[Cryptech Core] Automatic key zeroisation of keys in keywrap
Joachim Strömbergson
joachim at assured.se
Fri Dec 7 14:45:11 UTC 2018
Aloha!
On 2018-12-07 15:13, Peter Stuge wrote:
> Joachim Strömbergson wrote:
>> SW can check that the key is loaded by reading the loaded status bit. If
>> During a wrap/unwrap operation the counter will not decrease. And after
>> an operation has completed the counter will be reset back to its
>> starting value.
>
> The timer should probably also be set to a lower bound on
> "reading the loaded status bit" - so that there is no race between
> timer and SW using the key after reading the status bit.
Yes, I agree. And I did consider that. Even setting it back to the
timeout value again. This would allow SW to perform keep alive-pings of
the key.
The major issue is implementing this in HW in a good way. the loaded bit
is part of a read only status word. This would change the semantics to
read having side effects. Not a biggie and would only be for this register.
The question is then what a proper lower bound is? Reset back to timeout
is the easiest since it doesn't add another magic number. But would that
be ok?
--
Med vänlig hälsning, Yours
Joachim Strömbergson
========================================================================
Assured AB
========================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cryptech.is/archives/core/attachments/20181207/e7632b26/attachment.sig>
More information about the Core
mailing list