Software APIs
hardened_memory.h
Go to the documentation of this file.
1
// Copyright lowRISC contributors (OpenTitan project).
2
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3
// SPDX-License-Identifier: Apache-2.0
4
5
#ifndef OPENTITAN_SW_DEVICE_LIB_BASE_HARDENED_MEMORY_H_
6
#define OPENTITAN_SW_DEVICE_LIB_BASE_HARDENED_MEMORY_H_
7
8
/**
9
* @file
10
* @brief Hardened memory operations for constant power buffer manipulation.
11
*/
12
13
#include <stddef.h>
14
#include <stdint.h>
15
16
#include "
sw/device/lib/base/hardened.h
"
17
#include "
sw/device/lib/base/macros.h
"
18
19
#ifdef __cplusplus
20
extern
"C"
{
21
#endif
// __cplusplus
22
23
/**
24
* Expects some external implementation of randomness to be linked.
25
*
26
* @return A fresh random word.
27
*/
28
extern
uint32_t
hardened_memshred_random_word
(
void
);
29
30
/**
31
* Copies 32-bit words between non-overlapping regions.
32
*
33
* Unlike `memcpy()`, this function has important differences:
34
* - It is significantly slower, since it mitigates power-analysis attacks.
35
* - It performs operations on 32-bit words, rather than bytes.
36
* - It returns void.
37
*
38
* Input pointers *MUST* be 32-bit aligned, although they do not need to
39
* actually point to memory declared as `uint32_t` per the C aliasing rules.
40
* Internally, this function is careful to not dereference its operands
41
* directly, and instead uses dedicated load/store intrinsics.
42
*
43
* @param dest The destination of the copy.
44
* @param src The source of the copy.
45
* @param word_len The number of words to copy.
46
*/
47
void
hardened_memcpy
(uint32_t *
OT_RESTRICT
dest,
48
const
uint32_t *
OT_RESTRICT
src,
size_t
word_len);
49
50
/**
51
* Fills a 32-bit aligned region of memory with random data.
52
*
53
* Unlike `memset()`, this function has important differences:
54
* - It is significantly slower, since it mitigates power-analysis attacks.
55
* - It performs operations on 32-bit words, rather than bytes.
56
* - A fill value cannot be specified.
57
* - It returns void.
58
*
59
* Input pointers *MUST* be 32-bit aligned, although they do not need to
60
* actually point to memory declared as `uint32_t` per the C aliasing rules.
61
* Internally, this function is careful to not dereference its operands
62
* directly, and instead uses dedicated load/store intrinsics.
63
*
64
* @param dest The destination of the set.
65
* @param word_len The number of words to write.
66
*/
67
void
hardened_memshred
(uint32_t *dest,
size_t
word_len);
68
69
/**
70
* Compare two potentially-overlapping 32-bit aligned regions of memory for
71
* equality.
72
*
73
* Unlike `memcmp()`, this function has important differences:
74
* - It is significantly slower, since it mitigates power-analysis attacks.
75
* - It performs operations on 32-bit words, rather than bytes.
76
* - It only computes equality, not lexicographic ordering, which would be even
77
* slower.
78
* - It returns a `hardened_bool_t`.
79
* - It is constant-time.
80
*
81
* Input pointers *MUST* be 32-bit aligned, although they do not need to
82
* actually point to memory declared as `uint32_t` per the C aliasing rules.
83
* Internally, this function is careful to not dereference its operands
84
* directly, and instead uses dedicated load/store intrinsics.
85
*
86
* @param lhs The first buffer to compare.
87
* @param rhs The second buffer to compare.
88
* @param word_len The number of words to write.
89
*/
90
hardened_bool_t
hardened_memeq
(
const
uint32_t *lhs,
const
uint32_t *rhs,
91
size_t
word_len);
92
93
#ifdef __cplusplus
94
}
// extern "C"
95
#endif
// __cplusplus
96
97
#endif
// OPENTITAN_SW_DEVICE_LIB_BASE_HARDENED_MEMORY_H_
sw
device
lib
base
hardened_memory.h
Return to
OpenTitan Documentation
