++, x_ptr++ )
863#if defined(__BYTE_ORDER__)
866#if ( __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ )
870#if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ )
873#if defined(__GNUC__) && defined(__GNUC_PREREQ)
874#if __GNUC_PREREQ(4,3)
879#if defined(__clang__) && defined(__has_builtin)
880#if __has_builtin(__builtin_bswap32) && \
881 __has_builtin(__builtin_bswap64)
886#if defined(have_bswap)
891 return( __builtin_bswap32(
x) );
893 return( __builtin_bswap64(
x) );
901 return( mpi_uint_bigendian_to_host_c(
x ) );
920 for( cur_limb_left =
p, cur_limb_right =
p + ( limbs - 1 );
921 cur_limb_left <= cur_limb_right;
922 cur_limb_left++, cur_limb_right-- )
927 tmp = mpi_uint_bigendian_to_host( *cur_limb_left );
928 *cur_limb_left = mpi_uint_bigendian_to_host( *cur_limb_right );
929 *cur_limb_right = tmp;
939 size_t const limbs = CHARS_TO_LIMBS( buflen );
940 size_t const overhead = ( limbs * ciL ) - buflen;
943 MPI_VALIDATE_RET(
X !=
NULL );
944 MPI_VALIDATE_RET( buflen == 0 ||
buf !=
NULL );
959 Xp = (
unsigned char*)
X->p;
962 mpi_bigendian_to_host(
X->p, limbs );
974 unsigned char *
buf,
size_t buflen )
977 size_t bytes_to_copy;
981 MPI_VALIDATE_RET(
X !=
NULL );
982 MPI_VALIDATE_RET( buflen == 0 ||
buf !=
NULL );
984 stored_bytes =
X->n * ciL;
986 if( stored_bytes < buflen )
993 bytes_to_copy = stored_bytes;
994 p =
buf + buflen - stored_bytes;
1001 bytes_to_copy = buflen;
1003 for(
i = bytes_to_copy;
i < stored_bytes;
i++ )
1005 if( GET_BYTE(
X,
i ) != 0 )
1010 for(
i = 0;
i < bytes_to_copy;
i++ )
1011 p[bytes_to_copy -
i - 1] = GET_BYTE(
X,
i );
1024 MPI_VALIDATE_RET(
X !=
NULL );
1027 t1 =
count & (biL - 1);
1031 if(
X->n * biL <
i )
1041 for(
i =
X->n;
i >
v0;
i-- )
1042 X->p[
i - 1] =
X->p[
i -
v0 - 1];
1053 for(
i =
v0;
i <
X->n;
i++ )
1055 r1 =
X->p[
i] >> (biL - t1);
1074 MPI_VALIDATE_RET(
X !=
NULL );
1079 if(
v0 >
X->n || (
v0 ==
X->n &&
v1 > 0 ) )
1087 for(
i = 0;
i <
X->n -
v0;
i++ )
1090 for( ; i < X->
n;
i++ )
1099 for(
i =
X->n;
i > 0;
i-- )
1101 r1 =
X->p[
i - 1] << (biL -
v1);
1117 MPI_VALIDATE_RET(
X !=
NULL );
1118 MPI_VALIDATE_RET(
Y !=
NULL );
1120 for(
i =
X->n;
i > 0;
i-- )
1121 if(
X->p[
i - 1] != 0 )
1124 for(
j =
Y->n;
j > 0;
j-- )
1125 if(
Y->p[
j - 1] != 0 )
1128 if(
i == 0 &&
j == 0 )
1131 if(
i >
j )
return( 1 );
1132 if(
j >
i )
return( -1 );
1136 if(
X->p[
i - 1] >
