Currently, these rules are violated all over our OTBN code. We need to fix it so the code can avoid SCA pitfalls.
As discussed in https://github.com/lowRISC/opentitan/pull/22874#issuecomment-2082493629, it would be nice to use our OTBN Python analysis infrastructure to check these rules, and then run those in CI like we do with otbn_consttime_test. Long-term we might want to do something more formalized to specify what information is leaked by an instruction, but for now it would be good to at least have checks against the rules we already know to watch for.
Description
Based on results from COCO-ALMA, we have some secure coding guidelines for OTBN code: https://opentitan.org/book/doc/contributing/style_guides/otbn_style_guide.html?highlight=secure%20coding#secure-coding-for-cryptography
Currently, these rules are violated all over our OTBN code. We need to fix it so the code can avoid SCA pitfalls.
As discussed in https://github.com/lowRISC/opentitan/pull/22874#issuecomment-2082493629, it would be nice to use our OTBN Python analysis infrastructure to check these rules, and then run those in CI like we do with
otbn_consttime_test
. Long-term we might want to do something more formalized to specify what information is leaked by an instruction, but for now it would be good to at least have checks against the rules we already know to watch for.