[aes/sw] Load all-zero vector into PRNG buffer stage for masking off

The input masks are now taken from the PRNG buffer stage. This means after loading the magic seed into the PRNG and having the PRNG output the all-zero vector, the buffer stage needs to be updated as well. This can be achieved by triggering via a clearing operation of the data output registers. This resolves lowRISC#22917. Signed-off-by: Pirmin Vogel <[email protected]>
sameo · Jun 18, 2024 · 0c33cb0 · 0c33cb0
1 parent 819adeb
commit 0c33cb0
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/sw/device/sca/aes_serial.c b/sw/device/sca/aes_serial.c
@@ -775,8 +775,13 @@ bool test_main(void) {
     LOG_INFO("Initializing entropy complex.");
     CHECK_STATUS_OK(aes_testutils_masking_prng_zero_output_seed());
     CHECK_DIF_OK(dif_aes_trigger(&aes, kDifAesTriggerPrngReseed));
+    bool idle = false;
+    do {
+      CHECK_DIF_OK(dif_aes_get_status(&aes, kDifAesStatusIdle, &idle));
+    } while (!idle);
   }
 #endif
+  CHECK_DIF_OK(dif_aes_trigger(&aes, kDifAesTriggerDataOutClear));
 
   LOG_INFO("Starting simple serial packet handling.");
   while (true) {

diff --git a/sw/device/tests/aes_masking_off_test.c b/sw/device/tests/aes_masking_off_test.c
@@ -93,6 +93,11 @@ status_t execute_test(void) {
   CHECK_DIF_OK(dif_aes_trigger(&aes, kDifAesTriggerPrngReseed));
   AES_TESTUTILS_WAIT_FOR_STATUS(&aes, kDifAesStatusIdle, true, kTestTimeout);
 
+  // Trigger the clearing of the output data registers. After this point, also
+  // the PRNG buffer stage will output an all-zero vector.
+  CHECK_DIF_OK(dif_aes_trigger(&aes, kDifAesTriggerDataOutClear));
+  AES_TESTUTILS_WAIT_FOR_STATUS(&aes, kDifAesStatusIdle, true, kTestTimeout);
+
   // "Convert" plain data byte arrays to `dif_aes_data_t` array.
   enum {
     kAesNumBlocks = 4,