Skip to content

Commit 41f0111

Browse files
luismarquesluismarques
committed
[ot] hw/opentitan: ot_aes: update IV registers after operation in CFB mode
This fix fixes the last OT AES test failure (aes_functest) in our current test set. The streaming encryption and decryption tests in CFB mode would fail due to the IV registers not being properly updated (in the aes_functest streaming mode we start and finish an operation for each block). The need for this fix suggests we might need an overall more systematic approach to handling IV state. The current design should be revisited at later date. Signed-off-by: Luís Marques <luismarques@lowrisc.org>
1 parent 878918f commit 41f0111

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

hw/opentitan/ot_aes.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -713,7 +713,7 @@ static void ot_aes_update_config(OtAESState *s)
713713
}
714714
}
715715

716-
static void ot_aes_finalize(OtAESState *s, enum OtAESMode mode)
716+
static void ot_aes_finalize(OtAESState *s, enum OtAESMode mode, bool encrypt)
717717
{
718718
int rc;
719719

@@ -736,6 +736,7 @@ static void ot_aes_finalize(OtAESState *s, enum OtAESMode mode)
736736
break;
737737
case AES_CFB:
738738
rc = c->cfb.cipher == c->aes_cipher ? cfb_done(&c->cfb) : CRYPT_OK;
739+
memcpy(&s->regs->iv[0], encrypt ? c->dst : c->src, OT_AES_IV_SIZE);
739740
break;
740741
case AES_OFB:
741742
rc = c->ofb.cipher == c->aes_cipher ? ofb_done(&c->ofb) : CRYPT_OK;
@@ -1170,6 +1171,7 @@ static void ot_aes_write(void *opaque, hwaddr addr, uint64_t val64,
11701171
R_CTRL_SHADOWED_MANUAL_OPERATION_MASK |
11711172
R_CTRL_SHADOWED_FORCE_ZERO_MASKS_MASK;
11721173
enum OtAESMode prev_mode = ot_aes_get_mode(s->regs);
1174+
bool was_encrypt = ot_aes_is_encryption(s->regs);
11731175
switch (ot_shadow_reg_write(&r->ctrl, val32)) {
11741176
case OT_SHADOW_REG_STAGED:
11751177
break;
@@ -1179,7 +1181,7 @@ static void ot_aes_write(void *opaque, hwaddr addr, uint64_t val64,
11791181
* of a new message. Hence, software needs to provide new key,
11801182
* IV and input data afterwards."
11811183
*/
1182-
ot_aes_finalize(s, prev_mode);
1184+
ot_aes_finalize(s, prev_mode, was_encrypt);
11831185
ot_aes_init_keyshare(s, false);
11841186
ot_aes_init_iv(s, false);
11851187
ot_aes_load_reseed_rate(s);

0 commit comments

Comments
 (0)