[Cryptech-Commits] [user/js/keywrap] branch auto_zeroise updated: Adding support for SW to keep loaded key alive by reading status. Adding support for SW to trigger zeroisation of a loaded key.
git at cryptech.is
git at cryptech.is
Sun Dec 9 10:30:29 UTC 2018
This is an automated email from the git hooks/post-receive script.
joachim at secworks.se pushed a commit to branch auto_zeroise
in repository user/js/keywrap.
The following commit(s) were added to refs/heads/auto_zeroise by this push:
new 31ccc06 Adding support for SW to keep loaded key alive by reading status. Adding support for SW to trigger zeroisation of a loaded key.
31ccc06 is described below
commit 31ccc060dbd0ba6daa2eedb8911b40603b96a26f
Author: Joachim Strömbergson <joachim at secworks.se>
AuthorDate: Sun Dec 9 11:30:09 2018 +0100
Adding support for SW to keep loaded key alive by reading status. Adding support for SW to trigger zeroisation of a loaded key.
---
src/rtl/keywrap.v | 25 ++++++++++++++++++++++---
src/rtl/keywrap_core.v | 16 +++++++++-------
src/tb/tb_keywrap_core.v | 17 ++++++++++++-----
3 files changed, 43 insertions(+), 15 deletions(-)
diff --git a/src/rtl/keywrap.v b/src/rtl/keywrap.v
index c03e903..02c20fc 100644
--- a/src/rtl/keywrap.v
+++ b/src/rtl/keywrap.v
@@ -72,6 +72,7 @@ module keywrap #(parameter ADDR_BITS = 13)
localparam ADDR_CTRL = 8'h08;
localparam CTRL_INIT_BIT = 0;
localparam CTRL_NEXT_BIT = 1;
+ localparam CTRL_ZEROISE_BIT = 2;
localparam ADDR_STATUS = 8'h09;
localparam STATUS_READY_BIT = 0;
@@ -136,6 +137,12 @@ module keywrap #(parameter ADDR_BITS = 13)
reg [31 : 0] timeout_reg;
reg timeout_we;
+ reg ping_reg;
+ reg ping_new;
+
+ reg zeroise_reg;
+ reg zeroise_new;
+
reg [31 : 0] api_rd_delay_reg;
reg [31 : 0] api_rd_delay_new;
@@ -192,6 +199,8 @@ module keywrap #(parameter ADDR_BITS = 13)
.loaded(core_loaded),
.timeout(timeout_reg),
+ .ping(ping_reg),
+ .zeroise(zeroise_reg),
.rlen(rlen_reg),
@@ -232,6 +241,8 @@ module keywrap #(parameter ADDR_BITS = 13)
a1_reg <= 32'h0;
api_rd_delay_reg <= 32'h0;
timeout_reg <= DEFAULT_TIMEOUT;
+ ping_reg <= 1'h0;
+ zeroise_reg <= 1'h0;
end
else
begin
@@ -240,6 +251,8 @@ module keywrap #(parameter ADDR_BITS = 13)
loaded_reg <= core_loaded;
init_reg <= init_new;
next_reg <= next_new;
+ ping_reg <= ping_new;
+ zeroise_reg <= zeroise_new;
api_rd_delay_reg <= api_rd_delay_new;
if (config_we)
@@ -283,6 +296,8 @@ module keywrap #(parameter ADDR_BITS = 13)
a1_we = 1'h0;
tmp_read_data = 32'h0;
tmp_error = 1'h0;
+ ping_new = 1'h0;
+ zeroise_new = 1'h0;
api_rd_delay_new = 32'h0;
// api_mux
@@ -297,8 +312,9 @@ module keywrap #(parameter ADDR_BITS = 13)
begin
if (address == {{PAD{1'h0}}, ADDR_CTRL})
begin
- init_new = write_data[CTRL_INIT_BIT];
- next_new = write_data[CTRL_NEXT_BIT];
+ init_new = write_data[CTRL_INIT_BIT];
+ next_new = write_data[CTRL_NEXT_BIT];
+ zeroise_new = write_data[CTRL_ZEROISE_BIT];
end
if (address == {{PAD{1'h0}}, ADDR_CONFIG})
@@ -339,7 +355,10 @@ module keywrap #(parameter ADDR_BITS = 13)
api_rd_delay_new = {28'h0, keylen_reg, encdec_reg, next_reg, init_reg};
