From 4333178c6a8f467ddacc13ddae0bed588b6bdcf3 Mon Sep 17 00:00:00 2001 From: Paul Selkirk Date: Wed, 25 Mar 2020 13:14:15 -0400 Subject: Move keywrap from user/js to core/util. Also remove the auto_zeroise code, since that's behaving badly, and it's not used anyway in the integrate_mkmif branch. --- README.md | 15 ------ src/rtl/keywrap.v | 55 +--------------------- src/rtl/keywrap_core.v | 123 +------------------------------------------------ 3 files changed, 4 insertions(+), 189 deletions(-) diff --git a/README.md b/README.md index 29d971e..8420944 100644 --- a/README.md +++ b/README.md @@ -53,21 +53,6 @@ perform padding as meeded. chapter 2.2.2 of RFC 3394.) -### Auto Zeroise -The core implements an auto zeroise functionality for secret key. This -means that any loaded wrapping key will automatically be wiped from all -registers storing key information after a specified timeout. Timeout -countdown is halted when the core is performing any wrap/unwrap operation, -and the timeout is reset to its defined start value after an operation -has been completed. - -SW can set the timout value (in cycles), SW can also inspect the key -status and timeout status. Reading status also triggers a reset of the -timeout counter. This allows SW to keep a loaded key alive by simply -checking status. Finally SW can actively trigger a key zeroisation -operation. - - ## Implementation results The core has been implemented for Xilinx Artix7-t200 using ISE with the following results: diff --git a/src/rtl/keywrap.v b/src/rtl/keywrap.v index b41f476..2033b23 100644 --- a/src/rtl/keywrap.v +++ b/src/rtl/keywrap.v @@ -48,7 +48,7 @@ // //====================================================================== -module keywrap #(parameter ADDR_BITS = 13) +module keywrap #(parameter ADDR_BITS = 12) ( input wire clk, input wire reset_n, @@ -72,19 +72,15 @@ module keywrap #(parameter ADDR_BITS = 13) localparam ADDR_CTRL = 8'h08; localparam CTRL_INIT_BIT = 0; localparam CTRL_NEXT_BIT = 1; - localparam CTRL_ZEROISE_BIT = 2; localparam ADDR_STATUS = 8'h09; localparam STATUS_READY_BIT = 0; localparam STATUS_VALID_BIT = 1; - localparam STATUS_LOADED_BIT = 2; localparam ADDR_CONFIG = 8'h0a; localparam CTRL_ENCDEC_BIT = 0; localparam CTRL_KEYLEN_BIT = 1; - localparam ADDR_TIMEOUT = 8'h0b; - localparam ADDR_RLEN = 8'h0c; localparam ADDR_A0 = 8'h0e; localparam ADDR_A1 = 8'h0f; @@ -106,8 +102,6 @@ module keywrap #(parameter ADDR_BITS = 13) localparam RLEN_BITS = ADDR_BITS - 2; localparam PAD = ADDR_BITS - 8; - localparam DEFAULT_TIMEOUT = 32'h0400_0000; - //---------------------------------------------------------------- // Registers including update variables and write enable. @@ -134,21 +128,11 @@ module keywrap #(parameter ADDR_BITS = 13) reg [31 : 0] key_reg [0 : 7]; reg key_we; - reg [31 : 0] timeout_reg; - reg timeout_we; - - reg ping_reg; - reg ping_new; - - reg zeroise_reg; - reg zeroise_new; - reg [31 : 0] api_rd_delay_reg; reg [31 : 0] api_rd_delay_new; reg valid_reg; reg ready_reg; - reg loaded_reg; //---------------------------------------------------------------- @@ -161,12 +145,10 @@ module keywrap #(parameter ADDR_BITS = 13) wire [(MEM_BITS - 1) : 0] core_api_addr; wire core_ready; wire core_valid; - wire core_loaded; wire [255 : 0] core_key; wire [63 : 0] core_a_init; wire [63 : 0] core_a_result; wire [31 : 0] core_api_rd_data; - wire core_timeout; //---------------------------------------------------------------- @@ -197,12 +179,6 @@ module keywrap #(parameter ADDR_BITS = 13) .ready(core_ready), .valid(core_valid), - .loaded(core_loaded), - - .timeout_delay(timeout_reg), - .ping(ping_reg), - .zeroise(zeroise_reg), - .timeout(core_timeout), .rlen(rlen_reg), @@ -238,23 +214,16 @@ module keywrap #(parameter