Make a public version of mpi_montg_init() in bignum_new.c and add unit tests

The unit tests were created by capturing runs of the existing function during execution of existing unit tests. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2025-07-28 00:21:48 +03:00 · 2022-08-17 06:17:00 +01:00
parent 659c84add9
commit 79b70f6394
5 changed files with 108 additions and 11 deletions
--- a/library/bignum.c
+++ b/library/bignum.c
@ -1550,16 +1550,7 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_
 */
 static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
 {
-    mbedtls_mpi_uint x, m0 = N->p[0];
-    unsigned int i;
-
-    x  = m0;
-    x += ( ( m0 + 2 ) & 4 ) << 1;
-
-    for( i = biL; i >= 8; i /= 2 )
-        x *= ( 2 - ( m0 * x ) );
-
-    *mm = ~x + 1;
+    *mm = mbedtls_mpi_montg_init( N->p[0] );
 }

 /** Montgomery multiplication: A = A * B * R^-1 mod N  (HAC 14.36)
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@ -171,7 +171,7 @@ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *A,
 *                        This must be odd and have exactly \p n limbs.
 * \param[in]      n      The number of limbs in \p X, \p A, \p N.
 * \param          mm     The Montgomery constant for \p N: -N^-1 mod 2^ciL.
- *                        This can be calculated by `mpi_montg_init()`.
+ *                        This can be calculated by `mbedtls_mpi_montg_init()`.
 * \param[in,out]  T      Temporary storage of size at least 2*n+1 limbs.
 *                        Its initial content is unused and
 *                        its final content is indeterminate.
@ -182,6 +182,17 @@ void mbedtls_mpi_core_montmul( mbedtls_mpi_uint *X,
                               const mbedtls_mpi_uint *N, size_t n,
                               mbedtls_mpi_uint mm, mbedtls_mpi_uint *T );

+/**
+ * \brief Calculate initialisation value for fast Montgomery modular
+ *        multiplication
+ *
+ * \param m0  The least-significant mbedtls_mpi_uint from the modulus, which
+ *            must be odd
+ *
+ * \return    The initialisation value for fast Montgomery modular multiplication
+ */
+mbedtls_mpi_uint mbedtls_mpi_montg_init( mbedtls_mpi_uint m0 );
+
 /**
 * \brief Perform a known-size multiply accumulate operation: d += b * s
 *
--- a/library/bignum_new.c
+++ b/library/bignum_new.c
@ -56,6 +56,21 @@ void mbedtls_mpi_core_montmul( mbedtls_mpi_uint *X,
    (void) mbedtls_mpi_core_add_if( X, N, n, ( carry < borrow ) );
 }

+/*
+ * Fast Montgomery initialization (thanks to Tom St Denis).
+ */
+mbedtls_mpi_uint mbedtls_mpi_montg_init( mbedtls_mpi_uint m0 )
+{
+    mbedtls_mpi_uint x = m0;
+
+    x += ( ( m0 + 2 ) & 4 ) << 1;
+
+    for( unsigned int i = biL; i >= 8; i /= 2 )
+        x *= ( 2 - ( m0 * x ) );
+
+    return( ~x + 1 );
+}
+
 mbedtls_mpi_uint mbedtls_mpi_core_mla( mbedtls_mpi_uint *d, size_t d_len,
                                       const mbedtls_mpi_uint *s, size_t s_len,
                                       mbedtls_mpi_uint b )