Gitiles
Code Review Sign In
192.168.1.100 / T800_MD / b0f5b85a5b9d69cbfa1dd990d559a4a9c7d8f2a6 / . / mcu / interface / driver / che / ossl_bn.h
blob: 5f43a9038fbcd0af7169ed1e83bc0add9c8bfe20 [file] [log] [blame]
rjw6c1fd8f2022-11-30 14:33:01 +0800[diff] [blame]1/* crypto/bn/bn.h */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the Eric Young open source
118 * license provided above.
119 *
120 * The binary polynomial arithmetic software is originally written by
121 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
122 *
123 */
124
125#ifndef HEADER_BN_H
126#define HEADER_BN_H
127
128#include "ossl_typ.h"
129#include "kal_public_defs.h"
130
131#ifdef __cplusplus
132extern "C" {
133#endif
134
135
136/* These preprocessor symbols control various aspects of the bignum headers and
137 * library code. They're not defined by any "normal" configuration, as they are
138 * intended for development and testing purposes. NB: defining all three can be
139 * useful for debugging application code as well as openssl itself.
140 *
141 * BN_DEBUG - turn on various debugging alterations to the bignum code
142 * BN_DEBUG_RAND - uses random poisoning of unused words to trip up
143 * mismanagement of bignum internals. You must also define BN_DEBUG.
144 */
145/* #define BN_DEBUG */
146/* #define BN_DEBUG_RAND */
147
148#if 0
149#ifndef OPENSSL_SMALL_FOOTPRINT
150/* under construction !*/
151/* under construction !*/
152/* under construction !*/
153#endif
154#endif
155
156
157//#ifdef THIRTY_TWO_BIT
158#define BN_ULLONG unsigned long long
159#define BN_MASK (0xffffffffffffffffLL)
160
161#define BN_ULONG kal_uint32 // Raymomd
162#define BN_BITS 64
163#define BN_BYTES 4
164#define BN_BITS2 32
165#define BN_BITS4 16
166#define BN_MASK2 (0xffffffffL)
167#define BN_MASK2l (0xffff)
168#define BN_MASK2h1 (0xffff8000L)
169#define BN_MASK2h (0xffff0000L)
170#define BN_TBIT (0x80000000L)
171
172#define BN_FLG_MALLOCED 0x01
173#define BN_FLG_STATIC_DATA 0x02
174#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing,
175 * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
176 * BN_div() will call BN_div_no_branch,
177 * BN_mod_inverse() will call BN_mod_inverse_no_branch.
178 */
179#define BN_FLG_SECURE 0x08
180
181//#endif
182
183
184#define PTR_SIZE_INT size_t
185
186
187#ifndef OPENSSL_NO_DEPRECATED
188#define BN_FLG_FREE 0x8000 /* used for debuging */
189#endif
190#define BN_set_flags(b,n) ((b)->flags|=(n))
191#define BN_get_flags(b,n) ((b)->flags&(n))
192
193/* get a clone of a BIGNUM with changed flags, for *temporary* use only
194 * (the two BIGNUMs cannot not be used in parallel!) */
195#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \
196 (dest)->top=(b)->top, \
197 (dest)->dmax=(b)->dmax, \
198 (dest)->neg=(b)->neg, \
199 (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
200 | ((b)->flags & ~BN_FLG_MALLOCED) \
201 | BN_FLG_STATIC_DATA \
202 | (n)))
203
204struct bignum_st
205 {
206 BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
207 int top; /* Index of last used d +1. */
208 /* The next are internal book keeping for bn_expand. */
209 int dmax; /* Size of the d array. */
210 int neg; /* one if the number is negative */
211 int flags;
212 };
213
214/* Used for montgomery multiplication */
215struct bn_mont_ctx_st
216 {
217 int ri; /* number of bits in R */
218 BIGNUM RR; /* used to convert to montgomery form */
219 BIGNUM N; /* The modulus */
220 BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1
221 * (Ni is only stored for bignum algorithm) */
222 BN_ULONG n0[2];/* least significant word(s) of Ni;
223 (type changed with 0.9.9, was "BN_ULONG n0;" before) */
224 int flags;
225 };
226
227/*
228 * Used for reciprocal division/mod functions It cannot be shared between
229 * threads
230 */
231struct bn_recp_ctx_st {
232 BIGNUM N; /* the divisor */
233 BIGNUM Nr; /* the reciprocal */
234 int num_bits;
235 int shift;
236 int flags;
237};
238
239/* Used for slow "generation" functions. */
240struct bn_gencb_st
241 {
242 unsigned int ver; /* To handle binary (in)compatibility */
243 void *arg; /* callback-specific data */
244 union
245 {
246 /* if(ver==1) - handles old style callbacks */
247 void (*cb_1)(int, int, void *);
248 /* if(ver==2) - new callback style */
