CR50: add tests for 1024-bit RSA.

Add tests for RSA-1024, and created partner CRBUG/53893
to track issue discovered with 1024-bit modinv.

1024-bit RSA support being added in preparation
for a forthcoming hardware based implementation.

BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524,chrome-os-partner:53893
TEST=all tests in test/tpm_test/tpmtest.py pass

Change-Id: I6b5aaeffc9df1cbbe403535fd21cdd377b42c38e
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/348490
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>

2 files changed, 96 insertions, 13 deletions

diff --git a/board/cr50/tpm2/rsa.c b/board/cr50/tpm2/rsa.c
index d4bb863319..9fe4f850d7 100644
--- a/board/cr50/tpm2/rsa.c
+++ b/board/cr50/tpm2/rsa.c
@@ -426,6 +426,78 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_768_Q = {
 	}
 };
 
+static const TPM2B_PUBLIC_KEY_RSA RSA_1024_N = {
+	.t = {128, {
+			0xdf, 0x4e, 0xaf, 0x73, 0x45, 0x94, 0x98, 0x34,
+			0x30, 0x7e, 0x26, 0xad, 0x40, 0x83, 0xf9, 0x17,
+			0x21, 0xb0, 0x4e, 0x1b, 0x0d, 0x6a, 0x44, 0xce,
+			0x4e, 0x3e, 0x2e, 0x72, 0x4c, 0x97, 0xdf, 0x89,
+			0x8a, 0x39, 0x10, 0x25, 0xae, 0x20, 0x4c, 0xf2,
+			0x3b, 0x20, 0xb2, 0xa5, 0x10, 0xdd, 0xb2, 0x6b,
+			0x62, 0x4e, 0xa6, 0x9f, 0x92, 0x4a, 0xd9, 0x86,
+			0x97, 0xcc, 0x70, 0x20, 0x3b, 0x6a, 0x32, 0x63,
+			0xca, 0x7f, 0x59, 0xfb, 0x57, 0xb6, 0xa9, 0x99,
+			0xe9, 0xd0, 0x2e, 0x0f, 0x1c, 0xd4, 0x7d, 0x8b,
+			0xa0, 0xbd, 0x0f, 0xd2, 0xd5, 0x3b, 0x1f, 0x11,
+			0xb4, 0x6a, 0x94, 0xcf, 0x4f, 0x0a, 0x2b, 0x44,
+			0xe7, 0xfa, 0x6b, 0x24, 0x91, 0xb4, 0x82, 0x1f,
+			0xf6, 0x75, 0xb6, 0x91, 0xc5, 0xa0, 0xf6, 0x2f,
+			0xd5, 0xff, 0x10, 0x73, 0x9b, 0x34, 0xf6, 0x7a,
+			0x88, 0x23, 0xa9, 0x42, 0x3c, 0xa8, 0x24, 0x91
+		}
+	}
+};
+
+static const TPM2B_PUBLIC_KEY_RSA RSA_1024_D = {
+	.t = {128, {
+			0x9a, 0x6d, 0x85, 0xf4, 0x07, 0xa8, 0x6d, 0x61,
+			0x9a, 0x2f, 0x83, 0x7b, 0xc8, 0xe3, 0xfb, 0x7c,
+			0xbd, 0xb5, 0x79, 0x2e, 0x48, 0x26, 0xb7, 0x92,
+			0x9c, 0x95, 0x6f, 0xf5, 0x67, 0x76, 0x98, 0x06,
+			0x3b, 0xea, 0x9e, 0x7a, 0x10, 0x63, 0x12, 0x13,
+			0x6a, 0x44, 0x80, 0x86, 0x9a, 0x95, 0x56, 0x6f,
+			0xe0, 0xba, 0x57, 0x8c, 0x7e, 0xd4, 0xf8, 0x7d,
+			0x95, 0xb8, 0xb1, 0xc9, 0xf8, 0x8c, 0xc6, 0x6e,
+			0xe5, 0x7b, 0xa0, 0xaf, 0xa0, 0x4e, 0x4e, 0x84,
+			0xd7, 0x97, 0xb9, 0x5a, 0xdd, 0x32, 0xe5, 0x2b,
+			0xe5, 0x80, 0xb3, 0xb2, 0xbf, 0x56, 0xff, 0x01,
+			0xdc, 0xe6, 0xa6, 0x6c, 0x4a, 0x81, 0x1d, 0x8f,
+			0xea, 0x4b, 0xed, 0x24, 0x08, 0xf4, 0x67, 0xaf,
+			0x0d, 0xf2, 0xfd, 0x37, 0x3f, 0x31, 0x25, 0xfa,
+			0xee, 0x35, 0xb0, 0xdb, 0x66, 0x11, 0xff, 0x49,
+			0xe1, 0xe5, 0xff, 0x1b, 0xcc, 0xc3, 0x0e, 0x09
+		}
+	}
+};
+
+static const TPM2B_PUBLIC_KEY_RSA RSA_1024_P = {
+	.t = {64, {
+			0xf9, 0x5e, 0x79, 0x65, 0x43, 0x70, 0x40, 0x83,
+			0x50, 0x0a, 0xbb, 0x61, 0xb3, 0x87, 0x7b, 0x24,
+			0x8f, 0x2a, 0x03, 0x5b, 0xb5, 0x4b, 0x94, 0x94,
+			0x67, 0xaa, 0x98, 0xd6, 0x14, 0x40, 0x90, 0x3c,
+			0xa4, 0x0d, 0x6d, 0x58, 0x31, 0xc5, 0x42, 0xf1,
+			0x2d, 0x15, 0x0e, 0xe7, 0xcd, 0xe6, 0x3e, 0xca,
+			0xd8, 0x94, 0x37, 0xaa, 0x4c, 0xd6, 0xf3, 0x21,
+			0x2e, 0xa4, 0xfe, 0x1d, 0x79, 0x44, 0xd7, 0xb3
+		}
+	}
+};
+
+static const TPM2B_PUBLIC_KEY_RSA RSA_1024_Q = {
+	.t = {64, {
+			0xe5, 0x3e, 0xcd, 0x4b, 0x97, 0xc5, 0x96, 0x39,
+			0x70, 0x97, 0x3a, 0x10, 0xa9, 0xc3, 0x35, 0x0a,
+			0xd6, 0x2b, 0xf5, 0x12, 0x8d, 0xb2, 0xc0, 0x0b,
+			0x1c, 0x5f, 0xa0, 0x0b, 0x86, 0x83, 0xa7, 0x90,
+			0xe9, 0xf8, 0x16, 0x92, 0x9f, 0xce, 0x13, 0x4c,
+			0x14, 0xe8, 0x9e, 0x4c, 0x24, 0xef, 0xff, 0x58,
+			0x22, 0x06, 0xf9, 0xcf, 0xfd, 0x19, 0xb7, 0x23,
+			0xf9, 0xe3, 0xb3, 0xe3, 0x7a, 0x9b, 0xb0, 0xab
+		}
+	}
+};
+
 static const TPM2B_PUBLIC_KEY_RSA RSA_2048_N = {
 	.t = {256, {
 			0x9c, 0xd7, 0x61, 0x2e, 0x43, 0x8e, 0x15, 0xbe,
@@ -547,13 +619,6 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_2048_Q = {
 };
 
