diff --git a/sw/otbn/crypto/tests/BUILD b/sw/otbn/crypto/tests/BUILD index 8b8d4117a1eed..9cb035a83ac9c 100644 --- a/sw/otbn/crypto/tests/BUILD +++ b/sw/otbn/crypto/tests/BUILD @@ -401,7 +401,7 @@ otbn_sim_test( srcs = [ "p256_arithmetic_to_boolean_test.s", ], - exp = "p256_arithmetic_to_boolean_test.exp", + testcase = "p256_arithmetic_to_boolean_test.hjson", deps = [ "//sw/otbn/crypto:p256_base", "//sw/otbn/crypto:p256_isoncurve", @@ -415,7 +415,7 @@ otbn_sim_test( srcs = [ "p256_arithmetic_to_boolean_mod_test.s", ], - exp = "p256_arithmetic_to_boolean_mod_test.exp", + testcase = "p256_arithmetic_to_boolean_mod_test.hjson", deps = [ "//sw/otbn/crypto:p256_base", "//sw/otbn/crypto:p256_isoncurve", @@ -457,7 +457,7 @@ otbn_sim_test( srcs = [ "p384_boolean_to_arithmetic_test.s", ], - exp = "p384_boolean_to_arithmetic_test.exp", + testcase = "p384_boolean_to_arithmetic_test.hjson", deps = [ "//sw/otbn/crypto:p384_b2a", ], @@ -468,7 +468,7 @@ otbn_sim_test( srcs = [ "p384_arithmetic_to_boolean_test.s", ], - exp = "p384_arithmetic_to_boolean_test.exp", + testcase = "p384_arithmetic_to_boolean_test.hjson", deps = [ "//sw/otbn/crypto:p384_a2b", "//sw/otbn/crypto:p384_base", @@ -480,7 +480,7 @@ otbn_sim_test( srcs = [ "p384_arithmetic_to_boolean_mod_test.s", ], - exp = "p384_arithmetic_to_boolean_mod_test.exp", + testcase = "p384_arithmetic_to_boolean_mod_test.hjson", deps = [ "//sw/otbn/crypto:p384_a2b", "//sw/otbn/crypto:p384_base", @@ -593,7 +593,7 @@ otbn_sim_test( srcs = [ "p384_keygen_test.s", ], - exp = "p384_keygen_test.exp", + testcase = "p384_keygen_test.hjson", deps = [ "//sw/otbn/crypto:p384_base", "//sw/otbn/crypto:p384_keygen", @@ -606,7 +606,7 @@ otbn_sim_test( srcs = [ "p384_keygen_from_seed_test.s", ], - exp = "p384_keygen_from_seed_test.exp", + testcase = "p384_keygen_from_seed_test.hjson", deps = [ "//sw/otbn/crypto:p384_b2a", "//sw/otbn/crypto:p384_base", diff --git a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.exp b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.exp deleted file mode 100644 index 35dacd69b5f07..0000000000000 --- a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.exp +++ /dev/null @@ -1,2 +0,0 @@ -# Expected values: -w0 = 0x0000000000000000000000000000000000000000000000000000000000000000 diff --git a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.hjson b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.hjson new file mode 100644 index 0000000000000..96fb62bbc4609 --- /dev/null +++ b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.hjson @@ -0,0 +1,22 @@ +// Copyright lowRISC contributors (OpenTitan project). +// Licensed under the Apache License, Version 2.0, see LICENSE for details. +// SPDX-License-Identifier: Apache-2.0 +{ + "entrypoint": "p256_arithmetic_to_boolean_mod_test", + "input": { + "regs": { + # w31 is zero + "w31": "0x0000000000000000000000000000000000000000000000000000000000000000" + # First arithmetic share of x. + "w11": "0x2328ce20226e4542f38f1ca699ce6272592fbe18c2d1a4f0eefd3e816b35c5e6", + # Second arithmetic share of x. + "w19": "0x53038ee6d4a25811969abf6f892fa008dc0f09fc3c6c760991349036bf81b6ba" + } + } + "output": { + "regs": { + # Unmasked result x. + "w20": "0x762c5d06f7109d548a29dc1622fe027b353ec814ff3e1afa8031ceb82ab77ca0", + } + } +} diff --git a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.s b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.s