From 23975ff2368e70b30b0e5e161f27cd1a3be26d7d Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Tue, 7 Nov 2023 18:21:26 -0800 Subject: [PATCH] RSA: Remove `q_mod_n` from `RsaKeyPair`. Reduce the size of RsaKeyPair by about 15%. Importantly, this was the only non-temporary (`'static`) `Elem` other than `One`. --- src/rsa/keypair.rs | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/src/rsa/keypair.rs b/src/rsa/keypair.rs index 5b34979338..f45b60c103 100644 --- a/src/rsa/keypair.rs +++ b/src/rsa/keypair.rs @@ -34,12 +34,6 @@ pub struct KeyPair { p: PrivatePrime

, q: PrivatePrime, qInv: bigint::Elem, - - // TODO: Eliminate `q_mod_n` entirely since it is a bad space:time trade-off. - // Also, this is the only non-temporary `Elem` so if we eliminate this, we - // can make all `Elem`s temporary (borrowed) values. - q_mod_n: bigint::Elem, - public: PublicKey, } @@ -403,7 +397,6 @@ impl KeyPair { p, q, qInv, - q_mod_n, public: public_key, }) } @@ -578,7 +571,9 @@ impl KeyPair { // RFC 8017 Section 5.1.2: RSADP, using the Chinese Remainder Theorem // with Garner's algorithm. - let n = &self.public.inner().n().value().modulus(); + let n = self.public.inner().n().value(); + let n_one = n.oneRR(); + let n = &n.modulus(); // Step 1. The value zero is also rejected. let base = bigint::Elem::from_be_bytes_padded(untrusted::Input::from(base), n)?; @@ -603,7 +598,9 @@ impl KeyPair { // Modular arithmetic is used simply to avoid implementing // non-modular arithmetic. let h = bigint::elem_widen(h, n); - let q_times_h = bigint::elem_mul(&self.q_mod_n, h, n); + let q_mod_n = self.q.modulus.to_elem(n); + let q_mod_n = bigint::elem_mul(n_one.as_ref(), q_mod_n, n); + let q_times_h = bigint::elem_mul(&q_mod_n, h, n); let m_2 = bigint::elem_widen(m_2, n); let m = bigint::elem_add(m_2, q_times_h, n);