[test] Add aes sca

Add the host scripts and tests for aes sca.

Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>

Author: siemen11

communication/BUILD

@@ -86,4 +86,5 @@ py_library(
 py_library(
     name = "data_generator",
     srcs = ["data_generator.py"],
+    deps = [requirement("pycryptodome"),],
 )

communication/sca_aes_commands.py

@@ -121,11 +121,11 @@ def start_fvsr_batch_generate(self, command):
             self.target.write(json.dumps("FvsrKeyStartBatchGenerate").encode("ascii"))
             # Command.
             time.sleep(0.01)
-            cmd = {"data": [command]}
+            cmd = {"cmd": command}
             self.target.write(json.dumps(cmd).encode("ascii"))
 
     def write_fvsr_batch_generate(self, num_segments):
-        """ Generate random plaintexts for FVSR.
+        """ Generate random keys for FVSR.
         Args:
             num_segments: Number of encryptions to perform.
         """
@@ -138,7 +138,7 @@ def write_fvsr_batch_generate(self, num_segments):
             self.target.write(json.dumps("FvsrKeyBatchGenerate").encode("ascii"))
             # Number of encryptions.
             time.sleep(0.01)
-            num_encryption_data = {"data": [x for x in num_segments]}
+            num_encryption_data = {"num_enc": num_segments}
             self.target.write(json.dumps(num_encryption_data).encode("ascii"))
 
     def batch_alternative_encrypt(self, num_segments):
@@ -152,11 +152,11 @@ def batch_alternative_encrypt(self, num_segments):
         else:
             # AesSca command.
             self._ujson_aes_sca_cmd()
-            # BatchEncrypt command.
+            # BatchAlternativeEncrypt command.
             self.target.write(json.dumps("BatchAlternativeEncrypt").encode("ascii"))
             # Number of encryptions.
             time.sleep(0.01)
-            num_encryption_data = {"data": [x for x in num_segments]}
+            num_encryption_data = {"num_enc": num_segments}
             self.target.write(json.dumps(num_encryption_data).encode("ascii"))
 
     def batch_encrypt(self, num_segments):
@@ -174,7 +174,7 @@ def batch_encrypt(self, num_segments):
             self.target.write(json.dumps("BatchEncrypt").encode("ascii"))
             # Number of encryptions.
             time.sleep(0.01)
-            num_encryption_data = {"data": [x for x in num_segments]}
+            num_encryption_data = {"num_enc": num_segments}
             self.target.write(json.dumps(num_encryption_data).encode("ascii"))
 
     def fvsr_key_batch_encrypt(self, num_segments):
@@ -192,7 +192,7 @@ def fvsr_key_batch_encrypt(self, num_segments):
             self.target.write(json.dumps("FvsrKeyBatchEncrypt").encode("ascii"))
             # Number of encryptions.
             time.sleep(0.01)
-            num_encryption_data = {"data": [x for x in num_segments]}
+            num_encryption_data = {"num_enc": num_segments}
             self.target.write(json.dumps(num_encryption_data).encode("ascii"))
 
     def fvsr_data_batch_encrypt(self, num_segments):
@@ -210,7 +210,7 @@ def fvsr_data_batch_encrypt(self, num_segments):
             self.target.write(json.dumps("FvsrDataBatchEncrypt").encode("ascii"))
             # Number of encryptions.
             time.sleep(0.01)
-            num_encryption_data = {"data": [x for x in num_segments]}
+            num_encryption_data = {"num_enc": num_segments}
             self.target.write(json.dumps(num_encryption_data).encode("ascii"))
 
     def batch_plaintext_set(self, text, text_length = 16):

test/penetrationtests/sca/BUILD

@@ -1,5 +1,7 @@
 package(default_visibility = ["//visibility:public"])
 
+load("@//third_party/python:requirements.bzl", "requirement")
+
 py_binary(
     name = "sca_ibex_test",
     srcs = ["test_scripts/sca_ibex_test.py"],
@@ -40,6 +42,46 @@ py_binary(
     }),
 )
 
+py_binary(
+    name = "sca_aes_test",
+    srcs = ["test_scripts/sca_aes_test.py"],
+    testonly = True,
+    deps = [
+        ":sca_aes_functions",
+        "//communication:dut",
+        "//communication:chip",
+        "//communication:sca_aes_commands",
+        "//test/penetrationtests/util:utils",
+        "@rules_python//python/runfiles",
+    ],
+    data = [
+        "@lowrisc_opentitan//sw/host/opentitantool", 
+    ] +
+        select({
+        "@lowrisc_opentitan//sw/device/tests/penetrationtests/config:env_silicon_owner_gb_rom_ext": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_silicon_owner_gb_rom_ext",
+        ],
+        "@lowrisc_opentitan//sw/device/tests/penetrationtests/config:env_fpga_cw310_rom_with_fake_keys": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_fpga_cw310_rom_with_fake_keys",
+        ],
+        "@lowrisc_opentitan//sw/device/tests/penetrationtests/config:env_fpga_cw310_sival_rom_ext": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_fpga_cw310_sival_rom_ext",
+        ],
+        "@lowrisc_opentitan//sw/device/tests/penetrationtests/config:env_fpga_cw310_test_rom": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_fpga_cw310_test_rom",
+        ],
+        "@lowrisc_opentitan//sw/device/tests/penetrationtests/config:env_silicon_owner_a2_rom_ext": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_silicon_owner_a2_rom_ext",
+        ],
+        "@lowrisc_opentitan//sw/device/tests/penetrationtests/config:env_silicon_owner_sival_rom_ext": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_silicon_owner_sival_rom_ext",
+        ],
+        "//conditions:default": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_silicon_owner_gb_rom_ext", 
+        ],
+    }),
+)
+
 py_library(
     name = "sca_ibex_functions",
     srcs = ["host_scripts/sca_ibex_functions.py"],
@@ -49,4 +91,18 @@ py_library(
         "//communication:sca_ibex_commands",
         "//communication:sca_prng_commands",
     ],
+)
+
+py_library(
+    name = "sca_aes_functions",
+    srcs = ["host_scripts/sca_aes_functions.py"],
+    deps = [
+        "//communication:dut",
+        "//communication:chip",
+        "//communication:sca_aes_commands",
+        "//communication:sca_prng_commands",
+        "//communication:sca_trigger_commands",
+        "//communication:data_generator",
+        requirement("pycryptodome"),
+    ],
 )