index 82f37fe1afc34..514687fe0213a 100644 --- a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.s +++ b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.s @@ -12,10 +12,7 @@ .section .text.start -p256_arithmetic_to_boolean_test: - - /* init all-zero register */ - bn.xor w31, w31, w31 +p256_arithmetic_to_boolean_mod_test: /* Load domain parameter. w29 = dmem[p256_p] */ @@ -26,58 +23,18 @@ p256_arithmetic_to_boolean_test: /* Set MOD to p */ bn.wsrw MOD, w29 - /* Load values into WDRs */ - - /* w11 <= dmem[x] mod p */ - li x3, 11 - la x4, x - bn.lid x3, 0(x4) - bn.addm w11, w11, w31 - - /* w19 <= URND mod p */ - bn.wsrr w19, URND - bn.addm w19, w19, w31 - - /* Arithmetic masking */ - - /* w11 = A <= w11 - w19 = x - r */ - bn.subm w11, w11, w19 - /* Arithmetic to boolean conversion */ jal x1, arithmetic_to_boolean_mod - /* Unmask and compare values - after conversion */ + /* Unmask after conversion */ /* w20 <= w20 ^ w19 = x' ^ r = x */ bn.xor w20, w20, w19 - /* w10 <= dmem[x] mod p */ - li x3, 10 - la x4, x - bn.lid x3, 0(x4) - bn.addm w10, w10, w31 - - /* w0 <= w10 - w20 */ - bn.sub w0, w20, w10 - ecall - .data -.globl x -.balign 32 -x: - .word 0x2ab77ca0 - .word 0x8031ceb8 - .word 0xff3e1afa - .word 0x353ec814 - .word 0x22fe027b - .word 0x8a29dc16 - .word 0xf7109d54 - .word 0x762c5d06 - /* Public key z-coordinate. */ .globl z .balign 32 diff --git a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.exp b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.exp deleted file mode 100644 index 879f5d55ea82c..0000000000000 --- a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.exp +++ /dev/null @@ -1,3 +0,0 @@ -# Expected values: -w0 = 0x0000000000000000000000000000000000000000000000000000000000000000 -w1 = 0x0000000000000000000000000000000000000000000000000000000000000000 diff --git a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.hjson b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.hjson new file mode 100644 index 0000000000000..8c39545959dfd --- /dev/null +++ b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.hjson @@ -0,0 +1,25 @@ +// Copyright lowRISC contributors (OpenTitan project). +// Licensed under the Apache License, Version 2.0, see LICENSE for details. +// SPDX-License-Identifier: Apache-2.0 +{ + "entrypoint": "p256_arithmetic_to_boolean_test", + "input": { + "regs": { + # w31 is zero + "w31": "0x0000000000000000000000000000000000000000000000000000000000000000", + # First arithmetic share of x. + "w11": "0x58b8977117dfeb954edfca6e9a7a6dc50957e6bd913a34a2d986834026276da7", + "w12": "0x0000000000000000000000000000000000000000000000000000000000000000", + # Second arithmetic share of x. + "w18": "0x1d73c595df30b1bf3b4a11a7888394b62be6e1576e03e657a6ab4b7804900ef9", + "w19": "0x0000000000000000000000000000000000000000000000000000000000000001" + } + } + "output": { + "regs": { + # Unmasked result x. + "w20": "0x762c5d06f7109d548a29dc1622fe027b353ec814ff3e1afa8031ceb82ab77ca0", + "w21": "0x0000000000000000000000000000000000000000000000000000000000000001", + } + } +} diff --git a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.s b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.s index dc224f414cb7c..ba095fb07e417 100644 --- a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.s +++ b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.s @@ -14,9 +14,6 @@ p256_arithmetic_to_boolean_test: - /* init