[Cryptech-Commits] [core/util/keywrap] 95/95: Move keywrap from user/js to core/util.
git at cryptech.is
git at cryptech.is
Wed Mar 25 17:19:34 UTC 2020
This is an automated email from the git hooks/post-receive script.
paul at psgd.org pushed a commit to branch master
in repository core/util/keywrap.
commit 4333178c6a8f467ddacc13ddae0bed588b6bdcf3
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Wed Mar 25 13:14:15 2020 -0400
Move keywrap from user/js to core/util.
Also remove the auto_zeroise code, since that's behaving badly, and it's
not used anyway in the integrate_mkmif branch.
---
README.md | 15 ------
src/rtl/keywrap.v | 55 +---------------------
src/rtl/keywrap_core.v | 123 +------------------------------------------------
3 files changed, 4 insertions(+), 189 deletions(-)
diff --git a/README.md b/README.md
index 29d971e..8420944 100644
--- a/README.md
+++ b/README.md
@@ -53,21 +53,6 @@ perform padding as meeded.
chapter 2.2.2 of RFC 3394.)
-### Auto Zeroise
-The core implements an auto zeroise functionality for secret key. This
-means that any loaded wrapping key will automatically be wiped from all
-registers storing key information after a specified timeout. Timeout
-countdown is halted when the core is performing any wrap/unwrap operation,
-and the timeout is reset to its defined start value after an operation
-has been completed.
-
-SW can set the timout value (in cycles), SW can also inspect the key
-status and timeout status. Reading status also triggers a reset of the
-timeout counter. This allows SW to keep a loaded key alive by simply
-checking status. Finally SW can actively trigger a key zeroisation
-operation.
-
-
## Implementation results
The core has been implemented for Xilinx Artix7-t200 using ISE with the
following results:
diff --git a/src/rtl/keywrap.v b/src/rtl/keywrap.v
index b41f476..2033b23 100644
--- a/src/rtl/keywrap.v
+++ b/src/rtl/keywrap.v
@@ -48,7 +48,7 @@
//
//======================================================================
-module keywrap #(parameter ADDR_BITS = 13)
+module keywrap #(parameter ADDR_BITS = 12)
(
input wire clk,
input wire reset_n,
@@ -72,19 +72,15 @@ module keywrap #(parameter ADDR_BITS = 13)
localparam ADDR_CTRL = 8'h08;
localparam CTRL_INIT_BIT = 0;
localparam CTRL_NEXT_BIT = 1;
- localparam CTRL_ZEROISE_BIT = 2;
localparam ADDR_STATUS = 8'h09;
localparam STATUS_READY_BIT = 0;
localparam STATUS_VALID_BIT = 1;
- localparam STATUS_LOADED_BIT = 2;
localparam ADDR_CONFIG = 8'h0a;
localparam CTRL_ENCDEC_BIT = 0;
localparam CTRL_KEYLEN_BIT = 1;
- localparam ADDR_TIMEOUT = 8'h0b;
-
localparam ADDR_RLEN = 8'h0c;
localparam ADDR_A0 = 8'h0e;
localparam ADDR_A1 = 8'h0f;
@@ -106,8 +102,6 @@ module keywrap #(parameter ADDR_BITS = 13)
localparam RLEN_BITS = ADDR_BITS - 2;
localparam PAD = ADDR_BITS - 8;
- localparam DEFAULT_TIMEOUT = 32'h0400_0000;
-
//----------------------------------------------------------------
// Registers including update variables and write enable.
