[Cryptech-Commits] [user/js/keywrap] branch auto_magic updated: Adding support for automatic A-value and RLEN calculation. Adding support for checking that unwrapped data is valid.
git at cryptech.is
git at cryptech.is
Fri Sep 14 13:02:49 UTC 2018
This is an automated email from the git hooks/post-receive script.
joachim at secworks.se pushed a commit to branch auto_magic
in repository user/js/keywrap.
The following commit(s) were added to refs/heads/auto_magic by this push:
new fa3ebe9 Adding support for automatic A-value and RLEN calculation. Adding support for checking that unwrapped data is valid.
fa3ebe9 is described below
commit fa3ebe9f36310af061aba162713676b548555017
Author: Joachim Strömbergson <joachim at secworks.se>
AuthorDate: Fri Sep 14 15:01:59 2018 +0200
Adding support for automatic A-value and RLEN calculation. Adding support for checking that unwrapped data is valid.
---
src/rtl/keywrap.v | 39 ++++++++++++---------------------
src/rtl/keywrap_core.v | 42 +++++++++++++++++++++++++++++------
src/tb/tb_keywrap.v | 57 ++++++++++++++++--------------------------------
src/tb/tb_keywrap_core.v | 8 +++----
4 files changed, 72 insertions(+), 74 deletions(-)
diff --git a/src/rtl/keywrap.v b/src/rtl/keywrap.v
index f8fcbd7..2d241a9 100644
--- a/src/rtl/keywrap.v
+++ b/src/rtl/keywrap.v
@@ -4,17 +4,6 @@
// --------
// Top level wrapper for the KEY WRAP core.
//
-// Since $clog2() is not supported by all tools, and constant
-// functions are not supported by some other tools we need to
-// do the size to number of bits calculation by hand.
-// 8192 bytes = 2048 32 bit words. This requires 11 bits.
-// We need additional space for control and status words. But
-// since we have filled the address space, we need another MSB
-// in the address. Thus ADDR_BITS = 12 bits.
-//
-// 0x000 - 0x7ff are for control and status.
-// 0x800 - 0xfff are for data storage
-//
//
// Author: Joachim Strombergson
// Copyright (c) 2018, NORDUnet A/S
@@ -81,7 +70,7 @@ module keywrap #(parameter ADDR_BITS = 13)
localparam CTRL_ENCDEC_BIT = 0;
localparam CTRL_KEYLEN_BIT = 1;
- localparam ADDR_RLEN = 8'h0c;
+ localparam ADDR_LENGTH = 8'h0c;
localparam ADDR_A0 = 8'h0e;
localparam ADDR_A1 = 8'h0f;
@@ -96,10 +85,10 @@ module keywrap #(parameter ADDR_BITS = 13)
localparam CORE_NAME0 = 32'h6b657920; // "key "
localparam CORE_NAME1 = 32'h77726170; // "wrap"
- localparam CORE_VERSION = 32'h302e3830; // "0.80"
+ localparam CORE_VERSION = 32'h312e3031; // "1.01"
localparam MEM_BITS = ADDR_BITS - 1;
- localparam RLEN_BITS = ADDR_BITS - 2;
+ localparam LEN_BITS = MEM_BITS + 2;
localparam PAD = ADDR_BITS - 8;
@@ -116,8 +105,8 @@ module keywrap #(parameter ADDR_BITS = 13)
reg keylen_reg;
reg config_we;
- reg [(RLEN_BITS - 1) : 0] rlen_reg;
- reg rlen_we;
+ reg [(LEN_BITS - 1) : 0] length_reg;