249 int (*cb_2)(int, int, BN_GENCB *);
250 } cb;
251 };
252
253
254/* number of Miller-Rabin iterations for an error rate of less than 2^-80
255 * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
256 * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
257 * original paper: Damgaard, Landrock, Pomerance: Average case error estimates
258 * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
259#define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \
260 (b) >= 850 ? 3 : \
261 (b) >= 650 ? 4 : \
262 (b) >= 550 ? 5 : \
263 (b) >= 450 ? 6 : \
264 (b) >= 400 ? 7 : \
265 (b) >= 350 ? 8 : \
266 (b) >= 300 ? 9 : \
267 (b) >= 250 ? 12 : \
268 (b) >= 200 ? 15 : \
269 (b) >= 150 ? 18 : \
270 /* b >= 100 */ 27)
271
272#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
273
274/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
275#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \
276 (((w) == 0) && ((a)->top == 0)))
277#define BN_is_zero(a) ((a)->top == 0)
278#define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg)
279#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))
280#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1))
281
282#define BN_one(a) (BN_set_word((a),1))
283#define BN_zero_ex(a) \
284 do { \
285 BIGNUM *_tmp_bn = (a); \
286 _tmp_bn->top = 0; \
287 _tmp_bn->neg = 0; \
288 } while(0)
289
290#ifdef OPENSSL_NO_DEPRECATED
291#define BN_zero(a) BN_zero_ex(a)
292#else
293#define BN_zero(a) (BN_set_word((a),0))
294#endif
295#define BN_prime_checks 0 /* default: select number of iterations
296 based on the size of the number */
297
298const BIGNUM *BN_value_one(void);
299BN_CTX *BN_CTX_new(void);
300BN_CTX *BN_CTX_secure_new(void);
301#ifndef OPENSSL_NO_DEPRECATED
302void BN_CTX_init(BN_CTX *c);
303#endif
304void BN_CTX_free(BN_CTX *c);
305void BN_CTX_start(BN_CTX *ctx);
306BIGNUM *BN_CTX_get(BN_CTX *ctx);
307void BN_CTX_end(BN_CTX *ctx);
308int BN_num_bits(const BIGNUM *a);
309int BN_num_bits_word(BN_ULONG);
310BIGNUM *BN_new(void);
311void BN_init(BIGNUM *);
312void BN_clear_free(BIGNUM *a);
313BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
314void BN_swap(BIGNUM *a, BIGNUM *b);
315BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
316int BN_bn2bin(const BIGNUM *a, unsigned char *to);
317int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
318int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
319int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
320int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
321int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
322int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
323int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
324int BN_rand_range(BIGNUM *r, const BIGNUM *range);
325BIGNUM *BN_secure_new(void);
326
327/** BN_set_negative sets sign of a BIGNUM
328 * \param b pointer to the BIGNUM object
329 * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise
330 */
331void BN_set_negative(BIGNUM *b, int n);
332/** BN_is_negative returns 1 if the BIGNUM is negative
333 * \param a pointer to the BIGNUM object
334 * \return 1 if a < 0 and 0 otherwise
335 */
336#define BN_is_negative(a) ((a)->neg != 0)
337
338int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
339 BN_CTX *ctx);
340#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
341int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
342int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
343int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
344int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
345int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
346int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
347 const BIGNUM *m, BN_CTX *ctx);
348int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
349int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
350int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
351int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx);
352int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
353
354BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
355BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
356int BN_mul_word(BIGNUM *a, BN_ULONG w);
357int BN_add_word(BIGNUM *a, BN_ULONG w);
