43.3.4.9 Full Multiply

Purpose

The purpose of this service is to multiply two large numbers, X and Y, and optionally accumulate/subtract from a third large number, Z, returning the result, R.

The available options are as follows:

Work in the GF(2ⁿ) field or in the standard arithmetic field
Add of a supplemental CarryOperand
Overlap of the operands is possible, taking into account some constraints
Modular Reduction of the computation result (see Modular Reduction)

How to Use the Service

Description

This service provides the following (if not computing a modular reduction of the result):

R = [Z] ± (X × Y + CarryOperand)

Or (if computing a modular reduction of the result):

R = ([Z] ± (X × Y + CarryOperand))mod N

The service name for this operation is Fmult.

In these computations, the following data has to be provided:

R the result (pointed by {nu1RBase,u2Xlength +u2YLength})
X one input number or GF(2ⁿ) polynomial (pointed by{nu1XBase,u2XLength})
Y one input number or GF(2ⁿ) polynomial (pointed by{nu1YBase,u2YLength})
Z one optional input number or GF(2n) polynomial (pointed by {nu1ZBase,u2Xlength +u2YLength})
CarryOperand (provided through the Carry Options and Carry values)

Important: Even if neither accumulation nor subtraction is specified, the nu1ZBase must always be filled and point to a Crypto RAM space. It this case, nu1ZBase can point to the same space as the nu1RBase.

If using the big modular reduction option, the Multiply operation is followed by a reduction (see Modular Reduction). In this case, the length of Cns is 64 bytes.

If using the modular reduction option, the Multiply operation is followed by a reduction (see Modular Reduction). In this case the following parameters must be additionally provided:

N—the modulus (pointed by {nu1ModBase,u2Modlength +4})
Cns—the reduction constant
- In case of Big reduction, Cns is pointed by {nu1CnsBase,64bytes}.
- In case of Fast or Normalized reduction, Cns is pointed by (pointed by {nu1CnsBase,u2ModLength+ 8})

Note:

The result buffer R must first be padded with zero bytes until its length is sufficient to perform the reduction (2*u2ModLength + 8) to be used by the Modular Reduction service as an input parameter.

The result of the reduction is written in the area X pointed by {nu1XBase, u2ModLength + 4}.

For example, if u2ModLength, u2XLength and u2YLength are 0x80 bytes, the length of the R space is 2*(u2ModLength + 4) = 0x108 bytes because of the constraints of modular reduction.

In case of Fast or Normalized Reduction, the length of the result is u2ModLength + 4 so 0x84 bytes. Thus, the zone X has a length of 0x84 bytes (at least). The multiplication of X by Y provides a result of length 0x100 bytes in the zone R so the 8 MSB bytes must be previously padded with zero bytes (in offsets 0x100 to 0x107).

Parameters Definition

Table 43-25. Fmult Service Parameters
Parameter	Type	Direction	Location	Data Length	Before Executing the Service	After Executing the Service
u2Options	u2	I	–	–	Options (see below)	Options (see below)
Specific/Gf2n CarryIn	Bits	I	–	–	GF(2n) Bit and Carry In	–
Specific/CarryOut Zero Violation	Bits	I	–	–	–	Carry Out, Zero Bit and Violation Bit filled according to the result
nu1ModBase	nu1	I	Crypto RAM	u2ModLength + 4	Base of N	Base of N untouched
nu1CnsBase	nu1	I	Crypto RAM	u2ModLength + 8 or 64 bytes	Base of Cns	Base of Cns untouched
u2ModLength	u2	I	–	–	Length of N	Length of N
nu1XBase	nu1	I	Crypto RAM	u2XLength or u2ModLength + 4 (see Note 1)	Base of X	Base of X (see Note 2)
u2XLength	u2	I	–	–	Length of X	Length of X
nu1YBase	nu1	I	Crypto RAM	u2YLength	Base of Y	Base of Y
u2YLength	u2	I	–	–	Length of Y	Length of Y
nu1ZBase	nu1	I	Crypto RAM	u2XLength + u2YLength	Base of Z	Base of Z untouched
nu1RBase	nu1	I	Crypto RAM	u2XLength + u2YLength	Base of R	Base of R (see Note 3)

Note:

In case of a reduction option is specified, if necessary, the area X will be extended to u2ModLength + 4 bytes.
If FMult is without reduction, X is untouched. If FMult is with reduction, X is filled with the final result.
If FMult is without reduction, R is filled with the final result. If FMult is with reduction, R is corrupted.

