From fa94210f3bd89828e5864a6799652ff895bdd71b Mon Sep 17 00:00:00 2001 From: Kiran Upadhyayula Date: Mon, 16 Dec 2024 16:13:24 -0800 Subject: [PATCH 1/5] MLDSA sva, keygen randomization in tb, abr submod update --- src/integration/asserts/caliptra_top_sva.sv | 63 ++++- .../tb/caliptra_top_tb_services.sv | 234 ++++++++++++------ .../smoke_test_mldsa_rand.c | 10 +- submodules/adams-bridge | 2 +- 4 files changed, 220 insertions(+), 89 deletions(-) diff --git a/src/integration/asserts/caliptra_top_sva.sv b/src/integration/asserts/caliptra_top_sva.sv index 8a42ae983..bd51e2179 100644 --- a/src/integration/asserts/caliptra_top_sva.sv +++ b/src/integration/asserts/caliptra_top_sva.sv @@ -274,6 +274,61 @@ module caliptra_top_sva endgenerate `endif + //MLDSA data checks + generate + begin: MLDSA_keygen_data_check + for (genvar dword = 0; dword < 32; dword++) begin + MLDSA_privkey_0_31_data_check: assert property ( + @(posedge `SVA_RDC_CLK) + disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) + ((`SERVICES_PATH.mldsa_keygen && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.privatekey_reg.raw[dword] == {`SERVICES_PATH.mldsa_test_vector.privkey[dword][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[dword][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[dword][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[dword][31:24]})) + ) + else $display("SVA ERROR: [MLDSA keygen] SK output %h does not match expected SK %h at index %h",`MLDSA_PATH.privatekey_reg.raw[dword], {`SERVICES_PATH.mldsa_test_vector.privkey[dword][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[dword][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[dword][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[dword][31:24]}, dword); + end + + for (genvar dword = 0; dword < 596; dword++) begin + MLDSA_privkey_even_data_check: assert property ( + @(posedge `SVA_RDC_CLK) + disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) + ((`SERVICES_PATH.mldsa_keygen && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_sk_ram_bank0.ram[dword] == {`SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][31:24]})) + ) + else $display("SVA ERROR: [MLDSA keygen] SK output %h does not match expected SK %h at index %h",`MLDSA_PATH.mldsa_sk_ram_bank0.ram[dword], {`SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][31:24]}, 32+(2*dword)); + end + + for (genvar dword = 0; dword < 596; dword++) begin + MLDSA_privkey_odd_data_check: assert property ( + @(posedge `SVA_RDC_CLK) + disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) + ((`SERVICES_PATH.mldsa_keygen && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_sk_ram_bank1.ram[dword] == {`SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][31:24]})) + ) + else $display("SVA ERROR: [MLDSA keygen] SK output %h does not match expected SK %h at index %h",`MLDSA_PATH.mldsa_sk_ram_bank0.ram[dword], {`SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][31:24]}, 33+(2*dword)); + end + + for (genvar dword = 0; dword < 8; dword++) begin + MLDSA_pubkey_0_7_data_check: assert property ( + @(posedge `SVA_RDC_CLK) + disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) + ((`SERVICES_PATH.mldsa_keygen && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.publickey_reg.raw[dword] == {`SERVICES_PATH.mldsa_test_vector.pubkey[dword][7:0], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][15:8], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][23:16], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][31:24]})) + ) + else $display("SVA ERROR: [MLDSA keygen] PK output %h does not match expected PK %h at index %h", `MLDSA_PATH.publickey_reg.raw[dword], {`SERVICES_PATH.mldsa_test_vector.pubkey[dword][7:0], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][15:8], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][23:16], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][31:24]}, dword); + end + end + endgenerate + generate + begin: MLDSA_pubkey_data_check + for (genvar i = 0; i < 64; i++) begin + for (genvar j = 0; j < 10; j++) begin + MLDSA_pubkey_8_647_data_check: assert property ( + @(posedge `SVA_RDC_CLK) + disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) + ((`SERVICES_PATH.mldsa_keygen && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_pubkey_ram.ram[i][j*4+3:j*4] == {`SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][7:0], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][15:8], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][23:16], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][31:24]})) + ) + else $display("SVA ERROR: [MLDSA keygen] PK output %h does not match expected PK %h at index %0d %0d", `MLDSA_PATH.mldsa_pubkey_ram.ram[i][j*4+3:j*4], {`SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][7:0], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][15:8], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][23:16], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][31:24]}, i, j); + end + end + end + endgenerate + //Generate disable signal for fuse_wr_check sva when hwclr is asserted. The disable needs to be for 3 clks in order to ignore the fuses being cleared logic clear_obf_secrets_f; logic clear_obf_secrets_ff; @@ -545,7 +600,13 @@ module caliptra_top_sva @(posedge `SVA_RDC_CLK) `ECC_PATH.ecc_valid_reg |-> `ECC_PATH.ecc_ready_reg ) - else $display("SVA ERROR: ECC VALID flag mismatch!"); + else $display("SVA ERROR: ECC VALID flag mismatch!"); + + MLDSA_valid_flag: assert property ( + @(posedge `SVA_RDC_CLK) + `MLDSA_PATH.mldsa_valid_reg |-> `MLDSA_PATH.mldsa_ready + ) + else $display("SVA ERROR: MLDSA VALID flag mismatch!"); //SVA for SHA512 restore sha512_restore_cmd: assert property ( diff --git a/src/integration/tb/caliptra_top_tb_services.sv b/src/integration/tb/caliptra_top_tb_services.sv index c06217dc6..c1ad742a4 100644 --- a/src/integration/tb/caliptra_top_tb_services.sv +++ b/src/integration/tb/caliptra_top_tb_services.sv @@ -266,6 +266,7 @@ module caliptra_top_tb_services // 8'ha8 - Inject zero as HMAC_KEY to kv_key register // 8'ha9: 8'haf - Inject HMAC512_KEY to kv_key register // 8'hc0: 8'hc7 - Inject MLDSA_SEED to kv_key register + // 8'hd8 - Inject makehint failure during mldsa signing // 8'hd9 - Perform mldsa keygen // 8'hda - Perform mldsa signing // 8'hdb - Perform mldsa verify @@ -598,16 +599,19 @@ module caliptra_top_tb_services //MLDSA logic mldsa_keygen, mldsa_signing, mldsa_verify, mldsa_keygen_signing; + always @(negedge clk or negedge cptra_rst_b) begin if (!cptra_rst_b) begin mldsa_keygen <= 'b0; mldsa_signing <= 'b0; mldsa_verify <= 'b0; + mldsa_keygen_signing <= 'b0; end else if ((WriteData[7:0] == 8'hd9) && mailbox_write) begin mldsa_keygen <= 'b1; mldsa_signing <= 'b0; mldsa_verify <= 'b0; + mldsa_keygen_signing <= 'b0; $display("In keygen branch\n"); end //unlock debug mode @@ -615,15 +619,83 @@ module caliptra_top_tb_services mldsa_keygen <= 'b0; mldsa_signing <= 'b1; mldsa_verify <= 'b0; + mldsa_keygen_signing <= 'b0; $display("In signing branch\n"); end else if((WriteData[7:0] == 8'hdb) && mailbox_write) begin mldsa_keygen <= 'b0; mldsa_signing <= 'b0; mldsa_verify <= 'b1; + mldsa_keygen_signing <= 'b0; $display("In verify branch\n"); end + else if((WriteData[7:0] == 8'hdc) && mailbox_write) begin + mldsa_keygen <= 'b0; + mldsa_signing <= 'b0; + mldsa_verify <= 'b0; + mldsa_keygen_signing <= 'b1; + $display("In keygen+sign branch\n"); + end end + + genvar mldsa_dword; + generate + for (mldsa_dword = 0; mldsa_dword < 8; mldsa_dword++) begin + always @(negedge clk) begin + if (mldsa_keygen) begin + force caliptra_top_dut.mldsa.mldsa_reg_inst.hwif_out.MLDSA_SEED[mldsa_dword].SEED.value = {mldsa_test_vector.seed[7-mldsa_dword][7:0], mldsa_test_vector.seed[7-mldsa_dword][15:8], mldsa_test_vector.seed[7-mldsa_dword][23:16], mldsa_test_vector.seed[7-mldsa_dword][31:24]}; + end + else begin + release caliptra_top_dut.mldsa.mldsa_reg_inst.hwif_out.MLDSA_SEED[mldsa_dword].SEED.value; + end + end + end + + // for (mldsa_dword = 0; mldsa_dword < 16; mldsa_dword++) begin + // always @(negedge clk) begin + // if (mldsa_signing) begin + // force caliptra_top_dut.mldsa.mldsa_reg_inst.hwif_out.MLDSA_MSG[mldsa_dword].MSG.value = {mldsa_test_vector.msg[15-mldsa_dword][7:0], mldsa_test_vector.msg[15-mldsa_dword][15:8], mldsa_test_vector.msg[15-mldsa_dword][23:16], mldsa_test_vector.msg[15-mldsa_dword][31:24]}; + // end + // else begin + // release caliptra_top_dut.mldsa.mldsa_reg_inst.hwif_out.MLDSA_MSG[mldsa_dword].MSG.value; + // end + // end + // end + + // for (mldsa_dword = 0; mldsa_dword < 1224; mldsa_dword++) begin + // always @(negedge clk) begin + // if (mldsa_signing) begin + // force caliptra_top_dut.mldsa.mldsa_reg_inst.hwif_out.MLDSA_PRIVKEY_IN[mldsa_dword].MSG.value = {mldsa_test_vector.msg[15-mldsa_dword][7:0], mldsa_test_vector.msg[15-mldsa_dword][15:8], mldsa_test_vector.msg[15-mldsa_dword][23:16], mldsa_test_vector.msg[15-mldsa_dword][31:24]}; + // end + // else begin + // release caliptra_top_dut.mldsa.mldsa_reg_inst.hwif_out.MLDSA_PRIVKEY_IN[mldsa_dword].MSG.value; + // end + // end + // end + endgenerate + +// always_ff @(negedge