37.3.4.7 Small Multiply, Add, Subtract, Exclusive OR

This purpose of this service is to multiply a large number X by a single-word number, MulValue, and perform an optional accumulation/subtract with a large number Z, returning the result R.

The following options are available:

• Work in the GF(2ⁿ) or in the standard GF(p) arithmetic integer field
• Add of a supplemental CarryOperand
• Overlap of the operands is possible, taking into account some constraints
• Modulo-reduction of the computation result (see Modular Reduction from Related Links)

This service processes the following operation (if not computing a modular reduction of the result):

R = [Z] ± (MulValue × X + CarryOperand)

Or (if computing a modular reduction of the result):

R = ([Z] ± (MulValue × X + CarryOperand))mod N

The service name for this operation is Smult.

The result of the Small Multiply Operation is stored on u2RLength bytes, so the choice of this length compared to u2XLength may lead to:

• A truncation if the result is too big to be stored on u2RLengthbytes.
• A padding on the MSB side if the result does not take all the u2RLengthbytes.

  However, in all cases this rule must be followed:

  Important: The length of R must be greater than or equal to the length of X.

In these computations, the following parameters need to be provided:

• R the result (pointed by{nu1RBase,u2Rlength})
• X one input number or GF(2ⁿ) polynomial (pointed by{nu1XBase,u2XLength})
• Z one optional input number or GF(2ⁿ) polynomial (pointed by{nu1ZBase,u2Rlength}).
• MulValue one input number or GF(2ⁿ)polynomial on one word (provided in u4MulValue)
• CarryOperand (provided through the CarryOptions and Carry values).
  Important: Even if neither accumulation nor subtraction is specified, the nu1ZBase must always be filled and point to a Crypto RAM space. It this case, nu1ZBase can point to the same space as the nu1RBase.

If using the modular reduction option, the Multiply operation is followed by a reduction (see Modular Reduction from Related Links) and the following parameters must be additionally provided:

• N—the modulus (pointed by {nu1ModBase,u2Modlength +4})
• Cns—the reduction constant
  • In case of Big reduction, Cns is pointed by {nu1CnsBase,64bytes}.
  • In case of Fast or Normalized reduction, Cns is pointed by {nu1CnsBase,u2ModLength +8}
  Important:

  The result buffer R must first be padded with zero bytes until its length is sufficient to perform the reduction (2*u2ModLength + 8) to be used by the Modular Reduction service as an input parameter.

  The result of the reduction is written in the area X pointed by {nu1XBase, u2ModLength + 4}.

• For example, if relevant u2ModLength is 0x80 bytes and u2XLength is 0x80 too, the length of the Rspace may be 2*(u2ModLength + 4) = 0x108 bytes.

  In case of fast or normalized reduction, the length of the result may be u2ModLength + 4 so 0x84 bytes. Therefore, the zone X may lengths 0x84 bytes (at least). The multiplication of X by 1 word provide a result in the zone R which MSB bytes will be padded with zero bytes.

  In that example, the length of the zone R will be 2*u2ModLength + 8 = 0x108 bytes.

The options are set by the u2Options input parameter, which is composed of:

• The mandatory Small Multiplication operation option described in the following table.
• The mandatory CarryOperand option described in Smult Service (with Accumulate/Subtract From) Carry Settings and Smult Service Carry Settings tables.
• The facultative Modular Reduction option (see Modular Reduction). If the Modular Reduction is not requested, this option is absent.

The u2Options number is calculated by an “Inclusive OR” of the options. Some examples in C language are:

• Operation: Small Multiply only without carry and without Modular Reduction

  PUKCL(u2Options) = SET_MULTIPLIEROPTION(PUKCL_SMULT_ONLY) | SET_CARRYOPTION(CARRY_NONE);

• Operation: Small Multiply with addition with Specific/CarryIn addition and with Fast Modular Reduction

  PUKCL(u2Options) =SET_MULTIPLIEROPTION(PUKCL_SMULT_ADD) | SET_CARRYOPTION(ADD_CARRY) | PUKCL_REDMOD_REDUCTION | PUKCL_REDMOD_USING_FASTRED;

The following table lists all of the necessary parameters for the Small Multiply option. When the Addition or Subtraction option is not chosen, it is not necessary to fill in the nu1ZBase parameter.

PUKCL_PARAM PUKCLParam;
PPUKCL_PARAM pvPUKCLParam = &PUKCLParam;

// Gf2n and CarryIn shall be beforehand filled (with zero or one) 
PUKCL(Specific).Gf2n = ...;
PUKCL(Specific).CarryIn = ...; PUKCL(u2Options) =...;

// Depending on the option specified, all fields must not be filled 
PUKCL_Smult(nu1XBase) = <Base of the X number>; 
PUKCL_Smult(u2XLength) = <Length of the X number>; 
PUKCL_Smult(nu1RBase) = <Base of the R number>; 
PUKCL_Smult(u2RLength) = <Length of the R number>; 
PUKCL_Smult(nu1ZBase) = <Base of the Z number>; 
PUKCL_Smult(u4MulValue) = <Value to be multiplied with>;

// vPUKCL_Process() is a macro command, which populates the service name
// and then calls the library... 
vPUKCL_Process(Smult,pvPUKCLParam); 
if (PUKCL(u2Status) == PUKCL_OK)
            {
            // The Small multiplication has been executed correctly
            ...
            }
else // Manage the error

For the case of a small multiplication with an option indicating either subtraction or accumulation, the following conditions must be avoided to ensure the service works correctly:

• nu1XBase, nu1RBase or nu1ZBase are not aligned on 32-bit boundaries
• {nu1XBase, u2XLength}, {nu1ZLength, u2RLength} or {nu1RBase, u2RLength} do not entirely lie in Crypto RAM
• u2XLength or u2RLength is either: < 4, > 0xffc or not a 32-bit length or u2XLength >u2RLength
• {nu1RBase, u2RLength} overlaps {nu1XBase, u2XLength} or nu1R < nu1Z and {nu1RBase,u2RLength} overlaps {nu1ZBase, u2RLength}

If the nu1R value is greater or equals to the nu1Z one, the overlapping between R and Z is allowed.

If a modular reduction is specified, the relevant parameters must be defined according to the chosen reduction and follow the description in Modular Reduction. Additional constraints to be respected and error codes are described in this section and in Smult Service Return Codes.