diff options
| author | Joachim StroĢmbergson <joachim@secworks.se> | 2018-12-09 11:30:09 +0100 |
|---|---|---|
| committer | Joachim StroĢmbergson <joachim@secworks.se> | 2018-12-09 11:30:09 +0100 |
| commit | 31ccc060dbd0ba6daa2eedb8911b40603b96a26f (patch) | |
| tree | 465b6e56c52570a267201c02d93461eb8ec0bebd | |
| parent | 2841e92b6bf076365c6401e08b249105fccc7b84 (diff) | |
Adding support for SW to keep loaded key alive by reading status. Adding support for SW to trigger zeroisation of a loaded key.
| -rw-r--r-- | src/rtl/keywrap.v | 25 | ||||
| -rw-r--r-- | src/rtl/keywrap_core.v | 16 | ||||
| -rw-r--r-- | src/tb/tb_keywrap_core.v | 17 |
3 files changed, 43 insertions, 15 deletions
diff --git a/src/rtl/keywrap.v b/src/rtl/keywrap.v index c03e903..02c20fc 100644 --- a/src/rtl/keywrap.v +++ b/src/rtl/keywrap.v @@ -72,6 +72,7 @@ module keywrap #(parameter ADDR_BITS = 13) localparam ADDR_CTRL = 8'h08; localparam CTRL_INIT_BIT = 0; localparam CTRL_NEXT_BIT = 1; + localparam CTRL_ZEROISE_BIT = 2; localparam ADDR_STATUS = 8'h09; localparam STATUS_READY_BIT = 0; @@ -136,6 +137,12 @@ module keywrap #(parameter ADDR_BITS = 13) reg [31 : 0] timeout_reg; reg timeout_we; + reg ping_reg; + reg ping_new; + + reg zeroise_reg; + reg zeroise_new; + reg [31 : 0] api_rd_delay_reg; reg [31 : 0] api_rd_delay_new; @@ -192,6 +199,8 @@ module keywrap #(parameter ADDR_BITS = 13) .loaded(core_loaded), .timeout(timeout_reg), + .ping(ping_reg), + .zeroise(zeroise_reg), .rlen(rlen_reg), @@ -232,6 +241,8 @@ module keywrap #(parameter ADDR_BITS = 13) a1_reg <= 32'h0; api_rd_delay_reg <= 32'h0; timeout_reg <= DEFAULT_TIMEOUT; + ping_reg <= 1'h0; + zeroise_reg <= 1'h0; end else begin @@ -240,6 +251,8 @@ module keywrap #(parameter ADDR_BITS = 13) loaded_reg <= core_loaded; init_reg <= init_new; next_reg <= next_new; + ping_reg <= ping_new; + zeroise_reg <= zeroise_new; api_rd_delay_reg <= api_rd_delay_new; if (config_we) @@ -283,6 +296,8 @@ module keywrap #(parameter ADDR_BITS = 13) a1_we = 1'h0; tmp_read_data = 32'h0; tmp_error = 1'h0; + ping_new = 1'h0; + zeroise_new = 1'h0; api_rd_delay_new = 32'h0; // api_mux @@ -297,8 +312,9 @@ module keywrap #(parameter ADDR_BITS = 13) begin if (address == {{PAD{1'h0}}, ADDR_CTRL}) begin - init_new = write_data[CTRL_INIT_BIT]; - next_new = write_data[CTRL_NEXT_BIT]; + init_new = write_data[CTRL_INIT_BIT]; + next_new = write_data[CTRL_NEXT_BIT]; + zeroise_new = write_data[CTRL_ZEROISE_BIT]; end if (address == {{PAD{1'h0}}, ADDR_CONFIG}) @@ -339,7 +355,10 @@ module keywrap #(parameter ADDR_BITS = 13) api_rd_delay_new = {28'h0, keylen_reg, encdec_reg, next_reg, init_reg}; if (address == {{PAD{1'h0}}, ADDR_STATUS}) - api_rd_delay_new = {29'h0, loaded_reg, valid_reg, ready_reg}; + begin + api_rd_delay_new = {29'h0, loaded_reg, valid_reg, ready_reg}; + ping_new = 1'h1; + end if (address == {{PAD{1'h0}}, ADDR_TIMEOUT}) api_rd_delay_new = timeout_reg; diff --git a/src/rtl/keywrap_core.v b/src/rtl/keywrap_core.v index 5e4173e..41ad531 100644 --- a/src/rtl/keywrap_core.v +++ b/src/rtl/keywrap_core.v @@ -54,6 +54,8 @@ module keywrap_core #(parameter MEM_BITS = 11) output wire loaded, input wire [31 : 0] timeout, + input wire ping, + input wire zeroise, input wire [(MEM_BITS - 2) : 0] rlen, @@ -150,7 +152,7 @@ module keywrap_core #(parameter MEM_BITS = 11) wire [127 : 0] aes_result; reg update_state; - reg zeroise; + reg zero_key; reg core_we; reg [(MEM_BITS - 2) : 0] core_addr; @@ -256,7 +258,7 @@ module keywrap_core #(parameter MEM_BITS = 11) //---------------------------------------------------------------- always @* begin : zeroise_mux - if (zeroise) + if (zero_key) begin aes_key = 256'h0; aes_keylen = 1'h1; @@ -392,7 +394,7 @@ module keywrap_core #(parameter MEM_BITS = 11) if (key_timeout_ctr_reg == 36'h0) key_timeout = 1'h1; - if (key_timeout_ctr_set) + if (key_timeout_ctr_set || ping) begin key_timeout_ctr_new = {timeout, 4'h0}; key_timeout_ctr_we = 1'h1; @@ -429,7 +431,7 @@ module keywrap_core #(parameter MEM_BITS = 11) iteration_ctr_rst = 1'h0; key_timeout_ctr_set = 1'h0; key_timeout_ctr_dec = 1'h0; - zeroise = 1'h0; + zero_key = 1'h0; key_loaded_new = 1'h0; key_loaded_we = 1'h0; keywrap_core_ctrl_new = CTRL_IDLE; @@ -441,10 +443,10 @@ module keywrap_core #(parameter MEM_BITS = 11) begin if (key_loaded_reg) begin - if (key_timeout) + if (key_timeout || zeroise) begin aes_init = 1'h1; - zeroise = 1'h1; + zero_key = 1'h1; ready_new = 1'h0; ready_we = 1'h1; valid_new = 1'h0; @@ -621,7 +623,7 @@ module keywrap_core #(parameter MEM_BITS = 11) CTRL_ZERO_WAIT: begin - zeroise = 1'h1; + zero_key = 1'h1; if (aes_ready) begin ready_new = 1'h1; diff --git a/src/tb/tb_keywrap_core.v b/src/tb/tb_keywrap_core.v index 1212ad7..7f9c42d 100644 --- a/src/tb/tb_keywrap_core.v +++ b/src/tb/tb_keywrap_core.v @@ -69,6 +69,8 @@ module tb_keywrap_core(); wire tb_valid; wire tb_loaded; reg [31 : 0] tb_timeout; + reg tb_ping; + reg tb_zeroise; reg [(RLEN_BITS - 1) : 0] tb_rlen; reg [255 : 0] tb_key; reg tb_keylen; @@ -97,6 +99,8 @@ module tb_keywrap_core(); .loaded(tb_loaded), .timeout(tb_timeout), + .ping(tb_ping), + .zeroise(tb_zeroise), .rlen(tb_rlen), .key(tb_key), @@ -152,14 +156,17 @@ module tb_keywrap_core(); tb_clk = 0; tb_reset_n = 0; - tb_init = 0; - tb_next = 0; - tb_encdec = 0; + tb_init = 1'h0; + tb_next = 1'h0; + tb_encdec = 1'h0; tb_rlen = 13'h0; tb_key = 256'h0; - tb_keylen = 0; + tb_keylen = 1'h0; + tb_timeout = 32'hdeadbeef; + tb_ping = 1'h0; + tb_zeroise = 1'h0; tb_a_init = 64'h0; - tb_api_we = 0; + tb_api_we = 1'h0; tb_api_addr = 14'h0; tb_api_wr_data = 32'h0; |