Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated the code with the review feedback #24574

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Updated the code with the review feedback #24574

wants to merge 1 commit into from

Conversation

github-gcontributor
Copy link

No description provided.

@github-gcontributor github-gcontributor requested a review from a team as a code owner September 14, 2024 02:15
@github-gcontributor github-gcontributor requested review from moidx and removed request for a team September 14, 2024 02:15
@github-gcontributor
Copy link
Author

@moidx ,

Updated with feedback and as per format/style.
https://github.com/github-gcontributor/opentitan/blob/vt_checkins/sw/device/tests/aes_force_prng_reseed_test.c
Please review.

moidx
moidx reviewed Sep 15, 2024
View reviewed changes
sw/device/tests/aes_force_prng_reseed_test.c Outdated
Comment on lines 136 to 157
// Disable EDN and CSRNG to simulate stalling
LOG_INFO("Disabling EDN0, EDN1...");
CHECK_DIF_OK(dif_edn_stop(&edn0));
CHECK_DIF_OK(dif_edn_stop(&edn1));
busy_spin_micros(500);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use the following function from entropy_testutils:

TRY(entropy_testutils_stop_all());

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noted

sw/device/tests/aes_force_prng_reseed_test.c Outdated
LOG_INFO("Conditionally checking AES status after stopping EDN and CSRNG.");
LOG_INFO("Waiting for AES to stall after PRNG reseed request...");
bool stall = false;
CHECK_DIF_OK(dif_aes_get_status(&aes, kDifAesStatusStall, &stall));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The stall condition will only occur after you switch the key. You may have to load a couple of different keys because the PRNG may already be reseeded the first time you call it.

This check should go below after dif_aes_start(...).

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noted. Pushing "waiting for the stall" logic after dif_aes_start()

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For loading keys more than once.
Steps will be as below:
generate first key = key
Generate key_share0[i] = kAesModesKey128[i] ^ kKeyShare1[i]
Load first key using dif_aes_start()
Then dif_aes_trigger()

generate second key = key2
Generate key2_share0[i] = kAesModesKey128[i] ^ kKeyShare1[i]+1 --> Different key generation

wait for stall
then enable entropy complex
load data

Load second key using dif_aes_start() later after enabling
Then dif_aes_trigger()
Please advice.

sw/device/tests/aes_force_prng_reseed_test.c Outdated
Comment on lines 180 to 197
LOG_INFO("Disabling CSRNG...");
CHECK_DIF_OK(dif_csrng_stop(&csrng));
CHECK_DIF_OK(dif_entropy_src_stop(&entropy_src));

// Re-enable Entropy Source and CSRNG in the proper sequence
LOG_INFO("Re-initializing Entropy Source and CSRNG...");

// Initialize and configure Entropy Source
dif_entropy_src_config_t entropy_src_config =
entropy_testutils_config_default();
CHECK_DIF_OK(dif_entropy_src_configure(&entropy_src, entropy_src_config,
kDifToggleEnabled));

// Initialize and start CSRNG
CHECK_DIF_OK(dif_csrng_configure(&csrng));
// set_edn_auto_mode();
LOG_INFO("Setting EDN to auto mode...");
TRY(entropy_testutils_auto_mode_init());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All this code can be replaced for a single call:

TRY(entropy_testutils_auto_mode_init());

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noted

sw/device/tests/aes_force_prng_reseed_test.c
Comment on lines +201 to +224
// Trigger PRNG reseed request
LOG_INFO("Triggering PRNG reseed...");
CHECK_DIF_OK(dif_aes_trigger(&aes, kDifAesTriggerPrngReseed));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would expect to see a stall if entropy complex is disabled and you call this command. It may be a good idea to test this as well.

sw/device/tests/aes_force_prng_reseed_test.c
// T8: Load the plain text to trigger the encryption operation
CHECK_DIF_OK(dif_aes_load_data(&aes, in_data_plain));

// Trigger AES reseed request, specific for manual operation case
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kDifAesTriggerStart is not the same as kDifAesTriggerPrngReseed.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Can you clarify more on this review comment wrt code?

sw/device/tests/aes_force_prng_reseed_test.c Outdated Show resolved Hide resolved
@moidx
Copy link
Contributor

moidx commented Sep 15, 2024

Hi @github-gcontributor, Can you also do the following:

  1. Add Bazel target to sw/device/tests/BUILD
  2. Update the commit title and text to describe the changes being introduced in this PR.
  3. Update the PR title and description to follow the commit details.
  4. You will also have to setup your Name and Email in gitgub to be able to sign your commit. This is the reason one of the CI checks is failing. This is needed to meet the CLA guidelines.

