CR50: rename struct BIGNUM -> struct LITE_BIGNUM

The name BIGNUM collides with a namesake struct
in openssl.  It would be convenient to write
test code that compares results between openssl
and dcrypto, hence this rename.

Also rename some #defines that conflict with
openssl names.

BUG=chrome-os-partner:43025,chrome-os-partner:47524,chrome-os-partner:50115
TEST=build succeeds

Change-Id: Ic53ce805cfcc591c68fbc1ef90ff2f92cec973a6
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/360346
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>

5 files changed, 127 insertions, 121 deletions

diff --git a/board/cr50/tpm2/rsa.c b/board/cr50/tpm2/rsa.c
index ccd84ce77e..f39735db36 100644
--- a/board/cr50/tpm2/rsa.c
+++ b/board/cr50/tpm2/rsa.c
@@ -213,10 +213,10 @@ CRYPT_RESULT _cpri__ValidateSignatureRSA(
 CRYPT_RESULT _cpri__TestKeyRSA(TPM2B *d_buf, uint32_t e,
 			TPM2B *N_buf, TPM2B *p_buf, TPM2B *q_buf)
 {
-	struct BIGNUM N;
-	struct BIGNUM p;
-	struct BIGNUM q;
-	struct BIGNUM d;
+	struct LITE_BIGNUM N;
+	struct LITE_BIGNUM p;
+	struct LITE_BIGNUM q;
+	struct LITE_BIGNUM d;
 	int result;
 
 	if (!p_buf)
@@ -261,8 +261,9 @@ CRYPT_RESULT _cpri__TestKeyRSA(TPM2B *d_buf, uint32_t e,
  * TODO(ngm): tweak this value along with performance improvements. */
 #define MAX_GENERATE_ATTEMPTS 3
 
-static int generate_prime(struct BIGNUM *b, TPM_ALG_ID hashing, TPM2B *seed,
-			const char *label, TPM2B *extra, uint32_t *counter)
+static int generate_prime(struct LITE_BIGNUM *b, TPM_ALG_ID hashing,
+			TPM2B *seed, const char *label, TPM2B *extra,
+			uint32_t *counter)
 {
 	TPM2B_4_BYTE_VALUE marshaled_counter = { .t = {4} };
 	uint32_t i;
@@ -297,10 +298,10 @@ CRYPT_RESULT _cpri__GenerateKeyRSA(
 	const uint16_t num_bytes = num_bits / 8;
 	uint8_t q_buf[RSA_MAX_BYTES / 2];
 
-	struct BIGNUM e;
-	struct BIGNUM p;
-	struct BIGNUM q;
-	struct BIGNUM N;
+	struct LITE_BIGNUM e;
+	struct LITE_BIGNUM p;
+	struct LITE_BIGNUM q;
+	struct LITE_BIGNUM N;
 
 	uint32_t counter;
 	TPM2B_32_BYTE_VALUE local_seed = { .t = {32} };
@@ -795,7 +796,7 @@ static void rsa_command_handler(void *cmd_body,
 
 	TPM2B_128_BYTE_VALUE seed;
 	uint8_t bn_buf[RSA_MAX_BYTES];
-	struct BIGNUM bn;
+	struct LITE_BIGNUM bn;
 	char label[MAX_LABEL_LEN];
 
 	/* This is the SHA-256 hash of the RSA template from the TCG
diff --git a/chip/g/dcrypto/bn.c b/chip/g/dcrypto/bn.c
index ae76cb0858..26a8533839 100644
--- a/chip/g/dcrypto/bn.c
+++ b/chip/g/dcrypto/bn.c
@@ -16,21 +16,21 @@ extern void watchdog_reload(void);
 static inline void watchdog_reload(void) { }
 #endif
 
-void bn_init(struct BIGNUM *b, void *buf, size_t len)
+void bn_init(struct LITE_BIGNUM *b, void *buf, size_t len)
 {
 	DCRYPTO_bn_wrap(b, buf, len);
 	dcrypto_memset(buf, 0x00, len);
 }
 