Available Options

The options are set by the u2Options input parameter, which is composed of:

the mandatory Full Multiplication operation option described in Table 43-26
the mandatory CarryOperand option described in Table 43-27 and Table 43-28
the facultative Modular Reduction option (see Modular Reduction). If the Modular Reduction is not requested, this option is absent.

The u2Options number is calculated by an Inclusive OR of the options.

Some Examples in C language are:

Operation: Full Multiply only without carry and without Modular Reduction
PUKCL(u2Options) = SET_MULTIPLIEROPTION(PUKCL_FMULT_ONLY) | SET_CARRYOPTION(CARRY_NONE);
Operation: Full Multiply with addition with Specific/CarryIn addition and with Fast Modular Reduction
PUKCL(u2Options) = SET_MULTIPLIEROPTION(PUKCL_FMULT_ADD) |
SET_CARRYOPTION(ADD_CARRY) |
PUKCL_REDMOD_REDUCTION |
PUKCL_REDMOD_USING_FASTRED;

The following table shows all of the necessary parameters for the Full Multiply option. When the Addition or Subtraction option is not chosen, it is not necessary to fill in the nu1ZBase parameter.

Table 43-26. Fmult Service Options
Option	Purpose	Required Parameters
SET_MULTIPLIEROPTION(PUKCL_FMUL_ONLY)	Perform R = X*Y + CarryOperand	nu1RBase, nu1YBase, u2YLength, nu1XBase, u2XLength
SET_MULTIPLIEROPTION(PUKCL_FMUL_ADD)	Perform R = Z + X*Y + CarryOperand	nu1RBase, nu1ZBase, nu1YBase, u2YLength, nu1XBase, u2XLength
SET_MULTIPLIEROPTION(PUKCL_FMUL_SUB)	Perform R = Z - (X*Y + CarryOperand)	nu1RBase, nu1ZBase, nu1YBase, u2YLength, nu1Xlength, u2XLength

Code Example

PUKCL_PARAM PUKCLParam;
PPUKCL_PARAM pvPUKCLParam = &PUKCLParam;


// Gf2n and CarryIn shall be beforehand filled (with zero or one) 
PUKCL(Specific).Gf2n = ...;
PUKCL(Specific).CarryIn = ...;

PUKCL(u2Option) =...;
// Depending on the option specified, not all fields should be filled 
PUKCL_Fmult(nu1XBase) = <Base of the ram location of X>; 
PUKCL_Fmult(u2XLength) = <Length of X>;
PUKCL_Fmult(nu1YBase) = <Base of the ram location of Y>; 
PUKCL_Fmult(u2YLength) = <Length of Y>; 
PUKCL_Fmult(nu1ZBase) = <Base of the ram location of Z>; 
PUKCL_Fmult(nu1RBase) = <Base of the ram location of R>;

// vPUKCL_Process() is a macro command, which populates the service name
// and then calls the library... 
vPUKCL_Process(Fmult,pvPUKCLParam); 
if (PUKCL(u2Status) == PUKCL_OK)
            {
            // The Full multiply has been executed correctly
            ...
            }
else // Manage the error

Important Considerations for Modular Reduction of a Fmult Computation Result

Note:

Additional options are available through the use of a modular reduction to be executed at the end of this operation. Some important considerations have to be taken into account concerning the length of resulting operands to get a mathematically correct result.

