# Copyright lowRISC contributors.
# Licensed under the Apache License, Version 2.0, see LICENSE for details.
# SPDX-License-Identifier: Apache-2.0

load("//rules:otbn.bzl", "otbn_consttime_test", "otbn_sim_test")

package(default_visibility = ["//visibility:public"])

otbn_sim_test(
    name = "ed25519_ext_add_test",
    srcs = [
        "ed25519_ext_add_test.s",
    ],
    exp = "ed25519_ext_add_test.exp",
    deps = [
        "//sw/otbn/crypto:ed25519",
        "//sw/otbn/crypto:field25519",
    ],
)

otbn_consttime_test(
    name = "ed25519_ext_add_consttime",
    subroutine = "ext_add",
    deps = [
        ":ed25519_ext_add_test",
    ],
)

otbn_sim_test(
    name = "ed25519_scalar_test",
    srcs = [
        "ed25519_scalar_test.s",
    ],
    exp = "ed25519_scalar_test.exp",
    deps = [
        "//sw/otbn/crypto:ed25519_scalar",
    ],
)

otbn_sim_test(
    name = "div_large_test",
    srcs = [
        "div_large_test.s",
    ],
    exp = "div_large_test.exp",
    deps = [
        "//sw/otbn/crypto:div",
    ],
)

otbn_sim_test(
    name = "div_medium_test",
    srcs = [
        "div_medium_test.s",
    ],
    exp = "div_medium_test.exp",
    deps = [
        "//sw/otbn/crypto:div",
    ],
)

otbn_sim_test(
    name = "div_small_test",
    srcs = [
        "div_small_test.s",
    ],
    exp = "div_small_test.exp",
    deps = [
        "//sw/otbn/crypto:div",
    ],
)

otbn_consttime_test(
    name = "div_consttime",
    # All secrets are stored in DMEM; timing is permitted to depend on the
    # number of limbs.
    secrets = ["dmem"],
    subroutine = "div",
    deps = [
        ":div_small_test",
    ],
)

otbn_sim_test(
    name = "field25519_test",
    srcs = [
        "field25519_test.s",
    ],
    exp = "field25519_test.exp",
    deps = [
        "//sw/otbn/crypto:field25519",
    ],
)

otbn_consttime_test(
    name = "field25519_fe_inv_consttime",
    subroutine = "fe_inv",
    deps = [
        ":field25519_test",
    ],
)

otbn_consttime_test(
    name = "field25519_fe_mul_consttime",
    subroutine = "fe_mul",
    deps = [
        ":field25519_test",
    ],
)

otbn_consttime_test(
    name = "field25519_fe_square_consttime",
    subroutine = "fe_square",
    deps = [
        ":field25519_test",
    ],
)

otbn_sim_test(
    name = "gcd_small_test",
    srcs = [
        "gcd_small_test.s",
    ],
    exp = "gcd_small_test.exp",
    deps = [
        "//sw/otbn/crypto:gcd",
    ],
)

otbn_sim_test(
    name = "gcd_large_test",
    srcs = [
        "gcd_large_test.s",
    ],
    exp = "gcd_large_test.exp",
    deps = [
        "//sw/otbn/crypto:gcd",
    ],
)

otbn_consttime_test(
    name = "gcd_consttime",
    # All inputs are in DMEM; no registers are secret.
    secrets = ["dmem"],
    subroutine = "gcd",
    deps = [
        ":gcd_small_test",
    ],
)

otbn_sim_test(
    name = "p256_base_mult_test",
    srcs = [
        "p256_base_mult_test.s",
    ],
    exp = "p256_base_mult_test.exp",
    deps = [
        "//sw/otbn/crypto:p256",
    ],
)

otbn_consttime_test(
    name = "p256_base_mult_consttime",
    subroutine = "p256_base_mult",
    deps = [
        "//sw/otbn/crypto:p256_ecdsa",
    ],
)

otbn_consttime_test(
    name = "p256_isoncurve_consttime",
    subroutine = "p256_isoncurve",
    deps = [
        "//sw/otbn/crypto:p256_ecdsa",
    ],
)

otbn_consttime_test(
    name = "p256_key_from_seed_consttime",
    subroutine = "p256_key_from_seed",
    deps = [
        "//sw/otbn/crypto:p256_ecdsa",
    ],
)