-void DCRYPTO_bn_wrap(struct BIGNUM *b, void *buf, size_t len)
+void DCRYPTO_bn_wrap(struct LITE_BIGNUM *b, void *buf, size_t len)
 {
 	/* Only word-multiple sized buffers accepted. */
 	assert((len & 0x3) == 0);
-	b->dmax = len / BN_BYTES;
+	b->dmax = len / LITE_BN_BYTES;
 	b->d = (struct access_helper *) buf;
 }
 
-static int bn_eq(const struct BIGNUM *a, const struct BIGNUM *b)
+static int bn_eq(const struct LITE_BIGNUM *a, const struct LITE_BIGNUM *b)
 {
 	int i;
 	uint32_t top = 0;
@@ -52,42 +52,42 @@ static int bn_eq(const struct BIGNUM *a, const struct BIGNUM *b)
 	return 1;
 }
 
-static void bn_copy(struct BIGNUM *dst, const struct BIGNUM *src)
+static void bn_copy(struct LITE_BIGNUM *dst, const struct LITE_BIGNUM *src)
 {
 	dst->dmax = src->dmax;
 	memcpy(dst->d, src->d, bn_size(dst));
 }
 
-int bn_check_topbit(const struct BIGNUM *N)
+int bn_check_topbit(const struct LITE_BIGNUM *N)
 {
 	return BN_DIGIT(N, N->dmax - 1) >> 31;
 }
 
 /* a[n]. */
-int bn_is_bit_set(const struct BIGNUM *a, int n)
+int bn_is_bit_set(const struct LITE_BIGNUM *a, int n)
 {
 	int i, j;
 
 	if (n < 0)
 		return 0;
 
-	i = n / BN_BITS2;
-	j = n % BN_BITS2;
+	i = n / LITE_BN_BITS2;
+	j = n % LITE_BN_BITS2;
 	if (a->dmax <= i)
 		return 0;
 
 	return (BN_DIGIT(a, i) >> j) & 1;
 }
 
-static int bn_set_bit(const struct BIGNUM *a, int n)
+static int bn_set_bit(const struct LITE_BIGNUM *a, int n)
 {
 	int i, j;
 
 	if (n < 0)
 		return 0;
 
-	i = n / BN_BITS2;
-	j = n % BN_BITS2;
+	i = n / LITE_BN_BITS2;
+	j = n % LITE_BN_BITS2;
 	if (a->dmax <= i)
 		return 0;
 
@@ -97,7 +97,7 @@ static int bn_set_bit(const struct BIGNUM *a, int n)
 
 /* a[] >= b[]. */
 /* TODO(ngm): constant time. */
-static int bn_gte(const struct BIGNUM *a, const struct BIGNUM *b)
+static int bn_gte(const struct LITE_BIGNUM *a, const struct LITE_BIGNUM *b)
 {
 	int i;
 	uint32_t top = 0;
@@ -119,7 +119,7 @@ static int bn_gte(const struct BIGNUM *a, const struct BIGNUM *b)
 }
 
 /* c[] = c[] - a[], assumes c > a. */
-uint32_t bn_sub(struct BIGNUM *c, const struct BIGNUM *a)
+uint32_t bn_sub(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a)
 {
 	int64_t A = 0;
 	int i;
@@ -141,8 +141,8 @@ uint32_t bn_sub(struct BIGNUM *c, const struct BIGNUM *a)
 
 /* c[] = c[] - a[], negative numbers in 2's complement representation. */
 /* Returns borrow bit. */
-static uint32_t bn_signed_sub(struct BIGNUM *c, int *c_neg,
-		const struct BIGNUM *a, int a_neg)
+static uint32_t bn_signed_sub(struct LITE_BIGNUM *c, int *c_neg,
+		const struct LITE_BIGNUM *a, int a_neg)
 {
 	uint32_t carry = 0;
 	uint64_t A = 1;
@@ -167,7 +167,7 @@ static uint32_t bn_signed_sub(struct BIGNUM *c, int *c_neg,
 }
 