The output of this operation is not always compatible with the modular reduction as it may be either smaller or bigger. In the case (most of the time) the result (pointed by nu1RBase) is smaller in size than “twice the modulus plus one word” by one word, a padding word must be added to zero. Otherwise, the reduced value will be taken considering the high order words (potentially uninitialized) as part of the number, thus resulting in getting a mathematically correct but unexpected result.

In the case that the result is bigger than twice the modulus plus one word, the modular reduction feature has to be executed as a separate operation, using an Euclidean division.

Constraints

The following conditions must be avoided to ensure that the service works correctly:

nu1XBase, nu1YBase, nu1RBase or nu1ZBase are not aligned on 32-bit boundaries
{nu1XBase, u2XLength}, {nu1YLength, u2YLength}, {nu1ZBase, u2XLength+u2YLength} or{nu1RBase, u2XLength+u2YLength} are not in Crypto RAM
u2XLength, u2YLength is either: < 4, > 0xffc or not a 32-bit length
{nu1RBase, u2XLength+u2YLength} overlaps {nu1YBase, u2YLength} or{nu1RBase, u2XLength+u2YLength} overlaps {nu1XBase, u2XLength}
{nu1RBase, u2XLength+u2YLength} overlaps {nu1ZBase, u2XLength+u2YLength} and nu1RBase> nu1ZBase

If a modular reduction is specified, the relevant parameters must be defined according to the chosen reduction and follow the description in Modular Reduction. Additional constraints to be respected and error codes are described in this section and in Table 43-49.

Multiplication with Accumulation or Subtraction

In the case where the options bits specify that either an Accumulation or a subtraction should be performed, this service performs the following operation:

R = (Z ± (X × Y + CarryOperand))mod B^{XLength +
YLength}

Table 43-27. Fmult Service (with Accumulate/Subtract From) Carry Settings
Option AND CARRYOPTIONS	CarryOperand	Resulting Operation
SET_CARRYOPTION(ADD_CARRY)	CarryIn	R = Z ± (X*Y + CarryIn)
SET_CARRYOPTION(SUB_CARRY)	- CarryIn	R = Z ± (X*Y - CarryIn)
SET_CARRYOPTION(ADD_1_PLUS_CARRY)	1 + CarryIn	R = Z ± (X*Y + 1 + CarryIn)
SET_CARRYOPTION(ADD_1_MINUS_CARRY)	1 - CarryIn	R = Z ± (X*Y + 1 - CarryIn)
SET_CARRYOPTION(CARRY_NONE)	0	R = Z ± (X*Y)
SET_CARRYOPTION(ADD_1)	1	R = Z ± (X*Y + 1)
SET_CARRYOPTION(SUB_1)	- 1	R = Z ± (X*Y - 1)
SET_CARRYOPTION(ADD_2)	2	R = Z ± (X*Y + 2)

Multiplication without Accumulation or Subtraction

In the case the options bits specify that either an Accumulation or a subtraction should be performed, this service performs the following operation:

R = (X × Y + CarryOperand)mod B^{XLength +
YLength}

Table 43-28. Fmult Service Carry Settings
Option AND CARRYOPTIONS	CarryOperand	Resulting Operation
SET_CARRYOPTION(ADD_CARRY)	CarryIn	R = X*Y + CarryIn
SET_CARRYOPTION(SUB_CARRY)	- CarryIn	R = X*Y - CarryIn
SET_CARRYOPTION(ADD_1_PLUS_CARRY)	1 + CarryIn	R = X*Y + 1 + CarryIn
SET_CARRYOPTION(ADD_1_MINUS_CARRY)	1 - CarryIn	R = X*Y + 1 - CarryIn
SET_CARRYOPTION(CARRY_NONE)	0	R = X*Y
SET_CARRYOPTION(ADD_1)	1	R = X*Y + 1
SET_CARRYOPTION(SUB_1)	- 1	R = X*Y - 1
SET_CARRYOPTION(ADD_2)	2	R = X*Y + 2

Status Returned Values

Table 43-29. Fmult Service Return Codes
Returned Status	Importance	Meaning
PUKCL_OK	–	Service functioned correctly