Y->p[
i - 1] )
return( 1 );
1137 if(
X->p[
i - 1] <
Y->p[
i - 1] )
return( -1 );
1149 MPI_VALIDATE_RET(
X !=
NULL );
1150 MPI_VALIDATE_RET(
Y !=
NULL );
1152 for(
i =
X->n;
i > 0;
i-- )
1153 if(
X->p[
i - 1] != 0 )
1156 for(
j =
Y->n;
j > 0;
j-- )
1157 if(
Y->p[
j - 1] != 0 )
1160 if(
i == 0 &&
j == 0 )
1163 if(
i >
j )
return(
X->s );
1164 if(
j >
i )
return( -
Y->s );
1166 if(
X->s > 0 &&
Y->s < 0 )
return( 1 );
1167 if(
Y->s > 0 &&
X->s < 0 )
return( -1 );
1171 if(
X->p[
i - 1] >
Y->p[
i - 1] )
return(
X->s );
1172 if(
X->p[
i - 1] <
Y->p[
i - 1] )
return( -
X->s );
1199 ret = (
x -
y ) & ~cond;
1208 ret =
ret >> ( biL - 1 );
1210 return (
unsigned)
ret;
1221 unsigned cond, done, X_is_negative, Y_is_negative;
1223 MPI_VALIDATE_RET(
X !=
NULL );
1224 MPI_VALIDATE_RET(
Y !=
NULL );
1225 MPI_VALIDATE_RET(
ret !=
NULL );
1234 X_is_negative = (
X->s & 2 ) >> 1;
1235 Y_is_negative = (
Y->s & 2 ) >> 1;
1242 cond = ( X_is_negative ^ Y_is_negative );
1243 *
ret = cond & X_is_negative;
1251 for(
i =
X->n;
i > 0;
i-- )
1260 cond = ct_lt_mpi_uint(
Y->p[
i - 1],
X->p[
i - 1] );
1261 *
ret |= cond & ( 1 - done ) & X_is_negative;
1271 cond = ct_lt_mpi_uint(
X->p[
i - 1],
Y->p[
i - 1] );
1272 *
ret |= cond & ( 1 - done ) & ( 1 - X_is_negative );
1286 MPI_VALIDATE_RET(
X !=
NULL );
1288 *
p = (
z < 0 ) ? -
z :
z;
1289 Y.s = (
z < 0 ) ? -1 : 1;
1304 MPI_VALIDATE_RET(
X !=
NULL );
1305 MPI_VALIDATE_RET(
A !=
NULL );
1306 MPI_VALIDATE_RET(
B !=
NULL );
1321 for(
j =
B->n;
j > 0;
j-- )
1322 if(
B->p[
j - 1] != 0 )
1327 o =
B->p;
p =
X->p;
c = 0;
1332 for(
i = 0;
i <
j;
i++, o++,
p++ )
1335 *
p +=
c;
c = ( *
p <
c );
1336 *
p += tmp;
c += ( *
p < tmp );
1347 *
p +=
c;
c = ( *
p <
c );
i++;
p++;
1377 for(
i =
c = 0;
i <
n;
i++,
s++,
d++ )
1379 z = ( *
d <
c ); *
d -=
c;
1380 c = ( *
d < *
s ) +
z; *
d -= *
s;
1395 MPI_VALIDATE_RET(
X !=
NULL );
1396 MPI_VALIDATE_RET(
A !=
NULL );
1397 MPI_VALIDATE_RET(
B !=
NULL );
1417 for(
n =
B->n;
n > 0;
n-- )
1418 if(
B->p[
n - 1] != 0 )
1427 carry = mpi_sub_hlp(
n,
X->p,
B->p );
1431 for( ;
n <
X->n &&
X->p[
n] == 0;
n++ )
1456 MPI_VALIDATE_RET(
X !=
NULL );
1457 MPI_VALIDATE_RET(
A !=
NULL );
1458 MPI_VALIDATE_RET(
B !=
NULL );
1461 if(
A->s *
B->s < 0 )
1491 MPI_VALIDATE_RET(
X !=
NULL );
1492 MPI_VALIDATE_RET(
A !=
NULL );
1493 MPI_VALIDATE_RET(
B !=
NULL );
1496 if(
A->s *
B->s > 0 )