 /* c[] = c[] + a[]. */
-uint32_t bn_add(struct BIGNUM *c, const struct BIGNUM *a)
+uint32_t bn_add(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a)
 {
 	uint64_t A = 0;
 	int i;
@@ -189,8 +189,8 @@ uint32_t bn_add(struct BIGNUM *c, const struct BIGNUM *a)
 
 /* c[] = c[] + a[], negative numbers in 2's complement representation. */
 /* Returns carry bit. */
-static uint32_t bn_signed_add(struct BIGNUM *c, int *c_neg,
-			const struct BIGNUM *a, int a_neg)
+static uint32_t bn_signed_add(struct LITE_BIGNUM *c, int *c_neg,
+			const struct LITE_BIGNUM *a, int a_neg)
 {
 	uint32_t A = bn_add(c, a);
 	uint32_t carry;
@@ -201,7 +201,7 @@ static uint32_t bn_signed_add(struct BIGNUM *c, int *c_neg,
 }
 
 /* r[] <<= 1. */
-static uint32_t bn_lshift(struct BIGNUM *r)
+static uint32_t bn_lshift(struct LITE_BIGNUM *r)
 {
 	int i;
 	uint32_t w;
@@ -216,7 +216,7 @@ static uint32_t bn_lshift(struct BIGNUM *r)
 }
 
 /* r[] >>= 1.  Handles 2's complement negative numbers. */
-static void bn_rshift(struct BIGNUM *r, uint32_t carry, uint32_t neg)
+static void bn_rshift(struct LITE_BIGNUM *r, uint32_t carry, uint32_t neg)
 {
 	int i;
 	uint32_t ones = ~0;
@@ -227,12 +227,12 @@ static void bn_rshift(struct BIGNUM *r, uint32_t carry, uint32_t neg)
 
 		ones &= BN_DIGIT(r, i);
 		accu = (BN_DIGIT(r, i) >> 1);
-		accu |= (BN_DIGIT(r, i + 1) << (BN_BITS2 - 1));
+		accu |= (BN_DIGIT(r, i + 1) << (LITE_BN_BITS2 - 1));
 		BN_DIGIT(r, i) = accu;
 	}
 	ones &= BN_DIGIT(r, i);
 	BN_DIGIT(r, i) = (BN_DIGIT(r, i) >> 1) |
-		(highbit << (BN_BITS2 - 1));
+		(highbit << (LITE_BN_BITS2 - 1));
 
 	if (ones == ~0 && highbit && neg)
 		memset(r->d, 0x00, bn_size(r));    /* -1 >> 1 = 0. */
@@ -240,9 +240,9 @@ static void bn_rshift(struct BIGNUM *r, uint32_t carry, uint32_t neg)
 
 /* Montgomery c[] += a * b[] / R % N. */
 /* TODO(ngm): constant time. */
-static void bn_mont_mul_add(struct BIGNUM *c, const uint32_t a,
-			const struct BIGNUM *b,	const uint32_t nprime,
-			const struct BIGNUM *N)
+static void bn_mont_mul_add(struct LITE_BIGNUM *c, const uint32_t a,
+			const struct LITE_BIGNUM *b,	const uint32_t nprime,
+			const struct LITE_BIGNUM *N)
 {
 	uint32_t A, B, d0;
 	int i;
@@ -280,9 +280,9 @@ static void bn_mont_mul_add(struct BIGNUM *c, const uint32_t a,
 }
 
 /* Montgomery c[] = a[] * b[] / R % N. */
-static void bn_mont_mul(struct BIGNUM *c, const struct BIGNUM *a,
-			const struct BIGNUM *b, const uint32_t nprime,
-			const struct BIGNUM *N)
+static void bn_mont_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a,
+			const struct LITE_BIGNUM *b, const uint32_t nprime,
+			const struct LITE_BIGNUM *N)
 {
 	int i;
 
