[crypto] Factor out OTBN RSA testing utilities.

[jadephilipoom]

Use the same testing library for otbn_rsa_test and power_virus_systemtest. The testing library bypasses everything other than the core OTBN operation, which is helpful for tests that may have other blocks in different configurations than the cryptolib expects (e.g. entropy or HMAC).

The powervirus test is running a different RSA computation now (2K verify with slow constant computation instead of 3K verify with fast and pre-computed constant computation), so the timing of the test might change. The test doesn't run on Verilator, so I can't time it exactly. The RSA computation should get 4x faster after #19755 is merged.

At some point, it might be a good idea to use something other than RSA modexp for these two tasks, because RSA test data is kind of large and RSA decrypt takes ages. The otbn_rsa_test currently includes constant values that optionally disable testing decryption or testing large RSA sizes because decryption for large RSA takes too long. It seems to me like both these tests only really need to run some nontrivial OTBN computation, so maybe we could run something fast with small inputs instead for testing convenience. We could run the software SHA256, for example, or X25519 (the fastest asymmetric crypto routine according to current benchmarks), both of which would have much smaller input and faster execution than RSA. Anyway, this doesn't seem urgent enough for me to do it as part of this change; for now I just want to unblock #20495.

[moidx]

Hi @jadephilipoom, for power virus testing we actually want to target long running operations in OTBN so that we can load and run other peripherals in parallel. The ideal test would stress the power consumption of OTBN, any other tests you may recommend besides RSA would be good to incorporate in the future.

[jadephilipoom]

Hi @jadephilipoom, for power virus testing we actually want to target long running operations in OTBN so that we can load and run other peripherals in parallel. The ideal test would stress the power consumption of OTBN, any other tests you may recommend besides RSA would be good to incorporate in the future.

Hmm, is the goal to run the longest-running OTBN operation we can, or is the goal to keep OTBN drawing maximum power for the duration of the tests that the other crypto blocks are running? Also, should it be a deterministic routine, so that OTBN is never idle waiting for entropy, potentially using less power?

• If it should run for the maximum length of time and can be non-deterministic, I recommend RSA key generation, which will run for several seconds on average but does wait for entropy quite a bit.
• If it should run for the maximum length of time but never wait for entropy, I recommend an ECDSA-P384 signature verification, which will take significantly longer than RSA.
• If it should run about as long as the other crypto blocks, then I recommend SHA-256 or SHA-512, which should easily take as long or longer than the other tests and are deterministic. They have the added bonus that the test could adjust their timing by hashing more or less data.