Add the Labs projects provided in the V10.2.1_191129 zip file.

[freertos] / FreeRTOS-Labs / Source / mbedtls / include / mbedtls / bignum.h

/**\r
 * \file bignum.h\r
 *\r
 * \brief Multi-precision integer library\r
 */\r
/*\r
 *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved\r
 *  SPDX-License-Identifier: Apache-2.0\r
 *\r
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may\r
 *  not use this file except in compliance with the License.\r
 *  You may obtain a copy of the License at\r
 *\r
 *  http://www.apache.org/licenses/LICENSE-2.0\r
 *\r
 *  Unless required by applicable law or agreed to in writing, software\r
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\r
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 *  See the License for the specific language governing permissions and\r
 *  limitations under the License.\r
 *\r
 *  This file is part of mbed TLS (https://tls.mbed.org)\r
 */\r
#ifndef MBEDTLS_BIGNUM_H\r
#define MBEDTLS_BIGNUM_H\r
\r
#if !defined(MBEDTLS_CONFIG_FILE)\r
#include "config.h"\r
#else\r
#include MBEDTLS_CONFIG_FILE\r
#endif\r
\r
#include <stddef.h>\r
#include <stdint.h>\r
\r
#if defined(MBEDTLS_FS_IO)\r
#include <stdio.h>\r
#endif\r
\r
#define MBEDTLS_ERR_MPI_FILE_IO_ERROR                     -0x0002  /**< An error occurred while reading from or writing to a file. */\r
#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA                    -0x0004  /**< Bad input parameters to function. */\r
#define MBEDTLS_ERR_MPI_INVALID_CHARACTER                 -0x0006  /**< There is an invalid character in the digit string. */\r
#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL                  -0x0008  /**< The buffer is too small to write to. */\r
#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE                    -0x000A  /**< The input arguments are negative or result in illegal output. */\r
#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO                  -0x000C  /**< The input argument for division is zero, which is not allowed. */\r
#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE                    -0x000E  /**< The input arguments are not acceptable. */\r
#define MBEDTLS_ERR_MPI_ALLOC_FAILED                      -0x0010  /**< Memory allocation failed. */\r
\r
#define MBEDTLS_MPI_CHK(f)       \\r
    do                           \\r
    {                            \\r
        if( ( ret = (f) ) != 0 ) \\r
            goto cleanup;        \\r
    } while( 0 )\r
\r
/*\r
 * Maximum size MPIs are allowed to grow to in number of limbs.\r
 */\r
#define MBEDTLS_MPI_MAX_LIMBS                             10000\r
\r
#if !defined(MBEDTLS_MPI_WINDOW_SIZE)\r
/*\r
 * Maximum window size used for modular exponentiation. Default: 6\r
 * Minimum value: 1. Maximum value: 6.\r
 *\r
 * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used\r
 * for the sliding window calculation. (So 64 by default)\r
 *\r
 * Reduction in size, reduces speed.\r
 */\r
#define MBEDTLS_MPI_WINDOW_SIZE                           6        /**< Maximum windows size used. */\r
#endif /* !MBEDTLS_MPI_WINDOW_SIZE */\r
\r
#if !defined(MBEDTLS_MPI_MAX_SIZE)\r
/*\r
 * Maximum size of MPIs allowed in bits and bytes for user-MPIs.\r
 * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )\r
 *\r
 * Note: Calculations can temporarily result in larger MPIs. So the number\r
 * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.\r
 */\r
#define MBEDTLS_MPI_MAX_SIZE                              1024     /**< Maximum number of bytes for usable MPIs. */\r
#endif /* !MBEDTLS_MPI_MAX_SIZE */\r
\r
#define MBEDTLS_MPI_MAX_BITS                              ( 8 * MBEDTLS_MPI_MAX_SIZE )    /**< Maximum number of bits for usable MPIs. */\r
\r
/*\r
 * When reading from files with mbedtls_mpi_read_file() and writing to files with\r
 * mbedtls_mpi_write_file() the buffer should have space\r
 * for a (short) label, the MPI (in the provided radix), the newline\r
 * characters and the '\0'.\r
 *\r
 * By default we assume at least a 10 char label, a minimum radix of 10\r
 * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).\r
 * Autosized at compile time for at least a 10 char label, a minimum radix\r
 * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size.\r
 *\r
 * This used to be statically sized to 1250 for a maximum of 4096 bit\r
 * numbers (1234 decimal chars).\r
 *\r
 * Calculate using the formula:\r
 *  MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +\r
 *                                LabelSize + 6\r
 */\r
#define MBEDTLS_MPI_MAX_BITS_SCALE100          ( 100 * MBEDTLS_MPI_MAX_BITS )\r
#define MBEDTLS_LN_2_DIV_LN_10_SCALE100                 332\r
#define MBEDTLS_MPI_RW_BUFFER_SIZE             ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )\r
\r
/*\r
 * Define the base integer type, architecture-wise.\r
