[pentest] Add crypto version

sw/device/tests/penetrationtests/firmware/fi/BUILD

@@ -76,6 +76,7 @@ cc_library(
         "//sw/device/lib/base:math",
         "//sw/device/lib/base:memory",
         "//sw/device/lib/base:status",
+        "//sw/device/lib/crypto/impl:cryptolib_build_info",
         "//sw/device/lib/crypto/impl:ecc_p256",
         "//sw/device/lib/crypto/impl:ecc_p384",
         "//sw/device/lib/crypto/impl:integrity",
@@ -105,6 +106,7 @@ cc_library(
         "//sw/device/lib/base:status",
         "//sw/device/lib/crypto/impl:aes",
         "//sw/device/lib/crypto/impl:aes_gcm",
+        "//sw/device/lib/crypto/impl:cryptolib_build_info",
         "//sw/device/lib/crypto/impl:drbg",
         "//sw/device/lib/crypto/impl:hmac",
         "//sw/device/lib/crypto/impl:integrity",

sw/device/tests/penetrationtests/firmware/fi/cryptolib_fi_asym.c

@@ -6,6 +6,8 @@
 
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/lib/base/status.h"
+#include "sw/device/lib/crypto/drivers/cryptolib_build_info.h"
+#include "sw/device/lib/crypto/include/cryptolib_build_info.h"
 #include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/ottf_test_config.h"
 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
@@ -509,7 +511,18 @@ status_t handle_cryptolib_fi_asym_init(ujson_t *uj) {
   TRY(pentest_send_sku_config(uj));
 
   /////////////// STUB START ///////////////
-  // Add things like versioning.
+  uint32_t version;
+  bool released;
+  uint32_t build_hash_low;
+  uint32_t build_hash_high;
+  TRY(otcrypto_build_info(&version, &released, &build_hash_low,
+                          &build_hash_high));
+  char cryptolib_version[150];
+  memset(cryptolib_version, '\0', sizeof(cryptolib_version));
+  base_snprintf(cryptolib_version, sizeof(cryptolib_version),
+                "CRYPTO version %08x, released %s, hash %08x%08x", version,
+                released ? "true" : "false", build_hash_high, build_hash_low);
+  RESP_OK(ujson_serialize_string, uj, cryptolib_version);
   /////////////// STUB END ///////////////
 
   return OK_STATUS();

sw/device/tests/penetrationtests/firmware/fi/cryptolib_fi_sym.c

@@ -6,6 +6,8 @@
 
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/lib/base/status.h"
+#include "sw/device/lib/crypto/drivers/cryptolib_build_info.h"
+#include "sw/device/lib/crypto/include/cryptolib_build_info.h"
 #include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/ottf_test_config.h"
 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
@@ -223,7 +225,18 @@ status_t handle_cryptolib_fi_sym_init(ujson_t *uj) {
   TRY(pentest_send_sku_config(uj));
 
   /////////////// STUB START ///////////////
-  // Add things like versioning.
+  uint32_t version;
+  bool released;
+  uint32_t build_hash_low;
+  uint32_t build_hash_high;
+  TRY(otcrypto_build_info(&version, &released, &build_hash_low,
+                          &build_hash_high));
+  char cryptolib_version[150];
+  memset(cryptolib_version, '\0', sizeof(cryptolib_version));
+  base_snprintf(cryptolib_version, sizeof(cryptolib_version),
+                "CRYPTO version %08x, released %s, hash %08x%08x", version,
+                released ? "true" : "false", build_hash_high, build_hash_low);
+  RESP_OK(ujson_serialize_string, uj, cryptolib_version);
   /////////////// STUB END ///////////////
 
   return OK_STATUS();

sw/device/tests/penetrationtests/firmware/sca/BUILD

@@ -73,6 +73,7 @@ cc_library(
         "//sw/device/lib/base:math",
         "//sw/device/lib/base:memory",
         "//sw/device/lib/base:status",
+        "//sw/device/lib/crypto/impl:cryptolib_build_info",
         "//sw/device/lib/crypto/impl:ecc_p256",
         "//sw/device/lib/crypto/impl:ecc_p384",
         "//sw/device/lib/crypto/impl:integrity",
@@ -102,6 +103,7 @@ cc_library(
         "//sw/device/lib/base:status",
         "//sw/device/lib/crypto/impl:aes",
         "//sw/device/lib/crypto/impl:aes_gcm",
+        "//sw/device/lib/crypto/impl:cryptolib_build_info",
         "//sw/device/lib/crypto/impl:drbg",
         "//sw/device/lib/crypto/impl:hmac",
         "//sw/device/lib/crypto/impl:integrity",

sw/device/tests/penetrationtests/firmware/sca/cryptolib_sca_asym.c

@@ -6,6 +6,8 @@
 
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/lib/base/status.h"
+#include "sw/device/lib/crypto/drivers/cryptolib_build_info.h"
+#include "sw/device/lib/crypto/include/cryptolib_build_info.h"
 #include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/ottf_test_config.h"
 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
@@ -865,7 +867,18 @@ status_t handle_cryptolib_sca_asym_init(ujson_t *uj) {
   TRY(pentest_send_sku_config(uj));
 