@@ -296,14 +296,14 @@ static void bn_mont_mul(struct BIGNUM *c, const struct BIGNUM *a,
 
 /* Mongomery R * R % N, R = 1 << (1 + log2N). */
 /* TODO(ngm): constant time. */
-static void bn_compute_RR(struct BIGNUM *RR, const struct BIGNUM *N)
+static void bn_compute_RR(struct LITE_BIGNUM *RR, const struct LITE_BIGNUM *N)
 {
 	int i;
 
 	bn_sub(RR, N);         /* R - N = R % N since R < 2N */
 
 	/* Repeat 2 * R % N, log2(R) times. */
-	for (i = 0; i < N->dmax * BN_BITS2; i++) {
+	for (i = 0; i < N->dmax * LITE_BN_BITS2; i++) {
 		if (bn_lshift(RR))
 			assert(bn_sub(RR, N) == -1);
 		if (bn_gte(RR, N))
@@ -327,8 +327,8 @@ static uint32_t bn_compute_nprime(const uint32_t n0)
 /* Montgomery output = input ^ exp % N. */
 /* TODO(ngm): this implementation not timing or side-channel safe by
  * any measure. */
-void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input,
-		const struct BIGNUM *exp, const struct BIGNUM *N)
+void bn_mont_modexp(struct LITE_BIGNUM *output, const struct LITE_BIGNUM *input,
+		const struct LITE_BIGNUM *exp, const struct LITE_BIGNUM *N)
 {
 	int i;
 	uint32_t nprime;
@@ -336,9 +336,9 @@ void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input,
 	uint32_t acc_buf[RSA_MAX_WORDS];
 	uint32_t aR_buf[RSA_MAX_WORDS];
 
-	struct BIGNUM RR;
-	struct BIGNUM acc;
-	struct BIGNUM aR;
+	struct LITE_BIGNUM RR;
+	struct LITE_BIGNUM acc;
+	struct LITE_BIGNUM aR;
 
 #ifndef CR50_NO_BN_ASM
 	if (bn_bits(N) == 2048 || bn_bits(N) == 1024) {
@@ -362,12 +362,12 @@ void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input,
 	bn_mont_mul(&aR, input, &RR, nprime, N);      /* aR = a * RR / R % N */
 
 	/* TODO(ngm): burn stack space and use windowing. */
-	for (i = exp->dmax * BN_BITS2 - 1; i >= 0; i--) {
+	for (i = exp->dmax * LITE_BN_BITS2 - 1; i >= 0; i--) {
 		bn_mont_mul(output, &acc, &acc, nprime, N);
 		if (bn_is_bit_set(exp, i)) {
 			bn_mont_mul(&acc, output, &aR, nprime, N);
 		} else {
-			struct BIGNUM tmp = *output;
+			struct LITE_BIGNUM tmp = *output;
 
 			*output = acc;
 			acc = tmp;
@@ -397,8 +397,8 @@ void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input,
 }
 
 /* c[] += a * b[] */
-static uint32_t bn_mul_add(struct BIGNUM *c, uint32_t a,
-			const struct BIGNUM *b, uint32_t offset)
+static uint32_t bn_mul_add(struct LITE_BIGNUM *c, uint32_t a,
+			const struct LITE_BIGNUM *b, uint32_t offset)
 {
 	int i;
 	uint64_t carry = 0;
@@ -414,8 +414,8 @@ static uint32_t bn_mul_add(struct BIGNUM *c, uint32_t a,
 }
 
 /* c[] = a[] * b[] */
-void DCRYPTO_bn_mul(struct BIGNUM *c, const struct BIGNUM *a,
-		const struct BIGNUM *b)
+void DCRYPTO_bn_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a,
+		const struct LITE_BIGNUM *b)
 {
 	int i;
 	uint32_t carry = 0;
@@ -432,7 +432,7 @@ void DCRYPTO_bn_mul(struct BIGNUM *c, const struct BIGNUM *a,
 #define bn_is_even(b) !bn_is_bit_set((b), 0)
 #define bn_is_odd(b) bn_is_bit_set((b), 0)
 
