Software APIs
otbn_fi.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_TESTS_PENETRATIONTESTS_FIRMWARE_FI_OTBN_FI_H_
6 #define OPENTITAN_SW_DEVICE_TESTS_PENETRATIONTESTS_FIRMWARE_FI_OTBN_FI_H_
7 
8 #include "sw/device/lib/base/status.h"
9 #include "sw/device/lib/ujson/ujson.h"
10 
11 /**
12  * otbn.fi.char.beq command handler.
13  *
14  * The goal of this test is to fault to BEQ instruction such that the jump is
15  * not performed. Then, a counter gets incremented. When no effective fault
16  * occurs, the counter is 0.
17  *
18  * Faults are injected during the trigger_high & trigger_low.
19  * It needs to be ensured that the compiler does not optimize this code.
20  *
21  * @param uj The received uJSON data.
22  */
23 status_t handle_otbn_fi_char_beq(ujson_t *uj);
24 
25 /**
26  * otbn.fi.char.bn_rshi command handler.
27  *
28  * The goal of this test is to manipulate the BN.RSHI instruction.
29  *
30  * Faults are injected during the trigger_high & trigger_low.
31  * It needs to be ensured that the compiler does not optimize this code.
32  *
33  * @param uj The received uJSON data.
34  */
35 status_t handle_otbn_fi_char_bn_rshi(ujson_t *uj);
36 
37 /**
38  * otbn.fi.char.bn_sel command handler.
39  *
40  * The goal of this test is to manipulate the carry flag or the BN.SEL
41  * instruction.
42  *
43  * Faults are injected during the trigger_high & trigger_low.
44  * It needs to be ensured that the compiler does not optimize this code.
45  *
46  * @param uj The received uJSON data.
47  */
48 status_t handle_otbn_fi_char_bn_sel(ujson_t *uj);
49 
50 /**
51  * otbn.fi.char.bn_wsrr command handler.
52  *
53  * The goal of this test is to manipulate the BN.WSRR instruction or the content
54  * of the registers.
55  *
56  * Faults are injected during the trigger_high & trigger_low.
57  * It needs to be ensured that the compiler does not optimize this code.
58  *
59  * @param uj The received uJSON data.
60  */
61 status_t handle_otbn_fi_char_bn_wsrr(ujson_t *uj);
62 
63 /**
64  * otbn.fi.char.bne command handler.
65  *
66  * The goal of this test is to fault to BNE instruction such that the jump is
67  * not performed. Then, a counter gets incremented. When no effective fault
68  * occurs, the counter is 0.
69  *
70  * Faults are injected during the trigger_high & trigger_low.
71  * It needs to be ensured that the compiler does not optimize this code.
72  *
73  * @param uj The received uJSON data.
74  */
75 status_t handle_otbn_fi_char_bne(ujson_t *uj);
76 
77 /**
78  * otbn.fi.char_dmem_access command handler.
79  *
80  * OTBN loads WDRs with words from DMEM. These values are stored in different
81  * data sections.
82  *
83  * Faults are injected during the trigger_high & trigger_low.
84  *
85  * @param uj The received uJSON data.
86  * @return OK or error.
87  */
88 status_t handle_otbn_fi_char_dmem_access(ujson_t *uj);
89 
90 /**
91  * otbn.fi.char_dmem_write command handler.
92  *
93  * Inject faults during Ibex writes data to DMEM.
94  *
95  * Faults are injected during the trigger_high & trigger_low.
96  *
97  * @param uj The received uJSON data.
98  */
99 status_t handle_otbn_fi_char_dmem_write(ujson_t *uj);
100 
101 /**
102  * otbn.fi.char.hardware.dmem.op.loop command handler.
103  *
104  * This FI penetration tests executes the following instructions on OTBN:
105  * - Initialize register x3=0
106  * - Perform 10000 x3 = x3 + 1 additions using hardware loop instructions.
107  * Load loop counter from memory and write back after increment.
108  * - Return the value over UART.
109  *
110  * Faults are injected during the trigger_high & trigger_low.
111  * It needs to be ensured that the compiler does not optimize this code.
112  *
113  * @param uj An initialized uJSON context.
114  * @return OK or error.
115  */
116 status_t handle_otbn_fi_char_hardware_dmem_op_loop(ujson_t *uj);
117 
118 /**
119  * otbn.fi.char.hardware.reg.op.loop command handler.
120  *
121  * This FI penetration tests executes the following instructions on OTBN:
122  * - Initialize register x3=0
123  * - Perform 10000 x3 = x3 + 1 additions using hardware loop instructions
124  * - Return the value over UART.
125  *
126  * Faults are injected during the trigger_high & trigger_low.
127  * It needs to be ensured that the compiler does not optimize this code.
128  *
129  * @param uj An initialized uJSON context.
130  * @return OK or error.
131  */
132 status_t handle_otbn_fi_char_hardware_reg_op_loop(ujson_t *uj);
133 
134 /**
135  * otbn.fi.char.jal command handler.
136  *
137  * The goal of this test is to fault to JAL instruction such that the jump is
138  * not performed. Then, a counter gets incremented. When no effective fault
139  * occurs, the counter is 0.
