Software APIs
sw
device
tests
penetrationtests
firmware
fi
otbn_fi.h
1
// Copyright lowRISC contributors (OpenTitan project).
2
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3
// SPDX-License-Identifier: Apache-2.0
4
5
#ifndef OPENTITAN_SW_DEVICE_TESTS_PENETRATIONTESTS_FIRMWARE_FI_OTBN_FI_H_
6
#define OPENTITAN_SW_DEVICE_TESTS_PENETRATIONTESTS_FIRMWARE_FI_OTBN_FI_H_
7
8
#include "sw/device/lib/base/status.h"
9
#include "sw/device/lib/ujson/ujson.h"
10
11
/**
12
* otbn.fi.char.beq command handler.
13
*
14
* The goal of this test is to fault to BEQ instruction such that the jump is
15
* not performed. Then, a counter gets incremented. When no effective fault
16
* occurs, the counter is 0.
17
*
18
* Faults are injected during the trigger_high & trigger_low.
19
* It needs to be ensured that the compiler does not optimize this code.
20
*
21
* @param uj The received uJSON data.
22
*/
23
status_t
handle_otbn_fi_char_beq(
ujson_t
*uj);
24
25
/**
26
* otbn.fi.char.bn_rshi command handler.
27
*
28
* The goal of this test is to manipulate the BN.RSHI instruction.
29
*
30
* Faults are injected during the trigger_high & trigger_low.
31
* It needs to be ensured that the compiler does not optimize this code.
32
*
33
* @param uj The received uJSON data.
34
*/
35
status_t
handle_otbn_fi_char_bn_rshi(
ujson_t
*uj);
36
37
/**
38
* otbn.fi.char.bn_sel command handler.
39
*
40
* The goal of this test is to manipulate the carry flag or the BN.SEL
41
* instruction.
42
*
43
* Faults are injected during the trigger_high & trigger_low.
44
* It needs to be ensured that the compiler does not optimize this code.
45
*
46
* @param uj The received uJSON data.
47
*/
48
status_t
handle_otbn_fi_char_bn_sel(
ujson_t
*uj);
49
50
/**
51
* otbn.fi.char.bn_wsrr command handler.
52
*
53
* The goal of this test is to manipulate the BN.WSRR instruction or the content
54
* of the registers.
55
*
56
* Faults are injected during the trigger_high & trigger_low.
57
* It needs to be ensured that the compiler does not optimize this code.
58
*
59
* @param uj The received uJSON data.
60
*/
61
status_t
handle_otbn_fi_char_bn_wsrr(
ujson_t
*uj);
62
63
/**
64
* otbn.fi.char.bne command handler.
65
*
66
* The goal of this test is to fault to BNE instruction such that the jump is
67
* not performed. Then, a counter gets incremented. When no effective fault
68
* occurs, the counter is 0.
69
*
70
* Faults are injected during the trigger_high & trigger_low.
71
* It needs to be ensured that the compiler does not optimize this code.
72
*
73
* @param uj The received uJSON data.
74
*/
75
status_t
handle_otbn_fi_char_bne(
ujson_t
*uj);
76
77
/**
78
* otbn.fi.char_dmem_access command handler.
79
*
80
* OTBN loads WDRs with words from DMEM. These values are stored in different
81
* data sections.
82
*
83
* Faults are injected during the trigger_high & trigger_low.
84
*
85
* @param uj The received uJSON data.
86
* @return OK or error.
87
*/
88
status_t
handle_otbn_fi_char_dmem_access(
ujson_t
*uj);
89
90
/**
91
* otbn.fi.char_dmem_write command handler.
92
*
93
* Inject faults during Ibex writes data to DMEM.
94
*
95
* Faults are injected during the trigger_high & trigger_low.
96
*
97
* @param uj The received uJSON data.
98
*/
99
status_t
handle_otbn_fi_char_dmem_write(
ujson_t
*uj);
100
101
/**
102
* otbn.fi.char.hardware.dmem.op.loop command handler.
103
*
104
* This FI penetration tests executes the following instructions on OTBN:
105
* - Initialize register x3=0
106
* - Perform 10000 x3 = x3 + 1 additions using hardware loop instructions.
107
* Load loop counter from memory and write back after increment.
108
* - Return the value over UART.
109
*
110
* Faults are injected during the trigger_high & trigger_low.
111
* It needs to be ensured that the compiler does not optimize this code.
112
*
113
* @param uj An initialized uJSON context.
114
* @return OK or error.
115
*/
116
status_t
handle_otbn_fi_char_hardware_dmem_op_loop(
ujson_t
*uj);
117
118
/**
119
* otbn.fi.char.hardware.reg.op.loop command handler.
120
*
121
* This FI penetration tests executes the following instructions on OTBN:
122
* - Initialize register x3=0
123
* - Perform 10000 x3 = x3 + 1 additions using hardware loop instructions
124
* - Return the value over UART.
125
*
126
* Faults are injected during the trigger_high & trigger_low.
127
* It needs to be ensured that the compiler does not optimize this code.
128
*
129
* @param uj An initialized uJSON context.
130
* @return OK or error.
131
*/
132
status_t
handle_otbn_fi_char_hardware_reg_op_loop(
ujson_t
*uj);
133
134
/**
135
* otbn.fi.char.jal command handler.
136
*
137
* The goal of this test is to fault to JAL instruction such that the jump is
138
* not performed. Then, a counter gets incremented. When no effective fault
139
* occurs, the counter is 0.
