- 
                Notifications
    You must be signed in to change notification settings 
- Fork 907
Cherry-pick to earlgrey_1.0.0: Several CL PRs #28406
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
          
     Merged
      
        
      
            timothytrippel
  merged 51 commits into
  lowRISC:earlgrey_1.0.0
from
nasahlpa:cherry_pick_own_cl_prs
  
      
      
   
  Oct 14, 2025 
      
    
                
     Merged
            
            Cherry-pick to earlgrey_1.0.0: Several CL PRs #28406
                    timothytrippel
  merged 51 commits into
  lowRISC:earlgrey_1.0.0
from
nasahlpa:cherry_pick_own_cl_prs
  
      
      
   
  Oct 14, 2025 
              
            Conversation
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
    This is a side-channel mitigation. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit beb00a0)
This is a side-channel mitigation. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit c2e6bf2)
Noticed this incidentally; I suspect the convenience unmask function didn't exist when this was first written. Saves a bit of code size. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit 0e07e38)
This is a side-channel mitigation Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit c192fbc)
This is a side-channel mitigation. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit fb21d9a)
This is a side-channel mitigation. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit 0bf3598)
THis is a side-channel mitigation. Also fixes a byte-word confusion in RSA decryption that I noticed incidentally. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit be8d02a)
Randomize buffers where we can, being careful not to use hardening primitives that rely on entropy in the manual-DRBG routines. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit 8cc7019)
This is a side channel mitigation. Also makes a small code size optimization around sideloaded-key clearing that I noticed incidentally. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit 6b99624)
This is a side-channel mitigation. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit 4d76c3d)
Small defense-in-depth improvement in SCA defense. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit 5e8bd4c)
This commit adds checks to the RSA codebase where, based on the selected padding scheme, the control-flow diverges. These checks make sure that a fault cannot allow an attacker to switch to a different padding scheme. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 27769f5)
Signed-off-by: Lucas Baizer <[email protected]> (cherry picked from commit 47a4f45)
Always wipe the DMEM once the OTBN execution has been finished. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 52c318f)
When an error occurs, HARDENED_TRY() immediately returns. As we also want to wipe the OTBN DMEM when an error happens, this commit adds HARDENED_TRY_WIPE_DMEM() which wipes DMEM on an error before returning. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit a5952c3)
Use the hardened_memcpy function to randomize writing into the HMAC key register. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit ce38ad9)
To mitigate fault attacks, read back the HMAC config from the register and compare to the expected config. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 8926c49)
Make sure that the key length was set in the ctrl_reg register. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 2a7fce1)
Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit cb93127)
Add new functions to the AES driver that allows computing a checksum of the current AES key. The checksum is calculated when creating the AES key structure. The checksum is checked again after writing the key to the AES IP core. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 9977567)
Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 6e77c08)
Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 83b8114)
Check if the loop ran for the expected number of iterations. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 92c3db6)
This commit randomizes the order we are writing the key shares to the AES block. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit fc4196b)
This commit randomizes the order we are reading the key shares from the keymanager. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 2144e83)
This commit adds fault injection protection to the HMAC cryptolib implementation. When `security_level == kOtcryptoKeySecurityLevelLow`, no protection is provided, similar until now. When `seucrity_level == kOtcryptoKeySecurityLevelMedium`, the CL now calls the CL-internal `hmac_hmac_sha256()` function twice. By comparing both tag outputs, an ongoing FI attack can be mitigated. When `security_level == kOtcryptoKeySecurityLevelHigh`, the CL now calls once the CL-internal `hmac_hmac_sha256()` function as well as the new `hmac_hmac_sha256_redundant()` function. Both functions again calculate the same tag and the CL compares both tages. However, the second implementation uses an alternative HMAC implementation that does not use the HMAC core itself but constructs HMAC over the SHA core. The idea is that two identical faults affect both implementations differently, which can be detected. Impact on the runtime for HMAC SHA256, 13 bytes message: otcrypto_hmac() runtime with security_level low: 6026 cycles otcrypto_hmac() runtime with security_level medium: 11852 cycles otcrypto_hmac() runtime with security_level high: 14975 cycles Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 9e6c1af)
This commit adds fault injection protection for the AES cryptolib implementation. When `key.security_level > kOtcryptoKeySecurityLevelLow`, the cryptolib internally performs two AES operations. The result of the first AES operation is used as input of the second AES operation. The output of the second AES operation should match the input of the first AES operation. If the check fails, an UNIMP instruction is executed. Performance AES-128 ECB encryption of 50 bytes: otcrypto_aes() runtime with security_level low: 25407 cycles otcrypto_aes() runtime with security_level > low: 53964 cycles Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 15fd255)