+ reg length_we;
reg [31 : 0] a0_reg;
reg a0_we;
@@ -180,7 +169,7 @@ module keywrap #(parameter ADDR_BITS = 13)
.ready(core_ready),
.valid(core_valid),
- .rlen(rlen_reg),
+ .length(length_reg),
.key(core_key),
.keylen(keylen_reg),
@@ -211,7 +200,7 @@ module keywrap #(parameter ADDR_BITS = 13)
next_reg <= 1'h0;
encdec_reg <= 1'h0;
keylen_reg <= 1'h0;
- rlen_reg <= {RLEN_BITS{1'h0}};
+ length_reg <= {LEN_BITS{1'h0}};
valid_reg <= 1'h0;
ready_reg <= 1'h0;
a0_reg <= 32'h0;
@@ -232,8 +221,8 @@ module keywrap #(parameter ADDR_BITS = 13)
keylen_reg <= write_data[CTRL_KEYLEN_BIT];
end
- if (rlen_we)
- rlen_reg <= write_data[12 : 0];
+ if (length_we)
+ length_reg <= write_data[(LEN_BITS - 1) : 0];
if (a0_we)
a0_reg <= write_data;
@@ -257,7 +246,7 @@ module keywrap #(parameter ADDR_BITS = 13)
init_new = 1'h0;
next_new = 1'h0;
config_we = 1'h0;
- rlen_we = 1'h0;
+ length_we = 1'h0;
key_we = 1'h0;
core_api_we = 1'h0;
a0_we = 1'h0;
@@ -285,8 +274,8 @@ module keywrap #(parameter ADDR_BITS = 13)
if (address == {{PAD{1'h0}}, ADDR_CONFIG})
config_we = 1'h1;
- if (address == {{PAD{1'h0}}, ADDR_RLEN})
- rlen_we = 1'h1;
+ if (address == {{PAD{1'h0}}, ADDR_LENGTH})
+ length_we = 1'h1;
if (address == {{PAD{1'h0}}, ADDR_A0})
a0_we = 1'h1;
@@ -319,8 +308,8 @@ module keywrap #(parameter ADDR_BITS = 13)
if (address == {{PAD{1'h0}}, ADDR_STATUS})
api_rd_delay_new = {30'h0, valid_reg, ready_reg};
- if (address == {{PAD{1'h0}}, ADDR_RLEN})
- api_rd_delay_new = {19'h0, rlen_reg};
+ if (address == {{PAD{1'h0}}, ADDR_LENGTH})
+ api_rd_delay_new = {{(32 - LEN_BITS){1'h0}}, length_reg};
if (address == {{PAD{1'h0}}, ADDR_A0})
api_rd_delay_new = core_a_result[63 : 32];
diff --git a/src/rtl/keywrap_core.v b/src/rtl/keywrap_core.v
index d1e63b0..469a238 100644
--- a/src/rtl/keywrap_core.v
+++ b/src/rtl/keywrap_core.v
@@ -52,7 +52,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
output wire ready,
output wire valid,
- input wire [(MEM_BITS - 2) : 0] rlen,
+ input wire [(LEN_BITS - 1) : 0] length,
input wire [255 : 0] key,
input wire keylen,
@@ -84,6 +84,10 @@ module keywrap_core #(parameter MEM_BITS = 11)
localparam CTRL_NEXT_UCHECK = 4'h9;
localparam CTRL_NEXT_FINALIZE = 4'ha;
+ localparam LEN_BITS = MEM_BITS + 2;
+
+ localparam AIV = 32'ha65959a6;
+
//----------------------------------------------------------------
// Registers and memories including control signals.
@@ -134,6 +138,8 @@ module keywrap_core #(parameter MEM_BITS = 11)
reg update_state;
+ reg [(MEM_BITS - 1) : 0] rlen;
+
reg core_we;
reg [(MEM_BITS - 2) : 0] core_addr;
reg [63 : 0] core_wr_data;
@@ -238,7 +244,13 @@ module keywrap_core #(parameter MEM_BITS = 11)
core_addr = block_ctr_reg;
core_we = 1'h0;
- xor_val = (rlen * iteration_ctr_reg) + {51'h0, (block_ctr_reg + 1'h1)};
+ // Calculate the correct number of blocks including padding.
