commit 6129268fee9ccf7be1dd8bd24b7cf96d45e35cd1
author Tom Cosgrove <tom.cosgrove@arm.com> Thu Dec 08 09:44:10 2022 +0000
committer Tom Cosgrove <tom.cosgrove@arm.com> Thu Dec 08 09:44:10 2022 +0000
tree 272ead50f16414132715ae1054e0507565d629f3
parent a7f0d7b029382b77ae3ff19ecd0ca1b305b11021

Bignum: Implement mbedtls_mpi_mod_raw_inv_prime() and tests

Fixes #6023.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>

library/bignum_mod_raw.c

diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c
index 22e56b7..03924d2 100644
--- a/library/bignum_mod_raw.c
+++ b/library/bignum_mod_raw.c
@@ -124,6 +124,34 @@
 
 /* BEGIN MERGE SLOT 3 */
 
+size_t mbedtls_mpi_mod_raw_inv_prime_working_limbs( size_t AN_limbs )
+{
+    /* mbedtls_mpi_mod_raw_inv_prime() needs a temporary for the exponent,
+     * which will be the same size as the modulus and input (AN_limbs),
+     * and additional space to pass to mbedtls_mpi_core_exp_mod(). */
+    return( AN_limbs +
+            mbedtls_mpi_core_exp_mod_working_limbs( AN_limbs, AN_limbs ) );
+}
+
+void mbedtls_mpi_mod_raw_inv_prime( mbedtls_mpi_uint *X,
+                                    const mbedtls_mpi_uint *A,
+                                    const mbedtls_mpi_uint *N,
+                                    size_t AN_limbs,
+                                    const mbedtls_mpi_uint *RR,
+                                    mbedtls_mpi_uint *T )
+{
+    /* Inversion by power: g^|G| = 1 => g^(-1) = g^(|G|-1), and
+     *                       |G| = N - 1, so we want
+     *                 g^(|G|-1) = g^(N - 2)
+     */
+    mbedtls_mpi_uint *Nminus2 = T;
+    (void) mbedtls_mpi_core_sub_int( Nminus2, N, 2, AN_limbs );
+
+    mbedtls_mpi_core_exp_mod( X,
+                              A, N, AN_limbs, Nminus2, AN_limbs,
+                              RR, T + AN_limbs );
+}
+
 /* END MERGE SLOT 3 */
 
 /* BEGIN MERGE SLOT 4 */