 *\r
 * 32 or 64-bit integer types can be forced regardless of the underlying\r
 * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64\r
 * respectively and undefining MBEDTLS_HAVE_ASM.\r
 *\r
 * Double-width integers (e.g. 128-bit in 64-bit architectures) can be\r
 * disabled by defining MBEDTLS_NO_UDBL_DIVISION.\r
 */\r
#if !defined(MBEDTLS_HAVE_INT32)\r
    #if defined(_MSC_VER) && defined(_M_AMD64)\r
        /* Always choose 64-bit when using MSC */\r
        #if !defined(MBEDTLS_HAVE_INT64)\r
            #define MBEDTLS_HAVE_INT64\r
        #endif /* !MBEDTLS_HAVE_INT64 */\r
        typedef  int64_t mbedtls_mpi_sint;\r
        typedef uint64_t mbedtls_mpi_uint;\r
    #elif defined(__GNUC__) && (                         \\r
        defined(__amd64__) || defined(__x86_64__)     || \\r
        defined(__ppc64__) || defined(__powerpc64__)  || \\r
        defined(__ia64__)  || defined(__alpha__)      || \\r
        ( defined(__sparc__) && defined(__arch64__) ) || \\r
        defined(__s390x__) || defined(__mips64) )\r
        #if !defined(MBEDTLS_HAVE_INT64)\r
            #define MBEDTLS_HAVE_INT64\r
        #endif /* MBEDTLS_HAVE_INT64 */\r
        typedef  int64_t mbedtls_mpi_sint;\r
        typedef uint64_t mbedtls_mpi_uint;\r
        #if !defined(MBEDTLS_NO_UDBL_DIVISION)\r
            /* mbedtls_t_udbl defined as 128-bit unsigned int */\r
            typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));\r
            #define MBEDTLS_HAVE_UDBL\r
        #endif /* !MBEDTLS_NO_UDBL_DIVISION */\r
    #elif defined(__ARMCC_VERSION) && defined(__aarch64__)\r
        /*\r
         * __ARMCC_VERSION is defined for both armcc and armclang and\r
         * __aarch64__ is only defined by armclang when compiling 64-bit code\r
         */\r
        #if !defined(MBEDTLS_HAVE_INT64)\r
            #define MBEDTLS_HAVE_INT64\r
        #endif /* !MBEDTLS_HAVE_INT64 */\r
        typedef  int64_t mbedtls_mpi_sint;\r
        typedef uint64_t mbedtls_mpi_uint;\r
        #if !defined(MBEDTLS_NO_UDBL_DIVISION)\r
            /* mbedtls_t_udbl defined as 128-bit unsigned int */\r
            typedef __uint128_t mbedtls_t_udbl;\r
            #define MBEDTLS_HAVE_UDBL\r
        #endif /* !MBEDTLS_NO_UDBL_DIVISION */\r
    #elif defined(MBEDTLS_HAVE_INT64)\r
        /* Force 64-bit integers with unknown compiler */\r
        typedef  int64_t mbedtls_mpi_sint;\r
        typedef uint64_t mbedtls_mpi_uint;\r
    #endif\r
#endif /* !MBEDTLS_HAVE_INT32 */\r
\r
#if !defined(MBEDTLS_HAVE_INT64)\r
    /* Default to 32-bit compilation */\r
    #if !defined(MBEDTLS_HAVE_INT32)\r
        #define MBEDTLS_HAVE_INT32\r
    #endif /* !MBEDTLS_HAVE_INT32 */\r
    typedef  int32_t mbedtls_mpi_sint;\r
    typedef uint32_t mbedtls_mpi_uint;\r
    #if !defined(MBEDTLS_NO_UDBL_DIVISION)\r
        typedef uint64_t mbedtls_t_udbl;\r
        #define MBEDTLS_HAVE_UDBL\r
    #endif /* !MBEDTLS_NO_UDBL_DIVISION */\r
#endif /* !MBEDTLS_HAVE_INT64 */\r
\r
#ifdef __cplusplus\r
extern "C" {\r
#endif\r
\r
/**\r
 * \brief          MPI structure\r
 */\r
typedef struct mbedtls_mpi\r
{\r
    int s;              /*!<  integer sign      */\r
    size_t n;           /*!<  total # of limbs  */\r
    mbedtls_mpi_uint *p;          /*!<  pointer to limbs  */\r
}\r
mbedtls_mpi;\r
\r
/**\r
 * \brief           Initialize an MPI context.\r
 *\r
 *                  This makes the MPI ready to be set or freed,\r
 *                  but does not define a value for the MPI.\r
 *\r
 * \param X         The MPI context to initialize. This must not be \c NULL.\r
 */\r
void mbedtls_mpi_init( mbedtls_mpi *X );\r
\r
/**\r
 * \brief          This function frees the components of an MPI context.\r
 *\r
 * \param X        The MPI context to be cleared. This may be \c NULL,\r
 *                 in which case this function is a no-op. If it is\r
 *                 not \c NULL, it must point to an initialized MPI.\r
 */\r
void mbedtls_mpi_free( mbedtls_mpi *X );\r
\r
/**\r
 * \brief          Enlarge an MPI to the specified number of limbs.\r
 *\r
 * \note           This function does nothing if the MPI is\r
 *                 already large enough.\r
 *\r
 * \param X        The MPI to grow. It must be initialized.\r
 * \param nblimbs  The target number of limbs.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.\r
 * \return         Another negative error code on other kinds of failure.\r
 */\r
int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );\r
\r
/**\r
 * \brief          This function resizes an MPI downwards, keeping at least the\r
 *                 specified number of limbs.\r
 *\r
 *                 If \c X is smaller than \c nblimbs, it is resized up\r
 *                 instead.\r
 *\r
 * \param X        The MPI to shrink. This must point to an initialized MPI.\r