358int BN_sub_word(BIGNUM *a, BN_ULONG w);
359int BN_set_word(BIGNUM *a, BN_ULONG w);
360BN_ULONG BN_get_word(const BIGNUM *a);
361
362int BN_cmp(const BIGNUM *a, const BIGNUM *b);
363void BN_free(BIGNUM *a);
364int BN_is_bit_set(const BIGNUM *a, int n);
365int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
366int BN_lshift1(BIGNUM *r, const BIGNUM *a);
367int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
368
369int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
370 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
371
372int BN_mask_bits(BIGNUM *a,int n);
373
374int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
375int BN_rshift1(BIGNUM *r, const BIGNUM *a);
376void BN_clear(BIGNUM *a);
377BIGNUM *BN_dup(const BIGNUM *a);
378int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
379int BN_set_bit(BIGNUM *a, int n);
380int BN_clear_bit(BIGNUM *a, int n);
381int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
382BIGNUM *BN_mod_inverse(BIGNUM *ret,
383 const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
384
385void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
386
387/* Deprecated versions */
388/*#ifndef OPENSSL_NO_DEPRECATED
389BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
390 const BIGNUM *add, const BIGNUM *rem,
391 void (*callback)(int,int,void *),void *cb_arg);
392int BN_is_prime(const BIGNUM *p,int nchecks,
393 void (*callback)(int,int,void *),
394 BN_CTX *ctx,void *cb_arg);
395int BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
396 void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
397 int do_trial_division);
398#endif*/ /* !defined(OPENSSL_NO_DEPRECATED) */
399
400/* Newer versions */
401/*int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
402 const BIGNUM *rem, BN_GENCB *cb);
403int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
404int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
405 int do_trial_division, BN_GENCB *cb);
406
407int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
408
409int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
410 const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
411 const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
412int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
413 BIGNUM *Xp1, BIGNUM *Xp2,
414 const BIGNUM *Xp,
415 const BIGNUM *e, BN_CTX *ctx,
416 BN_GENCB *cb);
417*/
418BN_MONT_CTX *BN_MONT_CTX_new(void );
419void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
420int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
421 BN_MONT_CTX *mont, BN_CTX *ctx);
422#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\
423 (r),(a),&((mont)->RR),(mont),(ctx))
424int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
425 BN_MONT_CTX *mont, BN_CTX *ctx);
426void BN_MONT_CTX_free(BN_MONT_CTX *mont);
427int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
428BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
429BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, kal_mutexid mutexid,
430 const BIGNUM *mod, BN_CTX *ctx);
431
432void BN_RECP_CTX_init(BN_RECP_CTX *recp);
433BN_RECP_CTX *BN_RECP_CTX_new(void);
434void BN_RECP_CTX_free(BN_RECP_CTX *recp);
435int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx);
436int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
437BN_RECP_CTX *recp, BN_CTX *ctx);
438int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
439BN_RECP_CTX *recp, BN_CTX *ctx);
440int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
441int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
442const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
443BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
444int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
445int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
446const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
447int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx);
448int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
449
450/* library internal functions */
451
452#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
453 (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
454#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
455BIGNUM *bn_expand2(BIGNUM *a, int words);
