Google Git
Sign in
opensecura / 3p / lowrisc / opentitan / 3f4e7e46559f187961622665eaa5a699fbf5afaa^! / .
commit3f4e7e46559f187961622665eaa5a699fbf5afaa[log] [tgz]
authorEunchan Kim <eunchan@opentitan.org>Wed May 26 20:36:23 2021 -0700
committerEunchan Kim <eunchan@opentitan.org>Thu Jun 17 06:34:09 2021 -0700
treeb28b7e407ac92dbbdd050f61568d44a83579a810
parent57054be3fc2d4d6155783b2383b5f4cddafa23a1 [diff]
[sha3] Reporting SwSequence error consistently

In previous design, SHA3 may or may not report the error for double
process commands depending on the current SHA3 state. If SHA3 state sits
in `StAbsorb` state, double `process` commands were accepted and
triggered `keccak_process` twice. (It does not harm the sha3 hashing
operation.)

This commit introduces `processing` status bit to check more than one
`process` commands while the state is in `StAbsorb`. If additional
process command is received, regardless of the state, the SHA3 reports
an error with the error code `ErrSha3SwControl`.

Signed-off-by: Eunchan Kim <eunchan@opentitan.org>

diff --git a/hw/ip/kmac/rtl/sha3.sv b/hw/ip/kmac/rtl/sha3.sv
index e935bc0..3354b9d 100644
--- a/hw/ip/kmac/rtl/sha3.sv
+++ b/hw/ip/kmac/rtl/sha3.sv

@@ -104,6 +104,11 @@
   // length is bigger than the block limit.
   logic squeezing;
 
+  // If process_i is received, the logic initiates the final absorbing process.
+  // While absorbing, the processing inticator is turned on. This signal is used
+  // to check if multiple process_i is received or not.
+  logic processing;
+
   // FSM variable
   sha3_pkg::sha3_st_e st, st_d;
 
@@ -140,6 +145,13 @@
   // Squeezing output
   assign squeezing_o = squeezing;
 
+  // processing
+  always_ff @(posedge clk_i or negedge rst_ni) begin
+    if (!rst_ni)        processing <= 1'b 0;
+    else if (process_i) processing <= 1'b 1;
+    else if (absorbed)  processing <= 1'b 0;
+  end
+
   assign block_processed_o = keccak_complete;
 
   // State connection
@@ -190,7 +202,7 @@
       end
 
       StAbsorb: begin
-        if (process_i) begin
+        if (process_i && !processing) begin
           st_d = StAbsorb;
 
           keccak_process = 1'b 1;
@@ -278,7 +290,7 @@
       end
 
       StAbsorb: begin
-        if (start_i || run_i || done_i) begin
+        if (start_i || run_i || done_i || (process_i && processing)) begin
           error_o = '{
             valid: 1'b 1,
             code: ErrSha3SwControl,

diff --git a/hw/ip/kmac/rtl/sha3pad.sv b/hw/ip/kmac/rtl/sha3pad.sv
index 27fb2af..80a50b8 100644
--- a/hw/ip/kmac/rtl/sha3pad.sv
+++ b/hw/ip/kmac/rtl/sha3pad.sv

@@ -777,7 +777,7 @@
   // Assumption of input mode_i and strength_i
   // SHA3 variants: SHA3-224, SHA3-256, SHA3-384, SHA3-512
   // SHAKE, cSHAKE variants: SHAKE128, SHAKE256, cSHAKE128, cSHAKE256
-  `ASSUME(ModeStrengthCombinations_M,
+  `ASSUME_FPV(ModeStrengthCombinations_M,
     start_i |->
       (mode_i == Sha3 && (strength_i inside {L224, L256, L384, L512})) ||
       ((mode_i == Shake || mode_i == CShake) && (strength_i inside {L128, L256})),