[crypto/gcm] Remove icache disable

The GCM was disabling icache during its operations due to GCM not being
constant time with this feature enabled. However, the
cryptolib can not write to such registers during API calls, hence the
feature has to be removed.
The otcrypto_init function at high security level now enables data
independent timing to secure GCM for SCA (we leave icache as perference
for the user).

We create an interface to the ibex_disable_icache and
ibex_restore_icache drivers functions for the user.

Upon testing the aes_gcm_timing_functest, the timing issues come from
the use of memshred, i.e., drawing randomness which stalls, and also
from otcrypto_eval_exit which reads from the alert manager which crosses
clock domains. The gcm is constant time when the icache is disabled and
the reading of the alert registers is manually removed. We keep the test
as broken (as we would need to mock out the reading of the alert
registers). However, the test is slightly adapted to use the new
ibex_disable_icache function.

Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>

Author: siemen11

sw/device/lib/crypto/impl/aes_gcm.c

@@ -312,10 +312,6 @@ otcrypto_status_t otcrypto_aes_gcm_encrypt(otcrypto_blinded_key_t *key,
   // Check the tag length.
   HARDENED_TRY(aes_gcm_check_tag_length(auth_tag->len, tag_len));
 
-  // Store the iCache state (on or off) and disable it when it is on.
-  hardened_bool_t icache_saved_state;
-  HARDENED_TRY(ibex_disable_icache(&icache_saved_state));
-
   // Construct the AES key.
   aes_key_t aes_key;
   HARDENED_TRY(aes_gcm_key_construct(key, &aes_key));
@@ -328,9 +324,6 @@ otcrypto_status_t otcrypto_aes_gcm_encrypt(otcrypto_blinded_key_t *key,
 
   HARDENED_TRY(clear_key_if_sideloaded(aes_key));
 
-  // Enable the iCache if it was previously enabled.
-  ibex_restore_icache(icache_saved_state);
-
   // Verify the input buffers
   HARDENED_CHECK_EQ(kHardenedBoolTrue, OTCRYPTO_CHECK_BUF(plaintext));
   HARDENED_CHECK_EQ(kHardenedBoolTrue, OTCRYPTO_CHECK_BUF(iv));
@@ -360,10 +353,6 @@ otcrypto_status_t otcrypto_aes_gcm_decrypt(
     return OTCRYPTO_BAD_ARGS;
   }
 
-  // Store the iCache state (on or off) and disable it when it is on.
-  hardened_bool_t icache_saved_state;
-  HARDENED_TRY(ibex_disable_icache(&icache_saved_state));
-
   // Construct the AES key.
   aes_key_t aes_key;
   HARDENED_TRY(aes_gcm_key_construct(key, &aes_key));
@@ -385,9 +374,6 @@ otcrypto_status_t otcrypto_aes_gcm_decrypt(
 
   HARDENED_TRY(clear_key_if_sideloaded(aes_key));
 
-  // Enable the iCache if it was previously enabled.
-  ibex_restore_icache(icache_saved_state);
-
   // Verify the input buffers
   HARDENED_CHECK_EQ(kHardenedBoolTrue, OTCRYPTO_CHECK_BUF(plaintext));
   HARDENED_CHECK_EQ(kHardenedBoolTrue, OTCRYPTO_CHECK_BUF(iv));
@@ -405,10 +391,6 @@ otcrypto_status_t otcrypto_aes_gcm_encrypt_init(
     return OTCRYPTO_BAD_ARGS;
   }
 
-  // Store the iCache state (on or off) and disable it when it is on.
-  hardened_bool_t icache_saved_state;
-  HARDENED_TRY(ibex_disable_icache(&icache_saved_state));
-
   // Construct the AES key.
   aes_key_t aes_key;
   HARDENED_TRY(aes_gcm_key_construct(key, &aes_key));
@@ -423,9 +405,6 @@ otcrypto_status_t otcrypto_aes_gcm_encrypt_init(
   HARDENED_TRY(gcm_context_save(&internal_ctx, ctx));
   HARDENED_TRY(clear_key_if_sideloaded(internal_ctx.key));
 
