add a test that uses new consttime_x2 mod exp function

crypto/fipsmodule/bn/bn_test.cc

@@ -830,6 +830,41 @@ static void TestModExp(BIGNUMFileTest *t, BN_CTX *ctx) {
   }
 }
 
+static void TestModExp2(BIGNUMFileTest *t, BN_CTX *ctx) {
+  bssl::UniquePtr<BIGNUM> a1 = t->GetBIGNUM("A1");
+  bssl::UniquePtr<BIGNUM> e1 = t->GetBIGNUM("E1");
+  bssl::UniquePtr<BIGNUM> m1 = t->GetBIGNUM("M1");
+  bssl::UniquePtr<BIGNUM> mod_exp1 = t->GetBIGNUM("ModExp1");
+  ASSERT_TRUE(a1);
+  ASSERT_TRUE(e1);
+  ASSERT_TRUE(m1);
+  ASSERT_TRUE(mod_exp1);
+
+  bssl::UniquePtr<BIGNUM> a2 = t->GetBIGNUM("A2");
+  bssl::UniquePtr<BIGNUM> e2 = t->GetBIGNUM("E2");
+  bssl::UniquePtr<BIGNUM> m2 = t->GetBIGNUM("M2");
+  bssl::UniquePtr<BIGNUM> mod_exp2 = t->GetBIGNUM("ModExp2");
+  ASSERT_TRUE(a2);
+  ASSERT_TRUE(e2);
+  ASSERT_TRUE(m2);
+  ASSERT_TRUE(mod_exp2);
+
+  bssl::UniquePtr<BIGNUM> ret1(BN_new());
+  ASSERT_TRUE(ret1);
+
+  bssl::UniquePtr<BIGNUM> ret2(BN_new());
+  ASSERT_TRUE(ret2);
+
+  ASSERT_TRUE(BN_mod_exp_mont_consttime_x2(ret1.get(), a1.get(), e1.get(), m1.get(), NULL,
+                                           ret2.get(), a2.get(), e2.get(), m2.get(), NULL,
+					   ctx));
+
+  EXPECT_BIGNUMS_EQUAL("A1 ^ E1 (mod M1) (constant-time)", mod_exp1.get(),
+		       ret1.get());
+  EXPECT_BIGNUMS_EQUAL("A2 ^ E2 (mod M2) (constant-time)", mod_exp2.get(),
+		       ret2.get());
+}
+
 static void TestExp(BIGNUMFileTest *t, BN_CTX *ctx) {
   bssl::UniquePtr<BIGNUM> a = t->GetBIGNUM("A");
   bssl::UniquePtr<BIGNUM> e = t->GetBIGNUM("E");
@@ -993,6 +1028,7 @@ static void RunBNFileTest(FileTest *t, BN_CTX *ctx) {
       {"ModMul", TestModMul},
       {"ModSquare", TestModSquare},
       {"ModExp", TestModExp},
+      {"ModExp2", TestModExp2},
       {"Exp", TestExp},
       {"ModSqrt", TestModSqrt},
       {"NotModSquare", TestNotModSquare},
@@ -1044,6 +1080,11 @@ TEST_F(BNTest, ModExpTestVectors) {
                 [&](FileTest *t) { RunBNFileTest(t, ctx()); });
 }
 
+TEST_F(BNTest, ModExp2TestVectors) {
+  FileTestGTest("crypto/fipsmodule/bn/test/mod_exp_x2_tests.txt",
+                [&](FileTest *t) { RunBNFileTest(t, ctx()); });
+}
+
 TEST_F(BNTest, ModInvTestVectors) {
   FileTestGTest("crypto/fipsmodule/bn/test/mod_inv_tests.txt",
                 [&](FileTest *t) { RunBNFileTest(t, ctx()); });

crypto/fipsmodule/bn/test/mod_exp_x2_tests.txt

@@ -0,0 +1,15 @@
+# ModExp2 tests.
+
+# This blends two different scenarios drawn from the mod_exp_tests,
+# under the heading "RSAZ 512-Bit".
+
+# Control: No relationship between A and M except that A < M and they're the same number of limbs.
+ModExp2 = 7f34c1cd63377bc3abf2bb5b2d1bf5f06454e1e8040fe19a72245ce9731cbee1bf9e84532300776c8021ed4f3a8de508d85b4cf320bd82065a013754857b50c4
+A2 = 8e4e67da6ff890643d0599387955996ef6f0c2045eb9944576ddb965ca64cdb6247727ce128ef178d4a84e5a56d2e67eb0fe389ecbf691f9244ae80f4c11b364
+E2 =  be99d8f0650e540b9b191e9cf96f74881b902e32ed169ffd8a1776c3f3e80f0ac765aa14615713e1549f250a20fe4ee48c4e0c6176162fc7842a0dd64d640d1
+M2 = f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725491
+# A == M - 1 == -1 (mod M) and the exponent is odd so A ^ E (mod M) == A.
+ModExp1 = f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725490
+A1 = f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725490
+E1 =  be99d8f0650e540b9b191e9cf96f74881b902e32ed169ffd8a1776c3f3e80f0ac765aa14615713e1549f250a20fe4ee48c4e0c6176162fc7842a0dd64d640d1
+M1 = f12f2c19ee1ecf2c999b87bdafde60eace3790faad8f9adec13b14c6dfb69f8795a1d0fe65494250b59534014b918453042012952ae6f5786342999600725491

sources.cmake

@@ -60,6 +60,7 @@ set(
   crypto/fipsmodule/bn/test/gcd_tests.txt
   crypto/fipsmodule/bn/test/miller_rabin_tests.txt
   crypto/fipsmodule/bn/test/mod_exp_tests.txt
+  crypto/fipsmodule/bn/test/mod_exp_x2_tests.txt
   crypto/fipsmodule/bn/test/mod_inv_tests.txt
   crypto/fipsmodule/bn/test/mod_mul_tests.txt
   crypto/fipsmodule/bn/test/mod_sqrt_tests.txt