@@ -134,21 +128,11 @@ module keywrap #(parameter ADDR_BITS = 13)
reg [31 : 0] key_reg [0 : 7];
reg key_we;
- reg [31 : 0] timeout_reg;
- reg timeout_we;
-
- reg ping_reg;
- reg ping_new;
-
- reg zeroise_reg;
- reg zeroise_new;
-
reg [31 : 0] api_rd_delay_reg;
reg [31 : 0] api_rd_delay_new;
reg valid_reg;
reg ready_reg;
- reg loaded_reg;
//----------------------------------------------------------------
@@ -161,12 +145,10 @@ module keywrap #(parameter ADDR_BITS = 13)
wire [(MEM_BITS - 1) : 0] core_api_addr;
wire core_ready;
wire core_valid;
- wire core_loaded;
wire [255 : 0] core_key;
wire [63 : 0] core_a_init;
wire [63 : 0] core_a_result;
wire [31 : 0] core_api_rd_data;
- wire core_timeout;
//----------------------------------------------------------------
@@ -197,12 +179,6 @@ module keywrap #(parameter ADDR_BITS = 13)
.ready(core_ready),
.valid(core_valid),
- .loaded(core_loaded),
-
- .timeout_delay(timeout_reg),
- .ping(ping_reg),
- .zeroise(zeroise_reg),
- .timeout(core_timeout),
.rlen(rlen_reg),
@@ -238,23 +214,16 @@ module keywrap #(parameter ADDR_BITS = 13)
rlen_reg <= {RLEN_BITS{1'h0}};
valid_reg <= 1'h0;
ready_reg <= 1'h0;
- loaded_reg <= 1'h0;
a0_reg <= 32'h0;
a1_reg <= 32'h0;
api_rd_delay_reg <= 32'h0;
- timeout_reg <= DEFAULT_TIMEOUT;
- ping_reg <= 1'h0;
- zeroise_reg <= 1'h0;
end
else
begin
ready_reg <= core_ready;
valid_reg <= core_valid;
- loaded_reg <= core_loaded;
init_reg <= init_new;
next_reg <= next_new;
- ping_reg <= ping_new;
- zeroise_reg <= zeroise_new;
api_rd_delay_reg <= api_rd_delay_new;
if (config_we)
@@ -272,17 +241,8 @@ module keywrap #(parameter ADDR_BITS = 13)
if (a1_we)
a1_reg <= write_data;
- if (zeroise_reg || core_timeout)
- begin
- for (i = 0 ; i < 8 ; i = i + 1)
- key_reg[i] <= 32'h0;
- end
-
if (key_we)
key_reg[address[2 : 0]] <= write_data;
-
- if (timeout_we)
- timeout_reg <= write_data;
end
end // reg_update
@@ -304,9 +264,6 @@ module keywrap #(parameter ADDR_BITS = 13)
a1_we = 1'h0;
tmp_read_data = 32'h0;
tmp_error = 1'h0;
- timeout_we = 1'h0;
- ping_new = 1'h0;
- zeroise_new = 1'h0;
api_rd_delay_new = 32'h0;
// api_mux
@@ -325,15 +282,11 @@ module keywrap #(parameter ADDR_BITS = 13)
begin
init_new = write_data[CTRL_INIT_BIT];
next_new = write_data[CTRL_NEXT_BIT];
- zeroise_new = write_data[CTRL_ZEROISE_BIT];
end
if (address == {{PAD{1'h0}}, ADDR_CONFIG})
config_we = 1'h1;
- if (address == {{PAD{1'h0}}, ADDR_TIMEOUT})
- timeout_we = 1'h1;
-
if (address == {{PAD{1'h0}}, ADDR_RLEN})
rlen_we = 1'h1;
@@ -368,13 +321,9 @@ module keywrap #(parameter ADDR_BITS = 13)
if (address == {{PAD{1'h0}}, ADDR_STATUS})
begin
- api_rd_delay_new = {29'h0, loaded_reg, valid_reg, ready_reg};
- ping_new = 1'h1;
+ api_rd_delay_new = {30'h0, valid_reg, ready_reg};
end
- if (address == {{PAD{1'h0}}, ADDR_TIMEOUT})
- api_rd_delay_new = timeout_reg;
-
if (address == {{PAD{1'h0}}, ADDR_RLEN})
api_rd_delay_new = {{(32 - RLEN_BITS){1'h0}}, rlen_reg};
diff --git a/src/rtl/keywrap_core.v b/src/rtl/keywrap_core.v
index 0354475..b3e17f6 100644
--- a/src/rtl/keywrap_core.v
+++ b/src/rtl/keywrap_core.v
@@ -4,7 +4,6 @@
// --------------
// Core that tries to implement AES KEY WRAP as specified in
// RFC 3394 and extended with padding in RFC 5649.
