[crypto] Calculate inverse of modulus on demand in bigint_montgomery()

Reduce the number of parameters passed to bigint_montgomery() by
calculating the inverse of the modulus modulo the element size on
demand.  Cache the result, since Montgomery reduction will be used
repeatedly with the same modulus value.

In all currently supported algorithms, the modulus is a public value
(or a fixed value defined by specification) and so this non-constant
timing does not leak any private information.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 3 insertions, 5 deletions

diff --git a/src/include/ipxe/bigint.h b/src/include/ipxe/bigint.h
index 3058547a6..90e212b54 100644
--- a/src/include/ipxe/bigint.h
+++ b/src/include/ipxe/bigint.h
@@ -257,16 +257,15 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
  * Perform Montgomery reduction (REDC) of a big integer product
  *
  * @v modulus		Big integer modulus
- * @v modinv		Big integer inverse of the modulus modulo 2^k
  * @v mont		Big integer Montgomery product
  * @v result		Big integer to hold result
  *
  * Note that the Montgomery product will be overwritten.
  */
-#define bigint_montgomery( modulus, modinv, mont, result ) do {		\
+#define bigint_montgomery( modulus, mont, result ) do {			\
 	unsigned int size = bigint_size (modulus);			\
-	bigint_montgomery_raw ( (modulus)->element, (modinv)->element,	\
-				(mont)->element, (result)->element,	\
+	bigint_montgomery_raw ( (modulus)->element, (mont)->element,	\
+				(result)->element,			\
 				size );					\
 	} while ( 0 )
 
@@ -377,7 +376,6 @@ void bigint_reduce_raw ( bigint_element_t *modulus0, bigint_element_t *value0,
 void bigint_mod_invert_raw ( const bigint_element_t *invertend0,
 			     bigint_element_t *inverse0, unsigned int size );
 void bigint_montgomery_raw ( const bigint_element_t *modulus0,
-			     const bigint_element_t *modinv0,
 			     bigint_element_t *mont0,
 			     bigint_element_t *result0, unsigned int size );
 void bigint_mod_exp_raw ( const bigint_element_t *base0,