From 0c64b18d2d9e7ff84c5136dc791424df69bb504a Mon Sep 17 00:00:00 2001 From: Caleb <11879229+calebofearth@users.noreply.github.com> Date: Mon, 4 Dec 2023 13:09:14 -0800 Subject: [PATCH] fixed hmac leakage (#325) Co-authored-by: Mojtaba Bisheh Niasar --- src/ecc/config/ecc_montgomerymultiplier_tb.vf | 4 +- src/ecc/config/ecc_top.vf | 4 +- src/ecc/config/ecc_top_tb.vf | 4 +- src/ecc/rtl/ecc_hmac_drbg_interface.sv | 13 +- src/hmac/config/compile.yml | 1 + src/hmac/config/hmac_ctrl.vf | 5 +- src/hmac/config/hmac_ctrl_tb.vf | 5 +- src/hmac/rtl/hmac.sv | 11 +- src/hmac/rtl/hmac_core.v | 40 ++- .../rtl/hmac_lfsr.sv} | 16 +- src/hmac/rtl/hmac_reg.rdl | 6 +- src/hmac/rtl/hmac_reg.sv | 10 +- src/hmac/rtl/hmac_reg_pkg.sv | 2 +- src/hmac/rtl/hmac_reg_uvm.sv | 2 +- src/hmac_drbg/config/compile.yml | 1 - src/hmac_drbg/config/hmac_drbg.vf | 6 +- src/hmac_drbg/config/hmac_drbg_tb.vf | 6 +- src/hmac_drbg/rtl/hmac_drbg.sv | 22 +- src/integration/config/caliptra_top.vf | 4 +- src/integration/config/caliptra_top_tb.vf | 4 +- .../config/caliptra_top_trng_tb.vf | 4 +- src/integration/rtl/caliptra_reg.h | 14 + src/integration/rtl/caliptra_reg_defines.svh | 14 + src/integration/test_suites/libs/hmac/hmac.c | 2 +- .../smoke_test_fw_kv_backtoback_hmac.c | 21 +- .../smoke_test_hmac/smoke_test_hmac.c | 21 +- .../smoke_test_kv_crypto_flow.c | 4 +- .../smoke_test_kv_hmac_flow.c | 21 +- .../smoke_test_zeroize_crypto.c | 21 +- src/sha512_masked/config/compile.yml | 2 +- .../config/sha512_masked_core.vf | 2 +- .../config/sha512_masked_core_tb.vf | 2 +- src/sha512_masked/rtl/sha512_masked_core.sv | 136 ++------ .../rtl/sha512_masked_defines_pkg.sv | 80 +++++ src/sha512_masked/rtl/sha512_masked_lfsr.sv | 74 ----- src/sha512_masked/rtl/sha512_masked_w_mem.sv | 290 ++++++++++++++++++ 36 files changed, 570 insertions(+), 304 deletions(-) rename src/{hmac_drbg/rtl/hmac_drbg_lfsr.sv => hmac/rtl/hmac_lfsr.sv} (81%) delete mode 100644 src/sha512_masked/rtl/sha512_masked_lfsr.sv create mode 100644 src/sha512_masked/rtl/sha512_masked_w_mem.sv diff --git a/src/ecc/config/ecc_montgomerymultiplier_tb.vf b/src/ecc/config/ecc_montgomerymultiplier_tb.vf index 0754d8f22..271c1a0ba 100644 --- a/src/ecc/config/ecc_montgomerymultiplier_tb.vf +++ b/src/ecc/config/ecc_montgomerymultiplier_tb.vf @@ -47,15 +47,15 @@ ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_w_mem.v ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_reg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_core.sv -${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_lfsr.sv +${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_w_mem.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_param_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_ctrl.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_core.v ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg.sv +${CALIPTRA_ROOT}/src/hmac/rtl/hmac_lfsr.sv ${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg.sv -${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg_lfsr.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_reg_pkg.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_defines_pkg.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_params_pkg.sv diff --git a/src/ecc/config/ecc_top.vf b/src/ecc/config/ecc_top.vf index 51e02138b..44d17565d 100644 --- a/src/ecc/config/ecc_top.vf +++ b/src/ecc/config/ecc_top.vf @@ -45,15 +45,15 @@ ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_w_mem.v ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_reg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_core.sv -${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_lfsr.sv +${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_w_mem.