 * \param nblimbs  The minimum number of limbs to keep.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed\r
 *                 (this can only happen when resizing up).\r
 * \return         Another negative error code on other kinds of failure.\r
 */\r
int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );\r
\r
/**\r
 * \brief          Make a copy of an MPI.\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param Y        The source MPI. This must point to an initialized MPI.\r
 *\r
 * \note           The limb-buffer in the destination MPI is enlarged\r
 *                 if necessary to hold the value in the source MPI.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.\r
 * \return         Another negative error code on other kinds of failure.\r
 */\r
int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );\r
\r
/**\r
 * \brief          Swap the contents of two MPIs.\r
 *\r
 * \param X        The first MPI. It must be initialized.\r
 * \param Y        The second MPI. It must be initialized.\r
 */\r
void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );\r
\r
/**\r
 * \brief          Perform a safe conditional copy of MPI which doesn't\r
 *                 reveal whether the condition was true or not.\r
 *\r
 * \param X        The MPI to conditionally assign to. This must point\r
 *                 to an initialized MPI.\r
 * \param Y        The MPI to be assigned from. This must point to an\r
 *                 initialized MPI.\r
 * \param assign   The condition deciding whether to perform the\r
 *                 assignment or not. Possible values:\r
 *                 * \c 1: Perform the assignment `X = Y`.\r
 *                 * \c 0: Keep the original value of \p X.\r
 *\r
 * \note           This function is equivalent to\r
 *                      `if( assign ) mbedtls_mpi_copy( X, Y );`\r
 *                 except that it avoids leaking any information about whether\r
 *                 the assignment was done or not (the above code may leak\r
 *                 information through branch prediction and/or memory access\r
 *                 patterns analysis).\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.\r
 * \return         Another negative error code on other kinds of failure.\r
 */\r
int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );\r
\r
/**\r
 * \brief          Perform a safe conditional swap which doesn't\r
 *                 reveal whether the condition was true or not.\r
 *\r
 * \param X        The first MPI. This must be initialized.\r
 * \param Y        The second MPI. This must be initialized.\r
 * \param assign   The condition deciding whether to perform\r
 *                 the swap or not. Possible values:\r
 *                 * \c 1: Swap the values of \p X and \p Y.\r
 *                 * \c 0: Keep the original values of \p X and \p Y.\r
 *\r
 * \note           This function is equivalent to\r
 *                      if( assign ) mbedtls_mpi_swap( X, Y );\r
 *                 except that it avoids leaking any information about whether\r
 *                 the assignment was done or not (the above code may leak\r
 *                 information through branch prediction and/or memory access\r
 *                 patterns analysis).\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.\r
 * \return         Another negative error code on other kinds of failure.\r
 *\r
 */\r
int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );\r
\r
/**\r
 * \brief          Store integer value in MPI.\r
 *\r
 * \param X        The MPI to set. This must be initialized.\r
 * \param z        The value to use.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.\r
 * \return         Another negative error code on other kinds of failure.\r
 */\r
int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );\r
\r
/**\r
 * \brief          Get a specific bit from an MPI.\r
 *\r
 * \param X        The MPI to query. This must be initialized.\r
 * \param pos      Zero-based index of the bit to query.\r
 *\r
 * \return         \c 0 or \c 1 on success, depending on whether bit \c pos\r
 *                 of \c X is unset or set.\r
 * \return         A negative error code on failure.\r
 */\r
int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );\r
\r
/**\r
 * \brief          Modify a specific bit in an MPI.\r
 *\r
 * \note           This function will grow the target MPI if necessary to set a\r
 *                 bit to \c 1 in a not yet existing limb. It will not grow if\r
 *                 the bit should be set to \c 0.\r
 *\r
 * \param X        The MPI to modify. This must be initialized.\r
 * \param pos      Zero-based index of the bit to modify.\r
 * \param val      The desired value of bit \c pos: \c 0 or \c 1.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.\r
