[otbn/sca] Add new sca features for otbn_ecdsa_256 #16899
Conversation
|
This is to enable receiving of the shares of the secret inputs from the Python side. Tested on FPGA with Husky. It seems to be working. |
sw/device/sca/ecc_serial.c
Outdated
| @@ -202,15 +249,6 @@ static void p256_ecdsa_sign(const uint32_t *msg, const uint32_t *private_key_d, | |||
| */ | |||
| static void ecc256_ecdsa(const uint8_t *ecc256_secret_k_bytes, | |||
There was a problem hiding this comment.
This function has a description in the comment above that also needs to be aligned.
There was a problem hiding this comment.
In addition, both the ecc256_secret_k_bytes and secret_k_len arguments are no longer used. So they should probably be removed from the function declaration/header.
There was a problem hiding this comment.
The first point here (aligning function documentation) is still open. Can you please address this, too?
There was a problem hiding this comment.
Ah, good catch, thanks! I updated the function documentation too.
bilgiday
force-pushed
the
otbn-sca-latest
branch
from
e97c680
to
f73a66b
Compare
bilgiday
requested review from
alphan,
jadephilipoom,
a team and
vogelpi
and removed request for
a team
| @@ -157,33 +203,28 @@ static void p256_ecdsa_sign(const uint32_t *msg, const uint32_t *private_key_d, | |||
| uint32_t *signature_r, uint32_t *signature_s, | |||
| const uint32_t *k) { | |||
| uint32_t mode = 1; // mode 1 => sign | |||
| LOG_INFO("Copy data"); | |||
There was a problem hiding this comment.
I think you don't technically need to remove these LOG_INFO calls, since the trigger only actually gets set when otbn_execute() is called. You just need to remove the ones after otbn_execute().
There was a problem hiding this comment.
Yep, you are right. Previously, I put LOG_INFO calls to solve an issue. Now, they are kind of useless. In the new version, I converted them into comments for code readability. Would it be okay for you?
There was a problem hiding this comment.
In the past we noticed that such outputs in the hot paths had a significant effect on throughput. I think it's ok to leave them out unless there is a particular reason we want them.
There was a problem hiding this comment.
Yep, I agree it's fine to remove them anyway.
sw/device/sca/ecc_serial.c
Outdated
| SS_CHECK(otbn_dmem_write(kEcc256NumWords, msg, kOtbnVarMsg) == kOtbnErrorOk); | ||
| // Send two sahres of private_key_d to OTBN |
There was a problem hiding this comment.
nit:
| // Send two sahres of private_key_d to OTBN | |
| // Send two shares of private_key_d to OTBN |
There was a problem hiding this comment.
From my side this looks good, thanks for addressing the comments @bilgiday !
There is one minor thing open (update function description). I think it's in general very important to keep code comments up to date. Otherwise they are a bit useless.
bilgiday
force-pushed
the
otbn-sca-latest
branch
from
f73a66b
to
58b32ca
Compare
| @@ -157,33 +203,28 @@ static void p256_ecdsa_sign(const uint32_t *msg, const uint32_t *private_key_d, | |||
| uint32_t *signature_r, uint32_t *signature_s, | |||
| const uint32_t *k) { | |||
| uint32_t mode = 1; // mode 1 => sign | |||
| LOG_INFO("Copy data"); | |||
There was a problem hiding this comment.
In the past we noticed that such outputs in the hot paths had a significant effect on throughput. I think it's ok to leave them out unless there is a particular reason we want them.
| .bss | ||
| .data | ||
|
|
There was a problem hiding this comment.
@bilgiday @jadephilipoom Can you check the size of the binary? IIUC this change will put these constants in the OTBN binary which will increase the size of anything that it will be linked into.
There was a problem hiding this comment.
Thanks Alphan, good point. Let me provide more context here:
I made that change to be able to run the p256_ecdsa_sca.s in the OTBNsim; I was getting compilation errors when I use .bss. I thought that change would be okay because we are using this binary only for side-channel analysis, and we are not linking it to any production code.
In this context, would it be okay to keep the .data as it is?
sw/otbn/crypto/p256_ecdsa_sca.s
Outdated
|
|
||
| /* message digest */ | ||
| .globl msg | ||
| .balign 32 | ||
| msg: | ||
| .zero 32 | ||
| /*"Hello OTBN."*/ | ||
| /* Word-order: The word with the lowest index is last */ |
There was a problem hiding this comment.
I was surprised when I first read this but I think the comment (all occurences) needs to be fixed:
| /* Word-order: The word with the lowest index is last */ | |
| /* Word-order: The word with the lowest index is first */ |
There was a problem hiding this comment.
Thanks, the comment was misleading and redundant. I removed that comment. Instead, I just keep the value I intend to set. For example, /* msg = 0x06d71207...4456fd21 */.
Enable OTBNsim simulation of p256_ecdsa_sca.s, and enable receiving of
all secret input shares(k0, k1, d0, d1) from the host-side Python code.
*.s file:
- Change file to enable OTBNsim simulation.
- Set default values for k0, k1, msg, x, y, d0, d1.
- This values can be modified to compare the OTBNsim results to FPGA
results.
*.c file:
- Remove all the LOG_INFO between the two triggers to make sure the
measured ECDSA operation's timing will be same for all runsi.
- Enable receiving of k0, k1, d0, d1 from the host-side Python code.
- Add a new simpleserial command ('k') to separate the
start_ecdsa,'p', and set secret scalar 'k'.
Signed-off-by: Bilgiday Yuce <bilgiday@google.com>
bilgiday
force-pushed
the
otbn-sca-latest
branch
from
58b32ca
to
f82ea0c
Compare
Enable OTBNsim simulation of p256_ecdsa_sca.s, and enable receiving of all secret input shares(k0, k1, d0, d1) from the host-side Python code.
*.s file:
*.c file:
Signed-off-by: Bilgiday Yuce bilgiday@google.com