CSR MAC tests

chipsalliance · Jan 7, 2025 · 7b17355 · 7b17355
1 parent 44c8242
commit 7b17355
Showing 1 changed file with 70 additions and 0 deletions.
diff --git a/rom/dev/tests/rom_integration_tests/tests_get_idev_csr.rs b/rom/dev/tests/rom_integration_tests/tests_get_idev_csr.rs
@@ -6,6 +6,11 @@ use caliptra_common::mailbox_api::{CommandId, GetIdevCsrResp, MailboxReqHeader};
 use caliptra_drivers::MfgFlags;
 use caliptra_error::CaliptraError;
 use caliptra_hw_model::{Fuses, HwModel, ModelError};
+use caliptra_image_types::FwVerificationPqcKeyType;
+use openssl::hash::MessageDigest;
+use openssl::memcmp;
+use openssl::pkey::PKey;
+use openssl::sign::Signer;
 use zerocopy::{AsBytes, FromBytes};
 
 use crate::helpers;
@@ -84,3 +89,68 @@ fn test_get_csr_generate_csr_flag_not_set() {
     );
     assert_eq!(expected_error, response.unwrap_err());
 }
+
+#[test]
+fn test_validate_ecc_csr_mac() {
+    let (mut hw, _) =
+        helpers::build_hw_model_and_image_bundle(Fuses::default(), ImageOptions::default());
+
+    let csr_envelop = {
+        let flags = MfgFlags::GENERATE_IDEVID_CSR;
+        hw.soc_ifc()
+            .cptra_dbg_manuf_service_reg()
+            .write(|_| flags.bits());
+
+        let csr_envelop = helpers::get_csr_envelop(&mut hw).unwrap();
+
+        hw.step_until(|m| {
+            m.soc_ifc()
+                .cptra_flow_status()
+                .read()
+                .ready_for_mb_processing()
+        });
+        csr_envelop
+    };
+
+    let csr = csr_envelop.ecc_csr.csr[..csr_envelop.ecc_csr.csr_len as usize].to_vec();
+    let key = PKey::hmac(&[0u8; 48]).unwrap();
+    let mut signer = Signer::new(MessageDigest::sha384(), &key).unwrap();
+    signer.update(&csr).unwrap();
+    let hmac = signer.sign_to_vec().unwrap();
+
+    assert!(memcmp::eq(&hmac, &csr_envelop.ecc_csr_mac));
+}
+
+#[test]
+fn test_validate_mldsa_csr_mac() {
+    let image_options = ImageOptions {
+        pqc_key_type: FwVerificationPqcKeyType::MLDSA,
+        ..Default::default()
+    };
+    let (mut hw, _) = helpers::build_hw_model_and_image_bundle(Fuses::default(), image_options);
+
+    let csr_envelop = {
+        let flags = MfgFlags::GENERATE_IDEVID_CSR;
+        hw.soc_ifc()
+            .cptra_dbg_manuf_service_reg()
+            .write(|_| flags.bits());
+
+        let csr_envelop = helpers::get_csr_envelop(&mut hw).unwrap();
+
+        hw.step_until(|m| {
+            m.soc_ifc()
+                .cptra_flow_status()
+                .read()
+                .ready_for_mb_processing()
+        });
+        csr_envelop
+    };
+
+    let csr = csr_envelop.mldsa_csr.csr[..csr_envelop.mldsa_csr.csr_len as usize].to_vec();
+    let key = PKey::hmac(&[0u8; 64]).unwrap();
+    let mut signer = Signer::new(MessageDigest::sha512(), &key).unwrap();
+    signer.update(&csr).unwrap();
+    let hmac = signer.sign_to_vec().unwrap();
+
+    assert!(memcmp::eq(&hmac, &csr_envelop.mldsa_csr_mac));
+}