-// Experimental core at the moment. Does Not Work.
// The maximum wrap object size is 64 kByte.
//
//
@@ -51,12 +50,6 @@ module keywrap_core #(parameter MEM_BITS = 11)
output wire ready,
output wire valid,
- output wire loaded,
-
- input wire [31 : 0] timeout_delay,
- input wire ping,
- input wire zeroise,
- output wire timeout,
input wire [(MEM_BITS - 2) : 0] rlen,
@@ -89,9 +82,6 @@ module keywrap_core #(parameter MEM_BITS = 11)
localparam CTRL_NEXT_WCHECK = 4'h8;
localparam CTRL_NEXT_UCHECK = 4'h9;
localparam CTRL_NEXT_FINALIZE = 4'ha;
- localparam CTRL_ZERO_WAIT = 4'hb;
-
- localparam DEFAULT_TIMEOUT = 32'h0400_0000;
//----------------------------------------------------------------
@@ -126,17 +116,6 @@ module keywrap_core #(parameter MEM_BITS = 11)
reg iteration_ctr_set;
reg iteration_ctr_rst;
- reg [31 : 0] key_timeout_ctr_reg;
- reg [31 : 0] key_timeout_ctr_new;
- reg key_timeout_ctr_we;
- reg key_timeout_ctr_set;
- reg key_timeout_ctr_dec;
- reg key_timeout;
-
- reg key_loaded_reg;
- reg key_loaded_new;
- reg key_loaded_we;
-
reg [3 : 0] keywrap_core_ctrl_reg;
reg [3 : 0] keywrap_core_ctrl_new;
reg keywrap_core_ctrl_we;
@@ -149,13 +128,10 @@ module keywrap_core #(parameter MEM_BITS = 11)
reg aes_next;
wire aes_ready;
wire aes_valid;
- reg [255 : 0] aes_key;
- reg aes_keylen;
reg [127 : 0] aes_block;
wire [127 : 0] aes_result;
reg update_state;
- reg zero_key;
reg core_we;
reg [(MEM_BITS - 2) : 0] core_addr;
@@ -190,8 +166,8 @@ module keywrap_core #(parameter MEM_BITS = 11)
.init(aes_init),
.next(aes_next),
- .key(aes_key),
- .keylen(aes_keylen),
+ .key(key),
+ .keylen(keylen),
.block(aes_block),
@@ -207,8 +183,6 @@ module keywrap_core #(parameter MEM_BITS = 11)
assign a_result = a_reg;
assign ready = ready_reg;
assign valid = valid_reg;
- assign loaded = key_loaded_reg;
- assign timeout = key_timeout;
//----------------------------------------------------------------
@@ -221,10 +195,8 @@ module keywrap_core #(parameter MEM_BITS = 11)
a_reg <= 64'h0;
ready_reg <= 1'h1;
valid_reg <= 1'h0;
- key_loaded_reg <= 1'h0;
block_ctr_reg <= {(MEM_BITS - 1){1'h0}};
iteration_ctr_reg <= 3'h0;
- key_timeout_ctr_reg <= DEFAULT_TIMEOUT;
keywrap_core_ctrl_reg <= CTRL_IDLE;
end
@@ -245,36 +217,12 @@ module keywrap_core #(parameter MEM_BITS = 11)
if (iteration_ctr_we)
iteration_ctr_reg <= iteration_ctr_new;
- if (key_timeout_ctr_we)
- key_timeout_ctr_reg <= key_timeout_ctr_new;
-
- if (key_loaded_we)
- key_loaded_reg <= key_loaded_new;
-
if (keywrap_core_ctrl_we)
keywrap_core_ctrl_reg <= keywrap_core_ctrl_new;
end
end // reg_update
- //----------------------------------------------------------------
- // zeroise_mux
- //----------------------------------------------------------------
