From c669159880c4b9564b8176c113e3c0778ca55851 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Mon, 24 Jul 2017 08:10:41 -0400 Subject: Use ModExp fast mode for Miller-Rabin tests. Trying to make RSA key generation run in constant time is probably both futile and unnecessary, so we can speed it up a bit by switching the ModExpA7 core to use "fast" mode rather than "constant time" mode. Sadly, while this change produces a measureable improvement, it doesn't bring FGPA ModExp anywhere near the speed of the software equivalent in this case. Don't really know why. --- modexp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'modexp.c') diff --git a/modexp.c b/modexp.c index f097f33..3e634aa 100644 --- a/modexp.c +++ b/modexp.c @@ -182,8 +182,9 @@ hal_error_t hal_modexp(hal_core_t *core, * We probably ought to take the mode (fast vs constant-time) as an * argument, but for the moment we just guess that really short * exponent means we're using the public key and can use fast mode, - * all other cases are something to do with the private key and - * therefore must use constant-time mode. + * really short messages are Miller-Rabin tests and can also use + * fast mode, all other cases are something to do with the private + * key and therefore must use constant-time mode. * * Unclear whether it's worth trying to figure out exactly how long * the operands are: assuming a multiple of eight is safe, but makes @@ -194,7 +195,7 @@ hal_error_t hal_modexp(hal_core_t *core, */ /* Select mode (1 = fast, 0 = safe) */ - check(set_register(core, MODEXPS6_ADDR_MODE, (exp_len <= 4))); + check(set_register(core, MODEXPS6_ADDR_MODE, (exp_len <= 4 || msg_len <= 4))); /* Set modulus size in bits */ check(set_register(core, MODEXPS6_ADDR_MODULUS_WIDTH, mod_len * 8)); -- cgit v1.2.3