[Cryptech-Commits] [sw/libhal] 03/04: Use ModExp fast mode for Miller-Rabin tests.
git at cryptech.is
git at cryptech.is
Mon Jul 24 15:51:25 UTC 2017
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch master
in repository sw/libhal.
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Mon Jul 24 08:10:41 2017 -0400
Use ModExp fast mode for Miller-Rabin tests.
Trying to make RSA key generation run in constant time is probably
both futile and unnecessary, so we can speed it up a bit by switching
the ModExpA7 core to use "fast" mode rather than "constant time" mode.
Sadly, while this change produces a measureable improvement, it
doesn't bring FGPA ModExp anywhere near the speed of the software
equivalent in this case. Don't really know why.
modexp.c | 7 ++++---
rsa.c | 4 +++-
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/modexp.c b/modexp.c
index f097f33..3e634aa 100644
@@ -182,8 +182,9 @@ hal_error_t hal_modexp(hal_core_t *core,
* We probably ought to take the mode (fast vs constant-time) as an
* argument, but for the moment we just guess that really short
* exponent means we're using the public key and can use fast mode,
- * all other cases are something to do with the private key and
- * therefore must use constant-time mode.
+ * really short messages are Miller-Rabin tests and can also use
+ * fast mode, all other cases are something to do with the private
+ * key and therefore must use constant-time mode.
* Unclear whether it's worth trying to figure out exactly how long
* the operands are: assuming a multiple of eight is safe, but makes
@@ -194,7 +195,7 @@ hal_error_t hal_modexp(hal_core_t *core,
/* Select mode (1 = fast, 0 = safe) */
- check(set_register(core, MODEXPS6_ADDR_MODE, (exp_len <= 4)));
+ check(set_register(core, MODEXPS6_ADDR_MODE, (exp_len <= 4 || msg_len <= 4)));
/* Set modulus size in bits */
check(set_register(core, MODEXPS6_ADDR_MODULUS_WIDTH, mod_len * 8));
diff --git a/rsa.c b/rsa.c
index d2a7798..6fde683 100644
@@ -207,10 +207,11 @@ static hal_error_t modexp(hal_core_t *core,
msg = reduced_msg;
+ const size_t msg_len = (fp_unsigned_bin_size(unconst_fp_int(msg)) + 3) & ~3;
const size_t exp_len = (fp_unsigned_bin_size(unconst_fp_int(exp)) + 3) & ~3;
const size_t mod_len = (fp_unsigned_bin_size(unconst_fp_int(mod)) + 3) & ~3;
- uint8_t msgbuf[mod_len];
+ uint8_t msgbuf[msg_len];
@@ -231,6 +232,7 @@ static hal_error_t modexp(hal_core_t *core,
memset(msgbuf, 0, sizeof(msgbuf));
memset(expbuf, 0, sizeof(expbuf));
memset(modbuf, 0, sizeof(modbuf));
+ memset(resbuf, 0, sizeof(resbuf));
More information about the Commits