Home | History | Annotate | Line # | Download | only in man3 
      1 =pod
      2 
      3 =head1 NAME
      4 
      5 BN_mod_exp_mont, BN_mod_exp_mont_consttime, BN_mod_exp_mont_consttime_x2 -
      6 Montgomery exponentiation
      7 
      8 =head1 SYNOPSIS
      9 
     10  #include <openssl/bn.h>
     11 
     12  int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
     13                      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
     14 
     15  int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
     16                                const BIGNUM *m, BN_CTX *ctx,
     17                                BN_MONT_CTX *in_mont);
     18 
     19  int BN_mod_exp_mont_consttime_x2(BIGNUM *rr1, const BIGNUM *a1,
     20                                   const BIGNUM *p1, const BIGNUM *m1,
     21                                   BN_MONT_CTX *in_mont1, BIGNUM *rr2,
     22                                   const BIGNUM *a2, const BIGNUM *p2,
     23                                   const BIGNUM *m2, BN_MONT_CTX *in_mont2,
     24                                   BN_CTX *ctx);
     25 
     26 =head1 DESCRIPTION
     27 
     28 BN_mod_exp_mont() computes I<a> to the I<p>-th power modulo I<m> (C<rr=a^p % m>)
     29 using Montgomery multiplication. I<in_mont> is a Montgomery context and can be
     30 NULL. In the case I<in_mont> is NULL, it will be initialized within the
     31 function, so you can save time on initialization if you provide it in advance.
     32 
     33 BN_mod_exp_mont_consttime() computes I<a> to the I<p>-th power modulo I<m>
     34 (C<rr=a^p % m>) using Montgomery multiplication. It is a variant of
     35 L<BN_mod_exp_mont(3)> that uses fixed windows and the special precomputation
     36 memory layout to limit data-dependency to a minimum to protect secret exponents.
     37 It is called automatically when L<BN_mod_exp_mont(3)> is called with parameters
     38 I<a>, I<p>, I<m>, any of which have B<BN_FLG_CONSTTIME> flag.
     39 
     40 BN_mod_exp_mont_consttime_x2() computes two independent exponentiations I<a1> to
     41 the I<p1>-th power modulo I<m1> (C<rr1=a1^p1 % m1>) and I<a2> to the I<p2>-th
     42 power modulo I<m2> (C<rr2=a2^p2 % m2>) using Montgomery multiplication. For some
     43 fixed and equal modulus sizes I<m1> and I<m2> it uses optimizations that allow
     44 to speedup two exponentiations. In all other cases the function reduces to two
     45 calls of L<BN_mod_exp_mont_consttime(3)>.
     46 
     47 =head1 RETURN VALUES
     48 
     49 For all functions 1 is returned for success, 0 on error.
     50 The error codes can be obtained by L<ERR_get_error(3)>.
     51 
     52 =head1 SEE ALSO
     53 
     54 L<ERR_get_error(3)>, L<BN_mod_exp_mont(3)>
     55 
     56 =head1 COPYRIGHT
     57 
     58 Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
     59 
     60 Licensed under the Apache License 2.0 (the "License").  You may not use
     61 this file except in compliance with the License.  You can obtain a copy
     62 in the file LICENSE in the source distribution or at
     63 L<https://www.openssl.org/source/license.html>.
     64 
     65 =cut
     66