From db8e32225000fec87450bd515c4c862ff95544b0 Mon Sep 17 00:00:00 2001
From: Andreas Kurth <adk@lowrisc.org>
Date: Tue, 23 Apr 2024 13:34:32 +0000
Subject: [PATCH] [kmac/rtl] Abort when sideload key is invalid during
 operation

The KMAC HW IP block features an option to load keys from Key Manager
via a HW key sideload interface.  Prior to this commit, KMAC would:
- when used via the SW application interface: *not check at all* if the
  sideload key is valid (issue #10704, #16855);
- when used via a HW application interface: check if the sideload key is
  valid *only for a single cycle* when the application interface gets
  configured (state `StAppCfg` in `kmac_app`).

This could lead to cases where KMAC would use an invalid sideload key.

This commit fixes the problem by checking whether the sideload key is
valid in *every* FSM state in which the sideload key is used.  If the
sideload key is invalid even for a single cycle (the FSM cannot know
whether the key is being used in this exact cycle or not), `kmac_app`'s
FSM goes into the `StKeyMgrErrKeyNotValid` state.  In that state, the
FSM signals the `keymgr_pkg::ErrKeyNotValid` error code in KMAC's
`err_code` CSR.  The FSM then transitions to the `StError` state, where
it drains data from the HW application interface by keeping
`app_o.ready` high.  The digest output remains all-zero (it can only
take a non-zero value in the `StAppWait` state).  The FSM exits the
`StError` state after SW has signalled that it has processed the error
by writing the `processed` bit in the `CFG_SHADOWED` CSR *and* the
active HW app interface has sent the last data item.

This commit resolves #10704 and implements the RTL part of #16855.
Covering this in DV remains open, although the existing tests (which
don't cover this) keep their previous pass rates.

Signed-off-by: Andreas Kurth <adk@lowrisc.org>
---
 hw/ip/kmac/rtl/kmac.sv     |  1 -
 hw/ip/kmac/rtl/kmac_app.sv | 35 +++++++++++++++++++++++++++++++++--
 2 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/hw/ip/kmac/rtl/kmac.sv b/hw/ip/kmac/rtl/kmac.sv
index 73867146168faa..88958a01b3b150 100644
--- a/hw/ip/kmac/rtl/kmac.sv
+++ b/hw/ip/kmac/rtl/kmac.sv
@@ -672,7 +672,6 @@ module kmac
   );
 
   // Error
-  // As of now, only SHA3 error exists. More error codes will be added.
 
   logic event_error;
   assign event_error = sha3_err.valid    | app_err.valid
diff --git a/hw/ip/kmac/rtl/kmac_app.sv b/hw/ip/kmac/rtl/kmac_app.sv
index 0dc144a22195cd..44b8fde8f62162 100644
--- a/hw/ip/kmac/rtl/kmac_app.sv
+++ b/hw/ip/kmac/rtl/kmac_app.sv
@@ -436,8 +436,9 @@ module kmac_app
 
           service_rejected_error_set = 1'b 1;
 
-        end else if ((AppCfg[app_id].Mode == AppKMAC) &&
-          !keymgr_key_i.valid) begin
+        end else if ((AppCfg[app_id].Mode == AppKMAC) && !keymgr_key_i.valid) begin
+          // The current HW application interface does *keyed* MAC but the key to be used is not
+          // valid, so abort into the invalid key error state.
           st_d = StKeyMgrErrKeyNotValid;
 
           // As mux_sel is not set to SelApp, app_data_ready is still 0.
@@ -463,6 +464,12 @@ module kmac_app
         end else begin
           st_d = StAppMsg;
         end
+
+        // The current HW application interface does *keyed* MAC but the key to be used is not
+        // valid, so abort into the invalid key error state.
+        if (AppCfg[app_id].Mode == AppKMAC && !keymgr_key_i.valid) begin
+          st_d = StKeyMgrErrKeyNotValid;
+        end
       end
 
       StAppOutLen: begin
@@ -473,11 +480,23 @@ module kmac_app
         end else begin
           st_d = StAppOutLen;
         end
+
+        // The current HW application interface does *keyed* MAC but the key to be used is not
+        // valid, so abort into the invalid key error state.
+        if (AppCfg[app_id].Mode == AppKMAC && !keymgr_key_i.valid) begin
+          st_d = StKeyMgrErrKeyNotValid;
+        end
       end
 
       StAppProcess: begin
         cmd_o = CmdProcess;
         st_d = StAppWait;
+
+        // The current HW application interface does *keyed* MAC but the key to be used is not
+        // valid, so abort into the invalid key error state.
+        if (AppCfg[app_id].Mode == AppKMAC && !keymgr_key_i.valid) begin
+          st_d = StKeyMgrErrKeyNotValid;
+        end
       end
 
       StAppWait: begin
@@ -490,6 +509,12 @@ module kmac_app
         end else begin
           st_d = StAppWait;
         end
+
+        // The current HW application interface does *keyed* MAC but the key to be used is not
+        // valid, so abort into the invalid key error state.
+        if (AppCfg[app_id].Mode == AppKMAC && !keymgr_key_i.valid) begin
+          st_d = StKeyMgrErrKeyNotValid;
+        end
       end
 
       StSw: begin
@@ -503,6 +528,12 @@ module kmac_app
         end else begin
           st_d = StSw;
         end
+
+        // If keyed MAC is enabled (`kmac_en_o`) together with key sideloading (`keymgr_key_en_i`)
+        // but the sideloaded key is not valid, abort into the invalid key error state.
+        if (kmac_en_o && keymgr_key_en_i && !keymgr_key_i.valid) begin
+          st_d = StKeyMgrErrKeyNotValid;
+        end
       end
 
       StKeyMgrErrKeyNotValid: begin