 * \return         Another negative error code on other kinds of failure.\r
 */\r
int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );\r
\r
/**\r
 * \brief          Return the number of bits of value \c 0 before the\r
 *                 least significant bit of value \c 1.\r
 *\r
 * \note           This is the same as the zero-based index of\r
 *                 the least significant bit of value \c 1.\r
 *\r
 * \param X        The MPI to query.\r
 *\r
 * \return         The number of bits of value \c 0 before the least significant\r
 *                 bit of value \c 1 in \p X.\r
 */\r
size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );\r
\r
/**\r
 * \brief          Return the number of bits up to and including the most\r
 *                 significant bit of value \c 1.\r
 *\r
 * * \note         This is same as the one-based index of the most\r
 *                 significant bit of value \c 1.\r
 *\r
 * \param X        The MPI to query. This must point to an initialized MPI.\r
 *\r
 * \return         The number of bits up to and including the most\r
 *                 significant bit of value \c 1.\r
 */\r
size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );\r
\r
/**\r
 * \brief          Return the total size of an MPI value in bytes.\r
 *\r
 * \param X        The MPI to use. This must point to an initialized MPI.\r
 *\r
 * \note           The value returned by this function may be less than\r
 *                 the number of bytes used to store \p X internally.\r
 *                 This happens if and only if there are trailing bytes\r
 *                 of value zero.\r
 *\r
 * \return         The least number of bytes capable of storing\r
 *                 the absolute value of \p X.\r
 */\r
size_t mbedtls_mpi_size( const mbedtls_mpi *X );\r
\r
/**\r
 * \brief          Import an MPI from an ASCII string.\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param radix    The numeric base of the input string.\r
 * \param s        Null-terminated string buffer.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         A negative error code on failure.\r
 */\r
int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );\r
\r
/**\r
 * \brief          Export an MPI to an ASCII string.\r
 *\r
 * \param X        The source MPI. This must point to an initialized MPI.\r
 * \param radix    The numeric base of the output string.\r
 * \param buf      The buffer to write the string to. This must be writable\r
 *                 buffer of length \p buflen Bytes.\r
 * \param buflen   The available size in Bytes of \p buf.\r
 * \param olen     The address at which to store the length of the string\r
 *                 written, including the  final \c NULL byte. This must\r
 *                 not be \c NULL.\r
 *\r
 * \note           You can call this function with `buflen == 0` to obtain the\r
 *                 minimum required buffer size in `*olen`.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf\r
 *                 is too small to hold the value of \p X in the desired base.\r
 *                 In this case, `*olen` is nonetheless updated to contain the\r
 *                 size of \p buf required for a successful call.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,\r
                              char *buf, size_t buflen, size_t *olen );\r
\r
#if defined(MBEDTLS_FS_IO)\r
/**\r
 * \brief          Read an MPI from a line in an opened file.\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param radix    The numeric base of the string representation used\r
 *                 in the source line.\r
 * \param fin      The input file handle to use. This must not be \c NULL.\r
 *\r
 * \note           On success, this function advances the file stream\r
 *                 to the end of the current line or to EOF.\r
 *\r
 *                 The function returns \c 0 on an empty line.\r
 *\r
 *                 Leading whitespaces are ignored, as is a\r
 *                 '0x' prefix for radix \c 16.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the file read buffer\r
 *                 is too small.\r
 * \return         Another negative error code on failure.\r
 */\r
int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );\r
\r
/**\r
 * \brief          Export an MPI into an opened file.\r
 *\r
 * \param p        A string prefix to emit prior to the MPI data.\r
 *                 For example, this might be a label, or "0x" when\r
 *                 printing in base \c 16. This may be \c NULL if no prefix\r
 *                 is needed.\r
 * \param X        The source MPI. This must point to an initialized MPI.\r
 * \param radix    The numeric base to be used in the emitted string.\r
 * \param fout     The output file handle. This may be \c NULL, in which case\r
