diff options
Diffstat (limited to 'src/stm32')
-rw-r--r-- | src/stm32/modexpa7_driver_sample.c | 134 | ||||
-rw-r--r-- | src/stm32/test/modexp_fpga_model_vectors.h | 24 |
2 files changed, 139 insertions, 19 deletions
diff --git a/src/stm32/modexpa7_driver_sample.c b/src/stm32/modexpa7_driver_sample.c index 4738026..390c949 100644 --- a/src/stm32/modexpa7_driver_sample.c +++ b/src/stm32/modexpa7_driver_sample.c @@ -89,6 +89,21 @@ static const uint32_t n_512[] = N_512; static const uint32_t d_512[] = D_512;
static const uint32_t s_512[] = S_512;
+static const uint32_t p_192[] = P_192;
+static const uint32_t q_192[] = Q_192;
+static const uint32_t dp_192[] = DP_192;
+static const uint32_t dq_192[] = DQ_192;
+static const uint32_t mp_192[] = MP_192;
+static const uint32_t mq_192[] = MQ_192;
+
+static const uint32_t p_256[] = P_256;
+static const uint32_t q_256[] = Q_256;
+static const uint32_t dp_256[] = DP_256;
+static const uint32_t dq_256[] = DQ_256;
+static const uint32_t mp_256[] = MP_256;
+static const uint32_t mq_256[] = MQ_256;
+
+
/*
* prototypes
@@ -102,6 +117,11 @@ int test_modexpa7( const uint32_t *m, const uint32_t *s,
size_t l);
+int test_modexpa7_crt( const uint32_t *m,
+ const uint32_t *d,
+ const uint32_t *s,
+ size_t l);
+
/*
* test routine
@@ -158,21 +178,49 @@ int main() // fresh start
ok = 1;
- {
+ {
// run precomputation of modulus-dependent factor for the 384-bit modulus
setup_modexpa7(n_384, 384);
-
+
// try signing the message from the 384-bit test vector
ok = ok && test_modexpa7(m_384, d_384, s_384, 384);
}
- {
+ {
// run precomputation of modulus-dependent factor for the 512-bit modulus
setup_modexpa7(n_512, 512);
-
+
// try signing the message from the 512-bit test vector
ok = ok && test_modexpa7(m_512, d_512, s_512, 512);
}
-
+
+ {
+ // run precomputation of modulus-dependent factor for the first 192-bit part of 384-bit modulus
+ setup_modexpa7(p_192, 192);
+
+ // try signing 384-bit base using 192-bit exponent
+ ok = ok && test_modexpa7_crt(m_384, dp_192, mp_192, 192);
+
+ // run precomputation of modulus-dependent factor for the second 192-bit part of 384-bit modulus
+ setup_modexpa7(q_192, 192);
+
+ // try signing 384-bit base using 192-bit exponent
+ ok = ok && test_modexpa7_crt(m_384, dq_192, mq_192, 192);
+ }
+
+ {
+ // run precomputation of modulus-dependent factor for the first 256-bit part of 512-bit modulus
+ setup_modexpa7(p_256, 256);
+
+ // try signing 512-bit base using 256-bit exponent
+ ok = ok && test_modexpa7_crt(m_512, dp_256, mp_256, 256);
+
+ // run precomputation of modulus-dependent factor for the second 256-bit part of 512-bit modulus
+ setup_modexpa7(q_256, 256);
+
+ // try signing 512-bit base using 256-bit exponent
+ ok = ok && test_modexpa7_crt(m_512, dq_256, mq_256, 256);
+ }
+
// turn on the red led to indicate something went wrong
if (!ok)
{ led_off(LED_GREEN);
@@ -241,6 +289,7 @@ int test_modexpa7( const uint32_t *m, uint32_t reg_control, reg_status;
uint32_t m_word, d_word, s_word;
uint32_t dummy_num_cyc;
+ uint32_t mode;
// determine numbers of 32-bit words
num_words = l >> 5;
@@ -249,8 +298,12 @@ int test_modexpa7( const uint32_t *m, num_bits = l;
fmc_write_32(CORE_ADDR_EXPONENT_BITS, &num_bits);
- // fill modulus bank (the least significant word
- // is at the lowest offset)
+ // disable CRT mode
+ mode = 0;
+ fmc_write_32(CORE_ADDR_MODE, &mode);
+
+ // fill message and exponent banks (the least significant
+ // word is at the lowest offset)
for (i=0; i<num_words; i++)
{ m_word = m[i];
d_word = d[i];
@@ -287,6 +340,73 @@ int test_modexpa7( const uint32_t *m, }
+int test_modexpa7_crt( const uint32_t *m,
+ const uint32_t *d,
+ const uint32_t *s,
+ size_t l)
+{
+ size_t i, num_words;
+ uint32_t num_bits;
+ uint32_t reg_control, reg_status;
+ uint32_t m_word, d_word, s_word;
+ uint32_t dummy_num_cyc;
+ uint32_t mode;
+
+ // determine numbers of 32-bit words
+ num_words = l >> 5;
+
+ // set exponent width
+ num_bits = l;
+ fmc_write_32(CORE_ADDR_EXPONENT_BITS, &num_bits);
+
+ // enable CRT mode
+ mode = CORE_MODE_BIT_CRT;
+ fmc_write_32(CORE_ADDR_MODE, &mode);
+
+ // fill exponent bank (the least significant word
+ // is at the lowest offset)
+ for (i=0; i<num_words; i++)
+ { d_word = d[i];
+ fmc_write_32(CORE_ADDR_BANK_EXPONENT + ((num_words - (i + 1)) * sizeof(uint32_t)), &d_word);
+ }
+
+ // fill message bank (the least significant word
+ // is at the lowest offset, message is twice larger
+ // than the modulus in CRT mode!)
