kmac_functest.c

// Copyright lowRISC contributors (OpenTitan project).
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
 
#include "sw/device/lib/crypto/drivers/entropy.h"
#include "sw/device/lib/crypto/drivers/kmac.h"
#include "sw/device/lib/crypto/impl/integrity.h"
#include "sw/device/lib/crypto/include/datatypes.h"
#include "sw/device/lib/crypto/include/hash.h"
#include "sw/device/lib/crypto/include/kmac.h"
#include "sw/device/lib/runtime/log.h"
#include "sw/device/lib/testing/test_framework/check.h"
#include "sw/device/lib/testing/test_framework/ottf_main.h"
 
// The autogen rule that creates this header creates it in a directory named
// after the rule, then manipulates the include path in the
// cc_compilation_context to include that directory, so the compiler will find
// the version of this file matching the Bazel rule under test.
#include "kmac_testvectors.h"
 
#define MODULE_ID MAKE_MODULE_ID('t', 's', 't')
 
// Global pointer to the current test vector.
static kmac_test_vector_t *current_test_vector = NULL;
 
/**
 * Get the mode for SHAKE based on the security strength.
 *
 * @param security_str Security strength (in bits).
 * @param[out] mode SHAKE mode enum value.
 */
status_t get_shake_mode(size_t security_strength, otcrypto_hash_mode_t *mode) {
  switch (security_strength) {
    case 128:
      *mode = kOtcryptoHashXofModeShake128;
      break;
    case 256:
      *mode = kOtcryptoHashXofModeShake256;
      break;
    default:
      LOG_INFO("Invalid security strength for SHAKE: %d bits",
               security_strength);
      return INVALID_ARGUMENT();
  }
  return OK_STATUS();
}
 
/**
 * Get the mode for cSHAKE based on the security strength.
 *
 * @param security_str Security strength (in bits).
 * @param[out] mode cSHAKE mode enum value.
 */
status_t get_cshake_mode(size_t security_strength, otcrypto_hash_mode_t *mode) {
  switch (security_strength) {
    case 128:
      *mode = kOtcryptoHashXofModeCshake128;
      break;
    case 256:
      *mode = kOtcryptoHashXofModeCshake256;
      break;
    default:
      LOG_INFO("Invalid security strength for cSHAKE: %d bits",
               security_strength);
      return INVALID_ARGUMENT();
  }
  return OK_STATUS();
}
 
/**
 * Get the mode for SHA3 based on the security strength.
 *
 * @param security_str Security strength (in bits).
 * @param[out] mode Hash mode enum value.
 */
status_t get_sha3_mode(size_t security_strength, otcrypto_hash_mode_t *mode) {
  switch (security_strength) {
    case 224:
      *mode = kOtcryptoHashModeSha3_224;
      break;
    case 256:
      *mode = kOtcryptoHashModeSha3_256;
      break;
    case 384:
      *mode = kOtcryptoHashModeSha3_384;
      break;
    case 512:
      *mode = kOtcryptoHashModeSha3_512;
      break;
    default:
      LOG_INFO("Invalid size for SHA3: %d bits", security_strength);
      return INVALID_ARGUMENT();
  }
  return OK_STATUS();
}
 
/**
 * Run the test pointed to by `current_test_vector`.
 */
static status_t run_test_vector(void) {
  size_t digest_num_words = current_test_vector->digest.len / sizeof(uint32_t);
  if (current_test_vector->digest.len % sizeof(uint32_t) != 0) {
    digest_num_words++;
  }
  uint32_t digest[digest_num_words];
  otcrypto_hash_digest_t digest_buf = {
      .data = digest,
      .len = digest_num_words,
  };
 
  switch (current_test_vector->test_operation) {
    case kKmacTestOperationShake: {
      TRY(get_shake_mode(current_test_vector->security_strength,
                         &digest_buf.mode));
      TRY(otcrypto_xof_shake(current_test_vector->input_msg, digest_buf));
      break;
    }
    case kKmacTestOperationCshake: {
      TRY(get_cshake_mode(current_test_vector->security_strength,
                          &digest_buf.mode));
      TRY(otcrypto_xof_cshake(current_test_vector->input_msg,
                              current_test_vector->func_name,
                              current_test_vector->cust_str, digest_buf));
      break;
    }
    case kKmacTestOperationSha3: {
      TRY(get_sha3_mode(current_test_vector->security_strength,
                        &digest_buf.mode));
      TRY(otcrypto_hash(current_test_vector->input_msg, digest_buf));
      break;
    }
    case kKmacTestOperationKmac: {
      current_test_vector->key.checksum =
          integrity_blinded_checksum(&current_test_vector->key);
      otcrypto_word32_buf_t tag_buf = {
          .data = digest_buf.data,
          .len = digest_buf.len,
      };
      TRY(otcrypto_kmac(&current_test_vector->key,
                        current_test_vector->input_msg,
                        current_test_vector->cust_str,
                        current_test_vector->digest.len, tag_buf));
      break;
    }
    default: {
      LOG_INFO("Unrecognized `operation` field: 0x%04x",
               current_test_vector->test_operation);
      return INVALID_ARGUMENT();
    }
  }
 
  TRY_CHECK_ARRAYS_EQ((unsigned char *)digest_buf.data,
                      current_test_vector->digest.data,
                      current_test_vector->digest.len);
  return OTCRYPTO_OK;
}
 
OTTF_DEFINE_TEST_CONFIG();
bool test_main(void) {
  LOG_INFO("Testing cryptolib KMAC driver.");
 
  // Initialize the core with default parameters
  CHECK_STATUS_OK(entropy_complex_init());
  CHECK_STATUS_OK(kmac_hwip_default_configure());
 
  status_t test_result = OK_STATUS();
  for (size_t i = 0; i < ARRAYSIZE(kKmacTestVectors); i++) {
    current_test_vector = &kKmacTestVectors[i];
    LOG_INFO("Running test %d of %d, test vector identifier: %s", i + 1,
             ARRAYSIZE(kKmacTestVectors),
             current_test_vector->vector_identifier);
    EXECUTE_TEST(test_result, run_test_vector);
  }
  return status_ok(test_result);
}