[sw/crypto] Clear HMAC ctx struct

h-filali · nasahlpa · commit 7e54a213b23d · 2025-11-02T16:31:58.000+01:00
At certain points the HMAC ctx struct has to be wiped to avoid leaking secrets. The sensitive fields need to be overwritten by randomness and the non-sensitive fields are just zeroized. Signed-off-by: Hakim Filali <hfilali@lowrisc.org> (cherry picked from commit 7389d6c)
diff --git a/sw/device/lib/crypto/drivers/hmac.c b/sw/device/lib/crypto/drivers/hmac.c
@@ -460,6 +460,9 @@ static status_t oneshot(const uint32_t cfg, const hmac_key_t *key,
   // Check that the block is idle.
   HARDENED_TRY(ensure_idle());
 
+  // Make sure that the entropy complex is configured correctly.
+  HARDENED_TRY(entropy_complex_check());
+
   // Configure the HMAC block.
   abs_mmio_write32(kHmacBaseAddr + HMAC_CFG_REG_OFFSET, cfg);
 
@@ -751,6 +754,9 @@ hardened_bool_t hmac_key_integrity_checksum_check(const hmac_key_t *key) {
 }
 
 status_t hmac_update(hmac_ctx_t *ctx, const uint8_t *data, size_t len) {
+  // Make sure that the entropy complex is configured correctly.
+  HARDENED_TRY(entropy_complex_check());
+
   // If we don't have enough new bytes to fill a block, just update the partial
   // block and return.
   size_t block_bytelen = ctx->msg_block_wordlen * sizeof(uint32_t);
@@ -806,6 +812,9 @@ status_t hmac_update(hmac_ctx_t *ctx, const uint8_t *data, size_t len) {
 }
 
 status_t hmac_final(hmac_ctx_t *ctx, uint32_t *digest) {
+  // Make sure that the entropy complex is configured correctly.
+  HARDENED_TRY(entropy_complex_check());
+
   // Retore context will restore the context and also hit start or continue
   // button as necessary.
   HARDENED_TRY(context_restore(ctx));
diff --git a/sw/device/silicon_creator/manuf/base/BUILD b/sw/device/silicon_creator/manuf/base/BUILD
@@ -64,6 +64,7 @@ opentitan_binary(
         "//sw/device/lib/arch:device",
         "//sw/device/lib/base:abs_mmio",
         "//sw/device/lib/base:macros",
+        "//sw/device/lib/crypto/drivers:entropy",
         "//sw/device/lib/dif:flash_ctrl",
         "//sw/device/lib/dif:lc_ctrl",
         "//sw/device/lib/dif:otp_ctrl",
@@ -102,6 +103,7 @@ opentitan_binary(
         "//hw/top_earlgrey/sw/autogen:top_earlgrey",
         "//sw/device/lib/arch:device",
         "//sw/device/lib/base:macros",
+        "//sw/device/lib/crypto/drivers:entropy",
         "//sw/device/lib/dif:flash_ctrl",
         "//sw/device/lib/dif:gpio",
         "//sw/device/lib/dif:lc_ctrl",
@@ -181,6 +183,7 @@ opentitan_test(
             "//sw/device/lib/arch:device",
             "//sw/device/lib/base:abs_mmio",
             "//sw/device/lib/base:macros",
+            "//sw/device/lib/crypto/drivers:entropy",
             "//sw/device/lib/dif:flash_ctrl",
             "//sw/device/lib/dif:gpio",
             "//sw/device/lib/dif:otp_ctrl",
@@ -236,6 +239,7 @@ cc_library(
     srcs = ["tpm_personalize_ext.c"],
     deps = [
         ":personalize_ext",
+        "//sw/device/lib/crypto/drivers:entropy",
         "//sw/device/lib/dif:flash_ctrl",
         "//sw/device/lib/runtime:print",
         "//sw/device/lib/testing/test_framework:status",
diff --git a/sw/device/silicon_creator/manuf/base/ft_personalize.c b/sw/device/silicon_creator/manuf/base/ft_personalize.c
@@ -1196,6 +1196,7 @@ bool test_main(void) {
   pinmux_testutils_init(&pinmux);
   CHECK_STATUS_OK(configure_ate_gpio_indicators());
   CHECK_DIF_OK(dif_gpio_write(&gpio, kGpioPinTestStart, true));
+  CHECK_STATUS_OK(entropy_complex_init());
   ujson_t uj = ujson_ottf_console();
 
