[crypto] Use inverse size as effective size for bigint_mod_invert()

Montgomery reduction requires only the least significant element of an inverse modulo 2^k, which in turn depends upon only the least significant element of the invertend. Use the inverse size (rather than the invertend size) as the effective size for bigint_mod_invert(). This eliminates around 97% of the loop iterations for a typical 2048-bit RSA modulus. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-12 23:15:10 +03:00 · 2024-11-27 12:56:22 +00:00
parent 7c2e68cc87
commit 96f385d7a4
2 changed files with 11 additions and 6 deletions
--- a/src/include/ipxe/bigint.h
+++ b/src/include/ipxe/bigint.h
@@ -248,7 +248,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 * @v inverse		Big integer to hold result
 */
 #define bigint_mod_invert( invertend, inverse ) do {			\
-	unsigned int size = bigint_size ( invertend );			\
+	unsigned int size = bigint_size ( inverse );			\
 	bigint_mod_invert_raw ( (invertend)->element,			\
 				(inverse)->element, size );		\
 	} while ( 0 )