-  // Enable the iCache if it was previously enabled.
-  ibex_restore_icache(icache_saved_state);
-
   // Verify the input buffer
   HARDENED_CHECK_EQ(kHardenedBoolTrue, OTCRYPTO_CHECK_BUF(iv));
 
@@ -439,10 +418,6 @@ otcrypto_status_t otcrypto_aes_gcm_decrypt_init(
     return OTCRYPTO_BAD_ARGS;
   }
 
-  // Store the iCache state (on or off) and disable it when it is on.
-  hardened_bool_t icache_saved_state;
-  HARDENED_TRY(ibex_disable_icache(&icache_saved_state));
-
   // Construct the AES key.
   aes_key_t aes_key;
   HARDENED_TRY(aes_gcm_key_construct(key, &aes_key));
@@ -457,9 +432,6 @@ otcrypto_status_t otcrypto_aes_gcm_decrypt_init(
   HARDENED_TRY(gcm_context_save(&internal_ctx, ctx));
   HARDENED_TRY(clear_key_if_sideloaded(internal_ctx.key));
 
-  // Enable the iCache if it was previously enabled.
-  ibex_restore_icache(icache_saved_state);
-
   // Verify the input buffer
   HARDENED_CHECK_EQ(kHardenedBoolTrue, OTCRYPTO_CHECK_BUF(iv));
 
@@ -477,10 +449,6 @@ otcrypto_status_t otcrypto_aes_gcm_update_aad(otcrypto_aes_gcm_context_t *ctx,
     return OTCRYPTO_OK;
   }
 
-  // Store the iCache state (on or off) and disable it when it is on.
-  hardened_bool_t icache_saved_state;
-  HARDENED_TRY(ibex_disable_icache(&icache_saved_state));
-
   // Restore the AES-GCM context object and load the key if needed.
   aes_gcm_context_t internal_ctx;
   HARDENED_TRY(gcm_context_restore(ctx, &internal_ctx));
@@ -493,9 +461,6 @@ otcrypto_status_t otcrypto_aes_gcm_update_aad(otcrypto_aes_gcm_context_t *ctx,
   HARDENED_TRY(gcm_context_save(&internal_ctx, ctx));
   HARDENED_TRY(clear_key_if_sideloaded(internal_ctx.key));
 
-  // Enable the iCache if it was previously enabled.
-  ibex_restore_icache(icache_saved_state);
-
   // Verify the input buffer
   HARDENED_CHECK_EQ(kHardenedBoolTrue, OTCRYPTO_CHECK_BUF(aad));
 
@@ -516,10 +481,6 @@ otcrypto_status_t otcrypto_aes_gcm_update_encrypted_data(
     return OTCRYPTO_OK;
   }
 
-  // Store the iCache state (on or off) and disable it when it is on.
-  hardened_bool_t icache_saved_state;
-  HARDENED_TRY(ibex_disable_icache(&icache_saved_state));
-
   // Restore the AES-GCM context object and load the key if needed.
   aes_gcm_context_t internal_ctx;
   HARDENED_TRY(gcm_context_restore(ctx, &internal_ctx));
@@ -549,9 +510,6 @@ otcrypto_status_t otcrypto_aes_gcm_update_encrypted_data(
   HARDENED_TRY(gcm_context_save(&internal_ctx, ctx));
   HARDENED_TRY(clear_key_if_sideloaded(internal_ctx.key));
 
-  // Enable the iCache if it was previously enabled.
-  ibex_restore_icache(icache_saved_state);
-
   // Verify the input buffers
   HARDENED_CHECK_EQ(kHardenedBoolTrue, OTCRYPTO_CHECK_BUF(input));
   HARDENED_CHECK_EQ(kHardenedBoolTrue, OTCRYPTO_CHECK_BUF(output));
@@ -575,10 +533,6 @@ otcrypto_status_t otcrypto_aes_gcm_encrypt_final(
   // Randomize the tag before the operation.
   HARDENED_TRY(hardened_memshred(auth_tag->data, auth_tag->len));
 