clk or negedge cptra_rst_b) begin +// // logic [0:647][31:0] pubkey; +// // logic [0:1223][31:0] privkey; +// // logic [0:1156][31:0] signature; +// // logic [0:15][31:0] verify_res; +// if (!cptra_rst_b) begin +// mldsa_obs_vector <= {'h0, 'h0, 'h0, 'h0}; +// end +// else if (caliptra_top_dut.mldsa.mldsa_ctrl_inst.mldsa_status_done_p)begin +// // mldsa_obs_vector.privkey[31:0][31:0] <= caliptra_top_dut.mldsa.mldsa_ctrl_inst.privatekey_reg.raw[31:0]; +// for (int i = 0; i < 1223; i=i+2) begin +// // mldsa_obs_vector.privkey <= {caliptra_top_dut.mldsa.mldsa_ctrl_inst.mldsa_sk_ram_bank1.ram[595:0], +// // caliptra_top_dut.mldsa.mldsa_ctrl_inst.mldsa_sk_ram_bank0.ram[595:0], +// // caliptra_top_dut.mldsa.mldsa_ctrl_inst.privatekey_reg.raw[31:0]}; +// if (i < 32) +// mldsa_obs_vector.privkey[i+1:i] <= {caliptra_top_dut.mldsa.mldsa_ctrl_inst.privatekey_reg.raw[i+1:i]}; +// else +// mldsa_obs_vector.privkey[i+1:i] <= {caliptra_top_dut.mldsa.mldsa_ctrl_inst.mldsa_sk_ram_bank1.ram[((i%32))/2], caliptra_top_dut.mldsa.mldsa_ctrl_inst.mldsa_sk_ram_bank0.ram[(i%32)/2]}; + +// end +// end +// end /* generate for (genvar dword = 0; dword < 8; dword++) begin @@ -913,89 +985,86 @@ endgenerate //IV_NO endtask - // task mldsa_input_hex_gen (input int mode); //mode = CTRL.value-1 - // int fd_r; - // string outfile; - // outfile = "mldsa_input.hex"; + task mldsa_input_hex_gen(); //mode = CTRL.value-1 + int fd_r; + logic [7:0][31:0] seed; + logic [15:0][31:0] msg; + string keygen_outfile, sign_outfile, verify_outfile; + string keygen_infile, sign_infile, verify_infile; + string line_read; + keygen_outfile = "keygen_input.hex"; + keygen_infile = "keygen_output.hex"; + sign_outfile = "sign_input.hex"; + sign_infile = "sign_output.hex"; + verify_outfile = "verify_input.hex"; + verify_infile = "verify_output.hex"; - // logic [7:0][31:0] seed; - // logic [15:0][31:0] msg; - // logic [1223:0][31:0] privkey; - // logic [647:0][31:0] pubkey; - // logic [1156:0][31:0] signature; - // fd_r = $fopen(outfile, "w"); - - // seed = $urandom(); - // if (mode == 0) begin //keygen - // $fwrite(fd_r, "%2h", mode); //write cmd (in this case mode-1) as a 2 digit number - // $fwrite(fd_r, "%h", seed); //write random seed 8*4 bytes - // end - // // else if (mode == 1) begin //sign - // // $fwrite(fd_r, "%2h", mode); //write cmd - // // $fwrite(fd_r, "%128h", 1); //write msg - // // $fwrite(fd_r, "%h", privkey); //write privkey - // // end - // // else if (mode == 2) begin //verify - // // $fwrite(fd_r, "%2h", mode); //write cmd - // // $fwrite(fd_r, "%128h", 1); //write msg - // // $fwrite(fd_r, "%h", pubkey); //write pubkey - ideally comes from keygen step. TODO: fixme - // // $fwrite(fd_r, "%h", signature); - // // end - // endtask - - // task mldsa_output_hex_gen (); - // string infile, outfile; - // begin - // infile = "mldsa_input.hex"; - // outfile = "mldsa_output.hex"; - // $system("./test_dilithium5 mldsa_input.hex mldsa_output.hex"); - - // if (!UVM_TB) mldsa_read_test_vectors(outfile); - // end - // endtask - - // Placeholder - // task mldsa_testvector_generator (); - // string file_name; - // begin - - // // $system("./test_dilithium5 mldsa_input.hex mldsa_output.hex"); - - // file_name = "smoke_test_mldsa_vector.hex"; - // if (!UVM_TB) mldsa_read_test_vectors(file_name); - // end - // endtask // mldsa_test - - // task static mldsa_read_test_vectors (input string fname); - // integer values_per_test_vector; - // int fd_r; - // string line_read; - // begin - // // // ATTN: Must match the number of fields generated by gen_mm_test_vectors.py script - // values_per_test_vector = 7; - - // fd_r = $fopen(fname, "r"); - // if (fd_r == 0) - // $error("Can't open file %s", fname); - - // void'($fgets(line_read, fd_r)); - // void'($sscanf(line_read, "%h", mldsa_test_vector.seed)); - // void'($fgets(line_read, fd_r)); - // void'($sscanf(line_read, "%h", mldsa_test_vector.pubkey)); - // void'($fgets(line_read, fd_r)); - // void'($sscanf(line_read, "%h", mldsa_test_vector.privkey)); - // void'($fgets(line_read, fd_r)); - // void'($sscanf(line_read, "%h", mldsa_test_vector.msg)); - // void'($fgets(line_read, fd_r)); - // void'($sscanf(line_read, "%h", mldsa_test_vector.signature)); - // void'($fgets(line_read, fd_r)); - // void'($sscanf(line_read, "%h", mldsa_test_vector.verify_res)); - // void'($fgets(line_read, fd_r)); - // void'($sscanf(line_read, "%h", mldsa_test_vector.sign_rnd)); - - // $fclose(fd_r); - // end - // endtask + //--------------------------- + //Keygen + //--------------------------- + fd_r = $fopen(keygen_outfile, "w"); + for (int i = 0; i < 8; i++) begin + seed[i] = $urandom(); + end + mldsa_test_vector.seed = seed; + $fwrite(fd_r, "%02X\n", 0); //write cmd (keygen) as a 2 digit number + $fwrite(fd_r, "%h", seed); //write random seed 8*4 bytes + $fclose(fd_r); + $system("./test_dilithium5 keygen_input.hex keygen_output.hex"); + + fd_r = $fopen(keygen_infile, "r"); + if (fd_r == 0) + $error("Can't open file %s", keygen_infile); + + void'($fgets(line_read, fd_r)); //skip cmd + void'($fgets(line_read, fd_r)); + void'($sscanf(line_read, "%h", mldsa_test_vector.pubkey)); + void'($fgets(line_read, fd_r)); + void'($sscanf(line_read, "%h", mldsa_test_vector.privkey)); + + //--------------------------- + //Sign + //--------------------------- + fd_r = $fopen(sign_outfile, "w"); + for (int i = 0; i < 16; i++) begin + msg[i] = $urandom(); + end + mldsa_test_vector.msg = msg; + $fwrite(fd_r, "%02X\n", 1); + $fwrite(fd_r, "%h\n", msg); + $fwrite(fd_r, "%h", mldsa_test_vector.privkey); + $fclose(fd_r); + $system("./test_dilithium5 sign_input.hex sign_output.hex"); + + fd_r = $fopen(sign_infile, "r"); + if (fd_r == 0) + $error("Can't open file %s", sign_infile); + + void'($fgets(line_read, fd_r)); //skip cmd + void'($fgets(line_read, fd_r)); //skip sig length + void'($fgets(line_read, fd_r)); + void'($sscanf(line_read, "%h", mldsa_test_vector.signature)); + + //--------------------------- + //Verify + //--------------------------- + fd_r = $fopen(verify_outfile, "w"); + $fwrite(fd_r, "%02X\n", 2); + $fwrite(fd_r, "%h\n", {mldsa_test_vector.signature[0][23:0], mldsa_test_vector.signature[1:1156]}); //[0:1156][31:0] signature + $fwrite(fd_r, "%h\n", mldsa_test_vector.msg); + $fwrite(fd_r, "%h", mldsa_test_vector.pubkey); + $fclose(fd_r); + $system("./test_dilithium5 verify_input.hex verify_output.hex"); + + fd_r = $fopen(verify_infile, "r"); + if (fd_r == 0) + $error("Can't open file %s", verify_infile); + + void'($fgets(line_read, fd_r)); //skip cmd + void'($fgets(line_read, fd_r)); //skip 2nd line + void'($fgets(line_read, fd_r)); + void'($sscanf(line_read, "%h", mldsa_test_vector.verify_res)); + endtask task ecc_testvector_generator (); string file_name; @@ -1480,6 +1549,7 @@ endgenerate //IV_NO ecc_testvector_generator(); doe_testvector_generator(); sha256_wntz_testvector_generator(); + mldsa_input_hex_gen(); //Placeholder // mldsa_testvector_generator(); diff --git a/src/integration/test_suites/smoke_test_mldsa_rand/smoke_test_mldsa_rand.c b/src/integration/test_suites/smoke_test_mldsa_rand/smoke_test_mldsa_rand.c index 2c2401a31..75539a897 100644 --- a/src/integration/test_suites/smoke_test_mldsa_rand/smoke_test_mldsa_rand.c +++ b/src/integration/test_suites/smoke_test_mldsa_rand/smoke_test_mldsa_rand.c @@ -3203,14 +3203,14 @@ uint32_t mldsa_verifyres [] = {0x89E8DA09, // mldsa_zeroize(); // cptra_intr_rcv.mldsa_notif = 0; - // mldsa_signing_flow(privkey, msg, entropy, sign); - // mldsa_zeroize(); - // cptra_intr_rcv.mldsa_notif = 0; - - mldsa_keygen_signing_flow(seed, sign_rnd, msg, privkey, pubkey, sign); + mldsa_signing_flow(privkey, msg, entropy, sign); mldsa_zeroize(); cptra_intr_rcv.mldsa_notif = 0; + // mldsa_keygen_signing_flow(seed, sign_rnd, msg, privkey, pubkey, sign); + // mldsa_zeroize(); + // cptra_intr_rcv.mldsa_notif = 0; + // mldsa_verifying_flow(msg, pubkey, sign, verifyres); // mldsa_zeroize(); // cptra_intr_rcv.mldsa_notif = 0; diff --git a/submodules/adams-bridge b/submodules/adams-bridge index e70ac5d43..573411ccc 160000 --- a/submodules/adams-bridge +++ b/submodules/adams-bridge @@ -1 +1 @@ -Subproject commit e70ac5d435027b83c095b941f740b5051730a667 +Subproject commit 573411cccd421ab08ce1e8a48e9fb9803b047f36 From b3718241fdd18b50c7cbefad8132042a5ec51ffb Mon Sep 17 00:00:00 2001 From: Kiran Upadhyayula Date: Mon, 6 Jan 2025 14:34:57 -0800 Subject: [PATCH 2/5] Add randomization and SVAs for mldsa data checks --- src/integration/asserts/caliptra_top_sva.sv | 58 +++++++- ...liptra_top_nightly_directed_regression.yml | 3 +- .../tb/caliptra_top_tb_services.sv | 130 +++++++++++++++-- .../smoke_test_mldsa_keygen_rand.yml | 3 - .../caliptra_isr.h | 15 +- .../smoke_test_mldsa_keygen_sign_vfy_rand.c} | 33 +++-- .../smoke_test_mldsa_keygen_sign_vfy_rand.ld} | 0 .../smoke_test_mldsa_keygen_sign_vfy_rand.yml | 3 + .../caliptra_isr.h | 133 ++++++++++++++++++ ...st_mldsa_keygen_standalone_sign_vfy_rand.c | 97 +++++++++++++ ...t_mldsa_keygen_standalone_sign_vfy_rand.ld | 69 +++++++++ ..._mldsa_keygen_standalone_sign_vfy_rand.yml | 3 + 12 files changed, 520 insertions(+), 27 deletions(-) delete mode 100644 