From fc1c4fcdc95bf85b71f778a941e631fc573db0c3 Mon Sep 17 00:00:00 2001
From: "Pavel V. Shatov (Meister)" <meisterpaul1@yandex.ru>
Date: Sat, 12 Aug 2017 00:24:14 +0300
Subject: Added STM32 code to test CRT mode in hardware.
---
src/rtl/pe/modexpa7_primitive_switch.v | 2 +-
src/stm32/modexpa7_driver_sample.c | 134 +++++++++++++++++++++++++++--
src/stm32/test/modexp_fpga_model_vectors.h | 24 +++---
3 files changed, 140 insertions(+), 20 deletions(-)
(limited to 'src')
diff --git a/src/rtl/pe/modexpa7_primitive_switch.v b/src/rtl/pe/modexpa7_primitive_switch.v
index 17e8264..fa958ec 100644
--- a/src/rtl/pe/modexpa7_primitive_switch.v
+++ b/src/rtl/pe/modexpa7_primitive_switch.v
@@ -1,4 +1,4 @@
-//`define USE_VENDOR_PRIMITIVES
+`define USE_VENDOR_PRIMITIVES
`ifdef USE_VENDOR_PRIMITIVES
diff --git a/src/stm32/modexpa7_driver_sample.c b/src/stm32/modexpa7_driver_sample.c
index 4738026..390c949 100644
--- a/src/stm32/modexpa7_driver_sample.c
+++ b/src/stm32/modexpa7_driver_sample.c
@@ -89,6 +89,21 @@ static const uint32_t n_512[] = N_512;
static const uint32_t d_512[] = D_512;
static const uint32_t s_512[] = S_512;
+static const uint32_t p_192[] = P_192;
+static const uint32_t q_192[] = Q_192;
+static const uint32_t dp_192[] = DP_192;
+static const uint32_t dq_192[] = DQ_192;
+static const uint32_t mp_192[] = MP_192;
+static const uint32_t mq_192[] = MQ_192;
+
+static const uint32_t p_256[] = P_256;
+static const uint32_t q_256[] = Q_256;
+static const uint32_t dp_256[] = DP_256;
+static const uint32_t dq_256[] = DQ_256;
+static const uint32_t mp_256[] = MP_256;
+static const uint32_t mq_256[] = MQ_256;
+
+
/*
* prototypes
@@ -102,6 +117,11 @@ int test_modexpa7( const uint32_t *m,
const uint32_t *s,
size_t l);
+int test_modexpa7_crt( const uint32_t *m,
+ const uint32_t *d,
+ const uint32_t *s,
+ size_t l);
+
/*
* test routine
@@ -158,21 +178,49 @@ int main()
// fresh start
ok = 1;
- {
+ {
// run precomputation of modulus-dependent factor for the 384-bit modulus
setup_modexpa7(n_384, 384);
-
+
// try signing the message from the 384-bit test vector
ok = ok && test_modexpa7(m_384, d_384, s_384, 384);
}
- {
+ {
// run precomputation of modulus-dependent factor for the 512-bit modulus
setup_modexpa7(n_512, 512);
-
+
// try signing the message from the 512-bit test vector
ok = ok && test_modexpa7(m_512, d_512, s_512, 512);
}
-
+
+ {
+ // run precomputation of modulus-dependent factor for the first 192-bit part of 384-bit modulus
+ setup_modexpa7(p_192, 192);
+
+ // try signing 384-bit base using 192-bit exponent