 
-static const RSA_KEY RSA_768 = {
-	65537, (TPM2B *) &RSA_768_N.b, (TPM2B *) &RSA_768_D.b
-};
-static const RSA_KEY RSA_2048 = {
-	65537, (TPM2B *) &RSA_2048_N.b, (TPM2B *) &RSA_2048_D.b
-};
-
 #define MAX_MSG_BYTES RSA_MAX_BYTES
 #define MAX_LABEL_LEN 32
 
@@ -641,6 +706,14 @@ static void rsa_command_handler(void *cmd_body,
 		rsa_n.b.size = RSA_768_N.b.size;
 		rsa_d.b.size = RSA_768_D.b.size;
 		break;
+	case 1024:
+		N = RSA_1024_N;
+		d = RSA_1024_D;
+		p = RSA_1024_P;
+		q = RSA_1024_Q;
+		rsa_n.b.size = RSA_1024_N.b.size;
+		rsa_d.b.size = RSA_1024_D.b.size;
+		break;
 	case 2048:
 		N = RSA_2048_N;
 		d = RSA_2048_D;
diff --git a/test/tpm_test/rsa_test.py b/test/tpm_test/rsa_test.py
index d746fba47c..8fea03c449 100644
--- a/test/tpm_test/rsa_test.py
+++ b/test/tpm_test/rsa_test.py
@@ -563,6 +563,7 @@ def _prime_from_seed(seed):
 _ENCRYPT_INPUTS = (
   ('OAEP', 'SHA1', 768),
   ('OAEP', 'SHA256', 768),
+  ('OAEP', 'SHA256', 1024),
   ('PKCS1-ES', 'NONE', 768),
   ('PKCS1-ES', 'NONE', 2048),
   ('NULL', 'NONE', 768),
@@ -572,27 +573,36 @@ _ENCRYPT_INPUTS = (
 _SIGN_INPUTS = (
   ('PKCS1-SSA', 'SHA1', 768),
   ('PKCS1-SSA', 'SHA256', 768),
+  ('PKCS1-SSA', 'SHA256', 1024),
   ('PKCS1-PSS', 'SHA1', 768),
   ('PKCS1-PSS', 'SHA256', 768),
+  ('PKCS1-PSS', 'SHA256', 2048),
 )
 
 _KEYTEST_INPUTS = (
   (768,),
+# TODO(ngm): 1024-bit modinv is broken, see partner CRBUG/53893.
+#  (1024,),
   (2048,),
 )
 
 _KEYGEN_INPUTS = (
-  (768, 65537, "rsa_test"),
   (768, 65537, ''),
+  (1024, 65537, 'rsa_test'),
+  (2048, 65537, 'rsa_test'),
+  (2048, 65537, ''),
 )
 
-
+# 2048-bit will be done in hardware (i.e. fast), rest are in software.
+# Sizes below correspond to RSA key size.
 _PRIMEGEN_INPUTS = (
   768,
-  768,
-  768,
-  768,
-  768
+  1024,
+  2048,
+  2048,
+  2048,
+  2048,
+  2048
 )
 
 def _encrypt_tests(tpm):