-  // Store the iCache state (on or off) and disable it when it is on.
-  hardened_bool_t icache_saved_state;
-  HARDENED_TRY(ibex_disable_icache(&icache_saved_state));
-
   // Check the tag length.
   HARDENED_TRY(aes_gcm_check_tag_length(auth_tag->len, tag_len));
 
@@ -605,9 +559,6 @@ otcrypto_status_t otcrypto_aes_gcm_encrypt_final(
   HARDENED_TRY(hardened_memshred(ctx->data, ARRAYSIZE(ctx->data)));
   HARDENED_TRY(clear_key_if_sideloaded(internal_ctx.key));
 
-  // Enable the iCache if it was previously enabled.
-  ibex_restore_icache(icache_saved_state);
-
   // Verify the input buffers
   HARDENED_CHECK_EQ(kHardenedBoolTrue, OTCRYPTO_CHECK_BUF(ciphertext));
   HARDENED_CHECK_EQ(kHardenedBoolTrue, OTCRYPTO_CHECK_BUF(auth_tag));
@@ -629,10 +580,6 @@ otcrypto_status_t otcrypto_aes_gcm_decrypt_final(
   *plaintext_bytes_written = 0;
   *success = kHardenedBoolFalse;
 
-  // Store the iCache state (on or off) and disable it when it is on.
-  hardened_bool_t icache_saved_state;
-  HARDENED_TRY(ibex_disable_icache(&icache_saved_state));
-
   // Check the tag length.
   HARDENED_TRY(aes_gcm_check_tag_length(auth_tag->len, tag_len));
 
@@ -659,9 +606,6 @@ otcrypto_status_t otcrypto_aes_gcm_decrypt_final(
   HARDENED_TRY(hardened_memshred(ctx->data, ARRAYSIZE(ctx->data)));
   HARDENED_TRY(clear_key_if_sideloaded(internal_ctx.key));
 
-  // Enable the iCache if it was previously enabled.
-  ibex_restore_icache(icache_saved_state);
-
   // Verify the input buffers
   HARDENED_CHECK_EQ(kHardenedBoolTrue, OTCRYPTO_CHECK_BUF(auth_tag));
   HARDENED_CHECK_EQ(kHardenedBoolTrue, OTCRYPTO_CHECK_BUF(plaintext));

sw/device/lib/crypto/impl/config.c

@@ -58,6 +58,16 @@ otcrypto_status_t otcrypto_set_security_config(
   return OTCRYPTO_OK;
 }
 
+otcrypto_status_t otcrypto_disable_icache(hardened_bool_t *icache_enabled) {
+  HARDENED_TRY(ibex_disable_icache(icache_enabled));
+  return OTCRYPTO_OK;
+}
+
+otcrypto_status_t otcrypto_restore_icache(hardened_bool_t icache_enabled) {
+  ibex_restore_icache(icache_enabled);
+  return OTCRYPTO_OK;
+}
+
 otcrypto_status_t otcrypto_init(otcrypto_key_security_level_t security_level) {
   HARDENED_TRY(otcrypto_set_security_config(security_level));
 

sw/device/lib/crypto/include/config.h

@@ -34,7 +34,7 @@ otcrypto_status_t otcrypto_security_config_check(
  * and the data independent timing. On low security level, leaves the chip as it
  * is.
  *
- * This function writes to Ibex registers.
+ * This function writes to Ibex registers. Hence, it is only usable in M mode.
  *
  * @param security_level Security level of the used key.
  * @returns OK when the configuration is correctly set.
@@ -43,6 +43,33 @@ OT_WARN_UNUSED_RESULT
 otcrypto_status_t otcrypto_set_security_config(
     otcrypto_key_security_level_t security_level);
 
