blob: ad948bcc121617b28c2faac9090d405e198ed560 [file] [log] [blame]
Jade Philipoom957be9e2022-10-21 13:25:40 +02001# Copyright lowRISC contributors.
2# Licensed under the Apache License, Version 2.0, see LICENSE for details.
3# SPDX-License-Identifier: Apache-2.0
4
Jade Philipoom6f32da62022-10-21 13:32:44 +02005load("//rules:otbn.bzl", "otbn_consttime_test", "otbn_sim_test")
Jade Philipoom957be9e2022-10-21 13:25:40 +02006
7package(default_visibility = ["//visibility:public"])
8
9otbn_sim_test(
10 name = "ed25519_ext_add_test",
11 srcs = [
12 "ed25519_ext_add_test.s",
13 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +020014 exp = "ed25519_ext_add_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +020015 deps = [
16 "//sw/otbn/crypto:ed25519",
17 "//sw/otbn/crypto:field25519",
18 ],
19)
20
21otbn_consttime_test(
22 name = "ed25519_ext_add_consttime",
23 subroutine = "ext_add",
24 deps = [
25 ":ed25519_ext_add_test",
26 ],
27)
28
29otbn_sim_test(
30 name = "ed25519_scalar_test",
31 srcs = [
32 "ed25519_scalar_test.s",
33 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +020034 exp = "ed25519_scalar_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +020035 deps = [
36 "//sw/otbn/crypto:ed25519_scalar",
37 ],
38)
39
40otbn_sim_test(
Jade Philipoom32189fc2023-02-20 16:49:16 +010041 name = "div_large_test",
42 srcs = [
43 "div_large_test.s",
44 ],
45 exp = "div_large_test.exp",
46 deps = [
47 "//sw/otbn/crypto:div",
48 ],
49)
50
51otbn_sim_test(
52 name = "div_medium_test",
53 srcs = [
54 "div_medium_test.s",
55 ],
56 exp = "div_medium_test.exp",
57 deps = [
58 "//sw/otbn/crypto:div",
59 ],
60)
61
62otbn_sim_test(
Jade Philipoom1d134c82023-02-17 17:39:02 +010063 name = "div_small_test",
64 srcs = [
65 "div_small_test.s",
66 ],
67 exp = "div_small_test.exp",
68 deps = [
69 "//sw/otbn/crypto:div",
70 ],
71)
72
73otbn_consttime_test(
74 name = "div_consttime",
75 # All secrets are stored in DMEM; timing is permitted to depend on the
76 # number of limbs.
77 secrets = ["dmem"],
78 subroutine = "div",
79 deps = [
80 ":div_small_test",
81 ],
82)
83
84otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +020085 name = "field25519_test",
86 srcs = [
87 "field25519_test.s",
88 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +020089 exp = "field25519_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +020090 deps = [
91 "//sw/otbn/crypto:field25519",
92 ],
93)
94
95otbn_consttime_test(
96 name = "field25519_fe_inv_consttime",
97 subroutine = "fe_inv",
98 deps = [
99 ":field25519_test",
100 ],
101)
102
103otbn_consttime_test(
104 name = "field25519_fe_mul_consttime",
105 subroutine = "fe_mul",
106 deps = [
107 ":field25519_test",
108 ],
109)
110
111otbn_consttime_test(
112 name = "field25519_fe_square_consttime",
113 subroutine = "fe_square",
114 deps = [
115 ":field25519_test",
116 ],
117)
118
Jade Philipoom6f32da62022-10-21 13:32:44 +0200119otbn_sim_test(
Jade Philipoom5dde5c82023-02-09 14:56:17 +0100120 name = "gcd_small_test",
121 srcs = [
122 "gcd_small_test.s",
123 ],
124 exp = "gcd_small_test.exp",
125 deps = [
126 "//sw/otbn/crypto:gcd",
127 ],
128)
129
130otbn_sim_test(
131 name = "gcd_large_test",
132 srcs = [
133 "gcd_large_test.s",
134 ],
135 exp = "gcd_large_test.exp",
136 deps = [
137 "//sw/otbn/crypto:gcd",
138 ],
139)
140
141otbn_consttime_test(
142 name = "gcd_consttime",
143 # All inputs are in DMEM; no registers are secret.