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_param_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_ctrl.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_core.v ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg.sv +${CALIPTRA_ROOT}/src/hmac/rtl/hmac_lfsr.sv ${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg.sv -${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg_lfsr.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_reg_pkg.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_defines_pkg.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_params_pkg.sv diff --git a/src/ecc/config/ecc_top_tb.vf b/src/ecc/config/ecc_top_tb.vf index ea081512c..72bef46f6 100644 --- a/src/ecc/config/ecc_top_tb.vf +++ b/src/ecc/config/ecc_top_tb.vf @@ -50,15 +50,15 @@ ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_w_mem.v ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_reg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_core.sv -${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_lfsr.sv +${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_w_mem.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_param_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_ctrl.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_core.v ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg.sv +${CALIPTRA_ROOT}/src/hmac/rtl/hmac_lfsr.sv ${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg.sv -${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg_lfsr.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_reg_pkg.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_defines_pkg.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_params_pkg.sv diff --git a/src/ecc/rtl/ecc_hmac_drbg_interface.sv b/src/ecc/rtl/ecc_hmac_drbg_interface.sv index aff0288f6..071debff9 100644 --- a/src/ecc/rtl/ecc_hmac_drbg_interface.sv +++ b/src/ecc/rtl/ecc_hmac_drbg_interface.sv @@ -39,7 +39,7 @@ module ecc_hmac_drbg_interface#( parameter REG_SIZE = 384, parameter [REG_SIZE-1 : 0] GROUP_ORDER = 384'hffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973, - parameter [147 : 0] LFSR_INIT_SEED = 148'h6_04E7_A407_54F1_4487_A021_11AC_D0DF_8C55_57A0 // a random value + parameter [REG_SIZE-1 : 0] LFSR_INIT_SEED = 384'hc48555929cd58779f4819c1e6570c2ef20bccd503284e2d366f3273a66e9719b07ac999c80740d6277af88ceb4c3029c // a random value ) ( // Clock and reset. @@ -66,8 +66,8 @@ module ecc_hmac_drbg_interface#( //---------------------------------------------------------------- // Registers including update variables and write enable. //---------------------------------------------------------------- - logic [147 : 0] lfsr_seed_reg; - logic [147 : 0] hmac_lfsr_seed; + logic [REG_SIZE-1 : 0] lfsr_seed_reg; + logic [REG_SIZE-1 : 0] hmac_lfsr_seed; logic hmac_mode; logic hmac_drbg_init; @@ -210,7 +210,7 @@ module ecc_hmac_drbg_interface#( else if (hmac_done_edge) begin unique case (state_reg) inside - LFSR_ST: lfsr_seed_reg <= hmac_drbg_result[147 : 0]; + LFSR_ST: lfsr_seed_reg <= hmac_drbg_result; LAMBDA_ST: lambda_reg <= hmac_drbg_result; SCALAR_RND_ST: scalar_rnd_reg <= hmac_drbg_result; MASKING_RND_ST: masking_rnd_reg <= hmac_drbg_result; @@ -278,9 +278,8 @@ module ecc_hmac_drbg_interface#( end end // counter_nonce_update - always_comb counter_nonce[REG_SIZE-1 : 64] = '0; - always_comb counter_nonce[63 : 0] = counter_reg; - always_comb hmac_lfsr_seed = lfsr_seed_reg ^ counter_nonce[147 : 0]; + always_comb counter_nonce = {counter_reg, counter_reg, counter_reg, counter_reg, counter_reg, counter_reg}; + always_comb hmac_lfsr_seed = lfsr_seed_reg ^ counter_nonce; //---------------------------------------------------------------- // FSM_flow diff --git a/src/hmac/config/compile.yml b/src/hmac/config/compile.yml index 480936e76..8313b86ae 100755 --- a/src/hmac/config/compile.yml +++ b/src/hmac/config/compile.yml @@ -15,6 +15,7 @@ targets: - $COMPILE_ROOT/rtl/hmac.sv - $COMPILE_ROOT/rtl/hmac_core.v - $COMPILE_ROOT/rtl/hmac_reg.sv + - $COMPILE_ROOT/rtl/hmac_lfsr.sv tops: [hmac_ctrl] rtl_lint: directories: [] diff --git a/src/hmac/config/hmac_ctrl.vf b/src/hmac/config/hmac_ctrl.vf index 666c3371f..27a9226bc 100644 --- a/src/hmac/config/hmac_ctrl.vf +++ b/src/hmac/config/hmac_ctrl.vf @@ -43,10 +43,11 @@ ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_w_mem.v ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_reg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_core.sv -${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_lfsr.sv +${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_w_mem.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_param_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_ctrl.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_core.v -${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg.sv \ No newline at end of file +${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg.sv +${CALIPTRA_ROOT}/src/hmac/rtl/hmac_lfsr.sv \ No newline at end of file diff --git a/src/hmac/config/hmac_ctrl_tb.vf b/src/hmac/config/hmac_ctrl_tb.vf index 1ca5eaa69..fea1a3a02 100644 --- a/src/hmac/config/hmac_ctrl_tb.vf +++ b/src/hmac/config/hmac_ctrl_tb.vf @@ -48,10 +48,11 @@ ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_w_mem.v ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_reg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_core.sv -${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_lfsr.sv +${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_w_mem.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_param_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_ctrl.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_core.v -${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg.sv \ No newline at end of file +${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg.sv +${CALIPTRA_ROOT}/src/hmac/rtl/hmac_lfsr.sv \ No newline at end of file diff --git a/src/hmac/rtl/hmac.sv b/src/hmac/rtl/hmac.sv index a9d0114c4..ef68be88b 100644 --- a/src/hmac/rtl/hmac.sv +++ b/src/hmac/rtl/hmac.sv @@ -69,15 +69,15 @@ module hmac localparam BLOCK_SIZE = 1024; localparam KEY_SIZE = 384; localparam TAG_SIZE = KEY_SIZE; - localparam LFSR_SEED_SIZE = 148; // 2 * 74_bit lfsr_seed for each SHA512 core + localparam LFSR_SEED_SIZE = 384; localparam BLOCK_NUM_DWORDS = BLOCK_SIZE / DATA_WIDTH; localparam KEY_NUM_DWORDS = KEY_SIZE / DATA_WIDTH; localparam TAG_NUM_DWORDS = TAG_SIZE / DATA_WIDTH; localparam SEED_NUM_DWORDS = ((LFSR_SEED_SIZE - 1) / DATA_WIDTH) + 1; - reg [KEY_NUM_DWORDS - 1 : 0][DATA_WIDTH - 1 : 0] key_reg; - reg [BLOCK_NUM_DWORDS - 1 : 0][DATA_WIDTH - 1 : 0] block_reg; - reg [SEED_NUM_DWORDS- 1 : 0][DATA_WIDTH - 1 : 0] lfsr_seed_reg; + reg [KEY_NUM_DWORDS - 1 : 0][DATA_WIDTH - 1 : 0] key_reg; + reg [BLOCK_NUM_DWORDS - 1 : 0][DATA_WIDTH - 1 : 0] block_reg; + reg [SEED_NUM_DWORDS- 1 : 0][DATA_WIDTH - 1 : 0] lfsr_seed_reg; logic zeroize_reg; @@ -132,7 +132,8 @@ module hmac assign core_key = {key_reg[00], key_reg[01], key_reg[02], key_reg[03], key_reg[04], key_reg[05], key_reg[06], key_reg[07], key_reg[08], key_reg[09], key_reg[10], key_reg[11]}; - assign core_lfsr_seed = {lfsr_seed_reg[00][19 : 0], lfsr_seed_reg[01], lfsr_seed_reg[02], lfsr_seed_reg[03], lfsr_seed_reg[04]}; + assign core_lfsr_seed = {lfsr_seed_reg[00], lfsr_seed_reg[01], lfsr_seed_reg[02], lfsr_seed_reg[03], lfsr_seed_reg[04], lfsr_seed_reg[05], + lfsr_seed_reg[06], lfsr_seed_reg[07], lfsr_seed_reg[08], lfsr_seed_reg[09], lfsr_seed_reg[10], lfsr_seed_reg[11]}; //rising edge detect on core tag valid assign core_tag_we = core_tag_valid & ~tag_valid_reg; diff --git a/src/hmac/rtl/hmac_core.v b/src/hmac/rtl/hmac_core.v index b2e6b0a4c..703f71dc0 100644 --- a/src/hmac/rtl/hmac_core.v +++ b/src/hmac/rtl/hmac_core.v @@ -23,7 +23,7 @@ module hmac_core #( - parameter [147 : 0] LFSR_INIT_SEED = 148'h5_60DE_54E3_6AC0_807B_2396_8E54_5475_3CAB_FFB0 // a random value + parameter [383 : 0] LFSR_INIT_SEED = 384'hc48555929cd58779f4819c1e6570c2ef20bccd503284e2d366f3273a66e9719b07ac999c80740d6277af88ceb4c3029c // a random value ) ( // Clock and reset. @@ -38,7 +38,7 @@ module hmac_core output wire tag_valid, // Data ports. - input wire [147 : 0] lfsr_seed, + input wire [383 : 0] lfsr_seed, input wire [383 : 0] key, input wire [1023 : 0] block_msg, @@ -59,8 +59,6 @@ module hmac_core localparam [2 : 0] CTRL_HMAC = 3'd3; localparam [2 : 0] CTRL_DONE = 3'd4; - localparam [73 : 0] LFSR_INIT_SEED0 = LFSR_INIT_SEED[73 : 0]; - localparam [73 : 0] LFSR_INIT_SEED1 = LFSR_INIT_SEED[147 : 74]; //---------------------------------------------------------------- // Registers including update variables and write enable. //---------------------------------------------------------------- @@ -101,6 +99,8 @@ module hmac_core wire H2_digest_valid; wire [127:0] garbage_bit_vector1,garbage_bit_vector2; + wire [383 : 0] entropy; + //---------------------------------------------------------------- // Concurrent connectivity for ports etc. //---------------------------------------------------------------- @@ -110,10 +110,7 @@ module hmac_core //---------------------------------------------------------------- // core instantiation. //---------------------------------------------------------------- - sha512_masked_core #( - .LFSR_INIT_SEED(LFSR_INIT_SEED0) - ) - u_sha512_core_h1 + sha512_masked_core u_sha512_core_h1 ( .clk(clk), .reset_n(reset_n), @@ -123,7 +120,7 @@ module hmac_core .next_cmd(H1_next), .mode(2'h2), - .lfsr_seed(lfsr_seed[73 : 0]), + .entropy(entropy[191 : 0]), .block_msg(H1_block), @@ -132,10 +129,7 @@ module hmac_core .digest_valid(H1_digest_valid) ); - sha512_masked_core #( - .LFSR_INIT_SEED(LFSR_INIT_SEED1) - ) - u_sha512_core_h2 + sha512_masked_core u_sha512_core_h2 ( .clk(clk), .reset_n(reset_n), @@ -145,7 +139,7 @@ module hmac_core .next_cmd(H2_next), .mode(2'h2), - .lfsr_seed(lfsr_seed[147 : 74]), + .entropy(entropy[383 : 192]), .block_msg(H2_block), @@ -154,6 +148,24 @@ module hmac_core .digest_valid(H2_digest_valid) ); + genvar i; + generate + for (i=0; i < 12; i++) begin : gen_lfsr + hmac_lfsr #( + .REG_SIZE(32), + .INIT_SEED(LFSR_INIT_SEED[i*32 +: 32]) + ) + lfsr_inst_i + ( + .clk(clk), + .reset_n(reset_n), + .zeroize(zeroize), + .en(init_cmd), + .seed(lfsr_seed[i*32 +: 