summaryrefslogblamecommitdiff
path: root/raw-wiki-dump/GitRepositories%2Fcore%2Futil%2Fkeywrap
blob: 8ec3e8e1343171d7c6aa76eb3c5d9d2c86e45fd9 (plain) (tree)
















































































                                                                                                    
{{{
#!htmlcomment

This page is maintained automatically by a script.  Don't modify this page by hand,
your changes will just be overwritten the next time the script runs.  Talk to your
Friendly Neighborhood Repository Maintainer if you need to change something here.

}}}

{{{
#!html
<h1>keywrap</h1>

<h2>Introduction</h2>

<p>This core implememts AES KEY WRAP as defined in <a href="https://tools.ietf.org/html/rfc3394">RFC
3394</a> and the keywrap with padding
according to <a href="https://tools.ietf.org/html/rfc5649">RFC 5694</a></p>

<p>The core supports wrap/unwrap of objects up to 64 kByte in size.
The core supports 128 and 256 bit wrapping keys.</p>

<h2>Status</h2>

<p>First complete version developed. The core does work.</p>

<p>The core has been simulated with two different simulators and
linted. The core has been used on the Cryptech Alpha and verified to
work.</p>

<h2>API</h2>

<p>Objects to be processed are written in word order (MSB words). The
caller writes the calculated magic value to the A regsisters in word
order. The caller also needs to write the number of blocks (excluding
magic block) into the RLEN register. Finally the caller needs to write
the wrapping key.</p>

<p>Due to address space limitations in the Cryptech cores (with 8-bit
address space) the object storage is divided into banks [0 .. 127]. Each
bank supports 128 32-bit words or 4096 bits. For objects lager than 4096
bits, it is the callers responsibilty to switch banks when reading and
writing to the storage.</p>

<h2>Implementation details</h2>

<h3>Key Wrap</h3>

<p>The core implements the wrap block processing part of the AES Key Wrap
as specified in chapter 2.1.1 of RFC 3394:</p>

<p>For j = 0 to 5
           For i=1 to n
               B = AES(K, A | R[i])
               A = MSB(64, B) ^ t where t = (n*j)+i
               R[i] = LSB(64, B)</p>

<p>The core does not perform the calculation of the magic value, which is
the initial value of A. The core also does not perform padding om the
message to an even 8 byte block.</p>

<p>This means that SW needs to generate the 64-bit initial value of A and
perform padding as meeded.</p>

<p>(Similarly, the core implements the unwrap processng as specifie in
chapter 2.2.2 of RFC 3394.)</p>

<h2>Implementation results</h2>

<p>The core has been implemented for Xilinx Artix7-t200 using ISE with the
following results:</p>

<p>Regs:    2906 (1%)
Slices:  1991 (5%)
RamB36E: 32 (8%)
Clock:   100+ MH</p>
}}}

[[RepositoryIndex(format=table,glob=core/util/keywrap)]]

|| Clone `https://git.cryptech.is/core/util/keywrap.git` ||