[prim_sha2_pad, hmac] Don't allow skipping the padding after stopping a hash operation #23936

vogelpi · 2024-07-05T14:02:17Z

Description

During coverage closure for V2S, @martin-velay and @gdessouky noted that there are some uncovered FSM transitions inside prim_sha2_pad:

StLenHi -> StFifoReceive
StLenLo -> StFifoReceive
StPad00 -> StFifoReceive
StPad80 -> StFifoReceive

An inspection of the RTL reveals that these transtions can be covered by something like the following sequence:

Trigger and message and make prim_sha2_pad go into any the StPad80 / StPad00 / StLenHi / StLenLo states. As a result of this cfg_block will assert and any future reg_hash_start / reg_hash_continue won't be forwarded to prim_sha2_pad.
Trigger a reg_hash_stop. This will make cfg_block go low again in the next clock cycle.
In the next clock cycle, trigger again a reg_hash_start / reg_hash_continue. This will trigger the uncovered transition.

The problematic thing with this is that after Step 2, the design should finish the hashing and then append the padding. By triggering another reg_hash_start or reg_hash_continue, software can cause the hardware to abort the padding and restart the hashing. This is not intended behavior, but software is also not expected to start another operation directly after stopping one. Instead, software is expected to wait for the hmac_done interrupt or to poll the status register to wait for the hashing and padding to finish before triggering further operations as outlined in the HMAC programmer's guide .

@andreaskurth and I concluded that this is NOT a terrible bug for Earlgrey-PROD and we will exclude the missing / buggy transitions from FSM coverage. But we should still fix this in a future release. The FSM should only be able to go back into the StFifoReceive state after finishing the padding.

The text was updated successfully, but these errors were encountered:

vogelpi · 2024-07-05T14:03:06Z

For more details, please refer to this comment.

This commit removes a conditional FSM state transition that was deemed undesirable in `prim_sha2_pad`, see lowRISC#23936. It made it possible to cancel an ongoing padding operation, which is disallowed by the HMAC module. As a side-effect, the removal plugs some existing FSM transition coverage holes in `prim_sha2_pad` whose manual exclusions can be removed as well. Signed-off-by: Andrea Caforio <[email protected]>

This commit removes a conditional FSM state transition that was deemed undesirable in `prim_sha2_pad`, see lowRISC#23936. It made it possible to cancel an ongoing padding operation, which is disallowed by the HMAC module. As a side-effect, the removal plugs some existing FSM transition coverage holes in `prim_sha2_pad` whose manual exclusions can be removed as well. Removing the conditional makes it impossible to transition into the `StFifoReceive` state from either `StPad80`, `StPad00`, `StLenHi` or `StLenLo` by asserting the `hash_go` signal. The FSM will still correctly move from `StIdle` to `StFifoReceive` as it already checks the same conditional inside its state logic whereas for `StFifoReceive` it had no effect. Signed-off-by: Andrea Caforio <[email protected]>

This commit removes some conditional FSM states transition that were deemed undesirable in `prim_sha2_pad`, see lowRISC#23936. It made it possible to cancel an ongoing padding operation, which is disallowed by the HMAC module. As a side-effect, the removal plugs some existing FSM transition coverage holes in `prim_sha2_pad` whose manual exclusions can be removed as well. This change makes it impossible to transition into the `StFifoReceive` state from either `StPad80`, `StPad00`, `StLenHi` or `StLenLo` by asserting the `hash_go` signal. Signed-off-by: Andrea Caforio <[email protected]>

This commit removes some conditional FSM states transition that were deemed undesirable in `prim_sha2_pad`, see lowRISC#23936. They made it possible to cancel an ongoing padding operation, which is disallowed by the HMAC module. This change makes it impossible to transition into the `StFifoReceive` state from either `StPad80`, `StPad00`, `StLenHi` or `StLenLo` by asserting the `hash_go` signal. Signed-off-by: Andrea Caforio <[email protected]>

