File bignum.h

Multi-precision integer library.

Defines

MBEDTLS_ERR_MPI_FILE_IO_ERROR

An error occurred while reading from or writing to a file.

MBEDTLS_ERR_MPI_BAD_INPUT_DATA

Bad input parameters to function.

MBEDTLS_ERR_MPI_INVALID_CHARACTER

There is an invalid character in the digit string.

MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL

The buffer is too small to write to.

MBEDTLS_ERR_MPI_NEGATIVE_VALUE

The input arguments are negative or result in illegal output.

MBEDTLS_ERR_MPI_DIVISION_BY_ZERO

The input argument for division is zero, which is not allowed.

MBEDTLS_ERR_MPI_NOT_ACCEPTABLE

The input arguments are not acceptable.

MBEDTLS_ERR_MPI_ALLOC_FAILED

Memory allocation failed.

MBEDTLS_MPI_CHK(f)
MBEDTLS_MPI_MAX_LIMBS
MBEDTLS_MPI_MAX_BITS

Maximum number of bits for usable MPIs.

MBEDTLS_MPI_MAX_BITS_SCALE100
MBEDTLS_LN_2_DIV_LN_10_SCALE100
MBEDTLS_MPI_RW_BUFFER_SIZE
MBEDTLS_HAVE_INT32
MBEDTLS_MPI_UINT_MAX

Typedefs

typedef int32_t mbedtls_mpi_sint

The signed type corresponding to mbedtls_mpi_uint.

This is always an signed integer type with no padding bits. The size is platform-dependent.

typedef uint32_t mbedtls_mpi_uint

The type of machine digits in a bignum, called limbs.

This is always an unsigned integer type with no padding bits. The size is platform-dependent.

typedef struct mbedtls_mpi mbedtls_mpi

MPI structure.

Enums

enum mbedtls_mpi_gen_prime_flag_t

Flags for mbedtls_mpi_gen_prime()

Each of these flags is a constraint on the result X returned by mbedtls_mpi_gen_prime().

Values:

enumerator MBEDTLS_MPI_GEN_PRIME_FLAG_DH

(X-1)/2 is prime too

enumerator MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR

lower error rate from 2-80 to 2-128

Functions

void mbedtls_mpi_init(mbedtls_mpi *X)

Initialize an MPI context. 

             This makes the MPI ready to be set or freed,
             but does not define a value for the MPI.
Parameters:

X – The MPI context to initialize. This must not be NULL.

void mbedtls_mpi_free(mbedtls_mpi *X)

This function frees the components of an MPI context.

Parameters:

X – The MPI context to be cleared. This may be NULL, in which case this function is a no-op. If it is not NULL, it must point to an initialized MPI.

int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs)

Enlarge an MPI to the specified number of limbs.

Note

This function does nothing if the MPI is already large enough.

Parameters:

  • X – The MPI to grow. It must be initialized.

  • nblimbs – The target number of limbs.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.

Returns:

Another negative error code on other kinds of failure.

int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs)

This function resizes an MPI downwards, keeping at least the specified number of limbs.

If X is smaller than nblimbs, it is resized up instead.

Parameters:

  • X – The MPI to shrink. This must point to an initialized MPI.

  • nblimbs – The minimum number of limbs to keep.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed (this can only happen when resizing up).

Returns:

Another negative error code on other kinds of failure.

int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y)

Make a copy of an MPI.

Note

The limb-buffer in the destination MPI is enlarged if necessary to hold the value in the source MPI.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • Y – The source MPI. This must point to an initialized MPI.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.

Returns:

Another negative error code on other kinds of failure.

void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y)

Swap the contents of two MPIs.

Parameters:

  • X – The first MPI. It must be initialized.

  • Y – The second MPI. It must be initialized.

int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign)

Perform a safe conditional copy of MPI which doesn’t reveal whether the condition was true or not.

Note

This function is equivalent to if( assign ) mbedtls_mpi_copy( X, Y ); except that it avoids leaking any information about whether the assignment was done or not (the above code may leak information through branch prediction and/or memory access patterns analysis).

Warning

If assign is neither 0 nor 1, the result of this function is indeterminate, and the resulting value in X might be neither its original value nor the value in Y.

