[ot] hw/opentitan: ot_hmac: Implement key/digest size regs & checks

AlexJones0 · AlexJones0 · commit 70e9305c4f55 · 2024-12-12T16:53:57.000Z
This commit implements initial register interface support for the key
length and digest size fields in the config register of OpenTitan's
HMAC. It checks that the values written are valid one-hot encodings, and
maps them as is done in current hardware if not.

This also implements some additional checks that the combination of (key
length, digest size, HMAC enable) is valid when attempting to run the
START/CONTINUE command, otherwise producing a (new type of) software
error.
diff --git a/hw/opentitan/ot_hmac.c b/hw/opentitan/ot_hmac.c
@@ -85,6 +85,7 @@ REG32(ERR_CODE, 0x1cu)
 #define R_ERR_CODE_UPDATE_SECRET_KEY_INPROCESS  0x00000003u
 #define R_ERR_CODE_HASH_START_WHEN_ACTIVE       0x00000004u
 #define R_ERR_CODE_PUSH_MSG_WHEN_DISALLOWED     0x00000005u
+#define R_ERR_CODE_INVALID_CONFIG               0x00000006u
 REG32(WIPE_SECRET, 0x20u)
 REG32(KEY_0, 0x24u)
 REG32(KEY_1, 0x28u)
@@ -259,6 +260,62 @@ struct OtHMACState {
     char *ot_id;
 };
 
+enum OtHMACDigestSize {
+    HMAC_SHA2_256,
+    HMAC_SHA2_384,
+    HMAC_SHA2_512,
+    HMAC_SHA2_NONE,
+};
+
+enum OtHMACKeyLength {
+    HMAC_KEY_128,
+    HMAC_KEY_256,
+    HMAC_KEY_384,
+    HMAC_KEY_512,
+    HMAC_KEY_1024,
+    HMAC_KEY_NONE,
+};
+
+static inline enum OtHMACDigestSize ot_hmac_get_digest_size(uint32_t cfg_reg)
+{
+    switch ((cfg_reg & R_CFG_DIGEST_SIZE_MASK) >> R_CFG_DIGEST_SIZE_SHIFT) {
+    case 0x1u:
+        return HMAC_SHA2_256;
+    case 0x2u:
+        return HMAC_SHA2_384;
+    case 0x4u:
+        return HMAC_SHA2_512;
+    case 0x8u:
+    default:
+        return HMAC_SHA2_NONE;
+    }
+}
+
+static inline enum OtHMACKeyLength ot_hmac_get_key_length(uint32_t cfg_reg)
+{
+    switch ((cfg_reg & R_CFG_KEY_LENGTH_MASK) >> R_CFG_KEY_LENGTH_SHIFT) {
+    case 0x01u:
+        return HMAC_KEY_128;
+    case 0x02u:
+        return HMAC_KEY_256;
+    case 0x04u:
+        return HMAC_KEY_384;
+    case 0x08u:
+        return HMAC_KEY_512;
+    case 0x10u:
+        return HMAC_KEY_1024;
+    case 0x20u:
+    default:
+        return HMAC_KEY_NONE;
+    }
+}
+
+static inline bool ot_hmac_key_length_supported(
+    enum OtHMACDigestSize digest_size, enum OtHMACKeyLength key_length)
+{
+    return !(digest_size == HMAC_SHA2_256 && key_length == HMAC_KEY_1024);
+}
+
 static void ot_hmac_update_irqs(OtHMACState *s)
 {
     uint32_t levels = s->regs->intr_state & s->regs->intr_enable;
@@ -589,6 +646,9 @@ static void ot_hmac_regs_write(void *opaque, hwaddr addr, uint64_t value,
     uint32_t pc = ibex_get_current_pc();
     trace_ot_hmac_io_write(s->ot_id, (uint32_t)addr, REG_NAME(reg), val32, pc);
 
+    enum OtHMACDigestSize digest_size;
+    enum OtHMACKeyLength key_length;
+
     switch (reg) {
     case R_INTR_STATE:
         s->regs->intr_state &= ~(val32 & INTR_MASK);
@@ -612,19 +672,51 @@ static void ot_hmac_regs_write(void *opaque, hwaddr addr, uint64_t value,
             break;
         }
 
-        s->regs->cfg =
-            val32 &
+        val32 &=
             (R_CFG_HMAC_EN_MASK | R_CFG_SHA_EN_MASK | R_CFG_ENDIAN_SWAP_MASK |
              R_CFG_DIGEST_SWAP_MASK | R_CFG_KEY_SWAP_MASK |
              R_CFG_DIGEST_SIZE_MASK | R_CFG_KEY_LENGTH_MASK);
 
+        /* If the digest size is invalid, it gets mapped to SHA2_NONE. */
+        digest_size = ot_hmac_get_digest_size(val32);
+        if (digest_size == HMAC_SHA2_NONE) {
+            val32 &= ~R_CFG_DIGEST_SIZE_MASK;
+            val32 |= 0x8u << R_CFG_DIGEST_SIZE_SHIFT;
+        }
+
+        /* If the key length is invalid, it gets mapped to KEY_NONE. */
+        key_length = ot_hmac_get_key_length(val32);
+        if (key_length == HMAC_KEY_NONE) {
+            val32 &= ~R_CFG_KEY_LENGTH_MASK;
+            val32 |= 0x20u << R_CFG_KEY_LENGTH_SHIFT;
+        }
+
+        s->regs->cfg = val32;
+
         /* clear digest when SHA is disabled */
         if (!(s->regs->cfg & R_CFG_SHA_EN_MASK)) {
             ot_hmac_wipe_buffer(s, s->regs->digest,
                                 ARRAY_SIZE(s->regs->digest));
         }
         break;
     case R_CMD:
+        if (val32 & (R_CMD_HASH_START_MASK | R_CMD_HASH_CONTINUE_MASK)) {
+            digest_size = ot_hmac_get_digest_size(s->regs->cfg);
+            if (digest_size == HMAC_SHA2_NONE) {
+                ot_hmac_report_error(s, R_ERR_CODE_INVALID_CONFIG);
+                break;
+            }
+
+            if (s->regs->cfg & R_CFG_HMAC_EN_MASK) {
+                key_length = ot_hmac_get_key_length(s->regs->cfg);
+                if (key_length == HMAC_KEY_NONE ||
+                    !ot_hmac_key_length_supported(digest_size, key_length)) {
+                    ot_hmac_report_error(s, R_ERR_CODE_INVALID_CONFIG);
+                    break;
+                }
+            }
+        }
+
         if (val32 & R_CMD_HASH_START_MASK) {
             if (!(s->regs->cfg & R_CFG_SHA_EN_MASK)) {
                 ot_hmac_report_error(s,