src/integration/test_suites/smoke_test_mldsa_keygen_rand/smoke_test_mldsa_keygen_rand.yml rename src/integration/test_suites/{smoke_test_mldsa_keygen_rand => smoke_test_mldsa_keygen_sign_vfy_rand}/caliptra_isr.h (86%) rename src/integration/test_suites/{smoke_test_mldsa_keygen_rand/smoke_test_mldsa_keygen_rand.c => smoke_test_mldsa_keygen_sign_vfy_rand/smoke_test_mldsa_keygen_sign_vfy_rand.c} (61%) rename src/integration/test_suites/{smoke_test_mldsa_keygen_rand/smoke_test_mldsa_keygen_rand.ld => smoke_test_mldsa_keygen_sign_vfy_rand/smoke_test_mldsa_keygen_sign_vfy_rand.ld} (100%) create mode 100644 src/integration/test_suites/smoke_test_mldsa_keygen_sign_vfy_rand/smoke_test_mldsa_keygen_sign_vfy_rand.yml create mode 100644 src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/caliptra_isr.h create mode 100644 src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/smoke_test_mldsa_keygen_standalone_sign_vfy_rand.c create mode 100644 src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/smoke_test_mldsa_keygen_standalone_sign_vfy_rand.ld create mode 100644 src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/smoke_test_mldsa_keygen_standalone_sign_vfy_rand.yml diff --git a/src/integration/asserts/caliptra_top_sva.sv b/src/integration/asserts/caliptra_top_sva.sv index e157dec03..de3c02c1c 100644 --- a/src/integration/asserts/caliptra_top_sva.sv +++ b/src/integration/asserts/caliptra_top_sva.sv @@ -41,6 +41,7 @@ `define SERVICES_PATH `CPTRA_TB_TOP_NAME.tb_services_i `define SHA512_PATH `CPTRA_TOP_PATH.sha512.sha512_inst `define MLDSA_PATH `CPTRA_TOP_PATH.mldsa.mldsa_ctrl_inst +`define MLDSA_REG_PATH `CPTRA_TOP_PATH.mldsa.mldsa_reg_inst `define HMAC_PATH `CPTRA_TOP_PATH.hmac.hmac_inst `define HMAC_REG_PATH `HMAC_PATH.i_hmac_reg `define ECC_PATH `CPTRA_TOP_PATH.ecc_top1.ecc_dsa_ctrl_i @@ -281,7 +282,7 @@ module caliptra_top_sva MLDSA_privkey_0_31_data_check: assert property ( @(posedge `SVA_RDC_CLK) disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) - ((`SERVICES_PATH.mldsa_keygen && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.privatekey_reg.raw[dword] == {`SERVICES_PATH.mldsa_test_vector.privkey[dword][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[dword][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[dword][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[dword][31:24]})) + (((`SERVICES_PATH.mldsa_keygen || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.privatekey_reg.raw[dword] == {`SERVICES_PATH.mldsa_test_vector.privkey[dword][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[dword][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[dword][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[dword][31:24]})) ) else $display("SVA ERROR: [MLDSA keygen] SK output %h does not match expected SK %h at index %h",`MLDSA_PATH.privatekey_reg.raw[dword], {`SERVICES_PATH.mldsa_test_vector.privkey[dword][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[dword][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[dword][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[dword][31:24]}, dword); end @@ -290,7 +291,7 @@ module caliptra_top_sva MLDSA_privkey_even_data_check: assert property ( @(posedge `SVA_RDC_CLK) disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) - ((`SERVICES_PATH.mldsa_keygen && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_sk_ram_bank0.ram[dword] == {`SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][31:24]})) + (((`SERVICES_PATH.mldsa_keygen || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_sk_ram_bank0.ram[dword] == {`SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][31:24]})) ) else $display("SVA ERROR: [MLDSA keygen] SK output %h does not match expected SK %h at index %h",`MLDSA_PATH.mldsa_sk_ram_bank0.ram[dword], {`SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][31:24]}, 32+(2*dword)); end @@ -299,7 +300,7 @@ module caliptra_top_sva MLDSA_privkey_odd_data_check: assert property ( @(posedge `SVA_RDC_CLK) disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) - ((`SERVICES_PATH.mldsa_keygen && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_sk_ram_bank1.ram[dword] == {`SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][31:24]})) + (((`SERVICES_PATH.mldsa_keygen || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_sk_ram_bank1.ram[dword] == {`SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][31:24]})) ) else $display("SVA ERROR: [MLDSA keygen] SK output %h does not match expected SK %h at index %h",`MLDSA_PATH.mldsa_sk_ram_bank0.ram[dword], {`SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][31:24]}, 33+(2*dword)); end @@ -308,7 +309,7 @@ module caliptra_top_sva MLDSA_pubkey_0_7_data_check: assert property ( @(posedge `SVA_RDC_CLK) disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) - ((`SERVICES_PATH.mldsa_keygen && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.publickey_reg.raw[dword] == {`SERVICES_PATH.mldsa_test_vector.pubkey[dword][7:0], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][15:8], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][23:16], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][31:24]})) + (((`SERVICES_PATH.mldsa_keygen || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.publickey_reg.raw[dword] == {`SERVICES_PATH.mldsa_test_vector.pubkey[dword][7:0], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][15:8], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][23:16], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][31:24]})) ) else $display("SVA ERROR: [MLDSA keygen] PK output %h does not match expected PK %h at index %h", `MLDSA_PATH.publickey_reg.raw[dword], {`SERVICES_PATH.mldsa_test_vector.pubkey[dword][7:0], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][15:8], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][23:16], `SERVICES_PATH.mldsa_test_vector.pubkey[dword][31:24]}, dword); end @@ -321,13 +322,60 @@ module caliptra_top_sva MLDSA_pubkey_8_647_data_check: assert property ( @(posedge `SVA_RDC_CLK) disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) - ((`SERVICES_PATH.mldsa_keygen && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_pubkey_ram.ram[i][j*4+3:j*4] == {`SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][7:0], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][15:8], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][23:16], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][31:24]})) + (((`SERVICES_PATH.mldsa_keygen || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_pubkey_ram.ram[i][j*4+3:j*4] == {`SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][7:0], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][15:8], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][23:16], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][31:24]})) ) else $display("SVA ERROR: [MLDSA keygen] PK output %h does not match expected PK %h at index %0d %0d", `MLDSA_PATH.mldsa_pubkey_ram.ram[i][j*4+3:j*4], {`SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][7:0], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][15:8], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][23:16], `SERVICES_PATH.mldsa_test_vector.pubkey[i*10+8+j][31:24]}, i, j); end end end endgenerate + generate + begin: MLDSA_signature_data_check + for (genvar dword = 0; dword < 21; dword++) begin + MLDSA_signature_16_36_data_check: assert property ( + @(posedge `SVA_RDC_CLK) + disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) + (((`SERVICES_PATH.mldsa_signing || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.signature_reg.raw[16+dword] == {`SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][7:0], `SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][15:8], `SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][23:16], `SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][31:24]})) + ) + else $display("SVA ERROR: [MLDSA signing] Signature output %h does not match expected signature %h at index %h",`MLDSA_PATH.signature_reg.raw[16+dword], {`SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][7:0], `SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][15:8], `SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][23:16], `SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][31:24]}, 16+dword); + end + + for (genvar dword = 0; dword < 16; dword++) begin + MLDSA_signature_0_15_data_check: assert property ( + @(posedge `SVA_RDC_CLK) + disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) + (((`SERVICES_PATH.mldsa_signing || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.signature_reg.raw[dword] == {`SERVICES_PATH.mldsa_test_vector.signature[dword][7:0], `SERVICES_PATH.mldsa_test_vector.signature[dword][15:8], `SERVICES_PATH.mldsa_test_vector.signature[dword][23:16], `SERVICES_PATH.mldsa_test_vector.signature[dword][31:24]})) + ) + else $display("SVA ERROR: [MLDSA signing] Signature output %h does not match expected signature %h at index %h",`MLDSA_PATH.signature_reg.raw[dword], {`SERVICES_PATH.mldsa_test_vector.signature[dword][7:0], `SERVICES_PATH.mldsa_test_vector.signature[dword][15:8], `SERVICES_PATH.mldsa_test_vector.signature[dword][23:16], `SERVICES_PATH.mldsa_test_vector.signature[dword][31:24]}, dword); + end + end + endgenerate + generate + begin: MLDSA_sig_z_data_check + for (genvar i = 0; i < 224; i++) begin + for (genvar j = 0; j < 5; j++) begin + MLDSA_sig_37_1135_data_check: assert property ( + @(posedge `SVA_RDC_CLK) + disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) + (((`SERVICES_PATH.mldsa_signing || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_sig_z_ram.ram[i][j*4+3:j*4] == {`SERVICES_PATH.mldsa_test_vector.signature[i*5+16+j][7:0], `SERVICES_PATH.mldsa_test_vector.signature[i*5+16+j][15:8], `SERVICES_PATH.mldsa_test_vector.signature[i*5+16+j][23:16], `SERVICES_PATH.mldsa_test_vector.signature[i*5+16+j][31:24]})) + ) + else $display("SVA ERROR: [MLDSA signing] Sig output %h does not match expected sig %h at index %0d %0d", `MLDSA_PATH.mldsa_sig_z_ram.ram[i][j*4+3:j*4], {`SERVICES_PATH.mldsa_test_vector.signature[i*5+16+j][7:0], `SERVICES_PATH.mldsa_test_vector.signature[i*5+16+j][15:8], `SERVICES_PATH.mldsa_test_vector.signature[i*5+16+j][23:16], `SERVICES_PATH.mldsa_test_vector.signature[i*5+16+j][31:24]}, i, j); + end + end + end + endgenerate + generate + begin: MLDSA_verify_data_check + for (genvar dword = 0; dword < 16; dword++) begin + MLDSA_verify_res_data_check: assert property ( + @(posedge `SVA_RDC_CLK) + disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) + ((`SERVICES_PATH.mldsa_verify && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_REG_PATH.hwif_out.MLDSA_VERIFY_RES[dword] == {`SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][7:0], `SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][15:8], `SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][23:16], `SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][31:24]})) + ) + else $display("SVA ERROR: [MLDSA verify] Verify output %h does not match expected verify res %h at index %h",`MLDSA_REG_PATH.hwif_out.MLDSA_VERIFY_RES[dword], {`SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][7:0], `SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][15:8], `SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][23:16], `SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][31:24]}, dword); + end + end + endgenerate //Generate disable signal for fuse_wr_check sva when hwclr is asserted. The disable needs to be for 3 clks in order to ignore the fuses being cleared logic clear_obf_secrets_f; diff --git a/src/integration/stimulus/testsuites/caliptra_top_nightly_directed_regression.yml b/src/integration/stimulus/testsuites/caliptra_top_nightly_directed_regression.yml index 33a6f0b62..658af9fce 100644 --- a/src/integration/stimulus/testsuites/caliptra_top_nightly_directed_regression.yml +++ b/src/integration/stimulus/testsuites/caliptra_top_nightly_directed_regression.yml @@ -30,7 +30,8 @@ contents: - ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_hmac/smoke_test_hmac.yml - ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_hmac_errortrigger/smoke_test_hmac_errortrigger.yml - ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_mldsa_rand/smoke_test_mldsa_rand.yml - - ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_mldsa_rand/smoke_test_mldsa_keygen_rand.yml + - ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_mldsa_keygen_sign_vfy_rand/smoke_test_mldsa_keygen_sign_vfy_rand.yml + - ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/smoke_test_mldsa_keygen_standalone_sign_vfy_rand.yml - ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_kv/smoke_test_kv.yml - ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_sram_ecc/smoke_test_sram_ecc.yml - ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_ras/smoke_test_ras.yml diff --git a/src/integration/tb/caliptra_top_tb_services.sv b/src/integration/tb/caliptra_top_tb_services.sv index 640dbd17a..aae390f96 100644 --- a/src/integration/tb/caliptra_top_tb_services.sv +++ b/src/integration/tb/caliptra_top_tb_services.sv @@ -675,20 +675,14 @@ module caliptra_top_tb_services mldsa_verify <= 'b0; mldsa_keygen_signing <= 'b1; end - else if((WriteData[7:0] == 8'hdc) && mailbox_write) begin - mldsa_keygen <= 'b0; - mldsa_signing <= 'b0; - mldsa_verify <= 'b0; - mldsa_keygen_signing <= 'b1; - $display("In keygen+sign branch\n"); - end end genvar mldsa_dword; generate + //MLDSA keygen - inject seed for (mldsa_dword = 0; mldsa_dword < 8; mldsa_dword++) begin always @(negedge clk) begin - if (mldsa_keygen) begin + if (mldsa_keygen | mldsa_keygen_signing) begin force caliptra_top_dut.mldsa.mldsa_reg_inst.hwif_out.MLDSA_SEED[mldsa_dword].SEED.value = {mldsa_test_vector.seed[7-mldsa_dword][7:0], mldsa_test_vector.seed[7-mldsa_dword][15:8], mldsa_test_vector.seed[7-mldsa_dword][23:16], mldsa_test_vector.seed[7-mldsa_dword][31:24]}; end else begin @@ -696,6 +690,121 @@ module caliptra_top_tb_services end end end + + //MLDSA signing or MLDSA verify - inject msg + for (mldsa_dword = 0; mldsa_dword < 16; mldsa_dword++) begin + always @(negedge clk) begin + if (mldsa_signing | mldsa_verify | mldsa_keygen_signing) begin + force caliptra_top_dut.mldsa.mldsa_reg_inst.hwif_out.MLDSA_MSG[mldsa_dword].MSG.value = {mldsa_test_vector.msg[15-mldsa_dword][7:0], mldsa_test_vector.msg[15-mldsa_dword][15:8], mldsa_test_vector.msg[15-mldsa_dword][23:16], mldsa_test_vector.msg[15-mldsa_dword][31:24]}; + end + else begin + release caliptra_top_dut.mldsa.mldsa_reg_inst.hwif_out.MLDSA_MSG[mldsa_dword].MSG.value; + end + end + end + + //MLDSA signing - inject sk + for (mldsa_dword = 0; mldsa_dword < 4; mldsa_dword++) begin + always @(negedge clk) begin + if (mldsa_signing) begin + force caliptra_top_dut.mldsa.mldsa_ctrl_inst.privatekey_reg.enc.rho[mldsa_dword] = {mldsa_test_vector.privkey[((mldsa_dword*2)+1)][7:0], mldsa_test_vector.privkey[((mldsa_dword*2)+1)][15:8], mldsa_test_vector.privkey[((mldsa_dword*2)+1)][23:16], mldsa_test_vector.privkey[((mldsa_dword*2)+1)][31:24], + mldsa_test_vector.privkey[(mldsa_dword*2)][7:0], mldsa_test_vector.privkey[(mldsa_dword*2)][15:8], mldsa_test_vector.privkey[(mldsa_dword*2)][23:16], mldsa_test_vector.privkey[(mldsa_dword*2)][31:24]}; + force caliptra_top_dut.mldsa.mldsa_ctrl_inst.privatekey_reg.enc.K[mldsa_dword] = {mldsa_test_vector.privkey[((mldsa_dword*2)+1+8)][7:0], mldsa_test_vector.privkey[((mldsa_dword*2)+1+8)][15:8], mldsa_test_vector.privkey[((mldsa_dword*2)+1+8)][23:16], mldsa_test_vector.privkey[((mldsa_dword*2)+1+8)][31:24], + mldsa_test_vector.privkey[((mldsa_dword*2)+8)][7:0], mldsa_test_vector.privkey[((mldsa_dword*2)+8)][15:8], mldsa_test_vector.privkey[((mldsa_dword*2)+8)][23:16], mldsa_test_vector.privkey[((mldsa_dword*2)+8)][31:24]}; + end + else begin + release caliptra_top_dut.mldsa.mldsa_ctrl_inst.privatekey_reg.enc.rho[mldsa_dword]; + release caliptra_top_dut.mldsa.mldsa_ctrl_inst.privatekey_reg.enc.K[mldsa_dword]; + end + end + end + + for (mldsa_dword = 0; mldsa_dword < 8; mldsa_dword++) begin + always @(negedge clk) begin + if (mldsa_signing) begin + force caliptra_top_dut.mldsa.mldsa_ctrl_inst.privatekey_reg.enc.tr[mldsa_dword] = {mldsa_test_vector.privkey[((mldsa_dword*2)+1+16)][7:0], mldsa_test_vector.privkey[((mldsa_dword*2)+1+16)][15:8], mldsa_test_vector.privkey[((mldsa_dword*2)+1+16)][23:16], mldsa_test_vector.privkey[((mldsa_dword*2)+1+16)][31:24], + mldsa_test_vector.privkey[((mldsa_dword*2)+16)][7:0], mldsa_test_vector.privkey[((mldsa_dword*2)+16)][15:8], mldsa_test_vector.privkey[((mldsa_dword*2)+16)][23:16], mldsa_test_vector.privkey[((mldsa_dword*2)+16)][31:24]}; + end + else begin + release caliptra_top_dut.mldsa.mldsa_ctrl_inst.privatekey_reg.enc.tr[mldsa_dword]; + end + end + end + + for (mldsa_dword = 32; mldsa_dword < 1224; mldsa_dword++) begin + always @(negedge clk) begin + if (mldsa_signing) begin + if ((mldsa_dword % 2) == 0) begin + force caliptra_top_dut.mldsa.mldsa_ctrl_inst.mldsa_sk_ram_bank0.ram[(mldsa_dword-32)/2] = {mldsa_test_vector.privkey[mldsa_dword][7:0], mldsa_test_vector.privkey[mldsa_dword][15:8], mldsa_test_vector.privkey[mldsa_dword][23:16], mldsa_test_vector.privkey[mldsa_dword][31:24]}; + end + else begin + force caliptra_top_dut.mldsa.mldsa_ctrl_inst.mldsa_sk_ram_bank1.ram[(mldsa_dword-33)/2] = {mldsa_test_vector.privkey[mldsa_dword][7:0], mldsa_test_vector.privkey[mldsa_dword][15:8], mldsa_test_vector.privkey[mldsa_dword][23:16], mldsa_test_vector.privkey[mldsa_dword][31:24]}; + end + end + else begin + release caliptra_top_dut.mldsa.mldsa_ctrl_inst.mldsa_sk_ram_bank0.ram[(mldsa_dword-32)/2]; + release caliptra_top_dut.mldsa.mldsa_ctrl_inst.mldsa_sk_ram_bank1.ram[(mldsa_dword-33)/2]; + end + end + end + + //MLDSA verify - inject pk + for (mldsa_dword = 0; mldsa_dword < 8; mldsa_dword++) begin + always @(negedge clk) begin + if (mldsa_verify) begin + force caliptra_top_dut.mldsa.mldsa_ctrl_inst.publickey_reg.enc.rho[mldsa_dword] = {mldsa_test_vector.pubkey[mldsa_dword][7:0], mldsa_test_vector.pubkey[mldsa_dword][15:8], mldsa_test_vector.pubkey[mldsa_dword][23:16], mldsa_test_vector.pubkey[mldsa_dword][31:24]}; + end + else begin + release caliptra_top_dut.mldsa.mldsa_ctrl_inst.publickey_reg.enc.rho[mldsa_dword]; + end + end + end + for (genvar a = 0; a < 64; a++) begin + for (genvar b = 0; b < 10; b++) begin + always @(negedge clk) begin + if (mldsa_verify) begin + force caliptra_top_dut.mldsa.mldsa_ctrl_inst.mldsa_pubkey_ram.ram[a][b*4+3:b*4] = {mldsa_test_vector.pubkey[a*10+8+b][7:0], mldsa_test_vector.pubkey[a*10+8+b][15:8], mldsa_test_vector.pubkey[a*10+8+b][23:16], mldsa_test_vector.pubkey[a*10+8+b][31:24]}; + end + else begin + release caliptra_top_dut.mldsa.mldsa_ctrl_inst.mldsa_pubkey_ram.ram[a][b*4+3:b*4]; + end + end + end + end + + //MLDSA verify - inject signature + for (mldsa_dword = 0; mldsa_dword < 16; mldsa_dword++) begin + always @(negedge clk) begin + if (mldsa_verify) begin + force caliptra_top_dut.mldsa.mldsa_ctrl_inst.signature_reg.enc.c[mldsa_dword] = {mldsa_test_vector.signature[mldsa_dword][7:0], mldsa_test_vector.signature[mldsa_dword][15:8], mldsa_test_vector.signature[mldsa_dword][23:16], mldsa_test_vector.signature[mldsa_dword][31:24]}; + end + else begin + release caliptra_top_dut.mldsa.mldsa_ctrl_inst.signature_reg.enc.c[mldsa_dword]; + end + end + end + for (mldsa_dword = 0; mldsa_dword < 21; mldsa_dword++) begin + always @(negedge clk) begin + if (mldsa_verify) begin + force caliptra_top_dut.mldsa.mldsa_ctrl_inst.signature_reg.enc.h[mldsa_dword] = {mldsa_test_vector.signature[1136+mldsa_dword][7:0], mldsa_test_vector.signature[1136+mldsa_dword][15:8], mldsa_test_vector.signature[1136+mldsa_dword][23:16], mldsa_test_vector.signature[1136+mldsa_dword][31:24]}; + end + else begin + release caliptra_top_dut.mldsa.mldsa_ctrl_inst.signature_reg.enc.h[mldsa_dword]; + end + end + end + for (genvar a = 0; a < 224; a++) begin + for (genvar b = 0; b < 5; b++) begin + always @(negedge clk) begin + if (mldsa_verify) begin + force caliptra_top_dut.mldsa.mldsa_ctrl_inst.mldsa_sig_z_ram.ram[a][b*4+3:b*4] = {mldsa_test_vector.signature[a*5+16+b][7:0], mldsa_test_vector.signature[a*5+16+b][15:8], mldsa_test_vector.signature[a*5+16+b][23:16], mldsa_test_vector.signature[a*5+16+b][31:24]}; + end + else begin + release caliptra_top_dut.mldsa.mldsa_ctrl_inst.mldsa_sig_z_ram.ram[a][b*4+3:b*4]; + end + end + end + end endgenerate //Randomized wntz @@ -996,13 +1105,16 @@ endgenerate //IV_NO void'($fgets(line_read, fd_r)); //skip sig length void'($fgets(line_read, fd_r)); void'($sscanf(line_read, "%h", mldsa_test_vector.signature)); + mldsa_test_vector.signature = {mldsa_test_vector.signature[0:1156], 8'h00}; + + mldsa_test_vector.sign_rnd = 'h0; //--------------------------- //Verify //--------------------------- fd_r = $fopen(verify_outfile, "w"); $fwrite(fd_r, "%02X\n", 2); - $fwrite(fd_r, "%h\n", {mldsa_test_vector.signature[0][23:0], mldsa_test_vector.signature[1:1156]}); //[0:1156][31:0] signature + $fwrite(fd_r, "%h\n", {mldsa_test_vector.signature[0:1155], mldsa_test_vector.signature[1156][31:8]}); //[0:1156][31:0] signature $fwrite(fd_r, "%h\n", mldsa_test_vector.msg); $fwrite(fd_r, "%h", mldsa_test_vector.pubkey); $fclose(fd_r); diff --git a/src/integration/test_suites/smoke_test_mldsa_keygen_rand/smoke_test_mldsa_keygen_rand.yml b/src/integration/test_suites/smoke_test_mldsa_keygen_rand/smoke_test_mldsa_keygen_rand.yml deleted file mode 100644 index 78d8fc984..000000000 --- a/src/integration/test_suites/smoke_test_mldsa_keygen_rand/smoke_test_mldsa_keygen_rand.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -seed: ${PLAYBOOK_RANDOM_SEED} -testname: smoke_test_mldsa_keygen_rand diff --git a/src/integration/test_suites/smoke_test_mldsa_keygen_rand/caliptra_isr.h b/src/integration/test_suites/smoke_test_mldsa_keygen_sign_vfy_rand/caliptra_isr.h similarity index 86% rename from src/integration/test_suites/smoke_test_mldsa_keygen_rand/caliptra_isr.h rename to src/integration/test_suites/smoke_test_mldsa_keygen_sign_vfy_rand/caliptra_isr.h index 90daec8db..17e5c9cc8 100644 --- a/src/integration/test_suites/smoke_test_mldsa_keygen_rand/caliptra_isr.h +++ b/src/integration/test_suites/smoke_test_mldsa_keygen_sign_vfy_rand/caliptra_isr.h @@ -99,7 +99,20 @@ inline void service_sha512_acc_error_intr() {return;} inline void service_sha512_acc_notif_intr() {return; } -inline void service_mldsa_error_intr() {return;} +inline void service_mldsa_error_intr() { + uint32_t * reg = (uint32_t *) (CLP_MLDSA_REG_INTR_BLOCK_RF_ERROR_INTERNAL_INTR_R); + uint32_t sts = *reg; + /* Write 1 to Clear the pending interrupt */ + if (sts & MLDSA_REG_INTR_BLOCK_RF_ERROR_INTERNAL_INTR_R_ERROR_INTERNAL_STS_MASK) { + *reg = MLDSA_REG_INTR_BLOCK_RF_ERROR_INTERNAL_INTR_R_ERROR_INTERNAL_STS_MASK; + cptra_intr_rcv.mldsa_error |= MLDSA_REG_INTR_BLOCK_RF_ERROR_INTERNAL_INTR_R_ERROR_INTERNAL_STS_MASK; + } + if (sts == 0) { + VPRINTF(ERROR,"bad mldsa_error_intr sts:%x\n", sts); + SEND_STDOUT_CTRL(0x1); + while(1); + } +} inline void service_mldsa_notif_intr() { uint32_t * reg = (uint32_t *) (CLP_MLDSA_REG_INTR_BLOCK_RF_NOTIF_INTERNAL_INTR_R); uint32_t sts = *reg; diff --git a/src/integration/test_suites/smoke_test_mldsa_keygen_rand/smoke_test_mldsa_keygen_rand.c b/src/integration/test_suites/smoke_test_mldsa_keygen_sign_vfy_rand/smoke_test_mldsa_keygen_sign_vfy_rand.c similarity index 61% rename from src/integration/test_suites/smoke_test_mldsa_keygen_rand/smoke_test_mldsa_keygen_rand.c rename to src/integration/test_suites/smoke_test_mldsa_keygen_sign_vfy_rand/smoke_test_mldsa_keygen_sign_vfy_rand.c index 2e1acf582..43ea28354 100644 --- a/src/integration/test_suites/smoke_test_mldsa_keygen_rand/smoke_test_mldsa_keygen_rand.c +++ b/src/integration/test_suites/smoke_test_mldsa_keygen_sign_vfy_rand/smoke_test_mldsa_keygen_sign_vfy_rand.c @@ -33,24 +33,41 @@ volatile caliptra_intr_received_s cptra_intr_rcv = {0}; void main() { printf("----------------------------------\n"); - printf(" Running MLDSA Smoke Test !!\n"); + printf(" Running MLDSA Random Smoke Test !!\n"); printf("----------------------------------\n"); //Call interrupt init init_interrupts(); - + + //-------------------------------------------------------------- + printf("%c", 0xdc); //inject msg, sig, pk for verifying + + // wait for MLDSA to be ready + printf("Waiting for mldsa status ready in keygen+sign\n"); + while((lsu_read_32(CLP_MLDSA_REG_MLDSA_STATUS) & MLDSA_REG_MLDSA_STATUS_READY_MASK) == 0); + + printf("\nMLDSA KEYGEN_SIGN\n"); + // Enable MLDSA keygen sign + lsu_write_32(CLP_MLDSA_REG_MLDSA_CTRL, MLDSA_CMD_KEYGEN_SIGN); + + // // wait for MLDSA SIGNING process to be done + wait_for_mldsa_intr(); + + mldsa_zeroize(); + cptra_intr_rcv.mldsa_notif = 0; + //-------------------------------------------------------------- - printf("%c", 0xd9); //inject keygen seed + printf("%c", 0xdb); //inject msg, sig, pk for verifying // wait for MLDSA to be ready - printf("Waiting for mldsa status ready in keygen\n"); + printf("Waiting for mldsa status ready in verify\n"); while((lsu_read_32(CLP_MLDSA_REG_MLDSA_STATUS) & MLDSA_REG_MLDSA_STATUS_READY_MASK) == 0); - printf("\nMLDSA KEYGEN\n"); - // Enable MLDSA KEYGEN core - lsu_write_32(CLP_MLDSA_REG_MLDSA_CTRL, MLDSA_CMD_KEYGEN); + printf("\nMLDSA VERIFY\n"); + // Enable MLDSA Verify + lsu_write_32(CLP_MLDSA_REG_MLDSA_CTRL, MLDSA_CMD_VERIFYING); - // // wait for MLDSA KEYGEN process to be done + // // wait for MLDSA SIGNING process to be done wait_for_mldsa_intr(); mldsa_zeroize(); diff --git a/src/integration/test_suites/smoke_test_mldsa_keygen_rand/smoke_test_mldsa_keygen_rand.ld b/src/integration/test_suites/smoke_test_mldsa_keygen_sign_vfy_rand/smoke_test_mldsa_keygen_sign_vfy_rand.ld similarity index 100% rename from src/integration/test_suites/smoke_test_mldsa_keygen_rand/smoke_test_mldsa_keygen_rand.ld rename to src/integration/test_suites/smoke_test_mldsa_keygen_sign_vfy_rand/smoke_test_mldsa_keygen_sign_vfy_rand.ld diff --git a/src/integration/test_suites/smoke_test_mldsa_keygen_sign_vfy_rand/smoke_test_mldsa_keygen_sign_vfy_rand.yml b/src/integration/test_suites/smoke_test_mldsa_keygen_sign_vfy_rand/smoke_test_mldsa_keygen_sign_vfy_rand.yml new file mode 100644 index 000000000..50b8d3ed1 --- /dev/null +++ b/src/integration/test_suites/smoke_test_mldsa_keygen_sign_vfy_rand/smoke_test_mldsa_keygen_sign_vfy_rand.yml @@ -0,0 +1,3 @@ +--- +seed: ${PLAYBOOK_RANDOM_SEED} +testname: smoke_test_mldsa_keygen_sign_vfy_rand diff --git a/src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/caliptra_isr.h b/src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/caliptra_isr.h new file mode 100644 index 000000000..17e5c9cc8 --- /dev/null +++ b/src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/caliptra_isr.h @@ -0,0 +1,133 @@ +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// --------------------------------------------------------------------- +// File: caliptra_isr.h +// Description: +// Provides function declarations for use by external test files, so +// that the ISR functionality may behave like a library. +// TODO: +// This header file includes inline function definitions for event and +// test specific interrupt service behavior, so it should be copied and +// modified for each test. +// --------------------------------------------------------------------- + +#ifndef CALIPTRA_ISR_H + #define