[crypto] Harden otbn_write function

As secret information is written by this function into DMEM,
randomize the write order using `random_order` to mitigate SCA.

Harden the loop against FI by checking the loop counter afterwards.

Signed-off-by: Pascal Nasahl <[email protected]>
(cherry picked from commit 3be9202)

Author: nasahlpa

sw/device/lib/crypto/drivers/otbn.c

@@ -130,6 +130,7 @@ status_t otbn_dmem_write(size_t num_words, const uint32_t *src,
   random_order_init(&order, num_words);
 
   size_t count = 0;
+  size_t expected_count = random_order_len(&order);
 
   for (; launderw(count) < num_words; count = launderw(count) + 1) {
     // The value obtained from `advance()` is laundered, to prevent