From 86f30ff626655fa9c7fa6dec62b74ca9ea4359a1 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Fri, 24 Feb 2023 07:44:57 -0500
Subject: [PATCH] Reduce the default MBEDTLS_ECP_WINDOW_SIZE value to 2

As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790,
after introducing side-channel counter-measures to bignum,
the performance of RSA decryption in correlation to the
MBEDTLS_ECP_WINDOW_SIZE has changed.
The default value of 2 has been chosen as it provides best
or close-to-best results for tests on Cortex-M4 and Intel i7.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 ChangeLog.d/mpi-window-perf      | 7 +++++++
 include/mbedtls/bignum.h         | 4 ++--
 include/mbedtls/mbedtls_config.h | 2 +-
 3 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100644 ChangeLog.d/mpi-window-perf

diff --git a/ChangeLog.d/mpi-window-perf b/ChangeLog.d/mpi-window-perf
new file mode 100644
index 0000000000..0f75d6af1e
--- /dev/null
+++ b/ChangeLog.d/mpi-window-perf
@@ -0,0 +1,7 @@
+Changes
+   * Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2.
+     As tested in issue 6790, the correlation between this define and
+     RSA decryption performance has changed lately due to security fixes.
+     To fix the performance degradation when using default values the
+     window was reduced from 6 to 2, a value that gives the best or close
+     to best results when tested on Cortex-M4 and Intel i7.
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index e8fb2de4bd..b1d4b88ba5 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -63,7 +63,7 @@
 
 #if !defined(MBEDTLS_MPI_WINDOW_SIZE)
 /*
- * Maximum window size used for modular exponentiation. Default: 6
+ * Maximum window size used for modular exponentiation. Default: 2
  * Minimum value: 1. Maximum value: 6.
  *
  * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
@@ -71,7 +71,7 @@
  *
  * Reduction in size, reduces speed.
  */
-#define MBEDTLS_MPI_WINDOW_SIZE                           6        /**< Maximum window size used. */
+#define MBEDTLS_MPI_WINDOW_SIZE                           2        /**< Maximum window size used. */
 #endif /* !MBEDTLS_MPI_WINDOW_SIZE */
 
 #if !defined(MBEDTLS_MPI_MAX_SIZE)
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 9ae51c964a..b874995f4c 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -3559,7 +3559,7 @@
  * comment in the specific module. */
 
 /* MPI / BIGNUM options */
-//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum window size used. */
+//#define MBEDTLS_MPI_WINDOW_SIZE            2 /**< Maximum window size used. */
 //#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
 
 /* CTR_DRBG options */