From cffcf190468b372be947cce7c6c95687570ccce1 Mon Sep 17 00:00:00 2001
From: Pirmin Vogel <vogelpi@lowrisc.org>
Date: Fri, 7 Feb 2025 12:16:03 +0100
Subject: [PATCH] [aes/rtl] Use the unmasked cipher core output for clearing
 GHASH state

When clearing the GHASH state, the unmasked cipher core output is always
random. Also, this commit ensures that during the final clearing
following the generation of the final authentication tag the two
multipliers actually get to see a non-zero data input.

Signed-off-by: Pirmin Vogel <vogelpi@lowrisc.org>
---
 hw/ip/aes/rtl/aes_ghash.sv | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/hw/ip/aes/rtl/aes_ghash.sv b/hw/ip/aes/rtl/aes_ghash.sv
index aaba5c3853a6f..ac835a1f32f87 100644
--- a/hw/ip/aes/rtl/aes_ghash.sv
+++ b/hw/ip/aes/rtl/aes_ghash.sv
@@ -661,12 +661,10 @@ module aes_ghash
         in_ready_o = SP2V_HIGH;
         if (in_valid_i == SP2V_HIGH) begin
           if (clear_i) begin
-            // Clearing has highest priority. In case of the masked implementation, we clear the
-            // state using the initial state (the cipher core output, for which both shares are
-            // random at this point). For the unmasked implementation, we use the unmasked cipher
-            // core output.
+            // Clearing has highest priority. We clear the state using the unmasked cipher core
+            // output which is randomized at this point.
             s_we              = SP2V_HIGH;
-            ghash_state_sel   = SecMasking ? GHASH_STATE_INIT : GHASH_STATE_ADD;
+            ghash_state_sel   = GHASH_STATE_ADD;
             ghash_state_we[0] = SP2V_HIGH;
             ghash_state_we[1] = SP2V_HIGH;
             hash_subkey_we    = SP2V_HIGH;
@@ -677,7 +675,7 @@ module aes_ghash
             // This can be done by using the multipliers.
             if (SecMasking) begin
               gf_mult0_en_d     = 1'b1;
-              gf_mult1_in_sel_d = MULT_IN_STATE0;
+              gf_mult1_in_sel_d = MULT_IN_STATE1;
               aes_ghash_ns      = GHASH_MASKED_INIT;
             end
 
@@ -781,6 +779,9 @@ module aes_ghash
         // 2.  S0 * H1
         //
         // S0 and S1 have been loaded into the GHASH state registers previsously.
+        //
+        // This state is also used as part of the clearing sequence. Then, we multiply each state
+        // share by the corresponding share of the cleared hash subkey.
         gf_mult_req = 2'b11;
         if (gf_mult_ack_pre[0]) begin
           corr0_en_d = 1'b1;
@@ -925,11 +926,20 @@ module aes_ghash
         if (out_ready_i == SP2V_HIGH) begin
           add_s_en_d        = 1'b0;
           s_we              = SP2V_HIGH;
-          ghash_state_sel   = SecMasking ? GHASH_STATE_INIT : GHASH_STATE_ADD;
+          ghash_state_sel   = GHASH_STATE_ADD;
           ghash_state_we[0] = SP2V_HIGH;
           ghash_state_we[1] = SP2V_HIGH;
           hash_subkey_we    = SP2V_HIGH;
-          aes_ghash_ns      = SecMasking ? GHASH_MASKED_INIT : GHASH_IDLE;
+
+          // In case of the masked implementation, also the correction terms need to be cleared.
+          // This can be done by using the multipliers.
+          if (SecMasking) begin
+            gf_mult0_en_d     = 1'b1;
+            gf_mult1_in_sel_d = MULT_IN_STATE1;
+            aes_ghash_ns      = GHASH_MASKED_INIT;
+          end else begin
+            aes_ghash_ns      = GHASH_IDLE;
+          end
         end
       end