140
*
141
* Faults are injected during the trigger_high & trigger_low.
142
* It needs to be ensured that the compiler does not optimize this code.
143
*
144
* @param uj The received uJSON data.
145
* @return OK or error.
146
*/
147
status_t
handle_otbn_fi_char_jal(
ujson_t
*uj);
148
149
/**
150
* otbn.fi.char.lw command handler.
151
*
152
* The goal of this test is to manipulate LW instructions using FI.
153
*
154
* @param uj The received uJSON data.
155
*/
156
status_t
handle_otbn_fi_char_lw(
ujson_t
*uj);
157
158
/**
159
* otbn.fi.char_mem command handler.
160
*
161
* Initializes IMEM and DMEM of OTBN with a fixed pattern. Inject a fault and
162
* check whether the data in memory got corrupted.
163
*
164
* Faults are injected during the trigger_high & trigger_low.
165
*
166
* @param uj An initialized uJSON context.
167
* @return OK or error.
168
*/
169
status_t
handle_otbn_fi_char_mem(
ujson_t
*uj);
170
171
/**
172
* otbn.fi.char_rf command handler.
173
*
174
* Init GPRs and WDRs of OTBN with reference values. Inject faults during 10000
175
* NOPS. Read back GPRs and WDRs and compare against reference values. Report
176
* faulty values back to host.
177
*
178
* @param uj An initialized uJSON context.
179
* @return OK or error.
180
*/
181
status_t
handle_otbn_fi_char_register_file(
ujson_t
*uj);
182
183
/**
184
* otbn.fi.char.unrolled.dmem.op.loop command handler.
185
*
186
* This FI penetration tests executes the following instructions on OTBN:
187
* - Perform 100 times:
188
* - Load loop counter from memory
189
* - Increment loop counter
190
* - Store back to memory
191
* - Return the value over UART.
192
*
193
* Faults are injected during the trigger_high & trigger_low.
194
* It needs to be ensured that the compiler does not optimize this code.
195
*
196
* @param uj An initialized uJSON context.
197
* @return OK or error.
198
*/
199
status_t
handle_otbn_fi_char_unrolled_dmem_op_loop(
ujson_t
*uj);
200
201
/**
202
* otbn.char.unrolled.reg.op.loop command handler.
203
*
204
* This FI penetration tests executes the following instructions on OTBN:
205
* - Initialize register x2=0
206
* - Perform 100 x2 = x2 + 1 additions
207
* - Return the value over UART.
208
*
209
* Faults are injected during the trigger_high & trigger_low.
210
* It needs to be ensured that the compiler does not optimize this code.
211
*
212
* @param uj An initialized uJSON context.
213
* @return OK or error.
214
*/
215
status_t
handle_otbn_fi_char_unrolled_reg_op_loop(
ujson_t
*uj);
216
217
/**
218
* Initializes the OTBN FI test.
219
*
220
* Setup the trigger and alert handler. Disable dummy instructions and the
221
* iCache.
222
*
223
* @param uj An initialized uJSON context.
224
* @return OK or error.
225
*/
226
status_t
handle_otbn_init(
ujson_t
*uj);
227
228
/**
229
* Initializes the key manager.
230
*
231
* @param uj An initialized uJSON context.
232
* @return OK or error.
233
*/
234
status_t
handle_otbn_fi_init_keymgr(
ujson_t
*uj);
235
236
/**
237
* otbn.fi.key_sideload command handler.
238
*
239
* Injects a fault when a key is sideloaded from the key manager into OTBN.
240
*
241
* Faults are injected during the trigger_high & trigger_low.
242
*
243
* @param uj An initialized uJSON context.
244
* @return OK or error.
245
*/
246
status_t
handle_otbn_fi_key_sideload(
ujson_t
*uj);
247
248
/**
249
* otbn.fi.load_integrity command handler.
250
*
251
* Tests, whether a fault during loading the OTBN app can manipulate data in
252
* DMEM without changing the CRC-32 checksum that is used to check the
253
* integrity of the DMEM and IMEM.
254
*
255
* As the OTBN app itself is not the target of this FI analysis, it only
256
* consists of NOPs. The DMEM is initialized with reference values that
257
* are checked.
258
*
259
* Faults are injected during the trigger_high & trigger_low.
260
*
261
* @param uj An initialized uJSON context.
262
* @return OK or error.
263
*/
264
status_t
handle_otbn_fi_load_integrity(
ujson_t
*uj);
265
266
/**
267
* otbn.fi.pc command handler.
268
*
269
* The goal of this test is to fault the OTBN program counter that is passed
270
* from Ibex into OTBN. OTBN jumps to this PC. Manipulation can be detected by
271
* reading the instruction counter.
272
*
273
* @param uj The received uJSON data.
274
*/
275
status_t
handle_otbn_fi_pc(
ujson_t
*uj);
276
277
/**
278
* OTBN FI command handler.
279
*
280
* Command handler for the OTBN FI command.
281
*
282
* @param uj An initialized uJSON context.
283
* @return OK or error.
284
*/
285
status_t
handle_otbn_fi(
ujson_t
*uj);
286
287
#endif
// OPENTITAN_SW_DEVICE_TESTS_PENETRATIONTESTS_FIRMWARE_FI_OTBN_FI_H_
Return to
OpenTitan Documentation