From fc1c4fcdc95bf85b71f778a941e631fc573db0c3 Mon Sep 17 00:00:00 2001
From: "Pavel V. Shatov (Meister)" <meisterpaul1@yandex.ru>
Date: Sat, 12 Aug 2017 00:24:14 +0300
Subject: Added STM32 code to test CRT mode in hardware.

---
 src/rtl/pe/modexpa7_primitive_switch.v     |   2 +-
 src/stm32/modexpa7_driver_sample.c         | 134 +++++++++++++++++++++++++++--
 src/stm32/test/modexp_fpga_model_vectors.h |  24 +++---
 3 files changed, 140 insertions(+), 20 deletions(-)

diff --git a/src/rtl/pe/modexpa7_primitive_switch.v b/src/rtl/pe/modexpa7_primitive_switch.v
index 17e8264..fa958ec 100644
--- a/src/rtl/pe/modexpa7_primitive_switch.v
+++ b/src/rtl/pe/modexpa7_primitive_switch.v
@@ -1,4 +1,4 @@
-//`define USE_VENDOR_PRIMITIVES
+`define USE_VENDOR_PRIMITIVES
 
 `ifdef USE_VENDOR_PRIMITIVES
 
diff --git a/src/stm32/modexpa7_driver_sample.c b/src/stm32/modexpa7_driver_sample.c
index 4738026..390c949 100644
--- a/src/stm32/modexpa7_driver_sample.c
+++ b/src/stm32/modexpa7_driver_sample.c
@@ -89,6 +89,21 @@ static const uint32_t n_512[]	= N_512;
 static const uint32_t d_512[]	= D_512;
 static const uint32_t s_512[]	= S_512;
 
+static const uint32_t p_192[]		= P_192;
+static const uint32_t q_192[]		= Q_192;
+static const uint32_t dp_192[]	= DP_192;
+static const uint32_t dq_192[]	= DQ_192;
+static const uint32_t mp_192[]	= MP_192;
+static const uint32_t mq_192[]	= MQ_192;
+
+static const uint32_t p_256[]		= P_256;
+static const uint32_t q_256[]		= Q_256;
+static const uint32_t dp_256[]	= DP_256;
+static const uint32_t dq_256[]	= DQ_256;
+static const uint32_t mp_256[]	= MP_256;
+static const uint32_t mq_256[]	= MQ_256;
+
+
 
 		/*
 		 * prototypes
@@ -102,6 +117,11 @@ int test_modexpa7(		const uint32_t *m,
 											const uint32_t *s,
 											      size_t    l);
 
+int test_modexpa7_crt(		const uint32_t *m,
+													const uint32_t *d,
+													const uint32_t *s,
+																size_t    l);
+
 
 		/*
 		 * test routine
@@ -158,21 +178,49 @@ int main()
 						// fresh start
 				ok = 1;
 			
-				{
+				{		
 								// run precomputation of modulus-dependent factor for the 384-bit modulus
 						setup_modexpa7(n_384, 384);
-			
+					
 								// try signing the message from the 384-bit test vector
 						ok = ok && test_modexpa7(m_384, d_384, s_384, 384);
 				}
-				{
+				{				
 								// run precomputation of modulus-dependent factor for the 512-bit modulus
 						setup_modexpa7(n_512, 512);
-			
+					
 								// try signing the message from the 512-bit test vector
 						ok = ok && test_modexpa7(m_512, d_512, s_512, 512);
 				}
-			
+
+				{				
+								// run precomputation of modulus-dependent factor for the first 192-bit part of 384-bit modulus
+						setup_modexpa7(p_192, 192);
+					
+								// try signing 384-bit base using 192-bit exponent
+						ok = ok && test_modexpa7_crt(m_384, dp_192, mp_192, 192);
+					
+								// run precomputation of modulus-dependent factor for the second 192-bit part of 384-bit modulus
+						setup_modexpa7(q_192, 192);
+					
+								// try signing 384-bit base using 192-bit exponent
+						ok = ok && test_modexpa7_crt(m_384, dq_192, mq_192, 192);
+				}
+				
+				{				
+								// run precomputation of modulus-dependent factor for the first 256-bit part of 512-bit modulus
+						setup_modexpa7(p_256, 256);
+					
+								// try signing 512-bit base using 256-bit exponent
+						ok = ok && test_modexpa7_crt(m_512, dp_256, mp_256, 256);
+					
+								// run precomputation of modulus-dependent factor for the second 256-bit part of 512-bit modulus
+						setup_modexpa7(q_256, 256);
+					
+								// try signing 512-bit base using 256-bit exponent
+						ok = ok && test_modexpa7_crt(m_512, dq_256, mq_256, 256);
+				}
+				
 						// turn on the red led to indicate something went wrong
 				if (!ok)
 				{		led_off(LED_GREEN);
@@ -241,6 +289,7 @@ int test_modexpa7(	const uint32_t *m,
 		uint32_t reg_control, reg_status;
 		uint32_t m_word, d_word, s_word;
 		uint32_t dummy_num_cyc;		
+		uint32_t mode;
 		
