[Cryptech Core] Automatic key zeroisation of keys in keywrap

[Joachim Strömbergson]

Aloha!

I've just added the (untested) functionality to automatically zeroise
the contents of the key memory in keywrap. The zeroisation is controlled
by a timer.

Basically when SW initializes a key, a timer is set. Unless SW uses the
keywrap core to perform any wrap/unwrap operations before the timer
expires, the keywrap core will zeroise the key.

SW can check that the key is loaded by reading the loaded status bit. If
During a wrap/unwrap operation the counter will not decrease. And after
an operation has completed the counter will be reset back to its
starting value.

The default timeout is set to about 10s when the FPGA is clocked at 90
MHz. SW can of course change the timeout as it see fit.


Right now the functionality is implemented in the keywrap core itself.
But we could instead push this functionality into the aes core instead.
This means that any instance of AES for any use of a secret key can be
automatically wiped. Is this something we want?

-- 
Med vänlig hälsning, Yours

Joachim Strömbergson
========================================================================
                               Assured AB
========================================================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cryptech.is/archives/core/attachments/20181207/9afa4669/attachment.sig>