+ for (i=0; i<(2 * num_words); i++)
+ { m_word = m[i];
+ fmc_write_32(CORE_ADDR_BANK_MESSAGE + ((2 * num_words - (i + 1)) * sizeof(uint32_t)), &m_word);
+ }
+
+ // clear 'next' control bit, then set 'next' control bit again
+ // to trigger exponentiation (core is edge-triggered)
+ reg_control = 0;
+ fmc_write_32(CORE_ADDR_CONTROL, ®_control);
+ reg_control = CORE_CONTROL_BIT_NEXT;
+ fmc_write_32(CORE_ADDR_CONTROL, ®_control);
+
+ // wait for 'valid' status bit to be set
+ dummy_num_cyc = 0;
+ do
+ { dummy_num_cyc++;
+ fmc_read_32(CORE_ADDR_STATUS, ®_status);
+ }
+ while (!(reg_status & CORE_STATUS_BIT_VALID));
+
+ // read back the result word-by-word, then compare to the reference values
+ for (i=0; i<num_words; i++)
+ {
+ fmc_read_32(CORE_ADDR_BANK_RESULT + (i * sizeof(uint32_t)), &s_word);
+
+ if (s_word != s[num_words - (i + 1)])
+ return 0;
+ }
+
+ // everything went just fine
+ return 1;
+}
+
+
//
// toggle the yellow led to indicate that we're not stuck somewhere
//
diff --git a/src/stm32/test/modexp_fpga_model_vectors.h b/src/stm32/test/modexp_fpga_model_vectors.h index 622b16c..348ff49 100644 --- a/src/stm32/test/modexp_fpga_model_vectors.h +++ b/src/stm32/test/modexp_fpga_model_vectors.h @@ -20,27 +20,27 @@ 0xa76b945b, 0x49a3f645, 0x76801499, 0xb98e6a16, \ 0xd2467b6a, 0x75b7d614, 0x0fff0fde, 0xb31d1819} -#define P_384 \ +#define P_192 \ {0xe9ac4cf6, 0x03b2d80a, 0x7f1d091e, 0x49d5f1a0, \ 0xac2ae4ff, 0xbf9bf375} -#define Q_384 \ +#define Q_192 \ {0xc1468f3e, 0xc6909231, 0x5a4d74ba, 0x477b303f, \ 0x4b2e10d1, 0x1f44e815} -#define DP_384 \ +#define DP_192 \ {0x69b6c286, 0x95fbc613, 0x51988034, 0x8cb0d684, \ 0x9aff38e4, 0x9ef9ddb5} -#define DQ_384 \ +#define DQ_192 \ {0x1eda82b7, 0x84bf4377, 0x39712ff7, 0x24be179f, \ 0xa302c190, 0x80ab6159} -#define MP_384 \ +#define MP_192 \ {0x9e163bb5, 0x35e718cb, 0xcde52b7b, 0x5db8552b, \ 0x46a300e0, 0x34f91e6b} -#define MQ_384 \ +#define MQ_192 \ {0x7b01a724, 0x90f0d5f9, 0x9e237ce5, 0x6d31fd28, \ 0x4ecb9dad, 0x58bf366a} @@ -68,27 +68,27 @@ 0xfd1e029d, 0xfe887387, 0x4312635f, 0xb2b54b8d, \ 0x5d3b379e, 0x161eaa4f, 0xedfd932b, 0x780f0203} -#define P_512 \ +#define P_256 \ {0xfedea889, 0x97cfdb79, 0xcca87074, 0xe5abcda1, \ 0x3be201c4, 0xc416fd15, 0xf2130931, 0x61ff5937} -#define Q_512 \ +#define Q_256 \ {0xf0889147, 0x5aa60f93, 0xb9927d86, 0x8f795c5c, \ 0x8e98dcf2, 0xad3aad74, 0x9441583a, 0x967dce41} -#define DP_512 \ +#define DP_256 \ {0x2504d437, 0xfffbe9e5, 0xfc0aef22, 0x9b8563bd, \ 0xaa83fe3b, 0xc53b8d91, 0x15731c5f, 0xb6db2eeb} -#define DQ_512 \ +#define DQ_256 \ {0xd3265fba, 0x2eb65638, 0x4d106ec7, 0x000dfe69, \ 0x75f87505, 0x47d299d0, 0x1c115cdd, 0x599ca8c1} -#define MP_512 \ +#define MP_256 \ {0x23359955, 0xcad299b6, 0x049bb248, 0x3828b6a5, \ 0x74c85825, 0x7dd8e109, 0x07edbda9, 0x4980c2c9} -#define MQ_512 \ +#define MQ_256 \ {0x8578120b, 0x91f4ca9e, 0x371d3e70, 0x0005bb89, \ 0xd31ed864, 0x477bd9cf, 0x65a1f03b, 0x606d3bc8} |