-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add HMAC stop/continue commands & endian swaps #88
Add HMAC stop/continue commands & endian swaps #88
Conversation
ddeed36
to
baf1f02
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
couple of minor syntax tweaks
baf1f02
to
851169d
Compare
(adding Loïc as a reviewer, since he better knows the HMAC implementation than I do) |
b439c6e
to
97f4cce
Compare
97f4cce
to
5ecfe46
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very sorry. I missed this point last time:
Can you add the component the change applies to in the commit message:
[ot] hw/opentitan: ot_hmac: <msg>
I think it would be nice to add this kind of checks in the CI BTW (I never took the time to implement this...)
Otherwise, LGTM.
Digest write-back allows the state of a partial HMAC SHA256 operation to be read from the DIGEST registers, supporting the addition of STOP/CONTINUE commands to save and restore partial states. Also extracts the `sha256_...` calls into separate `ot_hmac_...` functions to more modular functions which reduce repeated logic, and will better allow for expansion to support different key length sizes (SHA2-384/SHA2-512) in the future. Signed-off-by: Alex Jones <[email protected]>
Adds the STOP/CONTINUE commands to the OpenTitan HMAC model. These commands allow you to stop a SHA/HMAC hash after the next full round of hashing/compression, and retrieve the partial digest so that this context can be restored later and computation can continue. This lets users stop/start the HMAC as needed, and better cache hash computations. To correctly implement these commands, in addition to writing back the partial intermediary digests of the `sha_process` operations, additional conditional logic is introduced on stop commands for only processing the FIFO until the next hash block boundary, and an additional check is added to the `process` call for the hash being completed. Note that this commit still hard-codes for SHA256, and does not update the corresponding DIGEST / MESSAGE LENGTH registers to be writable. Signed-off-by: Alex Jones <[email protected]>
…implement key swap This commit adds the checks and functionality for writing to the HMAC MESSAGE_LENGTH and DIGEST registers whilst the HMAC is not active and the SHA Engine is disabled, to permit the restoration of saved contexts (partial computations) using the STOP and CONTINUE commands. Also implements the KEY_SWAP config option, which now makes the default configuration use little endian key values, and allows you to use big endian key values as before by setting the relevant config field to 1. Signed-off-by: Alex Jones <[email protected]>
Reports `IDLE` in the status register if no command is currently being processed (i.e. no START/CONTINUE/PROCESS/STOP in progress). Allows the new KEY_SWAP, DIGEST_SIZE and KEY_LENGTH fields of the config registers to be written to by stopping them from being masked out. Signed-off-by: Alex Jones <[email protected]>
5ecfe46
to
149aa81
Compare
Force push adds the component to the commit messages, and corrects one small error (message length does not have to be >= 512 to process, that was a misunderstanding on my part). I've also now tested it on top of #86 and can see that this seems to be fixing several tests that were failing ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This PR partially updates Earlgrey's HMAC to match the latest hardware interface changes. It adds digest write-back during SHA256 processing to allow for saving and restoring of partial hash context, adds support for the
Stop
/Continue
commands used to do this, and updates the supporting message length and digest registers. It also implements the new key/digest swap config fields, and makes a couple other small fixes. See the commit messages for more details.Note: the first commit 77322d9 is taken from #86, as that applies to the HMAC and is required for functional operation.
Tested against existing passing tests
hmac_enc_idle_test
andhmac_smoketest
and previously failing testwots_test
frommaster
on OpenTitan.