diff options
| author | Joachim StroĢmbergson <joachim@secworks.se> | 2019-01-08 10:00:42 +0100 |
|---|---|---|
| committer | Joachim StroĢmbergson <joachim@secworks.se> | 2019-01-08 10:00:42 +0100 |
| commit | acd123d903253edbbe6cdeda5757f829ccbbfb3a (patch) | |
| tree | dd8d38f09f9cdd645208e283be97f4bfd6b663f1 | |
| parent | b03f8a27dec3035008128035986e7659649019a5 (diff) | |
Adding the same API hardening to keywrap as implemented for other cores after the Cryptech audit.
| -rw-r--r-- | src/rtl/keywrap.v | 43 |
1 files changed, 23 insertions, 20 deletions
diff --git a/src/rtl/keywrap.v b/src/rtl/keywrap.v index 47c40d6..73a861c 100644 --- a/src/rtl/keywrap.v +++ b/src/rtl/keywrap.v @@ -317,34 +317,37 @@ module keywrap #(parameter ADDR_BITS = 13) begin if (we) begin - if (address == {{PAD{1'h0}}, ADDR_CTRL}) + if (core_ready) begin - init_new = write_data[CTRL_INIT_BIT]; - next_new = write_data[CTRL_NEXT_BIT]; - zeroise_new = write_data[CTRL_ZEROISE_BIT]; - end + if (address == {{PAD{1'h0}}, ADDR_CTRL}) + begin + init_new = write_data[CTRL_INIT_BIT]; + next_new = write_data[CTRL_NEXT_BIT]; + zeroise_new = write_data[CTRL_ZEROISE_BIT]; + end - if (address == {{PAD{1'h0}}, ADDR_CONFIG}) - config_we = 1'h1; + if (address == {{PAD{1'h0}}, ADDR_CONFIG}) + config_we = 1'h1; - if (address == {{PAD{1'h0}}, ADDR_TIMEOUT}) - timeout_we = 1'h1; + if (address == {{PAD{1'h0}}, ADDR_TIMEOUT}) + timeout_we = 1'h1; - if (address == {{PAD{1'h0}}, ADDR_RLEN}) - rlen_we = 1'h1; + if (address == {{PAD{1'h0}}, ADDR_RLEN}) + rlen_we = 1'h1; - if (address == {{PAD{1'h0}}, ADDR_A0}) - a0_we = 1'h1; + if (address == {{PAD{1'h0}}, ADDR_A0}) + a0_we = 1'h1; - if (address == {{PAD{1'h0}}, ADDR_A1}) - a1_we = 1'h1; + if (address == {{PAD{1'h0}}, ADDR_A1}) + a1_we = 1'h1; - if ((address >= {{PAD{1'h0}}, ADDR_KEY0}) && - (address <= {{PAD{1'h0}}, ADDR_KEY7})) - key_we = 1'h1; + if ((address >= {{PAD{1'h0}}, ADDR_KEY0}) && + (address <= {{PAD{1'h0}}, ADDR_KEY7})) + key_we = 1'h1; - if (address[(ADDR_BITS - 1)]) - core_api_we = 1'h1; + if (address[(ADDR_BITS - 1)]) + core_api_we = 1'h1; + end end // if (we) else begin |