Found out what the target is using, apparently a version of libtomcrypt. That shift operation I described, that's apparently mp_read_unsigned_bin() called from rsa_exptmod().
Anyway it's always fun finding out what something is and then checking all the labels you slapped onto the reversed code in IDA. Looks like I didn't fail too horribly in identifying stuff
