| yuezonghe | 824eb0c | 2024-06-27 02:32:26 -0700 | [diff] [blame^] | 1 | =pod |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, |
| 6 | BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd - |
| 7 | arithmetic operations on BIGNUMs |
| 8 | |
| 9 | =head1 SYNOPSIS |
| 10 | |
| 11 | #include <openssl/bn.h> |
| 12 | |
| 13 | int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); |
| 14 | |
| 15 | int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); |
| 16 | |
| 17 | int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); |
| 18 | |
| 19 | int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); |
| 20 | |
| 21 | int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, |
| 22 | BN_CTX *ctx); |
| 23 | |
| 24 | int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); |
| 25 | |
| 26 | int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); |
| 27 | |
| 28 | int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, |
| 29 | BN_CTX *ctx); |
| 30 | |
| 31 | int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, |
| 32 | BN_CTX *ctx); |
| 33 | |
| 34 | int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, |
| 35 | BN_CTX *ctx); |
| 36 | |
| 37 | int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); |
| 38 | |
| 39 | BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); |
| 40 | |
| 41 | int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); |
| 42 | |
| 43 | int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, |
| 44 | const BIGNUM *m, BN_CTX *ctx); |
| 45 | |
| 46 | int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); |
| 47 | |
| 48 | =head1 DESCRIPTION |
| 49 | |
| 50 | BN_add() adds I<a> and I<b> and places the result in I<r> (C<r=a+b>). |
| 51 | I<r> may be the same B<BIGNUM> as I<a> or I<b>. |
| 52 | |
| 53 | BN_sub() subtracts I<b> from I<a> and places the result in I<r> (C<r=a-b>). |
| 54 | I<r> may be the same B<BIGNUM> as I<a> or I<b>. |
| 55 | |
| 56 | BN_mul() multiplies I<a> and I<b> and places the result in I<r> (C<r=a*b>). |
| 57 | I<r> may be the same B<BIGNUM> as I<a> or I<b>. |
| 58 | For multiplication by powers of 2, use L<BN_lshift(3)>. |
| 59 | |
| 60 | BN_sqr() takes the square of I<a> and places the result in I<r> |
| 61 | (C<r=a^2>). I<r> and I<a> may be the same B<BIGNUM>. |
| 62 | This function is faster than BN_mul(r,a,a). |
| 63 | |
| 64 | BN_div() divides I<a> by I<d> and places the result in I<dv> and the |
| 65 | remainder in I<rem> (C<dv=a/d, rem=a%d>). Either of I<dv> and I<rem> may |
| 66 | be B<NULL>, in which case the respective value is not returned. |
| 67 | The result is rounded towards zero; thus if I<a> is negative, the |
| 68 | remainder will be zero or negative. |
| 69 | For division by powers of 2, use BN_rshift(3). |
| 70 | |
| 71 | BN_mod() corresponds to BN_div() with I<dv> set to B<NULL>. |
| 72 | |
| 73 | BN_nnmod() reduces I<a> modulo I<m> and places the nonnegative |
| 74 | remainder in I<r>. |
| 75 | |
| 76 | BN_mod_add() adds I<a> to I<b> modulo I<m> and places the nonnegative |
| 77 | result in I<r>. |
| 78 | |
| 79 | BN_mod_sub() subtracts I<b> from I<a> modulo I<m> and places the |
| 80 | nonnegative result in I<r>. |
| 81 | |
| 82 | BN_mod_mul() multiplies I<a> by I<b> and finds the nonnegative |
| 83 | remainder respective to modulus I<m> (C<r=(a*b) mod m>). I<r> may be |
| 84 | the same B<BIGNUM> as I<a> or I<b>. For more efficient algorithms for |
| 85 | repeated computations using the same modulus, see |
| 86 | L<BN_mod_mul_montgomery(3)> and |
| 87 | L<BN_mod_mul_reciprocal(3)>. |
| 88 | |
| 89 | BN_mod_sqr() takes the square of I<a> modulo B<m> and places the |
| 90 | result in I<r>. |
| 91 | |
| 92 | BN_mod_sqrt() returns the modular square root of I<a> such that |
| 93 | C<in^2 = a (mod p)>. The modulus I<p> must be a |
| 94 | prime, otherwise an error or an incorrect "result" will be returned. |
| 95 | The result is stored into I<in> which can be NULL. The result will be |
| 96 | newly allocated in that case. |
| 97 | |
| 98 | BN_exp() raises I<a> to the I<p>-th power and places the result in I<r> |
| 99 | (C<r=a^p>). This function is faster than repeated applications of |
| 100 | BN_mul(). |
| 101 | |
| 102 | BN_mod_exp() computes I<a> to the I<p>-th power modulo I<m> (C<r=a^p % |
| 103 | m>). This function uses less time and space than BN_exp(). Do not call this |
| 104 | function when B<m> is even and any of the parameters have the |
| 105 | B<BN_FLG_CONSTTIME> flag set. |
| 106 | |
| 107 | BN_gcd() computes the greatest common divisor of I<a> and I<b> and |
| 108 | places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or |
| 109 | I<b>. |
| 110 | |
| 111 | For all functions, I<ctx> is a previously allocated B<BN_CTX> used for |
| 112 | temporary variables; see L<BN_CTX_new(3)>. |
| 113 | |
| 114 | Unless noted otherwise, the result B<BIGNUM> must be different from |
| 115 | the arguments. |
| 116 | |
| 117 | =head1 RETURN VALUES |
| 118 | |
| 119 | The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is |
| 120 | not a prime), or NULL. |
| 121 | |
| 122 | For all remaining functions, 1 is returned for success, 0 on error. The return |
| 123 | value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>). |
| 124 | The error codes can be obtained by L<ERR_get_error(3)>. |
| 125 | |
| 126 | =head1 SEE ALSO |
| 127 | |
| 128 | L<ERR_get_error(3)>, L<BN_CTX_new(3)>, |
| 129 | L<BN_add_word(3)>, L<BN_set_bit(3)> |
| 130 | |
| 131 | =head1 COPYRIGHT |
| 132 | |
| 133 | Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. |
| 134 | |
| 135 | Licensed under the OpenSSL license (the "License"). You may not use |
| 136 | this file except in compliance with the License. You can obtain a copy |
| 137 | in the file LICENSE in the source distribution or at |
| 138 | L<https://www.openssl.org/source/license.html>. |
| 139 | |
| 140 | =cut |