mbedtls_mpi_core_exp_mod_unsafe() function

Perform a modular exponentiation with public or secret exponent: X = A^E mod N, where \p A is already in Montgomery form. \warning This function is not constant time with respect to \p E (the exponent). \p X may be aliased to \p A, but not to \p RR or \p E, even if \p E_limbs == \p AN_limbs.

Syntax

Show:

Summary

Declaration

Definition

from bignum_core.h:657

void mbedtls_mpi_core_exp_mod_unsafe(mbedtls_mpi_uint *X, const mbedtls_mpi_uint *A, const mbedtls_mpi_uint *N, size_t AN_limbs, const mbedtls_mpi_uint *E, size_t E_limbs, const mbedtls_mpi_uint *RR, mbedtls_mpi_uint *T);

Implemented in bignum_core.c:951

Arguments

Argument

Description

The destination MPI, as a little endian array of length \p AN_limbs.

The base MPI, as a little endian array of length \p AN_limbs. Must be in Montgomery form.

The modulus, as a little endian array of length \p AN_limbs.

AN_limbs

The number of limbs in \p X, \p A, \p N, \p RR.

The exponent, as a little endian array of length \p E_limbs.

E_limbs

The number of limbs in \p E.

The precomputed residue of 2^{2*biL} modulo N, as a little endian array of length \p AN_limbs.

Temporary storage of at least the number of limbs returned by `mbedtls_mpi_core_exp_mod_working_limbs()`. Its initial content is unused and its final content is indeterminate. It must not alias or otherwise overlap any of the other parameters. It is up to the caller to zeroize \p T when it is no longer needed, and before freeing it if it was dynamically allocated.