search

lowRISC / opentitan

OpenTitan: Open source silicon root of trust
https://www.opentitan.org
Apache License 2.0
2.49k stars 742 forks source link

[sw, otbn] Fix OTBN code to not violate secure coding guidelines. #24056

Open jadephilipoom opened 1 month ago

jadephilipoom commented 1 month ago

Description

Based on results from COCO-ALMA, we have some secure coding guidelines for OTBN code: https://opentitan.org/book/doc/contributing/style_guides/otbn_style_guide.html?highlight=secure%20coding#secure-coding-for-cryptography

Currently, these rules are violated all over our OTBN code. We need to fix it so the code can avoid SCA pitfalls.

As discussed in https://github.com/lowRISC/opentitan/pull/22874#issuecomment-2082493629, it would be nice to use our OTBN Python analysis infrastructure to check these rules, and then run those in CI like we do with otbn_consttime_test. Long-term we might want to do something more formalized to specify what information is leaked by an instruction, but for now it would be good to at least have checks against the rules we already know to watch for.

johannheyszl commented 1 month ago

added to OT project and switched prio to P1 tentatively