Lines Matching refs:Vf
1295 if (ctx->Vf.p != NULL) {
1299 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf));
1300 MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->N));
1305 /* Unblinding value: Vf = random number, invertible mod N */
1312 MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->Vf, ctx->len - 1, f_rng, p_rng));
1314 /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from inv_mod. */
1316 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vf, &R));
1319 /* At this point, Vi is invertible mod N if and only if both Vf and R
1330 /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */
1334 /* Blinding value: Vi = Vf^(-e) mod N
1335 * (Vi already contains Vf^-1 at this point) */
1347 * T = T * Vf mod N
1349 static int rsa_unblind(mbedtls_mpi *T, mbedtls_mpi *Vf, const mbedtls_mpi *N)
1364 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Vf, nlimbs));
1366 /* T = T * Vf mod N
1374 mbedtls_mpi_core_montmul(T->p, T->p, Vf->p, nlimbs, N->p, nlimbs, mm, M_T.p);
1566 * T = T * Vf mod N
1568 MBEDTLS_MPI_CHK(rsa_unblind(&T, &ctx->Vf, &ctx->N));
2797 MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Vf, &src->Vf));
2820 mbedtls_mpi_free(&ctx->Vf);