[crypto] Add OTBN DMEM wipes to RSA code

Always wipe the DMEM once the OTBN execution has been finished.

Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>

Author: nasahlpa

sw/device/lib/crypto/impl/rsa/rsa_3072_verify.c

@@ -146,7 +146,8 @@ status_t rsa_3072_compute_constants(const rsa_3072_public_key_t *public_key,
   HARDENED_TRY(
       otbn_dmem_read(kOtbnWideWordNumWords, kOtbnVarRsaM0Inv, result->m0_inv));
 
-  return OTCRYPTO_OK;
+  // Wipe DMEM.
+  return otbn_dmem_sec_wipe();
 }
 
 status_t rsa_3072_verify_start(const rsa_3072_int_t *signature,
@@ -212,7 +213,8 @@ status_t rsa_3072_verify_finalize(const rsa_3072_int_t *message,
     }
   }
 
-  return OTCRYPTO_OK;
+  // Wipe DMEM.
+  return otbn_dmem_sec_wipe();
 }
 
 status_t rsa_3072_verify(const rsa_3072_int_t *signature,

sw/device/lib/crypto/impl/rsa/rsa_keygen.c

@@ -99,9 +99,7 @@ static status_t keygen_finalize(uint32_t exp_mode, size_t num_words,
   HARDENED_TRY(otbn_dmem_read(num_words, kOtbnVarRsaD, d));
 
   // Wipe DMEM.
-  HARDENED_TRY(otbn_dmem_sec_wipe());
-
-  return OTCRYPTO_OK;
+  return otbn_dmem_sec_wipe();
 }
 
 status_t rsa_keygen_2048_start(void) {

sw/device/lib/crypto/impl/rsa/rsa_modexp.c

@@ -72,6 +72,8 @@ status_t rsa_modexp_wait(size_t *num_words) {
   } else if (mode == kMode4096Modexp || mode == kMode4096ModexpF4) {
     *num_words = kRsa4096NumWords;
   } else {
+    // Wipe DMEM.
+    HARDENED_TRY(otbn_dmem_sec_wipe());
     // Unrecognized mode.
     return OTCRYPTO_FATAL_ERR;
   }
@@ -96,6 +98,8 @@ static status_t rsa_modexp_finalize(const size_t num_words, uint32_t *result) {
 
   // Check that the inferred result size matches expectations.
   if (num_words != num_words_inferred) {
+    // Wipe DMEM.
+    HARDENED_TRY(otbn_dmem_sec_wipe());
     return OTCRYPTO_FATAL_ERR;
   }