aboutsummaryrefslogtreecommitdiff
path: root/src/rtl
diff options
context:
space:
mode:
authorJoachim StroĢˆmbergson <joachim@secworks.se>2018-12-09 11:30:09 +0100
committerJoachim StroĢˆmbergson <joachim@secworks.se>2018-12-09 11:30:09 +0100
commit31ccc060dbd0ba6daa2eedb8911b40603b96a26f (patch)
tree465b6e56c52570a267201c02d93461eb8ec0bebd /src/rtl
parent2841e92b6bf076365c6401e08b249105fccc7b84 (diff)
Adding support for SW to keep loaded key alive by reading status. Adding support for SW to trigger zeroisation of a loaded key.
Diffstat (limited to 'src/rtl')
-rw-r--r--src/rtl/keywrap.v25
-rw-r--r--src/rtl/keywrap_core.v16
2 files changed, 31 insertions, 10 deletions
diff --git a/src/rtl/keywrap.v b/src/rtl/keywrap.v
index c03e903..02c20fc 100644
--- a/src/rtl/keywrap.v
+++ b/src/rtl/keywrap.v
@@ -72,6 +72,7 @@ module keywrap #(parameter ADDR_BITS = 13)
localparam ADDR_CTRL = 8'h08;
localparam CTRL_INIT_BIT = 0;
localparam CTRL_NEXT_BIT = 1;
+ localparam CTRL_ZEROISE_BIT = 2;
localparam ADDR_STATUS = 8'h09;
localparam STATUS_READY_BIT = 0;
@@ -136,6 +137,12 @@ module keywrap #(parameter ADDR_BITS = 13)
reg [31 : 0] timeout_reg;
reg timeout_we;
+ reg ping_reg;
+ reg ping_new;
+
+ reg zeroise_reg;
+ reg zeroise_new;
+
reg [31 : 0] api_rd_delay_reg;
reg [31 : 0] api_rd_delay_new;
@@ -192,6 +199,8 @@ module keywrap #(parameter ADDR_BITS = 13)
.loaded(core_loaded),
.timeout(timeout_reg),
+ .ping(ping_reg),
+ .zeroise(zeroise_reg),
.rlen(rlen_reg),
@@ -232,6 +241,8 @@ module keywrap #(parameter ADDR_BITS = 13)
a1_reg <= 32'h0;
api_rd_delay_reg <= 32'h0;
timeout_reg <= DEFAULT_TIMEOUT;
+ ping_reg <= 1'h0;
+ zeroise_reg <= 1'h0;
end
else
begin
@@ -240,6 +251,8 @@ module keywrap #(parameter ADDR_BITS = 13)
loaded_reg <= core_loaded;
init_reg <= init_new;
next_reg <= next_new;
+ ping_reg <= ping_new;
+ zeroise_reg <= zeroise_new;
api_rd_delay_reg <= api_rd_delay_new;
if (config_we)
@@ -283,6 +296,8 @@ module keywrap #(parameter ADDR_BITS = 13)
a1_we = 1'h0;
tmp_read_data = 32'h0;
tmp_error = 1'h0;
+ ping_new = 1'h0;
+ zeroise_new = 1'h0;
api_rd_delay_new = 32'h0;
// api_mux
@@ -297,8 +312,9 @@ module keywrap #(parameter ADDR_BITS = 13)
begin
if (address == {{PAD{1'h0}}, ADDR_CTRL})
begin
- init_new = write_data[CTRL_INIT_BIT];
- next_new = write_data[CTRL_NEXT_BIT];
+ init_new = write_data[CTRL_INIT_BIT];
+ next_new = write_data[CTRL_NEXT_BIT];
+ zeroise_new = write_data[CTRL_ZEROISE_BIT];
end
if (address == {{PAD{1'h0}}, ADDR_CONFIG})
@@ -339,7 +355,10 @@ module keywrap #(parameter ADDR_BITS = 13)
api_rd_delay_new = {28'h0, keylen_reg, encdec_reg, next_reg, init_reg};
if (address == {{PAD{1'h0}}, ADDR_STATUS})
- api_rd_delay_new = {29'h0, loaded_reg, valid_reg, ready_reg};
+ begin
+ api_rd_delay_new = {29'h0, loaded_reg, valid_reg, ready_reg};
+ ping_new = 1'h1;
+ end
if (address == {{PAD{1'h0}}, ADDR_TIMEOUT})
api_rd_delay_new = timeout_reg;
diff --git a/src/rtl/keywrap_core.v b/src/rtl/keywrap_core.v
index 5e4173e..41ad531 100644
--- a/src/rtl/keywrap_core.v
+++ b/src/rtl/keywrap_core.v
@@ -54,6 +54,8 @@ module keywrap_core #(parameter MEM_BITS = 11)
output wire loaded,
input wire [31 : 0] timeout,
+ input wire ping,
+ input wire zeroise,
input wire [(MEM_BITS - 2) : 0] rlen,
@@ -150,7 +152,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
wire [127 : 0] aes_result;
reg update_state;
- reg zeroise;
+ reg zero_key;
reg core_we;
reg [(MEM_BITS - 2) : 0] core_addr;
@@ -256,7 +258,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
//----------------------------------------------------------------
always @*
begin : zeroise_mux
- if (zeroise)
+ if (zero_key)
begin
aes_key = 256'h0;
aes_keylen = 1'h1;
@@ -392,7 +394,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
if (key_timeout_ctr_reg == 36'h0)
key_timeout = 1'h1;
- if (key_timeout_ctr_set)
+ if (key_timeout_ctr_set || ping)
begin
key_timeout_ctr_new = {timeout, 4'h0};
key_timeout_ctr_we = 1'h1;
@@ -429,7 +431,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
iteration_ctr_rst = 1'h0;
key_timeout_ctr_set = 1'h0;
key_timeout_ctr_dec = 1'h0;
- zeroise = 1'h0;
+ zero_key = 1'h0;
key_loaded_new = 1'h0;
key_loaded_we = 1'h0;
keywrap_core_ctrl_new = CTRL_IDLE;
@@ -441,10 +443,10 @@ module keywrap_core #(parameter MEM_BITS = 11)
begin
if (key_loaded_reg)
begin
- if (key_timeout)
+ if (key_timeout || zeroise)
begin
aes_init = 1'h1;
- zeroise = 1'h1;
+ zero_key = 1'h1;
ready_new = 1'h0;
ready_we = 1'h1;
valid_new = 1'h0;
@@ -621,7 +623,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
CTRL_ZERO_WAIT:
begin
- zeroise = 1'h1;
+ zero_key = 1'h1;
if (aes_ready)
begin
ready_new = 1'h1;