Parameters:

  • X – The MPI to conditionally assign to. This must point to an initialized MPI.

  • Y – The MPI to be assigned from. This must point to an initialized MPI.

  • assign – The condition deciding whether to perform the assignment or not. Must be either 0 or 1:

    • 1: Perform the assignment X = Y.

    • 0: Keep the original value of X.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.

Returns:

Another negative error code on other kinds of failure.

int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap)

Perform a safe conditional swap which doesn’t reveal whether the condition was true or not.

Note

This function is equivalent to if( swap ) mbedtls_mpi_swap( X, Y ); except that it avoids leaking any information about whether the swap was done or not (the above code may leak information through branch prediction and/or memory access patterns analysis).

Warning

If swap is neither 0 nor 1, the result of this function is indeterminate, and both X and Y might end up with values different to either of the original ones.

Parameters:

  • X – The first MPI. This must be initialized.

  • Y – The second MPI. This must be initialized.

  • swap – The condition deciding whether to perform the swap or not. Must be either 0 or 1:

    • 1: Swap the values of X and Y.

    • 0: Keep the original values of X and Y.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.

Returns:

Another negative error code on other kinds of failure.

int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z)

Store integer value in MPI.

Parameters:

  • X – The MPI to set. This must be initialized.

  • z – The value to use.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.

Returns:

Another negative error code on other kinds of failure.

int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos)

Get a specific bit from an MPI.

Parameters:

  • X – The MPI to query. This must be initialized.

  • pos – Zero-based index of the bit to query.

Returns:

0 or 1 on success, depending on whether bit pos of X is unset or set.

Returns:

A negative error code on failure.

int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val)

Modify a specific bit in an MPI.

Note

This function will grow the target MPI if necessary to set a bit to 1 in a not yet existing limb. It will not grow if the bit should be set to 0.

Parameters:

  • X – The MPI to modify. This must be initialized.

  • pos – Zero-based index of the bit to modify.

  • val – The desired value of bit pos: 0 or 1.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.

Returns:

Another negative error code on other kinds of failure.

size_t mbedtls_mpi_lsb(const mbedtls_mpi *X)

Return the number of bits of value 0 before the least significant bit of value 1.

Note

This is the same as the zero-based index of the least significant bit of value 1.

Parameters:

X – The MPI to query.

Returns:

The number of bits of value 0 before the least significant bit of value 1 in X.

size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X)

Return the number of bits up to and including the most significant bit of value 1.

Note

This is same as the one-based index of the most significant bit of value 1.

Parameters:

X – The MPI to query. This must point to an initialized MPI.

Returns:

The number of bits up to and including the most significant bit of value 1.

size_t mbedtls_mpi_size(const mbedtls_mpi *X)

Return the total size of an MPI value in bytes.

Note

The value returned by this function may be less than the number of bytes used to store X internally. This happens if and only if there are trailing bytes of value zero.

Parameters:

X – The MPI to use. This must point to an initialized MPI.

Returns:

The least number of bytes capable of storing the absolute value of X.

int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s)

Import an MPI from an ASCII string.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • radix – The numeric base of the input string.

  • s – Null-terminated string buffer.

Returns:

0 if successful.

Returns:

A negative error code on failure.

int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix, char *buf, size_t buflen, size_t *olen)

Export an MPI to an ASCII string.

Note

You can call this function with buflen == 0 to obtain the minimum required buffer size in *olen.

Parameters:

  • X – The source MPI. This must point to an initialized MPI.

  • radix – The numeric base of the output string.

  • buf – The buffer to write the string to. This must be writable buffer of length buflen Bytes.

  • buflen – The available size in Bytes of buf.

  • olen – The address at which to store the length of the string written, including the final NULL byte. This must not be NULL.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer buf is too small to hold the value of X in the desired base. In this case, *olen is nonetheless updated to contain the size of buf required for a successful call.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin)

Read an MPI from a line in an opened file.

The function returns 0 on an empty line.

Leading whitespaces are ignored, as is a ‘0x’ prefix for radix 16.

Note

On success, this function advances the file stream to the end of the current line or to EOF.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • radix – The numeric base of the string representation used in the source line.

  • fin – The input file handle to use. This must not be NULL.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the file read buffer is too small.

