From acd123d903253edbbe6cdeda5757f829ccbbfb3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joachim=20Stro=CC=88mbergson?= <joachim@secworks.se>
Date: Tue, 8 Jan 2019 10:00:42 +0100
Subject: Adding the same API hardening to keywrap as implemented for other
cores after the Cryptech audit.
---
src/rtl/keywrap.v | 43 +++++++++++++++++++++++--------------------
1 file changed, 23 insertions(+), 20 deletions(-)
(limited to 'src/rtl')
diff --git a/src/rtl/keywrap.v b/src/rtl/keywrap.v
index 47c40d6..73a861c 100644
--- a/src/rtl/keywrap.v
+++ b/src/rtl/keywrap.v
@@ -317,34 +317,37 @@ module keywrap #(parameter ADDR_BITS = 13)
begin
if (we)
begin
- if (address == {{PAD{1'h0}}, ADDR_CTRL})
+ if (core_ready)
begin
- init_new = write_data[CTRL_INIT_BIT];
- next_new = write_data[CTRL_NEXT_BIT];
- zeroise_new = write_data[CTRL_ZEROISE_BIT];
- end
+ if (address == {{PAD{1'h0}}, ADDR_CTRL})
+ begin
+ init_new = write_data[CTRL_INIT_BIT];
+ next_new = write_data[CTRL_NEXT_BIT];
+ zeroise_new = write_data[CTRL_ZEROISE_BIT];
+ end
- if (address == {{PAD{1'h0}}, ADDR_CONFIG})
- config_we = 1'h1;
+ if (address == {{PAD{1'h0}}, ADDR_CONFIG})
+ config_we = 1'h1;
- if (address == {{PAD{1'h0}}, ADDR_TIMEOUT})
- timeout_we = 1'h1;
+ if (address == {{PAD{1'h0}}, ADDR_TIMEOUT})
+ timeout_we = 1'h1;
- if (address == {{PAD{1'h0}}, ADDR_RLEN})
- rlen_we = 1'h1;
+ if (address == {{PAD{1'h0}}, ADDR_RLEN})
+ rlen_we = 1'h1;
- if (address == {{PAD{1'h0}}, ADDR_A0})
- a0_we = 1'h1;
+ if (address == {{PAD{1'h0}}, ADDR_A0})
+ a0_we = 1'h1;
- if (address == {{PAD{1'h0}}, ADDR_A1})
- a1_we = 1'h1;
+ if (address == {{PAD{1'h0}}, ADDR_A1})
+ a1_we = 1'h1;
- if ((address >= {{PAD{1'h0}}, ADDR_KEY0}) &&
- (address <= {{PAD{1'h0}}, ADDR_KEY7}))
- key_we = 1'h1;
+ if ((address >= {{PAD{1'h0}}, ADDR_KEY0}) &&
+ (address <= {{PAD{1'h0}}, ADDR_KEY7}))
+ key_we = 1'h1;
- if (address[(ADDR_BITS - 1)])
- core_api_we = 1'h1;
+ if (address[(ADDR_BITS - 1)])
+ core_api_we = 1'h1;
+ end
end // if (we)
else
begin
--
cgit v1.2.3