blob: 90e8b5d0ed924a4d219c67bd11fad4b738a85bb2 [file] [log] [blame]
// Copyright lowRISC contributors.
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
#include "sw/device/lib/testing/csrng_testutils.h"
#include "sw/device/lib/dif/dif_csrng.h"
#include "sw/device/lib/dif/dif_csrng_shared.h"
#include "sw/device/lib/testing/test_framework/check.h"
#include "csrng_regs.h" // Generated
enum {
kNumOutputWordsMax = 16,
};
void csrng_testutils_cmd_ready_wait(const dif_csrng_t *csrng) {
dif_csrng_cmd_status_t cmd_status;
do {
CHECK_DIF_OK(dif_csrng_get_cmd_interface_status(csrng, &cmd_status));
CHECK(cmd_status.kind != kDifCsrngCmdStatusError);
} while (cmd_status.kind != kDifCsrngCmdStatusReady);
}
void csrng_testutils_cmd_generate_run(const dif_csrng_t *csrng,
uint32_t *output, size_t output_len) {
csrng_testutils_cmd_ready_wait(csrng);
CHECK_DIF_OK(dif_csrng_generate_start(csrng, output_len));
dif_csrng_output_status_t output_status;
do {
CHECK_DIF_OK(dif_csrng_get_output_status(csrng, &output_status));
} while (!output_status.valid_data);
CHECK_DIF_OK(dif_csrng_generate_read(csrng, output, output_len));
}
void csrng_testutils_check_internal_state(
const dif_csrng_t *csrng, const dif_csrng_internal_state_t *expected) {
csrng_testutils_cmd_ready_wait(csrng);
dif_csrng_internal_state_t got;
CHECK_DIF_OK(
dif_csrng_get_internal_state(csrng, kCsrngInternalStateIdSw, &got));
CHECK(got.instantiated == expected->instantiated);
CHECK(got.reseed_counter == expected->reseed_counter);
CHECK(got.fips_compliance == expected->fips_compliance);
CHECK_ARRAYS_EQ(got.v, expected->v, ARRAYSIZE(expected->v),
"CSRNG internal V buffer mismatch.");
CHECK_ARRAYS_EQ(got.key, expected->key, ARRAYSIZE(expected->key),
"CSRNG internal K buffer mismatch.");
}
void csrng_testutils_kat_instantiate(
const dif_csrng_t *csrng, bool fail_expected,
const dif_csrng_seed_material_t *seed_material,
const dif_csrng_internal_state_t *expected_state) {
LOG_INFO("CSRNG KAT instantiate");
CHECK_DIF_OK(dif_csrng_uninstantiate(csrng));
// Instantiate CSRNG - use the provided seed material only.
csrng_testutils_cmd_ready_wait(csrng);
CHECK_DIF_OK(dif_csrng_instantiate(csrng, kDifCsrngEntropySrcToggleDisable,
seed_material));
// Check the internal state of created CSRNG instance.
const dif_csrng_internal_state_t kZeroState = {};
csrng_testutils_check_internal_state(
csrng, fail_expected ? &kZeroState : expected_state);
}
void csrng_testutils_kat_generate(
const dif_csrng_t *csrng, size_t num_generates, size_t output_len,
const uint32_t *expected_output,
const dif_csrng_internal_state_t *expected_state) {
LOG_INFO("CSRNG KAT generate");
// Run the generate and check the output.
uint32_t got[kNumOutputWordsMax];
for (int i = 0; i < num_generates; ++i) {
csrng_testutils_cmd_generate_run(csrng, got, output_len);
}
CHECK_ARRAYS_EQ(got, expected_output, output_len,
"Generate command KAT output mismatch");
// Check the internal state.
csrng_testutils_check_internal_state(csrng, expected_state);
}
void csrng_testutils_kat_reseed(
const dif_csrng_t *csrng, const dif_csrng_seed_material_t *seed_material,
const dif_csrng_internal_state_t *expected_state) {
LOG_INFO("CSRNG KAT reseed");
// Reseed CSRNG - use the provided seed material only.
csrng_testutils_cmd_ready_wait(csrng);
CHECK_DIF_OK(csrng_send_app_cmd(
csrng->base_addr, CSRNG_CMD_REQ_REG_OFFSET,
(csrng_app_cmd_t){
.id = kCsrngAppCmdReseed,
.entropy_src_enable = kDifCsrngEntropySrcToggleDisable,
.seed_material = seed_material,
}));
// Check the internal state.
csrng_testutils_check_internal_state(csrng, expected_state);
}
void csrng_testutils_fips_instantiate_kat(const dif_csrng_t *csrng,
bool fail_expected) {
// CTR_DRBG Known-Answer-Tests (KATs).