+ ok = ok && test_modexpa7_crt(m_384, dp_192, mp_192, 192);
+
+ // run precomputation of modulus-dependent factor for the second 192-bit part of 384-bit modulus
+ setup_modexpa7(q_192, 192);
+
+ // try signing 384-bit base using 192-bit exponent
+ ok = ok && test_modexpa7_crt(m_384, dq_192, mq_192, 192);
+ }
+
+ {
+ // run precomputation of modulus-dependent factor for the first 256-bit part of 512-bit modulus
+ setup_modexpa7(p_256, 256);
+
+ // try signing 512-bit base using 256-bit exponent
+ ok = ok && test_modexpa7_crt(m_512, dp_256, mp_256, 256);
+
+ // run precomputation of modulus-dependent factor for the second 256-bit part of 512-bit modulus
+ setup_modexpa7(q_256, 256);
+
+ // try signing 512-bit base using 256-bit exponent
+ ok = ok && test_modexpa7_crt(m_512, dq_256, mq_256, 256);
+ }
+
// turn on the red led to indicate something went wrong
if (!ok)
{ led_off(LED_GREEN);
@@ -241,6 +289,7 @@ int test_modexpa7( const uint32_t *m,
uint32_t reg_control, reg_status;
uint32_t m_word, d_word, s_word;
uint32_t dummy_num_cyc;
+ uint32_t mode;
// determine numbers of 32-bit words
num_words = l >> 5;
@@ -249,8 +298,12 @@ int test_modexpa7( const uint32_t *m,
num_bits = l;
fmc_write_32(CORE_ADDR_EXPONENT_BITS, &num_bits);
- // fill modulus bank (the least significant word
- // is at the lowest offset)
+ // disable CRT mode
+ mode = 0;
+ fmc_write_32(CORE_ADDR_MODE, &mode);
+
+ // fill message and exponent banks (the least significant
+ // word is at the lowest offset)
for (i=0; i<num_words; i++)
{ m_word = m[i];
d_word = d[i];
@@ -287,6 +340,73 @@ int test_modexpa7( const uint32_t *m,
}
+int test_modexpa7_crt( const uint32_t *m,
+ const uint32_t *d,
+ const uint32_t *s,
+ size_t l)
+{
+ size_t i, num_words;
+ uint32_t num_bits;
+ uint32_t reg_control, reg_status;
+ uint32_t m_word, d_word, s_word;
+ uint32_t dummy_num_cyc;
+ uint32_t mode;
+
+ // determine numbers of 32-bit words
+ num_words = l >> 5;
+
+ // set exponent width
+ num_bits = l;
+ fmc_write_32(CORE_ADDR_EXPONENT_BITS, &num_bits);
+
+ // enable CRT mode
+ mode = CORE_MODE_BIT_CRT;
+ fmc_write_32(CORE_ADDR_MODE, &mode);
+
+ // fill exponent bank (the least significant word
+ // is at the lowest offset)
+ for (i=0; i<num_words; i++)
+ { d_word = d[i];
+ fmc_write_32(CORE_ADDR_BANK_EXPONENT + ((num_words - (i + 1)) * sizeof(uint32_t)), &d_word);
+ }
+
+ // fill message bank (the least significant word
+ // is at the lowest offset, message is twice larger
+ // than the modulus in CRT mode!)
