Bignum: Extract mod exp from prototype #6547
Conversation
|
Internal CI has passed and OpenCI fails on an unrelated issue. |
|
Before that I would like to clean up the history a bit. Force pushing with the cleaner history and a minor fix. |
4d1c45a to
acde91c
Compare
|
Internal CI has passed, Open CI reported and error, but there is no error on the corresponding CI job. |
|
@tom-cosgrove-arm I have applied the changes you suggested and the PR is ready for review again. |
The test cases aim to mirror the legacy function, but needed the some cases to be removed because: - Null representation is not valid in core - There are no negative numbers in core - Bignum core doesn't do parameter checking and there are no promises for even N The _size variant of the test has been removed as bignum core doesn't do parameter checking and there is no promises for inputs that are larger than MBEDTLS_MPI_MAX_SIZE. Signed-off-by: Janos Follath <janos.follath@arm.com>
We are looking at the exponent at limb granularity and therefore exponent bits can't go below 32. The `mpi_` prefix is also removed as it is better not to have prefix at all than to have just a partial. (Full prefix would be overly long and would hurt readability.) Signed-off-by: Janos Follath <janos.follath@arm.com>
No intended change in behaviour. Signed-off-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make variables const where possible. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use indices instead of mutating data to extract the bits of the exponent. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The loop ends when there are no more bits to process, with one twist: when that happens, we need to clear the window one last time. Since the window does not start empty (E_limbs==0 is not supported), the loop always starts with a non-empty window and some bits to process. So it's correct to move the window clearing logic to the end of the loop. This lets us exit the loop when the end of the exponent is reached. It would be clearer not to do the final window clearing inside the loop, so we wouldn't need to repeat the loop termination condition (end of exponent reached) inside the loop. However, this requires duplicating the code to clear the window. Empirically, this causes a significant code size increase, even if the window clearing code is placed into a function. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Take advantage of the fact that there's a single point of failure. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
756bc83 to
3321b58
Compare
|
Rebased to current development head. |
Signed-off-by: Janos Follath <janos.follath@arm.com>
The previous commit added generated tests, we don't need the manually added tests anymore. Signed-off-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
|
Did the rebase in two steps: the first removes automated tests and should be easy to review and the second is a trivial rebase on top of current development head. The first new commit is 07f2c69. |
There was a problem hiding this comment.
I'm happy with the library code as of 43d3de4. I still haven't reviewed the tests.
|
The CI run 3 days ago last time and it passed. The recent changes on development didn't impact this part of the code. Re-running the CI just to be sure. The generated tests are up to date with the latest changes in the framework. No rebase is necessary, the PR is ready for review as it is. |
| * (limb_index=E_limbs-1, E_bit_index=biL-1) to least significant | ||
| * (limb_index=0, E_bit_index=0). */ | ||
| size_t E_limb_index = E_limbs; | ||
| size_t E_bit_index = 0; |
There was a problem hiding this comment.
(minor, not to change unless something else needs to) It's a bit weird saying we start from (limb_index = E_limbs-1, E_bit_index = biL-1) to then see
size_t E_limb_index = E_limbs;
size_t E_bit_index = 0;
which clearly does not match the comment and means one is immediately jumping forward to see what is missed.
I wonder about
/* E_bit_index == 0 is trigger to decrement E_limb_index and set E_bit_index = biL-1 */
size_t E_bit_index = 0;
|
(ABI-API check false positive due to this PR being based on |
Description
The second PR of a series related to #6293 .
Gatekeeper checklist