[test] Make bazel framework for testing

Make a bazel framework in ot-sca as extension of OpenTitan and add test
scripts (pytests) from the host side for the penetrationtests.

Integrate the capture and fault injection scripts to the latest testOS and add the Bazel framework.

Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>

Author: siemen11

.bazelversion

@@ -0,0 +1 @@
+6.2.1

BUILD.bazel

@@ -0,0 +1,10 @@
+# Copyright lowRISC contributors (OpenTitan project).
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+package(default_visibility = ["//visibility:public"])
+
+exports_files([
+    "WORKSPACE",
+    "python-requirements.txt",
+])

MODULE.bazel

@@ -0,0 +1,6 @@
+###############################################################################
+# Bazel now uses Bzlmod by default to manage external dependencies.
+# Please consider migrating your external dependencies from WORKSPACE to MODULE.bazel.
+#
+# For more details, please check https://github.com/bazelbuild/bazel/issues/18958
+###############################################################################

MODULE.bazel.lock

@@ -0,0 +1,4 @@
+# DO NOT MODIFY THIS FILE.
+#
+# It must match what is in the open source OpenTitan repository.
+workspace(name = "otsca_exts")

WORKSPACE.bazel

@@ -0,0 +1,34 @@
+# Copyright lowRISC contributors (OpenTitan project).
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+load("@//third_party/python:requirements.bzl", "requirement")
+
+package(default_visibility = ["//visibility:public"])
+
+py_library(
+    name = "ceca",
+    srcs = ["ceca.py"],
+    deps = [
+        requirement("numpy"),
+        requirement("chipwhisperer"),
+    ],
+)
+
+py_library(
+    name = "trace_preprocessing",
+    srcs = ["trace_preprocessing.py"],
+    deps = [
+        requirement("numpy"),
+        requirement("chipwhisperer"),
+        requirement("tqdm"),
+    ],
+)
+
+py_library(
+    name = "tvla",
+    srcs = ["tvla.py"],
+    deps = [
+        requirement("numpy"),
+    ],
+)

analysis/BUILD

@@ -21,7 +21,7 @@
 # Append ot-sca root directory to path such that ceca.py can find the
 # project_library module located in the capture/ directory.
 ABS_PATH = os.path.dirname(os.path.abspath(__file__))
-sys.path.append(ABS_PATH + '/..')
+sys.path.append(ABS_PATH + "/..")
 from capture.project_library.project import ProjectConfig  # noqa : E402
 from capture.project_library.project import SCAProject  # noqa : E402
 
@@ -91,28 +91,29 @@ def __init__(self, project_file, trace_slice, attack_window, attack_direction):
         # ChipWhisperer or ot_trace_library project?
         project_type = "cw"
         if ".db" in project_file:
-            project_type = 'ot_trace_library'
+            project_type = "ot_trace_library"
 
         # Open the project.
-        project_cfg = ProjectConfig(type = project_type,
-                                    path = project_file,
-                                    wave_dtype = np.uint16,
-                                    overwrite = False
-                                    )
+        project_cfg = ProjectConfig(
+            type=project_type, path=project_file, wave_dtype=np.uint16, overwrite=False
+        )
         self.project = SCAProject(project_cfg)
         self.project.open_project()
 
         # TODO: Consider more efficient formats.
         self.num_samples = attack_window.stop - attack_window.start
         if attack_direction == AttackDirection.INPUT:
-            self.texts = np.vstack(self.project.get_plaintexts(
-                trace_slice.start, trace_slice.stop))
+            self.texts = np.vstack(
+                self.project.get_plaintexts(trace_slice.start, trace_slice.stop)
+            )
         else:
-            self.texts = np.vstack(self.project.get_ciphertexts(
-                trace_slice.start, trace_slice.stop))
+            self.texts = np.vstack(
+                self.project.get_ciphertexts(trace_slice.start, trace_slice.stop)
+            )
 
-        self.traces = np.asarray(self.project.get_waves(
-            trace_slice.start, trace_slice.stop))[:, attack_window]
+        self.traces = np.asarray(
+            self.project.get_waves(trace_slice.start, trace_slice.stop)
+        )[:, attack_window]
 
         self.project.close(save=False)
 
