lowRISC · nasahlpa · Dec 9, 2025 · Dec 5, 2025 · Dec 5, 2025 · Dec 5, 2025
diff --git a/sw/device/lib/crypto/BUILD b/sw/device/lib/crypto/BUILD
@@ -26,6 +26,7 @@ ot_static_library(
         "//sw/device/lib/crypto/impl:kmac",
         "//sw/device/lib/crypto/impl:kmac_kdf",
         "//sw/device/lib/crypto/impl:rsa",
+        "//sw/device/lib/crypto/impl:security_config",
         "//sw/device/lib/crypto/impl:sha2",
         "//sw/device/lib/crypto/impl:sha3",
         "//sw/device/lib/crypto/impl:x25519",

diff --git a/sw/device/lib/crypto/impl/BUILD b/sw/device/lib/crypto/impl/BUILD
@@ -236,7 +236,7 @@ cc_library(
 cc_library(
     name = "security_config",
     srcs = ["security_config.c"],
-    hdrs = ["security_config.h"],
+    hdrs = ["//sw/device/lib/crypto/include:security_config.h"],
     deps = [
         ":integrity",
         ":status",

@@ -13,9 +13,9 @@
 #include "sw/device/lib/crypto/drivers/keymgr.h"
 #include "sw/device/lib/crypto/impl/integrity.h"
 #include "sw/device/lib/crypto/impl/keyblob.h"
-#include "sw/device/lib/crypto/impl/security_config.h"
 #include "sw/device/lib/crypto/impl/status.h"
 #include "sw/device/lib/crypto/include/datatypes.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 
 // Module ID for status codes.
 #define MODULE_ID MAKE_MODULE_ID('a', 'e', 's')
@@ -300,9 +300,6 @@ static otcrypto_status_t otcrypto_aes_impl(
     return OTCRYPTO_BAD_ARGS;
   }
 
-  // Check the security config of the device.
-  HARDENED_TRY(security_config_check(key->config.security_level));
-
   // Ensure the entropy complex is initialized.
   HARDENED_TRY(entropy_complex_check());
 

@@ -16,9 +16,9 @@
 #include "sw/device/lib/crypto/impl/aes_gcm/ghash.h"
 #include "sw/device/lib/crypto/impl/integrity.h"
 #include "sw/device/lib/crypto/impl/keyblob.h"
-#include "sw/device/lib/crypto/impl/security_config.h"
 #include "sw/device/lib/crypto/impl/status.h"
 #include "sw/device/lib/crypto/include/datatypes.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 
 // Module ID for status codes.
 #define MODULE_ID MAKE_MODULE_ID('a', 'g', 'c')
@@ -394,9 +394,6 @@ otcrypto_status_t otcrypto_aes_gcm_encrypt_init(
     return OTCRYPTO_BAD_ARGS;
   }
 
-  // Check the security config of the device.
-  HARDENED_TRY(security_config_check(key->config.security_level));
-
   // Ensure entropy complex is initialized.
   HARDENED_TRY(entropy_complex_check());
 

@@ -10,8 +10,8 @@
 #include "sw/device/lib/crypto/impl/ecc/p256.h"
 #include "sw/device/lib/crypto/impl/integrity.h"
 #include "sw/device/lib/crypto/impl/keyblob.h"
-#include "sw/device/lib/crypto/impl/security_config.h"
 #include "sw/device/lib/crypto/include/datatypes.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 
 // Module ID for status codes.
 #define MODULE_ID MAKE_MODULE_ID('p', '2', '5')
@@ -114,9 +114,6 @@ otcrypto_status_t otcrypto_ecdsa_p256_keygen_async_start(
     return OTCRYPTO_BAD_ARGS;
   }
 
-  // Check the security config of the device.
-  HARDENED_TRY(security_config_check(private_key->config.security_level));
-
   // Check the key mode.
   if (private_key->config.key_mode != kOtcryptoKeyModeEcdsaP256) {
     return OTCRYPTO_BAD_ARGS;
@@ -293,9 +290,6 @@ otcrypto_status_t otcrypto_ecdsa_p256_sign_async_start(
     return OTCRYPTO_BAD_ARGS;
   }
 
-  // Check the security config of the device.
-  HARDENED_TRY(security_config_check(private_key->config.security_level));
-
   // Check that the entropy complex is initialized.
   HARDENED_TRY(entropy_complex_check());
 