+ if (length[1 : 0] === 2'h0)
+ rlen = length[(LEN_BITS - 1) : 3];
+ else
+ rlen = length[(LEN_BITS - 2) : 3] + 1'b1;
+
+ xor_val = (rlen * iteration_ctr_reg) + {52'h0, (block_ctr_reg + 1'h1)};
if (encdec)
aes_block = {a_reg, core_rd_data};
@@ -249,8 +261,11 @@ module keywrap_core #(parameter MEM_BITS = 11)
if (init_a)
begin
- a_new = a_init;
a_we = 1'h1;
+ if (encdec)
+ a_new = {AIV, {{(32 - (MEM_BITS + 2)){1'b0}}, length}};
+ else
+ a_new = a_init;
end
if (update_state)
@@ -510,10 +525,23 @@ module keywrap_core #(parameter MEM_BITS = 11)
CTRL_NEXT_FINALIZE:
begin
- ready_new = 1'h1;
- ready_we = 1'h1;
- valid_new = 1'h1;
- valid_we = 1'h1;
+ ready_new = 1'h1;
+ ready_we = 1'h1;
+
+ if (encdec)
+ begin
+ valid_new = 1'h1;
+ valid_we = 1'h1;
+ end
+ else
+ begin
+ if (a_reg[63 : 32] == AIV)
+ begin
+ valid_new = 1'h1;
+ valid_we = 1'h1;
+ end
+ end
+
keywrap_core_ctrl_new = CTRL_IDLE;
keywrap_core_ctrl_we = 1'h1;
end
diff --git a/src/tb/tb_keywrap.v b/src/tb/tb_keywrap.v
index 4d1c25c..43e03ee 100644
--- a/src/tb/tb_keywrap.v
+++ b/src/tb/tb_keywrap.v
@@ -39,9 +39,9 @@
module tb_keywrap();
- parameter DEBUG = 0;
- parameter DUMP_TOP = 0;
- parameter DUMP_CORE = 0;
+ parameter DEBUG = 1;
+ parameter DUMP_TOP = 1;
+ parameter DUMP_CORE = 1;
parameter CLK_HALF_PERIOD = 1;
parameter CLK_PERIOD = 2 * CLK_HALF_PERIOD;
@@ -67,8 +67,7 @@ module tb_keywrap();
localparam CTRL_ENCDEC_BIT = 0;
localparam CTRL_KEYLEN_BIT = 1;
- localparam ADDR_RLEN = 8'h0c;
- localparam ADDR_R_BANK = 8'h0d;
+ localparam ADDR_LENGTH = 8'h0c;
localparam ADDR_A0 = 8'h0e;
localparam ADDR_A1 = 8'h0f;
@@ -249,10 +248,10 @@ module tb_keywrap();
if (DUMP_TOP)
begin
$display("top level state:");
- $display("init_reg = 0x%x next_reg = 0x%x", dut.init_reg, dut.next_reg);
- $display("endec_reg = 0x%x keylen_reg = 0x%x", dut.encdec_reg, dut.keylen_reg);
- $display("rlen_reg = 0x%08x", dut.rlen_reg);
- $display("a0_reg = 0x%08x a1_reg = 0x%08x", dut.a0_reg, dut.a1_reg);
+ $display("init_reg = 0x%x next_reg = 0x%x", dut.init_reg, dut.next_reg);
+ $display("endec_reg = 0x%x keylen_reg = 0x%x", dut.encdec_reg, dut.keylen_reg);
+ $display("length_reg = 0x%08x", dut.length_reg);
+ $display("a0_reg = 0x%08x a1_reg = 0x%08x", dut.a0_reg, dut.a1_reg);
$display("");
end
@@ -263,6 +262,7 @@ module tb_keywrap();
dut.core.init, dut.core.next, dut.core.ready, dut.core.valid);
$display("api_we = 0x%0x api_addr = 0x%0x api_wr_data = 0x%0x api_rd_data = 0x%0x",
dut.core.api_we, dut.core.api_addr, dut.core.api_wr_data, dut.core.api_rd_data);
+ $display("length = 0x%0x", dut.core.length);
$display("rlen = 0x%0x", dut.core.rlen);
$display("key = 0x%0x", dut.core.key);
$display("a_init = 0x%0x a_result = 0x%0x", dut.core.a_init, dut.core.a_result);
@@ -416,13 +416,6 @@ module tb_keywrap();
wait_ready();
$display("* Init should be done.");
-
- // Set the length or R in blocks.
- // Write the R bank to be written to.
- // Write the R blocks to be processed.
- write_word(ADDR_RLEN, 32'h00000004);
-
-
// Write the data to be wrapped.
write_word(MEM_BASE + 0, 32'h46f87f58);
write_word(MEM_BASE + 1, 32'hcdda4200);
@@ -433,9 +426,8 @@ module tb_keywrap();
write_word(MEM_BASE + 6, 32'h5f37a27d);
write_word(MEM_BASE + 7, 32'h45a28800);
- // Write magic words to A.
- write_word(ADDR_A0, 32'ha65959a6);
- write_word(ADDR_A1, 32'h0000001f);
+ // Set the length of the data before padding.