all-zero register */ - bn.xor w31, w31, w31 - /* Load domain parameter. w29 = dmem[p256_p] */ li x2, 29 @@ -26,87 +23,20 @@ p256_arithmetic_to_boolean_test: /* Set MOD to p */ bn.wsrw MOD, w29 - /* Load values into WDRs */ - - /* w11 <= dmem[x_l] */ - li x3, 11 - la x4, x_l - bn.lid x3, 0(x4) - - /* w12 <= dmem[x_u] */ - li x3, 12 - la x4, x_u - bn.lid x3, 0(x4) - - /* w18 <= URND - w19 <= URND (1 bit) */ - bn.wsrr w18, URND - bn.wsrr w19, URND - bn.rshi w19, w31, w19 >> 255 - - /* Arithmetic masking */ - - /* [w12,w11] = A <= [w12,w11] - [w19,w18] mod 2^257 = x - r mod 2^257 - This may result in bits above 2^257, but these will be stripped off. */ - bn.sub w11, w11, w18 - bn.subb w12, w12, w19 - bn.rshi w12, w12, w31 >> 1 - bn.rshi w12, w31, w12 >> 255 - /* Arithmetic to boolean conversion */ jal x1, arithmetic_to_boolean - /* Unmask and compare values - after conversion */ + /* Unmask after conversion */ /* w20 <= w20 ^ w18 = x' ^ r w21 <= w21 ^ w19 = x' ^ r */ bn.xor w20, w20, w18 bn.xor w21, w21, w19 - /* w11 <= dmem[x_l] */ - li x3, 11 - la x4, x_l - bn.lid x3, 0(x4) - - /* w12 <= dmem[x_u] */ - li x3, 12 - la x4, x_u - bn.lid x3, 0(x4) - - /* [w1,w0] <= [w12,w11] - [w21,w20] */ - bn.sub w0, w11, w20 - bn.subb w1, w12, w21 - ecall - .data -.globl x_u -.balign 32 -x_u: - .word 0x00000001 - .word 0x00000000 - .word 0x00000000 - .word 0x00000000 - .word 0x00000000 - .word 0x00000000 - .word 0x00000000 - .word 0x00000000 - -.globl x_l -.balign 32 -x_l: - .word 0x2ab77ca0 - .word 0x8031ceb8 - .word 0xff3e1afa - .word 0x353ec814 - .word 0x22fe027b - .word 0x8a29dc16 - .word 0xf7109d54 - .word 0x762c5d06 - /* Public key z-coordinate. */ .globl z .balign 32 diff --git a/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.exp b/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.exp deleted file mode 100644 index 879f5d55ea82c..0000000000000 --- a/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.exp +++ /dev/null @@ -1,3 +0,0 @@ -# Expected values: -w0 = 0x0000000000000000000000000000000000000000000000000000000000000000 -w1 = 0x0000000000000000000000000000000000000000000000000000000000000000 diff --git a/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.hjson b/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.hjson new file mode 100644 index 0000000000000..89f611048f14b --- /dev/null +++ b/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.hjson @@ -0,0 +1,25 @@ +// Copyright lowRISC contributors (OpenTitan project). +// Licensed under the Apache License, Version 2.0, see LICENSE for details. +// SPDX-License-Identifier: Apache-2.0 +{ + "entrypoint": "p384_arithmetic_to_boolean_mod_test", + "input": { + "regs": { + # w31 is zero + "w31": "0x0000000000000000000000000000000000000000000000000000000000000000" + # First arithmetic share of x. + "w11": "0x034084329b46f1f0d277b31ea21c79370defc8a41b42246d3f4aae8c76f51f07", + "w12": "0x000000000000000000000000000000007679a2adc67c5fc8dd94a7f9c7ebf0b3", + # Second arithmetic share of x. + "w18": "0xe6ed0dfd7175e4ce3b976dff369604fb339e0775ef413315f03ca38e57185a0b", + "w19": "0x00000000000000000000000000000000bec5256738c1bb31a29d26be62cb8bed" + } + } + "output": { + "regs": { + # Unmasked result x. + "w20": "0xea2d92300cbcd6bf0e0f211dd8b27e33418dd01b0a8357832f875219ce0d7913", + "w21": "0x00000000000000000000000000000000353ec814ff3e1afa8031ceb82ab77ca0" + } + } +} diff --git