144 secrets = ["dmem"],
145 subroutine = "gcd",
146 deps = [
147 ":gcd_small_test",
148 ],
149)
150
151otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200152 name = "p256_base_mult_test",
153 srcs = [
154 "p256_base_mult_test.s",
155 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200156 exp = "p256_base_mult_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200157 deps = [
158 "//sw/otbn/crypto:p256",
159 ],
160)
161
162otbn_consttime_test(
163 name = "p256_base_mult_consttime",
164 subroutine = "p256_base_mult",
165 deps = [
166 "//sw/otbn/crypto:p256_ecdsa",
167 ],
168)
169
170otbn_consttime_test(
171 name = "p256_isoncurve_consttime",
172 subroutine = "p256_isoncurve",
173 deps = [
174 "//sw/otbn/crypto:p256_ecdsa",
175 ],
176)
177
178otbn_consttime_test(
Jade Philipoom61ce2402023-01-16 17:56:09 +0100179 name = "p256_key_from_seed_consttime",
180 subroutine = "p256_key_from_seed",
181 deps = [
182 "//sw/otbn/crypto:p256_ecdsa",
183 ],
184)
185
186otbn_sim_test(
187 name = "p256_key_from_seed_test",
188 srcs = [
189 "p256_key_from_seed_test.s",
190 ],
191 exp = "p256_key_from_seed_test.exp",
192 deps = [
193 "//sw/otbn/crypto:p256",
194 ],
195)
196
197otbn_consttime_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200198 name = "p256_proj_add_consttime",
199 subroutine = "proj_add",
200 deps = [
201 "//sw/otbn/crypto:p256_ecdsa",
202 ],
203)
204
205otbn_consttime_test(
206 name = "p256_scalar_mult_consttime",
207 subroutine = "p256_scalar_mult",
208 deps = [
209 "//sw/otbn/crypto:p256_ecdsa",
210 ],
211)
212
213# TODO: Add more fine-grained DMEM tracing to the constant-time checker. This
214# test fails because p256_sign branches based on some non-secret values from
215# DMEM. However, since there are also secret values in DMEM, it's not safe to
216# mark DMEM non-secret, and the constant-time checker doesn't currently have
217# the ability to track different DMEM regions separately.
218#
219# otbn_consttime_test(
220# name = "p256_sign_consttime",
221# deps = [
222# "//sw/otbn/crypto:p256_ecdsa"
223# ],
224# subroutine = "p256_sign",
225# )
226
Jade Philipoom6f32da62022-10-21 13:32:44 +0200227otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200228 name = "p256_ecdsa_sign_test",
229 srcs = [
230 "p256_ecdsa_sign_test.s",
231 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200232 exp = "p256_ecdsa_sign_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200233 deps = [
234 "//sw/otbn/crypto:p256",
235 ],
236)
237
Jade Philipoom6f32da62022-10-21 13:32:44 +0200238otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200239 name = "p256_ecdsa_verify_test",
240 srcs = [
241 "p256_ecdsa_verify_test.s",
242 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200243 exp = "p256_ecdsa_verify_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200244 deps = [
245 "//sw/otbn/crypto:p256",
246 ],
247)
248
Jade Philipoom6f32da62022-10-21 13:32:44 +0200249otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200250 name = "p256_isoncurve_test",
251 srcs = [
252 "p256_isoncurve_test.s",
253 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200254 exp = "p256_isoncurve_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200255 deps = [
256 "//sw/otbn/crypto:p256",
257 ],
258)
259
Jade Philipoom6f32da62022-10-21 13:32:44 +0200260otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200261 name = "p256_proj_add_test",
262 srcs = [
263 "p256_proj_add_test.s",
264 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200265 exp = "p256_proj_add_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200266 deps = [
267 "//sw/otbn/crypto:p256",
268 ],
269)
270
