bignum: add provision for combined software and hardware MPI approach

For exponential mod (API mbedtls_mpi_exp_mod) operation, some ESP target chips needs to have ability for both hardware and software implementation. Hardware implementation provided performance advantage but it can only support upto 3072 bit operations (e.g., ESP32-C3) and hence we fallback to software implementation in such cases (e.g., 4096 bit operations). Earlier this was handled using linker "--wrap" flag but that does not work in all scenarios as API `mbedtls_mpi_exp_mod` is being used in same tranlation (compilation unit). This approach was found to be next best option with minimal changes in mbedTLS library. (cherry picked from commit ab3a845107)
2026-06-05 21:14:47 +00:00 · 2021-11-18 15:39:30 +05:30
parent e8f1d22d65
commit f8c1944d11
1 changed files with 23 additions and 2 deletions
@@ -1618,6 +1618,14 @@ int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_s
    return 0;
 }

+/*
+ * MbedTLS has added new software API mbedtls_mpi_exp_mod_optionally_safe().
+ * This API handles RSA public operations in non-constant time manner (and hence efficient),
+ * but for the hardware MPI case, we fallback to the `mbedtls_mpi_exp_mod()` implementation itself
+ * and hence disabling it here.
+ */
+#if !defined(MBEDTLS_MPI_EXP_MOD_ALT)
+
 /*
 * Warning! If the parameter E_public has MBEDTLS_MPI_IS_PUBLIC as its value,
 * this function is not constant time with respect to the exponent (parameter E).
@@ -1736,14 +1744,18 @@ cleanup:
    return ret;
 }
 
-#if !defined(MBEDTLS_MPI_EXP_MOD_ALT)
- 
 /*
 * Sliding-window exponentiation: X = A^E mod N  (HAC 14.85)
 */
+#if !defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK)
 int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
                        const mbedtls_mpi *E, const mbedtls_mpi *N,
                        mbedtls_mpi *prec_RR)
+#else
+int mbedtls_mpi_exp_mod_soft(mbedtls_mpi *X, const mbedtls_mpi *A,
+                             const mbedtls_mpi *E, const mbedtls_mpi *N,
+                             mbedtls_mpi *prec_RR)
+#endif
 {
    return mbedtls_mpi_exp_mod_optionally_safe(X, A, E, MBEDTLS_MPI_IS_SECRET, N, prec_RR);
 }
@@ -1753,7 +1765,16 @@ int mbedtls_mpi_exp_mod_unsafe(mbedtls_mpi *X, const mbedtls_mpi *A,
                               const mbedtls_mpi *E, const mbedtls_mpi *N,
                               mbedtls_mpi *prec_RR)
 {
+
+/*
+ * If hardware is enabled, we use MPI crypto layer implementation,
+ * else we use mbedtls implementation.
+ */
+#if defined(MBEDTLS_MPI_EXP_MOD_ALT)
+    return mbedtls_mpi_exp_mod(X, A, E, N, prec_RR);
+#else
    return mbedtls_mpi_exp_mod_optionally_safe(X, A, E, MBEDTLS_MPI_IS_PUBLIC, N, prec_RR);
+#endif
 }