Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pure MLDSA KATs and coverage #655

Merged
merged 10 commits into from
Dec 17, 2024
2 changes: 1 addition & 1 deletion .github/workflow_metadata/pr_hash
Original file line number Diff line number Diff line change
@@ -1 +1 @@
e39f1ecd8ed43f5ecb5bdd1dbb9072d204c18245efb5915dcb3d64983d6894fd71f0a6bb10c2faff3a1d4fd0dfadd7f9
5a68dbd0f36f885e06f6b9acccbdf27c92bf66f5123a498013d95e71b8b1a44652d960f1e520cfa43ef6f4aec44044a5
2 changes: 1 addition & 1 deletion .github/workflow_metadata/pr_timestamp
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1733535289
1734395959
1 change: 1 addition & 0 deletions src/integration/config/compile.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ requires:
- soc_ifc_coverage
- pcrvault_cov
- keyvault_cov
#- mldsa_coverage //TODO: Add after updating submodule
targets:
dpi_compile:
directories:
Expand Down
4 changes: 2 additions & 2 deletions src/integration/stimulus/L0_regression.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ contents:
- ../test_suites/c_intr_handler/c_intr_handler.yml
- ../test_suites/smoke_test_ecc/smoke_test_ecc.yml
- ../test_suites/smoke_test_hmac/smoke_test_hmac.yml
- ../test_suites/smoke_test_mldsa/smoke_test_mldsa.yml
#- ../test_suites/smoke_test_mldsa/smoke_test_mldsa.yml //TODO: Add after updating submodule
- ../test_suites/smoke_test_kv/smoke_test_kv.yml
- ../test_suites/smoke_test_sram_ecc/smoke_test_sram_ecc.yml
- ../test_suites/smoke_test_ras/smoke_test_ras.yml
Expand All @@ -41,7 +41,7 @@ contents:
#- ../test_suites/smoke_test_kv_sha512_flow/smoke_test_kv_sha512_flow.yml Removed SHA KV functionality
- ../test_suites/smoke_test_kv_crypto_flow/smoke_test_kv_crypto_flow.yml
- ../test_suites/smoke_test_kv_cg/smoke_test_kv_cg.yml
- ../test_suites/smoke_test_kv_mldsa/smoke_test_kv_mldsa.yml
#- ../test_suites/smoke_test_kv_mldsa/smoke_test_kv_mldsa.yml //TODO: Add after updating submodule
- ../test_suites/pv_hash_and_sign/pv_hash_and_sign.yml
- ../test_suites/smoke_test_pcr_signing/smoke_test_pcr_signing.yml
- ../test_suites/smoke_test_fw_kv_backtoback_hmac/smoke_test_fw_kv_backtoback_hmac.yml
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ contents:
- ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_ecc/smoke_test_ecc.yml
- ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_hmac/smoke_test_hmac.yml
- ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_hmac_errortrigger/smoke_test_hmac_errortrigger.yml
- ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_mldsa_rand/smoke_test_mldsa_rand.yml
# - ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_mldsa_rand/smoke_test_mldsa_rand.yml //TODO: Add after updating submodule
- ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_kv/smoke_test_kv.yml
- ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_sram_ecc/smoke_test_sram_ecc.yml
- ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_ras/smoke_test_ras.yml
Expand All @@ -44,7 +44,7 @@ contents:
# - ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_kv_sha512_flow/smoke_test_kv_sha512_flow.yml
- ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_kv_crypto_flow/smoke_test_kv_crypto_flow.yml
- ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_kv_cg/smoke_test_kv_cg.yml
- ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_kv_mldsa/smoke_test_kv_mldsa.yml
#- ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_kv_mldsa/smoke_test_kv_mldsa.yml //TODO: Add after updating submodule
- ${CALIPTRA_ROOT}/src/integration/test_suites/pv_hash_and_sign/pv_hash_and_sign.yml
- ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_pcr_signing/smoke_test_pcr_signing.yml
- ${CALIPTRA_ROOT}/src/integration/test_suites/smoke_test_fw_kv_backtoback_hmac/smoke_test_fw_kv_backtoback_hmac.yml
Expand Down
3 changes: 2 additions & 1 deletion src/integration/tb/caliptra_top_tb_services.sv
Original file line number Diff line number Diff line change
Expand Up @@ -416,7 +416,7 @@ module caliptra_top_tb_services
logic [0:15][31:0] ecc_privkey_tb = 512'h_F274F69D163B0C9F1FC3EBF4292AD1C4EB3CEC1C5A7DDE6F80C14292934C2055E087748D0A169C772483ADEE5EE70E17_00000000000000000000000000000000;
logic [0:15][31:0] hmac384_key_tb = 512'h_0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b_00000000000000000000000000000000;
logic [0:15][31:0] hmac512_key_tb = 512'h0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b;
logic [15:0][31:0] mldsa_seed_tb = 512'h_55555555555555555555555555555555_9340000a_675fd127_37071d12_3fcee4d5_a243fe28_0768f0d4_46768a85_2d5cf89c; //fixme padded with junk
logic [0:15][31:0] mldsa_seed_tb = 512'h_2d5cf89c46768a850768f0d4a243fe283fcee4d537071d12675fd1279340000a_55555555555555555555555555555555_00000000000000000000000000000000; //fixme padded with junk
logic [0:15][31:0] ecc_privkey_random;

