Adding support for SW to keep loaded key alive by reading status. Adding support for SW to trigger zeroisation of a loaded key.

author: Joachim Strömbergson <joachim@secworks.se> 2018-12-09 11:30:09 +0100
committer: Joachim Strömbergson <joachim@secworks.se> 2018-12-09 11:30:09 +0100
commit: 31ccc060dbd0ba6daa2eedb8911b40603b96a26f (patch)
tree: 465b6e56c52570a267201c02d93461eb8ec0bebd /src/rtl/keywrap_core.v
parent: 2841e92b6bf076365c6401e08b249105fccc7b84 (diff)
1 files changed, 9 insertions, 7 deletions
diff --git a/src/rtl/keywrap_core.v b/src/rtl/keywrap_core.v
index 5e4173e..41ad531 100644
--- a/src/rtl/keywrap_core.v
+++ b/src/rtl/keywrap_core.v
@@ -54,6 +54,8 @@ module keywrap_core #(parameter MEM_BITS = 11)
                      output wire                      loaded,
 
                      input wire [31 : 0]              timeout,
+                     input wire                       ping,
+                     input wire                       zeroise,
 
                      input wire [(MEM_BITS - 2) : 0]  rlen,
 
@@ -150,7 +152,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
   wire [127 : 0] aes_result;
 
   reg            update_state;
-  reg            zeroise;
+  reg            zero_key;
 
   reg                      core_we;
   reg [(MEM_BITS - 2) : 0] core_addr;
@@ -256,7 +258,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
   //----------------------------------------------------------------
   always @*
     begin : zeroise_mux
-      if (zeroise)
+      if (zero_key)
         begin
           aes_key    = 256'h0;
           aes_keylen = 1'h1;
@@ -392,7 +394,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
       if (key_timeout_ctr_reg == 36'h0)
         key_timeout = 1'h1;
 
-      if (key_timeout_ctr_set)
+      if (key_timeout_ctr_set || ping)
         begin
           key_timeout_ctr_new = {timeout, 4'h0};
           key_timeout_ctr_we  = 1'h1;
@@ -429,7 +431,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
       iteration_ctr_rst     = 1'h0;
       key_timeout_ctr_set   = 1'h0;
       key_timeout_ctr_dec   = 1'h0;
-      zeroise               = 1'h0;
+      zero_key              = 1'h0;
       key_loaded_new        = 1'h0;
       key_loaded_we         = 1'h0;
       keywrap_core_ctrl_new = CTRL_IDLE;
@@ -441,10 +443,10 @@ module keywrap_core #(parameter MEM_BITS = 11)
           begin
             if (key_loaded_reg)
               begin
-                if (key_timeout)
+                if (key_timeout || zeroise)
                   begin
                     aes_init              = 1'h1;
-                    zeroise               = 1'h1;
+                    zero_key              = 1'h1;
                     ready_new             = 1'h0;
                     ready_we              = 1'h1;
                     valid_new             = 1'h0;
@@ -621,7 +623,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
 
         CTRL_ZERO_WAIT:
           begin
-            zeroise = 1'h1;
+            zero_key = 1'h1;
             if (aes_ready)
               begin
                 ready_new             = 1'h1;
author	Joachim Strömbergson <joachim@secworks.se>	2018-12-09 11:30:09 +0100
committer	Joachim Strömbergson <joachim@secworks.se>	2018-12-09 11:30:09 +0100
commit	31ccc060dbd0ba6daa2eedb8911b40603b96a26f (patch)
tree	465b6e56c52570a267201c02d93461eb8ec0bebd /src/rtl/keywrap_core.v
parent	2841e92b6bf076365c6401e08b249105fccc7b84 (diff)