>> To calculate what? The inverse of modulus mod word, or to calculate the Montgomery reduction? The inverse it was. (In reply to Hubert Kario from comment #10) > Created attachment 9297296 [details] > ctmpi.tar.gz > > I've implemented a simple mul() and mod() operations in (largely) portable pure C, and verified that they are indeed constant time on x86_64, aarch64, ppc64le, and s390x. > > Included is both the code and the test harnesses for timing tests. > > @nkulatova if you think they would be useful to integrate ahead of replacing the whole RSA code, feel free to use them. Would you prefer to submit the patch by yourself, or would you prefer if I do it?
Bug 1780432 Comment 17 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
>> To calculate what? The inverse of modulus mod word, or to calculate the Montgomery reduction? The inverse it was. (In reply to Hubert Kario from comment #10) > Created attachment 9297296 [details] > ctmpi.tar.gz > > I've implemented a simple mul() and mod() operations in (largely) portable pure C, and verified that they are indeed constant time on x86_64, aarch64, ppc64le, and s390x. > > Included is both the code and the test harnesses for timing tests. > > @nkulatova if you think they would be useful to integrate ahead of replacing the whole RSA code, feel free to use them. Would you prefer to submit the patch by yourself, or would you prefer if I do it?