+ for (i=0; i<(2 * num_words); i++)
+ { m_word = m[i];
+ fmc_write_32(CORE_ADDR_BANK_MESSAGE + ((2 * num_words - (i + 1)) * sizeof(uint32_t)), &m_word);
+ }
+
+ // clear 'next' control bit, then set 'next' control bit again
+ // to trigger exponentiation (core is edge-triggered)
+ reg_control = 0;
+ fmc_write_32(CORE_ADDR_CONTROL, ®_control);
+ reg_control = CORE_CONTROL_BIT_NEXT;
+ fmc_write_32(CORE_ADDR_CONTROL, ®_control);
+
+ // wait for 'valid' status bit to be set
+ dummy_num_cyc = 0;
+ do
+ { dummy_num_cyc++;
+ fmc_read_32(CORE_ADDR_STATUS, ®_status);
+ }
+ while (!(reg_status & CORE_STATUS_BIT_VALID));
+
+ // read back the result word-by-word, then compare to the reference values
+ for (i=0; i<num_words; i++)
+ {
+ fmc_read_32(CORE_ADDR_BANK_RESULT + (i * sizeof(uint32_t)), &s_word);
+
+ if (s_word != s[num_words - (i + 1)])
+ return 0;
+ }
+
+ // everything went just fine
+ return 1;
+}
+
+
//
// toggle the yellow led to indicate that we're not stuck somewhere
//
diff --git a/src/stm32/test/modexp_fpga_model_vectors.h b/src/stm32/test/modexp_fpga_model_vectors.h
index 622b16c..348ff49 100644
--- a/src/stm32/test/modexp_fpga_model_vectors.h
+++ b/src/stm32/test/modexp_fpga_model_vectors.h
@@ -20,27 +20,27 @@
0xa76b945b, 0x49a3f645, 0x76801499, 0xb98e6a16, \
0xd2467b6a, 0x75b7d614, 0x0fff0fde, 0xb31d1819}
-#define P_384 \
+#define P_192 \
{0xe9ac4cf6, 0x03b2d80a, 0x7f1d091e, 0x49d5f1a0, \
0xac2ae4ff, 0xbf9bf375}
-#define Q_384 \
+#define Q_192 \
{0xc1468f3e, 0xc6909231, 0x5a4d74ba, 0x477b303f, \
0x4b2e10d1, 0x1f44e815}
-#define DP_384 \
+#define DP_192 \
{0x69b6c286, 0x95fbc613, 0x51988034, 0x8cb0d684, \
0x9aff38e4, 0x9ef9ddb5}
-#define DQ_384 \
+#define DQ_192 \
{0x1eda82b7, 0x84bf4377, 0x39712ff7, 0x24be179f, \
0xa302c190, 0x80ab6159}
-#define MP_384 \
+#define MP_192 \
{0x9e163bb5, 0x35e718cb, 0xcde52b7b, 0x5db8552b, \
0x46a300e0, 0x34f91e6b}
-#define MQ_384 \
+#define MQ_192 \
{0x7b01a724, 0x90f0d5f9, 0x9e237ce5, 0x6d31fd28, \
0x4ecb9dad, 0x58bf366a}
@@ -68,27 +68,27 @@
0xfd1e029d, 0xfe887387, 0x4312635f, 0xb2b54b8d, \
0x5d3b379e, 0x161eaa4f, 0xedfd932b, 0x780f0203}
-#define P_512 \
+#define P_256 \
{0xfedea889, 0x97cfdb79, 0xcca87074, 0xe5abcda1, \
0x3be201c4, 0xc416fd15, 0xf2130931, 0x61ff5937}
-#define Q_512 \
+#define Q_256 \
{0xf0889147, 0x5aa60f93, 0xb9927d86, 0x8f795c5c, \
0x8e98dcf2, 0xad3aad74, 0x9441583a, 0x967dce41}
-#define DP_512 \
+#define DP_256 \
{0x2504d437, 0xfffbe9e5, 0xfc0aef22, 0x9b8563bd, \
0xaa83fe3b, 0xc53b8d91, 0x15731c5f, 0xb6db2eeb}
-#define DQ_512 \
+#define DQ_256 \
{0xd3265fba, 0x2eb65638, 0x4d106ec7, 0x000dfe69, \
0x75f87505, 0x47d299d0, 0x1c115cdd, 0x599ca8c1}
-#define MP_512 \
+#define MP_256 \
{0x23359955, 0xcad299b6, 0x049bb248, 0x3828b6a5, \
0x74c85825, 0x7dd8e109, 0x07edbda9, 0x4980c2c9}
-#define MQ_512 \
+#define MQ_256 \
{0x8578120b, 0x91f4ca9e, 0x371d3e70, 0x0005bb89, \
0xd31ed864, 0x477bd9cf, 0x65a1f03b, 0x606d3bc8}
--
cgit v1.2.3