Ghada Dessouky

Isn't the next and final signals used to enable hashing multi-block messages? Does this core support hashing messages of size greater than 1024 bits, i.e., of more than 1 block?...

After aligning with @andreaskurth, it's more ideal if we would merge this only after we confirm that original functionality (mode 256) hasn't been broken; this requires extending support to the...

I've force-pushed after rebasing and integrating with the save & restore changes in https://github.com/lowRISC/opentitan/pull/21307, and getting all block-level tests pass at 100% still. All do now, except `hmac_stress_all_with_rand_reset` at 7.50%,...

Thanks @andreaskurth, this looks good to me too, but I still hope to go through this in detail later today. Sorry to not have gotten to it yet, but been...

After evaluating area overhead and scoping effort, we've decided to go forward with this change. PR #21107 (merged) carries over the SHA-2 multimode primitive and its instantiation in HMAC from...

yes, for starters, there was a change implemented in the digest indexing, and this line `digest_sw_we[i] = reg2hw.digest[i+1].qe ` was not accordingly updated. As you suspect, this needs to be...

I suspect a more critical issue as well though. In `prim_sha2.sv` `digest_i` flows to `digest_d` so long as `sha_en` is deasserted. https://github.com/lowRISC/opentitan/blob/07352ce012de17dde18313a8a1b3814375d02106/hw/ip/prim/rtl/prim_sha2.sv#L157-L159 In `hmac.sv`, we check the configured digest size...

You need to deassert `sha_en` after context switching https://github.com/ballifatih/opentitan/blob/mv_hmac_impl/sw/device/lib/crypto/drivers/hmac.c#L191, and `sha_en` must stay deasserted when you write context back so that it can flow to `prim_sha2.sv`

Yes, exactly, this is what I refer to in my comment above https://github.com/lowRISC/opentitan/issues/23014#issuecomment-2100595419. I'll need to look into the gating checks in `hmac.sv` to allow the digest CSRs to flow...