Jade Philipoom6f32da62022-10-21 13:32:44 +0200271otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200272 name = "p256_scalar_mult_test",
273 srcs = [
274 "p256_scalar_mult_test.s",
275 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200276 exp = "p256_scalar_mult_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200277 deps = [
278 "//sw/otbn/crypto:p256",
279 ],
280)
281
Jade Philipoom6f32da62022-10-21 13:32:44 +0200282otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200283 name = "p384_base_mult_test",
284 srcs = [
285 "p384_base_mult_test.s",
286 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200287 exp = "p384_base_mult_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200288 deps = [
289 "//sw/otbn/crypto:p384_base",
290 "//sw/otbn/crypto:p384_sign",
291 ],
292)
293
Jade Philipoom6f32da62022-10-21 13:32:44 +0200294otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200295 name = "p384_ecdsa_sign_test",
296 srcs = [
297 "p384_ecdsa_sign_test.s",
298 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200299 exp = "p384_ecdsa_sign_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200300 deps = [
301 "//sw/otbn/crypto:p384_base",
302 "//sw/otbn/crypto:p384_sign",
303 ],
304)
305
Jade Philipoom6f32da62022-10-21 13:32:44 +0200306otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200307 name = "p384_ecdsa_verify_test",
308 srcs = [
309 "p384_ecdsa_verify_test.s",
310 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200311 exp = "p384_ecdsa_verify_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200312 deps = [
313 "//sw/otbn/crypto:p384_base",
314 "//sw/otbn/crypto:p384_verify",
315 ],
316)
317
Jade Philipoom6f32da62022-10-21 13:32:44 +0200318otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200319 name = "p384_isoncurve_test",
320 srcs = [
321 "p384_isoncurve_test.s",
322 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200323 exp = "p384_isoncurve_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200324 deps = [
325 "//sw/otbn/crypto:p384_base",
326 "//sw/otbn/crypto:p384_verify",
327 ],
328)
329
Jade Philipoom6f32da62022-10-21 13:32:44 +0200330otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200331 name = "p384_proj_add_test",
332 srcs = [
333 "p384_proj_add_test.s",
334 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200335 exp = "p384_proj_add_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200336 deps = [
337 "//sw/otbn/crypto:p384_base",
338 ],
339)
340
Jade Philipoom6f32da62022-10-21 13:32:44 +0200341otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200342 name = "p384_scalar_mult_test",
343 srcs = [
344 "p384_scalar_mult_test.s",
345 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200346 exp = "p384_scalar_mult_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200347 deps = [
348 "//sw/otbn/crypto:p384_base",
349 "//sw/otbn/crypto:p384_sign",
350 ],
351)
352
353otbn_consttime_test(
354 name = "p384_base_mult_consttime",
355 subroutine = "p384_base_mult",
356 deps = [
357 ":p384_ecdsa_sign_test",
358 ],
359)
360
361otbn_consttime_test(
362 name = "p384_mulmod_p_consttime",
363 subroutine = "p384_mulmod_p",
364 deps = [
365 ":p384_ecdsa_sign_test",
366 ],
367)
368
369otbn_consttime_test(
370 name = "p384_mulmod_n_consttime",
371 subroutine = "p384_mulmod_n",
372 deps = [
373 ":p384_ecdsa_sign_test",
374 ],
375)
376
377# TODO: Add more fine-grained DMEM tracing to the constant-time checker. This
378# test fails because p384_sign branches based on some non-secret values from
379# DMEM. However, since there are also secret values in DMEM, it's not safe to
380# mark DMEM non-secret, and the constant-time checker doesn't currently have
381# the ability to track different DMEM regions separately.