Returns:

Another negative error code on failure.

int mbedtls_mpi_write_file(const char *p, const mbedtls_mpi *X, int radix, FILE *fout)

Export an MPI into an opened file.

Parameters:

  • p – A string prefix to emit prior to the MPI data. For example, this might be a label, or “0x” when printing in base 16. This may be NULL if no prefix is needed.

  • X – The source MPI. This must point to an initialized MPI.

  • radix – The numeric base to be used in the emitted string.

  • fout – The output file handle. This may be NULL, in which case the output is written to stdout.

Returns:

0 if successful.

Returns:

A negative error code on failure.

int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, size_t buflen)

Import an MPI from unsigned big endian binary data.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • buf – The input buffer. This must be a readable buffer of length buflen Bytes.

  • buflen – The length of the input buffer buf in Bytes.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_read_binary_le(mbedtls_mpi *X, const unsigned char *buf, size_t buflen)

Import X from unsigned binary data, little endian.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • buf – The input buffer. This must be a readable buffer of length buflen Bytes.

  • buflen – The length of the input buffer buf in Bytes.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_write_binary(const mbedtls_mpi *X, unsigned char *buf, size_t buflen)

Export X into unsigned binary data, big endian. Always fills the whole buffer, which will start with zeros if the number is smaller.

Parameters:

  • X – The source MPI. This must point to an initialized MPI.

  • buf – The output buffer. This must be a writable buffer of length buflen Bytes.

  • buflen – The size of the output buffer buf in Bytes.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if buf isn’t large enough to hold the value of X.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X, unsigned char *buf, size_t buflen)

Export X into unsigned binary data, little endian. Always fills the whole buffer, which will end with zeros if the number is smaller.

Parameters:

  • X – The source MPI. This must point to an initialized MPI.

  • buf – The output buffer. This must be a writable buffer of length buflen Bytes.

  • buflen – The size of the output buffer buf in Bytes.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if buf isn’t large enough to hold the value of X.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count)

Perform a left-shift on an MPI: X <<= count.

Parameters:

  • X – The MPI to shift. This must point to an initialized MPI. The MPI pointed by X may be resized to fit the resulting number.

  • count – The number of bits to shift by.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count)

Perform a right-shift on an MPI: X >>= count.

Parameters:

  • X – The MPI to shift. This must point to an initialized MPI.

  • count – The number of bits to shift by.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y)

Compare the absolute values of two MPIs.

Parameters:

  • X – The left-hand MPI. This must point to an initialized MPI.

  • Y – The right-hand MPI. This must point to an initialized MPI.

Returns:

1 if |X| is greater than |Y|.

Returns:

-1 if |X| is lesser than |Y|.

Returns:

0 if |X| is equal to |Y|.

int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y)

Compare two MPIs.

Parameters:

  • X – The left-hand MPI. This must point to an initialized MPI.

  • Y – The right-hand MPI. This must point to an initialized MPI.

Returns:

1 if X is greater than Y.

Returns:

-1 if X is lesser than Y.

Returns:

0 if X is equal to Y.

int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned *ret)

Check if an MPI is less than the other in constant time.

Parameters:

  • X – The left-hand MPI. This must point to an initialized MPI with the same allocated length as Y.

  • Y – The right-hand MPI. This must point to an initialized MPI with the same allocated length as X.

  • ret – The result of the comparison: 1 if X is less than Y. 0 if X is greater than or equal to Y.

Returns:

0 on success.

Returns:

MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of the two input MPIs is not the same.

int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z)

Compare an MPI with an integer.

Parameters:

  • X – The left-hand MPI. This must point to an initialized MPI.

  • z – The integer value to compare X to.

Returns:

1 if X is greater than z.

Returns:

-1 if X is lesser than z.

Returns:

0 if X is equal to z.

int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)

Perform an unsigned addition of MPIs: X = |A| + |B|.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • A – The first summand. This must point to an initialized MPI.

  • B – The second summand. This must point to an initialized MPI.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)

Perform an unsigned subtraction of MPIs: X = |A| - |B|.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • A – The minuend. This must point to an initialized MPI.

