Software APIs
sigverify_rsa_keys_sival_unittest.cc
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #include <array>
6 #include <cstring>
7 #include <limits>
8 #include <numeric>
9 #include <unordered_set>
10 
11 #include "gtest/gtest.h"
12 #include "sw/device/lib/base/hardened.h"
13 #include "sw/device/silicon_creator/lib/drivers/mock_lifecycle.h"
14 #include "sw/device/silicon_creator/lib/drivers/mock_otp.h"
15 #include "sw/device/silicon_creator/lib/drivers/mock_rnd.h"
16 #include "sw/device/silicon_creator/lib/error.h"
17 #include "sw/device/silicon_creator/lib/sigverify/rsa_verify.h"
18 #include "sw/device/silicon_creator/rom_ext/sigverify_keys.h"
19 #include "sw/device/silicon_creator/testing/rom_test.h"
20 
21 #include "otp_ctrl_regs.h"
22 
23 namespace sigverify_keys_unittest {
24 namespace {
25 using ::testing::Return;
26 
27 TEST(Keys, UniqueIds) {
28  std::unordered_set<uint32_t> ids;
29  for (size_t i = 0; i < kSigverifyRsaKeysCnt; ++i) {
30  ids.insert(sigverify_rsa_key_id_get(&kSigverifyRsaKeys[i].key.n));
31  }
32 
33  EXPECT_EQ(ids.size(), kSigverifyRsaKeysCnt);
34 }
35 
36 /**
37  * An implementation of the Euclidean algorithm since we can't use c++17's
38  * `std::gcd()` yet.
39  */
40 uint32_t Gcd(uint32_t a, uint32_t b) {
41  while (b != 0) {
42  std::tie(a, b) = std::make_tuple(b, a % b);
43  }
44  return a;
45 }
46 
47 TEST(KeysStep, IsCorrect) {
48  if (kSigverifyRsaKeysCnt > 1) {
49  EXPECT_LT(kSigverifyRsaKeysStep, kSigverifyRsaKeysCnt);
50  EXPECT_EQ(Gcd(kSigverifyRsaKeysStep, kSigverifyRsaKeysCnt), 1);
51  }
52 }
53 
54 // Note: The test cases below test sigverify using ROM keys. They have some
55 // overlap with sigverify_mod_exp_ibex unit tests but this way we don't have to
56 // worry about keeping the keys used in those tests in sync with ROM keys.
57 
58 /**
59  * Message and digest used in tests.
60  *
61  * The digest can be obtained using:
62  * ```
63  * echo -n "test" | openssl dgst -sha256 -binary | \
64  * xxd -p -c 4 | tac | sed 's|.*|0x&,|'
65  * ```
66  */
67 constexpr hmac_digest_t kDigest = {
68  .digest =
69  {
70  0xb0f00a08,
71  0xd15d6c15,
72  0x2b0b822c,
73  0xa3bf4f1b,
74  0xc55ad015,
75  0x9a2feaa0,
76  0x884c7d65,
77  0x9f86d081,
78  },
79 };
80 
81 /**
82  * Keys and signatures used in tests.
83  */
84 struct RsaVerifyTestCase {
85  /**
86  * Signer's RSA public key.
87  */
88  const sigverify_rsa_key_t *key;
89  /**
90  * Signature to be verified.
91  */
92  sigverify_rsa_buffer_t sig;
93 };
94 
95 const RsaVerifyTestCase kRsaVerifyTestCases[1]{
96  // message: "test"
97  {
98  .key = &kSigverifyRsaKeys[0].key,
99  /*
100  * echo -n "test" > test.txt
101  * hsmtool -t ot-earlgrey-z0-sival -u user rsa sign -f plain-text -l
102  * earlgrey_z0_sival_1 \ -o test.sig test.txt cat test.sig | xxd -p -c 4
103  * | tac | sed 's|.*|0x&,|'
104  */
105  .sig =
106  {
107  0x51f8a313, 0xdf9cadc8, 0x09849651, 0x3396dc50, 0x2523715f,
108  0x3f261117, 0xbc891dc0, 0x25e90a18, 0x7f3d68ef, 0xa49e89a9,
109  0x1e126205, 0x566de5eb, 0x1302edc8, 0x85a11622, 0xedf3b295,
110  0xbf2ead9d, 0xe2f7f62e, 0x82014f37, 0x62114a4f, 0x64d71f3d,
111  0xef9f97ae, 0x222a67e2, 0x47fd6d82, 0x8fd3f870, 0xdf07454b,
112  0x1a627fc1, 0x5697e480, 0xb5b4857d, 0x865bd8ce, 0x1f7fdc3a,
113  0x436807eb, 0xf0954b96, 0xd7556c4e, 0x6056c8d4, 0xc5e7875c,
114  0xdc4d5cdc, 0xba128354, 0xb57fccef, 0x367d4b88, 0x2b54c85e,
115  0x711b9cab, 0x747b8c65, 0xe98fb5d1, 0x272c0705, 0x9db1bf83,
116  0x33e18070, 0x7b4f73b1, 0x584e0de9, 0x75e103c2, 0x68062c61,
117  0x910b2c9c, 0x2af9ff03, 0x114d2bef, 0x278c2036, 0x1e63481e,
118  0x8fefabfd, 0xdac1fbaa, 0x769d708c, 0x94f5c336, 0xa07835b3,
119  0x0f1ee10e, 0xfe905d90, 0x5b561fe7, 0x686dd4a6, 0xb6e3507f,
120  0xadba5635, 0x9e463d0e, 0xa782afaf, 0x43366fa1, 0x7146b3c4,
121  0x9f4d2baf, 0xd9aed324, 0x36f0a5a2, 0xfa041f9d, 0x32f2fb3a,
122  0x6b56b1df, 0x2fbfceae, 0x3fe7dbe3, 0x8458b9db, 0x29860b30,
123  0x40bc9b9b, 0x36515839, 0xb414bfab, 0x6df1cfd2, 0x50431bef,
124  0x3fb2c08b, 0x7b733a06, 0x534c39f1, 0x5cd5f48b, 0xcc488cae,
125  0xb08b1fca, 0x62f9c45a, 0x72e3e064, 0x34f7fb4e, 0x64a20ebd,
126  0x0c7d4fb0,
127  },
128  },
129 };
130 
131 TEST(RsaVerifyTestCases, AllKeys) {
132  std::unordered_set<uint32_t> ids;
133  for (auto const &test_case : kRsaVerifyTestCases) {
134  ids.insert(sigverify_rsa_key_id_get(&test_case.key->n));
135  }
136 
137  EXPECT_EQ(ids.size(), kSigverifyRsaKeysCnt);
138 }
139 
140 class SigverifyRsaVerify
141  : public rom_test::RomTest,
142  public testing::WithParamInterface<RsaVerifyTestCase> {};
143 
144 TEST_P(SigverifyRsaVerify, Ibex) {
145  uint32_t flash_exec = 0;
146  EXPECT_EQ(sigverify_rsa_verify(&GetParam().sig, GetParam().key, &kDigest,
147  kLcStateProd, &flash_exec),
148  kErrorOk);
149  EXPECT_EQ(flash_exec, kSigverifyRsaSuccess);
150 }
151 
152 INSTANTIATE_TEST_SUITE_P(AllCases, SigverifyRsaVerify,
153  testing::ValuesIn(kRsaVerifyTestCases));
154 
155 } // namespace
156 } // namespace sigverify_keys_unittest
Return to OpenTitan Documentation