Debug modexp_fp() buffer handling. Add basic timing report.

Compensate for PyCrypto's weird inversion of p and q when calculating
CRT coefficients, and add key the key components PyCrypto doesn't
bother pre-calculating to our test data.

1 files changed, 9 insertions, 9 deletions

diff --git a/rsa.c b/rsa.c
index b61feb4..31c4f61 100644
--- a/rsa.c
+++ b/rsa.c
@@ -175,18 +175,18 @@ static hal_error_t modexp_fp(fp_int *msg, fp_int *exp, fp_int *mod, fp_int *res)
 
   assert(msg != NULL && exp != NULL && mod != NULL && res != NULL);
 
-  uint8_t msgbuf[(fp_unsigned_bin_size(msg) + 3) & ~3];
-  uint8_t expbuf[(fp_unsigned_bin_size(exp) + 3) & ~3];
-  uint8_t modbuf[(fp_unsigned_bin_size(mod) + 3) & ~3];
+  const size_t msg_len = fp_unsigned_bin_size(msg);
+  const size_t exp_len = fp_unsigned_bin_size(exp);
+  const size_t mod_len = fp_unsigned_bin_size(mod);
 
-  if ((err = unpack_fp(msg, msgbuf, sizeof(msgbuf))) != HAL_OK ||
-      (err = unpack_fp(exp, expbuf, sizeof(expbuf))) != HAL_OK ||
-      (err = unpack_fp(mod, modbuf, sizeof(modbuf))) != HAL_OK)
-    goto fail;
+  const size_t len = (MAX(MAX(msg_len, exp_len), mod_len) + 3) & ~3;
 
-  uint8_t resbuf[FP_MAX_SIZE/8];
+  uint8_t msgbuf[len], expbuf[len], modbuf[len], resbuf[len];
 
-  if ((err = hal_modexp(msgbuf, sizeof(msgbuf),
+  if ((err = unpack_fp(msg, msgbuf, sizeof(msgbuf))) != HAL_OK ||
+      (err = unpack_fp(exp, expbuf, sizeof(expbuf))) != HAL_OK ||
+      (err = unpack_fp(mod, modbuf, sizeof(modbuf))) != HAL_OK ||
+      (err = hal_modexp(msgbuf, sizeof(msgbuf),
                         expbuf, sizeof(expbuf),
                         modbuf, sizeof(modbuf),
                         resbuf, sizeof(resbuf))) != HAL_OK)