Skip to content

Commit 878918f

Browse files
luismarquesluismarques
committed
[ot] hw/opentitan: ot_aes: preserve external state when a new message is started
The AES block does not clear the CPU-visible registers when starting a new message. Only "the state registers inside the cipher core are cleared with PRD during the last round of every encryption/decryption." Fixing this allows the OpenTitan `aes_test.c` test to pass, as more recent versions of it check the IV register state at the end of the test. Signed-off-by: Luís Marques <luismarques@lowrisc.org>
1 parent 812b743 commit 878918f

File tree

1 file changed

+12
-8
lines changed

1 file changed

+12
-8
lines changed

hw/opentitan/ot_aes.c

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -420,24 +420,28 @@ static inline bool ot_aes_key_touch_force_reseed(OtAESRegisters *r)
420420
R_CTRL_AUX_SHADOWED_KEY_TOUCH_FORCES_RESEED_MASK);
421421
}
422422

423-
static void ot_aes_init_keyshare(OtAESState *s)
423+
static void ot_aes_init_keyshare(OtAESState *s, bool randomize)
424424
{
425425
OtAESRegisters *r = s->regs;
426426
OtAESContext *c = s->ctx;
427427

428428
trace_ot_aes_init("keyshare");
429-
ot_aes_randomize(s, r->keyshare, ARRAY_SIZE(r->keyshare));
429+
if (randomize) {
430+
ot_aes_randomize(s, r->keyshare, ARRAY_SIZE(r->keyshare));
431+
}
430432
bitmap_zero(r->keyshare_bm, (int64_t)(PARAM_NUM_REGS_KEY * 2u));
431433
c->key_ready = false;
432434
}
433435

434-
static void ot_aes_init_iv(OtAESState *s)
436+
static void ot_aes_init_iv(OtAESState *s, bool randomize)
435437
{
436438
OtAESRegisters *r = s->regs;
437439
OtAESContext *c = s->ctx;
438440

439441
trace_ot_aes_init("iv");
440-
ot_aes_randomize(s, r->iv, ARRAY_SIZE(r->iv));
442+
if (randomize) {
443+
ot_aes_randomize(s, r->iv, ARRAY_SIZE(r->iv));
444+
}
441445
bitmap_zero(r->iv_bm, PARAM_NUM_REGS_IV);
442446
c->iv_ready = false;
443447
}
@@ -616,8 +620,8 @@ static void ot_aes_handle_trigger(OtAESState *s)
616620
}
617621

618622
if (r->trigger & R_TRIGGER_KEY_IV_DATA_IN_CLEAR_MASK) {
619-
ot_aes_init_keyshare(s);
620-
ot_aes_init_iv(s);
623+
ot_aes_init_keyshare(s, true);
624+
ot_aes_init_iv(s, true);
621625
ot_aes_init_data(s, false);
622626
r->trigger &= ~R_TRIGGER_KEY_IV_DATA_IN_CLEAR_MASK;
623627
}
@@ -1176,8 +1180,8 @@ static void ot_aes_write(void *opaque, hwaddr addr, uint64_t val64,
11761180
* IV and input data afterwards."
11771181
*/
11781182
ot_aes_finalize(s, prev_mode);
1179-
ot_aes_init_keyshare(s);
1180-
ot_aes_init_iv(s);
1183+
ot_aes_init_keyshare(s, false);
1184+
ot_aes_init_iv(s, false);
11811185
ot_aes_load_reseed_rate(s);
11821186
break;
11831187
case OT_SHADOW_REG_ERROR:

0 commit comments

Comments
 (0)