a/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.s b/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.s index 2c23e5cc547f2..2b3d56b67bd67 100644 --- a/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.s +++ b/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.s @@ -12,67 +12,7 @@ .section .text.start -p256_arithmetic_to_boolean_test: - - /* init all-zero register */ - bn.xor w31, w31, w31 - - /* Load domain parameter. - [w13,w12] = dmem[p384_p] */ - li x2, 12 - la x4, p384_p - bn.lid x2++, 0(x4) - bn.lid x2++, 32(x4) - - /* Load values into WDRs */ - - /* [w20,w19,w18] <= dmem[x] */ - li x3, 18 - la x4, x - bn.lid x3++, 0(x4) - bn.lid x3++, 32(x4) - bn.mov w20, w31 - - /* Reduce x mod p - [w5,w4] <= [w20,w19,w18] mod [w13,w12] = x mod p - dmem[x] <= [w31,w5,w4] = x mod p */ - jal x1, p384_reduce_p - bn.mov w4, w16 - bn.mov w5, w17 - li x3, 4 - la x4, x - bn.sid x3++, 0(x4) - bn.sid x3++, 32(x4) - li x3, 31 - bn.sid x3, 64(x4) - - /* [w20,w19,w18] <= URND = r */ - bn.wsrr w18, URND - bn.wsrr w19, URND - bn.wsrr w20, URND - - /* Reduce r mod p - [w7,w6] <= [w20,w19,w18] mod [w13,w12] = r mod p */ - jal x1, p384_reduce_p - bn.mov w6, w16 - bn.mov w7, w17 - - /* Arithmetic masking. - [w12,w11] = A <= [w5,w4] - [w7,w6] mod [w13,w12] = x - r mod p */ - - /* [w19,w18] = A1 <= [w5,w4] - [w7,w6] = x - r */ - bn.sub w18, w4, w6 - bn.subb w19, w5, w7 - - /* [w17,w16] = A2 <= [w19,w18] + [w13,w12] = A1 + p = x - r + p */ - bn.add w16, w18, w12 - bn.addc w17, w19, w13 - - /* If x >= r: [w12,w11] <= A1, else: [w12,w11] <= A2 */ - bn.sub w0, w4, w6 - bn.subb w1, w5, w7 - bn.sel w11, w16, w18, FG0.C - bn.sel w12, w17, w19, FG0.C +p384_arithmetic_to_boolean_mod_test: /* Load domain parameter. [w14,w13] = dmem[p384_p] */ @@ -81,53 +21,14 @@ p256_arithmetic_to_boolean_test: bn.lid x2++, 0(x4) bn.lid x2++, 32(x4) - /* Move mask r to input registers. - [w19,18] <= [w7,w6] = r */ - bn.mov w18, w6 - bn.mov w19, w7 - /* Arithmetic to boolean conversion */ jal x1, p384_arithmetic_to_boolean_mod - /* Unmask and compare values - after conversion */ + /* Unmask after conversion */ /* w20 <= w20 ^ w18 = x' ^ r w21 <= w21 ^ w19 = x' ^ r */ bn.xor w20, w20, w18 bn.xor w21, w21, w19 - /* [w5,w4] <= dmem[x] = x mod p */ - li x3, 4 - la x4, x - bn.lid x3++, 0(x4) - bn.lid x3++, 32(x4) - - /* [w1,w0] <= [w12,w11] - [w21,w20] */ - bn.sub w0, w4, w20 - bn.subb w1, w5, w21 - ecall - - -.data - -.globl x -.balign 32 -x: - .word 0xab0f7698 - .word 0xc85b787e - .word 0x9d9c9644 - .word 0x9f740ded - .word 0xa1b6fca8 - .word 0x8cd4a7b3 - .word 0x9f7fdc63 - .word 0x74013528 - .word 0x2ab77ca0 - .word 0x8031ceb8 - .word 0xff3e1afa - .word 0x353ec814 - .word 0x22fe027b - .word 0x8a29dc16 - .word 0xf7109d54 - .word 0x762c5d06 diff --git a/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_test.exp b/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_test.exp deleted file mode 100644 index 879f5d55ea82c..0000000000000 --- a/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_test.exp +++ /dev/null @@ -1,3 +0,0 @@ -# Expected values: -w0 = 0x0000000000000000000000000000000000000000000000000000000000000000 -w1 = 0x0000000000000000000000000000000000000000000000000000000000000000 diff --git a/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_test.hjson b/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_test.hjson new file mode 100644 index 0000000000000..26e0b2639a294 --- /dev/null +++ b/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_test.hjson @@ -0,0 +1,25 @@ +// Copyright lowRISC contributors (OpenTitan project). +// Licensed under the Apache License, Version 2.0, see LICENSE for details. +// SPDX-License-Identifier: Apache-2.0 +{ + "entrypoint": "p384_arithmetic_to_boolean_test", + "input": { + "regs": { + # w31 is zero + "w31": "0x0000000000000000000000000000000000000000000000000000000000000000" + # First arithmetic share of x. + "w11": "0xaf15e78e65701c471ba20b4549f621cd2dab040f4d410b8c5e228f47b3628833", + "w12": "0x00000000000000000000000000000001442418596da5df191fcd41d7a75c8022", + # Second arithmetic share of x. + "w18": "0xc716757891a0810d6e87d0d0d907e0ae0793c405b1fd0f6e220f3f707754f46d", + "w19": "0x000000000000000000000000000000005b4ff5942ff6b72ba88e36a703b2f675" + } + } + "output": { + "regs": { + # Unmasked result x. + "w20": "0x762c5d06f7109d548a29dc1622fe027b353ec814ff3e1afa8031ceb82ab77ca0", + "w21": "0x000000000000000000000000000000019f740ded9d9c9644c85b787eab0f7698" + } + } +} diff --git a/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_test.s b/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_test.s index 2af2cc3946a0e..643f91ea2d0f9 100644 --- a/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_test.s +++ b/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_test.s @@ -14,86 +14,14 @@ p384_arithmetic_to_boolean_test: - /* init all-zero register */ - bn.xor w31, w31, w31 - - /* Load values into WDRs */ - - /* w11 <= dmem[x_l] */ - li x3, 11 - la x4, x_l - bn.lid x3, 0(x4) - - /* w12 <= dmem[x_u] */ - li x3, 12 - la x4, x_u - bn.lid x3, 0(x4) - - /* w18 <= URND - w19 <= URND (129 bits) */ - bn.wsrr w18, URND - bn.wsrr w19, URND - bn.rshi w19, w31, w19 >> 127 - - /* Arithmetic masking */ - - /* [w12,w11] = A <= [w12,w11] - [w19,w18] mod 2^385 = x - r mod 2^385 - This may result in bits above 2^385, but these will be stripped off (-> mod 2^385). */ - bn.sub w11, w11, w18 - bn.subb w12, w12, w19 - bn.rshi w12, w12, w31 >> 129 - bn.rshi w12, w31, w12 >> 127 - /* Arithmetic to boolean conversion */ jal x1, p384_arithmetic_to_boolean - /* Unmask and compare values - after conversion */ + /* Unmask after conversion */ /* w20 <= w20 ^ w18 = x' ^ r w21 <= w21 ^ w19 = x' ^ r */ bn.xor w20, w20, w18 bn.xor w21, w21, w19 - /* w11 <= dmem[x_l] */ - li x3, 11 - la x4, x_l - bn.lid x3, 0(x4) - - /* w12 <= dmem[x_u] */ - li x3, 12 - la x4, x_u - bn.lid x3, 0(x4) - - /* [w1,w0] <= [w12,w11] - [w21,w20] */ - bn.sub w0, w11, w20 - bn.subb w1, w12, w21 - ecall - - -.data - -.globl x_u -.balign 32 -x_u: - .word 0xab0f7698 - .word 0xc85b787e - .word 0x9d9c9644 - .word 0x9f740ded - .word 0x00000001 - .word 0x00000000 - .word 0x00000000 - .word 0x00000000 - -.globl x_l -.balign 32 -x_l: - .word 0x2ab77ca0 - .word 0x8031ceb8 - .word 0xff3e1afa - .word 0x353ec814 - .word 0x22fe027b - .word 0x8a29dc16 - .word 0xf7109d54 - .word 0x762c5d06 diff --git a/sw/otbn/crypto/tests/p384_boolean_to_arithmetic_test.exp b/sw/otbn/crypto/tests/p384_boolean_to_arithmetic_test.exp deleted file mode 100644 index 879f5d55ea82c..0000000000000 --- a/sw/otbn/crypto/tests/p384_boolean_to_arithmetic_test.exp +++ /dev/null @@ -1,3 +0,0 @@ -# Expected values: -w0 = 0x0000000000000000000000000000000000000000000000000000000000000000 -w1 = 0x0000000000000000000000000000000000000000000000000000000000000000 diff --git