[crypto] Check for multiples of 7, 11, and 31 in RSA keygen.

All of these small primes have the nice property that 2^32 mod p = 4.

Signed-off-by: Jade Philipoom <[email protected]>

sw/otbn/crypto/tests/BUILD

@@ -814,6 +814,40 @@ otbn_sim_test(
     ],
 )
 
+otbn_sim_test(
+    name = "relprime_small_primes_multiple_of_7_test",
+    srcs = [
+        "relprime_small_primes_multiple_of_7_test.s",
+    ],
+    exp = "relprime_small_primes_multiple_of_7_test.exp",
+    deps = [
+        "//sw/otbn/crypto:div",
+        "//sw/otbn/crypto:gcd",
+        "//sw/otbn/crypto:lcm",
+        "//sw/otbn/crypto:montmul",
+        "//sw/otbn/crypto:mul",
+        "//sw/otbn/crypto:primality",
+        "//sw/otbn/crypto:rsa_keygen",
+    ],
+)
+
+otbn_sim_test(
+    name = "relprime_small_primes_multiple_of_11_test",
+    srcs = [
+        "relprime_small_primes_multiple_of_11_test.s",
+    ],
+    exp = "relprime_small_primes_multiple_of_11_test.exp",
+    deps = [
+        "//sw/otbn/crypto:div",
+        "//sw/otbn/crypto:gcd",
+        "//sw/otbn/crypto:lcm",
+        "//sw/otbn/crypto:montmul",
+        "//sw/otbn/crypto:mul",
+        "//sw/otbn/crypto:primality",
+        "//sw/otbn/crypto:rsa_keygen",
+    ],
+)
+
 otbn_sim_test(
     name = "relprime_small_primes_multiple_of_17_test",
     srcs = [
@@ -831,6 +865,23 @@ otbn_sim_test(
     ],
 )
 
+otbn_sim_test(
+    name = "relprime_small_primes_multiple_of_31_test",
+    srcs = [
+        "relprime_small_primes_multiple_of_31_test.s",
+    ],
+    exp = "relprime_small_primes_multiple_of_31_test.exp",
+    deps = [
+        "//sw/otbn/crypto:div",
+        "//sw/otbn/crypto:gcd",
+        "//sw/otbn/crypto:lcm",
+        "//sw/otbn/crypto:montmul",
+        "//sw/otbn/crypto:mul",
+        "//sw/otbn/crypto:primality",
+        "//sw/otbn/crypto:rsa_keygen",
+    ],
+)
+
 otbn_sim_test(
     name = "relprime_small_primes_negative_test",
     srcs = [

sw/otbn/crypto/tests/relprime_small_primes_multiple_of_11_test.exp

@@ -0,0 +1,2 @@
+# Expect 0 (check failed).
+w22 = 0

sw/otbn/crypto/tests/relprime_small_primes_multiple_of_11_test.s

@@ -0,0 +1,68 @@
+/* Copyright lowRISC contributors (OpenTitan project). */
+/* Licensed under the Apache License, Version 2.0, see LICENSE for details. */
+/* SPDX-License-Identifier: Apache-2.0 */
+
+/**
+ * Standalone test to check an RSA keygen subroutine.
+ *
+ * The `relprime_small_primes` subroutine checks if a candidate prime is a
+ * multiple of a small prime. This test ensures that the check detects a
+ * multiple of 11.
+ */
+
+.section .text.start
+
+main:
+  /* Init all-zero register. */
+  bn.xor    w31, w31, w31
+
+  /* Load the number of limbs for this test. */
+  li        x30, 4
+
+  /* w22 <= 0 if dmem[simple_positive_input] is NOT relatively prime to F4 */
+  la        x16, input
+  jal       x1, relprime_small_primes
+
+  ecall
+
+.data
+
+/**
+ * A 1024-bit value that is a multiple of 11 and NOT 3, 5, 7, 17, or 31.
+ *
+ * Full value for reference =
+ */
+.balign 32
+input:
+.word 0x0a9a411f
+.word 0xca52e7f3
+.word 0x2c301918
+.word 0x948c97b0
+.word 0x171f68fc
+.word 0xe36be04a
+.word 0x0a7ffbaa
+.word 0xf9cf072d
+.word 0x51b76bd5
+.word 0x19d0fec0
+.word 0x0771be64
+.word 0x49c95131
+.word 0x1ed7cd7a
+.word 0xda4a6077
+.word 0x11fa0022
+.word 0x66e409f1
+.word 0x95548bfd
+.word 0x7938113a
+.word 0x9296d0f5
+.word 0x1352294c
+.word 0x33eaf657
+.word 0x6c47a7dc
+.word 0xf57e2b6b
+.word 0xd1194a3e
+.word 0x84402e7e
+.word 0x87641b66
+.word 0x2c3c225e
+.word 0x5e27e299
+.word 0x5ee52414
+.word 0xab6816c2
+.word 0x0ea3266c
+.word 0x5f4b97ff

sw/otbn/crypto/tests/relprime_small_primes_multiple_of_17_test.s

@@ -1,4 +1,4 @@
-/* Copyright lowRISC contributors. */
+/* Copyright lowRISC contributors (OpenTitan project). */
 /* Licensed under the Apache License, Version 2.0, see LICENSE for details. */
 /* SPDX-License-Identifier: Apache-2.0 */
 