32]), + .rnd(entropy[i*32 +: 32]) + ); + end + endgenerate //---------------------------------------------------------------- // reg_update // diff --git a/src/hmac_drbg/rtl/hmac_drbg_lfsr.sv b/src/hmac/rtl/hmac_lfsr.sv similarity index 81% rename from src/hmac_drbg/rtl/hmac_drbg_lfsr.sv rename to src/hmac/rtl/hmac_lfsr.sv index b2693c1f3..96fe14579 100644 --- a/src/hmac_drbg/rtl/hmac_drbg_lfsr.sv +++ b/src/hmac/rtl/hmac_lfsr.sv @@ -14,16 +14,16 @@ // //====================================================================== // -// hmac_drbg_lfsr.sv +// hmac_lfsr.sv // ------ -// 148-bit LFSR +// 32-bit LFSR // //====================================================================== -module hmac_drbg_lfsr +module hmac_lfsr #( - parameter REG_SIZE = 148, - parameter [REG_SIZE-1 : 0] INIT_SEED = 148'h5_60DE_54E3_6AC0_807B_2396_8E54_5475_3CAB_FFB0 // a random value + parameter REG_SIZE = 32, + parameter [REG_SIZE-1 : 0] INIT_SEED = 32'h3CAB_FFB0 // a random value ) ( // Clock and reset. @@ -52,10 +52,10 @@ module hmac_drbg_lfsr // Update functionality for all registers in the core. //---------------------------------------------------------------- - // TAPs are: 148, 121 based on Xilinx doc: https://docs.xilinx.com/v/u/en-US/xapp052 - always_comb feedback = rnd_reg[147] ^ rnd_reg[120]; + // TAPs are: 32,22,2,1 based on Xilinx doc: https://docs.xilinx.com/v/u/en-US/xapp052 + always_comb feedback = rnd_reg[31] ^ rnd_reg[21] ^ rnd_reg[1] ^ rnd_reg[0]; - always_comb rnd_next = {rnd_reg[REG_SIZE-2 : 0], feedback}; + always_comb rnd_next = {rnd_reg[REG_SIZE-2 : 0], !feedback}; always_ff @ (posedge clk or negedge reset_n) begin diff --git a/src/hmac/rtl/hmac_reg.rdl b/src/hmac/rtl/hmac_reg.rdl index 0f7713955..d800877ad 100644 --- a/src/hmac/rtl/hmac_reg.rdl +++ b/src/hmac/rtl/hmac_reg.rdl @@ -158,16 +158,16 @@ addrmap hmac_reg { /* ---- HMAC384 Component Input LFSR Seed ---- */ reg { name = "HMAC384 component lfsr seed register type definition"; - desc = "5 32-bit registers storing the 160-bit lfsr seed input. + desc = "12 32-bit registers storing the 384-bit lfsr seed input. These registers are located at HMAC384_base_address + - 0x0000_0130 to 0x0000_0140 in big-endian representation."; + 0x0000_0130 to 0x0000_015C in big-endian representation."; default sw = w; default hw = r; default resetsignal = reset_b; field {desc = "Input lfsr seed field";} LFSR_SEED[32] = 32'h3CAB_FFB0; // a random value - } HMAC384_LFSR_SEED[5] @0x00000130; + } HMAC384_LFSR_SEED[12] @0x00000130; /* ---- HMAC Key Vault Control Reg ---- */ kv_read_ctrl_reg HMAC384_KV_RD_KEY_CTRL @0x00000600; diff --git a/src/hmac/rtl/hmac_reg.sv b/src/hmac/rtl/hmac_reg.sv index 4a4364f74..22cb3b979 100644 --- a/src/hmac/rtl/hmac_reg.sv +++ b/src/hmac/rtl/hmac_reg.sv @@ -71,7 +71,7 @@ module hmac_reg ( logic [12-1:0]HMAC384_KEY; logic [32-1:0]HMAC384_BLOCK; logic [12-1:0]HMAC384_TAG; - logic [5-1:0]HMAC384_LFSR_SEED; + logic [12-1:0]HMAC384_LFSR_SEED; logic HMAC384_KV_RD_KEY_CTRL; logic HMAC384_KV_RD_KEY_STATUS; logic HMAC384_KV_RD_BLOCK_CTRL; @@ -124,7 +124,7 @@ module hmac_reg ( for(int i0=0; i0<12; i0++) begin decoded_reg_strb.HMAC384_TAG[i0] = cpuif_req_masked & (cpuif_addr == 'h100 + i0*'h4); end - for(int i0=0; i0<5; i0++) begin + for(int i0=0; i0<12; i0++) begin decoded_reg_strb.HMAC384_LFSR_SEED[i0] = cpuif_req_masked & (cpuif_addr == 'h130 + i0*'h4); end decoded_reg_strb.HMAC384_KV_RD_KEY_CTRL = cpuif_req_masked & (cpuif_addr == 'h600); @@ -205,7 +205,7 @@ module hmac_reg ( logic [31:0] next; logic load_next; } LFSR_SEED; - } [5-1:0]HMAC384_LFSR_SEED; + } [12-1:0]HMAC384_LFSR_SEED; struct packed{ struct packed{ logic next; @@ -504,7 +504,7 @@ module hmac_reg ( struct packed{ logic [31:0] value; } LFSR_SEED; - } [5-1:0]HMAC384_LFSR_SEED; + } [12-1:0]HMAC384_LFSR_SEED; struct packed{ struct packed{ logic value; @@ -847,7 +847,7 @@ module hmac_reg ( end end end - for(genvar i0=0; i0<5; i0++) begin + for(genvar i0=0; i0<12; i0++) begin // Field: hmac_reg.HMAC384_LFSR_SEED[].LFSR_SEED always_comb begin automatic logic [31:0] next_c = field_storage.HMAC384_LFSR_SEED[i0].LFSR_SEED.value; diff --git a/src/hmac/rtl/hmac_reg_pkg.sv b/src/hmac/rtl/hmac_reg_pkg.sv index baf7273b5..2f107b551 100644 --- a/src/hmac/rtl/hmac_reg_pkg.sv +++ b/src/hmac/rtl/hmac_reg_pkg.sv @@ -284,7 +284,7 @@ package hmac_reg_pkg; hmac_reg__HMAC384_CTRL__out_t HMAC384_CTRL; hmac_reg__HMAC384_KEY__out_t [12-1:0]HMAC384_KEY; hmac_reg__HMAC384_BLOCK__out_t [32-1:0]HMAC384_BLOCK; - hmac_reg__HMAC384_LFSR_SEED__out_t [5-1:0]HMAC384_LFSR_SEED; + hmac_reg__HMAC384_LFSR_SEED__out_t [12-1:0]HMAC384_LFSR_SEED; __kv_read_ctrl_reg__out_t HMAC384_KV_RD_KEY_CTRL; __kv_read_ctrl_reg__out_t HMAC384_KV_RD_BLOCK_CTRL; __kv_write_ctrl_reg__out_t HMAC384_KV_WR_CTRL; diff --git a/src/hmac/rtl/hmac_reg_uvm.sv b/src/hmac/rtl/hmac_reg_uvm.sv index f8259d2d8..1b68ac8c4 100644 --- a/src/hmac/rtl/hmac_reg_uvm.sv +++ b/src/hmac/rtl/hmac_reg_uvm.sv @@ -1164,7 +1164,7 @@ package hmac_reg_uvm; rand hmac_reg__HMAC384_KEY HMAC384_KEY[12]; rand hmac_reg__HMAC384_BLOCK HMAC384_BLOCK[32]; rand hmac_reg__HMAC384_TAG HMAC384_TAG[12]; - rand hmac_reg__HMAC384_LFSR_SEED HMAC384_LFSR_SEED[5]; + rand hmac_reg__HMAC384_LFSR_SEED HMAC384_LFSR_SEED[12]; rand kv_read_ctrl_reg HMAC384_KV_RD_KEY_CTRL; rand kv_status_reg HMAC384_KV_RD_KEY_STATUS; rand kv_read_ctrl_reg HMAC384_KV_RD_BLOCK_CTRL; diff --git a/src/hmac_drbg/config/compile.yml b/src/hmac_drbg/config/compile.yml index 3b2d1dc94..b60554623 100755 --- a/src/hmac_drbg/config/compile.yml +++ b/src/hmac_drbg/config/compile.yml @@ -9,7 +9,6 @@ targets: directories: [$COMPILE_ROOT/rtl] files: - $COMPILE_ROOT/rtl/hmac_drbg.sv - - $COMPILE_ROOT/rtl/hmac_drbg_lfsr.sv tops: [hmac_drbg] --- provides: [hmac_drbg_tb] diff --git a/src/hmac_drbg/config/hmac_drbg.vf b/src/hmac_drbg/config/hmac_drbg.vf index 2e7367213..cac929ed1 100644 --- a/src/hmac_drbg/config/hmac_drbg.vf +++ b/src/hmac_drbg/config/hmac_drbg.vf @@ -44,12 +44,12 @@ ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_w_mem.v ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_reg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_core.sv -${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_lfsr.sv +${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_w_mem.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_param_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_ctrl.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_core.v ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg.sv -${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg.sv -${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg_lfsr.sv \ No newline at end of file +${CALIPTRA_ROOT}/src/hmac/rtl/hmac_lfsr.sv +${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg.sv \ No newline at end of file diff --git a/src/hmac_drbg/config/hmac_drbg_tb.vf b/src/hmac_drbg/config/hmac_drbg_tb.vf index 9754c6784..1111c0aad 100644 --- a/src/hmac_drbg/config/hmac_drbg_tb.vf +++ b/src/hmac_drbg/config/hmac_drbg_tb.vf @@ -46,12 +46,12 @@ ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_w_mem.v ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_reg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_core.sv -${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_lfsr.sv +${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_w_mem.