CALIPTRA_ISR_H + +#define EN_ISR_PRINTS 1 + +#include "caliptra_defines.h" +#include +#include "printf.h" + +/* --------------- symbols/typedefs --------------- */ +typedef struct { + uint32_t doe_error; + uint32_t doe_notif; + uint32_t ecc_error; + uint32_t ecc_notif; + uint32_t hmac_error; + uint32_t hmac_notif; + uint32_t kv_error; + uint32_t kv_notif; + uint32_t sha512_error; + uint32_t sha512_notif; + uint32_t sha256_error; + uint32_t sha256_notif; + uint32_t soc_ifc_error; + uint32_t soc_ifc_notif; + uint32_t sha512_acc_error; + uint32_t sha512_acc_notif; + uint32_t mldsa_error; + uint32_t mldsa_notif; + uint32_t axi_dma_error; + uint32_t axi_dma_notif; +} caliptra_intr_received_s; //TODO: add mldsa intr +extern volatile caliptra_intr_received_s cptra_intr_rcv; + +////////////////////////////////////////////////////////////////////////////// +// Function Declarations +// + +// Performs all the CSR setup to configure and enable vectored external interrupts +void init_interrupts(void); + +// These inline functions are used to insert event-specific functionality into the +// otherwise generic ISR that gets laid down by the parameterized macro "nonstd_veer_isr" +inline void service_doe_error_intr() {return;} +inline void service_doe_notif_intr() {return; +} + +inline void service_ecc_error_intr() {return;} +inline void service_ecc_notif_intr() {return; +} + +inline void service_hmac_error_intr() {return;} +inline void service_hmac_notif_intr() {return; +} + +inline void service_kv_error_intr() {return;} +inline void service_kv_notif_intr() {return;} +inline void service_sha512_error_intr() {return;} +inline void service_sha512_notif_intr() {return; +} + +inline void service_sha256_error_intr() {return;} +inline void service_sha256_notif_intr() {return; +} + + +inline void service_soc_ifc_error_intr() {return; +} + +inline void service_soc_ifc_notif_intr () {return; +} + +inline void service_sha512_acc_error_intr() {return;} +inline void service_sha512_acc_notif_intr() {return; +} + +inline void service_mldsa_error_intr() { + uint32_t * reg = (uint32_t *) (CLP_MLDSA_REG_INTR_BLOCK_RF_ERROR_INTERNAL_INTR_R); + uint32_t sts = *reg; + /* Write 1 to Clear the pending interrupt */ + if (sts & MLDSA_REG_INTR_BLOCK_RF_ERROR_INTERNAL_INTR_R_ERROR_INTERNAL_STS_MASK) { + *reg = MLDSA_REG_INTR_BLOCK_RF_ERROR_INTERNAL_INTR_R_ERROR_INTERNAL_STS_MASK; + cptra_intr_rcv.mldsa_error |= MLDSA_REG_INTR_BLOCK_RF_ERROR_INTERNAL_INTR_R_ERROR_INTERNAL_STS_MASK; + } + if (sts == 0) { + VPRINTF(ERROR,"bad mldsa_error_intr sts:%x\n", sts); + SEND_STDOUT_CTRL(0x1); + while(1); + } +} +inline void service_mldsa_notif_intr() { + uint32_t * reg = (uint32_t *) (CLP_MLDSA_REG_INTR_BLOCK_RF_NOTIF_INTERNAL_INTR_R); + uint32_t sts = *reg; + /* Write 1 to Clear the pending interrupt */ + if (sts & MLDSA_REG_INTR_BLOCK_RF_NOTIF_INTERNAL_INTR_R_NOTIF_CMD_DONE_STS_MASK) { + *reg = MLDSA_REG_INTR_BLOCK_RF_NOTIF_INTERNAL_INTR_R_NOTIF_CMD_DONE_STS_MASK; + cptra_intr_rcv.mldsa_notif |= MLDSA_REG_INTR_BLOCK_RF_NOTIF_INTERNAL_INTR_R_NOTIF_CMD_DONE_STS_MASK; + } + if (sts == 0) { + VPRINTF(ERROR,"bad mldsa_notif_intr sts:%x\n", sts); + SEND_STDOUT_CTRL(0x1); + while(1); + } +} +inline void service_axi_dma_error_intr() {return;} +inline void service_axi_dma_notif_intr() {return;} + +#endif //CALIPTRA_ISR_H diff --git a/src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/smoke_test_mldsa_keygen_standalone_sign_vfy_rand.c b/src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/smoke_test_mldsa_keygen_standalone_sign_vfy_rand.c new file mode 100644 index 000000000..1bcfa0b7a --- /dev/null +++ b/src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/smoke_test_mldsa_keygen_standalone_sign_vfy_rand.c @@ -0,0 +1,97 @@ +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +#include "caliptra_defines.h" +#include "caliptra_isr.h" +#include "riscv_hw_if.h" +#include "riscv-csr.h" +#include "printf.h" +#include "mldsa.h" + +volatile char* stdout = (char *)STDOUT; +volatile uint32_t intr_count = 0; +#ifdef CPT_VERBOSITY + enum printf_verbosity verbosity_g = CPT_VERBOSITY; +#else + enum printf_verbosity verbosity_g = LOW; +#endif + +volatile caliptra_intr_received_s cptra_intr_rcv = {0}; + + +void main() { + printf("----------------------------------\n"); + printf(" Running MLDSA Random Smoke Test !!\n"); + printf("----------------------------------\n"); + + //Call interrupt init + init_interrupts(); + + //-------------------------------------------------------------- + printf("%c", 0xd9); //inject keygen seed + + // wait for MLDSA to be ready + printf("Waiting for mldsa status ready in keygen\n"); + while((lsu_read_32(CLP_MLDSA_REG_MLDSA_STATUS) & MLDSA_REG_MLDSA_STATUS_READY_MASK) == 0); + + printf("\nMLDSA KEYGEN\n"); + // Enable MLDSA KEYGEN + lsu_write_32(CLP_MLDSA_REG_MLDSA_CTRL, MLDSA_CMD_KEYGEN); + + // // wait for MLDSA KEYGEN process to be done + wait_for_mldsa_intr(); + + mldsa_zeroize(); + cptra_intr_rcv.mldsa_notif = 0; + + //-------------------------------------------------------------- + printf("%c", 0xda); //inject msg, sk for signing + + // wait for MLDSA to be ready + printf("Waiting for mldsa status ready in signing\n"); + while((lsu_read_32(CLP_MLDSA_REG_MLDSA_STATUS) & MLDSA_REG_MLDSA_STATUS_READY_MASK) == 0); + + printf("\nMLDSA SIGNING\n"); + // Enable MLDSA SIGNING + lsu_write_32(CLP_MLDSA_REG_MLDSA_CTRL, MLDSA_CMD_SIGNING); + + // // wait for MLDSA SIGNING process to be done + wait_for_mldsa_intr(); + + mldsa_zeroize(); + cptra_intr_rcv.mldsa_notif = 0; + + //-------------------------------------------------------------- + printf("%c", 0xdb); //inject msg, sig, pk for verifying + + // wait for MLDSA to be ready + printf("Waiting for mldsa status ready in verify\n"); + while((lsu_read_32(CLP_MLDSA_REG_MLDSA_STATUS) & MLDSA_REG_MLDSA_STATUS_READY_MASK) == 0); + + printf("\nMLDSA VERIFY\n"); + // Enable MLDSA Verify + lsu_write_32(CLP_MLDSA_REG_MLDSA_CTRL, MLDSA_CMD_VERIFYING); + + // // wait for MLDSA SIGNING process to be done + wait_for_mldsa_intr(); + + mldsa_zeroize(); + cptra_intr_rcv.mldsa_notif = 0; + + printf("%c",0xff); //End the test + +} + + diff --git a/src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/smoke_test_mldsa_keygen_standalone_sign_vfy_rand.ld b/src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/smoke_test_mldsa_keygen_standalone_sign_vfy_rand.ld new file mode 100644 index 000000000..83a09ceac --- /dev/null +++ b/src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/smoke_test_mldsa_keygen_standalone_sign_vfy_rand.ld @@ -0,0 +1,69 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +OUTPUT_ARCH( "riscv" ) +ENTRY(_start) + +SECTIONS { + . = 0x0; + .text : { *(.text*) } + + .eh_frame : { *(.eh_frame) } + /* DCCM as VMA */ + /* Data is bundled with ROM image in iMem */ + /* Align data to 4-bytes to allow LSU access to work + * when copying to DCCM */ + /* Only upper half of DCCM is used for ROM image */ + _data_lma_start = ALIGN(4); + _data_vma_start = 0x50010000; + .data _data_vma_start : AT(_data_lma_start) { *(.*data) *(.*data.*) *(.rodata*) *(.srodata*) ; . = ALIGN(4);} =0x0000, + _data_lma_end = _data_lma_start + SIZEOF(.data); + _data_vma_end = _data_vma_start + SIZEOF(.data); + + _bss_lma_start = _data_lma_end; + _bss_vma_start = _data_vma_end; + .bss _bss_vma_start : AT(_bss_lma_start) { *(.sbss) *(.bss) ; . = ALIGN(4);} =0x0000, + _bss_lma_end = _bss_lma_start + SIZEOF(.bss); + _bss_vma_end = _bss_vma_start + SIZEOF(.bss); + + _end = _bss_lma_end; + ASSERT( _end < 0x0000C000, "ERROR: ROM size exceeds 48KiB") + + /* DCCM as VMA and LMA */ + . = _bss_vma_end; + _dccm_lma_start = _bss_vma_end; /* ----\___ SAME */ + _dccm_vma_start = _bss_vma_end; /* ----/ */ + .dccm _dccm_vma_start : AT(_dccm_lma_start) { *(.dccm*) . = ALIGN(4); } =0x0000, + iccm_code0_start = .; + + /* ICCM as VMA */ + /* All of these sections start at the base address of ICCM, and cannot coexist */ + /* The code in these sections will be loaded to DCCM alongside .data and later + * copied into ICCM for execution. + * NOTE: none of these sections will be used by the val image/FMC/RT flows */ + .data_iccm0 0x40000000 : AT(iccm_code0_start) {*(.data_iccm0) ; . = ALIGN(4); } =0x0000, /* iccm_code0_start, after .data, as LMA */ + iccm_code0_end = iccm_code0_start + SIZEOF(.data_iccm0); + iccm_code1_start = ALIGN(iccm_code0_end,4); + .data_iccm1 0x40000000 : AT(iccm_code1_start) {*(.data_iccm1) ; . = ALIGN(4); } =0x0000, /* iccm_code1_start, after .data, as LMA */ + iccm_code1_end = iccm_code1_start + SIZEOF(.data_iccm1); + iccm_code2_start = ALIGN(iccm_code1_end,4); + .data_iccm2 0x40000000 : AT(iccm_code2_start) {*(.data_iccm2) ; . = ALIGN(4); } =0x0000, /* iccm_code2_start, after .data, as LMA */ + iccm_code2_end = iccm_code2_start + SIZEOF(.data_iccm2); + + /* Stack is at the end of DCCM after .data_iccm2 */ + . = ALIGN(iccm_code2_end,16); + STACK = ALIGN(16) + 0x8000; + ASSERT( (STACK < 0x50020000), "ERROR: Stack overflows the DCCM -- note: lower half of DCCM is allocated in the validation image for remote firmware images") +} diff --git a/src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/smoke_test_mldsa_keygen_standalone_sign_vfy_rand.yml