@@ -28,42 +28,42 @@ main:
 .data
 
 /**
- * A 1024-bit value that is a multiple of 17 and NOT 3 or 5.
+ * A 1024-bit value that is a multiple of 17 and NOT 3, 5, 11, 17, or 31.
  *
  * Full value for reference =
- * 0xfbe7d1a3a6642d2eb873e0b4c23eda03f9d299d8b5cbd03e735f18989c2f3e275e1d38306b2de24f70253a17b1197785e775bfbd717249031f4258944965eb3ff3078793cbff7898739b0062121017b7a328b77eddc338ec653f324f08771703909453a99c976fdc385d405480f795117ee9807fbe51cbe4b96770fb961719ba
+ * 0x5143649b8bf054404d0ebedfa7a956dabd297218a15c6410335f8fc10f679ea7b4c0c055a34801e48f9a22cc124580ae9de9fda12300eb6cc6a5ab1e9edb8ff24329ef86ec8833131fbfcbbf8e97f9ac5475dc577367b017cb30d1df1c4baa3c63be79499d79f3e1fda86b6ad1790701b6156e77604ad67d9a8e49e8a4c2a845
  */
 .balign 32
 input:
-.word 0x961719ba
-.word 0xb96770fb
-.word 0xbe51cbe4
-.word 0x7ee9807f
-.word 0x80f79511
-.word 0x385d4054
-.word 0x9c976fdc
-.word 0x909453a9
-.word 0x08771703
-.word 0x653f324f
-.word 0xddc338ec
-.word 0xa328b77e
-.word 0x121017b7
-.word 0x739b0062
-.word 0xcbff7898
-.word 0xf3078793
-.word 0x4965eb3f
-.word 0x1f425894
-.word 0x71724903
-.word 0xe775bfbd
-.word 0xb1197785
-.word 0x70253a17
-.word 0x6b2de24f
-.word 0x5e1d3830
-.word 0x9c2f3e27
-.word 0x735f1898
-.word 0xb5cbd03e
-.word 0xf9d299d8
-.word 0xc23eda03
-.word 0xb873e0b4
-.word 0xa6642d2e
-.word 0xfbe7d1a3
+.word 0xa4c2a845
+.word 0x9a8e49e8
+.word 0x604ad67d
+.word 0xb6156e77
+.word 0xd1790701
+.word 0xfda86b6a
+.word 0x9d79f3e1
+.word 0x63be7949
+.word 0x1c4baa3c
+.word 0xcb30d1df
+.word 0x7367b017
+.word 0x5475dc57
+.word 0x8e97f9ac
+.word 0x1fbfcbbf
+.word 0xec883313
+.word 0x4329ef86
+.word 0x9edb8ff2
+.word 0xc6a5ab1e
+.word 0x2300eb6c
+.word 0x9de9fda1
+.word 0x124580ae
+.word 0x8f9a22cc
+.word 0xa34801e4
+.word 0xb4c0c055
+.word 0x0f679ea7
+.word 0x335f8fc1
+.word 0xa15c6410
+.word 0xbd297218
+.word 0xa7a956da
+.word 0x4d0ebedf
+.word 0x8bf05440
+.word 0x5143649b