otbn_sim_test(
    name = "p256_key_from_seed_test",
    srcs = [
        "p256_key_from_seed_test.s",
    ],
    exp = "p256_key_from_seed_test.exp",
    deps = [
        "//sw/otbn/crypto:p256",
    ],
)

otbn_consttime_test(
    name = "p256_proj_add_consttime",
    subroutine = "proj_add",
    deps = [
        "//sw/otbn/crypto:p256_ecdsa",
    ],
)

otbn_consttime_test(
    name = "p256_scalar_mult_consttime",
    subroutine = "p256_scalar_mult",
    deps = [
        "//sw/otbn/crypto:p256_ecdsa",
    ],
)

# TODO: Add more fine-grained DMEM tracing to the constant-time checker. This
# test fails because p256_sign branches based on some non-secret values from
# DMEM. However, since there are also secret values in DMEM, it's not safe to
# mark DMEM non-secret, and the constant-time checker doesn't currently have
# the ability to track different DMEM regions separately.
#
# otbn_consttime_test(
#   name = "p256_sign_consttime",
#   deps = [
#       "//sw/otbn/crypto:p256_ecdsa"
#   ],
#   subroutine = "p256_sign",
# )

otbn_sim_test(
    name = "p256_ecdsa_sign_test",
    srcs = [
        "p256_ecdsa_sign_test.s",
    ],
    exp = "p256_ecdsa_sign_test.exp",
    deps = [
        "//sw/otbn/crypto:p256",
    ],
)

otbn_sim_test(
    name = "p256_ecdsa_verify_test",
    srcs = [
        "p256_ecdsa_verify_test.s",
    ],
    exp = "p256_ecdsa_verify_test.exp",
    deps = [
        "//sw/otbn/crypto:p256",
    ],
)

otbn_sim_test(
    name = "p256_isoncurve_test",
    srcs = [
        "p256_isoncurve_test.s",
    ],
    exp = "p256_isoncurve_test.exp",
    deps = [
        "//sw/otbn/crypto:p256",
    ],
)

otbn_sim_test(
    name = "p256_proj_add_test",
    srcs = [
        "p256_proj_add_test.s",
    ],
    exp = "p256_proj_add_test.exp",
    deps = [
        "//sw/otbn/crypto:p256",
    ],
)

otbn_sim_test(
    name = "p256_scalar_mult_test",
    srcs = [
        "p256_scalar_mult_test.s",
    ],
    exp = "p256_scalar_mult_test.exp",
    deps = [
        "//sw/otbn/crypto:p256",
    ],
)

otbn_sim_test(
    name = "p384_base_mult_test",
    srcs = [
        "p384_base_mult_test.s",
    ],
    exp = "p384_base_mult_test.exp",
    deps = [
        "//sw/otbn/crypto:p384_base",
        "//sw/otbn/crypto:p384_sign",
    ],
)

otbn_sim_test(
    name = "p384_ecdsa_sign_test",
    srcs = [
        "p384_ecdsa_sign_test.s",
    ],
    exp = "p384_ecdsa_sign_test.exp",
    deps = [
        "//sw/otbn/crypto:p384_base",
        "//sw/otbn/crypto:p384_sign",
    ],
)

otbn_sim_test(
    name = "p384_ecdsa_verify_test",
    srcs = [
        "p384_ecdsa_verify_test.s",
    ],
    exp = "p384_ecdsa_verify_test.exp",
    deps = [
        "//sw/otbn/crypto:p384_base",
        "//sw/otbn/crypto:p384_verify",
    ],
)

otbn_sim_test(
    name = "p384_isoncurve_test",
    srcs = [
        "p384_isoncurve_test.s",
    ],
    exp = "p384_isoncurve_test.exp",
    deps = [
        "//sw/otbn/crypto:p384_base",
        "//sw/otbn/crypto:p384_verify",
    ],
)

otbn_sim_test(
    name = "p384_proj_add_test",
    srcs = [
        "p384_proj_add_test.s",
    ],
    exp = "p384_proj_add_test.exp",
    deps = [
        "//sw/otbn/crypto:p384_base",
    ],
)

