[crypto] Expose hardened_xor function

nasahlpa · nasahlpa · commit 5a650b4aafb7 · 2025-07-17T10:29:04.000+02:00
As this function is useful also outside of keyblob, expose it.

Signed-off-by: Pascal Nasahl &lt;nasahlpa@lowrisc.org&gt;
diff --git a/sw/device/lib/crypto/impl/keyblob.c b/sw/device/lib/crypto/impl/keyblob.c
@@ -210,19 +210,8 @@ status_t keyblob_from_key_and_mask(const uint32_t *key, const uint32_t *mask,
   return keyblob_from_shares(share0, mask, config, keyblob);
 }
 
-/**
- * Combines two word buffers with XOR.
- *
- * Callers should ensure the entropy complex is up before calling this
- * function.  The implementation uses random-order hardening primitives for
- * side-channel defense.
- *
- * @param[in,out] x Pointer to the first operand (modified in-place).
- * @param y Pointer to the second operand.
- * @param word_len Length in words of each operand.
- */
-void hardened_xor(uint32_t *restrict x, const uint32_t *restrict y,
-                  size_t word_len) {
+status_t hardened_xor(uint32_t *restrict x, const uint32_t *restrict y,
+                      size_t word_len) {
   // Generate a random ordering.
   random_order_t order;
   random_order_init(&order, word_len);
@@ -267,6 +256,8 @@ void hardened_xor(uint32_t *restrict x, const uint32_t *restrict y,
   }
   RANDOM_ORDER_HARDENED_CHECK_DONE(order);
   HARDENED_CHECK_EQ(count, expected_count);
+
+  return OTCRYPTO_OK;
 }
 
 status_t keyblob_remask(otcrypto_blinded_key_t *key) {
diff --git a/sw/device/lib/crypto/impl/keyblob.h b/sw/device/lib/crypto/impl/keyblob.h
@@ -24,6 +24,21 @@ enum {
   kKeyblobHwBackedBytes = kKeyblobHwBackedWords * sizeof(uint32_t),
 };
 
+/**
+ * Combines two word buffers with XOR.
+ *
+ * Callers should ensure the entropy complex is up before calling this
+ * function.  The implementation uses random-order hardening primitives for
+ * side-channel defense.
+ *
+ * @param[in,out] x Pointer to the first operand (modified in-place).
+ * @param y Pointer to the second operand.
+ * @param word_len Length in words of each operand.
+ * @return Result of the operation.
+ */
+status_t hardened_xor(uint32_t *restrict x, const uint32_t *restrict y,
+                      size_t word_len);
+
 /**
  * Get the word-length of the full blinded keyblob for a given key length.
  *