always_comb ecc_privkey_random = {ecc_test_vector.privkey, 128'h_00000000000000000000000000000000};
Expand Down Expand Up @@ -1983,6 +1983,7 @@ sha512_ctrl_cov_bind i_sha512_ctrl_cov_bind();
sha256_ctrl_cov_bind i_sha256_ctrl_cov_bind();
hmac_ctrl_cov_bind i_hmac_ctrl_cov_bind();
ecc_top_cov_bind i_ecc_top_cov_bind();
// mldsa_top_cov_bind i_mldsa_top_cov_bind(); //TODO: Add after updating submodule
keyvault_cov_bind i_keyvault_cov_bind();
pcrvault_cov_bind i_pcrvault_cov_bind();
`endif
Expand Down
166 changes: 63 additions & 103 deletions src/integration/test_suites/libs/mldsa/mldsa.c
Original file line number Diff line number Diff line change
Expand Up @@ -43,18 +43,20 @@ void mldsa_zeroize(){



void mldsa_keygen_flow(mldsa_io seed, uint32_t sign_rnd[8], uint32_t entropy[16], uint32_t privkey[1224], uint32_t pubkey[648]){
void mldsa_keygen_flow(mldsa_io seed, uint32_t entropy[MLDSA87_ENTROPY_SIZE], uint32_t privkey[MLDSA87_PRIVKEY_SIZE], uint32_t pubkey[MLDSA87_PUBKEY_SIZE])
{
uint16_t offset;
volatile uint32_t * reg_ptr;
uint8_t fail_cmd = 0x1;

uint32_t mldsa_privkey [1224];
uint32_t mldsa_pubkey [648];
uint32_t mldsa_privkey [MLDSA87_PRIVKEY_SIZE];
uint32_t mldsa_pubkey [MLDSA87_PUBKEY_SIZE];

// wait for MLDSA to be ready
printf("Waiting for mldsa status ready in keygen\n");
while((lsu_read_32(CLP_MLDSA_REG_MLDSA_STATUS) & MLDSA_REG_MLDSA_STATUS_READY_MASK) == 0);

//Program mldsa seed
if(seed.kv_intf){
// Program MLDSA_SEED Read with 12 dwords from seed_kv_id
lsu_write_32(CLP_MLDSA_REG_MLDSA_KV_RD_SEED_CTRL, (MLDSA_REG_MLDSA_KV_RD_SEED_CTRL_READ_EN_MASK |
Expand Down Expand Up @@ -92,28 +94,28 @@ void mldsa_keygen_flow(mldsa_io seed, uint32_t sign_rnd[8], uint32_t entropy[16]
// // wait for MLDSA KEYGEN process to be done
wait_for_mldsa_intr();

// Read the data back from MLDSA register
printf("Load PRIVKEY data from MLDSA\n");
reg_ptr = (uint32_t *) CLP_MLDSA_REG_MLDSA_PRIVKEY_OUT_BASE_ADDR;
offset = 0;
while (offset <= 1223) {
mldsa_privkey[offset] = *reg_ptr;
if (mldsa_privkey[offset] != privkey[offset]) {
printf("At offset [%d], mldsa_privkey data mismatch!\n", offset);
printf("Actual data: 0x%x\n", mldsa_privkey[offset]);
printf("Expected data: 0x%x\n", privkey[offset]);
printf("%c", fail_cmd);
while(1);
}
reg_ptr++;
offset++;
// Read the data back from MLDSA register
printf("Load PRIVKEY data from MLDSA\n");
reg_ptr = (uint32_t *) CLP_MLDSA_REG_MLDSA_PRIVKEY_OUT_BASE_ADDR;
offset = 0;
while (offset < MLDSA87_PRIVKEY_SIZE) {
mldsa_privkey[offset] = *reg_ptr;
if (mldsa_privkey[offset] != privkey[offset]) {
printf("At offset [%d], mldsa_privkey data mismatch!\n", offset);
printf("Actual data: 0x%x\n", mldsa_privkey[offset]);
printf("Expected data: 0x%x\n", privkey[offset]);
printf("%c", fail_cmd);
while(1);
}
reg_ptr++;
offset++;
}

