Explain a little more Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 0b270a560340856fed09deb58df8801326cf82d6 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Wed Nov 16 22:54:03 2022 +0100
committer: Janos Follath <janos.follath@arm.com> Tue Nov 22 21:22:54 2022 +0000
tree: e61521bd0e2409525a3f6d4d48cd95eff9d50aa2
parent: 4380d7b7f30785b6bacc032b68f19f2e2a47d786 [diff]
diff --git a/library/bignum_core.c b/library/bignum_core.c
index a8879b3..247600c 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c

@@ -677,8 +677,10 @@
      * (limb_index=0, E_bit_index=0). */
     size_t E_limb_index = E_limbs;
     size_t E_bit_index = 0;
-    mbedtls_mpi_uint window = 0;
+    /* At any given time, window contains window_bits bits from E.
+     * window_bits can go up to wsize. */
     size_t window_bits = 0;
+    mbedtls_mpi_uint window = 0;
 
     do
     {
@@ -704,9 +706,11 @@
         if( window_bits == wsize ||
             ( E_bit_index == 0 && E_limb_index == 0 ) )
         {
-            /* Select table entry, square and multiply */
+            /* Select Wtable[window] without leaking window through
+             * memory access patterns. */
             mbedtls_mpi_core_ct_uint_table_lookup( Wselect, Wtable,
                                                    AN_limbs, welem, window );
+            /* Multiply X by the selected element. */
             mbedtls_mpi_core_montmul( X, X, Wselect, AN_limbs, N, AN_limbs, mm, temp );
             window = 0;
             window_bits = 0;
commit	0b270a560340856fed09deb58df8801326cf82d6	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Nov 16 22:54:03 2022 +0100
committer	Janos Follath <janos.follath@arm.com>	Tue Nov 22 21:22:54 2022 +0000
tree	e61521bd0e2409525a3f6d4d48cd95eff9d50aa2
parent	4380d7b7f30785b6bacc032b68f19f2e2a47d786 [diff]