CR50: add tests for dcrypto bn_modinv_vartime

This change introduces a larger range of tests
for bn_modinv_vartime.  The tests are designed
to run on a host, and compare results against
openssl.

BRANCH=none
BUG=chrome-os-partner:47524
TEST=bn_test passes

Change-Id: I2d6ea4824fa82f78f8797c0cfc2cf0dce03e8923
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/365232
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>

test/tpm_test/Makefile

@@ -12,28 +12,37 @@ obj = ../../build/tpm_test
 src = .
 SWIG = /usr/bin/swig
 
+vpath %c $(src) ../../chip/g/dcrypto $(src)/testlib
+
 CFLAGS = -fPIC
 CFLAGS += -I /usr/include/python2.7
-CFLAGS +=  -DLIBFTDI1=1
-CFLAGS +=  -c
-
+CFLAGS += -I../../../../third_party/cryptoc/include
+CFLAGS += -I../../chip/g/dcrypto
+CFLAGS += -I.
+CFLAGS += -Itestlib
+CFLAGS += -DLIBFTDI1=1
+CFLAGS += -c
+CFLAGS += -DCR50_NO_BN_ASM
 TARGET = ftdi_spi_tpm
+
 .PRECIOUS: $(obj)/ftdi_spi_tpm_wrap.c
 
-$(obj)/_$(TARGET).so:
+all: $(obj)/_$(TARGET).so $(obj)/bn_test
+
+BN_OBJS = $(obj)/bn_test.o $(obj)/common.o $(obj)/bn.o
 
 OBJS = $(obj)/$(TARGET).o $(obj)/$(TARGET)_wrap.o $(obj)/mpsse.o \
 	$(obj)/support.o
 
-DEPS := $(OBJS:.o=.o.d)
+DEPS := $(OBJS:.o=.o.d) $(BN_OBJS:.o=.o.d)
 
-$(OBJS): | $(obj)
+$(OBJS) $(BN_OBJS): | $(obj)
 
 $(obj)/%.o: $(obj)/%.c
 	@echo "  CC      $(notdir $@)"
 	$(Q)gcc $(CFLAGS) -o $@ $<
 
-$(obj)/%.o: $(src)/%.c
+$(obj)/%.o: %.c
 	@echo "  CC      $(notdir $@)"
 	$(Q)gcc $(CFLAGS) -Wall -Werror -MMD -MF $@.d -o $@ $<
 
@@ -53,4 +62,8 @@ $(obj):
 	@echo "  MKDIR   $(obj)"
 	$(Q)mkdir -p $(obj)
 
+$(obj)/bn_test: $(BN_OBJS)
+	@echo "  LD      $(notdir $@)"
+	$(Q)$(CC) -o $@ $^ -lcrypto
+
 -include $(DEPS)

test/tpm_test/bn_test.c

@@ -0,0 +1,122 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+#include "dcrypto.h"
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/param.h>
+
+#include <openssl/bn.h>
+
+static int test_bn_modinv_helper(const BIGNUM *E, BN_CTX *ctx)
+{
+	int i;
+	BIGNUM *MOD = BN_CTX_get(ctx);
+
+	for (i = 0; i < 1000; i++) {
+
+		uint32_t m_buf[64];
+		uint32_t d_buf[64];
+		uint32_t e_buf[32];
+		int has_inverse;
+		int test_inverse;
+
+		struct LITE_BIGNUM m;
+		struct LITE_BIGNUM e;
+		struct LITE_BIGNUM d;
+
+		BIGNUM *r = BN_CTX_get(ctx);
+
+		memset(e_buf, 0, sizeof(e_buf));
+
+		/* Top bit set, bottom bit clear. */
+		BN_rand(MOD, 2048, 1, 0);
+
+		if (BN_mod_inverse(r, E, MOD, ctx))
+			has_inverse = 1;
+		else
+			has_inverse = 0;
+
+		DCRYPTO_bn_wrap(&m, m_buf, sizeof(m_buf));
+		memcpy(m_buf, MOD->d, sizeof(m_buf));
+		assert(BN_num_bytes(E) <= sizeof(e_buf));
+		memcpy(e_buf, E->d, BN_num_bytes(E));
+
+		DCRYPTO_bn_wrap(&e, e_buf, sizeof(e_buf));
+		bn_init(&d, d_buf, sizeof(d_buf));
+
+		test_inverse = bn_modinv_vartime(&d, &e, &m);
+
+		if (test_inverse != has_inverse) {
+			fprintf(stderr,
+				"ossl inverse: %d, dcrypto inverse: %d\n",
+				has_inverse, test_inverse);
+			fprintf(stderr, "d : ");
+			BN_print_fp(stderr, r);
+			fprintf(stderr, "\n");
+
+			fprintf(stderr, "e : ");
+			BN_print_fp(stderr, E);
+			fprintf(stderr, "\n");
+
+			fprintf(stderr, "M : ");
+			BN_print_fp(stderr, MOD);
+			fprintf(stderr, "\n");
+
+			return 1;
+		}
+
+		if (has_inverse) {
+			if (memcmp(d.d, r->d, BN_num_bytes(r)) != 0) {
+				fprintf(stderr, "memcmp fail\n");
+				return 1;
+			}
+		}
+
+		BN_free(r);
+	}
+
+	return 0;
+}
+
+static int test_bn_modinv(void)
+{
+	int result = 1;
+	BN_CTX *ctx = BN_CTX_new();
+
+	BN_CTX_start(ctx);
+
+	BIGNUM *E = BN_CTX_get(ctx);
+
+	BN_rand(E, 1024, 1, 1);
+	if (test_bn_modinv_helper(E, ctx))
+		goto fail;
+
+	BN_rand(E, 1024, 1, 0);
+	if (test_bn_modinv_helper(E, ctx))
+		goto fail;
+
+	BN_set_word(E, 3);
+	if (test_bn_modinv_helper(E, ctx))
+		goto fail;
+
+	BN_set_word(E, 65537);
+	if (test_bn_modinv_helper(E, ctx))
+		goto fail;
+
+	result = 0;
+fail:
+	BN_CTX_end(ctx);
+	BN_CTX_free(ctx);
+	return result;
+}
+
+int main(void)
+{
+	assert(test_bn_modinv() == 0);
+	fprintf(stderr, "PASS\n");
+	return 0;
+}

test/tpm_test/testlib/common.c

@@ -0,0 +1,17 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "common.h"
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/rand.h>
+
+void rand_bytes(void *buf, size_t num)
+{
+	assert(RAND_bytes(buf, num) == 1);
+}

test/tpm_test/testlib/common.h

@@ -0,0 +1,18 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#ifndef __EC_TEST_TPM_TEST_TESTLIB_COMMON_H
+#define __EC_TEST_TPM_TEST_TESTLIB_COMMON_H
+
+#include "dcrypto.h"
+
+#include <inttypes.h>
+#include <stdlib.h>
+#include <sys/param.h>
+
+void rand_bytes(void *buf, size_t num);
+
+#endif  /* ! __EC_TEST_TPM_TEST_TESTLIB_COMMON_H */
+

test/tpm_test/testlib/trng.h

@@ -0,0 +1,6 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Dummy empty file, just to make test compilation work. */

test/tpm_test/testlib/util.h

@@ -0,0 +1,6 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Dummy empty file, just to make test compilation work. */