a/sw/otbn/crypto/tests/p384_boolean_to_arithmetic_test.hjson b/sw/otbn/crypto/tests/p384_boolean_to_arithmetic_test.hjson new file mode 100644 index 0000000000000..8a1747dd47ccf --- /dev/null +++ b/sw/otbn/crypto/tests/p384_boolean_to_arithmetic_test.hjson @@ -0,0 +1,25 @@ +// Copyright lowRISC contributors (OpenTitan project). +// Licensed under the Apache License, Version 2.0, see LICENSE for details. +// SPDX-License-Identifier: Apache-2.0 +{ + "entrypoint": "p384_boolean_to_arithmetic_test", + "input": { + "regs": { + # w31 is zero + "w31": "0x0000000000000000000000000000000000000000000000000000000000000000", + # First boolean share of x. + "w10": "0xc716757891a0810d6e87d0d0d907e0ae0793c405b1fd0f6e220f3f707754f46d", + "w11": "0x000000000000000000000000000000002da7faca17fb5b95d4471b5381d97b3a", + # Second boolean share of x. + "w20": "0xb13a287e66b01c59e4ae0cc6fbf9e2d532ad0c114ec31594a23ef1c85de388cd", + "w21": "0x00000000000000000000000000000000b2d3f7278a67cdd11c1c632d2ad60da2" + } + } + "output": { + "regs": { + # Unmasked result x. + "w20": "0x762c5d06f7109d548a29dc1622fe027b353ec814ff3e1afa8031ceb82ab77ca0", + "w21": "0x000000000000000000000000000000009f740ded9d9c9644c85b787eab0f7698" + } + } +} diff --git a/sw/otbn/crypto/tests/p384_boolean_to_arithmetic_test.s b/sw/otbn/crypto/tests/p384_boolean_to_arithmetic_test.s index 6878ae8b1f23a..c13873d577ed6 100644 --- a/sw/otbn/crypto/tests/p384_boolean_to_arithmetic_test.s +++ b/sw/otbn/crypto/tests/p384_boolean_to_arithmetic_test.s @@ -14,82 +14,13 @@ p384_boolean_to_arithmetic_test: - /* init all-zero register */ - bn.xor w31, w31, w31 - - /* Load values into WDRs */ - - /* w20 <= dmem[x_l] */ - li x3, 20 - la x4, x_l - bn.lid x3, 0(x4) - - /* w21 <= dmem[x_u] */ - li x3, 21 - la x4, x_u - bn.lid x3, 0(x4) - - /* w10 <= URND - w11 <= URND (128 bits) */ - bn.wsrr w10, URND - bn.wsrr w11, URND - bn.rshi w11, w31, w11 >> 128 - - /* Boolean masking */ - - /* [w21,w20] = x' <= [w11,w10] ^ [w21,w20] = x ^ r */ - bn.xor w20, w10, w20 - bn.xor w21, w11, w21 - /* Arithmetic to boolean conversion */ jal x1, p384_boolean_to_arithmetic - /* Unmask and compare values - after conversion */ + /* Unmask after conversion */ /* [w21,w20] <= [w21,w20] + [w11,w10] = A + r */ bn.add w20, w20, w10 bn.addc w21, w21, w11 - /* w11 <= dmem[x_l] */ - li x3, 11 - la x4, x_l - bn.lid x3, 0(x4) - - /* w12 <= dmem[x_u] */ - li x3, 12 - la x4, x_u - bn.lid x3, 0(x4) - - /* [w1,w0] <= [w12,w11] - [w21,w20] */ - bn.sub w0, w11, w20 - bn.subb w1, w12, w21 - ecall - - -.data - -.globl x_u -.balign 32 -x_u: - .word 0xab0f7698 - .word 0xc85b787e - .word 0x9d9c9644 - .word 0x9f740ded - .word 0x00000000 - .word 0x00000000 - .word 0x00000000 - .word 0x00000000 - -.globl x_l -.balign 32 -x_l: - .word 0x2ab77ca0 - .word 0x8031ceb8 - .word 0xff3e1afa - .word 0x353ec814 - .word 0x22fe027b - .word 0x8a29dc16 - .word 0xf7109d54 - .word 0x762c5d06 diff --git a/sw/otbn/crypto/tests/p384_keygen_from_seed_test.exp b/sw/otbn/crypto/tests/p384_keygen_from_seed_test.exp deleted file mode 100644 index 879f5d55ea82c..0000000000000 --- a/sw/otbn/crypto/tests/p384_keygen_from_seed_test.exp +++ /dev/null @@ -1,3 +0,0 @@ -# Expected values: -w0 = 0x0000000000000000000000000000000000000000000000000000000000000000 -w1 = 0x0000000000000000000000000000000000000000000000000000000000000000 diff --git a/sw/otbn/crypto/tests/p384_keygen_from_seed_test.hjson