-static int bn_is_zero(const struct BIGNUM *a)
+static int bn_is_zero(const struct LITE_BIGNUM *a)
 {
 	int i, result = 0;
 
@@ -445,8 +445,8 @@ static int bn_is_zero(const struct BIGNUM *a)
 /* TODO(ngm): this method is used in place of division to calculate
  * q = N/p, i.e.  q = p^-1 mod (N-1).  The buffer e may be
  * resized to uint32_t once division is implemented. */
-int bn_modinv_vartime(struct BIGNUM *d, const struct BIGNUM *e,
-		const struct BIGNUM *MOD)
+int bn_modinv_vartime(struct LITE_BIGNUM *d, const struct LITE_BIGNUM *e,
+		const struct LITE_BIGNUM *MOD)
 {
 	/* Buffers for B, D, and U must be as large as e. */
 	uint32_t A_buf[RSA_MAX_WORDS];
@@ -463,12 +463,12 @@ int bn_modinv_vartime(struct BIGNUM *d, const struct BIGNUM *e,
 	int carry2;
 	int i = 0;
 
-	struct BIGNUM A;
-	struct BIGNUM B;
-	struct BIGNUM C;
-	struct BIGNUM D;
-	struct BIGNUM U;
-	struct BIGNUM V;
+	struct LITE_BIGNUM A;
+	struct LITE_BIGNUM B;
+	struct LITE_BIGNUM C;
+	struct LITE_BIGNUM D;
+	struct LITE_BIGNUM U;
+	struct LITE_BIGNUM V;
 
 	if (bn_size(e) > sizeof(U_buf))
 		return 0;
@@ -813,7 +813,7 @@ const uint8_t PRIME_DELTAS[NUM_PRIMES] = {
 	5,  3,  4,  5,  1,  9,  8,  4,  6,  9,  6,  3,  6,  5,  3,  3
 };
 
-static uint32_t bn_mod_word16(const struct BIGNUM *p, uint16_t word)
+static uint32_t bn_mod_word16(const struct LITE_BIGNUM *p, uint16_t word)
 {
 	int i;
 	uint32_t rem = 0;
@@ -836,7 +836,7 @@ static uint32_t bn_mod_word16(const struct BIGNUM *p, uint16_t word)
 #define ROUNDS_384  22
 
 /* Miller-Rabin from HAC, algorithm 4.24. */
-static int bn_probable_prime(const struct BIGNUM *p)
+static int bn_probable_prime(const struct LITE_BIGNUM *p)
 {
 	int j;
 	int s = 0;
@@ -847,11 +847,11 @@ static int bn_probable_prime(const struct BIGNUM *p)
 	uint8_t A_buf[RSA_MAX_BYTES / 2];
 	uint8_t y_buf[RSA_MAX_BYTES / 2];
 
-	struct BIGNUM ONE;
-	struct BIGNUM TWO;
-	struct BIGNUM r;
-	struct BIGNUM A;
-	struct BIGNUM y;
+	struct LITE_BIGNUM ONE;
+	struct LITE_BIGNUM TWO;
+	struct LITE_BIGNUM r;
+	struct LITE_BIGNUM A;
+	struct LITE_BIGNUM y;
 
 	const int rounds = bn_bits(p) >= 1024 ? ROUNDS_1024 :
 			bn_bits(p) >= 512 ? ROUNDS_512 :
@@ -922,7 +922,7 @@ static int bn_probable_prime(const struct BIGNUM *p)
 	return 1;
 }
 
-int DCRYPTO_bn_generate_prime(struct BIGNUM *p)
+int DCRYPTO_bn_generate_prime(struct LITE_BIGNUM *p)
 {
 	int i;
 	int j;
@@ -930,7 +930,7 @@ int DCRYPTO_bn_generate_prime(struct BIGNUM *p)
 	 * of ~0.5% @ 1024-bit candidates.  The failure rate rises to ~6%
 	 * if the sieve size is halved. */
 	uint8_t composites_buf[256];
-	struct BIGNUM composites;
+	struct LITE_BIGNUM composites;
 	uint16_t prime = PRIME1;
 
