[crypto] Add a small smoketest for bignum division.
Signed-off-by: Jade Philipoom <jadep@google.com>
diff --git a/sw/otbn/crypto/tests/BUILD b/sw/otbn/crypto/tests/BUILD
index ff9bbd8..7bfdbc8 100644
--- a/sw/otbn/crypto/tests/BUILD
+++ b/sw/otbn/crypto/tests/BUILD
@@ -38,6 +38,28 @@
)
otbn_sim_test(
+ name = "div_small_test",
+ srcs = [
+ "div_small_test.s",
+ ],
+ exp = "div_small_test.exp",
+ deps = [
+ "//sw/otbn/crypto:div",
+ ],
+)
+
+otbn_consttime_test(
+ name = "div_consttime",
+ # All secrets are stored in DMEM; timing is permitted to depend on the
+ # number of limbs.
+ secrets = ["dmem"],
+ subroutine = "div",
+ deps = [
+ ":div_small_test",
+ ],
+)
+
+otbn_sim_test(
name = "field25519_test",
srcs = [
"field25519_test.s",
diff --git a/sw/otbn/crypto/tests/div_small_test.exp b/sw/otbn/crypto/tests/div_small_test.exp
new file mode 100644
index 0000000..5feaba5
--- /dev/null
+++ b/sw/otbn/crypto/tests/div_small_test.exp
@@ -0,0 +1,4 @@
+# Expected quotient: 407 // 27 = 15
+w0 = 15
+# Expected remainder: 407 % 27 = 2
+w1 = 2
diff --git a/sw/otbn/crypto/tests/div_small_test.s b/sw/otbn/crypto/tests/div_small_test.s
new file mode 100644
index 0000000..ebe8436
--- /dev/null
+++ b/sw/otbn/crypto/tests/div_small_test.s
@@ -0,0 +1,67 @@
+/* Copyright lowRISC contributors. */
+/* Licensed under the Apache License, Version 2.0, see LICENSE for details. */
+/* SPDX-License-Identifier: Apache-2.0 */
+
+/**
+ * Standalone test for OTBN bignum division.
+ */
+
+.section .text.start
+
+main:
+ /* Init all-zero register. */
+ bn.xor w31, w31, w31
+
+ /* Load the number of limbs for this test. */
+ li x9, 1
+
+ /* Load DMEM pointers. */
+ la x10, numerator
+ la x11, denominator
+ la x12, quotient
+
+ /* Compute the result.
+ dmem[quotient] <= dmem[numerator] // dmem[denominator]
+ dmem[remainder] <= dmem[numerator] % dmem[denominator] */
+ jal x1, div
+
+ /* Read the quotient and remainder into registers for the test framework to
+ check.
+ w0 <= dmem[quotient] = quotient
+ w1 <= dmem[numerator] = remainder */
+ li x2, 0
+ bn.lid x2++, 0(x12)
+ bn.lid x2, 0(x10)
+
+ ecall
+
+.data
+
+/* Numerator: 407 = 0x197 */
+.balign 32
+numerator:
+.word 0x00000197
+.word 0x00000000
+.word 0x00000000
+.word 0x00000000
+.word 0x00000000
+.word 0x00000000
+.word 0x00000000
+.word 0x00000000
+
+/* Denominator: 27 = 0x1b */
+.balign 32
+denominator:
+.word 0x0000001b
+.word 0x00000000
+.word 0x00000000
+.word 0x00000000
+.word 0x00000000
+.word 0x00000000
+.word 0x00000000
+.word 0x00000000
+
+/* Buffer for quotient. */
+.balign 32
+quotient:
+.zero 32