@@ -10,8 +10,8 @@
 #include "sw/device/lib/crypto/impl/ecc/p384.h"
 #include "sw/device/lib/crypto/impl/integrity.h"
 #include "sw/device/lib/crypto/impl/keyblob.h"
-#include "sw/device/lib/crypto/impl/security_config.h"
 #include "sw/device/lib/crypto/include/datatypes.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 
 // Module ID for status codes.
 #define MODULE_ID MAKE_MODULE_ID('p', '3', '8')
@@ -114,9 +114,6 @@ otcrypto_status_t otcrypto_ecdsa_p384_keygen_async_start(
     return OTCRYPTO_BAD_ARGS;
   }
 
-  // Check the security config of the device.
-  HARDENED_TRY(security_config_check(private_key->config.security_level));
-
   // Check the key mode.
   if (private_key->config.key_mode != kOtcryptoKeyModeEcdsaP384) {
     return OTCRYPTO_BAD_ARGS;
@@ -297,9 +294,6 @@ otcrypto_status_t otcrypto_ecdsa_p384_sign_async_start(
     return OTCRYPTO_BAD_ARGS;
   }
 
-  // Check the security config of the device.
-  HARDENED_TRY(security_config_check(private_key->config.security_level));
-
   // Check that the entropy complex is initialized.
   HARDENED_TRY(entropy_complex_check());
 

@@ -10,8 +10,8 @@
 #include "sw/device/lib/crypto/drivers/rv_core_ibex.h"
 #include "sw/device/lib/crypto/impl/integrity.h"
 #include "sw/device/lib/crypto/impl/keyblob.h"
-#include "sw/device/lib/crypto/impl/security_config.h"
 #include "sw/device/lib/crypto/impl/status.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 
 // Module ID for status codes.
 #define MODULE_ID MAKE_MODULE_ID('h', 'm', 'c')
@@ -226,9 +226,6 @@ otcrypto_status_t otcrypto_hmac(const otcrypto_blinded_key_t *key,
   // Preload the tag with randomness.
   HARDENED_TRY(hardened_memshred(tag.data, tag.len));
 
-  // Check the security config of the device.
-  HARDENED_TRY(security_config_check(key->config.security_level));
-
   // Check the key for null pointers or invalid configurations.
   HARDENED_TRY(check_key(key));
 

@@ -9,8 +9,8 @@
 #include "sw/device/lib/crypto/drivers/kmac.h"
 #include "sw/device/lib/crypto/impl/integrity.h"
 #include "sw/device/lib/crypto/impl/keyblob.h"
-#include "sw/device/lib/crypto/impl/security_config.h"
 #include "sw/device/lib/crypto/impl/status.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 
 // Module ID for status codes.
 #define MODULE_ID MAKE_MODULE_ID('k', 'm', 'c')
@@ -27,9 +27,6 @@ otcrypto_status_t otcrypto_kmac(otcrypto_blinded_key_t *key,
     return OTCRYPTO_BAD_ARGS;
   }
 
-  // Check the security config of the device.
-  HARDENED_TRY(security_config_check(key->config.security_level));
-
   // Check for null input message with nonzero length.
   if (input_message.data == NULL && input_message.len != 0) {
     return OTCRYPTO_BAD_ARGS;

@@ -12,9 +12,9 @@
 #include "sw/device/lib/crypto/impl/rsa/rsa_signature.h"
 #include "sw/device/lib/crypto/impl/rsa/run_rsa.h"
 #include "sw/device/lib/crypto/impl/rsa/run_rsa_key_from_cofactor.h"
-#include "sw/device/lib/crypto/impl/security_config.h"
 #include "sw/device/lib/crypto/impl/status.h"
 #include "sw/device/lib/crypto/include/datatypes.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 
 // Module ID for status codes.
 #define MODULE_ID MAKE_MODULE_ID('r', 's', 'a')
@@ -695,9 +695,6 @@ otcrypto_status_t otcrypto_rsa_sign_async_start(
     return OTCRYPTO_BAD_ARGS;
   }
 
-  // Check the security config of the device.
-  HARDENED_TRY(security_config_check(private_key->config.security_level));
-
   // Check that the entropy complex is initialized.
   HARDENED_TRY(entropy_complex_check());
 
@@ -1003,9 +1000,6 @@ otcrypto_status_t otcrypto_rsa_decrypt_async_start(
     return OTCRYPTO_BAD_ARGS;
   }
 
-  // Check the security config of the device.
-  HARDENED_TRY(security_config_check(private_key->config.security_level));
-
   // Check that the entropy complex is initialized.
   HARDENED_TRY(entropy_complex_check());
 

@@ -2,14 +2,15 @@
 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
 // SPDX-License-Identifier: Apache-2.0
 
-#include "sw/device/lib/crypto/impl/security_config.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 
 #include "sw/device/lib/arch/device.h"
 #include "sw/device/lib/base/hardened.h"
 #include "sw/device/lib/crypto/drivers/rv_core_ibex.h"
 #include "sw/device/silicon_creator/lib/drivers/clkmgr.h"
 