 *                 the output is written to \c stdout.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         A negative error code on failure.\r
 */\r
int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X,\r
                            int radix, FILE *fout );\r
#endif /* MBEDTLS_FS_IO */\r
\r
/**\r
 * \brief          Import an MPI from unsigned big endian binary data.\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param buf      The input buffer. This must be a readable buffer of length\r
 *                 \p buflen Bytes.\r
 * \param buflen   The length of the input buffer \p p in Bytes.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf,\r
                             size_t buflen );\r
\r
/**\r
 * \brief          Import X from unsigned binary data, little endian\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param buf      The input buffer. This must be a readable buffer of length\r
 *                 \p buflen Bytes.\r
 * \param buflen   The length of the input buffer \p p in Bytes.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,\r
                                const unsigned char *buf, size_t buflen );\r
\r
/**\r
 * \brief          Export X into unsigned binary data, big endian.\r
 *                 Always fills the whole buffer, which will start with zeros\r
 *                 if the number is smaller.\r
 *\r
 * \param X        The source MPI. This must point to an initialized MPI.\r
 * \param buf      The output buffer. This must be a writable buffer of length\r
 *                 \p buflen Bytes.\r
 * \param buflen   The size of the output buffer \p buf in Bytes.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't\r
 *                 large enough to hold the value of \p X.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf,\r
                              size_t buflen );\r
\r
/**\r
 * \brief          Export X into unsigned binary data, little endian.\r
 *                 Always fills the whole buffer, which will end with zeros\r
 *                 if the number is smaller.\r
 *\r
 * \param X        The source MPI. This must point to an initialized MPI.\r
 * \param buf      The output buffer. This must be a writable buffer of length\r
 *                 \p buflen Bytes.\r
 * \param buflen   The size of the output buffer \p buf in Bytes.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't\r
 *                 large enough to hold the value of \p X.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,\r
                                 unsigned char *buf, size_t buflen );\r
\r
/**\r
 * \brief          Perform a left-shift on an MPI: X <<= count\r
 *\r
 * \param X        The MPI to shift. This must point to an initialized MPI.\r
 * \param count    The number of bits to shift by.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );\r
\r
/**\r
 * \brief          Perform a right-shift on an MPI: X >>= count\r
 *\r
 * \param X        The MPI to shift. This must point to an initialized MPI.\r
 * \param count    The number of bits to shift by.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );\r
\r
/**\r
 * \brief          Compare the absolute values of two MPIs.\r
 *\r
 * \param X        The left-hand MPI. This must point to an initialized MPI.\r
 * \param Y        The right-hand MPI. This must point to an initialized MPI.\r
 *\r
 * \return         \c 1 if `|X|` is greater than `|Y|`.\r
 * \return         \c -1 if `|X|` is lesser than `|Y|`.\r
 * \return         \c 0 if `|X|` is equal to `|Y|`.\r
 */\r
int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );\r
\r
/**\r
 * \brief          Compare two MPIs.\r
 *\r
 * \param X        The left-hand MPI. This must point to an initialized MPI.\r
 * \param Y        The right-hand MPI. This must point to an initialized MPI.\r
 *\r
 * \return         \c 1 if \p X is greater than \p Y.\r
 * \return         \c -1 if \p X is lesser than \p Y.\r
 * \return         \c 0 if \p X is equal to \p Y.\r
 */\r
int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );\r
\r
/**\r
 * \brief          Compare an MPI with an integer.\r
 *\r
 * \param X        The left-hand MPI. This must point to an initialized MPI.\r
 * \param z        The integer value to compare \p X to.\r
 *\r
 * \return         \c 1 if \p X is greater than \p z.\r
 * \return         \c -1 if \p X is lesser than \p z.\r
 * \return         \c 0 if \p X is equal to \p z.\r
 */\r
int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );\r
\r
/**\r
 * \brief          Perform an unsigned addition of MPIs: X = |A| + |B|\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param A        The first summand. This must point to an initialized MPI.\r
 * \param B        The second summand. This must point to an initialized MPI.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A,\r
                         const mbedtls_mpi *B );\r
\r
/**\r
 * \brief          Perform an unsigned subtraction of MPIs: X = |A| - |B|\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param A        The minuend. This must point to an initialized MPI.\r
 * \param B        The subtrahend. This must point to an initialized MPI.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A.\r
 * \return         Another negative error code on different kinds of failure.\r
 *\r
 */\r
int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A,\r
                         const mbedtls_mpi *B );\r
\r
/**\r
 * \brief          Perform a signed addition of MPIs: X = A + B\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param A        The first summand. This must point to an initialized MPI.\r
 * \param B        The second summand. This must point to an initialized MPI.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,\r
                         const mbedtls_mpi *B );\r
\r
/**\r
 * \brief          Perform a signed subtraction of MPIs: X = A - B\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param A        The minuend. This must point to an initialized MPI.\r
 * \param B        The subtrahend. This must point to an initialized MPI.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,\r
                         const mbedtls_mpi *B );\r
\r
/**\r
 * \brief          Perform a signed addition of an MPI and an integer: X = A + b\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param A        The first summand. This must point to an initialized MPI.\r
 * \param b        The second summand.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A,\r
                         mbedtls_mpi_sint b );\r
\r
/**\r
 * \brief          Perform a signed subtraction of an MPI and an integer:\r
 *                 X = A - b\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param A        The minuend. This must point to an initialized MPI.\r
 * \param b        The subtrahend.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A,\r
                         mbedtls_mpi_sint b );\r
\r
/**\r
 * \brief          Perform a multiplication of two MPIs: X = A * B\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param A        The first factor. This must point to an initialized MPI.\r
 * \param B        The second factor. This must point to an initialized MPI.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         Another negative error code on different kinds of failure.\r
 *\r
 */\r
int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,\r
                         const mbedtls_mpi *B );\r
\r
/**\r
 * \brief          Perform a multiplication of an MPI with an unsigned integer:\r
 *                 X = A * b\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param A        The first factor. This must point to an initialized MPI.\r
 * \param b        The second factor.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         Another negative error code on different kinds of failure.\r
 *\r
 */\r
int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,\r
                         mbedtls_mpi_uint b );\r
\r
/**\r
 * \brief          Perform a division with remainder of two MPIs:\r
 *                 A = Q * B + R\r
 *\r
 * \param Q        The destination MPI for the quotient.\r
 *                 This may be \c NULL if the value of the\r
 *                 quotient is not needed.\r
 * \param R        The destination MPI for the remainder value.\r
 *                 This may be \c NULL if the value of the\r
 *                 remainder is not needed.\r
 * \param A        The dividend. This must point to an initialized MPi.\r
 * \param B        The divisor. This must point to an initialized MPI.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.\r
 * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,\r
                         const mbedtls_mpi *B );\r
\r
/**\r
 * \brief          Perform a division with remainder of an MPI by an integer:\r
 *                 A = Q * b + R\r
 *\r
 * \param Q        The destination MPI for the quotient.\r
 *                 This may be \c NULL if the value of the\r
 *                 quotient is not needed.\r
 * \param R        The destination MPI for the remainder value.\r
 *                 This may be \c NULL if the value of the\r
 *                 remainder is not needed.\r
 * \param A        The dividend. This must point to an initialized MPi.\r
 * \param b        The divisor.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.\r
 * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,\r
                         mbedtls_mpi_sint b );\r
\r
/**\r
 * \brief          Perform a modular reduction. R = A mod B\r
 *\r
 * \param R        The destination MPI for the residue value.\r
 *                 This must point to an initialized MPI.\r