// Read the data back from MLDSA register
printf("Load PUBKEY data from MLDSA\n");
reg_ptr = (uint32_t*) CLP_MLDSA_REG_MLDSA_PUBKEY_BASE_ADDR;
offset = 0;
while (offset <= 647) {
while (offset < MLDSA87_PUBKEY_SIZE) {
mldsa_pubkey[offset] = *reg_ptr;
if (mldsa_pubkey[offset] != pubkey[offset]) {
printf("At offset [%d], mldsa_pubkey data mismatch!\n", offset);
Expand All @@ -128,21 +130,19 @@ void mldsa_keygen_flow(mldsa_io seed, uint32_t sign_rnd[8], uint32_t entropy[16]

}

void mldsa_keygen_signing_flow(mldsa_io seed, uint32_t sign_rnd[8], uint32_t msg[16], uint32_t privkey[1224], uint32_t pubkey[648], uint32_t sign[1157]) {
void mldsa_keygen_signing_flow(mldsa_io seed, uint32_t msg[MLDSA87_MSG_SIZE], uint32_t sign_rnd[MLDSA87_SIGN_RND_SIZE], uint32_t entropy[MLDSA87_ENTROPY_SIZE], uint32_t sign[MLDSA87_SIGN_SIZE])
{
uint16_t offset;
volatile uint32_t * reg_ptr;
uint8_t fail_cmd = 0x1;

uint32_t mldsa_privkey [1224];
uint32_t mldsa_pubkey [648];
uint32_t mldsa_sign [1157];
uint32_t mldsa_sign [MLDSA87_SIGN_SIZE];

// wait for MLDSA to be ready
printf("Waiting for mldsa status ready in keygen\n");
while((lsu_read_32(CLP_MLDSA_REG_MLDSA_STATUS) & MLDSA_REG_MLDSA_STATUS_READY_MASK) == 0);

//Program mldsa seed

if(seed.kv_intf){
// Program MLDSA_SEED Read with 12 dwords from seed_kv_id
lsu_write_32(CLP_MLDSA_REG_MLDSA_KV_RD_SEED_CTRL, (MLDSA_REG_MLDSA_KV_RD_SEED_CTRL_READ_EN_MASK |
Expand Down Expand Up @@ -179,51 +179,26 @@ void mldsa_keygen_signing_flow(mldsa_io seed, uint32_t sign_rnd[8], uint32_t msg
*reg_ptr++ = sign_rnd[offset++];
}

// Enable MLDSA SIGNING core
// Write MLDSA ENTROPY
printf("Writing entropy\n");
reg_ptr = (uint32_t*) CLP_MLDSA_REG_MLDSA_ENTROPY_0;
offset = 0;
while (reg_ptr <= (uint32_t*) CLP_MLDSA_REG_MLDSA_ENTROPY_15) {
*reg_ptr++ = entropy[offset++];
}

// Enable MLDSA KEYGEN + SIGNING core
printf("\nMLDSA KEYGEN + SIGNING\n");
lsu_write_32(CLP_MLDSA_REG_MLDSA_CTRL, MLDSA_CMD_KEYGEN_SIGN);

// wait for MLDSA SIGNING process to be done
wait_for_mldsa_intr();

// printf("Load PRIVKEY data from MLDSA\n");
// reg_ptr = (uint32_t *) CLP_MLDSA_REG_MLDSA_PRIVKEY_OUT_BASE_ADDR;
// offset = 0;
// while (offset <= 1223) {
// mldsa_privkey[offset] = *reg_ptr;
// if (mldsa_privkey[offset] != privkey[offset]) {
// printf("At offset [%d], mldsa_privkey data mismatch!\n", offset);
// printf("Actual data: 0x%x\n", mldsa_privkey[offset]);
// printf("Expected data: 0x%x\n", privkey[offset]);
// printf("%c", fail_cmd);
// while(1);
// }
// reg_ptr++;
// offset++;
// }

// Read the data back from MLDSA register
printf("Load PUBKEY data from MLDSA\n");
reg_ptr = (uint32_t*) CLP_MLDSA_REG_MLDSA_PUBKEY_BASE_ADDR;
offset = 0;
while (offset <= 647) {
mldsa_pubkey[offset] = *reg_ptr;
if (mldsa_pubkey[offset] != pubkey[offset]) {
printf("At offset [%d], mldsa_pubkey data mismatch!\n", offset);
printf("Actual data: 0x%x\n", mldsa_pubkey[offset]);
printf("Expected data: 0x%x\n", pubkey[offset]);
printf("%c", fail_cmd);
while(1);
}
reg_ptr++;
offset++;
}

