diff options
author | Joachim StroĢmbergson <joachim@secworks.se> | 2018-12-07 13:27:36 +0100 |
---|---|---|
committer | Joachim StroĢmbergson <joachim@secworks.se> | 2018-12-07 13:27:36 +0100 |
commit | f1e48a9e98fdf99a1bb4acede331b0cc6be45863 (patch) | |
tree | 21b15568ad43d81855a3ea688f822087c8979080 /src | |
parent | 1304440b303fd4d9b135f364e4b9ce0dd923097e (diff) |
Adding untested code to implement timer controlled automatic zeroisation of key loaded into the aes core.
Diffstat (limited to 'src')
-rw-r--r-- | src/rtl/keywrap_core.v | 156 |
1 files changed, 133 insertions, 23 deletions
diff --git a/src/rtl/keywrap_core.v b/src/rtl/keywrap_core.v index b16e05d..5e4173e 100644 --- a/src/rtl/keywrap_core.v +++ b/src/rtl/keywrap_core.v @@ -86,6 +86,7 @@ module keywrap_core #(parameter MEM_BITS = 11) localparam CTRL_NEXT_WCHECK = 4'h8; localparam CTRL_NEXT_UCHECK = 4'h9; localparam CTRL_NEXT_FINALIZE = 4'ha; + localparam CTRL_ZERO_WAIT = 4'hb; //---------------------------------------------------------------- @@ -120,6 +121,17 @@ module keywrap_core #(parameter MEM_BITS = 11) reg iteration_ctr_set; reg iteration_ctr_rst; + reg [35 : 0] key_timeout_ctr_reg; + reg [35 : 0] key_timeout_ctr_new; + reg key_timeout_ctr_we; + reg key_timeout_ctr_set; + reg key_timeout_ctr_dec; + reg key_timeout; + + reg key_loaded_reg; + reg key_loaded_new; + reg key_loaded_we; + reg [3 : 0] keywrap_core_ctrl_reg; reg [3 : 0] keywrap_core_ctrl_new; reg keywrap_core_ctrl_we; @@ -132,10 +144,13 @@ module keywrap_core #(parameter MEM_BITS = 11) reg aes_next; wire aes_ready; wire aes_valid; + reg [255 : 0] aes_key; + reg aes_keylen; reg [127 : 0] aes_block; wire [127 : 0] aes_result; reg update_state; + reg zeroise; reg core_we; reg [(MEM_BITS - 2) : 0] core_addr; @@ -170,8 +185,8 @@ module keywrap_core #(parameter MEM_BITS = 11) .init(aes_init), .next(aes_next), - .key(key), - .keylen(keylen), + .key(aes_key), + .keylen(aes_keylen), .block(aes_block), @@ -187,6 +202,7 @@ module keywrap_core #(parameter MEM_BITS = 11) assign a_result = a_reg; assign ready = ready_reg; assign valid = valid_reg; + assign loaded = key_loaded_reg; //---------------------------------------------------------------- @@ -201,6 +217,8 @@ module keywrap_core #(parameter MEM_BITS = 11) valid_reg <= 1'h1; block_ctr_reg <= {(MEM_BITS - 1){1'h0}}; iteration_ctr_reg <= 3'h0; + key_timeout_ctr_reg <= 36'h0; + key_loaded_reg <= 1'h0; keywrap_core_ctrl_reg <= CTRL_IDLE; end @@ -221,6 +239,12 @@ module keywrap_core #(parameter MEM_BITS = 11) if (iteration_ctr_we) iteration_ctr_reg <= iteration_ctr_new; + if (key_timeout_ctr_we) + key_timeout_ctr_reg <= key_timeout_ctr_new; + + if (key_loaded_we) + key_loaded_reg <= key_loaded_new; + if (keywrap_core_ctrl_we) keywrap_core_ctrl_reg <= keywrap_core_ctrl_new; end @@ -228,6 +252,24 @@ module keywrap_core #(parameter MEM_BITS = 11) //---------------------------------------------------------------- + // zeroise_mux + //---------------------------------------------------------------- + always @* + begin : zeroise_mux + if (zeroise) + begin + aes_key = 256'h0; + aes_keylen = 1'h1; + end + else + begin + aes_key = key; + aes_keylen = keylen; + end + end + + + //---------------------------------------------------------------- // keywrap_logic // // Main logic for the key wrap functionality. @@ -339,6 +381,32 @@ module keywrap_core #(parameter MEM_BITS = 11) //---------------------------------------------------------------- + // key_timeout_ctr + //---------------------------------------------------------------- + always @* + begin : key_timeout_ctr + key_timeout_ctr_new = 36'h0; + key_timeout_ctr_we = 1'h0; + key_timeout = 1'h0; + + if (key_timeout_ctr_reg == 36'h0) + key_timeout = 1'h1; + + if (key_timeout_ctr_set) + begin + key_timeout_ctr_new = {timeout, 4'h0}; + key_timeout_ctr_we = 1'h1; + end + + if (key_timeout_ctr_dec) + begin + key_timeout_ctr_new = key_timeout_ctr_reg - 1'h1; + key_timeout_ctr_we = 1'h1; + end + end + + + //---------------------------------------------------------------- // keywrap_core_ctrl //---------------------------------------------------------------- always @* @@ -359,6 +427,11 @@ module keywrap_core #(parameter MEM_BITS = 11) iteration_ctr_dec = 1'h0; iteration_ctr_set = 1'h0; iteration_ctr_rst = 1'h0; + key_timeout_ctr_set = 1'h0; + key_timeout_ctr_dec = 1'h0; + zeroise = 1'h0; + key_loaded_new = 1'h0; + key_loaded_we = 1'h0; keywrap_core_ctrl_new = CTRL_IDLE; keywrap_core_ctrl_we = 1'h0; @@ -366,30 +439,50 @@ module keywrap_core #(parameter MEM_BITS = 11) case (keywrap_core_ctrl_reg) CTRL_IDLE: begin - if (init) + if (key_loaded_reg) begin - aes_init = 1'h1; - ready_new = 1'h0; - ready_we = 1'h1; - valid_new = 1'h0; - valid_we = 1'h1; - keywrap_core_ctrl_new = CTRL_INIT_WAIT; - keywrap_core_ctrl_we = 1'h1; + if (key_timeout) + begin + aes_init = 1'h1; + zeroise = 1'h1; + ready_new = 1'h0; + ready_we = 1'h1; + valid_new = 1'h0; + valid_we = 1'h1; + keywrap_core_ctrl_new = CTRL_ZERO_WAIT; + keywrap_core_ctrl_we = 1'h0; + end + else + begin + key_timeout_ctr_dec = 1'h1; + end end - - if (next) + else begin - ready_new = 1'h0; - ready_we = 1'h1; - valid_new = 1'h0; - valid_we = 1'h1; - init_a = 1'h1; - - if (encdec) - keywrap_core_ctrl_new = CTRL_NEXT_WSTART; - else - keywrap_core_ctrl_new = CTRL_NEXT_USTART; - keywrap_core_ctrl_we = 1'h1; + if (init) + begin + aes_init = 1'h1; + ready_new = 1'h0; + ready_we = 1'h1; + valid_new = 1'h0; + valid_we = 1'h1; + keywrap_core_ctrl_new = CTRL_INIT_WAIT; + keywrap_core_ctrl_we = 1'h1; + end + + if (next) + begin + ready_new = 1'h0; + ready_we = 1'h1; + valid_new = 1'h0; + valid_we = 1'h1; + init_a = 1'h1; + if (encdec) + keywrap_core_ctrl_new = CTRL_NEXT_WSTART; + else + keywrap_core_ctrl_new = CTRL_NEXT_USTART; + keywrap_core_ctrl_we = 1'h1; + end end end @@ -400,6 +493,9 @@ module keywrap_core #(parameter MEM_BITS = 11) begin ready_new = 1'h1; ready_we = 1'h1; + key_loaded_new = 1'h1; + key_loaded_we = 1'h1; + key_timeout_ctr_set = 1'h1; keywrap_core_ctrl_new = CTRL_IDLE; keywrap_core_ctrl_we = 1'h1; end @@ -517,10 +613,24 @@ module keywrap_core #(parameter MEM_BITS = 11) ready_we = 1'h1; valid_new = 1'h1; valid_we = 1'h1; + key_timeout_ctr_set = 1'h1; keywrap_core_ctrl_new = CTRL_IDLE; keywrap_core_ctrl_we = 1'h1; end + + CTRL_ZERO_WAIT: + begin + zeroise = 1'h1; + if (aes_ready) + begin + ready_new = 1'h1; + ready_we = 1'h1; + keywrap_core_ctrl_new = CTRL_IDLE; + keywrap_core_ctrl_we = 1'h1; + end + end + default: begin |