Skip to content

[cryptolib] Use hardened_* functions in KMAC driver #29155

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nasahlpa merged 2 commits into from
Feb 10, 2026
Merged

[cryptolib] Use hardened_* functions in KMAC driver #29155

nasahlpa merged 2 commits into from
Feb 10, 2026
+33 −46

Conversation

@nasahlpa
Copy link
Member

@nasahlpa nasahlpa commented Jan 20, 2026

To mitigate fault injection & SCA attacks, use the hardened_* functions.

@nasahlpa
[cryptolib] Use hardened_xor when unmasking the digest
159e3d4 
To avoid leakage when unmasking the digest, switch to the SCA
resilient `hardened_xor` function.

Signed-off-by: Pascal Nasahl <[email protected]>
@nasahlpa nasahlpa requested a review from a team as a code owner January 20, 2026 09:40
@nasahlpa nasahlpa requested review from pamaury and removed request for a team January 20, 2026 09:41
johannheyszl
johannheyszl reviewed Jan 20, 2026
View reviewed changes
nasahlpa
nasahlpa commented Jan 20, 2026
View reviewed changes
sw/device/lib/crypto/drivers/kmac.c
}
for (size_t i = 0; i * sizeof(uint32_t) < key->len; i++) {
abs_mmio_write32(
kBase + KMAC_KEY_SHARE0_0_REG_OFFSET + i * sizeof(uint32_t),
Copy link
Member Author

@nasahlpa nasahlpa Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm no I don't think so, we want to access byte 0 of share0:
https://opentitan.org/book/hw/ip/kmac/doc/registers.html#key_share0

@nasahlpa
[cryptolib] Use hardened_memcpy() in KMAC
5067454 
Use hardened_memcpy for:
- Reading the KMAC state register share 0 and 1
- Writing the KMAC key shares 0 and 1

Signed-off-by: Pascal Nasahl <[email protected]>
@nasahlpa nasahlpa added the CherryPick:earlgrey_1.0.0 This PR should be cherry-picked to earlgrey_1.0.0 label Jan 20, 2026
johannheyszl
johannheyszl approved these changes Jan 20, 2026
View reviewed changes
Copy link
Contributor

@johannheyszl johannheyszl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @nasahlpa

siemen11
siemen11 approved these changes Jan 20, 2026
View reviewed changes
Copy link
Contributor

@siemen11 siemen11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you Pascal, this moves the KMAC more in using the standard cryptolib functions

h-filali
h-filali approved these changes Feb 10, 2026
View reviewed changes
Copy link
Contributor

@h-filali h-filali left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @nasahlpa LGTM!

@nasahlpa nasahlpa added this pull request to the merge queue Feb 10, 2026
Merged via the queue into lowRISC:master with commit 898132f Feb 10, 2026
49 checks passed
@lowrisc-ci
Copy link

lowrisc-ci bot commented Feb 10, 2026

Backport failed for earlgrey_1.0.0, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin earlgrey_1.0.0
git worktree add -d .worktree/backport-29155-to-earlgrey_1.0.0 origin/earlgrey_1.0.0
cd .worktree/backport-29155-to-earlgrey_1.0.0
git switch --create backport-29155-to-earlgrey_1.0.0
git cherry-pick -x 159e3d43c916ce2dad8f63879a749d42dda052a3 50674547b2e856edea2309a136befe23d5a191f6

@lowrisc-ci lowrisc-ci bot added the Manually CherryPick This PR should be manually cherry picked. label Feb 10, 2026
@lowrisc-ci
Copy link

lowrisc-ci bot commented Feb 10, 2026

Backport failed for earlgrey_1.0.0, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin earlgrey_1.0.0
git worktree add -d .worktree/backport-29155-to-earlgrey_1.0.0 origin/earlgrey_1.0.0
cd .worktree/backport-29155-to-earlgrey_1.0.0
git switch --create backport-29155-to-earlgrey_1.0.0
git cherry-pick -x 159e3d43c916ce2dad8f63879a749d42dda052a3 50674547b2e856edea2309a136befe23d5a191f6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@h-filali h-filali h-filali approved these changes

@vogelpi vogelpi Awaiting requested review from vogelpi

@andrea-caforio andrea-caforio Awaiting requested review from andrea-caforio

@pamaury pamaury Awaiting requested review from pamaury pamaury is a code owner automatically assigned from lowRISC/ot-c-cpp-reviewers

+2 more reviewers

@siemen11 siemen11 siemen11 approved these changes

@johannheyszl johannheyszl johannheyszl approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

CherryPick:earlgrey_1.0.0 This PR should be cherry-picked to earlgrey_1.0.0 Manually CherryPick This PR should be manually cherry picked.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nasahlpa @siemen11 @h-filali @johannheyszl