// Read the data back from MLDSA register
printf("Load SIGN data from MLDSA\n");
reg_ptr = (uint32_t *) CLP_MLDSA_REG_MLDSA_SIGNATURE_BASE_ADDR;
offset = 0;
while (offset <= 1156) {
while (offset < MLDSA87_SIGN_SIZE) {
mldsa_sign[offset] = *reg_ptr;
if (mldsa_sign[offset] != sign[offset]) {
printf("At offset [%d], mldsa_sign data mismatch!\n", offset);
Expand All @@ -236,51 +211,30 @@ void mldsa_keygen_signing_flow(mldsa_io seed, uint32_t sign_rnd[8], uint32_t msg
offset++;
}


}


void mldsa_signing_flow(uint32_t privkey[1224], uint32_t msg[16], uint32_t entropy[16], uint32_t sign[1157]){
void mldsa_signing_flow(uint32_t privkey[MLDSA87_PRIVKEY_SIZE], uint32_t msg[MLDSA87_MSG_SIZE], uint32_t sign_rnd[MLDSA87_SIGN_RND_SIZE], uint32_t entropy[MLDSA87_ENTROPY_SIZE], uint32_t sign[MLDSA87_SIGN_SIZE])
{
uint16_t offset;
volatile uint32_t * reg_ptr;
uint8_t fail_cmd = 0x1;

uint32_t mldsa_sign [1157];
uint32_t mldsa_sign [MLDSA87_SIGN_SIZE];

// wait for MLDSA to be ready
printf("Waiting for mldsa status ready\n");
while((lsu_read_32(CLP_MLDSA_REG_MLDSA_STATUS) & MLDSA_REG_MLDSA_STATUS_READY_MASK) == 0);

// if (privkey.kv_intf){
// //inject privkey to kv key reg
// //suppose privkey is stored by mldsa_keygen
// printf("Inject PRIVKEY from kv to MLDSA\n");

// // Program MLDSA_PRIVKEY Read with 12 dwords from privkey_kv_id
// lsu_write_32(CLP_MLDSA_REG_MLDSA_KV_RD_PKEY_CTRL, (MLDSA_REG_MLDSA_KV_RD_PKEY_CTRL_READ_EN_MASK |
// ((privkey.kv_id << MLDSA_REG_MLDSA_KV_RD_PKEY_CTRL_READ_ENTRY_LOW) & MLDSA_REG_MLDSA_KV_RD_PKEY_CTRL_READ_ENTRY_MASK)));

// // Try to overwrite MLDSA PRIVKEY from key vault
// reg_ptr = (uint32_t*) CLP_MLDSA_REG_MLDSA_PRIVKEY_IN_0;
// while (reg_ptr <= (uint32_t*) CLP_MLDSA_REG_MLDSA_PRIVKEY_IN_11) {
// *reg_ptr++ = 0;
// }

// // Check that MLDSA PRIVKEY is loaded
// while((lsu_read_32(CLP_MLDSA_REG_MLDSA_KV_RD_PKEY_STATUS) & MLDSA_REG_MLDSA_KV_RD_PKEY_STATUS_VALID_MASK) == 0);
// }
// else{
// Program MLDSA PRIVKEY
printf("Writing privkey\n");
reg_ptr = (uint32_t*) CLP_MLDSA_REG_MLDSA_PRIVKEY_IN_BASE_ADDR;
offset = 0;
while (offset <= 1223) {
// printf("offset = %0d, value = %x, reg ptr = %0d\n", offset++, privkey[offset++], reg_ptr);
*reg_ptr++ = privkey[offset++];
}
// }
// Program MLDSA PRIVKEY
printf("Writing privkey\n");
reg_ptr = (uint32_t*) CLP_MLDSA_REG_MLDSA_PRIVKEY_IN_BASE_ADDR;
offset = 0;
while (offset < MLDSA87_PRIVKEY_SIZE) {
// printf("offset = %0d, value = %x, reg ptr = %0d\n", offset++, privkey[offset++], reg_ptr);
*reg_ptr++ = privkey[offset++];
}


// Program MLDSA MSG
printf("Writing msg\n");
reg_ptr = (uint32_t*) CLP_MLDSA_REG_MLDSA_MSG_0;
Expand All @@ -289,6 +243,13 @@ void mldsa_signing_flow(uint32_t privkey[1224], uint32_t msg[16], uint32_t entro
*reg_ptr++ = msg[offset++];
}

