[test] Add sca sha3

Add the test and host scripts for sha3.

Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>

Author: siemen11

communication/sca_sha3_commands.py

@@ -145,7 +145,7 @@ def absorb_batch(self, num_segments):
             self.target.write(json.dumps("Batch").encode("ascii"))
             # Num_segments payload.
             time.sleep(0.01)
-            num_segments_data = {"data": [x for x in num_segments]}
+            num_segments_data = {"num_enc": num_segments}
             self.target.write(json.dumps(num_segments_data).encode("ascii"))
             # Wait for ack.
             self._ujson_sha3_sca_ack()

test/penetrationtests/sca/BUILD

@@ -53,6 +53,7 @@ py_binary(
         "//communication:sca_aes_commands",
         "//test/penetrationtests/util:utils",
         "@rules_python//python/runfiles",
+        requirement("pycryptodome"),
     ],
     data = [
         "@lowrisc_opentitan//sw/host/opentitantool", 
@@ -93,6 +94,7 @@ py_binary(
         "//communication:sca_hmac_commands",
         "//test/penetrationtests/util:utils",
         "@rules_python//python/runfiles",
+        requirement("pycryptodome"),
     ],
     data = [
         "@lowrisc_opentitan//sw/host/opentitantool", 
@@ -133,6 +135,7 @@ py_binary(
         "//communication:sca_kmac_commands",
         "//test/penetrationtests/util:utils",
         "@rules_python//python/runfiles",
+        requirement("pycryptodome"),
     ],
     data = [
         "@lowrisc_opentitan//sw/host/opentitantool", 
@@ -202,6 +205,47 @@ py_binary(
     }),
 )
 
+py_binary(
+    name = "sca_sha3_test",
+    srcs = ["test_scripts/sca_sha3_test.py"],
+    testonly = True,
+    deps = [
+        ":sca_sha3_functions",
+        "//communication:dut",
+        "//communication:chip",
+        "//communication:sca_sha3_commands",
+        "//test/penetrationtests/util:utils",
+        "@rules_python//python/runfiles",
+        requirement("pycryptodome"),
+    ],
+    data = [
+        "@lowrisc_opentitan//sw/host/opentitantool", 
+    ] +
+        select({
+        "@lowrisc_opentitan//sw/device/tests/penetrationtests/config:env_silicon_owner_gb_rom_ext": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_silicon_owner_gb_rom_ext",
+        ],
+        "@lowrisc_opentitan//sw/device/tests/penetrationtests/config:env_fpga_cw310_rom_with_fake_keys": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_fpga_cw310_rom_with_fake_keys",
+        ],
+        "@lowrisc_opentitan//sw/device/tests/penetrationtests/config:env_fpga_cw310_sival_rom_ext": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_fpga_cw310_sival_rom_ext",
+        ],
+        "@lowrisc_opentitan//sw/device/tests/penetrationtests/config:env_fpga_cw310_test_rom": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_fpga_cw310_test_rom",
+        ],
+        "@lowrisc_opentitan//sw/device/tests/penetrationtests/config:env_silicon_owner_a2_rom_ext": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_silicon_owner_a2_rom_ext",
+        ],
+        "@lowrisc_opentitan//sw/device/tests/penetrationtests/config:env_silicon_owner_sival_rom_ext": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_silicon_owner_sival_rom_ext",
+        ],
+        "//conditions:default": [
+            "@lowrisc_opentitan//sw/device/tests/penetrationtests/firmware:pen_test_sca_silicon_owner_gb_rom_ext", 
+        ],
+    }),
+)
+
 py_library(
     name = "sca_ibex_functions",
     srcs = ["host_scripts/sca_ibex_functions.py"],
@@ -223,7 +267,6 @@ py_library(
         "//communication:sca_prng_commands",
         "//communication:sca_trigger_commands",
         "//communication:data_generator",
-        requirement("pycryptodome"),
     ],
 )
 
@@ -236,7 +279,6 @@ py_library(
         "//communication:sca_hmac_commands",
         "//communication:sca_prng_commands",
         "//communication:sca_trigger_commands",
-        requirement("pycryptodome"),
     ],
 )
 
@@ -249,7 +291,6 @@ py_library(
         "//communication:sca_kmac_commands",
         "//communication:sca_prng_commands",
         "//communication:sca_trigger_commands",
-        requirement("pycryptodome"),
     ],
 )
 
