commit 0de0a049f1f0c53da0ead6307ab7034d9d4b8534
author Gilles Peskine <Gilles.Peskine@arm.com> Wed Nov 16 20:12:49 2022 +0100
committer Janos Follath <janos.follath@arm.com> Tue Nov 22 21:22:54 2022 +0000
tree fcccb429d17a9cfe734f6ba453c0bb11a9089394
parent cf979b0fc1ff4033c907ad5adf980ad4530e2f41

Move window precomputation into an auxiliary function

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/bignum_core.c

diff --git a/library/bignum_core.c b/library/bignum_core.c
index c38daa4..14f2f5a 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -596,6 +596,34 @@
     return( wsize );
 }
 
+static void exp_mod_precompute_window( const mbedtls_mpi_uint *A,
+                                       const mbedtls_mpi_uint *N,
+                                       size_t AN_limbs,
+                                       mbedtls_mpi_uint mm,
+                                       const mbedtls_mpi_uint *RR,
+                                       size_t welem,
+                                       mbedtls_mpi_uint *Wtable,
+                                       mbedtls_mpi_uint *temp )
+{
+    /* pointers to table entries */
+    mbedtls_mpi_uint *Wcur, *Wlast, *W1;
+
+    /* W[0] = 1 (in Montgomery presentation) */
+    memset( Wtable, 0, AN_limbs * ciL );
+    Wtable[0] = 1;
+    mbedtls_mpi_core_montmul( Wtable, Wtable, RR, AN_limbs, N, AN_limbs, mm, temp );
+    Wcur = Wtable + AN_limbs;
+    /* W[1] = A * R^2 * R^-1 mod N = A * R mod N */
+    memcpy( Wcur, A, AN_limbs * ciL );
+    mbedtls_mpi_core_montmul( Wcur, Wcur, RR, AN_limbs, N, AN_limbs, mm, temp );
+    W1 = Wcur;
+    Wcur += AN_limbs;
+    /* W[i+1] = W[i] * W[1], i >= 2 */
+    Wlast = W1;
+    for( size_t i = 2; i < welem; i++, Wlast += AN_limbs, Wcur += AN_limbs )
+        mbedtls_mpi_core_montmul( Wcur, Wlast, W1, AN_limbs, N, AN_limbs, mm, temp );
+}
+
 int mbedtls_mpi_core_exp_mod( mbedtls_mpi_uint *X,
                               const mbedtls_mpi_uint *A,
                               const mbedtls_mpi_uint *N,
@@ -635,23 +663,10 @@
 
     const mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init( N );
 
-    /* pointers to table entries */
-    mbedtls_mpi_uint *Wcur, *Wlast, *W1;
-
-    /* W[0] = 1 (in Montgomery presentation) */
-    memset( Wtable, 0, AN_limbs * ciL );
-    Wtable[0] = 1;
-    mbedtls_mpi_core_montmul( Wtable, Wtable, RR, AN_limbs, N, AN_limbs, mm, temp );
-    Wcur = Wtable + AN_limbs;
-    /* W[1] = A * R^2 * R^-1 mod N = A * R mod N */
-    memcpy( Wcur, A, AN_limbs * ciL );
-    mbedtls_mpi_core_montmul( Wcur, Wcur, RR, AN_limbs, N, AN_limbs, mm, temp );
-    W1 = Wcur;
-    Wcur += AN_limbs;
-    /* W[i+1] = W[i] * W[1], i >= 2 */
-    Wlast = W1;
-    for( size_t i = 2; i < welem; i++, Wlast += AN_limbs, Wcur += AN_limbs )
-        mbedtls_mpi_core_montmul( Wcur, Wlast, W1, AN_limbs, N, AN_limbs, mm, temp );
+    /* Set Wtable[i] = A^(2^i) (in Montgomery representation) */
+    exp_mod_precompute_window( A, N, AN_limbs,
+                               mm, RR,
+                               welem, Wtable, temp );
 
     /*
      * Fixed window exponentiation