+/**
+ * Disable the Ibex Instruction Cache if it is enabled.
+ *
+ * Reads out the current state of the instruction cache. If it is enabled,
+ * disable it for the crypto lib.
+ * It is only usable in M mode.
+ *
+ * @param[out] icache_enabled kHardenedBoolTrue if the iCache was enabled before
+ * we disabled it.
+ * @return Error status.
+ */
+OT_WARN_UNUSED_RESULT
+otcrypto_status_t otcrypto_disable_icache(hardened_bool_t *icache_enabled);
+
+/**
+ * Enables the Ibex Instruction Cache if icache_enabled is set.
+ *
+ * If icache_enabled == kHardenedBoolTrue, this function enables the iCache by
+ * writing to CPUCTRL.
+ * It is only usable in M mode.
+ *
+ * @param icache_enabled kHardenedBoolTrue to enable the iCache.
+ * @return Error status.
+ */
+OT_WARN_UNUSED_RESULT
+otcrypto_status_t otcrypto_restore_icache(hardened_bool_t icache_enabled);
+
 /**
  * Initializes the crypto library for use.
  *
@@ -52,6 +79,7 @@ otcrypto_status_t otcrypto_set_security_config(
  * Set up the entropy source
  *
  * This function writes to alert manager and Ibex registers.
+ * It is only usable in M mode.
  *
  * @param security_level Security level of the used key.
  * @returns OK when the security check passed.

sw/device/tests/crypto/BUILD

@@ -219,13 +219,11 @@ opentitan_test(
     exec_env = CRYPTOTEST_EXEC_ENVS,
     fpga = fpga_params(
         timeout = "long",
-        tags = ["broken"],  # https://github.com/lowRISC/opentitan/issues/15788
-        # [test-triage] test not constant time with icache enabled
+        tags = ["broken"],
     ),
     verilator = verilator_params(
         timeout = "long",
-        tags = ["broken"],  # https://github.com/lowRISC/opentitan/issues/15788
-        # [test-triage] test not constant time with icache enabled
+        tags = ["broken"],
     ),
     deps = [
         ":aes_gcm_testutils",

sw/device/tests/crypto/aes_gcm_testutils.c

@@ -278,13 +278,11 @@ status_t aes_gcm_testutils_decrypt(const aes_gcm_test_t *test,
     *cycles = profile_end(t_start);
   } else {
     // Call decrypt() with a cycle count timing profile.
-    icache_invalidate();
     uint64_t t_start = profile_start();
     otcrypto_status_t err =
         otcrypto_aes_gcm_decrypt(&key, &ciphertext, &iv, &aad, tag_len, &tag,
                                  &actual_plaintext, tag_valid);
     *cycles = profile_end(t_start);
-    icache_invalidate();
 
     // Check for errors.
     TRY(err);

sw/device/tests/crypto/aes_gcm_timing_functest.c

@@ -3,6 +3,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 #include "sw/device/lib/base/macros.h"
+#include "sw/device/lib/crypto/drivers/rv_core_ibex.h"
 #include "sw/device/lib/crypto/impl/aes_gcm/aes_gcm.h"
 #include "sw/device/lib/crypto/include/config.h"
 #include "sw/device/lib/crypto/include/entropy_src.h"
@@ -77,6 +78,8 @@ OTTF_DEFINE_TEST_CONFIG();
 bool test_main(void) {
   status_t result;
   CHECK_STATUS_OK(otcrypto_init(kOtcryptoKeySecurityLevelHigh));
+  hardened_bool_t icache_enabled;
+  CHECK_STATUS_OK(otcrypto_disable_icache(&icache_enabled));
   for (size_t i = 0; i < ARRAYSIZE(kAesGcmTestvectors); i++) {
     current_test = &kAesGcmTestvectors[i];
     LOG_INFO("Key length = %d", current_test->key_len * sizeof(uint32_t));