test/penetrationtests/sca/host_scripts/sca_aes_functions.py

@@ -0,0 +1,131 @@
+from communication.sca_aes_commands import OTAES
+from communication.sca_prng_commands import OTPRNG
+from communication.sca_trigger_commands import OTTRIGGER
+from communication.chip import *
+from communication.dut import DUT
+import time
+
+def char_aes_single_encrypt(opentitantool, iterations, masking, key, text):
+    target = DUT()
+    reset_target(opentitantool)
+    # Clear the output from the reset
+    target.dump_all()
+
+    aessca = OTAES(target, "ujson")
+    # Initialize our chip and catch its output
+    device_id, owner_page, boot_log, boot_measurements, version = aessca.init(0)
+
+    # Check whether we enable the masking
+    if masking:
+        lfsr_seed = 1
+    else:
+        lfsr_seed = 0
+    aessca.seed_lfsr(lfsr_seed.to_bytes(4, "little"))
+    
+    # Set the trigger
+    triggersca = OTTRIGGER(target, "ujson")
+    triggersca.select_trigger(0)
+
+    aessca.key_set(key)
+    
+    for _ in range(iterations):
+        aessca.single_encrypt(text)
+        response = target.read_response()
+    return response
+
+def char_aes_batch_alternative_encrypt(opentitantool, iterations, num_segments, masking, key, text):
+    target = DUT()
+    reset_target(opentitantool)
+    # Clear the output from the reset
+    target.dump_all()
+
+    aessca = OTAES(target, "ujson")
+    # Initialize our chip and catch its output
+    device_id, owner_page, boot_log, boot_measurements, version = aessca.init(0)
+
+    # Check whether we enable the masking
+    if masking:
+        lfsr_seed = 1
+    else:
+        lfsr_seed = 0
+    aessca.seed_lfsr(lfsr_seed.to_bytes(4, "little"))
+    
+    # Set the trigger
+    triggersca = OTTRIGGER(target, "ujson")
+    triggersca.select_trigger(0)
+
+    aessca.key_set(key, len(key))
+    aessca.batch_plaintext_set(text, len(text))
+    
+    for _ in range(iterations):
+        aessca.batch_alternative_encrypt(num_segments)
+        response = target.read_response()
+    return response
+
+def char_aes_batch_data_fvsr_encrypt(opentitantool, iterations, num_segments, masking):
+    target = DUT()
+    reset_target(opentitantool)
+    # Clear the output from the reset
+    target.dump_all()
+
+    aessca = OTAES(target, "ujson")
+    # Initialize our chip and catch its output
+    device_id, owner_page, boot_log, boot_measurements, version = aessca.init(0)
+
+    # Check whether we enable the masking
+    if masking:
+        lfsr_seed = 1
+    else:
+        lfsr_seed = 0
+    aessca.seed_lfsr(lfsr_seed.to_bytes(4, "little"))
+    
+    # Set the trigger
+    triggersca = OTTRIGGER(target, "ujson")
+    triggersca.select_trigger(0)
+
+    # Set the internal prng
+    ot_prng = OTPRNG(target=target, protocol="ujson")
+    ot_prng.seed_prng([0,0,0,0])
+
+    # Generate plaintexts and keys for first batch.
+    aessca.start_fvsr_batch_generate(2)
+    
+    for _ in range(iterations):
+        aessca.fvsr_data_batch_encrypt(num_segments)
+        response = target.read_response()
+    return response
+
+def char_aes_batch_key_fvsr_encrypt(opentitantool, iterations, num_segments, masking):
+    target = DUT()
+    reset_target(opentitantool)
+    # Clear the output from the reset
+    target.dump_all()
+
+    aessca = OTAES(target, "ujson")
+    # Initialize our chip and catch its output
+    device_id, owner_page, boot_log, boot_measurements, version = aessca.init(0)
+
+    # Check whether we enable the masking
+    if masking:
+        lfsr_seed = 1
+    else:
+        lfsr_seed = 0
+    aessca.seed_lfsr(lfsr_seed.to_bytes(4, "little"))
+    
+    # Set the trigger
+    triggersca = OTTRIGGER(target, "ujson")
+    triggersca.select_trigger(0)
+
+    # Set the internal prng
+    ot_prng = OTPRNG(target=target, protocol="ujson")
+    ot_prng.seed_prng([0,0,0,0])
+
+    # Generate plaintexts and keys for first batch.
+    aessca.start_fvsr_batch_generate(1)
+    aessca.write_fvsr_batch_generate(num_segments)
+    
+    for _ in range(iterations):
+        aessca.fvsr_key_batch_encrypt(num_segments)
+        response = target.read_response()
+    return response
+