-
Notifications
You must be signed in to change notification settings - Fork 731
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[otbn/sca] Add new sca features for otbn_ecdsa_256 #16899
Conversation
This is to enable receiving of the shares of the secret inputs from the Python side. Tested on FPGA with Husky. It seems to be working. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @bilgiday , this looks mostly good.
sw/device/sca/ecc_serial.c
Outdated
@@ -202,15 +249,6 @@ static void p256_ecdsa_sign(const uint32_t *msg, const uint32_t *private_key_d, | |||
*/ | |||
static void ecc256_ecdsa(const uint8_t *ecc256_secret_k_bytes, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function has a description in the comment above that also needs to be aligned.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In addition, both the ecc256_secret_k_bytes
and secret_k_len
arguments are no longer used. So they should probably be removed from the function declaration/header.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The first point here (aligning function documentation) is still open. Can you please address this, too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, good catch, thanks! I updated the function documentation too.
e97c680
to
f73a66b
Compare
@@ -157,33 +203,28 @@ static void p256_ecdsa_sign(const uint32_t *msg, const uint32_t *private_key_d, | |||
uint32_t *signature_r, uint32_t *signature_s, | |||
const uint32_t *k) { | |||
uint32_t mode = 1; // mode 1 => sign | |||
LOG_INFO("Copy data"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you don't technically need to remove these LOG_INFO
calls, since the trigger only actually gets set when otbn_execute()
is called. You just need to remove the ones after otbn_execute()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, you are right. Previously, I put LOG_INFO
calls to solve an issue. Now, they are kind of useless. In the new version, I converted them into comments for code readability. Would it be okay for you?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the past we noticed that such outputs in the hot paths had a significant effect on throughput. I think it's ok to leave them out unless there is a particular reason we want them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, I agree it's fine to remove them anyway.
sw/device/sca/ecc_serial.c
Outdated
SS_CHECK(otbn_dmem_write(kEcc256NumWords, msg, kOtbnVarMsg) == kOtbnErrorOk); | ||
// Send two sahres of private_key_d to OTBN |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit:
// Send two sahres of private_key_d to OTBN | |
// Send two shares of private_key_d to OTBN |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks! fixed it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From my side this looks good, thanks for addressing the comments @bilgiday !
There is one minor thing open (update function description). I think it's in general very important to keep code comments up to date. Otherwise they are a bit useless.
f73a66b
to
58b32ca
Compare
@@ -157,33 +203,28 @@ static void p256_ecdsa_sign(const uint32_t *msg, const uint32_t *private_key_d, | |||
uint32_t *signature_r, uint32_t *signature_s, | |||
const uint32_t *k) { | |||
uint32_t mode = 1; // mode 1 => sign | |||
LOG_INFO("Copy data"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the past we noticed that such outputs in the hot paths had a significant effect on throughput. I think it's ok to leave them out unless there is a particular reason we want them.
.bss | ||
.data | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bilgiday @jadephilipoom Can you check the size of the binary? IIUC this change will put these constants in the OTBN binary which will increase the size of anything that it will be linked into.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Alphan, good point. Let me provide more context here:
I made that change to be able to run the p256_ecdsa_sca.s
in the OTBNsim; I was getting compilation errors when I use .bss
. I thought that change would be okay because we are using this binary only for side-channel analysis, and we are not linking it to any production code.
In this context, would it be okay to keep the .data
as it is?
sw/otbn/crypto/p256_ecdsa_sca.s
Outdated
|
||
/* message digest */ | ||
.globl msg | ||
.balign 32 | ||
msg: | ||
.zero 32 | ||
/*"Hello OTBN."*/ | ||
/* Word-order: The word with the lowest index is last */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was surprised when I first read this but I think the comment (all occurences) needs to be fixed:
/* Word-order: The word with the lowest index is last */ | |
/* Word-order: The word with the lowest index is first */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, the comment was misleading and redundant. I removed that comment. Instead, I just keep the value I intend to set. For example, /* msg = 0x06d71207...4456fd21 */
.
Enable OTBNsim simulation of p256_ecdsa_sca.s, and enable receiving of all secret input shares(k0, k1, d0, d1) from the host-side Python code. *.s file: - Change file to enable OTBNsim simulation. - Set default values for k0, k1, msg, x, y, d0, d1. - This values can be modified to compare the OTBNsim results to FPGA results. *.c file: - Remove all the LOG_INFO between the two triggers to make sure the measured ECDSA operation's timing will be same for all runsi. - Enable receiving of k0, k1, d0, d1 from the host-side Python code. - Add a new simpleserial command ('k') to separate the start_ecdsa,'p', and set secret scalar 'k'. Signed-off-by: Bilgiday Yuce <bilgiday@google.com>
58b32ca
to
f82ea0c
Compare
Enable OTBNsim simulation of p256_ecdsa_sca.s, and enable receiving of all secret input shares(k0, k1, d0, d1) from the host-side Python code.
*.s file:
*.c file:
Signed-off-by: Bilgiday Yuce bilgiday@google.com