commit 79b70f63947b0eb6ec09cfca6d130ce5ea9b5648
author Tom Cosgrove <tom.cosgrove@arm.com> Wed Aug 17 06:17:00 2022 +0100
committer Tom Cosgrove <tom.cosgrove@arm.com> Tue Aug 23 16:28:32 2022 +0100
tree 84ea12ee989a09b27f3a19c7f632e2a858285d48
parent 659c84add930ba9529fa3858aba977a7c37b06ef

Make a public version of mpi_montg_init() in bignum_new.c and add unit tests

The unit tests were created by capturing runs of the existing function during
execution of existing unit tests.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>

library/bignum.c

diff --git a/library/bignum.c b/library/bignum.c
index 931d34d..98bea73 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1550,16 +1550,7 @@
  */
 static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
 {
-    mbedtls_mpi_uint x, m0 = N->p[0];
-    unsigned int i;
-
-    x  = m0;
-    x += ( ( m0 + 2 ) & 4 ) << 1;
-
-    for( i = biL; i >= 8; i /= 2 )
-        x *= ( 2 - ( m0 * x ) );
-
-    *mm = ~x + 1;
+    *mm = mbedtls_mpi_montg_init( N->p[0] );
 }
 
 /** Montgomery multiplication: A = A * B * R^-1 mod N  (HAC 14.36)

library/bignum_core.h

diff --git a/library/bignum_core.h b/library/bignum_core.h
index 7736467..02ac55d 100644
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@@ -171,7 +171,7 @@
  *                        This must be odd and have exactly \p n limbs.
  * \param[in]      n      The number of limbs in \p X, \p A, \p N.
  * \param          mm     The Montgomery constant for \p N: -N^-1 mod 2^ciL.
- *                        This can be calculated by `mpi_montg_init()`.
+ *                        This can be calculated by `mbedtls_mpi_montg_init()`.
  * \param[in,out]  T      Temporary storage of size at least 2*n+1 limbs.
  *                        Its initial content is unused and
  *                        its final content is indeterminate.
@@ -183,6 +183,17 @@
                                mbedtls_mpi_uint mm, mbedtls_mpi_uint *T );
 
 /**
+ * \brief Calculate initialisation value for fast Montgomery modular
+ *        multiplication
+ *
+ * \param m0  The least-significant mbedtls_mpi_uint from the modulus, which
+ *            must be odd
+ *
+ * \return    The initialisation value for fast Montgomery modular multiplication
+ */
+mbedtls_mpi_uint mbedtls_mpi_montg_init( mbedtls_mpi_uint m0 );
+
+/**
  * \brief Perform a known-size multiply accumulate operation: d += b * s
  *
  * \param[in,out] d     The pointer to the (little-endian) array

library/bignum_new.c

diff --git a/library/bignum_new.c b/library/bignum_new.c
index 024348a..d275fe8 100644
--- a/library/bignum_new.c
+++ b/library/bignum_new.c
@@ -56,6 +56,21 @@
     (void) mbedtls_mpi_core_add_if( X, N, n, ( carry < borrow ) );
 }
 
+/*
+ * Fast Montgomery initialization (thanks to Tom St Denis).
+ */
+mbedtls_mpi_uint mbedtls_mpi_montg_init( mbedtls_mpi_uint m0 )
+{
+    mbedtls_mpi_uint x = m0;
+
+    x += ( ( m0 + 2 ) & 4 ) << 1;
+
+    for( unsigned int i = biL; i >= 8; i /= 2 )
+        x *= ( 2 - ( m0 * x ) );
+
+    return( ~x + 1 );
+}
+
 mbedtls_mpi_uint mbedtls_mpi_core_mla( mbedtls_mpi_uint *d, size_t d_len,
                                        const mbedtls_mpi_uint *s, size_t s_len,
                                        mbedtls_mpi_uint b )