[Cryptech Core] Updates after audit

Joachim Strömbergson joachim at assured.se
Tue Oct 23 09:08:14 UTC 2018


Aloha!

I've now updated all the cores I have developed to protect against API
misuse and internal state leakage as suggested by the Cure53 security
audit. I've also gone through all cores and checked that all registers
are being reset. In total I found one (1) register missing. During the
review I also cleaned up the code, fixed nits like missing width
definitions etc.

What I've not implemented is what Cure53 suggested regarding BlockRAM.
The suggestion was to replace BlockRAMs with discrete register, this as
a way to be able to reset the memories in order to ensure that there is
no sensitive information loitering there.

Replacing the BlockRAMs we use is hard (impossible). There simply isn't
enough registers in the FPGA to replace all bits in the BlockRAMs used.
This would also kill the clock frequency due to routing all over the chip.


But even though the proposed solution is infeasible, the issue is still
interesting and imho relevant. I think we should discuss possible other
ways to ensure that sensitive information is wiped when not needed in
the FPGA.

One could add the functionality to a core with BlockRAM that after reset
automatically generates addresses and writes to all addresses.
Additionally such a wipe/cleanup operation could be exposed to SW via
the API. The major change besides the address generator would be to add
a write MUX in front of the BlockRAMs. This will affect timing to some
degree.

The core I have developed that use BlockRAMs is the keywrap core. For
this core an additional MUX as well as an address generator would not be
a problem. Pavel needs to chime in regarding the modexp, EC cores etc
how hard this would be and what the impact on timing would be.


Does this sound like a good idea to pursue?
-- 
Med vänlig hälsning, Yours

Joachim Strömbergson
========================================================================
                               Assured AB
========================================================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cryptech.is/archives/core/attachments/20181023/d0c19fe9/attachment.sig>


More information about the Core mailing list