Example - 1

The example code is taken from the HMAC engine inside the buggy OpenPiton SoC of HACK@DAC'21 [REF-1358]. HAMC is a message authentication code (MAC) that uses both a hash and a secret crypto key. The HMAC engine in HACK@DAC SoC uses the SHA-256 module for the calculation of the HMAC for 512 bits messages.

<xhtml_b>logic [511:0] bigData;</xhtml_b>

<xhtml_b>.message_i(bigData),</xhtml_b>
.clk_i(clk_i),.rst_ni(rst_ni && ~rst_4),.init_i(startHash && ~startHash_r),.key_i(key),.ikey_hash_i(ikey_hash), .okey_hash_i(okey_hash), .key_hash_bypass_i(key_hash_bypass),.hash_o(hash),.ready_o(ready),.hash_valid_o(hashValid)...hmac hmac(

However, this HMAC engine cannot handle messages that are longer than 512 bits. Moreover, a complete HMAC will contain an iterate hash function that breaks up a message into blocks of a fixed size and iterates over them with a compression function (e.g., SHA-256). Therefore, the implementation of the HMAC in OpenPiton SoC is incomplete. Such HMAC engines will not be used in real-world applications as the messages will usually be longer than 512 bits. For instance, OpenTitan offers a comprehensive HMAC implementation that utilizes a FIFO for temporarily storing the truncated message, as detailed in [REF-1359].

To mitigate this, implement the iterative function to break up a message into blocks of a fixed size.