   /////////////// STUB START ///////////////
-  // Add things like versioning.
+  uint32_t version;
+  bool released;
+  uint32_t build_hash_low;
+  uint32_t build_hash_high;
+  TRY(otcrypto_build_info(&version, &released, &build_hash_low,
+                          &build_hash_high));
+  char cryptolib_version[150];
+  memset(cryptolib_version, '\0', sizeof(cryptolib_version));
+  base_snprintf(cryptolib_version, sizeof(cryptolib_version),
+                "CRYPTO version %08x, released %s, hash %08x%08x", version,
+                released ? "true" : "false", build_hash_high, build_hash_low);
+  RESP_OK(ujson_serialize_string, uj, cryptolib_version);
   /////////////// STUB END ///////////////
 
   return OK_STATUS();

sw/device/tests/penetrationtests/firmware/sca/cryptolib_sca_sym.c

@@ -6,6 +6,8 @@
 
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/lib/base/status.h"
+#include "sw/device/lib/crypto/drivers/cryptolib_build_info.h"
+#include "sw/device/lib/crypto/include/cryptolib_build_info.h"
 #include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/ottf_test_config.h"
 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
@@ -917,7 +919,18 @@ status_t handle_cryptolib_sca_sym_init(ujson_t *uj) {
   TRY(pentest_send_sku_config(uj));
 
   /////////////// STUB START ///////////////
-  // Add things like versioning.
+  uint32_t version;
+  bool released;
+  uint32_t build_hash_low;
+  uint32_t build_hash_high;
+  TRY(otcrypto_build_info(&version, &released, &build_hash_low,
+                          &build_hash_high));
+  char cryptolib_version[150];
+  memset(cryptolib_version, '\0', sizeof(cryptolib_version));
+  base_snprintf(cryptolib_version, sizeof(cryptolib_version),
+                "CRYPTO version %08x, released %s, hash %08x%08x", version,
+                released ? "true" : "false", build_hash_high, build_hash_low);
+  RESP_OK(ujson_serialize_string, uj, cryptolib_version);
   /////////////// STUB END ///////////////
 
   return OK_STATUS();

sw/host/penetrationtests/python/fi/communication/fi_asym_cryptolib_commands.py

@@ -5,6 +5,7 @@
 
 Communication with OpenTitan happens over the uJSON command interface.
 """
+
 import json
 import time
 from sw.host.penetrationtests.python.util import common_library
@@ -51,6 +52,7 @@ def init(
         boot_log = self.target.read_response()
         boot_measurements = self.target.read_response()
         version = self.target.read_response()
+        cryptolib_version = self.target.read_response()
         return (
             device_id,
             sensors,
@@ -59,6 +61,7 @@ def init(
             boot_log,
             boot_measurements,
             version,
+            cryptolib_version,
         )
 
     def handle_rsa_enc(

sw/host/penetrationtests/python/fi/communication/fi_sym_cryptolib_commands.py

@@ -5,6 +5,7 @@
 
 Communication with OpenTitan happens over the uJSON command interface.
 """
+
 import json
 import time
 from sw.host.penetrationtests.python.util import common_library
@@ -51,6 +52,7 @@ def init(
         boot_log = self.target.read_response()
         boot_measurements = self.target.read_response()
         version = self.target.read_response()
+        cryptolib_version = self.target.read_response()
         return (
             device_id,
             sensors,
@@ -59,6 +61,7 @@ def init(
             boot_log,
             boot_measurements,
             version,
+            cryptolib_version,
         )
 
     def handle_aes(
@@ -94,9 +97,7 @@ def handle_aes(
         }
         self.target.write(json.dumps(input_data).encode("ascii"))
 
-    def handle_cmac(
-        self, data, data_len, key, key_len, iv, cfg, trigger
-    ) -> None:
+    def handle_cmac(self, data, data_len, key, key_len, iv, cfg, trigger) -> None:
         """Call the cryptolib CMAC.
 
         Args:
@@ -186,7 +187,15 @@ def handle_hmac(
         self.target.write(json.dumps(input_data).encode("ascii"))
 
     def handle_drbg_reseed(
-        self, entropy, entropy_len, nonce, nonce_len, reseed_interval, mode, cfg, trigger
+        self,
+        entropy,
+        entropy_len,
+        nonce,
+        nonce_len,
+        reseed_interval,
+        mode,
+        cfg,
+        trigger,
     ) -> None:
         """Call the cryptolib DRBG to reseed.
 
@@ -240,9 +249,7 @@ def handle_drbg_generate(
         }
         self.target.write(json.dumps(input_data).encode("ascii"))
 
-    def handle_trng_init(
-        self, mode, cfg, trigger
-    ) -> None:
+    def handle_trng_init(self, mode, cfg, trigger) -> None:
         """Call the cryptolib TRNG to init.
 
         Args:
@@ -259,9 +266,7 @@ def handle_trng_init(
         }
         self.target.write(json.dumps(input_data).encode("ascii"))
 
-    def handle_trng_generate(
-        self, cfg, trigger
-    ) -> None:
+    def handle_trng_generate(self, cfg, trigger) -> None:
         """Call the cryptolib TRNG to generate randomness.
 
         Args: