b3c1d18d03
manual when the specific function is refered to in the current manual text. This correction was originally introduced in OpenBSD's tracking of OpenSSL.
101 lines
3.2 KiB
Text
101 lines
3.2 KiB
Text
=pod
|
|
|
|
=head1 NAME
|
|
|
|
BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
|
|
BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy,
|
|
BN_from_montgomery, BN_to_montgomery - Montgomery multiplication
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/bn.h>
|
|
|
|
BN_MONT_CTX *BN_MONT_CTX_new(void);
|
|
void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
|
|
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
|
|
|
|
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
|
|
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
|
|
|
|
int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
|
|
BN_MONT_CTX *mont, BN_CTX *ctx);
|
|
|
|
int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
|
|
BN_CTX *ctx);
|
|
|
|
int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
|
|
BN_CTX *ctx);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
These functions implement Montgomery multiplication. They are used
|
|
automatically when L<BN_mod_exp(3)|BN_mod_exp(3)> is called with suitable input,
|
|
but they may be useful when several operations are to be performed
|
|
using the same modulus.
|
|
|
|
BN_MONT_CTX_new() allocates and initializes a B<BN_MONT_CTX> structure.
|
|
BN_MONT_CTX_init() initializes an existing uninitialized B<BN_MONT_CTX>.
|
|
|
|
BN_MONT_CTX_set() sets up the I<mont> structure from the modulus I<m>
|
|
by precomputing its inverse and a value R.
|
|
|
|
BN_MONT_CTX_copy() copies the B<BN_MONT_CTX> I<from> to I<to>.
|
|
|
|
BN_MONT_CTX_free() frees the components of the B<BN_MONT_CTX>, and, if
|
|
it was created by BN_MONT_CTX_new(), also the structure itself.
|
|
|
|
BN_mod_mul_montgomery() computes Mont(I<a>,I<b>):=I<a>*I<b>*R^-1 and places
|
|
the result in I<r>.
|
|
|
|
BN_from_montgomery() performs the Montgomery reduction I<r> = I<a>*R^-1.
|
|
|
|
BN_to_montgomery() computes Mont(I<a>,R^2), i.e. I<a>*R.
|
|
Note that I<a> must be non-negative and smaller than the modulus.
|
|
|
|
For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
|
|
temporary variables.
|
|
|
|
The B<BN_MONT_CTX> structure is defined as follows:
|
|
|
|
typedef struct bn_mont_ctx_st
|
|
{
|
|
int ri; /* number of bits in R */
|
|
BIGNUM RR; /* R^2 (used to convert to Montgomery form) */
|
|
BIGNUM N; /* The modulus */
|
|
BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1
|
|
* (Ni is only stored for bignum algorithm) */
|
|
BN_ULONG n0; /* least significant word of Ni */
|
|
int flags;
|
|
} BN_MONT_CTX;
|
|
|
|
BN_to_montgomery() is a macro.
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
BN_MONT_CTX_new() returns the newly allocated B<BN_MONT_CTX>, and NULL
|
|
on error.
|
|
|
|
BN_MONT_CTX_init() and BN_MONT_CTX_free() have no return values.
|
|
|
|
For the other functions, 1 is returned for success, 0 on error.
|
|
The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
|
|
|
|
=head1 WARNING
|
|
|
|
The inputs must be reduced modulo B<m>, otherwise the result will be
|
|
outside the expected range.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
|
|
L<BN_CTX_new(3)|BN_CTX_new(3)>
|
|
|
|
=head1 HISTORY
|
|
|
|
BN_MONT_CTX_new(), BN_MONT_CTX_free(), BN_MONT_CTX_set(),
|
|
BN_mod_mul_montgomery(), BN_from_montgomery() and BN_to_montgomery()
|
|
are available in all versions of SSLeay and OpenSSL.
|
|
|
|
BN_MONT_CTX_init() and BN_MONT_CTX_copy() were added in SSLeay 0.9.1b.
|
|
|
|
=cut
|