// Program MLDSA Sign Rnd
reg_ptr = (uint32_t*) CLP_MLDSA_REG_MLDSA_SIGN_RND_0;
offset = 0;
while (reg_ptr <= (uint32_t*) CLP_MLDSA_REG_MLDSA_SIGN_RND_7) {
*reg_ptr++ = sign_rnd[offset++];
}

// Program MLDSA ENTROPY
printf("Writing entropy\n");
reg_ptr = (uint32_t*) CLP_MLDSA_REG_MLDSA_ENTROPY_0;
Expand All @@ -308,7 +269,7 @@ void mldsa_signing_flow(uint32_t privkey[1224], uint32_t msg[16], uint32_t entro
printf("Load SIGN data from MLDSA\n");
reg_ptr = (uint32_t *) CLP_MLDSA_REG_MLDSA_SIGNATURE_BASE_ADDR;
offset = 0;
while (offset <= 1156) {
while (offset < MLDSA87_SIGN_SIZE) {
mldsa_sign[offset] = *reg_ptr;
if (mldsa_sign[offset] != sign[offset]) {
printf("At offset [%d], mldsa_sign data mismatch!\n", offset);
Expand All @@ -323,12 +284,13 @@ void mldsa_signing_flow(uint32_t privkey[1224], uint32_t msg[16], uint32_t entro

}

void mldsa_verifying_flow(uint32_t msg[16], uint32_t pubkey[648], uint32_t sign[1157], uint32_t verifyres[16]){
void mldsa_verifying_flow(uint32_t msg[MLDSA87_MSG_SIZE], uint32_t pubkey[MLDSA87_PUBKEY_SIZE], uint32_t sign[MLDSA87_SIGN_SIZE], uint32_t verify_res[MLDSA_VERIFY_RES_SIZE])
{
uint16_t offset;
volatile uint32_t * reg_ptr;
uint8_t fail_cmd = 0x1;

uint32_t mldsa_verifyres [16];
uint32_t mldsa_verify_res [MLDSA_VERIFY_RES_SIZE];

// wait for MLDSA to be ready
while((lsu_read_32(CLP_MLDSA_REG_MLDSA_STATUS) & MLDSA_REG_MLDSA_STATUS_READY_MASK) == 0);
Expand All @@ -343,19 +305,17 @@ void mldsa_verifying_flow(uint32_t msg[16], uint32_t pubkey[648], uint32_t sign[
// Program MLDSA PUBKEY
reg_ptr = (uint32_t*) CLP_MLDSA_REG_MLDSA_PUBKEY_BASE_ADDR;
offset = 0;
while (offset <= 647) {
while (offset < MLDSA87_PUBKEY_SIZE) {
*reg_ptr++ = pubkey[offset++];
}


// Program MLDSA SIGNATURE
reg_ptr = (uint32_t*) CLP_MLDSA_REG_MLDSA_SIGNATURE_BASE_ADDR;
offset = 0;
while (offset <= 1156) {
while (offset < MLDSA87_SIGN_SIZE) {
*reg_ptr++ = sign[offset++];
}


// Enable MLDSA VERIFYING core
printf("\nMLDSA VERIFYING\n");
lsu_write_32(CLP_MLDSA_REG_MLDSA_CTRL, MLDSA_CMD_VERIFYING);
Expand All @@ -368,11 +328,11 @@ void mldsa_verifying_flow(uint32_t msg[16], uint32_t pubkey[648], uint32_t sign[
printf("Load VERIFY_RES data from MLDSA\n");
offset = 0;
while (reg_ptr <= (uint32_t*) CLP_MLDSA_REG_MLDSA_VERIFY_RES_15) {
mldsa_verifyres[offset] = *reg_ptr;
if (mldsa_verifyres[offset] != verifyres[offset]) {
printf("At offset [%d], mldsa_verifyres data mismatch!\n", offset);
printf("Actual data: 0x%x\n", mldsa_verifyres[offset]);
printf("Expected data: 0x%x\n", verifyres[offset]);
mldsa_verify_res[offset] = *reg_ptr;
if (mldsa_verify_res[offset] != verify_res[offset]) {
printf("At offset [%d], mldsa_verify_res data mismatch!\n", offset);
printf("Actual data: 0x%x\n", mldsa_verify_res[offset]);
printf("Expected data: 0x%x\n", verify_res[offset]);
printf("%c", fail_cmd);
while(1);
}
Expand Down
Loading