Add HMAC stop/continue commands & endian swaps #88
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AlexJones0
force-pushed
the
hmac_updates
branch
from
ddeed36 to
baf1f02
Compare
AlexJones0
force-pushed
the
hmac_updates
branch
from
baf1f02 to
851169d
Compare
|
(adding Loïc as a reviewer, since he better knows the HMAC implementation than I do) |
AlexJones0
force-pushed
the
hmac_updates
branch
2 times, most recently
from
b439c6e to
97f4cce
Compare
rivos-eblot
reviewed
Dec 10, 2024
AlexJones0
force-pushed
the
hmac_updates
branch
from
97f4cce to
5ecfe46
Compare
rivos-eblot
requested changes
Dec 11, 2024
There was a problem hiding this comment.
Very sorry. I missed this point last time:
Can you add the component the change applies to in the commit message:
[ot] hw/opentitan: ot_hmac: <msg>
I think it would be nice to add this kind of checks in the CI BTW (I never took the time to implement this...)
Otherwise, LGTM.
Digest write-back allows the state of a partial HMAC SHA256 operation to be read from the DIGEST registers, supporting the addition of STOP/CONTINUE commands to save and restore partial states. Also extracts the `sha256_...` calls into separate `ot_hmac_...` functions to more modular functions which reduce repeated logic, and will better allow for expansion to support different key length sizes (SHA2-384/SHA2-512) in the future. Signed-off-by: Alex Jones <alex.jones@lowrisc.org>
Adds the STOP/CONTINUE commands to the OpenTitan HMAC model. These commands allow you to stop a SHA/HMAC hash after the next full round of hashing/compression, and retrieve the partial digest so that this context can be restored later and computation can continue. This lets users stop/start the HMAC as needed, and better cache hash computations. To correctly implement these commands, in addition to writing back the partial intermediary digests of the `sha_process` operations, additional conditional logic is introduced on stop commands for only processing the FIFO until the next hash block boundary, and an additional check is added to the `process` call for the hash being completed. Note that this commit still hard-codes for SHA256, and does not update the corresponding DIGEST / MESSAGE LENGTH registers to be writable. Signed-off-by: Alex Jones <alex.jones@lowrisc.org>
…implement key swap This commit adds the checks and functionality for writing to the HMAC MESSAGE_LENGTH and DIGEST registers whilst the HMAC is not active and the SHA Engine is disabled, to permit the restoration of saved contexts (partial computations) using the STOP and CONTINUE commands. Also implements the KEY_SWAP config option, which now makes the default configuration use little endian key values, and allows you to use big endian key values as before by setting the relevant config field to 1. Signed-off-by: Alex Jones <alex.jones@lowrisc.org>
Reports `IDLE` in the status register if no command is currently being processed (i.e. no START/CONTINUE/PROCESS/STOP in progress). Allows the new KEY_SWAP, DIGEST_SIZE and KEY_LENGTH fields of the config registers to be written to by stopping them from being masked out. Signed-off-by: Alex Jones <alex.jones@lowrisc.org>
AlexJones0
force-pushed
the
hmac_updates
branch
from
5ecfe46 to
149aa81
Compare
|
Force push adds the component to the commit messages, and corrects one small error (message length does not have to be >= 512 to process, that was a misunderstanding on my part). I've also now tested it on top of #86 and can see that this seems to be fixing several tests that were failing ( |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR partially updates Earlgrey's HMAC to match the latest hardware interface changes. It adds digest write-back during SHA256 processing to allow for saving and restoring of partial hash context, adds support for the
Stop/Continuecommands used to do this, and updates the supporting message length and digest registers. It also implements the new key/digest swap config fields, and makes a couple other small fixes. See the commit messages for more details.Note: the first commit 77322d9 is taken from #86, as that applies to the HMAC and is required for functional operation.
Tested against existing passing tests
hmac_enc_idle_testandhmac_smoketestand previously failing testwots_testfrommasteron OpenTitan.