Update comments following code review
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
This commit is contained in:
parent
b496486cdc
commit
5dd97e60d5
3 changed files with 16 additions and 9 deletions
|
@ -1569,6 +1569,7 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
|
||||||
* (T->n >= 2 * N->n + 1).
|
* (T->n >= 2 * N->n + 1).
|
||||||
* Its initial content is unused and
|
* Its initial content is unused and
|
||||||
* its final content is indeterminate.
|
* its final content is indeterminate.
|
||||||
|
* It does not get reallocated.
|
||||||
*/
|
*/
|
||||||
static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B,
|
static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B,
|
||||||
const mbedtls_mpi *N, mbedtls_mpi_uint mm,
|
const mbedtls_mpi *N, mbedtls_mpi_uint mm,
|
||||||
|
|
|
@ -333,6 +333,11 @@ mbedtls_mpi_uint mbedtls_mpi_core_mla( mbedtls_mpi_uint *d, size_t d_len,
|
||||||
mbedtls_mpi_uint b )
|
mbedtls_mpi_uint b )
|
||||||
{
|
{
|
||||||
mbedtls_mpi_uint c = 0; /* carry */
|
mbedtls_mpi_uint c = 0; /* carry */
|
||||||
|
/*
|
||||||
|
* It is a documented precondition of this function that d_len >= s_len.
|
||||||
|
* If that's not the case, we swap these round: this turns what would be
|
||||||
|
* a buffer overflow into an incorrect result.
|
||||||
|
*/
|
||||||
if( d_len < s_len )
|
if( d_len < s_len )
|
||||||
s_len = d_len;
|
s_len = d_len;
|
||||||
size_t excess_len = d_len - s_len;
|
size_t excess_len = d_len - s_len;
|
||||||
|
@ -418,9 +423,7 @@ void mbedtls_mpi_core_montmul( mbedtls_mpi_uint *X,
|
||||||
* i.e. (carry, borrow) of (0, 0) => return X
|
* i.e. (carry, borrow) of (0, 0) => return X
|
||||||
* (0, 1) => return T
|
* (0, 1) => return T
|
||||||
*
|
*
|
||||||
* We've confirmed that the unit tests exercise this function with all 3 of
|
* (carry, borrow) = (1, 0) can't happen.
|
||||||
* the valid (carry, borrow) combinations (listed above), and that we don't
|
|
||||||
* see (carry, borrow) = (1, 0).
|
|
||||||
*
|
*
|
||||||
* So the correct return value is already in X if (carry ^ borrow) = 0,
|
* So the correct return value is already in X if (carry ^ borrow) = 0,
|
||||||
* but is in (the lower AN_limbs limbs of) T if (carry ^ borrow) = 1.
|
* but is in (the lower AN_limbs limbs of) T if (carry ^ borrow) = 1.
|
||||||
|
|
|
@ -190,11 +190,12 @@ mbedtls_mpi_uint mbedtls_mpi_core_add_if( mbedtls_mpi_uint *A,
|
||||||
/**
|
/**
|
||||||
* \brief Subtract two known-size large unsigned integers, returning the borrow.
|
* \brief Subtract two known-size large unsigned integers, returning the borrow.
|
||||||
*
|
*
|
||||||
* Calculate A - B where A and B have the same size.
|
* Calculate `A - B` where \p A and \p B have the same size.
|
||||||
* This function operates modulo (2^ciL)^limbs and returns the carry
|
* This function operates modulo `(2^ciL)^limbs` and returns the carry
|
||||||
* (1 if there was a wraparound, i.e. if `A < B`, and 0 otherwise).
|
* (1 if there was a wraparound, i.e. if `A < B`, and 0 otherwise).
|
||||||
*
|
*
|
||||||
* X may be aliased to A or B.
|
* \p X may be aliased to \p A or \p B, or even both, but may not overlap
|
||||||
|
* either otherwise.
|
||||||
*
|
*
|
||||||
* \param[out] X The result of the subtraction.
|
* \param[out] X The result of the subtraction.
|
||||||
* \param[in] A Little-endian presentation of left operand.
|
* \param[in] A Little-endian presentation of left operand.
|
||||||
|
@ -249,12 +250,14 @@ mbedtls_mpi_uint mbedtls_mpi_montg_init( const mbedtls_mpi_uint *N );
|
||||||
* the multiplication A * B * R^-1 mod N where
|
* the multiplication A * B * R^-1 mod N where
|
||||||
* R = (2^ciL)^AN_limbs.
|
* R = (2^ciL)^AN_limbs.
|
||||||
* \param[in] A Little-endian presentation of first operand.
|
* \param[in] A Little-endian presentation of first operand.
|
||||||
* Must have exactly \p AN_limbs limbs.
|
* Must have the same number of limbs as \p N.
|
||||||
* \param[in] B Little-endian presentation of second operand.
|
* \param[in] B Little-endian presentation of second operand.
|
||||||
* \param[in] B_limbs The number of limbs in \p B.
|
* \param[in] B_limbs The number of limbs in \p B.
|
||||||
|
* Must be <= \p AN_limbs.
|
||||||
* \param[in] N Little-endian presentation of the modulus.
|
* \param[in] N Little-endian presentation of the modulus.
|
||||||
* This must be odd and have exactly \p AN_limbs limbs.
|
* This must be odd, and have exactly the same number
|
||||||
* \param[in] AN_limbs The number of limbs in \p X, \p A, \p N.
|
* of limbs as \p A.
|
||||||
|
* \param[in] AN_limbs The number of limbs in \p X, \p A and \p N.
|
||||||
* \param mm The Montgomery constant for \p N: -N^-1 mod 2^ciL.
|
* \param mm The Montgomery constant for \p N: -N^-1 mod 2^ciL.
|
||||||
* This can be calculated by `mbedtls_mpi_montg_init()`.
|
* This can be calculated by `mbedtls_mpi_montg_init()`.
|
||||||
* \param[in,out] T Temporary storage of size at least 2*AN_limbs+1 limbs.
|
* \param[in,out] T Temporary storage of size at least 2*AN_limbs+1 limbs.
|
||||||
|
|
Loading…
Reference in a new issue