   // Read the reset reason directly from the RSTMGR.
diff --git a/sw/device/silicon_creator/manuf/base/sram_cp_provision.c b/sw/device/silicon_creator/manuf/base/sram_cp_provision.c
@@ -6,6 +6,7 @@
 
 #include "sw/device/lib/arch/device.h"
 #include "sw/device/lib/base/abs_mmio.h"
+#include "sw/device/lib/crypto/drivers/entropy.h"
 #include "sw/device/lib/dif/dif_flash_ctrl.h"
 #include "sw/device/lib/dif/dif_lc_ctrl.h"
 #include "sw/device/lib/dif/dif_otp_ctrl.h"
@@ -224,6 +225,7 @@ bool test_main(void) {
   CHECK_STATUS_OK(configure_ate_gpio_indicators());
   CHECK_DIF_OK(dif_gpio_write(&gpio, kGpioPinTestStart, true));
   ottf_console_init();
+  CHECK_STATUS_OK(entropy_complex_init());
   ujson_t uj = ujson_ottf_console();
 
   // Extract factory data from flash info page 0.
diff --git a/sw/device/silicon_creator/manuf/base/sram_cp_provision_functest.c b/sw/device/silicon_creator/manuf/base/sram_cp_provision_functest.c
@@ -5,6 +5,7 @@
 #include <stdint.h>
 
 #include "sw/device/lib/arch/device.h"
+#include "sw/device/lib/crypto/drivers/entropy.h"
 #include "sw/device/lib/dif/dif_flash_ctrl.h"
 #include "sw/device/lib/dif/dif_gpio.h"
 #include "sw/device/lib/dif/dif_lc_ctrl.h"
@@ -118,6 +119,7 @@ static status_t prep_flash_info_page_0(manuf_cp_test_data_t *test_data) {
 bool test_main(void) {
   // Initialize peripherals, pinmux, and console.
   CHECK_STATUS_OK(peripheral_handles_init());
+  CHECK_STATUS_OK(entropy_complex_init());
   CHECK_STATUS_OK(configure_ate_gpio_indicators());
   ottf_console_init();
   ujson_t uj = ujson_ottf_console();
diff --git a/sw/device/silicon_creator/manuf/base/sram_ft_individualize.c b/sw/device/silicon_creator/manuf/base/sram_ft_individualize.c
@@ -6,6 +6,7 @@
 
 #include "sw/device/lib/arch/device.h"
 #include "sw/device/lib/base/abs_mmio.h"
+#include "sw/device/lib/crypto/drivers/entropy.h"
 #include "sw/device/lib/dif/dif_flash_ctrl.h"
 #include "sw/device/lib/dif/dif_gpio.h"
 #include "sw/device/lib/dif/dif_otp_ctrl.h"
@@ -174,6 +175,7 @@ static status_t provision(ujson_t *uj) {
 
 bool test_main(void) {
   CHECK_STATUS_OK(peripheral_handles_init());
+  CHECK_STATUS_OK(entropy_complex_init());
   CHECK_STATUS_OK(configure_ate_gpio_indicators());
   ujson_t uj;
 #ifndef ATE
diff --git a/sw/device/silicon_creator/manuf/lib/BUILD b/sw/device/silicon_creator/manuf/lib/BUILD
@@ -226,6 +226,7 @@ opentitan_test(
         "//hw/ip/otp_ctrl/data:otp_ctrl_c_regs",
         "//hw/top_earlgrey/sw/autogen:top_earlgrey",
         "//sw/device/lib/base:status",
+        "//sw/device/lib/crypto/drivers:entropy",
         "//sw/device/lib/dif:flash_ctrl",
         "//sw/device/lib/dif:otp_ctrl",
         "//sw/device/lib/dif:rstmgr",
diff --git a/sw/device/silicon_creator/manuf/lib/individualize_sw_cfg_functest.c b/sw/device/silicon_creator/manuf/lib/individualize_sw_cfg_functest.c
@@ -3,6 +3,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 #include "sw/device/lib/base/status.h"
+#include "sw/device/lib/crypto/drivers/entropy.h"
 #include "sw/device/lib/dif/dif_flash_ctrl.h"
 #include "sw/device/lib/dif/dif_otp_ctrl.h"
 #include "sw/device/lib/dif/dif_rstmgr.h"
@@ -172,6 +173,7 @@ static void sw_reset(void) {
 
 bool test_main(void) {
   CHECK_STATUS_OK(peripheral_handles_init());
+  CHECK_STATUS_OK(entropy_complex_init());
 
   // Provision CREATOR_SW_CFG partition.
   if (!status_ok(manuf_individualize_device_creator_sw_cfg_check(&otp_ctrl))) {
