[pentest] Call otcrypto_security_config_check before entering CL

nasahlpa · nasahlpa · commit a9afc85d6c36 · 2025-12-05T16:20:52.000+01:00
For security testing, make sure that the device is in a secure configuration
before entering the cryptolib.

Signed-off-by: Pascal Nasahl &lt;nasahlpa@lowrisc.org&gt;
diff --git a/sw/device/tests/penetrationtests/firmware/fi/BUILD b/sw/device/tests/penetrationtests/firmware/fi/BUILD
@@ -37,6 +37,7 @@ cc_library(
         "//sw/device/lib/base:abs_mmio",
         "//sw/device/lib/base:memory",
         "//sw/device/lib/base:status",
+        "//sw/device/lib/crypto/include:crypto_hdrs",
         "//sw/device/lib/dif:rv_core_ibex",
         "//sw/device/lib/runtime:log",
         "//sw/device/lib/testing/test_framework:ujson_ottf",
@@ -55,6 +56,7 @@ cc_library(
         "//sw/device/lib/base:abs_mmio",
         "//sw/device/lib/base:memory",
         "//sw/device/lib/base:status",
+        "//sw/device/lib/crypto/include:crypto_hdrs",
         "//sw/device/lib/dif:rv_core_ibex",
         "//sw/device/lib/runtime:log",
         "//sw/device/lib/testing/test_framework:ujson_ottf",
diff --git a/sw/device/tests/penetrationtests/firmware/fi/cryptolib_fi_asym.c b/sw/device/tests/penetrationtests/firmware/fi/cryptolib_fi_asym.c
@@ -6,6 +6,7 @@
 
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/lib/base/status.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 #include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/ottf_test_config.h"
 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
@@ -512,6 +513,9 @@ status_t handle_cryptolib_fi_asym_init(ujson_t *uj) {
 
   /////////////// STUB START ///////////////
   // Add things like versioning.
+
+  // Check the security config of the device.
+  TRY(otcrypto_security_config_check(kOtcryptoKeySecurityLevelHigh));
   /////////////// STUB END ///////////////
 
   return OK_STATUS();
diff --git a/sw/device/tests/penetrationtests/firmware/fi/cryptolib_fi_sym.c b/sw/device/tests/penetrationtests/firmware/fi/cryptolib_fi_sym.c
@@ -6,6 +6,7 @@
 
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/lib/base/status.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 #include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/ottf_test_config.h"
 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
@@ -224,6 +225,9 @@ status_t handle_cryptolib_fi_sym_init(ujson_t *uj) {
 
   /////////////// STUB START ///////////////
   // Add things like versioning.
+
+  // Check the security config of the device.
+  TRY(otcrypto_security_config_check(kOtcryptoKeySecurityLevelHigh));
   /////////////// STUB END ///////////////
 
   return OK_STATUS();
diff --git a/sw/device/tests/penetrationtests/firmware/sca/BUILD b/sw/device/tests/penetrationtests/firmware/sca/BUILD
@@ -32,6 +32,7 @@ cc_library(
         "//sw/device/lib/base:abs_mmio",
         "//sw/device/lib/base:memory",
         "//sw/device/lib/base:status",
+        "//sw/device/lib/crypto/include:crypto_hdrs",
         "//sw/device/lib/dif:rv_core_ibex",
         "//sw/device/lib/runtime:log",
         "//sw/device/lib/testing/test_framework:ujson_ottf",
@@ -51,6 +52,7 @@ cc_library(
         "//sw/device/lib/base:abs_mmio",
         "//sw/device/lib/base:memory",
         "//sw/device/lib/base:status",
+        "//sw/device/lib/crypto/include:crypto_hdrs",
         "//sw/device/lib/dif:rv_core_ibex",
         "//sw/device/lib/runtime:log",
         "//sw/device/lib/testing/test_framework:ujson_ottf",
diff --git a/sw/device/tests/penetrationtests/firmware/sca/cryptolib_sca_asym.c b/sw/device/tests/penetrationtests/firmware/sca/cryptolib_sca_asym.c
@@ -6,6 +6,7 @@
 
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/lib/base/status.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 #include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/ottf_test_config.h"
 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
@@ -866,6 +867,9 @@ status_t handle_cryptolib_sca_asym_init(ujson_t *uj) {
 
   /////////////// STUB START ///////////////
   // Add things like versioning.
+
+  // Check the security config of the device.
+  TRY(otcrypto_security_config_check(kOtcryptoKeySecurityLevelHigh));
   /////////////// STUB END ///////////////
 
   return OK_STATUS();
diff --git a/sw/device/tests/penetrationtests/firmware/sca/cryptolib_sca_sym.c b/sw/device/tests/penetrationtests/firmware/sca/cryptolib_sca_sym.c
@@ -6,6 +6,7 @@
 
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/lib/base/status.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 #include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/ottf_test_config.h"
 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
@@ -918,6 +919,9 @@ status_t handle_cryptolib_sca_sym_init(ujson_t *uj) {
 
   /////////////// STUB START ///////////////
   // Add things like versioning.
+
+  // Check the security config of the device.
+  TRY(otcrypto_security_config_check(kOtcryptoKeySecurityLevelHigh));
   /////////////// STUB END ///////////////
 
   return OK_STATUS();
