mbedtls_mpi_core_montmul() function

Montgomery multiplication: X = A * B * R^-1 mod N (HAC 14.36) \p A and \p B must be in canonical form. That is, < \p N. \p X may be aliased to \p A or \p N, or even \p B (if \p AN_limbs == \p B_limbs) but may not overlap any parameters otherwise. \p A and \p B may alias each other, if \p AN_limbs == \p B_limbs. They may not alias \p N (since they must be in canonical form, they cannot == \p N).

Syntax

Show:

Summary

Declaration

Definition

from bignum_core.h:504

void mbedtls_mpi_core_montmul(mbedtls_mpi_uint *X, const mbedtls_mpi_uint *A, const mbedtls_mpi_uint *B, size_t B_limbs, const mbedtls_mpi_uint *N, size_t AN_limbs, mbedtls_mpi_uint mm, mbedtls_mpi_uint *T);

Implemented in bignum_core.c:526

Arguments

Argument

Description

The destination MPI, as a little-endian array of length \p AN_limbs. On successful completion, X contains the result of the multiplication `A * B * R^-1` mod N where `R = 2^(biL*AN_limbs)`.

Little-endian presentation of first operand. Must have the same number of limbs as \p N.

Little-endian presentation of second operand.

B_limbs

The number of limbs in \p B. Must be <= \p AN_limbs.

Little-endian presentation of the modulus. This must be odd, and have exactly the same number of limbs as \p A. It may alias \p X, but must not alias or otherwise overlap any of the other parameters.

AN_limbs

The number of limbs in \p X, \p A and \p N.

The Montgomery constant for \p N: -N^-1 mod 2^biL. This can be calculated by `mbedtls_mpi_core_montmul_init()`.

Temporary storage of size at least 2*AN_limbs+1 limbs. Its initial content is unused and its final content is indeterminate. It must not alias or otherwise overlap any of the other parameters.