sw/otbn/crypto/tests/relprime_small_primes_multiple_of_31_test.exp

@@ -0,0 +1,2 @@
+# Expect 0 (check failed).
+w22 = 0

sw/otbn/crypto/tests/relprime_small_primes_multiple_of_31_test.s

@@ -0,0 +1,69 @@
+/* Copyright lowRISC contributors (OpenTitan project). */
+/* Licensed under the Apache License, Version 2.0, see LICENSE for details. */
+/* SPDX-License-Identifier: Apache-2.0 */
+
+/**
+ * Standalone test to check an RSA keygen subroutine.
+ *
+ * The `relprime_small_primes` subroutine checks if a candidate prime is a
+ * multiple of a small prime. This test ensures that the check detects a
+ * multiple of 31.
+ */
+
+.section .text.start
+
+main:
+  /* Init all-zero register. */
+  bn.xor    w31, w31, w31
+
+  /* Load the number of limbs for this test. */
+  li        x30, 4
+
+  /* w22 <= 0 if dmem[simple_positive_input] is NOT relatively prime to F4 */
+  la        x16, input
+  jal       x1, relprime_small_primes
+
+  ecall
+
+.data
+
+/**
+ * A 1024-bit value that is a multiple of 31 and NOT 3, 5, 7, 11, or 17.
+ *
+ * Full value for reference =
+ * 0xc6b202813cf17e3c55fefc6282020980fa205b3ccfb384f597e2c0749b1d5213c2ebbf45d5f239e911062650cd43d3c008183c6c2cf217ac48af2bcfeac39a280afd60eea8508324e97f40fa78d5d70a5b5fcb80c1e260feaa1f02f54c072a915d48a0d13a162f1e22f40b26c1eb29d4e7a44c48956c2daa5edfd222e7cf7221
+ */
+.balign 32
+input:
+.word 0xe7cf7221
+.word 0x5edfd222
+.word 0x956c2daa
+.word 0xe7a44c48
+.word 0xc1eb29d4
+.word 0x22f40b26
+.word 0x3a162f1e
+.word 0x5d48a0d1
+.word 0x4c072a91
+.word 0xaa1f02f5
+.word 0xc1e260fe
+.word 0x5b5fcb80
+.word 0x78d5d70a
+.word 0xe97f40fa
+.word 0xa8508324
+.word 0x0afd60ee
+.word 0xeac39a28
+.word 0x48af2bcf
+.word 0x2cf217ac
+.word 0x08183c6c
+.word 0xcd43d3c0
+.word 0x11062650
+.word 0xd5f239e9
+.word 0xc2ebbf45
+.word 0x9b1d5213
+.word 0x97e2c074
+.word 0xcfb384f5
+.word 0xfa205b3c
+.word 0x82020980
+.word 0x55fefc62
+.word 0x3cf17e3c
+.word 0xc6b20281

sw/otbn/crypto/tests/relprime_small_primes_multiple_of_3_test.s

@@ -1,4 +1,4 @@
-/* Copyright lowRISC contributors. */
+/* Copyright lowRISC contributors (OpenTitan project). */
 /* Licensed under the Apache License, Version 2.0, see LICENSE for details. */
 /* SPDX-License-Identifier: Apache-2.0 */
 
@@ -28,42 +28,42 @@ main:
 .data
 
 /**
- * A 1024-bit value that is a multiple of 3 and NOT 5 or 17.
+ * A 1024-bit value that is a multiple of 3 and NOT 5, 7, 11, 17, or 31.
  *
  * Full value for reference =
- * 0x859619e48009dbf121db2000c823862f3ac30d8806a7babf54e784b3a8e2a63c70cca37ce01839e3c6eb780ce56eed882cb9603835f194b2f93ec68a397229d0159827ceb0881ef9c54bc11956b19b9894b2f99373d4d7996bf59a4bcb592cc0933519023a53e46b311acf7565307ad9a419d45066edbfb174bbb8169d56b246
+ * 0xaf8f432e511b6294ef296e4c0c73fdad210a09a5355a5150cc190b64f9e384fbc3bff603b12bf716d6b7493876ea0aa119eb3cca8706f1cfde452289edf554350bfec6b4812f05bcfd3d799c703a901cf7bc99536b6d1c0df187a62eed3114384bba11b8132de7aed844a98ac7597ea336a01df3664d9ebf3126dc99a5896a45
  */
 .balign 32
 input:
-.word 0x9d56b246
-.word 0x74bbb816
-.word 0x66edbfb1
-.word 0xa419d450
-.word 0x65307ad9
-.word 0x311acf75
-.word 0x3a53e46b
-.word 0x93351902
-.word 0xcb592cc0
-.word 0x6bf59a4b
-.word 0x73d4d799
-.word 0x94b2f993
-.word 0x56b19b98
-.word 0xc54bc119
-.word 0xb0881ef9
-.word 0x159827ce
-.word 0x397229d0
-.word 0xf93ec68a
-.word 0x35f194b2
-.word 0x2cb96038
-.word 0xe56eed88
-.word 0xc6eb780c
-.word 0xe01839e3
-.word 0x70cca37c
-.word 0xa8e2a63c
-.word 0x54e784b3
-.word 0x06a7babf
-.word 0x3ac30d88
-.word 0xc823862f
-.word 0x21db2000
-.word 0x8009dbf1
-.word 0x859619e4
+.word 0xa5896a45
+.word 0x3126dc99
+.word 0x664d9ebf
+.word 0x36a01df3
+.word 0xc7597ea3
+.word 0xd844a98a
+.word 0x132de7ae
+.word 0x4bba11b8
+.word 0xed311438
+.word 0xf187a62e
+.word 0x6b6d1c0d
+.word 0xf7bc9953
+.word 0x703a901c
+.word 0xfd3d799c
+.word 0x812f05bc
+.word 0x0bfec6b4
+.word 0xedf55435
+.word 0xde452289
+.word 0x8706f1cf
+.word 0x19eb3cca
+.word 0x76ea0aa1
+.word 0xd6b74938
+.word 0xb12bf716
+.word 0xc3bff603
+.word 0xf9e384fb
+.word 0xcc190b64
+.word 0x355a5150
+.word 0x210a09a5
+.word 0x0c73fdad
+.word 0xef296e4c
+.word 0x511b6294
+.word 0xaf8f432e