This commit removes the coverage exclusions that were introduced as part of the padding cancellation bug lowRISC#23936 that was fixed in the previous commit. New exclusions are added that cover some impossible conditions and branches as identified in lowRISC#24692. Signed-off-by: Andrea Caforio <[email protected]> Co-authored-by: Martin Velay <[email protected]>

This commit removes some conditional FSM states transition that were deemed undesirable in `prim_sha2_pad`, see lowRISC#23936. They made it possible to cancel an ongoing padding operation, which is disallowed by the HMAC module. This change makes it impossible to transition into the `StFifoReceive` state from either `StPad80`, `StPad00`, `StLenHi` or `StLenLo` by asserting the `hash_go` signal. Signed-off-by: Andrea Caforio <[email protected]>

This commit removes some conditional FSM states transition that were deemed undesirable in `prim_sha2_pad`, see #23936. They made it possible to cancel an ongoing padding operation, which is disallowed by the HMAC module. This change makes it impossible to transition into the `StFifoReceive` state from either `StPad80`, `StPad00`, `StLenHi` or `StLenLo` by asserting the `hash_go` signal. Signed-off-by: Andrea Caforio <[email protected]>

vogelpi · 2024-12-20T09:37:43Z

PR #25590 which removes these undesirable FSM transitions has been merged into master now and I am thus closing this issue.

PR #25696 will remove the corresponding coverage exclusions on master. We have been doing these changes for the D3/V3 sign offs.

For earlgrey_1.0.0 the RTL and also the coverage exclusions remain untouched. If the design is operated according to the programmer's guide, there is no issue. As previously stated, triggering these previously uncovered FSM transitions is tricky if not impossible by software as it requires multiple commands to be triggered back-to-back without a single bubble cycle in between. It's extremely unrealistic to trigger this.

This commit removes some conditional FSM states transition that were deemed undesirable in `prim_sha2_pad`, see lowRISC#23936. They made it possible to cancel an ongoing padding operation, which is disallowed by the HMAC module. This change makes it impossible to transition into the `StFifoReceive` state from either `StPad80`, `StPad00`, `StLenHi` or `StLenLo` by asserting the `hash_go` signal. Signed-off-by: Andrea Caforio <[email protected]>

vogelpi added Type:Bug Bugs Component:RTL IP:hmac Type:FutureRelease Not relevant to currently planned releases/milestones labels Jul 5, 2024

vogelpi added this to the Backlog milestone Jul 5, 2024

vogelpi mentioned this issue Jul 5, 2024

[hmac,dv] Run UNR analysis #23683

Closed

gdessouky mentioned this issue Jul 6, 2024

[hmac,dv] Additional UNR exclusions #23948

Merged

vogelpi added the NoECO_IntegratePostM5 Accepted for integration post M5 label Jul 15, 2024

This was referenced Dec 4, 2024

[hmac] D3 Signoff #22638

Closed

[hmac,dv] Add new test to cover FSM transitions #25568

Merged

andrea-caforio mentioned this issue Dec 10, 2024

[hmac, rtl] Do not skip padding after a hash stop command #25590

Merged

andrea-caforio mentioned this issue Dec 18, 2024

[hmac, dv] Update coverage exclusion file #25696

Merged

vogelpi closed this as completed Dec 20, 2024

martin-velay mentioned this issue Feb 10, 2025

[hmac] V3 Signoff #22671

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[prim_sha2_pad, hmac] Don't allow skipping the padding after stopping a hash operation #23936

[prim_sha2_pad, hmac] Don't allow skipping the padding after stopping a hash operation #23936

vogelpi commented Jul 5, 2024

vogelpi commented Jul 5, 2024

vogelpi commented Dec 20, 2024

[prim_sha2_pad, hmac] Don't allow skipping the padding after stopping a hash operation #23936

[prim_sha2_pad, hmac] Don't allow skipping the padding after stopping a hash operation #23936

Comments

vogelpi commented Jul 5, 2024

Description

vogelpi commented Jul 5, 2024

vogelpi commented Dec 20, 2024