From f5fd8ff1a1291902ca05c6cb8fb353cafdf2c549 Mon Sep 17 00:00:00 2001 From: Pascal Nasahl Date: Fri, 13 Oct 2023 10:32:57 +0200 Subject: [PATCH] [ci] Add TVLA AES check to CI This PR runs TVLA for AES and publishes the TVLA figure as an artifact. Signed-off-by: Pascal Nasahl --- ci/azure-pipelines.yml | 14 ++++++++++- ci/{ => cfg}/ci_capture_aes_cw310.yaml | 0 .../ci_tvla_cfg_aes_specific_byte0_rnd0.yaml | 16 ++++++++++++ ci/ci_capture_aes_fvsr.sh | 2 +- ci/ci_check_aes_traces.sh | 4 +-- ci/ci_check_tvla_aes.sh | 25 +++++++++++++++++++ 6 files changed, 57 insertions(+), 4 deletions(-) rename ci/{ => cfg}/ci_capture_aes_cw310.yaml (100%) create mode 100644 ci/cfg/ci_tvla_cfg_aes_specific_byte0_rnd0.yaml create mode 100755 ci/ci_check_tvla_aes.sh diff --git a/ci/azure-pipelines.yml b/ci/azure-pipelines.yml index d45f0dbeb..c70bd2467 100644 --- a/ci/azure-pipelines.yml +++ b/ci/azure-pipelines.yml @@ -41,4 +41,16 @@ jobs: displayName: "Upload plot of captured AES traces." - publish: ./ci/ci_projects/opentitan_simple_aes.zip artifact: project_traces_aes - displayName: "Upload project of captured AES traces." \ No newline at end of file + displayName: "Upload project of captured AES traces." + - bash: | + pushd ci + ./ci_check_tvla_aes.sh + if [ $? -ne 0 ]; then + exit 1 + fi + popd + displayName: "Check AES TVLA" + continueOnError: True + - publish: ./ci/tmp/figures + artifact: tvla_figure + displayName: "Upload figure of AES TVLA." \ No newline at end of file diff --git a/ci/ci_capture_aes_cw310.yaml b/ci/cfg/ci_capture_aes_cw310.yaml similarity index 100% rename from ci/ci_capture_aes_cw310.yaml rename to ci/cfg/ci_capture_aes_cw310.yaml diff --git a/ci/cfg/ci_tvla_cfg_aes_specific_byte0_rnd0.yaml b/ci/cfg/ci_tvla_cfg_aes_specific_byte0_rnd0.yaml new file mode 100644 index 000000000..f8e1aefd7 --- /dev/null +++ b/ci/cfg/ci_tvla_cfg_aes_specific_byte0_rnd0.yaml @@ -0,0 +1,16 @@ +project_file: ci_projects/opentitan_simple_aes +trace_file: null +trace_start: null +trace_end: null +leakage_file: null +save_to_disk: null +save_to_disk_ttest: null +round_select: 0 +byte_select: 0 +input_histogram_file: null +output_histogram_file: null +number_of_steps: 1 +ttest_step_file: null +plot_figures: true +general_test: false +mode: aes diff --git a/ci/ci_capture_aes_fvsr.sh b/ci/ci_capture_aes_fvsr.sh index 8c4d75d71..2866e43e7 100755 --- a/ci/ci_capture_aes_fvsr.sh +++ b/ci/ci_capture_aes_fvsr.sh @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 # Simple script to test AES fvsr-key capture -../cw/capture.py --cfg-file ci_capture_aes_cw310.yaml capture aes-fvsr-key-batch +../cw/capture.py --cfg-file cfg/ci_capture_aes_cw310.yaml capture aes-fvsr-key-batch if [ -d "./ci_projects/opentitan_simple_aes_data" ]; then echo "Directory ./ci_projects/opentitan_simple_aes_data exists" diff --git a/ci/ci_check_aes_traces.sh b/ci/ci_check_aes_traces.sh index 9ae35e64c..aa48b1536 100755 --- a/ci/ci_check_aes_traces.sh +++ b/ci/ci_check_aes_traces.sh @@ -17,8 +17,8 @@ ARGS="--force-program-bitstream" for test in ${!aes_test_list[@]}; do echo Testing ${test} on CW310 - `date` NUM_TRACES=${aes_test_list[${test}]} - ../cw/capture.py --cfg-file ci_capture_aes_cw310.yaml capture ${test} \ - --num-traces ${NUM_TRACES} ${ARGS} &>> "tmp/test_capture.log" + ../cw/capture.py --cfg-file cfg/ci_capture_aes_cw310.yaml capture ${test} \ + --num-traces ${NUM_TRACES} ${ARGS} mv ./ci_projects/sample_traces_${MODE}.html tmp/${test}_traces.html ARGS="" diff --git a/ci/ci_check_tvla_aes.sh b/ci/ci_check_tvla_aes.sh new file mode 100755 index 000000000..924a544f2 --- /dev/null +++ b/ci/ci_check_tvla_aes.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# Copyright lowRISC contributors. +# Licensed under the Apache License, Version 2.0, see LICENSE for details. +# SPDX-License-Identifier: Apache-2.0 + +# Simple script to test AES capture. +mkdir -p tmp + +# AES +MODE="aes" +BOARD=cw310 +declare -A aes_test_list +aes_test_list["aes-random"]=100 + +ARGS="--force-program-bitstream" +for test in ${!aes_test_list[@]}; do + echo Testing ${test} on CW310 - `date` + NUM_TRACES=${aes_test_list[${test}]} + ../cw/capture.py --cfg-file cfg/ci_capture_aes_cw310.yaml capture ${test} \ + --num-traces ${NUM_TRACES} ${ARGS} + ../cw/tvla.py --cfg-file cfg/ci_tvla_cfg_aes_specific_byte0_rnd0.yaml \ + run-tvla + ARGS="" +done