if (address == {{PAD{1'h0}}, ADDR_STATUS})
- api_rd_delay_new = {29'h0, loaded_reg, valid_reg, ready_reg};
+ begin
+ api_rd_delay_new = {29'h0, loaded_reg, valid_reg, ready_reg};
+ ping_new = 1'h1;
+ end
if (address == {{PAD{1'h0}}, ADDR_TIMEOUT})
api_rd_delay_new = timeout_reg;
diff --git a/src/rtl/keywrap_core.v b/src/rtl/keywrap_core.v
index 5e4173e..41ad531 100644
--- a/src/rtl/keywrap_core.v
+++ b/src/rtl/keywrap_core.v
@@ -54,6 +54,8 @@ module keywrap_core #(parameter MEM_BITS = 11)
output wire loaded,
input wire [31 : 0] timeout,
+ input wire ping,
+ input wire zeroise,
input wire [(MEM_BITS - 2) : 0] rlen,
@@ -150,7 +152,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
wire [127 : 0] aes_result;
reg update_state;
- reg zeroise;
+ reg zero_key;
reg core_we;
reg [(MEM_BITS - 2) : 0] core_addr;
@@ -256,7 +258,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
//----------------------------------------------------------------
always @*
begin : zeroise_mux
- if (zeroise)
+ if (zero_key)
begin
aes_key = 256'h0;
aes_keylen = 1'h1;
@@ -392,7 +394,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
if (key_timeout_ctr_reg == 36'h0)
key_timeout = 1'h1;
- if (key_timeout_ctr_set)
+ if (key_timeout_ctr_set || ping)
begin
key_timeout_ctr_new = {timeout, 4'h0};
key_timeout_ctr_we = 1'h1;
@@ -429,7 +431,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
iteration_ctr_rst = 1'h0;
key_timeout_ctr_set = 1'h0;
key_timeout_ctr_dec = 1'h0;
- zeroise = 1'h0;
+ zero_key = 1'h0;
key_loaded_new = 1'h0;
key_loaded_we = 1'h0;
keywrap_core_ctrl_new = CTRL_IDLE;
@@ -441,10 +443,10 @@ module keywrap_core #(parameter MEM_BITS = 11)
begin
if (key_loaded_reg)
begin
- if (key_timeout)
+ if (key_timeout || zeroise)
begin
aes_init = 1'h1;
- zeroise = 1'h1;
+ zero_key = 1'h1;
ready_new = 1'h0;
ready_we = 1'h1;
valid_new = 1'h0;
@@ -621,7 +623,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
CTRL_ZERO_WAIT:
begin
- zeroise = 1'h1;
+ zero_key = 1'h1;
if (aes_ready)
begin
ready_new = 1'h1;
diff --git a/src/tb/tb_keywrap_core.v b/src/tb/tb_keywrap_core.v
index 1212ad7..7f9c42d 100644
--- a/src/tb/tb_keywrap_core.v
+++ b/src/tb/tb_keywrap_core.v
@@ -69,6 +69,8 @@ module tb_keywrap_core();
wire tb_valid;
wire tb_loaded;
reg [31 : 0] tb_timeout;
+ reg tb_ping;
+ reg tb_zeroise;
reg [(RLEN_BITS - 1) : 0] tb_rlen;
reg [255 : 0] tb_key;
reg tb_keylen;
@@ -97,6 +99,8 @@ module tb_keywrap_core();
.loaded(tb_loaded),
.timeout(tb_timeout),
+ .ping(tb_ping),
+ .zeroise(tb_zeroise),
.rlen(tb_rlen),
.key(tb_key),
@@ -152,14 +156,17 @@ module tb_keywrap_core();
tb_clk = 0;
tb_reset_n = 0;
- tb_init = 0;
- tb_next = 0;
- tb_encdec = 0;
+ tb_init = 1'h0;
+ tb_next = 1'h0;
+ tb_encdec = 1'h0;
tb_rlen = 13'h0;
tb_key = 256'h0;
- tb_keylen = 0;
+ tb_keylen = 1'h0;
+ tb_timeout = 32'hdeadbeef;
+ tb_ping = 1'h0;
+ tb_zeroise = 1'h0;
tb_a_init = 64'h0;
- tb_api_we = 0;
+ tb_api_we = 1'h0;
tb_api_addr = 14'h0;
tb_api_wr_data = 32'h0;
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Commits
mailing list