1527 MPI_VALIDATE_RET(
X !=
NULL );
1528 MPI_VALIDATE_RET(
A !=
NULL );
1530 p[0] = (
b < 0 ) ? -
b :
b;
1531 _B.s = (
b < 0 ) ? -1 : 1;
1545 MPI_VALIDATE_RET(
X !=
NULL );
1546 MPI_VALIDATE_RET(
A !=
NULL );
1548 p[0] = (
b < 0 ) ? -
b :
b;
1549 _B.s = (
b < 0 ) ? -1 : 1;
1560#if defined(__APPLE__) && defined(__arm__)
1571#if defined(MULADDC_HUIT)
1572 for( ;
i >= 8;
i -= 8 )
1586 for( ;
i >= 16;
i -= 16 )
1601 for( ;
i >= 8;
i -= 8 )
1623 *
d +=
c;
c = ( *
d <
c );
d++;
1636 int result_is_zero = 0;
1637 MPI_VALIDATE_RET(
X !=
NULL );
1638 MPI_VALIDATE_RET(
A !=
NULL );
1639 MPI_VALIDATE_RET(
B !=
NULL );
1646 for(
i =
A->n;
i > 0;
i-- )
1647 if(
A->p[
i - 1] != 0 )
1652 for(
j =
B->n;
j > 0;
j-- )
1653 if(
B->p[
j - 1] != 0 )
1662 mpi_mul_hlp(
i,
A->p,
X->p +
j - 1,
B->p[
j - 1] );
1668 if( result_is_zero )
1687 MPI_VALIDATE_RET(
X !=
NULL );
1688 MPI_VALIDATE_RET(
A !=
NULL );
1705#if defined(MBEDTLS_HAVE_UDBL)
1718 if( 0 ==
d ||
u1 >=
d )
1725#if defined(MBEDTLS_HAVE_UDBL)
1728 quotient = dividend /
d;
1746 s = mbedtls_clz(
d );
1754 d0 =
d & uint_halfword_mask;
1757 u0_lsw = u0 & uint_halfword_mask;
1765 while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) )
1770 if ( r0 >= radix )
break;
1773 rAX = (
u1 * radix ) + ( u0_msw - q1 *
d );
1777 while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) )
1782 if ( r0 >= radix )
break;
1786 *
r = ( rAX * radix + u0_lsw - q0 *
d ) >>
s;
1788 quotient = q1 * radix + q0;
1803 MPI_VALIDATE_RET(
A !=
NULL );
1804 MPI_VALIDATE_RET(
B !=
NULL );
1848 for(
i =
n;
i >
t ;
i-- )
1850 if(
X.p[
i] >=
Y.p[
t] )
1851 Z.p[
i -
t - 1] = ~0;
1854 Z.p[
i -
t - 1] = mbedtls_int_div_int(
X.p[
i],
X.p[
i - 1],
1864 T1.
p[0] = (
t < 1 ) ? 0 :
Y.p[
t - 1];
1869 T2.
p[0] = (
i < 2 ) ? 0 :
X.p[
i - 2];
1870 T2.
p[1] = (
i < 1 ) ? 0 :
X.p[
i - 1];
1921 MPI_VALIDATE_RET(
A !=
NULL );
1923 p[0] = (
b < 0 ) ? -
b :
b;
1924 _B.s = (
b < 0 ) ? -1 : 1;
1937 MPI_VALIDATE_RET(
R !=
NULL );
1938 MPI_VALIDATE_RET(
A !=
NULL );
1939 MPI_VALIDATE_RET(
B !=
NULL );
1964 MPI_VALIDATE_RET(
r !=
NULL );
1965 MPI_VALIDATE_RET(
A !=
NULL );
1991 for(
i =
A->n,
y = 0;
i > 0;
i-- )
1994 y = (
y << biH ) | (
x >> biH );
1999 y = (
y << biH ) | (
x >> biH );
2008 if(
A->s < 0 &&
y != 0 )
2025 x += ( ( m0 + 2 ) & 4 ) << 1;
2027 for(
i = biL;
i >= 8;
i /= 2 )
2028 x *= ( 2 - ( m0 *
x ) );
2065 m = (
B->n <
n ) ?
