[crypto] Use Montgomery reduction for modular exponentiation

Speed up modular exponentiation by using Montgomery reduction rather
than direct modular reduction.

Montgomery reduction in base 2^n requires the modulus to be coprime to
2^n, which would limit us to requiring that the modulus is an odd
number.  Extend the implementation to include support for
exponentiation with even moduli via Garner's algorithm as described in
"Montgomery reduction with even modulus" (Koç, 1994).

Since almost all use cases for modular exponentation require a large
prime (and hence odd) modulus, the support for even moduli could
potentially be removed in future.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/include/ipxe/bigint.h

@@ -322,18 +322,12 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
  * Calculate temporary working space required for moduluar exponentiation
  *
  * @v modulus		Big integer modulus
- * @v exponent		Big integer exponent
  * @ret len		Length of temporary working space
  */
-#define bigint_mod_exp_tmp_len( modulus, exponent ) ( {			\
+#define bigint_mod_exp_tmp_len( modulus ) ( {				\
 	unsigned int size = bigint_size (modulus);			\
-	unsigned int exponent_size = bigint_size (exponent);		\
-	size_t mod_multiply_len =					\
-		bigint_mod_multiply_tmp_len (modulus);			\
 	sizeof ( struct {						\
-		bigint_t ( size ) temp_base;				\
-		bigint_t ( exponent_size ) temp_exponent;		\
-		uint8_t mod_multiply[mod_multiply_len];			\
+		bigint_t ( size ) temp[4];				\
 	} ); } )
 
 #include <bits/bigint.h>