lowRISC · nasahlpa · Nov 3, 2025 · Nov 3, 2025 · AlexJones0 · Nov 5, 2025
diff --git a/sw/device/lib/crypto/data/crypto_testplan.hjson b/sw/device/lib/crypto/data/crypto_testplan.hjson
@@ -5,22 +5,25 @@
   name: "crypto"
   testpoints: [
     {
-      name: crypto_lib_hash_stress
-      desc: '''Check that the hash algorithms are correct.
+      name: crypto_lib_aes_stress
+      desc: '''Check that the aes implementation is correct.
 
-            Run the hash algorithms Sha256, Sha384 and Sha512 and compare the digist against
-            the NIST test vector.
+            Run the following operations and compare the result against the NIST test vector:
+             - AES-CBC/CFB/ECB/OFB encryption.
+             - AES-CBC/CFB/ECB/OFB decryption.
+             - AES-GCM encryption.
+             - AES-GCM decryption.
       '''
       stage: N.A.
       si_stage: SV3
       tests: []
       bazel: [
-        "//sw/device/tests/crypto:sha256_functest",
-        "//sw/device/tests/crypto:sha384_functest",
-        "//sw/device/tests/crypto:sha512_functest",
-        "//sw/device/tests/crypto:hkdf_functest",
-        "//sw/device/tests/crypto:otcrypto_hash_test",
-        "//sw/device/tests/crypto:otcrypto_export_test"
+        "//sw/device/tests/crypto:aes_functest",
+        "//sw/device/tests/crypto:aes_kwp_kat_functest",
+        "//sw/device/tests/crypto:aes_kwp_functest",
+        "//sw/device/tests/crypto:aes_gcm_functest",
+        "//sw/device/tests/crypto/cryptotest:aes_kat"
+        "//sw/device/tests/crypto/cryptotest:aes_gcm_kat"
       ]
       lc_states: ["PROD"]
     }
@@ -45,23 +48,69 @@
       ]
     }
     {
-      name: crypto_lib_rsa_key_gen_stress
-      desc: '''Check that the implementation of RSA key generation is correct.
+      name: crypto_lib_hash_stress
+      desc: '''Check that the hash algorithms are correct.
 
-            Generate RSA key pairs with sizes 2048, 3072 and 4096 bits.
-            The key generation should take an appropriate time based on the key size and the
-            platform (FPGA or Silicon).
-            For each key pair:
-             - Sign a message with the private key.
-             - Verify the signature with the public key.
+            Run the hash algorithms Sha256, Sha384, Sha512, SHA3-224, SHA3-256,
+            SHA3-384 and SHA3-512 and compare the digest against the NIST test
+            vector.
       '''
       stage: N.A.
       si_stage: SV3
       tests: []
       bazel: [
-        "//sw/device/tests/crypto:rsa_2048_keygen_functest",
-        "//sw/device/tests/crypto:rsa_3072_keygen_functest",
-        "//sw/device/tests/crypto:rsa_4096_keygen_functest",
+        "//sw/device/tests/crypto:sha256_functest",
+        "//sw/device/tests/crypto:sha384_functest",
+        "//sw/device/tests/crypto:sha512_functest",
+        "//sw/device/tests/crypto:hkdf_functest",
+        "//sw/device/tests/crypto:otcrypto_hash_test",
+        "//sw/device/tests/crypto:otcrypto_export_test"
+        "//sw/device/tests/crypto/cryptotest:sha256_kat",
+        "//sw/device/tests/crypto/cryptotest:sha384_kat",
+        "//sw/device/tests/crypto/cryptotest:sha3_224_kat",
+        "//sw/device/tests/crypto/cryptotest:sha3_256_kat",
+        "//sw/device/tests/crypto/cryptotest:sha3_384_kat",
+        "//sw/device/tests/crypto/cryptotest:sha3_512_kat",
+        "//sw/device/tests/crypto/cryptotest:sha512_kat",
+      ]
+      lc_states: ["PROD"]
+    }
+    {
+      name: crypto_lib_hmac_stress
+      desc: '''Check that HMAC works correctly.
+
+            Run HMAC Sha256, Sha384 and Sha512 and compare the output against
+            the NIST test vector.
+      '''
+      stage: N.A.
+      si_stage: SV3
+      tests: []
+      bazel: [
+        "//sw/device/tests/crypto:hmac_sha256_functest",
+        "//sw/device/tests/crypto:hmac_sha384_functest",
+        "//sw/device/tests/crypto:hmac_sha512_functest",
+        "//sw/device/tests/crypto:hmac_functest",
+        "//sw/device/tests/crypto:hmac_multistream_functest",
+        "//sw/device/tests/crypto/cryptotest:acvp_hmac_sha256",
+        "//sw/device/tests/crypto/cryptotest:hmac_sha256_kat",
+        "//sw/device/tests/crypto/cryptotest:hmac_sha384_kat",
+        "//sw/device/tests/crypto/cryptotest:hmac_sha512_kat",
+      ]
+      lc_states: ["PROD"]
+    }
+    {
+      name: crypto_lib_kmac_stress
+      desc: '''Check that KMAC works correctly.
+
+            Run KMAC and compare the output against
+            the wycheproof test vector.
+      '''
+      stage: N.A.
+      si_stage: SV3
+      tests: []
+      bazel: [
+        "//sw/device/tests/crypto:kmac_functest_hardcoded",
+        "//sw/device/tests/crypto/cryptotest:kmac_kat",
       ]
       lc_states: ["PROD"]
     }
@@ -72,6 +121,7 @@
             Run the follow operations and compare the result against the NIST test vector:
              - RSA signature.
              - RSA signature verification.
+             - RSA encryption and decryption.
             With the keys sizes 2048, 3072 and 4096 bits.
       '''
       stage: N.A.
@@ -85,27 +135,59 @@
         "//sw/device/tests/crypto:rsa_3072_signature_functest",
         "//sw/device/tests/crypto:rsa_4096_encryption_functest",
         "//sw/device/tests/crypto:rsa_4096_signature_functest",
+        "//sw/device/tests/crypto/cryptotest:rsa_kat",
       ]
       lc_states: ["PROD"]
     }
     {
-      name: crypto_lib_aes_stress
-      desc: '''Check that the aes implementation is correct.
+      name: crypto_lib_rsa_key_gen_stress
+      desc: '''Check that the implementation of RSA key generation is correct.
 