b/sw/otbn/crypto/tests/p384_keygen_from_seed_test.hjson new file mode 100644 index 0000000000000..cba61f0b71aa3 --- /dev/null +++ b/sw/otbn/crypto/tests/p384_keygen_from_seed_test.hjson @@ -0,0 +1,29 @@ +// Copyright lowRISC contributors (OpenTitan project). +// Licensed under the Apache License, Version 2.0, see LICENSE for details. +// SPDX-License-Identifier: Apache-2.0 + +{ + "entrypoint": "p384_keygen_from_seed_test", + "input": { + "regs": { + # Lower part of seed s share 0. + "w10": "0xc716757891a0810d6e87d0d0d907e0ae0793c405b1fd0f6e220f3f707754f46d", + # Upper part of seed s share 0. + "w11": "0x00000000000000000000000000000000f8a869fba74b0714ba6aa4de328f9b8a", + # Lower part of seed s share 1. + "w20": "0x47d2bb8db0cba05e6002729b45f34e55d1833f6a080bfdc3459f8b9cc0ea5e89", + # Upper part of seed s share 1. + "w21": "0x00000000000000000000000000000000a3ca668d3ea216ce035a2dd60fe765ef", + # All zero reg w31. + "w31": "0x0000000000000000000000000000000000000000000000000000000000000000" + } + } + "output": { + "regs": { + # Key d share 0. + "w16": "0x80c4cef5216b21530e85a24b9cf4aefbd610fb6fb9f6f2ad6790b4ecb7beaae4", + # Key d share 1. + "w17": "0x000000000000000000000000000000005b620f7699e911dab93089083d68fe65", + } + } +} diff --git a/sw/otbn/crypto/tests/p384_keygen_from_seed_test.s b/sw/otbn/crypto/tests/p384_keygen_from_seed_test.s index 36ee71f8702b7..a992326f96b49 100644 --- a/sw/otbn/crypto/tests/p384_keygen_from_seed_test.s +++ b/sw/otbn/crypto/tests/p384_keygen_from_seed_test.s @@ -20,8 +20,6 @@ .section .text.start p384_keygen_from_seed_test: - /* Init all-zero register. */ - bn.xor w31, w31, w31 /* Load the curve order n. [w13,w12] <= dmem[p384_n] = n */ @@ -35,39 +33,11 @@ p384_keygen_from_seed_test: w14 <= 2^256 - n[255:0] = (2^384 - n) mod (2^256) = 2^384 - n */ bn.sub w14, w31, w12 - /* Obtain 1024 bits of randomness from URND. */ - bn.wsrr w20, URND - bn.wsrr w21, URND - bn.wsrr w10, URND - bn.wsrr w11, URND - - /* Reduce to 384 bits of randomness per share. - [w21, w20] <= s0 mod 2^384 - [w11, w10] <= s1 mod 2^384 */ - bn.rshi w21, w21, w31 >> 128 - bn.rshi w21, w31, w21 >> 128 - bn.rshi w11, w11, w31 >> 128 - bn.rshi w11, w31, w11 >> 128 - - /* Calculate seed = s0 ^ s1 - [w9,w8] <= [w21,w20] ^ [w11,w10] */ - bn.xor w8, w20, w10 - bn.xor w9, w21, w11 - /* Generate key shares dmem[d0] <= d0 dmem[di] <= d1 */ jal x1, p384_key_from_seed - /* Calculate d = seed mod n - [w1,w0] <= [w19,w18] mod [w13,w12] */ - bn.mov w18, w8 - bn.mov w19, w9 - bn.mov w20, w31 - jal x1, p384_reduce_n - bn.mov w0, w16 - bn.mov w1, w17 - /* Load secred key shares from DMEM */ /* [w5,w4] <= d0 */ la x4, d0 @@ -87,8 +57,4 @@ p384_keygen_from_seed_test: bn.mov w20, w31 jal x1, p384_reduce_n - /* Compare if d == d' */ - bn.sub w0, w0, w16 - bn.subb w1, w1, w17 - ecall diff --git a/sw/otbn/crypto/tests/p384_keygen_test.exp b/sw/otbn/crypto/tests/p384_keygen_test.exp deleted file mode 100644 index 879f5d55ea82c..0000000000000 --- a/sw/otbn/crypto/tests/p384_keygen_test.exp +++ /dev/null @@ -1,3 +0,0 @@ -# Expected values: -w0 = 0x0000000000000000000000000000000000000000000000000000000000000000 -w1 = 0x0000000000000000000000000000000000000000000000000000000000000000 diff --git a/sw/otbn/crypto/tests/p384_keygen_test.hjson b/sw/otbn/crypto/tests/p384_keygen_test.hjson new file mode 100644 index 0000000000000..7bec3293c75ac --- /dev/null +++ b/sw/otbn/crypto/tests/p384_keygen_test.hjson @@ -0,0 +1,21 @@ +// Copyright lowRISC contributors (OpenTitan project). +// Licensed under the Apache License, Version 2.0, see LICENSE for details. +// SPDX-License-Identifier: Apache-2.0 + +{ + "entrypoint": "p384_keygen_test", + "input": { + "regs": { + # All zero reg w31. + "w31": "0x0000000000000000000000000000000000000000000000000000000000000000" + } + } + "output": { + "regs": { + # Success counter w0. + "w0": "0x0000000000000000000000000000000000000000000000000000000000000002" + # Success counter w1. + "w1": "0x0000000000000000000000000000000000000000000000000000000000000006" + } + } +} diff --git a/sw/otbn/crypto/tests/p384_keygen_test.s b/sw/otbn/crypto/tests/p384_keygen_test.s index 805792b345e96..0d4fb4f339b95 100644 --- a/sw/otbn/crypto/tests/p384_keygen_test.s +++ b/sw/otbn/crypto/tests/p384_keygen_test.s @@ -21,9 +21,6 @@ p384_keygen_test: - /* Init all-zero register. */ - bn.xor w31, w31, w31 - /* generate 4 random 448-bit values and write them to d0, d1 */ jal x1, p384_generate_random_key @@ -98,9 +95,9 @@ p384_keygen_test: or x2, x2, x3 /* If x2 != 0: w0 <= w0 + 1, else: w0 <= w0 + 0 */ - beq x2, x0, keep_w0_1 + bne x2, x0, fail_w0_1 bn.addi w0, w0, 1 - keep_w0_1: + fail_w0_1: /* [w17,w16] <= k = [w9,w8] + [w11,w10] mod n = k0 + k1 mod n */ bn.add w18, w8, w10 @@ -129,9 +126,9 @@ p384_keygen_test: or x2, x2, x3 /* If x2 != 0: w0 <= w0 + 1, else: w0 <= w0 + 0 */ - beq x2, x0, keep_w0_2 + bne x2, x0, fail_w0_2 bn.addi w0, w0, 1 - keep_w0_2: + fail_w0_2: /* Compare the values and check if they are distinct to each other. If one value pair is equal, then the zero flag will be set. @@ -163,9 +160,9 @@ p384_keygen_test: and x2, x2, x3 /* If x2 != 0: w1 <= w1 + 1, else: w1 <= w1 + 0 */ - beq x2, x0, keep_w1_1 + bne x2, x0, fail_w1_1 bn.addi w1, w1, 1 - keep_w1_1: + fail_w1_1: /* [w21,w20] <= [w5,w4] - [w9,w8] = d0 - k0 if d0 - k0 == 0: w1 <= w1 + w3 = w1 + 1, else: w1 <= w1 + w31 = w1 + 0 */ @@ -193,9 +190,9 @@ p384_keygen_test: and x2, x2, x3 /* If x2 != 0: w1 <= w1 + 1, else: w1 <= w1 + 0 */ - beq x2, x0, keep_w1_2 + bne x2, x0, fail_w1_2 bn.addi w1, w1, 1 - keep_w1_2: + fail_w1_2: /* [w21,w20] <= [w5,w4] - [w11,w10] = d0 - k1 if d0 - k1 == 0: w1 <= w1 + w3 = w1 + 1, else: w1 <= w1 + w31 = w1 + 0 */ @@ -223,9 +220,9 @@ p384_keygen_test: and x2, x2, x3 /* If x2 != 0: w1 <= w1 + 1, else: w1 <= w1 + 0 */ - beq x2, x0, keep_w1_3 + bne x2, x0, fail_w1_3 bn.addi w1, w1, 1 - keep_w1_3: + fail_w1_3: /* [w21,w20] <= [w7,w6] - [w9,w8] = d1 - k0 if d1 - k0 == 0: w1 <= w1 + w3 = w1 + 1, else: w1 <= w1 + w31 = w1 + 0 */ @@ -253,9 +250,9 @@ p384_keygen_test: and x2, x2, x3 /* If x2 != 0: w1 <= w1 + 1, else: w1 <= w1 + 0 */ - beq x2, x0, keep_w1_4 + bne x2, x0, fail_w1_4 bn.addi w1, w1, 1 - keep_w1_4: + fail_w1_4: /* [w21,w20] <= [w7,w6] - [w11,w10] = d1 - k1 if d1 - k1 == 0: w1 <= w1 + w3 = w1 + 1, else: w1 <= w1 + w31 = w1 + 0 */ @@ -283,9 +280,9 @@ p384_keygen_test: and x2, x2, x3 /* If x2 != 0: w1 <= w1 + 1, else: w1 <= w1 + 0 */ - beq x2, x0, keep_w1_5 + bne x2, x0, fail_w1_5 bn.addi w1, w1, 1 - keep_w1_5: + fail_w1_5: /* [w21,w20] <= [w9,w8] - [w11,w10] = k0 - k1 if k0 - k1 == 0: w1 <= w1 + w3 = w1 + 1, else: w1 <= w1 + w31 = w1 + 0 */ @@ -313,8 +310,8 @@ p384_keygen_test: and x2, x2, x3 /* If x2 != 0: w1 <= w1 + 1, else: w1 <= w1 + 0 */ - beq x2, x0, keep_w1_6 + bne x2, x0, fail_w1_6 bn.addi w1, w1, 1 - keep_w1_6: + fail_w1_6: ecall