b/src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/smoke_test_mldsa_keygen_standalone_sign_vfy_rand.yml new file mode 100644 index 000000000..ce17b3f8b --- /dev/null +++ b/src/integration/test_suites/smoke_test_mldsa_keygen_standalone_sign_vfy_rand/smoke_test_mldsa_keygen_standalone_sign_vfy_rand.yml @@ -0,0 +1,3 @@ +--- +seed: ${PLAYBOOK_RANDOM_SEED} #1736062140 +testname: smoke_test_mldsa_keygen_standalone_sign_vfy_rand From 86a2f79229a42bb4b4a9e758646a436ef6e7540e Mon Sep 17 00:00:00 2001 From: Kiran Upadhyayula Date: Tue, 7 Jan 2025 11:52:12 -0800 Subject: [PATCH 3/5] Parameterize reg sizes in SVA, add verilator flag around randomization --- src/integration/asserts/caliptra_top_sva.sv | 43 ++++++++++++------- .../tb/caliptra_top_tb_services.sv | 22 +++++++--- .../smoke_test_mldsa_rand.c | 4 +- 3 files changed, 45 insertions(+), 24 deletions(-) diff --git a/src/integration/asserts/caliptra_top_sva.sv b/src/integration/asserts/caliptra_top_sva.sv index de3c02c1c..2b735410f 100644 --- a/src/integration/asserts/caliptra_top_sva.sv +++ b/src/integration/asserts/caliptra_top_sva.sv @@ -78,7 +78,17 @@ module caliptra_top_sva localparam SHA256_DIG_NUM_DWORDS = 8; //`SHA256_PATH.DIG_NUM_DWORDS; localparam SHA256_BLOCK_NUM_DWORDS = 16; //`SHA256_PATH.BLOCK_NUM_DWORDS; localparam DOE_256_NUM_ROUNDS = 14; //`DOE_INST_PATH.i_doe_core_cbc.keymem.DOE_256_NUM_ROUNDS - + localparam SEED_NUM_DWORDS = 8; + localparam MSG_NUM_DWORDS = 16; + localparam PRIVKEY_NUM_DWORDS = 1224; + localparam PRIVKEY_REG_NUM_DWORDS = 32; + localparam PRIVKEY_REG_RHO_NUM_DWORDS = 8; + localparam SIGNATURE_H_NUM_DWORDS = 21; + localparam VERIFY_RES_NUM_DWORDS = 16; + localparam PRIVKEY_MEM_NUM_DWORDS = PRIVKEY_NUM_DWORDS - PRIVKEY_REG_NUM_DWORDS; + localparam SIGNATURE_C_NUM_DWORDS = 16; + localparam SIGNATURE_Z_NUM_DWORDS = 1120; + localparam SIGNATURE_NUM_DWORDS = SIGNATURE_H_NUM_DWORDS + SIGNATURE_Z_NUM_DWORDS + SIGNATURE_C_NUM_DWORDS; //TODO: add disable condition based on doe cmd reg DOE_lock_uds_set: assert property ( @(posedge `SVA_RDC_CLK) @@ -275,10 +285,11 @@ module caliptra_top_sva endgenerate `endif + `ifndef VERILATOR //MLDSA data checks generate begin: MLDSA_keygen_data_check - for (genvar dword = 0; dword < 32; dword++) begin + for (genvar dword = 0; dword < PRIVKEY_REG_NUM_DWORDS; dword++) begin MLDSA_privkey_0_31_data_check: assert property ( @(posedge `SVA_RDC_CLK) disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) @@ -287,22 +298,22 @@ module caliptra_top_sva else $display("SVA ERROR: [MLDSA keygen] SK output %h does not match expected SK %h at index %h",`MLDSA_PATH.privatekey_reg.raw[dword], {`SERVICES_PATH.mldsa_test_vector.privkey[dword][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[dword][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[dword][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[dword][31:24]}, dword); end - for (genvar dword = 0; dword < 596; dword++) begin + for (genvar dword = 0; dword < PRIVKEY_MEM_NUM_DWORDS/2; dword++) begin MLDSA_privkey_even_data_check: assert property ( @(posedge `SVA_RDC_CLK) disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) - (((`SERVICES_PATH.mldsa_keygen || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_sk_ram_bank0.ram[dword] == {`SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][31:24]})) + (((`SERVICES_PATH.mldsa_keygen || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_sk_ram_bank0.ram[dword] == {`SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+(2*dword)][31:24]})) ) - else $display("SVA ERROR: [MLDSA keygen] SK output %h does not match expected SK %h at index %h",`MLDSA_PATH.mldsa_sk_ram_bank0.ram[dword], {`SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[32+(2*dword)][31:24]}, 32+(2*dword)); + else $display("SVA ERROR: [MLDSA keygen] SK output %h does not match expected SK %h at index %h",`MLDSA_PATH.mldsa_sk_ram_bank0.ram[dword], {`SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+(2*dword)][31:24]}, PRIVKEY_REG_NUM_DWORDS+(2*dword)); end - for (genvar dword = 0; dword < 596; dword++) begin + for (genvar dword = 0; dword < PRIVKEY_MEM_NUM_DWORDS/2; dword++) begin MLDSA_privkey_odd_data_check: assert property ( @(posedge `SVA_RDC_CLK) disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) - (((`SERVICES_PATH.mldsa_keygen || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_sk_ram_bank1.ram[dword] == {`SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][31:24]})) + (((`SERVICES_PATH.mldsa_keygen || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.mldsa_sk_ram_bank1.ram[dword] == {`SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+1+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+1+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+1+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+1+(2*dword)][31:24]})) ) - else $display("SVA ERROR: [MLDSA keygen] SK output %h does not match expected SK %h at index %h",`MLDSA_PATH.mldsa_sk_ram_bank0.ram[dword], {`SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[33+(2*dword)][31:24]}, 33+(2*dword)); + else $display("SVA ERROR: [MLDSA keygen] SK output %h does not match expected SK %h at index %h",`MLDSA_PATH.mldsa_sk_ram_bank0.ram[dword], {`SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+1+(2*dword)][7:0], `SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+1+(2*dword)][15:8], `SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+1+(2*dword)][23:16], `SERVICES_PATH.mldsa_test_vector.privkey[PRIVKEY_REG_NUM_DWORDS+1+(2*dword)][31:24]}, PRIVKEY_REG_NUM_DWORDS+1+(2*dword)); end for (genvar dword = 0; dword < 8; dword++) begin @@ -331,16 +342,16 @@ module caliptra_top_sva endgenerate generate begin: MLDSA_signature_data_check - for (genvar dword = 0; dword < 21; dword++) begin + for (genvar dword = 0; dword < SIGNATURE_H_NUM_DWORDS; dword++) begin MLDSA_signature_16_36_data_check: assert property ( @(posedge `SVA_RDC_CLK) disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) - (((`SERVICES_PATH.mldsa_signing || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.signature_reg.raw[16+dword] == {`SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][7:0], `SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][15:8], `SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][23:16], `SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][31:24]})) + (((`SERVICES_PATH.mldsa_signing || `SERVICES_PATH.mldsa_keygen_signing) && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_PATH.signature_reg.raw[SIGNATURE_C_NUM_DWORDS+dword] == {`SERVICES_PATH.mldsa_test_vector.signature[(SIGNATURE_NUM_DWORDS-1)-((SIGNATURE_H_NUM_DWORDS-1)-dword)][7:0], `SERVICES_PATH.mldsa_test_vector.signature[(SIGNATURE_NUM_DWORDS-1)-((SIGNATURE_H_NUM_DWORDS-1)-dword)][15:8], `SERVICES_PATH.mldsa_test_vector.signature[(SIGNATURE_NUM_DWORDS-1)-((SIGNATURE_H_NUM_DWORDS-1)-dword)][23:16], `SERVICES_PATH.mldsa_test_vector.signature[(SIGNATURE_NUM_DWORDS-1)-((SIGNATURE_H_NUM_DWORDS-1)-dword)][31:24]})) ) - else $display("SVA ERROR: [MLDSA signing] Signature output %h does not match expected signature %h at index %h",`MLDSA_PATH.signature_reg.raw[16+dword], {`SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][7:0], `SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][15:8], `SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][23:16], `SERVICES_PATH.mldsa_test_vector.signature[1156-(20-dword)][31:24]}, 16+dword); + else $display("SVA ERROR: [MLDSA signing] Signature output %h does not match expected signature %h at index %h",`MLDSA_PATH.signature_reg.raw[SIGNATURE_C_NUM_DWORDS+dword], {`SERVICES_PATH.mldsa_test_vector.signature[(SIGNATURE_NUM_DWORDS-1)-((SIGNATURE_H_NUM_DWORDS-1)-dword)][7:0], `SERVICES_PATH.mldsa_test_vector.signature[(SIGNATURE_NUM_DWORDS-1)-((SIGNATURE_H_NUM_DWORDS-1)-dword)][15:8], `SERVICES_PATH.mldsa_test_vector.signature[(SIGNATURE_NUM_DWORDS-1)-((SIGNATURE_H_NUM_DWORDS-1)-dword)][23:16], `SERVICES_PATH.mldsa_test_vector.signature[(SIGNATURE_NUM_DWORDS-1)-((SIGNATURE_H_NUM_DWORDS-1)-dword)][31:24]}, SIGNATURE_C_NUM_DWORDS+dword); end - for (genvar dword = 0; dword < 16; dword++) begin + for (genvar dword = 0; dword < SIGNATURE_C_NUM_DWORDS; dword++) begin MLDSA_signature_0_15_data_check: assert property ( @(posedge `SVA_RDC_CLK) disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) @@ -366,17 +377,17 @@ module caliptra_top_sva endgenerate generate begin: MLDSA_verify_data_check - for (genvar dword = 0; dword < 16; dword++) begin + for (genvar dword = 0; dword < VERIFY_RES_NUM_DWORDS; dword++) begin MLDSA_verify_res_data_check: assert property ( @(posedge `SVA_RDC_CLK) disable iff (`CPTRA_TOP_PATH.scan_mode || !