 * \param A        The MPI to compute the residue of.\r
 *                 This must point to an initialized MPI.\r
 * \param B        The base of the modular reduction.\r
 *                 This must point to an initialized MPI.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.\r
 * \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative.\r
 * \return         Another negative error code on different kinds of failure.\r
 *\r
 */\r
int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A,\r
                         const mbedtls_mpi *B );\r
\r
/**\r
 * \brief          Perform a modular reduction with respect to an integer.\r
 *                 r = A mod b\r
 *\r
 * \param r        The address at which to store the residue.\r
 *                 This must not be \c NULL.\r
 * \param A        The MPI to compute the residue of.\r
 *                 This must point to an initialized MPi.\r
 * \param b        The integer base of the modular reduction.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.\r
 * \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,\r
                         mbedtls_mpi_sint b );\r
\r
/**\r
 * \brief          Perform a sliding-window exponentiation: X = A^E mod N\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param A        The base of the exponentiation.\r
 *                 This must point to an initialized MPI.\r
 * \param E        The exponent MPI. This must point to an initialized MPI.\r
 * \param N        The base for the modular reduction. This must point to an\r
 *                 initialized MPI.\r
 * \param _RR      A helper MPI depending solely on \p N which can be used to\r
 *                 speed-up multiple modular exponentiations for the same value\r
 *                 of \p N. This may be \c NULL. If it is not \c NULL, it must\r
 *                 point to an initialized MPI. If it hasn't been used after\r
 *                 the call to mbedtls_mpi_init(), this function will compute\r
 *                 the helper value and store it in \p _RR for reuse on\r
 *                 subsequent calls to this function. Otherwise, the function\r
 *                 will assume that \p _RR holds the helper value set by a\r
 *                 previous call to mbedtls_mpi_exp_mod(), and reuse it.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or\r
 *                 even, or if \c E is negative.\r
 * \return         Another negative error code on different kinds of failures.\r
 *\r
 */\r
int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,\r
                         const mbedtls_mpi *E, const mbedtls_mpi *N,\r
                         mbedtls_mpi *_RR );\r
\r
/**\r
 * \brief          Fill an MPI with a number of random bytes.\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param size     The number of random bytes to generate.\r
 * \param f_rng    The RNG function to use. This must not be \c NULL.\r
 * \param p_rng    The RNG parameter to be passed to \p f_rng. This may be\r
 *                 \c NULL if \p f_rng doesn't need a context argument.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         Another negative error code on failure.\r
 *\r
 * \note           The bytes obtained from the RNG are interpreted\r
 *                 as a big-endian representation of an MPI; this can\r
 *                 be relevant in applications like deterministic ECDSA.\r
 */\r
int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,\r
                     int (*f_rng)(void *, unsigned char *, size_t),\r
                     void *p_rng );\r
\r
/**\r
 * \brief          Compute the greatest common divisor: G = gcd(A, B)\r
 *\r
 * \param G        The destination MPI. This must point to an initialized MPI.\r
 * \param A        The first operand. This must point to an initialized MPI.\r
 * \param B        The second operand. This must point to an initialized MPI.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         Another negative error code on different kinds of failure.\r
 */\r
int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A,\r
                     const mbedtls_mpi *B );\r
\r
/**\r
 * \brief          Compute the modular inverse: X = A^-1 mod N\r
 *\r
 * \param X        The destination MPI. This must point to an initialized MPI.\r
 * \param A        The MPI to calculate the modular inverse of. This must point\r
 *                 to an initialized MPI.\r
 * \param N        The base of the modular inversion. This must point to an\r
 *                 initialized MPI.\r
 *\r
 * \return         \c 0 if successful.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than\r
 *                 or equal to one.\r
 * \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse\r
 *                 with respect to \p N.\r
 */\r
int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,\r