B->n :
n;
2067 for(
i = 0;
i <
n;
i++ )
2073 u1 = (
d[0] + u0 *
B->p[0] ) * mm;
2075 mpi_mul_hlp(
m,
B->p,
d, u0 );
2076 mpi_mul_hlp(
n,
N->p,
d,
u1 );
2078 *
d++ = u0;
d[
n + 1] = 0;
2092 d[
n] -= mpi_sub_hlp(
n,
d,
N->p );
2116 mpi_montmul(
A, &
U,
N, mm,
T );
2130static size_t mbedtls_mpi_cf_bool_eq(
size_t x,
size_t y )
2133 const size_t diff =
x ^
y;
2137#if defined(_MSC_VER)
2138#pragma warning( push )
2139#pragma warning( disable : 4146 )
2143 const size_t diff_msb = ( diff | (
size_t) -diff );
2145#if defined(_MSC_VER)
2146#pragma warning( pop )
2150 const size_t diff1 = diff_msb >> (
sizeof( diff_msb ) * 8 - 1 );
2152 return( 1 ^ diff1 );
2175 for(
i = 0;
i < T_size;
i++ )
2178 (
unsigned char) mbedtls_mpi_cf_bool_eq(
i,
idx ) ) );
2193 size_t wbits, wsize,
one = 1;
2194 size_t i,
j, nblimbs;
2200 MPI_VALIDATE_RET(
X !=
NULL );
2201 MPI_VALIDATE_RET(
A !=
NULL );
2202 MPI_VALIDATE_RET(
E !=
NULL );
2203 MPI_VALIDATE_RET(
N !=
NULL );
2218 mpi_montg_init( &mm,
N );
2226 wsize = (
i > 671 ) ? 6 : (
i > 239 ) ? 5 :
2227 (
i > 79 ) ? 4 : (
i > 23 ) ? 3 : 1;
2229#if( MBEDTLS_MPI_WINDOW_SIZE < 6 )
2247 neg = (
A->s == -1 );
2282 mpi_montmul( &
W[1], &RR,
N, mm, &
T );
2288 mpi_montred(
X,
N, mm, &
T );
2295 j =
one << ( wsize - 1 );
2300 for(
i = 0;
i < wsize - 1;
i++ )
2301 mpi_montmul( &
W[
j], &
W[
j],
N, mm, &
T );
2306 for(
i =
j + 1;
i < (
one << wsize );
i++ )
2311 mpi_montmul( &
W[
i], &
W[1],
N, mm, &
T );
2335 ei = (
E->p[nblimbs] >>
bufsize) & 1;
2340 if( ei == 0 &&
state == 0 )
2343 if( ei == 0 &&
state == 1 )
2348 mpi_montmul(
X,
X,
N, mm, &
T );
2358 wbits |= ( ei << ( wsize - nbits ) );
2360 if( nbits == wsize )
2365 for(
i = 0;
i < wsize;
i++ )
2366 mpi_montmul(
X,
X,
N, mm, &
T );
2372 mpi_montmul(
X, &WW,
N, mm, &
T );
2383 for(
i = 0;
i < nbits;
i++ )
2385 mpi_montmul(
X,
X,
N, mm, &
T );
2389 if( ( wbits & (
one << wsize ) ) != 0 )
2390 mpi_montmul(
X, &
W[1],
N, mm, &
T );
2396 mpi_montred(
X,
N, mm, &
T );
2398 if( neg &&
E->n != 0 && (
E->p[0] & 1 ) != 0 )
2406 for(
i = (
one << ( wsize - 1 ) );
i < (
one << wsize );
i++ )
2427 MPI_VALIDATE_RET(
G !=
NULL );
2428 MPI_VALIDATE_RET(
A !=
NULL );
2429 MPI_VALIDATE_RET(
B !=
NULL );
2543 int (*f_rng)(
void *,
unsigned char *,
size_t),
2547 size_t const limbs = CHARS_TO_LIMBS(
size );
2548 size_t const overhead = ( limbs * ciL ) -
size;
2551 MPI_VALIDATE_RET(
X !=
NULL );
2552 MPI_VALIDATE_RET( f_rng !=
NULL );
2563 Xp = (
unsigned char*)
X->p;
2566 mpi_bigendian_to_host(
X->p, limbs );
2579 MPI_VALIDATE_RET(
X !=
NULL );
2580 MPI_VALIDATE_RET(
A !=
NULL );
2581 MPI_VALIDATE_RET(
N !=
NULL );
2610 while( ( TU.