`CPTRA_TOP_PATH.security_state.debug_locked) - ((`SERVICES_PATH.mldsa_verify && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_REG_PATH.hwif_out.MLDSA_VERIFY_RES[dword] == {`SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][7:0], `SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][15:8], `SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][23:16], `SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][31:24]})) + ((`SERVICES_PATH.mldsa_verify && `MLDSA_PATH.mldsa_status_done_p) |=> (`MLDSA_REG_PATH.hwif_out.MLDSA_VERIFY_RES[dword] == {`SERVICES_PATH.mldsa_test_vector.verify_res[(VERIFY_RES_NUM_DWORDS-1)-dword][7:0], `SERVICES_PATH.mldsa_test_vector.verify_res[(VERIFY_RES_NUM_DWORDS-1)-dword][15:8], `SERVICES_PATH.mldsa_test_vector.verify_res[(VERIFY_RES_NUM_DWORDS-1)-dword][23:16], `SERVICES_PATH.mldsa_test_vector.verify_res[(VERIFY_RES_NUM_DWORDS-1)-dword][31:24]})) ) - else $display("SVA ERROR: [MLDSA verify] Verify output %h does not match expected verify res %h at index %h",`MLDSA_REG_PATH.hwif_out.MLDSA_VERIFY_RES[dword], {`SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][7:0], `SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][15:8], `SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][23:16], `SERVICES_PATH.mldsa_test_vector.verify_res[15-dword][31:24]}, dword); + else $display("SVA ERROR: [MLDSA verify] Verify output %h does not match expected verify res %h at index %h",`MLDSA_REG_PATH.hwif_out.MLDSA_VERIFY_RES[dword], {`SERVICES_PATH.mldsa_test_vector.verify_res[(VERIFY_RES_NUM_DWORDS-1)-dword][7:0], `SERVICES_PATH.mldsa_test_vector.verify_res[(VERIFY_RES_NUM_DWORDS-1)-dword][15:8], `SERVICES_PATH.mldsa_test_vector.verify_res[(VERIFY_RES_NUM_DWORDS-1)-dword][23:16], `SERVICES_PATH.mldsa_test_vector.verify_res[(VERIFY_RES_NUM_DWORDS-1)-dword][31:24]}, dword); end end endgenerate - + `endif //Generate disable signal for fuse_wr_check sva when hwclr is asserted. The disable needs to be for 3 clks in order to ignore the fuses being cleared logic clear_obf_secrets_f; logic clear_obf_secrets_ff; diff --git a/src/integration/tb/caliptra_top_tb_services.sv b/src/integration/tb/caliptra_top_tb_services.sv index aae390f96..374b8fad2 100644 --- a/src/integration/tb/caliptra_top_tb_services.sv +++ b/src/integration/tb/caliptra_top_tb_services.sv @@ -92,6 +92,14 @@ module caliptra_top_tb_services //=========================================================================- // Parameters //=========================================================================- + localparam SEED_NUM_DWORDS = 8; + localparam MSG_NUM_DWORDS = 16; + localparam PRIVKEY_NUM_DWORDS = 1224; + localparam PRIVKEY_REG_NUM_DWORDS = 32; + localparam PRIVKEY_REG_RHO_NUM_DWORDS = 8; + localparam SIGNATURE_H_NUM_DWORDS = 21; + localparam VERIFY_RES_NUM_DWORDS = 16; + `ifndef VERILATOR int MAX_CYCLES; initial begin @@ -641,6 +649,7 @@ module caliptra_top_tb_services release caliptra_top_dut.mldsa.norm_check_inst.invalid; end + `ifndef VERILATOR logic mldsa_keygen, mldsa_signing, mldsa_verify, mldsa_keygen_signing; always @(negedge clk or negedge cptra_rst_b) begin @@ -680,7 +689,7 @@ module caliptra_top_tb_services genvar mldsa_dword; generate //MLDSA keygen - inject seed - for (mldsa_dword = 0; mldsa_dword < 8; mldsa_dword++) begin + for (mldsa_dword = 0; mldsa_dword < SEED_NUM_DWORDS; mldsa_dword++) begin always @(negedge clk) begin if (mldsa_keygen | mldsa_keygen_signing) begin force caliptra_top_dut.mldsa.mldsa_reg_inst.hwif_out.MLDSA_SEED[mldsa_dword].SEED.value = {mldsa_test_vector.seed[7-mldsa_dword][7:0], mldsa_test_vector.seed[7-mldsa_dword][15:8], mldsa_test_vector.seed[7-mldsa_dword][23:16], mldsa_test_vector.seed[7-mldsa_dword][31:24]}; @@ -692,7 +701,7 @@ module caliptra_top_tb_services end //MLDSA signing or MLDSA verify - inject msg - for (mldsa_dword = 0; mldsa_dword < 16; mldsa_dword++) begin + for (mldsa_dword = 0; mldsa_dword < MSG_NUM_DWORDS; mldsa_dword++) begin always @(negedge clk) begin if (mldsa_signing | mldsa_verify | mldsa_keygen_signing) begin force caliptra_top_dut.mldsa.mldsa_reg_inst.hwif_out.MLDSA_MSG[mldsa_dword].MSG.value = {mldsa_test_vector.msg[15-mldsa_dword][7:0], mldsa_test_vector.msg[15-mldsa_dword][15:8], mldsa_test_vector.msg[15-mldsa_dword][23:16], mldsa_test_vector.msg[15-mldsa_dword][31:24]}; @@ -704,7 +713,7 @@ module caliptra_top_tb_services end //MLDSA signing - inject sk - for (mldsa_dword = 0; mldsa_dword < 4; mldsa_dword++) begin + for (mldsa_dword = 0; mldsa_dword < PRIVKEY_REG_RHO_NUM_DWORDS/2; mldsa_dword++) begin always @(negedge clk) begin if (mldsa_signing) begin force caliptra_top_dut.mldsa.mldsa_ctrl_inst.privatekey_reg.enc.rho[mldsa_dword] = {mldsa_test_vector.privkey[((mldsa_dword*2)+1)][7:0], mldsa_test_vector.privkey[((mldsa_dword*2)+1)][15:8], mldsa_test_vector.privkey[((mldsa_dword*2)+1)][23:16], mldsa_test_vector.privkey[((mldsa_dword*2)+1)][31:24], @@ -731,7 +740,7 @@ module caliptra_top_tb_services end end - for (mldsa_dword = 32; mldsa_dword < 1224; mldsa_dword++) begin + for (mldsa_dword = PRIVKEY_REG_NUM_DWORDS; mldsa_dword < PRIVKEY_NUM_DWORDS; mldsa_dword++) begin always @(negedge clk) begin if (mldsa_signing) begin if ((mldsa_dword % 2) == 0) begin @@ -773,7 +782,7 @@ module caliptra_top_tb_services end //MLDSA verify - inject signature - for (mldsa_dword = 0; mldsa_dword < 16; mldsa_dword++) begin + for (mldsa_dword = 0; mldsa_dword < VERIFY_RES_NUM_DWORDS; mldsa_dword++) begin always @(negedge clk) begin if (mldsa_verify) begin force caliptra_top_dut.mldsa.mldsa_ctrl_inst.signature_reg.enc.c[mldsa_dword] = {mldsa_test_vector.signature[mldsa_dword][7:0], mldsa_test_vector.signature[mldsa_dword][15:8], mldsa_test_vector.signature[mldsa_dword][23:16], mldsa_test_vector.signature[mldsa_dword][31:24]}; @@ -783,7 +792,7 @@ module caliptra_top_tb_services end end end - for (mldsa_dword = 0; mldsa_dword < 21; mldsa_dword++) begin + for (mldsa_dword = 0; mldsa_dword < SIGNATURE_H_NUM_DWORDS; mldsa_dword++) begin always @(negedge clk) begin if (mldsa_verify) begin force caliptra_top_dut.mldsa.mldsa_ctrl_inst.signature_reg.enc.h[mldsa_dword] = {mldsa_test_vector.signature[1136+mldsa_dword][7:0], mldsa_test_vector.signature[1136+mldsa_dword][15:8], mldsa_test_vector.signature[1136+mldsa_dword][23:16], mldsa_test_vector.signature[1136+mldsa_dword][31:24]}; @@ -806,6 +815,7 @@ module caliptra_top_tb_services end end endgenerate + `endif //Randomized wntz generate diff --git a/src/integration/test_suites/smoke_test_mldsa_rand/smoke_test_mldsa_rand.c b/src/integration/test_suites/smoke_test_mldsa_rand/smoke_test_mldsa_rand.c index cbe9fb8c8..441c150c1 100644 --- a/src/integration/test_suites/smoke_test_mldsa_rand/smoke_test_mldsa_rand.c +++ b/src/integration/test_suites/smoke_test_mldsa_rand/smoke_test_mldsa_rand.c @@ -505,7 +505,7 @@ void main() { mldsa_zeroize(); cptra_intr_rcv.mldsa_notif = 0; - mldsa_keygen_signing_flow(seed, msg, sign_rnd, entropy, sign, 0x00); + mldsa_keygen_signing_flow(seed, msg, sign_rnd, entropy, sign); mldsa_zeroize(); cptra_intr_rcv.mldsa_notif = 0; @@ -513,7 +513,7 @@ void main() { mldsa_zeroize(); cptra_intr_rcv.mldsa_notif = 0; - mldsa_verifying_flow(msg, pubkey, sign, verify_res, 0x00); + mldsa_verifying_flow(msg, pubkey, sign, verify_res); mldsa_zeroize(); cptra_intr_rcv.mldsa_notif = 0; From 6d057253a2013878cb8c74a9b823dbcc45adb0b7 Mon Sep 17 00:00:00 2001 From: Kiran Upadhyayula Date: Wed, 8 Jan 2025 00:02:38 +0000 Subject: [PATCH 4/5] MICROSOFT AUTOMATED PIPELINE: Stamp 'user/dev/kupadhyayula/mldsa_rand_val' with updated timestamp and hash after successful run --- .github/workflow_metadata/pr_hash | 2 +- .github/workflow_metadata/pr_timestamp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflow_metadata/pr_hash b/.github/workflow_metadata/pr_hash index 0e963a37f..8bb1e3737 100644 --- a/.github/workflow_metadata/pr_hash +++ b/.github/workflow_metadata/pr_hash @@ -1 +1 @@ -c8e06113e37e54e9876411db9113dde467573ddcdfa04c21e4aabed77398465566c22fc6db80017342843e5b55280e45 \ No newline at end of file +223faeb9835948dfe3f3de9e60d04b5997d5af2f6e3b154fdb060cc7861d0eab4fad9318ac3db8b04db1f7542592d87e \ No newline at end of file diff --git a/.github/workflow_metadata/pr_timestamp b/.github/workflow_metadata/pr_timestamp index 2b923128a..abd8e51e3 100644 --- a/.github/workflow_metadata/pr_timestamp +++ b/.github/workflow_metadata/pr_timestamp @@ -1 +1 @@ -1734986966 \ No newline at end of file +1736294553 \ No newline at end of file From 17eb8c50e911d65a28b796e0edae685810915d06 Mon Sep 17 00:00:00 2001 From: Kiran Upadhyayula Date: Wed, 8 Jan 2025 01:52:38 +0000 Subject: [PATCH 5/5] MICROSOFT AUTOMATED PIPELINE: Stamp 'user/dev/kupadhyayula/mldsa_rand_val' with updated timestamp and hash after successful run --- .github/workflow_metadata/pr_hash | 2 +- .github/workflow_metadata/pr_timestamp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflow_metadata/pr_hash b/.github/workflow_metadata/pr_hash index 29d3ebd84..3212c9cf5 100644 --- a/.github/workflow_metadata/pr_hash +++ b/.github/workflow_metadata/pr_hash @@ -1 +1 @@ -223faeb9835948dfe3f3de9e60d04b5997d5af2f6e3b154fdb060cc7861d0eab4fad9318ac3db8b04db1f7542592d87e +43dfab7a70b0c74173df4e0d3da7140d71725ba41e9fff0d4a55f8ceb5ab777a805162ebdfe08c0595d99644268926de \ No newline at end of file diff --git a/.github/workflow_metadata/pr_timestamp b/.github/workflow_metadata/pr_timestamp index 98c25670c..d4bdc6289 100644 --- a/.github/workflow_metadata/pr_timestamp +++ b/.github/workflow_metadata/pr_timestamp @@ -1 +1 @@ -1736294553 +1736301153 \ No newline at end of file