commit c5d844b999c03379bb4b8fc5903791d13ba6231e
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Mar 15 13:06:28 2017 +0100
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Aug 09 11:44:53 2017 +0200
tree f51be318a4b13dbec644657abdad940ba09f22a4
parent 2fad7ae02a6e2dcc75f5c8f83e2fc3d2acd60442

Full restart support in ecp_mul_comb_core()

Still recomputing table every time, though.

library/ecp.c

diff --git a/library/ecp.c b/library/ecp.c
index 3505b20..785093f 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -108,6 +108,7 @@
     mbedtls_mpi m;          /* saved argument: scalar                       */
     mbedtls_ecp_point P;    /* saved argument: point                        */
     mbedtls_ecp_point R;    /* current intermediate result                  */
+    size_t i;               /* current index in various loops, 0 outside    */
     enum {
         ecp_rs_init = 0,
         ecp_rs_final_norm,
@@ -1409,15 +1410,26 @@
 
     mbedtls_ecp_point_init( &Txi );
 
-    /* Start with a non-zero point and randomize its coordinates */
-    i = d;
-    MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, t_len, x[i] ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
-    if( f_rng != 0 )
-        MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
+#if defined(MBEDTLS_ECP_EARLY_RETURN)
+    if( grp->rs != NULL && grp->rs->i != 0 )
+    {
+        /* restore current index (R already pointing to grp->rs->R) */
+        i = grp->rs->i;
+    }
+    else
+#endif
+    {
+        /* Start with a non-zero point and randomize its coordinates */
+        i = d;
+        MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, t_len, x[i] ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
+        if( f_rng != 0 )
+            MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
+    }
 
     while( i-- != 0 )
     {
+        ECP_BUDGET( ECP_OPS_DBL + ECP_OPS_ADD );
         MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) );
         MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, t_len, x[i] ) );
         MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) );
@@ -1427,6 +1439,23 @@
 
     mbedtls_ecp_point_free( &Txi );
 
+#if defined(MBEDTLS_ECP_EARLY_RETURN)
+    if( grp->rs != NULL )
+    {
+        if( ret == 0 )
+        {
+            grp->rs->state++;
+            grp->rs->i = 0;
+        }
+        else if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+        {
+            /* was decreased before actually doing it */
+            grp->rs->i = i + 1;
+            /* no need to save R, already pointing to grp->rs->R */
+        }
+    }
+#endif
+
     return( ret );
 }
 
@@ -1513,9 +1542,6 @@
         if( grp->rs != NULL )
             grp->rs->state++;
 #endif
-
-        /* XXX: temporary: should have counted some ops */
-        ECP_BUDGET( 42 );
     }
 
     ECP_BUDGET( ECP_OPS_INV );