 	/* Set top two bits, as well as LSB. */
@@ -958,7 +958,7 @@ int DCRYPTO_bn_generate_prime(struct BIGNUM *p)
 	j = 0;
 	for (i = 0; i < bn_bits(&composites); i++) {
 		uint32_t diff_buf;
-		struct BIGNUM diff;
+		struct LITE_BIGNUM diff;
 
 		if (bn_is_bit_set(&composites, i))
 			continue;
diff --git a/chip/g/dcrypto/dcrypto.h b/chip/g/dcrypto/dcrypto.h
index 040cf6d029..49b3f5f68a 100644
--- a/chip/g/dcrypto/dcrypto.h
+++ b/chip/g/dcrypto/dcrypto.h
@@ -74,7 +74,7 @@ const uint8_t *DCRYPTO_HMAC_final(LITE_HMAC_CTX *ctx);
 /*
  * BIGNUM utility methods.
  */
-void DCRYPTO_bn_wrap(struct BIGNUM *b, void *buf, size_t len);
+void DCRYPTO_bn_wrap(struct LITE_BIGNUM *b, void *buf, size_t len);
 
 /*
  *  RSA.
@@ -87,8 +87,8 @@ void DCRYPTO_bn_wrap(struct BIGNUM *b, void *buf, size_t len);
 
 struct RSA {
 	uint32_t e;
-	struct BIGNUM N;
-	struct BIGNUM d;
+	struct LITE_BIGNUM N;
+	struct LITE_BIGNUM d;
 };
 
 enum padding_mode {
@@ -124,8 +124,9 @@ int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest,
 		enum hashing_mode hashing);
 
 /* Calculate n = p * q, d = e ^ -1 mod phi. */
-int DCRYPTO_rsa_key_compute(struct BIGNUM *N, struct BIGNUM *d,
-			struct BIGNUM *p, struct BIGNUM *q, uint32_t e);
+int DCRYPTO_rsa_key_compute(struct LITE_BIGNUM *N, struct LITE_BIGNUM *d,
+			struct LITE_BIGNUM *p, struct LITE_BIGNUM *q,
+			uint32_t e);
 
 /*
  *  EC.
@@ -165,10 +166,10 @@ int DCRYPTO_hkdf(uint8_t *OKM, size_t OKM_len,
 /*
  *  BN.
  */
-int DCRYPTO_bn_generate_prime(struct BIGNUM *p);
-void DCRYPTO_bn_wrap(struct BIGNUM *b, void *buf, size_t len);
-void DCRYPTO_bn_mul(struct BIGNUM *c, const struct BIGNUM *a,
-		const struct BIGNUM *b);
+int DCRYPTO_bn_generate_prime(struct LITE_BIGNUM *p);
+void DCRYPTO_bn_wrap(struct LITE_BIGNUM *b, void *buf, size_t len);
+void DCRYPTO_bn_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a,
+		const struct LITE_BIGNUM *b);
 
 /*
  *  X509.
diff --git a/chip/g/dcrypto/internal.h b/chip/g/dcrypto/internal.h
index 67712fc68d..74fbf2be6e 100644
--- a/chip/g/dcrypto/internal.h
+++ b/chip/g/dcrypto/internal.h
@@ -56,31 +56,34 @@ void dcrypto_sha_wait(enum sha_mode mode, uint32_t *digest);
 /*
  * BIGNUM.
  */
-#define BN_BITS2        32
-#define BN_BYTES        4
+#define LITE_BN_BITS2        32
+#define LITE_BN_BYTES        4
 
-struct BIGNUM {
+struct LITE_BIGNUM {
 	uint32_t dmax;              /* Size of d, in 32-bit words. */
 	struct access_helper *d;  /* Word array, little endian format ... */
 };
 
 #define BN_DIGIT(b, i) ((b)->d[(i)].udata)
 