 				// determine numbers of 32-bit words
 		num_words = l >> 5;
@@ -249,8 +298,12 @@ int test_modexpa7(	const uint32_t *m,
 		num_bits = l;
 		fmc_write_32(CORE_ADDR_EXPONENT_BITS,  &num_bits);
 	
-				// fill modulus bank (the least significant word
-				// is at the lowest offset)
+				// disable CRT mode
+		mode = 0;
+		fmc_write_32(CORE_ADDR_MODE, &mode);
+	
+				// fill message and exponent banks (the least significant
+				// word is at the lowest offset)
 		for (i=0; i<num_words; i++)
 		{		m_word = m[i];
 				d_word = d[i];
@@ -287,6 +340,73 @@ int test_modexpa7(	const uint32_t *m,
 }
 
 
+int test_modexpa7_crt(	const uint32_t *m,
+												const uint32_t *d,
+												const uint32_t *s,
+															size_t    l)
+{
+		size_t i, num_words;
+		uint32_t num_bits;
+		uint32_t reg_control, reg_status;
+		uint32_t m_word, d_word, s_word;
+		uint32_t dummy_num_cyc;		
+		uint32_t mode;
+		
+				// determine numbers of 32-bit words
+		num_words = l >> 5;
+	
+				// set exponent width
+		num_bits = l;
+		fmc_write_32(CORE_ADDR_EXPONENT_BITS,  &num_bits);
+	
+				// enable CRT mode
+		mode = CORE_MODE_BIT_CRT;
+		fmc_write_32(CORE_ADDR_MODE, &mode);
+	
+				// fill exponent bank (the least significant word
+				// is at the lowest offset)
+		for (i=0; i<num_words; i++)
+		{		d_word = d[i];
+				fmc_write_32(CORE_ADDR_BANK_EXPONENT + ((num_words - (i + 1)) * sizeof(uint32_t)), &d_word);
+		}
+
+				// fill message bank (the least significant word
+				// is at the lowest offset, message is twice larger
+				// than the modulus in CRT mode!)
+		for (i=0; i<(2 * num_words); i++)
+		{		m_word = m[i];
+				fmc_write_32(CORE_ADDR_BANK_MESSAGE  + ((2 * num_words - (i + 1)) * sizeof(uint32_t)), &m_word);
+		}
+
+				// clear 'next' control bit, then set 'next' control bit again
+				// to trigger exponentiation (core is edge-triggered)
+		reg_control = 0;
+		fmc_write_32(CORE_ADDR_CONTROL, &reg_control);
+		reg_control = CORE_CONTROL_BIT_NEXT;
+		fmc_write_32(CORE_ADDR_CONTROL, &reg_control);
+	
+				// wait for 'valid' status bit to be set
+		dummy_num_cyc = 0;
+		do
+		{		dummy_num_cyc++;
+				fmc_read_32(CORE_ADDR_STATUS, &reg_status);
+		}
+		while (!(reg_status & CORE_STATUS_BIT_VALID));
+		
+				// read back the result word-by-word, then compare to the reference values
+		for (i=0; i<num_words; i++)
+		{		
+				fmc_read_32(CORE_ADDR_BANK_RESULT + (i * sizeof(uint32_t)), &s_word);
+			
+				if (s_word != s[num_words - (i + 1)])
+					return 0;
+		}
+	
+				// everything went just fine
+		return 1;
+}
+
+
 		//
 		// toggle the yellow led to indicate that we're not stuck somewhere
 		//
diff --git a/src/stm32/test/modexp_fpga_model_vectors.h b/src/stm32/test/modexp_fpga_model_vectors.h
index 622b16c..348ff49 100644
--- a/src/stm32/test/modexp_fpga_model_vectors.h
+++ b/src/stm32/test/modexp_fpga_model_vectors.h
@@ -20,27 +20,27 @@
 	 0xa76b945b, 0x49a3f645, 0x76801499, 0xb98e6a16, \
 	 0xd2467b6a, 0x75b7d614, 0x0fff0fde, 0xb31d1819}
 