382#
383# otbn_consttime_test(
384# name = "p384_sign_consttime",
385# deps = [
386# ":p384_ecdsa_sign_test"
387# ],
388# subroutine = "p384_sign",
389# )
390
391otbn_consttime_test(
392 name = "proj_add_p384_consttime",
393 initial_constants = [
394 "x22:10",
395 "x23:11",
396 "x24:16",
397 "x25:17",
398 ],
399 subroutine = "proj_add_p384",
400 deps = [
401 ":p384_ecdsa_sign_test",
402 ],
403)
404
405otbn_consttime_test(
406 name = "scalar_mult_p384_consttime",
407 subroutine = "scalar_mult_p384",
408 deps = [
409 ":p384_ecdsa_sign_test",
410 ],
411)
412
Jade Philipoom6f32da62022-10-21 13:32:44 +0200413otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200414 name = "rsa_1024_dec_test",
Jade Philipoomb2940d72023-02-26 15:18:59 +0100415 timeout = "long",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200416 srcs = [
417 "rsa_1024_dec_test.s",
418 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200419 exp = "rsa_1024_dec_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200420 deps = [
421 "//sw/otbn/crypto:modexp",
422 ],
423)
424
Jade Philipoom6f32da62022-10-21 13:32:44 +0200425otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200426 name = "rsa_1024_enc_test",
427 srcs = [
428 "rsa_1024_enc_test.s",
429 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200430 exp = "rsa_1024_enc_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200431 deps = [
432 "//sw/otbn/crypto:modexp",
433 ],
434)
435
Jade Philipoom6f32da62022-10-21 13:32:44 +0200436otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200437 name = "rsa_verify_test",
438 srcs = [
439 "rsa_verify_test.s",
440 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200441 exp = "rsa_verify_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200442 deps = [
443 "//sw/otbn/crypto:rsa_verify",
444 ],
445)
446
Jade Philipoom6f32da62022-10-21 13:32:44 +0200447otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200448 name = "rsa_verify_exp3_test",
449 srcs = [
450 "rsa_verify_exp3_test.s",
451 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200452 exp = "rsa_verify_exp3_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200453 deps = [
454 "//sw/otbn/crypto:rsa_verify",
455 ],
456)
457
Jade Philipoom6f32da62022-10-21 13:32:44 +0200458otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200459 name = "rsa_verify_3072_consts_test",
460 srcs = [
461 "rsa_verify_3072_consts_test.s",
462 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200463 exp = "rsa_verify_3072_consts_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200464 deps = [
465 "//sw/otbn/crypto:rsa_verify_3072",
466 "//sw/otbn/crypto:rsa_verify_3072_m0inv",
467 "//sw/otbn/crypto:rsa_verify_3072_rr",
468 ],
469)
470
Jade Philipoom6f32da62022-10-21 13:32:44 +0200471otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200472 name = "rsa_verify_3072_test",
473 srcs = [
474 "rsa_verify_3072_test.s",
475 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200476 exp = "rsa_verify_3072_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200477 deps = [
478 "//sw/otbn/crypto:rsa_verify_3072",
479 ],
480)
481
482otbn_sim_test(
Jade Philipoomde48cc32022-12-05 10:40:53 +0100483 name = "sha512_test",
484 srcs = [
485 "sha512_test.s",
486 ],
487 exp = "sha512_test.exp",
488 deps = [
489 "//sw/otbn/crypto:sha512",
490 ],
491)
492
493otbn_sim_test(
Jade Philipoom957be9e2022-10-21 13:25:40 +0200494 name = "x25519_test",
495 srcs = [
496 "x25519_test.s",
497 ],
Jade Philipoom6f32da62022-10-21 13:32:44 +0200498 exp = "x25519_test.exp",
Jade Philipoom957be9e2022-10-21 13:25:40 +0200499 deps = [
500 "//sw/otbn/crypto:field25519",
501 "//sw/otbn/crypto:x25519",
502 ],
503)
504
505otbn_consttime_test(
506 name = "x25519_consttime",
507 subroutine = "X25519",
508 deps = [
509 ":x25519_test",
510 ],
511)