140  *
141  * Faults are injected during the trigger_high & trigger_low.
142  * It needs to be ensured that the compiler does not optimize this code.
143  *
144  * @param uj The received uJSON data.
145  * @return OK or error.
146  */
147 status_t handle_otbn_fi_char_jal(ujson_t *uj);
148 
149 /**
150  * otbn.fi.char.lw command handler.
151  *
152  * The goal of this test is to manipulate LW instructions using FI.
153  *
154  * @param uj The received uJSON data.
155  */
156 status_t handle_otbn_fi_char_lw(ujson_t *uj);
157 
158 /**
159  * otbn.fi.char_mem command handler.
160  *
161  * Initializes IMEM and DMEM of OTBN with a fixed pattern. Inject a fault and
162  * check whether the data in memory got corrupted.
163  *
164  * Faults are injected during the trigger_high & trigger_low.
165  *
166  * @param uj An initialized uJSON context.
167  * @return OK or error.
168  */
169 status_t handle_otbn_fi_char_mem(ujson_t *uj);
170 
171 /**
172  * otbn.fi.char_rf command handler.
173  *
174  * Init GPRs and WDRs of OTBN with reference values. Inject faults during 10000
175  * NOPS. Read back GPRs and WDRs and compare against reference values. Report
176  * faulty values back to host.
177  *
178  * @param uj An initialized uJSON context.
179  * @return OK or error.
180  */
181 status_t handle_otbn_fi_char_register_file(ujson_t *uj);
182 
183 /**
184  * otbn.fi.char.unrolled.dmem.op.loop command handler.
185  *
186  * This FI penetration tests executes the following instructions on OTBN:
187  * - Perform 100 times:
188  * - Load loop counter from memory
189  * - Increment loop counter
190  * - Store back to memory
191  * - Return the value over UART.
192  *
193  * Faults are injected during the trigger_high & trigger_low.
194  * It needs to be ensured that the compiler does not optimize this code.
195  *
196  * @param uj An initialized uJSON context.
197  * @return OK or error.
198  */
199 status_t handle_otbn_fi_char_unrolled_dmem_op_loop(ujson_t *uj);
200 
201 /**
202  * otbn.char.unrolled.reg.op.loop command handler.
203  *
204  * This FI penetration tests executes the following instructions on OTBN:
205  * - Initialize register x2=0
206  * - Perform 100 x2 = x2 + 1 additions
207  * - Return the value over UART.
208  *
209  * Faults are injected during the trigger_high & trigger_low.
210  * It needs to be ensured that the compiler does not optimize this code.
211  *
212  * @param uj An initialized uJSON context.
213  * @return OK or error.
214  */
215 status_t handle_otbn_fi_char_unrolled_reg_op_loop(ujson_t *uj);
216 
217 /**
218  * Initializes the OTBN FI test.
219  *
220  * Setup the trigger and alert handler. Disable dummy instructions and the
221  * iCache.
222  *
223  * @param uj An initialized uJSON context.
224  * @return OK or error.
225  */
226 status_t handle_otbn_init(ujson_t *uj);
227 
228 /**
229  * Initializes the key manager.
230  *
231  * @param uj An initialized uJSON context.
232  * @return OK or error.
233  */
234 status_t handle_otbn_fi_init_keymgr(ujson_t *uj);
235 
236 /**
237  * otbn.fi.key_sideload command handler.
238  *
239  * Injects a fault when a key is sideloaded from the key manager into OTBN.
240  *
241  * Faults are injected during the trigger_high & trigger_low.
242  *
243  * @param uj An initialized uJSON context.
244  * @return OK or error.
245  */
246 status_t handle_otbn_fi_key_sideload(ujson_t *uj);
247 
248 /**
249  * otbn.fi.load_integrity command handler.
250  *
251  * Tests, whether a fault during loading the OTBN app can manipulate data in
252  * DMEM without changing the CRC-32 checksum that is used to check the
253  * integrity of the DMEM and IMEM.
254  *
255  * As the OTBN app itself is not the target of this FI analysis, it only
256  * consists of NOPs. The DMEM is initialized with reference values that
257  * are checked.
258  *
259  * Faults are injected during the trigger_high & trigger_low.
260  *
261  * @param uj An initialized uJSON context.
262  * @return OK or error.
263  */
264 status_t handle_otbn_fi_load_integrity(ujson_t *uj);
265 
266 /**
267  * otbn.fi.pc command handler.
268  *
269  * The goal of this test is to fault the OTBN program counter that is passed
270  * from Ibex into OTBN. OTBN jumps to this PC. Manipulation can be detected by
271  * reading the instruction counter.
272  *
273  * @param uj The received uJSON data.
274  */
275 status_t handle_otbn_fi_pc(ujson_t *uj);
276 
277 /**
278  * OTBN FI command handler.
279  *
280  * Command handler for the OTBN FI command.
281  *
282  * @param uj An initialized uJSON context.
283  * @return OK or error.
284  */
285 status_t handle_otbn_fi(ujson_t *uj);
286 
287 #endif // OPENTITAN_SW_DEVICE_TESTS_PENETRATIONTESTS_FIRMWARE_FI_OTBN_FI_H_