-#define P_384 \
+#define P_192 \
 	{0xe9ac4cf6, 0x03b2d80a, 0x7f1d091e, 0x49d5f1a0, \
 	 0xac2ae4ff, 0xbf9bf375}
 
-#define Q_384 \
+#define Q_192 \
 	{0xc1468f3e, 0xc6909231, 0x5a4d74ba, 0x477b303f, \
 	 0x4b2e10d1, 0x1f44e815}
 
-#define DP_384 \
+#define DP_192 \
 	{0x69b6c286, 0x95fbc613, 0x51988034, 0x8cb0d684, \
 	 0x9aff38e4, 0x9ef9ddb5}
 
-#define DQ_384 \
+#define DQ_192 \
 	{0x1eda82b7, 0x84bf4377, 0x39712ff7, 0x24be179f, \
 	 0xa302c190, 0x80ab6159}
 
-#define MP_384 \
+#define MP_192 \
 	{0x9e163bb5, 0x35e718cb, 0xcde52b7b, 0x5db8552b, \
 	 0x46a300e0, 0x34f91e6b}
 
-#define MQ_384 \
+#define MQ_192 \
 	{0x7b01a724, 0x90f0d5f9, 0x9e237ce5, 0x6d31fd28, \
 	 0x4ecb9dad, 0x58bf366a}
 
@@ -68,27 +68,27 @@
 	 0xfd1e029d, 0xfe887387, 0x4312635f, 0xb2b54b8d, \
 	 0x5d3b379e, 0x161eaa4f, 0xedfd932b, 0x780f0203}
 
-#define P_512 \
+#define P_256 \
 	{0xfedea889, 0x97cfdb79, 0xcca87074, 0xe5abcda1, \
 	 0x3be201c4, 0xc416fd15, 0xf2130931, 0x61ff5937}
 
-#define Q_512 \
+#define Q_256 \
 	{0xf0889147, 0x5aa60f93, 0xb9927d86, 0x8f795c5c, \
 	 0x8e98dcf2, 0xad3aad74, 0x9441583a, 0x967dce41}
 
-#define DP_512 \
+#define DP_256 \
 	{0x2504d437, 0xfffbe9e5, 0xfc0aef22, 0x9b8563bd, \
 	 0xaa83fe3b, 0xc53b8d91, 0x15731c5f, 0xb6db2eeb}
 
-#define DQ_512 \
+#define DQ_256 \
 	{0xd3265fba, 0x2eb65638, 0x4d106ec7, 0x000dfe69, \
 	 0x75f87505, 0x47d299d0, 0x1c115cdd, 0x599ca8c1}
 
-#define MP_512 \
+#define MP_256 \
 	{0x23359955, 0xcad299b6, 0x049bb248, 0x3828b6a5, \
 	 0x74c85825, 0x7dd8e109, 0x07edbda9, 0x4980c2c9}
 
-#define MQ_512 \
+#define MQ_256 \
 	{0x8578120b, 0x91f4ca9e, 0x371d3e70, 0x0005bb89, \
 	 0xd31ed864, 0x477bd9cf, 0x65a1f03b, 0x606d3bc8}
 
-- 
cgit v1.2.3