p[0] & 1 ) == 0 )
2614 if( (
U1.p[0] & 1 ) != 0 || (
U2.p[0] & 1 ) != 0 )
2624 while( ( TV.
p[0] & 1 ) == 0 )
2628 if( (
V1.p[0] & 1 ) != 0 || ( V2.
p[0] & 1 ) != 0 )
2670#if defined(MBEDTLS_GENPRIME)
2672static const int small_prime[] =
2674 3, 5, 7, 11, 13, 17, 19, 23,
2675 29, 31, 37, 41, 43, 47, 53, 59,
2676 61, 67, 71, 73, 79, 83, 89, 97,
2677 101, 103, 107, 109, 113, 127, 131, 137,
2678 139, 149, 151, 157, 163, 167, 173, 179,
2679 181, 191, 193, 197, 199, 211, 223, 227,
2680 229, 233, 239, 241, 251, 257, 263, 269,
2681 271, 277, 281, 283, 293, 307, 311, 313,
2682 317, 331, 337, 347, 349, 353, 359, 367,
2683 373, 379, 383, 389, 397, 401, 409, 419,
2684 421, 431, 433, 439, 443, 449, 457, 461,
2685 463, 467, 479, 487, 491, 499, 503, 509,
2686 521, 523, 541, 547, 557, 563, 569, 571,
2687 577, 587, 593, 599, 601, 607, 613, 617,
2688 619, 631, 641, 643, 647, 653, 659, 661,
2689 673, 677, 683, 691, 701, 709, 719, 727,
2690 733, 739, 743, 751, 757, 761, 769, 773,
2691 787, 797, 809, 811, 821, 823, 827, 829,
2692 839, 853, 857, 859, 863, 877, 881, 883,
2693 887, 907, 911, 919, 929, 937, 941, 947,
2694 953, 967, 971, 977, 983, 991, 997, -103
2706static int mpi_check_small_factors(
const mbedtls_mpi *
X )
2712 if( (
X->p[0] & 1 ) == 0 )
2715 for(
i = 0; small_prime[
i] > 0;
i++ )
2733static int mpi_miller_rabin(
const mbedtls_mpi *
X,
size_t rounds,
2734 int (*f_rng)(
void *,
unsigned char *,
size_t),
2741 MPI_VALIDATE_RET(
X !=
NULL );
2742 MPI_VALIDATE_RET( f_rng !=
NULL );
2757 for(
i = 0;
i < rounds;
i++ )
2827 int (*f_rng)(
void *,
unsigned char *,
size_t),
2832 MPI_VALIDATE_RET(
X !=
NULL );
2833 MPI_VALIDATE_RET( f_rng !=
NULL );
2846 if( (
ret = mpi_check_small_factors( &
XX ) ) != 0 )
2854 return( mpi_miller_rabin( &
XX, rounds, f_rng, p_rng ) );
2857#if !defined(MBEDTLS_DEPRECATED_REMOVED)
2862 int (*f_rng)(
void *,
unsigned char *,
size_t),
2865 MPI_VALIDATE_RET(
X !=
NULL );
2866 MPI_VALIDATE_RET( f_rng !=
NULL );
2885 int (*f_rng)(
void *,
unsigned char *,
size_t),
2888#ifdef MBEDTLS_HAVE_INT64
2890#define CEIL_MAXUINT_DIV_SQRT2 0xb504f333f9de6485ULL
2893#define CEIL_MAXUINT_DIV_SQRT2 0xb504f334U
2901 MPI_VALIDATE_RET(
X !=
NULL );
2902 MPI_VALIDATE_RET( f_rng !=
NULL );
2909 n = BITS_TO_LIMBS( nbits );
2916 rounds = ( ( nbits >= 1300 ) ? 2 : ( nbits >= 850 ) ? 3 :
2917 ( nbits >= 650 ) ? 4 : ( nbits >= 350 ) ? 8 :
2918 ( nbits >= 250 ) ? 12 : ( nbits >= 150 ) ? 18 : 27 );
2926 rounds = ( ( nbits >= 1450 ) ? 4 : ( nbits >= 1150 ) ? 5 :
2927 ( nbits >= 1000 ) ? 6 : ( nbits >= 850 ) ? 7 :
2928 ( nbits >= 750 ) ? 8 : ( nbits >= 500 ) ? 13 :
2929 ( nbits >= 250 ) ? 28 : ( nbits >= 150 ) ? 40 : 51 );
2936 if(
X->p[
n-1] < CEIL_MAXUINT_DIV_SQRT2 )
continue;
2975 if( (
ret = mpi_check_small_factors(
X ) ) == 0 &&
2976 (
ret = mpi_check_small_factors( &
Y ) ) == 0 &&
2977 (
ret = mpi_miller_rabin(
X, rounds, f_rng, p_rng ) )
2979 (
ret = mpi_miller_rabin( &
Y, rounds, f_rng, p_rng ) )
3006#if defined(MBEDTLS_SELF_TEST)
