Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[aes/sw] Load all-zero vector into PRNG buffer stage for masking off #22930

Merged
merged 1 commit into from
May 2, 2024
Merged

[aes/sw] Load all-zero vector into PRNG buffer stage for masking off #22930

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions sw/device/sca/aes_serial.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -776,8 +776,13 @@ bool test_main(void) {
LOG_INFO("Initializing entropy complex.");
CHECK_STATUS_OK(aes_testutils_masking_prng_zero_output_seed());
CHECK_DIF_OK(dif_aes_trigger(&aes, kDifAesTriggerPrngReseed));
bool idle = false;
do {
CHECK_DIF_OK(dif_aes_get_status(&aes, kDifAesStatusIdle, &idle));
} while (!idle);
}
#endif
CHECK_DIF_OK(dif_aes_trigger(&aes, kDifAesTriggerDataOutClear));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I notice that the equivalent line in aes_sca.c is skipped for EnglishBreakfast. Is putting this line outside of the if/endif intentional?

Copy link
Contributor Author

@vogelpi vogelpi May 2, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it is. Only aes_serial.c runs on English Breakfast (where we use a different way to 0 masks because there is no CSRNG). aes_sca.c only runs on the actual chip and the CW310/340 (because English Breakfast has just 1 UART whereas the uJSON communication needs 2 UARTs).


LOG_INFO("Starting simple serial packet handling.");
while (true) {
Expand Down
5 changes: 5 additions & 0 deletions sw/device/tests/aes_masking_off_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,11 @@ status_t execute_test(void) {
CHECK_DIF_OK(dif_aes_trigger(&aes, kDifAesTriggerPrngReseed));
AES_TESTUTILS_WAIT_FOR_STATUS(&aes, kDifAesStatusIdle, true, kTestTimeout);

// Trigger the clearing of the output data registers. After this point, also
// the PRNG buffer stage will output an all-zero vector.
CHECK_DIF_OK(dif_aes_trigger(&aes, kDifAesTriggerDataOutClear));
AES_TESTUTILS_WAIT_FOR_STATUS(&aes, kDifAesStatusIdle, true, kTestTimeout);

// "Convert" plain data byte arrays to `dif_aes_data_t` array.
enum {
kAesNumBlocks = 4,
Expand Down
8 changes: 8 additions & 0 deletions sw/device/tests/crypto/cryptotest/firmware/aes_sca.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -791,7 +791,15 @@ status_t handle_aes_sca_seed_lfsr(ujson_t *uj) {
if (res.value != 0) {
return ABORTED();
}
// Load the magic seed into the PRNG. After this, the PRNG outputs
// an all-zero vector.
UJSON_CHECK_DIF_OK(dif_aes_trigger(&aes, kDifAesTriggerPrngReseed));
bool idle = false;
do {
TRY(dif_aes_get_status(&aes, kDifAesStatusIdle, &idle));
} while (!idle);
// Load the PRNG output into the buffer stage.
UJSON_CHECK_DIF_OK(dif_aes_trigger(&aes, kDifAesTriggerDataOutClear));
}
#endif

Expand Down
Loading