Google Git
Sign in
opensecura/3p/lowrisc/opentitan/5a31aa6bd9204ce5f1cafc3ae82e282c1e8afa16^!/.
commit
5a31aa6bd9204ce5f1cafc3ae82e282c1e8afa16
[log]
author
Pirmin Vogel <vogelpi@lowrisc.org>
Fri Apr 29 11:21:07 2022 +0200
committer
Pirmin Vogel <vogelpi@lowrisc.org>
Sun May 01 23:11:27 2022 +0200
tree
58477cfc64e695536c57c2838d863677a11093cc
parent
39cb324f9069755645a8ac8df3956a64986a16a0 [diff]
[aes, dif] Check that AES is indeed idle before writing IV registers

Whenever, the AES unit is non-idle, updates to IV registers are ignored.
Depending on the configuration, updating the key might cause the AES
engine to become non-idle and reseed its internal PRNGs.

Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>

diff --git a/sw/device/lib/dif/dif_aes.c b/sw/device/lib/dif/dif_aes.c
index c135030..d75ef59 100644
--- a/sw/device/lib/dif/dif_aes.c
+++ b/sw/device/lib/dif/dif_aes.c

@@ -240,6 +240,10 @@
   }
 
   if (transaction->mode != kDifAesModeEcb) {
+    // Make sure AES is idle before providing the IV. Depending on the
+    // configuration, updating the key might cause the AES to become non-idle
+    // and reseed the internal PRNGs.
+    AES_WAIT_FOR_STATUS(aes, AES_STATUS_IDLE_BIT, true);
     aes_set_multireg(aes, &iv->iv[0], AES_IV_MULTIREG_COUNT,
                      AES_IV_0_REG_OFFSET);
   }

diff --git a/sw/device/lib/dif/dif_aes_unittest.cc b/sw/device/lib/dif/dif_aes_unittest.cc
index 1c009e1..cc70cd2 100644
--- a/sw/device/lib/dif/dif_aes_unittest.cc
+++ b/sw/device/lib/dif/dif_aes_unittest.cc

@@ -44,6 +44,7 @@
   }
 
   void ExpectIv(const dif_aes_iv_t &iv, const uint32_t kIvSize = 4) {
+    EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_IDLE_BIT, true}});
     ExpectWriteMultreg(AES_IV_0_REG_OFFSET, iv.iv, kIvSize);
   }