  • B – The subtrahend. This must point to an initialized MPI.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B is greater than A.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_add_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)

Perform a signed addition of MPIs: X = A + B.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • A – The first summand. This must point to an initialized MPI.

  • B – The second summand. This must point to an initialized MPI.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_sub_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)

Perform a signed subtraction of MPIs: X = A - B.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • A – The minuend. This must point to an initialized MPI.

  • B – The subtrahend. This must point to an initialized MPI.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b)

Perform a signed addition of an MPI and an integer: X = A + b.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • A – The first summand. This must point to an initialized MPI.

  • b – The second summand.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b)

Perform a signed subtraction of an MPI and an integer: X = A - b.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • A – The minuend. This must point to an initialized MPI.

  • b – The subtrahend.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B)

Perform a multiplication of two MPIs: X = A * B.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • A – The first factor. This must point to an initialized MPI.

  • B – The second factor. This must point to an initialized MPI.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b)

Perform a multiplication of an MPI with an unsigned integer: X = A * b.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • A – The first factor. This must point to an initialized MPI.

  • b – The second factor.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B)

Perform a division with remainder of two MPIs: A = Q * B + R.

Parameters:

  • Q – The destination MPI for the quotient. This may be NULL if the value of the quotient is not needed. This must not alias A or B.

  • R – The destination MPI for the remainder value. This may be NULL if the value of the remainder is not needed. This must not alias A or B.

  • A – The dividend. This must point to an initialized MPI.

  • B – The divisor. This must point to an initialized MPI.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.

Returns:

MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B equals zero.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b)

Perform a division with remainder of an MPI by an integer: A = Q * b + R.

Parameters:

  • Q – The destination MPI for the quotient. This may be NULL if the value of the quotient is not needed. This must not alias A.

  • R – The destination MPI for the remainder value. This may be NULL if the value of the remainder is not needed. This must not alias A.

  • A – The dividend. This must point to an initialized MPi.

  • b – The divisor.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.

Returns:

MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b equals zero.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B)

Perform a modular reduction. R = A mod B.

Parameters:

  • R – The destination MPI for the residue value. This must point to an initialized MPI.

  • A – The MPI to compute the residue of. This must point to an initialized MPI.

  • B – The base of the modular reduction. This must point to an initialized MPI.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B equals zero.

Returns:

MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B is negative.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b)

Perform a modular reduction with respect to an integer. r = A mod b.

Parameters:

  • r – The address at which to store the residue. This must not be NULL.

  • A – The MPI to compute the residue of. This must point to an initialized MPi.

  • b – The integer base of the modular reduction.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b equals zero.

Returns:

MBEDTLS_ERR_MPI_NEGATIVE_VALUE if b is negative.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *prec_RR)

Perform a modular exponentiation: X = A^E mod N.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI. This must not alias E or N.

  • A – The base of the exponentiation. This must point to an initialized MPI.

  • E – The exponent MPI. This must point to an initialized MPI.

  • N – The base for the modular reduction. This must point to an initialized MPI.

  • prec_RR – A helper MPI depending solely on N which can be used to speed-up multiple modular exponentiations for the same value of N. This may be NULL. If it is not NULL, it must point to an initialized MPI. If it hasn’t been used after the call to mbedtls_mpi_init(), this function will compute the helper value and store it in prec_RR for reuse on subsequent calls to this function. Otherwise, the function will assume that prec_RR holds the helper value set by a previous call to mbedtls_mpi_exp_mod(), and reuse it.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or even, or if E is negative.

Returns:

Another negative error code on different kinds of failures.

int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size, int (*f_rng)(void*, unsigned char*, size_t), void *p_rng)

Fill an MPI with a number of random bytes.

Note

The bytes obtained from the RNG are interpreted as a big-endian representation of an MPI; this can be relevant in applications like deterministic ECDSA.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • size – The number of random bytes to generate.

  • f_rng – The RNG function to use. This must not be NULL.

  • p_rng – The RNG parameter to be passed to f_rng. This may be NULL if f_rng doesn’t need a context argument.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

Another negative error code on failure.

int mbedtls_mpi_random(mbedtls_mpi *X, mbedtls_mpi_sint min, const mbedtls_mpi *N, int (*f_rng)(void*, unsigned char*, size_t), void *p_rng)

Generate a random number uniformly in a range.