@@ -261,4 +302,16 @@ py_library(
         "//communication:chip",
         "//communication:sca_otbn_commands",
     ],
+)
+
+py_library(
+    name = "sca_sha3_functions",
+    srcs = ["host_scripts/sca_sha3_functions.py"],
+    deps = [
+        "//communication:dut",
+        "//communication:chip",
+        "//communication:sca_prng_commands",
+        "//communication:sca_trigger_commands",
+        "//communication:sca_sha3_commands",
+    ],
 )

test/penetrationtests/sca/host_scripts/sca_sha3_functions.py

@@ -0,0 +1,63 @@
+from communication.sca_sha3_commands import OTSHA3
+from communication.sca_prng_commands import OTPRNG
+from communication.sca_trigger_commands import OTTRIGGER
+from communication.chip import *
+from communication.dut import DUT
+import time
+import random
+
+def char_sha3_single_absorb(opentitantool, iterations, masking, text):
+    target = DUT()
+    reset_target(opentitantool)
+    # Clear the output from the reset
+    target.dump_all()
+
+    sha3sca = OTSHA3(target, "ujson")
+    # Initialize our chip and catch its output
+    device_id, owner_page, boot_log, boot_measurements, version = sha3sca.init(0)
+
+    if masking:
+        lfsr_seed = [0, 1, 2, 3]
+        sha3sca.write_lfsr_seed(lfsr_seed)
+    else:
+        sha3sca.set_mask_off()
+    
+    # Set the trigger
+    triggersca = OTTRIGGER(target, "ujson")
+    triggersca.select_trigger(0)
+    
+    for _ in range(iterations):
+        sha3sca.absorb(text, len(text))
+        response = target.read_response()
+    return response
+
+def char_sha3_batch_absorb(opentitantool, iterations, num_segments, masking, text):
+    target = DUT()
+    reset_target(opentitantool)
+    # Clear the output from the reset
+    target.dump_all()
+
+    sha3sca = OTSHA3(target, "ujson")
+    # Initialize our chip and catch its output
+    device_id, owner_page, boot_log, boot_measurements, version = sha3sca.init(0)
+
+    if masking:
+        lfsr_seed = [0, 1, 2, 3]
+        sha3sca.write_lfsr_seed(lfsr_seed)
+    else:
+        sha3sca.set_mask_off()
+    
+    # Set the internal prng
+    ot_prng = OTPRNG(target=target, protocol="ujson")
+    ot_prng.seed_prng([1,0,0,0])
+
+    # Set the trigger
+    triggersca = OTTRIGGER(target, "ujson")
+    triggersca.select_trigger(0)
+
+    sha3sca.fvsr_fixed_msg_set(text, len(text))
+    
+    for _ in range(iterations):
+        sha3sca.absorb_batch(num_segments)
+        response = target.read_response()
+    return response