-void bn_init(struct BIGNUM *bn, void *buf, size_t len);
-#define bn_size(b) ((b)->dmax * BN_BYTES)
+void bn_init(struct LITE_BIGNUM *bn, void *buf, size_t len);
+#define bn_size(b) ((b)->dmax * LITE_BN_BYTES)
 #define bn_words(b) ((b)->dmax)
-#define bn_bits(b) ((b)->dmax * BN_BITS2)
-int bn_check_topbit(const struct BIGNUM *N);
-void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input,
-		const struct BIGNUM *exp, const struct BIGNUM *N);
-void bn_mont_modexp_asm(struct BIGNUM *output, const struct BIGNUM *input,
-			const struct BIGNUM *exp, const struct BIGNUM *N);
-uint32_t bn_add(struct BIGNUM *c, const struct BIGNUM *a);
-uint32_t bn_sub(struct BIGNUM *c, const struct BIGNUM *a);
-void bn_mul(struct BIGNUM *c, const struct BIGNUM *a, const struct BIGNUM *b);
-int bn_modinv_vartime(struct BIGNUM *r, const struct BIGNUM *e,
-		const struct BIGNUM *MOD);
-int bn_is_bit_set(const struct BIGNUM *a, int n);
+#define bn_bits(b) ((b)->dmax * LITE_BN_BITS2)
+int bn_check_topbit(const struct LITE_BIGNUM *N);
+void bn_mont_modexp(struct LITE_BIGNUM *output, const struct LITE_BIGNUM *input,
+		const struct LITE_BIGNUM *exp, const struct LITE_BIGNUM *N);
+void bn_mont_modexp_asm(struct LITE_BIGNUM *output,
+			const struct LITE_BIGNUM *input,
+			const struct LITE_BIGNUM *exp,
+			const struct LITE_BIGNUM *N);
+uint32_t bn_add(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a);
+uint32_t bn_sub(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a);
+void bn_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a,
+	    const struct LITE_BIGNUM *b);
+int bn_modinv_vartime(struct LITE_BIGNUM *r, const struct LITE_BIGNUM *e,
+		const struct LITE_BIGNUM *MOD);
+int bn_is_bit_set(const struct LITE_BIGNUM *a, int n);
 
 /*
  * Runtime.
diff --git a/chip/g/dcrypto/rsa.c b/chip/g/dcrypto/rsa.c
index eee3eeef02..e9a02be9d2 100644
--- a/chip/g/dcrypto/rsa.c
+++ b/chip/g/dcrypto/rsa.c
@@ -402,7 +402,7 @@ static int check_pkcs1_pss_pad(const uint8_t *in, uint32_t in_len,
 	return !bad;
 }
 
-static int check_modulus_params(const struct BIGNUM *N, uint32_t *out_len)
+static int check_modulus_params(const struct LITE_BIGNUM *N, uint32_t *out_len)
 {
 	if (bn_size(N) > RSA_MAX_BYTES)
 		return 0;                      /* Unsupported key size. */
@@ -420,11 +420,11 @@ int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
 {
 	uint8_t *p;
 	uint32_t padded_buf[RSA_MAX_WORDS];
-	uint32_t e_buf[BN_BYTES / sizeof(uint32_t)];
+	uint32_t e_buf[LITE_BN_BYTES / sizeof(uint32_t)];
 
-	struct BIGNUM padded;
-	struct BIGNUM e;
-	struct BIGNUM encrypted;
+	struct LITE_BIGNUM padded;
+	struct LITE_BIGNUM e;
+	struct LITE_BIGNUM encrypted;
 
 	if (!check_modulus_params(&rsa->N, out_len))
 		return 0;
@@ -482,8 +482,8 @@ int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
 	uint32_t encrypted_buf[RSA_MAX_WORDS];
 	uint32_t padded_buf[RSA_MAX_WORDS];
 