This function generates a random number between min inclusive and N exclusive.

The procedure complies with RFC 6979 §3.3 (deterministic ECDSA) when the RNG is a suitably parametrized instance of HMAC_DRBG and min is 1.

Note

There are N - min possible outputs. The lower bound min can be reached, but the upper bound N cannot.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • min – The minimum value to return. It must be nonnegative.

  • N – The upper bound of the range, exclusive. In other words, this is one plus the maximum value to return. N must be strictly larger than min.

  • f_rng – The RNG function to use. This must not be NULL.

  • p_rng – The RNG parameter to be passed to f_rng.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

MBEDTLS_ERR_MPI_BAD_INPUT_DATA if min or N is invalid or if they are incompatible.

Returns:

MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was unable to find a suitable value within a limited number of attempts. This has a negligible probability if N is significantly larger than min, which is the case for all usual cryptographic applications.

Returns:

Another negative error code on failure.

int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B)

Compute the greatest common divisor: G = gcd(A, B)

Parameters:

  • G – The destination MPI. This must point to an initialized MPI.

  • A – The first operand. This must point to an initialized MPI.

  • B – The second operand. This must point to an initialized MPI.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

Another negative error code on different kinds of failure.

int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N)

Compute the modular inverse: X = A^-1 mod N.

Parameters:

  • X – The destination MPI. This must point to an initialized MPI.

  • A – The MPI to calculate the modular inverse of. This must point to an initialized MPI.

  • N – The base of the modular inversion. This must point to an initialized MPI.

Returns:

0 if successful.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is less than or equal to one.

Returns:

MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if A has no modular inverse with respect to N.

int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds, int (*f_rng)(void*, unsigned char*, size_t), void *p_rng)

Miller-Rabin primality test.

Warning

If X is potentially generated by an adversary, for example when validating cryptographic parameters that you didn’t generate yourself and that are supposed to be prime, then rounds should be at least the half of the security strength of the cryptographic algorithm. On the other hand, if X is chosen uniformly or non-adversarially (as is the case when mbedtls_mpi_gen_prime calls this function), then rounds can be much lower.

Parameters:

  • X – The MPI to check for primality. This must point to an initialized MPI.

  • rounds – The number of bases to perform the Miller-Rabin primality test for. The probability of returning 0 on a composite is at most 2-2* .

  • f_rng – The RNG function to use. This must not be NULL.

  • p_rng – The RNG parameter to be passed to f_rng. This may be NULL if f_rng doesn’t use a context parameter.

Returns:

0 if successful, i.e. X is probably prime.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime.

Returns:

Another negative error code on other kinds of failure.

int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags, int (*f_rng)(void*, unsigned char*, size_t), void *p_rng)

Generate a prime number.

Parameters:

  • X – The destination MPI to store the generated prime in. This must point to an initialized MPi.

  • nbits – The required size of the destination MPI in bits. This must be between 3 and MBEDTLS_MPI_MAX_BITS.

  • flags – A mask of flags of type mbedtls_mpi_gen_prime_flag_t.

  • f_rng – The RNG function to use. This must not be NULL.

  • p_rng – The RNG parameter to be passed to f_rng. This may be NULL if f_rng doesn’t use a context parameter.

Returns:

0 if successful, in which case X holds a probably prime number.

Returns:

MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.

Returns:

MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is not between 3 and MBEDTLS_MPI_MAX_BITS.

int mbedtls_mpi_self_test(int verbose)

Checkup routine.

Returns:

0 if successful, or 1 if the test failed

struct mbedtls_mpi
#include <bignum.h>

MPI structure.

Public Members

mbedtls_mpi_uint *private_p

Pointer to limbs.

This may be NULL if n is 0.

signed short private_s

Sign: -1 if the mpi is negative, 1 otherwise.

The number 0 must be represented with s = +1. Although many library functions treat all-limbs-zero as equivalent to a valid representation of 0 regardless of the sign bit, there are exceptions, so bignum functions and external callers must always set s to +1 for the number zero.

Note that this implies that calloc() or ... = {0} does not create a valid MPI representation. You must call mbedtls_mpi_init().

unsigned short private_n

Total number of limbs in p.