[pentest] Add ECC256 Keygen SCA test

This commit adds the ECC256 key generation side-channel
penetration test to the codebase.

The host code is located in lowRISC/ot-sca#347

Signed-off-by: Pascal Nasahl <[email protected]>

Author: nasahlpa

sw/device/sca/aes_serial.c

@@ -245,7 +245,7 @@ static void aes_encrypt(const uint8_t *plaintext, size_t plaintext_len) {
   // Using the SecAesStartTriggerDelay hardware parameter, the AES unit is
   // configured to start operation 40 cycles after receiving the start trigger.
   // This allows Ibex to go to sleep in order to not disturb the capture.
-  sca_call_and_sleep(aes_manual_trigger, kIbexAesSleepCycles, false);
+  sca_call_and_sleep(aes_manual_trigger, kIbexAesSleepCycles, false, false);
 }
 
 /**

sw/device/sca/kmac_serial.c

@@ -480,7 +480,7 @@ static void sha3_serial_absorb(const uint8_t *msg, size_t msg_len) {
   // configured to start operation 40 cycles after receiving the START and PROC
   // commands. This allows Ibex to go to sleep in order to not disturb the
   // capture.
-  sca_call_and_sleep(kmac_msg_proc, kIbexSha3SleepCycles, false);
+  sca_call_and_sleep(kmac_msg_proc, kIbexSha3SleepCycles, false, false);
 }
 
 /**

sw/device/sca/lib/BUILD

@@ -55,6 +55,7 @@ cc_library(
         "//sw/device/lib/arch:device",
         "//sw/device/lib/base:bitfield",
         "//sw/device/lib/base:macros",
+        "//sw/device/lib/crypto/drivers:otbn",
         "//sw/device/lib/dif:clkmgr",
         "//sw/device/lib/dif:csrng",
         "//sw/device/lib/dif:edn",

sw/device/sca/lib/sca.c

@@ -8,6 +8,7 @@
 #include "sw/device/lib/arch/device.h"
 #include "sw/device/lib/base/bitfield.h"
 #include "sw/device/lib/base/macros.h"
+#include "sw/device/lib/crypto/drivers/otbn.h"
 #include "sw/device/lib/dif/dif_clkmgr.h"
 #include "sw/device/lib/dif/dif_entropy_src.h"
 #include "sw/device/lib/dif/dif_gpio.h"
@@ -310,7 +311,7 @@ void sca_set_trigger_low(void) {
 }
 
 void sca_call_and_sleep(sca_callee callee, uint32_t sleep_cycles,
-                        bool sw_trigger) {
+                        bool sw_trigger, bool otbn) {
   // Disable the IO_DIV4_PERI clock to reduce noise during the actual capture.
   // This also disables the UART(s) and GPIO modules required for
   // communication with the scope. Therefore, it has to be re-enabled after
@@ -335,12 +336,16 @@ void sca_call_and_sleep(sca_callee callee, uint32_t sleep_cycles,
 
   callee();
 
+  wait_for_interrupt();
+
+  if (otbn) {
+    otbn_busy_wait_for_done();
+  }
+
   if (sw_trigger) {
     sca_set_trigger_low();
   }
 
-  wait_for_interrupt();
-
   // Re-enable IO_DIV4_PERI clock to resume communication with the scope.
   OT_DISCARD(dif_clkmgr_gateable_clock_set_enabled(
       &clkmgr, CLKMGR_CLK_ENABLES_CLK_IO_DIV4_PERI_EN_BIT, kDifToggleEnabled));

sw/device/sca/lib/sca.h

@@ -197,9 +197,10 @@ typedef void (*sca_callee)(void);
  * @param callee Function to call before putting Ibex to sleep.
  * @param sleep_cycles Number of cycles to sleep.
  * @param sw_trigger Raise trigger before calling the target function.
+ * @param otbn Wait until OTBN execution has finished.
  */
 void sca_call_and_sleep(sca_callee callee, uint32_t sleep_cycles,
-                        bool sw_trigger);
+                        bool sw_trigger, bool otbn);
 
 /**
  * Seeds the software LFSR usable e.g. for key masking.

sw/device/sca/otbn_vertical/ecc256_keygen_serial.c

@@ -204,7 +204,7 @@ static void p256_run_keygen(uint32_t mode, const uint32_t *share0,
 
   // Execute program.
   sca_set_trigger_high();
-  sca_call_and_sleep(otbn_manual_trigger, kIbexOtbnSleepCycles, false);
+  sca_call_and_sleep(otbn_manual_trigger, kIbexOtbnSleepCycles, false, false);
   SS_CHECK_STATUS_OK(otbn_busy_wait_for_done());
   sca_set_trigger_low();
 }

sw/device/sca/otbn_vertical/ecc256_modinv_serial.c

@@ -92,7 +92,7 @@ static void p256_run_modinv(uint32_t *k0, uint32_t *k1) {
 
   // Execute program.
   sca_set_trigger_high();
-  sca_call_and_sleep(otbn_manual_trigger, kIbexOtbnSleepCycles, false);
+  sca_call_and_sleep(otbn_manual_trigger, kIbexOtbnSleepCycles, false, false);
   otbn_busy_wait_for_done();
   sca_set_trigger_low();
 }

sw/device/sca/sha3_serial.c

@@ -405,7 +405,7 @@ static void sha3_serial_absorb(const uint8_t *msg, size_t msg_len) {
   // configured to start operation 40 cycles after receiving the START and PROC
   // commands. This allows Ibex to go to sleep in order to not disturb the
   // capture.
-  sca_call_and_sleep(kmac_msg_proc, kIbexSha3SleepCycles, true);
+  sca_call_and_sleep(kmac_msg_proc, kIbexSha3SleepCycles, true, false);
 }
 
 /**

sw/device/tests/penetrationtests/firmware/BUILD

@@ -19,6 +19,7 @@ FIRMWARE_DEPS_FPGA = [
     "//sw/device/tests/penetrationtests/firmware/sca:hmac_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:ibex_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:kmac_sca",
+    "//sw/device/tests/penetrationtests/firmware/sca:otbn_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:prng_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:sha3_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:trigger_sca",
@@ -57,6 +58,7 @@ FIRMWARE_DEPS_SCA = [
     "//sw/device/tests/penetrationtests/firmware/sca:hmac_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:ibex_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:kmac_sca",
+    "//sw/device/tests/penetrationtests/firmware/sca:otbn_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:prng_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:sha3_sca",
     "//sw/device/tests/penetrationtests/firmware/sca:trigger_sca",

sw/device/tests/penetrationtests/firmware/firmware.c

@@ -20,6 +20,7 @@
 #include "sw/device/tests/penetrationtests/json/ibex_sca_commands.h"
 #include "sw/device/tests/penetrationtests/json/kmac_sca_commands.h"
 #include "sw/device/tests/penetrationtests/json/otbn_fi_commands.h"
+#include "sw/device/tests/penetrationtests/json/otbn_sca_commands.h"
 #include "sw/device/tests/penetrationtests/json/prng_sca_commands.h"
 #include "sw/device/tests/penetrationtests/json/sha3_sca_commands.h"
 #include "sw/device/tests/penetrationtests/json/trigger_sca_commands.h"
@@ -33,6 +34,7 @@
 #include "sca/hmac_sca.h"
 #include "sca/ibex_sca.h"
 #include "sca/kmac_sca.h"
+#include "sca/otbn_sca.h"
 #include "sca/prng_sca.h"
 #include "sca/sha3_sca.h"
 #include "sca/trigger_sca.h"
@@ -65,6 +67,9 @@ status_t process_cmd(ujson_t *uj) {
       case kPenetrationtestCommandKmacSca:
         RESP_ERR(uj, handle_kmac_sca(uj));
         break;
+      case kPenetrationtestCommandOtbnSca:
+        RESP_ERR(uj, handle_otbn_sca(uj));
+        break;
       case kPenetrationtestCommandOtbnFi:
         RESP_ERR(uj, handle_otbn_fi(uj));
         break;