-	struct BIGNUM encrypted;
-	struct BIGNUM padded;
+	struct LITE_BIGNUM encrypted;
+	struct LITE_BIGNUM padded;
 	int ret = 1;
 
 	if (!check_modulus_params(&rsa->N, NULL))
@@ -497,10 +497,10 @@ int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
 	bn_init(&padded, padded_buf, in_len);
 
 	/* Reverse from big-endian to little-endian notation. */
-	reverse((uint8_t *) encrypted.d, encrypted.dmax * BN_BYTES);
+	reverse((uint8_t *) encrypted.d, encrypted.dmax * LITE_BN_BYTES);
 	bn_mont_modexp(&padded, &encrypted, &rsa->d, &rsa->N);
 	/* Back to big-endian notation. */
-	reverse((uint8_t *) padded.d, padded.dmax * BN_BYTES);
+	reverse((uint8_t *) padded.d, padded.dmax * LITE_BN_BYTES);
 
 	switch (padding) {
 	case PADDING_MODE_OAEP:
@@ -539,8 +539,8 @@ int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
 {
 	uint32_t padded_buf[RSA_MAX_WORDS];
 
-	struct BIGNUM padded;
-	struct BIGNUM signature;
+	struct LITE_BIGNUM padded;
+	struct LITE_BIGNUM signature;
 
 	if (!check_modulus_params(&rsa->N, out_len))
 		return 0;
@@ -581,11 +581,11 @@ int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest,
 {
 	uint32_t padded_buf[RSA_MAX_WORDS];
 	uint32_t signature_buf[RSA_MAX_WORDS];
-	uint32_t e_buf[BN_BYTES / sizeof(uint32_t)];
+	uint32_t e_buf[LITE_BN_BYTES / sizeof(uint32_t)];
 
-	struct BIGNUM padded;
-	struct BIGNUM signature;
-	struct BIGNUM e;
+	struct LITE_BIGNUM padded;
+	struct LITE_BIGNUM signature;
+	struct LITE_BIGNUM e;
 	int ret = 1;
 
 	if (!check_modulus_params(&rsa->N, NULL))
@@ -600,10 +600,10 @@ int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest,
 	BN_DIGIT(&e, 0) = rsa->e;
 
 	/* Reverse from big-endian to little-endian notation. */
-	reverse((uint8_t *) signature.d, signature.dmax * BN_BYTES);
+	reverse((uint8_t *) signature.d, signature.dmax * LITE_BN_BYTES);
 	bn_mont_modexp(&padded, &signature, &e, &rsa->N);
 	/* Back to big-endian notation. */
-	reverse((uint8_t *) padded.d, padded.dmax * BN_BYTES);
+	reverse((uint8_t *) padded.d, padded.dmax * LITE_BN_BYTES);
 
 	switch (padding) {
 	case PADDING_MODE_PKCS1:
@@ -629,17 +629,18 @@ int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest,
 	return ret;
 }
 
-int DCRYPTO_rsa_key_compute(struct BIGNUM *N, struct BIGNUM *d,
-			struct BIGNUM *p, struct BIGNUM *q, uint32_t e_buf)
+int DCRYPTO_rsa_key_compute(struct LITE_BIGNUM *N, struct LITE_BIGNUM *d,
+			struct LITE_BIGNUM *p, struct LITE_BIGNUM *q,
+			uint32_t e_buf)
 {
 	uint32_t ONE_buf = 1;
 	uint32_t phi_buf[RSA_MAX_WORDS];
 	uint32_t q_buf[RSA_MAX_WORDS / 2];
 
-	struct BIGNUM ONE;
-	struct BIGNUM e;
-	struct BIGNUM phi;
-	struct BIGNUM q_local;
+	struct LITE_BIGNUM ONE;
+	struct LITE_BIGNUM e;
+	struct LITE_BIGNUM phi;
+	struct LITE_BIGNUM q_local;
 
 	DCRYPTO_bn_wrap(&ONE, &ONE_buf, sizeof(ONE_buf));
 	DCRYPTO_bn_wrap(&phi, phi_buf, bn_size(N));