We should check the integrity of the public and private key after we have written them into OTBN. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 6517812)
Some functions in the HMAC driver are security-sensitve. Use `HARDEND_TRY()` to check the return value of those functions. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 8a6efc3)
As we also want to use CFI for those functions, return `status_t`. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 757b303)
Use the FI hardened version of P256 and P384 ECDSA sign that performs a verification after the signing. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit d8a16fe)
When the host sets cfg == 1, the P256/P384 Sign routines perform a keygen. Then, the new keypair is used instead of the provided key. The public key is returned back to the host. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 8cb2871)
Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 3f01058)
This commit adds additional hardening against FI to AES-GCM. When setting the key security_level > low, the AES operation performed by the AES IP block is checked by recomputing the input. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 27b6844)
Replace kOtcryptoKeySecurityLevelLow with kOtcryptoKeySecurityLevelHigh to make sure that the AES-GCM FI protection is tested as well. Not testing security_level low is fine as low is a subset of high. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit c8503b7)
By setting kOtcryptoKeySecurityLevelHigh, the CL will use countermeasures to protect the AES-GCM computation against FI. Enable this protection for the CL AES-GCM pentesting. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 4d12b44)
When creating the HMAC key, store the checksum into the HMAC key struct. After writing the key to the HMAC block, recompute the checksum over the key and compare it to the stored checksum value. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit deee829)
This commit hardens the GHASH function against SCA. The masking scheme follows the approach highlighted in lowRISC#27258. In summary, this masking schemes processes the shares of the hash subkey H = H0 + H1 and the encrypted intial counter block S = S0 + S1 independently. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 996a7b4)
Rename this function to hardend_xor_in_place as the next commit introduces a hardened_xor that does not store the result in-place. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 542beff)
Takes `x` and `y` and writes `x ^ y` to the `dest` output buffer. To avoid combining `x` and `y` in the XOR operation, the function actually performs: `dest = ((rand ^ x) ^ y) ^ rand` Closes lowRISC#28008 Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 5411684)
With the previous hardend_xor implementation, we were overriding share0 with share1, which leaks. By using the improved hardened_xor, we avoiding this issue. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit b126c26)
As code in CL should be executed in constant time, this commit adds new functions that allow the CL to disable and restore the state of the Ibex instruction cache. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 7845666)
When entering the CL over the API, disable the iCache if it is enabled. When leaving the CL, restore the previous state of the iCache (enabled or disabled). Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 0602467)
As we are doing an operation on the key, use the hardened_xor instead of the plain XOR. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 273a347)
In the previous implementation of random_order, the length returned was larger than the length of the buffer we want to traverse. Hence, decoys were introduced and they were used for the additional iterations. lowRISC#27875 modified the random_order function. Now, the length returned is identical to the length of the buffer we want to traverse. Hence, no additional iterations are executed - so we can remove the decoys. As described in lowRISC#27638 decoys are anyways not particularly as a SCA countermeasure. Closes lowRISC#27638 Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 1136ecb)
Signed-off-by: Pascal Nasahl <[email protected]> (commit is original to earlgrey_1.0.0)
beca6aa    to
    f85abb4      
    Compare
  
    | All tests in  | 
            
                  timothytrippel
  
            
            approved these changes
            
                
                  Oct 14, 2025 
                
            
            
          
          
db6f08c
      into
      
  
    lowRISC:earlgrey_1.0.0
  
    
        65 of 66 checks passed
      
      
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment
  
      
  Add this suggestion to a batch that can be applied as a single commit.
  This suggestion is invalid because no changes were made to the code.
  Suggestions cannot be applied while the pull request is closed.
  Suggestions cannot be applied while viewing a subset of changes.
  Only one suggestion per line can be applied in a batch.
  Add this suggestion to a batch that can be applied as a single commit.
  Applying suggestions on deleted lines is not supported.
  You must change the existing code in this line in order to create a valid suggestion.
  Outdated suggestions cannot be applied.
  This suggestion has been applied or marked resolved.
  Suggestions cannot be applied from pending reviews.
  Suggestions cannot be applied on multi-line comments.
  Suggestions cannot be applied while the pull request is queued to merge.
  Suggestion cannot be applied right now. Please check back later.
  
    
  
    
This PR manually backports several CL PRs, namely:
hardened_*functions #28172hardened_xorfunction #28085to eg100