@github-gcontributor github-gcontributor changed the title Initial Checkins Updated the code with the review feedback Sep 16, 2024
@github-gcontributor
Copy link
Author

@moidx,
Thanks for the review.
Made changes to the code as per the comments.
i.e. The Test checks for AES Stall with Disabled Entropy Complex (and not just edn)
Added BUILD file with target

Please provide feedback on the changes..

@github-gcontributor
Copy link
Author

github-gcontributor commented Sep 20, 2024
edited
Loading

Hi @github-gcontributor, Can you also do the following:

  1. Add Bazel target to sw/device/tests/BUILD
  2. Update the commit title and text to describe the changes being introduced in this PR.
  3. Update the PR title and description to follow the commit details.
  4. You will also have to setup your Name and Email in gitgub to be able to sign your commit. This is the reason one of the CI checks is failing. This is needed to meet the CLA guidelines.

Regarding point 4,
I tried making the changes as per the instruction. Using my corporate id, does not allow me to proceed checkin as it would expose the privacy. As a second step, I added "[email protected]" as mentioned in my github steps to protect privacy. However it still asking showing up issue in quick lint check.

Still issue is persistent:
"""
remote: error: GH007: Your push would publish a private email address.
remote: You can make your email public or disable this protection by visiting:
remote: http://github.com/settings/emails
To github.com:github-gcontributor/opentitan.git
! [remote rejected] vt_checkins -> vt_checkins (push declined due to email privacy restrictions)
error: failed to push some refs to 'github.com:github-gcontributor/opentitan.git'
"""
I added my personal id.
With non corporate id, I am disabling the "Keep my email addresses private" option now. Looks like it is allowing me to chekcin now. Waiting for the quick lint

@a-will
Copy link
Contributor

a-will commented Sep 20, 2024

  1. You will also have to setup your Name and Email in gitgub to be able to sign your commit. This is the reason one of the CI checks is failing. This is needed to meet the CLA guidelines.

Regarding point 4, I tried making the changes as per the instruction. Using my corporate id, does not allow me to proceed checkin as it would expose the privacy. As a second step, I added "[email protected]" as mentioned in my github steps to protect privacy. However it still asking showing up issue in quick lint check.

Still issue is persistent: """ remote: error: GH007: Your push would publish a private email address. remote: You can make your email public or disable this protection by visiting: remote: http://github.com/settings/emails To github.com:github-gcontributor/opentitan.git ! [remote rejected] vt_checkins -> vt_checkins (push declined due to email privacy restrictions) error: failed to push some refs to 'github.com:github-gcontributor/opentitan.git' """ I added my personal id. With non corporate id, I am disabling the "Keep my email addresses private" option now. Looks like it is allowing me to chekcin now. Waiting for the quick lint

You are contributing to a public repo with a CLA from your company. The corporate email must be exposed in commits, else the contribution cannot be accepted. You must uncheck "Block command line pushes that expose my email" (or else get someone else from your organization to submit the change).

Some people choose to have separate accounts for corporate work, and this enabled them to keep this safeguard for their personal account. I'm not sure if there is a way to make it more granular (like by repo or something).

@github-gcontributor
Copy link
Author

github-gcontributor commented Sep 20, 2024
edited
Loading

  1. You will also have to setup your Name and Email in gitgub to be able to sign your commit. This is the reason one of the CI checks is failing. This is needed to meet the CLA guidelines.

Regarding point 4, I tried making the changes as per the instruction. Using my corporate id, does not allow me to proceed checkin as it would expose the privacy. As a second step, I added "[email protected]" as mentioned in my github steps to protect privacy. However it still asking showing up issue in quick lint check.
Still issue is persistent: """ remote: error: GH007: Your push would publish a private email address. remote: You can make your email public or disable this protection by visiting: remote: http://github.com/settings/emails To github.com:github-gcontributor/opentitan.git ! [remote rejected] vt_checkins -> vt_checkins (push declined due to email privacy restrictions) error: failed to push some refs to 'github.com:github-gcontributor/opentitan.git' """ I added my personal id. With non corporate id, I am disabling the "Keep my email addresses private" option now. Looks like it is allowing me to chekcin now. Waiting for the quick lint

You are contributing to a public repo with a CLA from your company. The corporate email must be exposed in commits, else the contribution cannot be accepted. You must uncheck "Block command line pushes that expose my email" (or else get someone else from your organization to submit the change).

Some people choose to have separate accounts for corporate work, and this enabled them to keep this safeguard for their personal account. I'm not sure if there is a way to make it more granular (like by repo or something).

Sure, in that case let me change my id to corporate email.
After disabling "Keep my email addresses private" I am able to checkin with my corporate id. Waiting for quick lint now...

@github-gcontributor
Initial checkin for prng_reseed,
e8aeba7 
Signed-off-by: Varunkumar Trivedi <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moidx moidx moidx left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@github-gcontributor @moidx @a-will