3008#define GCD_PAIR_COUNT 3
3010static const int gcd_pairs[GCD_PAIR_COUNT][3] =
3014 { 768454923, 542167814, 1 }
3020int mbedtls_mpi_self_test(
int verbose )
3029 "EFE021C2645FD1DC586E69184AF4A31E" \
3030 "D5F53E93B5F123FA41680867BA110131" \
3031 "944FE7952E2517337780CB0DB80E61AA" \
3032 "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) );
3035 "B2E7EFD37075B9F03FF989C7C5051C20" \
3036 "34D2A323810251127E7BF8625A4F49A5" \
3037 "F3E27F4DA8BD59C47D6DAABA4C8127BD" \
3038 "5B5C25763222FEFCCFC38B832366C29E" ) );
3041 "0066A198186C18C10B2F5ED9B522752A" \
3042 "9830B69916E535C8F047518A889A43A5" \
3043 "94B6BED27A168D31D4A52F88925AA8F5" ) );
3048 "602AB7ECA597A3D6B56FF9829A5E8B85" \
3049 "9E857EA95A03512E2BAE7391688D264A" \
3050 "A5663B0341DB9CCFD2C4C5F421FEC814" \
3051 "8001B72E848A38CAE1C65F78E56ABDEF" \
3052 "E12D3C039B8A02D6BE593F0BBBDA56F1" \
3053 "ECF677152EF804370C1A305CAF3B5BF1" \
3054 "30879B56C61DE584A0F53A2447A51E" ) );
3074 "256567336059E52CAE22925474705F39A94" ) );
3077 "6613F26162223DF488E9CD48CC132C7A" \
3078 "0AC93C701B001B092E4E5B9F73BCD27B" \
3079 "9EE50D0657C77F374E903CDFA4C642" ) );
3100 "36E139AEA55215609D2816998ED020BB" \
3101 "BD96C37890F65171D948E9BC7CBAA4D9" \
3102 "325D24D6A3C12710F10A09FA08AB87" ) );
3122 "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \
3123 "C3DBA76456363A10869622EAC2DD84EC" \
3124 "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) );
3144 for(
i = 0;
i < GCD_PAIR_COUNT;
i++ )
ACPI_SIZE strlen(const char *String)
Multi-precision integer library.
#define MBEDTLS_ERR_MPI_INVALID_CHARACTER
#define MBEDTLS_MPI_MAX_BITS
int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s)
Import an MPI from an ASCII string.
int mbedtls_mpi_sub_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
Perform a signed subtraction of MPIs: X = A - B.
int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b)
Perform a signed subtraction of an MPI and an integer: X = A - b.
int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b)
Perform a signed addition of an MPI and an integer: X = A + b.
int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs)
Enlarge an MPI to the specified number of limbs.
#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Miller-Rabin primality test.
int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y)
Make a copy of an MPI.
#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA
int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val)
Modify a specific bit in an MPI.
int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b)
Perform a modular reduction with respect to an integer. r = A mod b.
@ MBEDTLS_MPI_GEN_PRIME_FLAG_DH
@ MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR
#define MBEDTLS_MPI_MAX_LIMBS
size_t mbedtls_mpi_size(const mbedtls_mpi *X)
Return the total size of an MPI value in bytes.
int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR)
Perform a sliding-window exponentiation: X = A^E mod N.
