Software APIs
sw
device
lib
base
hardened_memory.h
Go to the documentation of this file.
1
// Copyright lowRISC contributors (OpenTitan project).
2
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3
// SPDX-License-Identifier: Apache-2.0
4
5
#ifndef OPENTITAN_SW_DEVICE_LIB_BASE_HARDENED_MEMORY_H_
6
#define OPENTITAN_SW_DEVICE_LIB_BASE_HARDENED_MEMORY_H_
7
8
/**
9
* @file
10
* @brief Hardened memory operations for constant power buffer manipulation.
11
*/
12
13
#include <
stddef.h
>
14
#include <
stdint.h
>
15
16
#include "
sw/device/lib/base/hardened.h
"
17
#include "
sw/device/lib/base/macros.h
"
18
19
#ifdef __cplusplus
20
extern
"C"
{
21
#endif // __cplusplus
22
23
/**
24
* Copies 32-bit words between non-overlapping regions.
25
*
26
* Unlike `memcpy()`, this function has important differences:
27
* - It is significantly slower, since it mitigates power-analysis attacks.
28
* - It performs operations on 32-bit words, rather than bytes.
29
* - It returns void.
30
*
31
* Input pointers *MUST* be 32-bit aligned, although they do not need to
32
* actually point to memory declared as `uint32_t` per the C aliasing rules.
33
* Internally, this function is careful to not dereference its operands
34
* directly, and instead uses dedicated load/store intrinsics.
35
*
36
* @param dest The destination of the copy.
37
* @param src The source of the copy.
38
* @param word_len The number of words to copy.
39
*/
40
void
hardened_memcpy
(uint32_t *
OT_RESTRICT
dest,
41
const
uint32_t *
OT_RESTRICT
src,
size_t
word_len);
42
43
/**
44
* Fills a 32-bit aligned region of memory with random data.
45
*
46
* Unlike `memset()`, this function has important differences:
47
* - It is significantly slower, since it mitigates power-analysis attacks.
48
* - It performs operations on 32-bit words, rather than bytes.
49
* - A fill value cannot be specified.
50
* - It returns void.
51
*
52
* Input pointers *MUST* be 32-bit aligned, although they do not need to
53
* actually point to memory declared as `uint32_t` per the C aliasing rules.
54
* Internally, this function is careful to not dereference its operands
55
* directly, and instead uses dedicated load/store intrinsics.
56
*
57
* @param dest The destination of the set.
58
* @param word_len The number of words to write.
59
*/
60
void
hardened_memshred
(uint32_t *dest,
size_t
word_len);
61
62
/**
63
* Compare two potentially-overlapping 32-bit aligned regions of memory for
64
* equality.
65
*
66
* Unlike `memcmp()`, this function has important differences:
67
* - It is significantly slower, since it mitigates power-analysis attacks.
68
* - It performs operations on 32-bit words, rather than bytes.
69
* - It only computes equality, not lexicographic ordering, which would be even
70
* slower.
71
* - It returns a `hardened_bool_t`.
72
* - It is constant-time.
73
*
74
* Input pointers *MUST* be 32-bit aligned, although they do not need to
75
* actually point to memory declared as `uint32_t` per the C aliasing rules.
76
* Internally, this function is careful to not dereference its operands
77
* directly, and instead uses dedicated load/store intrinsics.
78
*
79
* @param lhs The first buffer to compare.
80
* @param rhs The second buffer to compare.
81
* @param word_len The number of words to write.
82
*/
83
hardened_bool_t
hardened_memeq
(
const
uint32_t *lhs,
const
uint32_t *rhs,
84
size_t
word_len);
85
86
#ifdef __cplusplus
87
}
// extern "C"
88
#endif // __cplusplus
89
90
#endif // OPENTITAN_SW_DEVICE_LIB_BASE_HARDENED_MEMORY_H_
Return to
OpenTitan Documentation
