Work in progress compliance test development framework.
This is the general methodology for generating the compliance tests for the Scalar Crypto ISE.
- Implement the ISE in Spike
- Implement the ISE in SAIL
- Create a simple host-agonistic test harness to generate input/output test
vectors. This is found in
tests/kat-gen. - Run the harness on Spike and SAIL, checking for diffs and fixing as
appropriate. Again, see
tests/kat-gen/README.mdfor an explanation of this. - Other TG members run the same harness on their implementations, and diff against the same output from SAIL/Spike. If everything matches, we can be confident that we have all implemented the same thing.
- If we are all confident our implementations are correct, the compliance tests are generated from the test harness.
- The generated compliance tests can then be re-run on all of our various implementations as a final check.
Once the first set of compliance test vectors are generated, we can all use the existing riscv-compliance framework rather than the hacky kat-generator tool. The kat-generator is just there to bootstrap the process.
-
Make sure that you are in the root of the
riscv-cryptorepository, and run the workspace setup script:source bin/conf.shThis makes sure that the
spikeandsailsimulators (if they are built) are in the$PATH, which is needed by the compliance framework. -
Ensure the riscv-compliance sub-module is checked out:
git submodule update --init extern/riscv-compliance -
The compliance tests are currently maintained as a patch to a known-good commit of the riscv-compliance repository. Once the riscv-compliance repo submodule is checked out, the following commands can be used to manage the patch.
-
Apply the patch to the submodule:
make -C tests/compliance compliance-apply-patchThis applies the
tests/compliance/riscv-compliance.patchto the submodule, and stages the modifications. -
Revert the patch:
make -C tests/compliance compliance-revert-patchThis puts the riscv-compliance sub-module pack to an un-modified state.
-
Update the patch:
make -C tests/compliance compliance-update-patchThis takes all of the staged changes in the riscv-compliance submodule, and updates the patch file in the riscv-crypto repository.
-
-
Run:
make -C extern/riscv-compliance RISCV_TARGET=<target> RISCV_DEVICE=<device> RISCV_PREFIX=riscv64-unknown-elf
Where:
-
targetis one ofspike,sail-riscv-corsail-riscv-ocamland
-
deviceisrv32ikorrv64ik, indicating the base 32/64-bit integer ISA, with support for the Crypto extension.
-
-
Alternativley, run these short commands:
make -C tests/compliance compliance-run-spike-rv32 make -C tests/compliance compliance-run-sail-csim-rv32 make -C tests/compliance compliance-run-sail-ocaml-rv32 make -C tests/compliance compliance-run-spike-rv64 make -C tests/compliance compliance-run-sail-csim-rv64 make -C tests/compliance compliance-run-sail-ocaml-rv64 make -C tests/compliance compliance-run-all
Which just wrap up the above long-form commands and run all of the available compliance tests.
You will need python3 and the Jinja2 templating engine to run the test generation process.
-
Run the KAT generator (see
tests/kat-generatorfor instructions) to create a set of input/output vectors for every instruciton. -
Generate example outputs from your trusted simulator. We will use SAIL in this example.
make -C tests/compliance compliance-generate-rv32ik make -C tests/compliance compliance-run-sail-csim-rv32
-
Ignore any reported test failures, and copy the generated test signatures into the reference signatures directory:
make -C tests/compliance compliance-update-signatures-rv32ik -
Now, run a different simulator or target against the newly generated reference signatures to check they agree. Here, we run the SAIL OCaml simulator and Spike.
make -C tests/compliance compliance-run-sail-ocaml-rv32 make -C tests/compliance compliance-run-spike-rv32
If they don't agree, one (or both) of the simualtors is defintley wrong.
-
The same process can be run, substituting
rv32forrv64in all cases.