-status_t security_config_check(otcrypto_key_security_level_t security_level) {
+status_t otcrypto_security_config_check(
+    otcrypto_key_security_level_t security_level) {
   // Only check the security config on silicon as some of the countermeasures
   // might not be available in other targets.
   if (kDeviceType == kDeviceSilicon) {

diff --git a/sw/device/lib/crypto/include/BUILD b/sw/device/lib/crypto/include/BUILD
@@ -38,6 +38,7 @@ cc_library(
         "kmac_kdf.h",
         "otcrypto.h",
         "rsa.h",
+        "security_config.h",
         "sha2.h",
         "sha3.h",
         "x25519.h",

@@ -2,8 +2,8 @@
 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
 // SPDX-License-Identifier: Apache-2.0
 
-#ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_SECURITY_CONFIG_H_
-#define OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_SECURITY_CONFIG_H_
+#ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_SECURITY_CONFIG_H_
+#define OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_SECURITY_CONFIG_H_
 
 #include <stddef.h>
 #include <stdint.h>
@@ -26,10 +26,11 @@ extern "C" {
  * @returns OK when the security check passed.
  */
 OT_WARN_UNUSED_RESULT
-status_t security_config_check(otcrypto_key_security_level_t security_level);
+status_t otcrypto_security_config_check(
+    otcrypto_key_security_level_t security_level);
 
 #ifdef __cplusplus
 }  // extern "C"
 #endif  // __cplusplus
 
-#endif  // OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_SECURITY_CONFIG_H_
+#endif  // OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_SECURITY_CONFIG_H_
diff --git a/sw/device/tests/penetrationtests/firmware/fi/BUILD b/sw/device/tests/penetrationtests/firmware/fi/BUILD
@@ -37,6 +37,7 @@ cc_library(
         "//sw/device/lib/base:abs_mmio",
         "//sw/device/lib/base:memory",
         "//sw/device/lib/base:status",
+        "//sw/device/lib/crypto/include:crypto_hdrs",
         "//sw/device/lib/dif:rv_core_ibex",
         "//sw/device/lib/runtime:log",
         "//sw/device/lib/testing/test_framework:ujson_ottf",
@@ -55,6 +56,7 @@ cc_library(
         "//sw/device/lib/base:abs_mmio",
         "//sw/device/lib/base:memory",
         "//sw/device/lib/base:status",
+        "//sw/device/lib/crypto/include:crypto_hdrs",
         "//sw/device/lib/dif:rv_core_ibex",
         "//sw/device/lib/runtime:log",
         "//sw/device/lib/testing/test_framework:ujson_ottf",

@@ -6,6 +6,7 @@
 
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/lib/base/status.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 #include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/ottf_test_config.h"
 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
@@ -512,6 +513,9 @@ status_t handle_cryptolib_fi_asym_init(ujson_t *uj) {
 
   /////////////// STUB START ///////////////
   // Add things like versioning.
+
+  // Check the security config of the device.
+  TRY(otcrypto_security_config_check(kOtcryptoKeySecurityLevelHigh));
   /////////////// STUB END ///////////////
 
   return OK_STATUS();

@@ -203,7 +203,7 @@ status_t cryptolib_fi_rsa_enc_impl(cryptolib_fi_asym_rsa_enc_in_t uj_input,
         .key_mode = kOtcryptoKeyModeRsaEncryptOaep,
         .key_length = private_key_bytes,
         .hw_backed = kHardenedBoolFalse,
-        .security_level = kOtcryptoKeySecurityLevelLow,
+        .security_level = kOtcryptoKeySecurityLevelHigh,
     };
     size_t keyblob_words = ceil_div(private_key_blob_bytes, sizeof(uint32_t));
     uint32_t keyblob[keyblob_words];
@@ -381,7 +381,7 @@ status_t cryptolib_fi_rsa_sign_impl(
       .key_mode = key_mode,
       .key_length = private_key_bytes,
       .hw_backed = kHardenedBoolFalse,
-      .security_level = kOtcryptoKeySecurityLevelLow,
+      .security_level = kOtcryptoKeySecurityLevelHigh,
   };
   size_t keyblob_words = ceil_div(private_key_blob_bytes, sizeof(uint32_t));
   uint32_t keyblob[keyblob_words];
@@ -703,7 +703,7 @@ status_t cryptolib_fi_p256_ecdh_impl(
               .key_length = kPentestP256Bytes,
               .hw_backed = kHardenedBoolFalse,
               .exportable = kHardenedBoolTrue,
-              .security_level = kOtcryptoKeySecurityLevelLow,
+              .security_level = kOtcryptoKeySecurityLevelHigh,
           },
       .keyblob_length = sizeof(private_keyblob),
       .keyblob = private_keyblob,
@@ -734,7 +734,7 @@ status_t cryptolib_fi_p256_ecdh_impl(
               .key_length = kPentestP256Bytes,
               .hw_backed = kHardenedBoolFalse,
               .exportable = kHardenedBoolTrue,
-              .security_level = kOtcryptoKeySecurityLevelLow,
+              .security_level = kOtcryptoKeySecurityLevelHigh,
           },
       .keyblob_length = sizeof(shared_secretblob),
       .keyblob = shared_secretblob,
@@ -800,7 +800,7 @@ status_t cryptolib_fi_p256_sign_impl(
       .key_mode = kOtcryptoKeyModeEcdsaP256,
       .key_length = kPentestP256Bytes,
       .hw_backed = kHardenedBoolFalse,
-      .security_level = kOtcryptoKeySecurityLevelLow,
+      .security_level = kOtcryptoKeySecurityLevelHigh,
   };
 