otbn_sim_test(
    name = "p384_scalar_mult_test",
    srcs = [
        "p384_scalar_mult_test.s",
    ],
    exp = "p384_scalar_mult_test.exp",
    deps = [
        "//sw/otbn/crypto:p384_base",
        "//sw/otbn/crypto:p384_sign",
    ],
)

otbn_consttime_test(
    name = "p384_base_mult_consttime",
    subroutine = "p384_base_mult",
    deps = [
        ":p384_ecdsa_sign_test",
    ],
)

otbn_consttime_test(
    name = "p384_mulmod_p_consttime",
    subroutine = "p384_mulmod_p",
    deps = [
        ":p384_ecdsa_sign_test",
    ],
)

otbn_consttime_test(
    name = "p384_mulmod_n_consttime",
    subroutine = "p384_mulmod_n",
    deps = [
        ":p384_ecdsa_sign_test",
    ],
)

# TODO: Add more fine-grained DMEM tracing to the constant-time checker. This
# test fails because p384_sign branches based on some non-secret values from
# DMEM. However, since there are also secret values in DMEM, it's not safe to
# mark DMEM non-secret, and the constant-time checker doesn't currently have
# the ability to track different DMEM regions separately.
#
# otbn_consttime_test(
#   name = "p384_sign_consttime",
#   deps = [
#       ":p384_ecdsa_sign_test"
#   ],
#   subroutine = "p384_sign",
# )

otbn_consttime_test(
    name = "proj_add_p384_consttime",
    initial_constants = [
        "x22:10",
        "x23:11",
        "x24:16",
        "x25:17",
    ],
    subroutine = "proj_add_p384",
    deps = [
        ":p384_ecdsa_sign_test",
    ],
)

otbn_consttime_test(
    name = "scalar_mult_p384_consttime",
    subroutine = "scalar_mult_p384",
    deps = [
        ":p384_ecdsa_sign_test",
    ],
)

otbn_sim_test(
    name = "rsa_1024_dec_test",
    srcs = [
        "rsa_1024_dec_test.s",
    ],
    exp = "rsa_1024_dec_test.exp",
    deps = [
        "//sw/otbn/crypto:modexp",
    ],
)

otbn_sim_test(
    name = "rsa_1024_enc_test",
    srcs = [
        "rsa_1024_enc_test.s",
    ],
    exp = "rsa_1024_enc_test.exp",
    deps = [
        "//sw/otbn/crypto:modexp",
    ],
)

otbn_sim_test(
    name = "rsa_verify_test",
    srcs = [
        "rsa_verify_test.s",
    ],
    exp = "rsa_verify_test.exp",
    deps = [
        "//sw/otbn/crypto:rsa_verify",
    ],
)

otbn_sim_test(
    name = "rsa_verify_exp3_test",
    srcs = [
        "rsa_verify_exp3_test.s",
    ],
    exp = "rsa_verify_exp3_test.exp",
    deps = [
        "//sw/otbn/crypto:rsa_verify",
    ],
)

otbn_sim_test(
    name = "rsa_verify_3072_consts_test",
    srcs = [
        "rsa_verify_3072_consts_test.s",
    ],
    exp = "rsa_verify_3072_consts_test.exp",
    deps = [
        "//sw/otbn/crypto:rsa_verify_3072",
        "//sw/otbn/crypto:rsa_verify_3072_m0inv",
        "//sw/otbn/crypto:rsa_verify_3072_rr",
    ],
)

otbn_sim_test(
    name = "rsa_verify_3072_test",
    srcs = [
        "rsa_verify_3072_test.s",
    ],
    exp = "rsa_verify_3072_test.exp",
    deps = [
        "//sw/otbn/crypto:rsa_verify_3072",
    ],
)

otbn_sim_test(
    name = "sha512_test",
    srcs = [
        "sha512_test.s",
    ],
    exp = "sha512_test.exp",
    deps = [
        "//sw/otbn/crypto:sha512",
    ],
)

otbn_sim_test(
    name = "x25519_test",
    srcs = [
        "x25519_test.s",
    ],
    exp = "x25519_test.exp",
    deps = [
        "//sw/otbn/crypto:field25519",
        "//sw/otbn/crypto:x25519",
    ],
)

otbn_consttime_test(
    name = "x25519_consttime",
    subroutine = "X25519",
    deps = [
        ":x25519_test",
    ],
)