test/penetrationtests/sca/test_scripts/sca_sha3_test.py

@@ -0,0 +1,209 @@
+from test.penetrationtests.sca.host_scripts.sca_sha3_functions import *
+from communication.sca_sha3_commands import OTSHA3
+from python.runfiles import Runfiles
+from communication.chip import *
+from test.penetrationtests.util.utils import *
+import os
+import json
+import random
+from Crypto.Hash import SHA3_256
+
+
+ignored_keys_set = set([])
+
+def reset_test(opentitantool, target):
+    reset_target(opentitantool)
+    while True:
+        read_line = str(target.readline().decode().strip())
+        if len(read_line) > 0:
+            if "firmware_sca.c" in read_line:
+                return True
+        else:
+            return False
+
+
+def init_test(opentitantool, target):
+    sha3sca = OTSHA3(target, "ujson")
+    device_id, owner_page, boot_log, boot_measurements, version = sha3sca.init(0)
+    device_id_json = json.loads(device_id)
+    owner_page_json = json.loads(owner_page)
+    boot_log_json = json.loads(boot_log)
+    boot_measurements_json = json.loads(boot_measurements)
+
+    expected_device_id_keys = {
+        "device_id",
+        "rom_digest",
+        "icache_en",
+        "dummy_instr_en",
+        "clock_jitter_locked",
+        "clock_jitter_en",
+        "sram_main_readback_locked",
+        "sram_main_readback_en",
+        "sram_ret_readback_locked",
+        "sram_ret_readback_en"
+    }
+    actual_device_id_keys = set(device_id_json.keys())
+
+    if not actual_device_id_keys == expected_device_id_keys:
+        print("device_id keys do not match the expected set.")
+        print(f"Expected: {expected_device_id_keys}")
+        print(f"Actual: {actual_device_id_keys}")
+        return False
+
+    expected_owner_page_keys = {
+        "config_version",
+        "sram_exec_mode",
+        "ownership_key_alg",
+        "update_mode",
+        "min_security_version_bl0",
+        "lock_constraint"
+    }
+    actual_owner_page_keys = set(owner_page_json.keys())
+    if not expected_owner_page_keys == actual_owner_page_keys:
+        print("owner_page keys do not match the expected set.")
+        print(f"Expected: {expected_owner_page_keys}")
+        print(f"Actual: {actual_owner_page_keys}")
+        return False
+
+    expected_boot_log_keys = {
+        "digest",
+        "identifier",
+        "scm_revision_low",
+        "scm_revision_high",
+        "rom_ext_slot",
+        "rom_ext_major",
+        "rom_ext_minor",
+        "rom_ext_size",
+        "bl0_slot",
+        "ownership_state",
+        "ownership_transfers",
+        "rom_ext_min_sec_ver",
+        "bl0_min_sec_ver",
+        "primary_bl0_slot",
+        "retention_ram_initialized"
+    }
+    actual_boot_log_keys = set(boot_log_json.keys())
+    if not expected_boot_log_keys == actual_boot_log_keys:
+        print("boot_log keys do not match the expected set.")
+        print(f"Expected: {expected_boot_log_keys}")
+        print(f"Actual: {actual_boot_log_keys}")
+        return False
+
+    expected_boot_measurements_keys = {
+        "bl0",
+        "rom_ext"
+    }
+    actual_boot_measurements_keys = set(boot_measurements_json.keys())
+    if not expected_boot_measurements_keys == actual_boot_measurements_keys:
+        print("boot_measurements keys do not match the expected set.")
+        print(f"Expected: {expected_boot_measurements_keys}")
+        print(f"Actual: {actual_boot_measurements_keys}")
+        return False
+
+    if "PENTEST" not in version:
+      print("Did not receive a PENTEST version.")
+      print(f"Actual: {version}")
+      return False
+
+    return True
+
+def char_sha3_single_absorb_test(opentitantool_path, iterations):
+    text = [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15]
+    masking = True
+    actual_result = char_sha3_single_absorb(opentitantool_path, iterations, masking, text)
+    try:
+        actual_result_json = json.loads(actual_result)
+    except:
+        print("char_sha3_single_absorb gave an unexpected result")
+        print(f"Actual: {actual_result}")
+        return False
+
+    mac = SHA3_256.new()
+    mac.update(bytes(text))
+    tag = bytearray(mac.digest())
+    expected_result = [x for x in tag]
+
+    expected_result_json = {
+        "batch_digest": expected_result,
+    }
+    if not compare_json_data(actual_result_json, expected_result_json, ignored_keys_set):
+        print("char_sha3_single_absorb failed")
+        print(f"Expected: {expected_result_json}")
+        print(f"Actual: {actual_result_json}")
+        print("")
+        return False    
+    return True
+
+def char_sha3_batch_absorb_test(opentitantool_path, iterations, num_segments):
+    text = [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+    masking = True
+    actual_result = char_sha3_batch_absorb(opentitantool_path, iterations, num_segments, masking, text)
+    try:
+        actual_result_json = json.loads(actual_result)
+    except:
+        print("char_sha3_batch_absorb gave an unexpected result")
+        print(f"Actual: {actual_result}")
+        return False
+
+    # Seed the synchronized randomness with the same seed as in the chip which is 1
+    random.seed(1)
+
+    # Generate the batch data
+    sample_fixed = 0
+    for _ in range(iterations):
+        xor_tag = [0 for _ in range(32)]
+        for __ in range(num_segments):
+            if sample_fixed == 1:
+                batch_data = text
+            else:
+                batch_data = [random.randint(0, 255) for _ in range(16)]
+            dummy = [random.randint(0, 255) for _ in range(16)]
+            sample_fixed = dummy[0] & 0x1
+            mac = SHA3_256.new()
+            mac.update(bytes(batch_data))
+            tag = [x for x in bytearray(mac.digest())]
+            xor_tag = [xor_tag[i] ^ tag[i] for i in range(32)]
+
+    expected_result_json = {
+        "batch_digest": xor_tag,
+    }
+    if not compare_json_data(actual_result_json, expected_result_json, ignored_keys_set):
+        print("char_sha3_batch_absorb failed")
+        print(f"Expected: {expected_result_json}")
+        print(f"Actual: {actual_result_json}")
+        print("")
+        return False    
+    return True
+
+def main():
+    r = Runfiles.Create()
+    opentitantool_path = r.Rlocation("lowrisc_opentitan/sw/host/opentitantool/opentitantool")
+
+    firmware_target_name = os.environ.get("SELECTED_FIRMWARE_TARGET", "pen_test_sca_silicon_owner_gb_rom_ext")
+    firmware_path = r.Rlocation(f"lowrisc_opentitan/sw/device/tests/penetrationtests/firmware/{firmware_target_name}.img")
+
+    target = DUT()
+
+    flash_target(opentitantool_path, firmware_path)
+    target.dump_all()
+
+    if not reset_test(opentitantool_path, target):
+        print("Reset test failure")
+        return False
+
+    if not init_test(opentitantool_path, target):
+        print("Init test failure")
+        return False
+
+    iterations = 10
+    num_segments_list = [1, 2, 5, 10, 12, 50]
+
+    char_sha3_single_absorb_test(opentitantool_path, iterations)
+    for num_segments in num_segments_list:
+        char_sha3_batch_absorb_test(opentitantool_path, iterations, num_segments)
+
+    print("Testing finished")
+    return True
+
+if __name__ == "__main__":
+  main()