ADDR_BITS = 13) rlen_reg <= {RLEN_BITS{1'h0}}; valid_reg <= 1'h0; ready_reg <= 1'h0; - loaded_reg <= 1'h0; a0_reg <= 32'h0; a1_reg <= 32'h0; api_rd_delay_reg <= 32'h0; - timeout_reg <= DEFAULT_TIMEOUT; - ping_reg <= 1'h0; - zeroise_reg <= 1'h0; end else begin ready_reg <= core_ready; valid_reg <= core_valid; - loaded_reg <= core_loaded; init_reg <= init_new; next_reg <= next_new; - ping_reg <= ping_new; - zeroise_reg <= zeroise_new; api_rd_delay_reg <= api_rd_delay_new; if (config_we) @@ -272,17 +241,8 @@ module keywrap #(parameter ADDR_BITS = 13) if (a1_we) a1_reg <= write_data; - if (zeroise_reg || core_timeout) - begin - for (i = 0 ; i < 8 ; i = i + 1) - key_reg[i] <= 32'h0; - end - if (key_we) key_reg[address[2 : 0]] <= write_data; - - if (timeout_we) - timeout_reg <= write_data; end end // reg_update @@ -304,9 +264,6 @@ module keywrap #(parameter ADDR_BITS = 13) a1_we = 1'h0; tmp_read_data = 32'h0; tmp_error = 1'h0; - timeout_we = 1'h0; - ping_new = 1'h0; - zeroise_new = 1'h0; api_rd_delay_new = 32'h0; // api_mux @@ -325,15 +282,11 @@ module keywrap #(parameter ADDR_BITS = 13) begin init_new = write_data[CTRL_INIT_BIT]; next_new = write_data[CTRL_NEXT_BIT]; - zeroise_new = write_data[CTRL_ZEROISE_BIT]; end if (address == {{PAD{1'h0}}, ADDR_CONFIG}) config_we = 1'h1; - if (address == {{PAD{1'h0}}, ADDR_TIMEOUT}) - timeout_we = 1'h1; - if (address == {{PAD{1'h0}}, ADDR_RLEN}) rlen_we = 1'h1; @@ -368,13 +321,9 @@ module keywrap #(parameter ADDR_BITS = 13) if (address == {{PAD{1'h0}}, ADDR_STATUS}) begin - api_rd_delay_new = {29'h0, loaded_reg, valid_reg, ready_reg}; - ping_new = 1'h1; + api_rd_delay_new = {30'h0, valid_reg, ready_reg}; end - if (address == {{PAD{1'h0}}, ADDR_TIMEOUT}) - api_rd_delay_new = timeout_reg; - if (address == {{PAD{1'h0}}, ADDR_RLEN}) api_rd_delay_new = {{(32 - RLEN_BITS){1'h0}}, rlen_reg}; diff --git a/src/rtl/keywrap_core.v b/src/rtl/keywrap_core.v index 0354475..b3e17f6 100644 --- a/src/rtl/keywrap_core.v +++ b/src/rtl/keywrap_core.v @@ -4,7 +4,6 @@ // -------------- // Core that tries to implement AES KEY WRAP as specified in // RFC 3394 and extended with padding in RFC 5649. -// Experimental core at the moment. Does Not Work. // The maximum wrap object size is 64 kByte. // // @@ -51,12 +50,6 @@ module keywrap_core #(parameter MEM_BITS = 11) output wire ready, output wire valid, - output wire loaded, - - input wire [31 : 0] timeout_delay, - input wire ping, - input wire zeroise, - output wire timeout, input wire [(MEM_BITS - 2) : 0] rlen, @@ -89,9 +82,6 @@ module keywrap_core #(parameter MEM_BITS = 11) localparam CTRL_NEXT_WCHECK = 4'h8; localparam CTRL_NEXT_UCHECK = 4'h9; localparam CTRL_NEXT_FINALIZE = 4'ha; - localparam CTRL_ZERO_WAIT = 4'hb; - - localparam DEFAULT_TIMEOUT = 32'h0400_0000; //---------------------------------------------------------------- @@ -126,17 +116,6 @@ module keywrap_core #(parameter MEM_BITS = 11) reg iteration_ctr_set; reg iteration_ctr_rst; - reg [31 : 0] key_timeout_ctr_reg; - reg [31 : 0] key_timeout_ctr_new; - reg key_timeout_ctr_we; - reg key_timeout_ctr_set; - reg key_timeout_ctr_dec; - reg key_timeout; - - reg key_loaded_reg; - reg key_loaded_new; - reg key_loaded_we; - reg [3 : 0] keywrap_core_ctrl_reg; reg [3 : 0] keywrap_core_ctrl_new; reg keywrap_core_ctrl_we; @@ -149,13 +128,10 @@ module keywrap_core #(parameter MEM_BITS = 11) reg aes_next; wire aes_ready; wire aes_valid; - reg [255 : 0] aes_key; - reg aes_keylen; reg [127 : 0] aes_block; wire [127 : 0] aes_result; reg update_state; - reg zero_key; reg core_we; reg [(MEM_BITS - 2) : 0] core_addr; @@ -190,8 +166,8 @@ module keywrap_core #(parameter MEM_BITS = 11) .init(aes_init), .next(aes_next), - .key(aes_key), - .keylen(aes_keylen), + .key(key), + .keylen(keylen), .block(aes_block), @@ -207,8 +183,6 @@ module keywrap_core #(parameter MEM_BITS = 11) assign a_result = a_reg; assign ready = ready_reg; assign valid = valid_reg; - assign loaded = key_loaded_reg; - assign timeout = key_timeout; //---------------------------------------------------------------- @@ -221,10 +195,8 @@ module keywrap_core #(parameter MEM_BITS = 11) a_reg <= 64'h0; ready_reg <= 1'h1; valid_reg <= 1'h0; - key_loaded_reg <= 1'h0; block_ctr_reg <= {(MEM_BITS - 1){1'h0}}; iteration_ctr_reg <= 3'h0; - key_timeout_ctr_reg <= DEFAULT_TIMEOUT; keywrap_core_ctrl_reg <= CTRL_IDLE; end @@ -245,36 +217,12 @@ module keywrap_core #(parameter MEM_BITS = 11) if (iteration_ctr_we) iteration_ctr_reg <= iteration_ctr_new; - if (key_timeout_ctr_we) - key_timeout_ctr_reg <= key_timeout_ctr_new; - - if (key_loaded_we) - key_loaded_reg <= key_loaded_new; - if (keywrap_core_ctrl_we) keywrap_core_ctrl_reg <= keywrap_core_ctrl_new; end end // reg_update - //---------------------------------------------------------------- - // zeroise_mux - //---------------------------------------------------------------- - always @* - begin : zeroise_mux - if (zero_key) - begin - aes_key = 256'h0; - aes_keylen = 1'h1; - end - else - begin - aes_key = key; - aes_keylen = keylen; - end - end - - //---------------------------------------------------------------- // keywrap_logic // @@ -386,31 +334,6 @@ module keywrap_core #(parameter MEM_BITS = 11) end - //---------------------------------------------------------------- - // key_timeout_ctr - //---------------------------------------------------------------- - always @* - begin : key_timeout_ctr - key_timeout_ctr_new = 32'h0; - key_timeout_ctr_we = 1'h0; - key_timeout = 1'h0; - - if (key_timeout_ctr_reg == 32'h0) - key_timeout = 1'h1; - - if (key_timeout_ctr_set || ping) - begin - key_timeout_ctr_new = timeout_delay; - key_timeout_ctr_we = 1'h1; - end - else if (key_timeout_ctr_dec) - begin - key_timeout_ctr_new = key_timeout_ctr_reg - 1'h1; - key_timeout_ctr_we = 1'h1; - end - end - - //---------------------------------------------------------------- // keywrap_core_ctrl //---------------------------------------------------------------- @@ -432,11 +355,6 @@ module keywrap_core #(parameter MEM_BITS = 11) iteration_ctr_dec = 1'h0; iteration_ctr_set = 1'h0; iteration_ctr_rst = 1'h0; - key_timeout_ctr_set = 1'h0; - key_timeout_ctr_dec = 1'h0; - zero_key = 1'h0; - key_loaded_new = 1'h0; - key_loaded_we = 1'h0; keywrap_core_ctrl_new = CTRL_IDLE; keywrap_core_ctrl_we = 1'h0; @@ -444,25 +362,6 @@ module keywrap_core #(parameter MEM_BITS = 11) case (keywrap_core_ctrl_reg) CTRL_IDLE: begin - if (key_loaded_reg) - begin - if (key_timeout || zeroise) - begin - aes_init = 1'h1; - zero_key = 1'h1; - ready_new = 1'h0; - ready_we = 1'h1; - valid_new = 1'h0; - valid_we = 1'h1; - keywrap_core_ctrl_new = CTRL_ZERO_WAIT; - keywrap_core_ctrl_we = 1'h1; - end - else - begin - key_timeout_ctr_dec = 1'h1; - end - end - if (init) begin aes_init = 1'h1; @@ -496,9 +395,6 @@ module keywrap_core #(parameter MEM_BITS = 11) begin ready_new = 1'h1; ready_we = 1'h1; - key_loaded_new = 1'h1; - key_loaded_we = 1'h1; - key_timeout_ctr_set = 1'h1; keywrap_core_ctrl_new = CTRL_IDLE; keywrap_core_ctrl_we = 1'h1; end @@ -616,26 +512,11 @@ module keywrap_core #(parameter MEM_BITS = 11) ready_we = 1'h1; valid_new = 1'h1; valid_we = 1'h1; - key_timeout_ctr_set = 1'h1; keywrap_core_ctrl_new = CTRL_IDLE; keywrap_core_ctrl_we = 1'h1; end - CTRL_ZERO_WAIT: - begin - zero_key = 1'h1; - if (aes_ready) - begin - key_loaded_new = 1'h0; - key_loaded_we = 1'h1; - ready_new = 1'h1; - ready_we = 1'h1; - keywrap_core_ctrl_new = CTRL_IDLE; - keywrap_core_ctrl_we = 1'h1; - end - end - default: begin -- cgit v1.2.3