+ write_word(ADDR_LENGTH, 32'h0000001f);
$display("* Dumping state and mem after data write and A words.");
@@ -523,10 +515,8 @@ module tb_keywrap();
$display("* Init should be done.");
- // Set the length or R in blocks.
- // Write the R bank to be written to.
- // Write the R blocks to be processed.
- write_word(ADDR_RLEN, 32'h00000004);
+ // Set the length before paddfing.
+ write_word(ADDR_LENGTH, 32'h0000001f);
write_word(MEM_BASE + 0, 32'h59a69492);
write_word(MEM_BASE + 1, 32'hbb7e2cd0);
@@ -632,10 +622,8 @@ module tb_keywrap();
$display("* Init should be done.");
- // Set the length or R in blocks.
- // Write the R bank to be written to.
- // Write the R blocks to be processed.
- write_word(ADDR_RLEN, 32'h00000040);
+ // Set the length before padding.
+ write_word(ADDR_LENGTH, 32'h00000200);
write_word(MEM_BASE + 0, 32'h8af887c5);
write_word(MEM_BASE + 1, 32'h8dfbc38e);
@@ -766,10 +754,6 @@ module tb_keywrap();
write_word(MEM_BASE + 126, 32'he2de7f12);
write_word(MEM_BASE + 127, 32'h9b187053);
- // Write magic words to A.
- write_word(ADDR_A0, 32'ha65959a6);
- write_word(ADDR_A1, 32'h00000200);
-
$display("* Contents of memory and dut before wrap processing:");
dump_mem(65);
@@ -859,10 +843,8 @@ module tb_keywrap();
$display("* Init should be done.");
- // Set the length or R in blocks.
- // Write the R bank to be written to.
- // Write the R blocks to be processed.
- write_word(ADDR_RLEN, 32'h00000040);
+ // Set the length before padding.
+ write_word(ADDR_LENGTH, 32'h00000200);
write_word(MEM_BASE + 0, 32'h4501c1ec);
write_word(MEM_BASE + 1, 32'hadc6b5e3);
@@ -1096,7 +1078,7 @@ module tb_keywrap();
// Set the length or R in blocks.
// Write the R bank to be written to.
// Write the R blocks to be processed.
- write_word(ADDR_RLEN, 32'h000007f8);
+ write_word(ADDR_LENGTH, 32'h000007f8);
// Write the data to be wrapped.
@@ -1168,8 +1150,7 @@ module tb_keywrap();
test_kwp_ad_128_1();
test_kwp_ae_128_2();
test_kwp_ad_128_2();
-
- test_big_wrap_256();
+// test_big_wrap_256();
display_test_results();
diff --git a/src/tb/tb_keywrap_core.v b/src/tb/tb_keywrap_core.v
index 17c8f30..2b88b8c 100644
--- a/src/tb/tb_keywrap_core.v
+++ b/src/tb/tb_keywrap_core.v
@@ -48,7 +48,7 @@ module tb_keywrap_core();
parameter CLK_PERIOD = 2 * CLK_HALF_PERIOD;
parameter API_ADDR_BITS = 8;
- parameter RLEN_BITS = API_ADDR_BITS - 1;
+ parameter LEN_BITS = API_ADDR_BITS + 2;
parameter CORE_ADDR_BITS = API_ADDR_BITS - 1;
parameter API_ADDR_MAX = (2 ** API_ADDR_BITS) - 1;
parameter CORE_ADDR_MAX = (2 ** CORE_ADDR_BITS) - 1;
@@ -67,7 +67,7 @@ module tb_keywrap_core();
reg tb_encdec;
wire tb_ready;
wire tb_valid;
- reg [(RLEN_BITS - 1) : 0] tb_rlen;
+ reg [(LEN_BITS - 1) : 0] tb_length;
reg [255 : 0] tb_key;
reg tb_keylen;
reg [63 : 0] tb_a_init;
@@ -93,7 +93,7 @@ module tb_keywrap_core();
.ready(tb_ready),
.valid(tb_valid),
- .rlen(tb_rlen),
+ .length(tb_length),
.key(tb_key),
.keylen(tb_keylen),
@@ -150,7 +150,7 @@ module tb_keywrap_core();
tb_init = 0;
tb_next = 0;
tb_encdec = 0;
- tb_rlen = 13'h0;
+ tb_length = {LEN_BITS{1'h0}};
tb_key = 256'h0;
tb_keylen = 0;
tb_a_init = 64'h0;
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Commits
mailing list