@@ -176,7 +177,7 @@ def count_and_sum_text_traces(self):
             val_changes = np.where(np.roll(sorted_bytes, 1) != sorted_bytes)[0]
             # Append the number of rows to be able to use ``pairwise``.
             val_indices = list(val_changes) + [sorted_bytes.shape[0]]
-            for (start, end) in more_itertools.pairwise(val_indices):
+            for start, end in more_itertools.pairwise(val_indices):
                 byte_val = sorted_bytes[start]
                 cnts[byte_pos, byte_val] = end - start
                 act_indices = sorted_indices[start:end]
@@ -213,8 +214,7 @@ def compute_mean_and_std(workers):
             running_cnt += cnt
         else:
             running_sum_dev_prods += sum_dev_prods + (
-                (cnt * running_sum - running_cnt * sum_) ** 2 /
-                (cnt * running_cnt * (cnt + running_cnt))
+                (cnt * running_sum - running_cnt * sum_) ** 2 / (cnt * running_cnt * (cnt + running_cnt))
             )
             running_sum += sum_
             running_cnt += cnt
@@ -396,7 +396,7 @@ def find_best_diffs(pairwise_diffs_scores):
     # other bytes.
     diffs = np.zeros(16, dtype=np.uint8)
     for byte in range(1, 16):
-        for (a, b) in more_itertools.pairwise(paths[byte]):
+        for a, b in more_itertools.pairwise(paths[byte]):
             diffs[byte] ^= int(pairwise_diffs_scores[a, b, 0])
     return diffs
 
@@ -502,14 +502,12 @@ def perform_attack(
     # ChipWhisperer or ot_trace_library project?
     project_type = "cw"
     if ".db" in project_file:
-        project_type = 'ot_trace_library'
+        project_type = "ot_trace_library"
 
     # Open the project.
-    project_cfg = ProjectConfig(type = project_type,
-                                path = project_file,
-                                wave_dtype = np.uint16,
-                                overwrite = False
-                                )
+    project_cfg = ProjectConfig(
+        type=project_type, path=project_file, wave_dtype=np.uint16, overwrite=False
+    )
     project = SCAProject(project_cfg)
     project.open_project()
 
@@ -559,7 +557,7 @@ def worker_trace_slices():
     num_traces = filter_noisy_traces(workers, mean, std_dev, max_std)
     logging.info(
         f"Will use {num_traces} traces "
-        f"({100*num_traces/orig_num_traces:.1f}% of all traces)"
+        f"({100 * num_traces / orig_num_traces:.1f}% of all traces)"
     )
     # Mean traces for all values of all text bytes.
     mean_text_traces = compute_mean_text_traces(workers)
@@ -568,18 +566,21 @@ def worker_trace_slices():
     diffs = find_best_diffs(pairwise_diffs_scores)
     logging.info(f"Difference values (delta_0_i): {diffs}")
     # Recover the key.
-    key = recover_key(diffs, attack_direction, project.get_plaintexts(0),
-                      project.get_ciphertexts(0))
+    key = recover_key(
+        diffs, attack_direction, project.get_plaintexts(0), project.get_ciphertexts(0)
+    )
     if key is not None:
         logging.info(f"Recovered AES key: {bytes(key).hex()}")
     else:
         logging.error("Failed to recover the AES key")
     # Compare differences - both matrices are symmetric and have an all-zero main diagonal.
-    correct_diffs = compare_diffs(pairwise_diffs_scores, attack_direction,
-                                  project.get_keys(0))
+    correct_diffs = compare_diffs(
+        pairwise_diffs_scores, attack_direction, project.get_keys(0)
+    )
     logging.info(
-        f"Recovered {((np.sum(correct_diffs)-16)/2).astype(int)}/120 "
-        "differences between key bytes")
+        f"Recovered {((np.sum(correct_diffs) - 16) / 2).astype(int)}/120 "
+        "differences between key bytes"
+    )
     project.close(save=False)
     return key
 
@@ -592,8 +593,10 @@ def parse_args():
         Mischke, and T. Eisenbarth (https://eprint.iacr.org/2010/297.pdf)."""
     )
     parser.add_argument(
-        "-f", "--project-file", required=True,
-        help="chipwhisperer or ot_trace_library project file"
+        "-f",
+        "--project-file",
+        required=True,
+        help="chipwhisperer or ot_trace_library project file",
     )
     parser.add_argument(
         "-n",
@@ -658,9 +661,12 @@ def main():
     attack."""
     args = parse_args()
     config_logger()
-    ray.init(runtime_env={"working_dir": "../",
-                          "excludes": ["*.db", "*.cwp", "*.npy", "*.bit",
-                                       "*/lfs/*", "*.pack"]})
+    ray.init(
+        runtime_env={
+            "working_dir": "../",
+            "excludes": ["*.db", "*.cwp", "*.npy", "*.bit", "*/lfs/*", "*.pack"],
+        }
+    )
 
     key = perform_attack(**vars(args))
     sys.exit(0 if key is not None else 1)