mbedtls_mpi_mod_modulus struct

Setup a residue structure. The residue will be set up with the buffer \p p and modulus \p N. The memory pointed to by \p p will be used by the resulting residue structure. The value at the pointed-to memory will be the initial value of \p r and must hold a value that is less than the modulus. This value will be used as-is and interpreted according to the value of the `N->int_rep` field. The modulus \p N will be the modulus associated with \p r. The residue \p r should only be used in operations where the modulus is \p N.

Initialize a modulus structure.

Setup a modulus structure.

Setup an optimised-reduction compatible modulus structure.

Free elements of a modulus structure. This function frees any memory allocated by mbedtls_mpi_mod_modulus_setup(). \warning This function does not free the limb array passed to mbedtls_mpi_mod_modulus_setup() only removes the reference to it, making it safe to free or to use it again.

Multiply two residues, returning the residue modulo the specified modulus. The size of the operation is determined by \p N. \p A, \p B and \p X must all be associated with the modulus \p N and must all have the same number of limbs as \p N. \p X may be aliased to \p A or \p B, or even both, but may not overlap either otherwise. They may not alias \p N (since they must be in canonical form, they cannot == \p N).

Perform a fixed-size modular subtraction. Calculate `A - B modulo N`. \p A, \p B and \p X must all have the same number of limbs as \p N. \p X may be aliased to \p A or \p B, or even both, but may not overlap either otherwise.

Perform modular inversion of an MPI with respect to a modulus \p N. \p A and \p X must be associated with the modulus \p N and will therefore have the same number of limbs as \p N. \p X may be aliased to \p A. \warning Currently only supports prime moduli, but does not check for them.

Perform a fixed-size modular addition. Calculate `A + B modulo N`. \p A, \p B and \p X must all be associated with the modulus \p N and must all have the same number of limbs as \p N. \p X may be aliased to \p A or \p B, or even both, but may not overlap either otherwise.

Generate a random number uniformly in a range. This function generates a random number between \p min inclusive and \p N exclusive. The procedure complies with RFC 6979 §3.3 (deterministic ECDSA) when the RNG is a suitably parametrized instance of HMAC_DRBG and \p min is \c 1.

Read a residue from a byte buffer. The residue will be automatically converted to the internal representation based on the value of the `N->int_rep` field. The modulus \p N will be the modulus associated with \p r. The residue \p r should only be used in operations where the modulus is \p N or a modulus equivalent to \p N (in the sense that all their fields or memory pointed by their fields hold the same value).

Write a residue into a byte buffer. The modulus \p N must be the modulus associated with \p r (see mbedtls_mpi_mod_residue_setup() and mbedtls_mpi_mod_read()). The residue will be automatically converted from the internal representation based on the value of `N->int_rep` field. \warning If the buffer is smaller than `N->bits`, the number of leading zeroes is leaked through timing. If \p r is secret, the caller must ensure that \p buflen is at least (`N->bits`+7)/8.