456
457#ifdef BN_DEBUG
458
459/* We only need assert() when debugging */
460#include <assert.h>
461
462#ifdef BN_DEBUG_RAND
463/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
464#ifndef RAND_pseudo_bytes
465int RAND_pseudo_bytes(unsigned char *buf,int num);
466#define BN_DEBUG_TRIX
467#endif
468#define bn_pollute(a) \
469 do { \
470 const BIGNUM *_bnum1 = (a); \
471 if(_bnum1->top < _bnum1->dmax) { \
472 unsigned char _tmp_char; \
473 /* We cast away const without the compiler knowing, any \
474 * *genuinely* constant variables that aren't mutable \
475 * wouldn't be constructed with top!=dmax. */ \
476 BN_ULONG *_not_const; \
477 memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
478 RAND_pseudo_bytes(&_tmp_char, 1); \
479 memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
480 (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
481 } \
482 } while(0)
483#ifdef BN_DEBUG_TRIX
484#undef RAND_pseudo_bytes
485#endif
486#else
487#define bn_pollute(a)
488#endif
489#define bn_check_top(a) \
490 do { \
491 const BIGNUM *_bnum2 = (a); \
492 if (_bnum2 != NULL) { \
493 assert((_bnum2->top == 0) || \
494 (_bnum2->d[_bnum2->top - 1] != 0)); \
495 bn_pollute(_bnum2); \
496 } \
497 } while(0)
498
499#define bn_fix_top(a) bn_check_top(a)
500
501#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
502#define bn_wcheck_size(bn, words) \
503 do { \
504 const BIGNUM *_bnum2 = (bn); \
505 assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
506 } while(0)
507
508#else /* !BN_DEBUG */
509
510#define bn_pollute(a)
511#define bn_check_top(a)
512#define bn_fix_top(a) bn_correct_top(a)
513#define bn_check_size(bn, bits)
514#define bn_wcheck_size(bn, words)
515
516#endif
517
518
519#define bn_correct_top(a) \
520 { \
521 BN_ULONG *ftl; \
522 int tmp_top = (a)->top; \
523 if (tmp_top > 0) \
524 { \
525 for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \
526 if (*(ftl--)) break; \
527 (a)->top = tmp_top; \
528 } \
529 bn_pollute(a); \
530 }
531
532
533BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
534BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
535void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
536BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
537BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
538BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
539
540signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len);
541int bn_get_top(const BIGNUM *a);
542BN_ULONG *bn_get_words(const BIGNUM *a);
543int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size);
544int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
545int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a,
546 const BIGNUM *field, BN_CTX *ctx);
547
548int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
549const BIGNUM *BN_get0_nist_prime_256(void);
550
551
552/* Error codes for the BN functions. */
553
554/* Function codes. */
555#define BN_F_BNRAND 127
556#define BN_F_BN_CTX_GET 116
557#define BN_F_BN_CTX_NEW 106
558#define BN_F_BN_CTX_START 129
559#define BN_F_BN_DIV 107
560#define BN_F_BN_EXPAND_INTERNAL 120
561#define BN_F_BN_MOD_EXP_MONT 109
562#define BN_F_BN_MOD_INVERSE 110
563#define BN_F_BN_MOD_INVERSE_NO_BRANCH 139
564#define BN_F_BN_MOD_LSHIFT_QUICK 119
565#define BN_F_BN_NEW 113
566#define BN_F_BN_USUB 115
567#define BN_F_BN_RAND_RANGE 122
568#define BN_F_BN_SET_WORDS 144
569#define BN_F_BN_COMPUTE_WNAF 142
570#define BN_F_BN_MOD_SQRT 121
571#define BN_F_BN_MOD_EXP_MONT_WORD 117
572#define BN_F_BN_MOD_EXP_SIMPLE 126
573#define BN_F_BN_MOD_EXP_RECP 125
574#define BN_F_BN_DIV_RECP 130
575
576/* Reason codes. */
577#define BN_R_ARG2_LT_ARG3 100
578#define BN_R_BIGNUM_TOO_LONG 114
579#define BN_R_CALLED_WITH_EVEN_MODULUS 102
580#define BN_R_DIV_BY_ZERO 103
581#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105
582#define BN_R_INPUT_NOT_REDUCED 110
583#define BN_R_NOT_INITIALIZED 107
584#define BN_R_NO_INVERSE 108
585#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109
586#define BN_R_TOO_MANY_ITERATIONS 113
587#define BN_R_INVALID_RANGE 115
588#define BN_R_P_IS_NOT_PRIME 112
589#define BN_R_NOT_A_SQUARE 111
590#define BN_R_BAD_RECIPROCAL 101
591
592#ifdef __cplusplus
593}
594#endif
595#endif