-            Run the following operations and compare the result against the NIST test vector:
-             - AES-CBC encryption.
-             - AES-CBC decryption.
-             - AES-GCM encryption.
-             - AES-GCM decryption.
+            Generate RSA key pairs with sizes 2048, 3072 and 4096 bits.
+            The key generation should take an appropriate time based on the key size and the
+            platform (FPGA or Silicon).
+            For each key pair:
+             - Sign a message with the private key.
+             - Verify the signature with the public key.
       '''
       stage: N.A.
       si_stage: SV3
       tests: []
       bazel: [
-        "//sw/device/tests/crypto:aes_kwp_kat_functest",
-        "//sw/device/tests/crypto:aes_kwp_functest",
-        "//sw/device/tests/crypto:aes_gcm_functest",
-        "//sw/device/tests/crypto/cryptotest:aes_kat"
+        "//sw/device/tests/crypto:rsa_2048_keygen_functest",
+        "//sw/device/tests/crypto:rsa_3072_keygen_functest",
+        "//sw/device/tests/crypto:rsa_4096_keygen_functest",
+      ]
+      lc_states: ["PROD"]
+    }
+    {
+      name: crypto_lib_shake_stress
+      desc: '''Check that the implementation of SHAKE is correct.
+
+            Run CShake128 and CShake256 and compare the output against
+            the NIST test vector.
+      '''
+      stage: N.A.
+      si_stage: SV3
+      tests: []
+      bazel: [
+        "//sw/device/tests/crypto:cshake_kat",
+        "//sw/device/tests/crypto:shake128_kat",
+        "//sw/device/tests/crypto:shake256_kat",
+      ]
+      lc_states: ["PROD"]
+    }
+    {
+      name: crypto_lib_sphincsplus_stress
+      desc: '''Check that the implementation of SPHINCS+ is correct.
+
+            Run SPHINCS+ and compare the output against the test vector.
+      '''
+      stage: N.A.
+      si_stage: SV3
+      tests: []
+      bazel: [
+        "//sw/device/tests/crypto:sphincsplus_kat",
       ]
       lc_states: ["PROD"]
     }

diff --git a/sw/device/tests/crypto/cryptotest/BUILD b/sw/device/tests/crypto/cryptotest/BUILD
@@ -590,6 +590,8 @@ cryptotest(
 test_suite(
     name = "crypto_kat_test_suite",
     tests = [
+        ":acvp_hmac_sha256",
+        ":aes_gcm_kat",
         ":aes_kat",
         ":cshake_kat",
         ":drbg_kat",
@@ -599,6 +601,7 @@ test_suite(
         ":hmac_sha384_kat",
         ":hmac_sha512_kat",
         ":kmac_kat",
+        ":rsa_kat",
         ":sha256_kat",
         ":sha384_kat",
         ":sha3_224_kat",