39 …t _nn_exp_monty_ladder_ltr(nn_t out, nn_src_t base, nn_src_t exp, nn_src_t mod, nn_src_t r, nn_src…  in _nn_exp_monty_ladder_ltr()  argument
71 	ret = nn_cmp(base, mod, &cmp); EG(ret, err);  in _nn_exp_monty_ladder_ltr()
74 		ret = nn_mod(&T[rbit], base, mod); EG(ret, err);  in _nn_exp_monty_ladder_ltr()
77 			ret = nn_mul_redc1(&T[rbit], &T[rbit], r_square, mod, mpinv); EG(ret, err);  in _nn_exp_monty_ladder_ltr()
83 			ret = nn_mul_redc1(&T[rbit], base, r_square, mod, mpinv); EG(ret, err);  in _nn_exp_monty_ladder_ltr()
94 		ret = nn_mul_redc1(&T[1-rbit], &T[rbit], &T[rbit], mod, mpinv); EG(ret, err);  in _nn_exp_monty_ladder_ltr()
97 		ret = nn_mod_mul(&T[1-rbit], &T[rbit], &T[rbit], mod); EG(ret, err);  in _nn_exp_monty_ladder_ltr()
114 			ret = nn_mul_redc1(&T[2], &T[expbit ^ rbit], &T[expbit ^ rbit], mod, mpinv); EG(ret, err);  in _nn_exp_monty_ladder_ltr()
117 			ret = nn_mod_mul(&T[2], &T[expbit ^ rbit], &T[expbit ^ rbit], mod); EG(ret, err);  in _nn_exp_monty_ladder_ltr()
121 			ret = nn_mul_redc1(&T[1], &T[0], &T[1], mod, mpinv); EG(ret, err);  in _nn_exp_monty_ladder_ltr()
124 			ret = nn_mod_mul(&T[1], &T[0], &T[1], mod); EG(ret, err);  in _nn_exp_monty_ladder_ltr()
135 		ret = nn_mul_redc1(&T[rbit], &T[rbit], &T[1 - rbit], mod, mpinv); EG(ret, err);  in _nn_exp_monty_ladder_ltr()
139 	/* Case with 0 bit exponent: T[1 - rbit] contains 1 modulo mod */  in _nn_exp_monty_ladder_ltr()
140 	ret = nn_mod(&T[1 - rbit], &T[1 - rbit], mod); EG(ret, err);  in _nn_exp_monty_ladder_ltr()
142 	ret = nn_mod(&T[2], base, mod); EG(ret, err);  in _nn_exp_monty_ladder_ltr()
160  * Reduces the base modulo mod if it is not already reduced,
162  * the information that base <= mod or not: please use with care
168  * Compute (base ** exp) mod (mod) using a Montgomery Ladder algorithm
170  * The module "mod" is expected to be odd for redcification to be used.
174 …tatic int _nn_mod_pow_redc(nn_t out, nn_src_t base, nn_src_t exp, nn_src_t mod, nn_src_t r, nn_src…  in _nn_mod_pow_redc()  argument
176 	return _nn_exp_monty_ladder_ltr(out, base, exp, mod, r, r_square, mpinv);  in _nn_mod_pow_redc()
182  * Reduces the base modulo mod if it is not already reduced,
184  * the information that base <= mod or not: please use with care
190  * Compute (base ** exp) mod (mod) using a Montgomery Ladder algorithm.
191  * This function works for all values of "mod", but is slower that the one
192  * using Montgomery multiplication (which only works for odd "mod"). Hence,
193  * it is only used on even "mod" by upper layers.
197 …TRIBUTE_WARN_UNUSED_RET static int _nn_mod_pow(nn_t out, nn_src_t base, nn_src_t exp, nn_src_t mod)  in _nn_mod_pow()  argument
201 	if ((out == base) || (out == exp) || (out == mod)) {  in _nn_mod_pow()
206 		ret = _nn_exp_monty_ladder_ltr(&_out, base, exp, mod, NULL, NULL, WORD(0)); EG(ret, err);  in _nn_mod_pow()
210 		ret = _nn_exp_monty_ladder_ltr(out, base, exp, mod, NULL, NULL, WORD(0));  in _nn_mod_pow()
222 …t _nn_mod_pow_redc_aliased(nn_t out, nn_src_t base, nn_src_t exp, nn_src_t mod, nn_src_t r, nn_src…  in _nn_mod_pow_redc_aliased()  argument
229 	ret = _nn_mod_pow_redc(&_out, base, exp, mod, r, r_square, mpinv); EG(ret, err);  in _nn_mod_pow_redc_aliased()
244 int nn_mod_pow_redc(nn_t out, nn_src_t base, nn_src_t exp, nn_src_t mod, nn_src_t r, nn_src_t r_squ…  in nn_mod_pow_redc()  argument
250 	ret = nn_check_initialized(mod); EG(ret, err);  in nn_mod_pow_redc()
255 	ret = nn_isodd(mod, &isodd); EG(ret, err);  in nn_mod_pow_redc()
262 	if(mod->wlen < 2){  in nn_mod_pow_redc()
268 		ret = nn_copy(&_mod, mod); EG(ret, err1);  in nn_mod_pow_redc()
271 		if ((out == base) || (out == exp) || (out == mod) || (out == r) || (out == r_square)) {  in nn_mod_pow_redc()
282 		if ((out == base) || (out == exp) || (out == mod) || (out == r) || (out == r_square)) {  in nn_mod_pow_redc()
283 			ret = _nn_mod_pow_redc_aliased(out, base, exp, mod, r, r_square, mpinv);  in nn_mod_pow_redc()
285 			ret = _nn_mod_pow_redc(out, base, exp, mod, r, r_square, mpinv);  in nn_mod_pow_redc()
298  * Compute (base ** exp) mod (mod) using a Montgomery Ladder algorithm.
304 int nn_mod_pow(nn_t out, nn_src_t base, nn_src_t exp, nn_src_t mod)  in nn_mod_pow()  argument
315 	ret = nn_isodd(mod, &isodd); EG(ret, err);  in nn_mod_pow()
317 		/* mod is even: use the regular unoptimized modular exponentiation */  in nn_mod_pow()
318 		ret = _nn_mod_pow(out, base, exp, mod);  in nn_mod_pow()
321 		/* mod is odd */  in nn_mod_pow()
323 		ret = nn_compute_redc1_coefs(&r, &r_square, mod, &mpinv); EG(ret, err);  in nn_mod_pow()
326 		ret = nn_mod_pow_redc(out, base, exp, mod, &r, &r_square, mpinv);  in nn_mod_pow()