commit f0ffb1585a7638fa70cf4afbaae57bb71dc5923d
author Tom Cosgrove <tom.cosgrove@arm.com> Wed Aug 24 11:17:15 2022 +0100
committer Tom Cosgrove <tom.cosgrove@arm.com> Wed Aug 24 11:17:15 2022 +0100
tree c94310f6cb2f63d85407be3d860a567c67e671ce
parent 958fd3dc0cdfdff117f557837cf9f35e0840adc7

Have mbedtls_mpi_montg_init() take the modulus, rather than just its least significant limb

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>

library/bignum.c

diff --git a/library/bignum.c b/library/bignum.c
index cfaaf5f..d5e799e 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1550,7 +1550,7 @@
  */
 static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
 {
-    *mm = mbedtls_mpi_montg_init( N->p[0] );
+    *mm = mbedtls_mpi_montg_init( N->p );
 }
 
 /** Montgomery multiplication: A = A * B * R^-1 mod N  (HAC 14.36)

library/bignum_core.c

diff --git a/library/bignum_core.c b/library/bignum_core.c
index bc1bca1..ac92853 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -348,14 +348,14 @@
 /*
  * Fast Montgomery initialization (thanks to Tom St Denis).
  */
-mbedtls_mpi_uint mbedtls_mpi_montg_init( mbedtls_mpi_uint m0 )
+mbedtls_mpi_uint mbedtls_mpi_montg_init( const mbedtls_mpi_uint *N )
 {
-    mbedtls_mpi_uint x = m0;
+    mbedtls_mpi_uint x = N[0];
 
-    x += ( ( m0 + 2 ) & 4 ) << 1;
+    x += ( ( N[0] + 2 ) & 4 ) << 1;
 
     for( unsigned int i = biL; i >= 8; i /= 2 )
-        x *= ( 2 - ( m0 * x ) );
+        x *= ( 2 - ( N[0] * x ) );
 
     return( ~x + 1 );
 }

library/bignum_core.h

diff --git a/library/bignum_core.h b/library/bignum_core.h
index 02ac55d..85e25a8 100644
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@@ -186,12 +186,12 @@
  * \brief Calculate initialisation value for fast Montgomery modular
  *        multiplication
  *
- * \param m0  The least-significant mbedtls_mpi_uint from the modulus, which
- *            must be odd
+ * \param[in] N  Little-endian presentation of the modulus. This must have
+ *               at least one limb.
  *
- * \return    The initialisation value for fast Montgomery modular multiplication
+ * \return       The initialisation value for fast Montgomery modular multiplication
  */
-mbedtls_mpi_uint mbedtls_mpi_montg_init( mbedtls_mpi_uint m0 );
+mbedtls_mpi_uint mbedtls_mpi_montg_init( const mbedtls_mpi_uint *N );
 
 /**
  * \brief Perform a known-size multiply accumulate operation: d += b * s

tests/suites/test_suite_mpi.function

diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index bf1212a..dcc869f 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -2015,7 +2015,7 @@
     TEST_EQUAL( mm.s, 1 );
 
     /* mbedtls_mpi_montg_init() only returns a result, no error possible */
-    mbedtls_mpi_uint result = mbedtls_mpi_montg_init( N.p[0] );
+    mbedtls_mpi_uint result = mbedtls_mpi_montg_init( N.p );
 
     /* Check we got the correct result */
     TEST_EQUAL( result, mm.p[0] );
@@ -2074,7 +2074,7 @@
     TEST_EQUAL( mbedtls_mpi_grow( &T, limbs_AN * 2 + 1 ), 0 );
 
     /* Calculate the Montgomery constant (this is unit tested separately) */
-    mbedtls_mpi_uint mm = mbedtls_mpi_montg_init( N.p[0] );
+    mbedtls_mpi_uint mm = mbedtls_mpi_montg_init( N.p );
 
     TEST_EQUAL( mbedtls_mpi_grow( &R, limbs_AN ), 0 ); /* ensure it's got the right number of limbs */