#define MBEDTLS_ERR_MPI_FILE_IO_ERROR
int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
Perform an unsigned addition of MPIs: X = |A| + |B|.
int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B)
Perform a division with remainder of two MPIs: A = Q * B + R.
int mbedtls_mpi_add_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
Perform a signed addition of MPIs: X = A + B.
void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y)
Swap the contents of two MPIs.
int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign)
Perform a safe conditional copy of MPI which doesn't reveal whether the condition was true or not.
int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z)
Store integer value in MPI.
size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X)
Return the number of bits up to and including the most significant bit of value 1.
int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, size_t buflen)
Import an MPI from unsigned big endian binary data.
int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y)
Compare two MPIs.
int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B)
Perform a modular reduction. R = A mod B.
#define MBEDTLS_MPI_WINDOW_SIZE
#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b)
Perform a division with remainder of an MPI by an integer: A = Q * b + R.
int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Fill an MPI with a number of random bytes.
int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y)
Compare the absolute values of two MPIs.
int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a prime number.
int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count)
Perform a left-shift on an MPI: X <<= count.
int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign)
Perform a safe conditional swap which doesn't reveal whether the condition was true or not.
#define MBEDTLS_MPI_RW_BUFFER_SIZE
#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
void mbedtls_mpi_init(mbedtls_mpi *X)
Initialize an MPI context.
#define MBEDTLS_ERR_MPI_ALLOC_FAILED
size_t mbedtls_mpi_lsb(const mbedtls_mpi *X)
Return the number of bits of value 0 before the least significant bit of value 1.
int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
Perform a multiplication of two MPIs: X = A * B.
#define MBEDTLS_MPI_CHK(f)
int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix, char *buf, size_t buflen, size_t *olen)
Export an MPI to an ASCII string.
#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE
int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs)
This function resizes an MPI downwards, keeping at least the specified number of limbs.
int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N)
Compute the modular inverse: X = A^-1 mod N.
int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos)
Get a specific bit from an MPI.
void mbedtls_mpi_free(mbedtls_mpi *X)
This function frees the components of an MPI context.
MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime(const mbedtls_mpi *X, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Perform a Miller-Rabin primality test with error probability of 2-80.
int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b)
Perform a multiplication of an MPI with an unsigned integer: X = A * b.
int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned *ret)
Check if an MPI is less than the other in constant time.
int mbedtls_mpi_write_binary(const mbedtls_mpi *X, unsigned char *buf, size_t buflen)
Export an MPI into unsigned big endian binary data of fixed size.
int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z)
Compare an MPI with an integer.
int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)
Perform an unsigned subtraction of MPIs: X = |A| - |B|.
uint32_t mbedtls_mpi_uint
int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count)
Perform a right-shift on an MPI: X >>= count.
int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B)
Compute the greatest common divisor: G = gcd(A, B)
#define G(r, i, a, b, c, d)
Multi-precision integer library.
#define mpi_safe_cond_assign
static void cleanup(void)
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
GLint GLint GLint GLint GLint x
GLint GLint GLint GLint GLint GLint y
GLuint GLuint GLsizei count
GLdouble GLdouble GLdouble r
GLboolean GLboolean GLboolean b
GLenum GLuint GLenum GLsizei const GLchar * buf
GLuint GLsizei GLsizei * length
GLenum GLuint GLsizei bufsize
GLboolean GLboolean GLboolean GLboolean a
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
_Check_return_opt_ _CRTIMP char *__cdecl fgets(_Out_writes_z_(_MaxCount) char *_Buf, _In_ int _MaxCount, _Inout_ FILE *_File)
_Check_return_opt_ _CRTIMP size_t __cdecl fwrite(_In_reads_bytes_(_Size *_Count) const void *_Str, _In_ size_t _Size, _In_ size_t _Count, _Inout_ FILE *_File)
#define memcpy(s1, s2, n)
#define memmove(s1, s2, n)
SAMPR_REVISION_INFO_V1 V1
Configuration options (set of defines)