Don't use windowed exponentiation for small public exponents.

Speeds up public key operations.  Path contributed by
    Sheueling Chang Shantz <sheueling.chang@sun.com>,
    Stephen Fung <stephen.fung@sun.com>, and
    Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.

security/nss/lib/freebl/mpi/mpmontg.c

@@ -15,8 +15,14 @@
  * Communications Corporation.	Portions created by Netscape are 
  * Copyright (C) 2000 Netscape Communications Corporation.  All
  * Rights Reserved.
+ *
+ * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
+ * Sun Microsystems, Inc. All Rights Reserved.
  * 
  * Contributor(s):
+ *      Sheueling Chang Shantz <sheueling.chang@sun.com>, 
+ *      Stephen Fung <stephen.fung@sun.com>, and
+ *      Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.
  * 
  * Alternatively, the contents of this file may be used under the
  * terms of the GNU General Public License Version 2 or later (the
@@ -29,7 +35,7 @@
  * the GPL.  If you do not delete the provisions above, a recipient
  * may use your version of this file under either the MPL or the
  * GPL.
- *  $Id: mpmontg.c,v 1.11 2002/04/04 00:19:43 nelsonb%netscape.com Exp $
+ *  $Id: mpmontg.c,v 1.12 2003/09/26 02:15:12 nelsonb%netscape.com Exp $
  */
 
 /* This file implements moduluar exponentiation using Montgomery's
@@ -266,7 +272,15 @@ mp_err mp_exptmod_f(const mp_int *   montBase,
     MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) );
     smallExp = (mp_size)res;
 
-    if (window_bits == 4) {
+    if (window_bits == 1) {
+      if (!smallExp) {
+	SQR;
+      } else if (smallExp & 1) {
+	SQR; MUL(0); 
+      } else {
+	ABORT;
+      }
+    } else if (window_bits == 4) {
       if (!smallExp) {
 	SQR; SQR; SQR; SQR;
       } else if (smallExp & 1) {
@@ -406,7 +420,15 @@ mp_err mp_exptmod_i(const mp_int *   montBase,
     MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) );
     smallExp = (mp_size)res;
 
-    if (window_bits == 4) {
+    if (window_bits == 1) {
+      if (!smallExp) {
+	SQR(pa1,pa2); SWAPPA;
+      } else if (smallExp & 1) {
+	SQR(pa1,pa2); MUL(0,pa2,pa1);
+      } else {
+	ABORT;
+      }
+    } else if (window_bits == 4) {
       if (!smallExp) {
 	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
       } else if (smallExp & 1) {
@@ -538,8 +560,13 @@ mp_err mp_exptmod(const mp_int *inBase, const mp_int *exponent,
     window_bits = 6;
   else if (bits_in_exponent > 160)
     window_bits = 5;
-  else
+  else if (bits_in_exponent > 20)
     window_bits = 4;
+  /* RSA public key exponents are typically under 20 bits (common values 
+   * are: 3, 17, 65537) and a 4-bit window is inefficient
+   */
+  else 
+    window_bits = 1;
   odd_ints = 1 << (window_bits - 1);
   i = bits_in_exponent % window_bits;
   if (i != 0) {