//
// Test vector sourced from NIST's CAVP website:
// https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/random-number-generators
//
// The number format in this docstring follows the CAVP format to simplify
// auditing of this test case.
//
// Test vector: CTR_DRBG AES-256 no DF.
//
// - EntropyInput =
// df5d73faa468649edda33b5cca79b0b05600419ccb7a879ddfec9db32ee494e5531b51de16a30f769262474c73bec010
// - Nonce = EMPTY
// - PersonalizationString = EMPTY
//
// Command: Instantiate
// - Key = 8c52f901632d522774c08fad0eb2c33b98a701a1861aecf3d8a25860941709fd
// - V = 217b52142105250243c0b2c206b8f59e
//
// Command: Generate (first call):
// - Key = 72f4af5c93258eb3eeec8c0cacea6c1d1978a4fad44312725f1ac43b167f2d52
// - V = e86f6d07dfb551cebad80e6bf6830ac4
//
// Command: Generate (second call):
// - Key = 1a1c6e5f1cccc6974436e5fd3f015bc8e9dc0f90053b73e3c19d4dfd66d1b85a
// - V = 53c78ac61a0bac9d7d2e92b1e73e3392
// - ReturnedBits =
// d1c07cd95af8a7f11012c84ce48bb8cb87189e99d40fccb1771c619bdf82ab2280b1dc2f2581f39164f7ac0c510494b3a43c41b7db17514c87b107ae793e01c5
const dif_csrng_seed_material_t kEntropyInput = {
.seed_material = {0x73bec010, 0x9262474c, 0x16a30f76, 0x531b51de,
0x2ee494e5, 0xdfec9db3, 0xcb7a879d, 0x5600419c,
0xca79b0b0, 0xdda33b5c, 0xa468649e, 0xdf5d73fa},
.seed_material_len = 12,
};
const dif_csrng_internal_state_t kExpectedState = {
.reseed_counter = 1,
.v = {0x06b8f59e, 0x43c0b2c2, 0x21052502, 0x217b5214},
.key = {0x941709fd, 0xd8a25860, 0x861aecf3, 0x98a701a1, 0x0eb2c33b,
0x74c08fad, 0x632d5227, 0x8c52f901},
.instantiated = true,
.fips_compliance = false,
};
csrng_testutils_kat_instantiate(csrng, fail_expected, &kEntropyInput,
&kExpectedState);
}
void csrng_testutils_fips_generate_kat(const dif_csrng_t *csrng) {
enum {
kExpectedOutputLen = 16,
};
// TODO(#13342): csrng does not provide a linear output order. For example,
// note the test vector output word order: 12,13,14,15 8,9,10,11 4,5,6,7
// 0,1,2,3.
const uint32_t kExpectedOutput[kExpectedOutputLen] = {
0xe48bb8cb, 0x1012c84c, 0x5af8a7f1, 0xd1c07cd9, 0xdf82ab22, 0x771c619b,
0xd40fccb1, 0x87189e99, 0x510494b3, 0x64f7ac0c, 0x2581f391, 0x80b1dc2f,
0x793e01c5, 0x87b107ae, 0xdb17514c, 0xa43c41b7,
};
const dif_csrng_internal_state_t kExpectedState = {
.reseed_counter = 3,
.v = {0xe73e3392, 0x7d2e92b1, 0x1a0bac9d, 0x53c78ac6},
.key = {0x66d1b85a, 0xc19d4dfd, 0x053b73e3, 0xe9dc0f90, 0x3f015bc8,
0x4436e5fd, 0x1cccc697, 0x1a1c6e5f},
.instantiated = true,
.fips_compliance = false,
};
csrng_testutils_kat_generate(csrng, 2, kExpectedOutputLen, kExpectedOutput,
&kExpectedState);
}
void csrng_testutils_cmd_status_check(const dif_csrng_t *csrng) {
dif_csrng_cmd_status_t status;
CHECK_DIF_OK(dif_csrng_get_cmd_interface_status(csrng, &status));
CHECK(status.errors == 0, "Unexpected CSRNG cmd interface error: 0x%x",
status.errors);
CHECK(status.unhealthy_fifos == 0, "Unexpected CSRNG FIFO error: 0x%x",
status.unhealthy_fifos);
CHECK(status.errors != kDifCsrngCmdStatusError,
"Unexpected CSRNG status error");
}
void csrng_testutils_recoverable_alerts_check(const dif_csrng_t *csrng) {
uint32_t alerts = UINT32_MAX;
CHECK_DIF_OK(dif_csrng_get_recoverable_alerts(csrng, &alerts));
CHECK(alerts == 0, "Unexpected local alerts 0x%x", alerts);
}