- always @*
- begin : zeroise_mux
- if (zero_key)
- begin
- aes_key = 256'h0;
- aes_keylen = 1'h1;
- end
- else
- begin
- aes_key = key;
- aes_keylen = keylen;
- end
- end
-
-
//----------------------------------------------------------------
// keywrap_logic
//
@@ -386,31 +334,6 @@ module keywrap_core #(parameter MEM_BITS = 11)
end
- //----------------------------------------------------------------
- // key_timeout_ctr
- //----------------------------------------------------------------
- always @*
- begin : key_timeout_ctr
- key_timeout_ctr_new = 32'h0;
- key_timeout_ctr_we = 1'h0;
- key_timeout = 1'h0;
-
- if (key_timeout_ctr_reg == 32'h0)
- key_timeout = 1'h1;
-
- if (key_timeout_ctr_set || ping)
- begin
- key_timeout_ctr_new = timeout_delay;
- key_timeout_ctr_we = 1'h1;
- end
- else if (key_timeout_ctr_dec)
- begin
- key_timeout_ctr_new = key_timeout_ctr_reg - 1'h1;
- key_timeout_ctr_we = 1'h1;
- end
- end
-
-
//----------------------------------------------------------------
// keywrap_core_ctrl
//----------------------------------------------------------------
@@ -432,11 +355,6 @@ module keywrap_core #(parameter MEM_BITS = 11)
iteration_ctr_dec = 1'h0;
iteration_ctr_set = 1'h0;
iteration_ctr_rst = 1'h0;
- key_timeout_ctr_set = 1'h0;
- key_timeout_ctr_dec = 1'h0;
- zero_key = 1'h0;
- key_loaded_new = 1'h0;
- key_loaded_we = 1'h0;
keywrap_core_ctrl_new = CTRL_IDLE;
keywrap_core_ctrl_we = 1'h0;
@@ -444,25 +362,6 @@ module keywrap_core #(parameter MEM_BITS = 11)
case (keywrap_core_ctrl_reg)
CTRL_IDLE:
begin
- if (key_loaded_reg)
- begin
- if (key_timeout || zeroise)
- begin
- aes_init = 1'h1;
- zero_key = 1'h1;
- ready_new = 1'h0;
- ready_we = 1'h1;
- valid_new = 1'h0;
- valid_we = 1'h1;
- keywrap_core_ctrl_new = CTRL_ZERO_WAIT;
- keywrap_core_ctrl_we = 1'h1;
- end
- else
- begin
- key_timeout_ctr_dec = 1'h1;
- end
- end
-
if (init)
begin
aes_init = 1'h1;
@@ -496,9 +395,6 @@ module keywrap_core #(parameter MEM_BITS = 11)
begin
ready_new = 1'h1;
ready_we = 1'h1;
- key_loaded_new = 1'h1;
- key_loaded_we = 1'h1;
- key_timeout_ctr_set = 1'h1;
keywrap_core_ctrl_new = CTRL_IDLE;
keywrap_core_ctrl_we = 1'h1;
end
@@ -616,26 +512,11 @@ module keywrap_core #(parameter MEM_BITS = 11)
ready_we = 1'h1;
valid_new = 1'h1;
valid_we = 1'h1;
- key_timeout_ctr_set = 1'h1;
keywrap_core_ctrl_new = CTRL_IDLE;
keywrap_core_ctrl_we = 1'h1;
end
- CTRL_ZERO_WAIT:
- begin
- zero_key = 1'h1;
- if (aes_ready)
- begin
- key_loaded_new = 1'h0;
- key_loaded_we = 1'h1;
- ready_new = 1'h1;
- ready_we = 1'h1;
- keywrap_core_ctrl_new = CTRL_IDLE;
- keywrap_core_ctrl_we = 1'h1;
- end
- end
-
default:
begin
More information about the Commits
mailing list