   // Create the private key.
@@ -1016,7 +1016,7 @@ status_t cryptolib_fi_p384_ecdh_impl(
               .key_length = kPentestP384Bytes,
               .hw_backed = kHardenedBoolFalse,
               .exportable = kHardenedBoolTrue,
-              .security_level = kOtcryptoKeySecurityLevelLow,
+              .security_level = kOtcryptoKeySecurityLevelHigh,
           },
       .keyblob_length = sizeof(private_keyblob),
       .keyblob = private_keyblob,
@@ -1047,7 +1047,7 @@ status_t cryptolib_fi_p384_ecdh_impl(
               .key_length = kPentestP384Bytes,
               .hw_backed = kHardenedBoolFalse,
               .exportable = kHardenedBoolTrue,
-              .security_level = kOtcryptoKeySecurityLevelLow,
+              .security_level = kOtcryptoKeySecurityLevelHigh,
           },
       .keyblob_length = sizeof(shared_secretblob),
       .keyblob = shared_secretblob,
@@ -1113,7 +1113,7 @@ status_t cryptolib_fi_p384_sign_impl(
       .key_mode = kOtcryptoKeyModeEcdsaP384,
       .key_length = kPentestP384Bytes,
       .hw_backed = kHardenedBoolFalse,
-      .security_level = kOtcryptoKeySecurityLevelLow,
+      .security_level = kOtcryptoKeySecurityLevelHigh,
   };
 
   // Create the private key.

@@ -6,6 +6,7 @@
 
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/lib/base/status.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 #include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/ottf_test_config.h"
 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
@@ -224,6 +225,9 @@ status_t handle_cryptolib_fi_sym_init(ujson_t *uj) {
 
   /////////////// STUB START ///////////////
   // Add things like versioning.
+
+  // Check the security config of the device.
+  TRY(otcrypto_security_config_check(kOtcryptoKeySecurityLevelHigh));
   /////////////// STUB END ///////////////
 
   return OK_STATUS();

diff --git a/sw/device/tests/penetrationtests/firmware/sca/BUILD b/sw/device/tests/penetrationtests/firmware/sca/BUILD
@@ -32,6 +32,7 @@ cc_library(
         "//sw/device/lib/base:abs_mmio",
         "//sw/device/lib/base:memory",
         "//sw/device/lib/base:status",
+        "//sw/device/lib/crypto/include:crypto_hdrs",
         "//sw/device/lib/dif:rv_core_ibex",
         "//sw/device/lib/runtime:log",
         "//sw/device/lib/testing/test_framework:ujson_ottf",
@@ -51,6 +52,7 @@ cc_library(
         "//sw/device/lib/base:abs_mmio",
         "//sw/device/lib/base:memory",
         "//sw/device/lib/base:status",
+        "//sw/device/lib/crypto/include:crypto_hdrs",
         "//sw/device/lib/dif:rv_core_ibex",
         "//sw/device/lib/runtime:log",
         "//sw/device/lib/testing/test_framework:ujson_ottf",

@@ -6,6 +6,7 @@
 
 #include "sw/device/lib/base/memory.h"
 #include "sw/device/lib/base/status.h"
+#include "sw/device/lib/crypto/include/security_config.h"
 #include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/ottf_test_config.h"
 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
@@ -866,6 +867,9 @@ status_t handle_cryptolib_sca_asym_init(ujson_t *uj) {
 
   /////////////// STUB START ///////////////
   // Add things like versioning.
+
+  // Check the security config of the device.
+  TRY(otcrypto_security_config_check(kOtcryptoKeySecurityLevelHigh));
   /////////////// STUB END ///////////////
 
   return OK_STATUS();