                         const mbedtls_mpi *N );\r
\r
#if !defined(MBEDTLS_DEPRECATED_REMOVED)\r
#if defined(MBEDTLS_DEPRECATED_WARNING)\r
#define MBEDTLS_DEPRECATED      __attribute__((deprecated))\r
#else\r
#define MBEDTLS_DEPRECATED\r
#endif\r
/**\r
 * \brief          Perform a Miller-Rabin primality test with error\r
 *                 probability of 2<sup>-80</sup>.\r
 *\r
 * \deprecated     Superseded by mbedtls_mpi_is_prime_ext() which allows\r
 *                 specifying the number of Miller-Rabin rounds.\r
 *\r
 * \param X        The MPI to check for primality.\r
 *                 This must point to an initialized MPI.\r
 * \param f_rng    The RNG function to use. This must not be \c NULL.\r
 * \param p_rng    The RNG parameter to be passed to \p f_rng.\r
 *                 This may be \c NULL if \p f_rng doesn't use a\r
 *                 context parameter.\r
 *\r
 * \return         \c 0 if successful, i.e. \p X is probably prime.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.\r
 * \return         Another negative error code on other kinds of failure.\r
 */\r
MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X,\r
                          int (*f_rng)(void *, unsigned char *, size_t),\r
                          void *p_rng );\r
#undef MBEDTLS_DEPRECATED\r
#endif /* !MBEDTLS_DEPRECATED_REMOVED */\r
\r
/**\r
 * \brief          Miller-Rabin primality test.\r
 *\r
 * \warning        If \p X is potentially generated by an adversary, for example\r
 *                 when validating cryptographic parameters that you didn't\r
 *                 generate yourself and that are supposed to be prime, then\r
 *                 \p rounds should be at least the half of the security\r
 *                 strength of the cryptographic algorithm. On the other hand,\r
 *                 if \p X is chosen uniformly or non-adversially (as is the\r
 *                 case when mbedtls_mpi_gen_prime calls this function), then\r
 *                 \p rounds can be much lower.\r
 *\r
 * \param X        The MPI to check for primality.\r
 *                 This must point to an initialized MPI.\r
 * \param rounds   The number of bases to perform the Miller-Rabin primality\r
 *                 test for. The probability of returning 0 on a composite is\r
 *                 at most 2<sup>-2*\p rounds</sup>.\r
 * \param f_rng    The RNG function to use. This must not be \c NULL.\r
 * \param p_rng    The RNG parameter to be passed to \p f_rng.\r
 *                 This may be \c NULL if \p f_rng doesn't use\r
 *                 a context parameter.\r
 *\r
 * \return         \c 0 if successful, i.e. \p X is probably prime.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.\r
 * \return         Another negative error code on other kinds of failure.\r
 */\r
int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,\r
                              int (*f_rng)(void *, unsigned char *, size_t),\r
                              void *p_rng );\r
/**\r
 * \brief Flags for mbedtls_mpi_gen_prime()\r
 *\r
 * Each of these flags is a constraint on the result X returned by\r
 * mbedtls_mpi_gen_prime().\r
 */\r
typedef enum {\r
    MBEDTLS_MPI_GEN_PRIME_FLAG_DH =      0x0001, /**< (X-1)/2 is prime too */\r
    MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2<sup>-80</sup> to 2<sup>-128</sup> */\r
} mbedtls_mpi_gen_prime_flag_t;\r
\r
/**\r
 * \brief          Generate a prime number.\r
 *\r
 * \param X        The destination MPI to store the generated prime in.\r
 *                 This must point to an initialized MPi.\r
 * \param nbits    The required size of the destination MPI in bits.\r
 *                 This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS.\r
 * \param flags    A mask of flags of type #mbedtls_mpi_gen_prime_flag_t.\r
 * \param f_rng    The RNG function to use. This must not be \c NULL.\r
 * \param p_rng    The RNG parameter to be passed to \p f_rng.\r
 *                 This may be \c NULL if \p f_rng doesn't use\r
 *                 a context parameter.\r
 *\r
 * \return         \c 0 if successful, in which case \p X holds a\r
 *                 probably prime number.\r
 * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.\r
 * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between\r
 *                 \c 3 and #MBEDTLS_MPI_MAX_BITS.\r
 */\r
int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,\r
                   int (*f_rng)(void *, unsigned char *, size_t),\r
                   void *p_rng );\r
\r
#if defined(MBEDTLS_SELF_TEST)\r
\r
/**\r
 * \brief          Checkup routine\r
 *\r
 * \return         0 if successful, or 1 if the test failed\r
 */\r
int mbedtls_mpi_self_test( int verbose );\r
\r
#endif /* MBEDTLS_SELF_TEST */\r
\r
#ifdef __cplusplus\r
}\r
#endif\r
\r
#endif /* bignum.h */\r