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_param_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_ctrl.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_core.v ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg.sv -${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg.sv -${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg_lfsr.sv \ No newline at end of file +${CALIPTRA_ROOT}/src/hmac/rtl/hmac_lfsr.sv +${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg.sv \ No newline at end of file diff --git a/src/hmac_drbg/rtl/hmac_drbg.sv b/src/hmac_drbg/rtl/hmac_drbg.sv index 51d3bd145..bba6de226 100644 --- a/src/hmac_drbg/rtl/hmac_drbg.sv +++ b/src/hmac_drbg/rtl/hmac_drbg.sv @@ -34,7 +34,7 @@ module hmac_drbg #( parameter REG_SIZE = 384, parameter [REG_SIZE-1 : 0] HMAC_DRBG_PRIME = 384'hFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973, - parameter [147 : 0] LFSR_INIT_SEED = 148'h5_60DE_54E3_6AC0_807B_2396_8E54_5475_3CAB_FFB0 // a random value + parameter [REG_SIZE-1 : 0] LFSR_INIT_SEED = 384'hc48555929cd58779f4819c1e6570c2ef20bccd503284e2d366f3273a66e9719b07ac999c80740d6277af88ceb4c3029c // a random value ) ( // Clock and reset. @@ -49,7 +49,7 @@ module hmac_drbg output wire valid, //Data - input wire [147 : 0] lfsr_seed, + input wire [REG_SIZE-1 : 0] lfsr_seed, input wire [REG_SIZE-1 : 0] entropy, input wire [REG_SIZE-1 : 0] nonce, @@ -116,8 +116,6 @@ module hmac_drbg wire HMAC_tag_valid; wire [REG_SIZE-1:0] HMAC_tag; - reg [147 : 0] HMAC_lfsr_seed; - //---------------------------------------------------------------- // HMAC module instantiation. //---------------------------------------------------------------- @@ -131,7 +129,7 @@ module hmac_drbg .zeroize(zeroize), .init_cmd(HMAC_init), .next_cmd(HMAC_next), - .lfsr_seed(HMAC_lfsr_seed), + .lfsr_seed(lfsr_seed), .key(HMAC_key), .block_msg(HMAC_block), .ready(HMAC_ready), @@ -139,20 +137,6 @@ module hmac_drbg .tag_valid(HMAC_tag_valid) ); - hmac_drbg_lfsr #( - .REG_SIZE(148), - .INIT_SEED(LFSR_INIT_SEED) - ) - lfsr_inst - ( - .clk(clk), - .reset_n(reset_n), - .zeroize(zeroize), - .en(init_cmd), - .seed(lfsr_seed), - .rnd(HMAC_lfsr_seed) - ); - //---------------------------------------------------------------- // reg_update // Update functionality for all registers in the core. diff --git a/src/integration/config/caliptra_top.vf b/src/integration/config/caliptra_top.vf index 44074db29..244c4c989 100644 --- a/src/integration/config/caliptra_top.vf +++ b/src/integration/config/caliptra_top.vf @@ -158,15 +158,15 @@ ${CALIPTRA_ROOT}/src/doe/rtl/doe_reg.sv ${CALIPTRA_ROOT}/src/doe/rtl/doe_fsm.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_core.sv -${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_lfsr.sv +${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_w_mem.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_param_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_ctrl.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_core.v ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg.sv +${CALIPTRA_ROOT}/src/hmac/rtl/hmac_lfsr.sv ${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg.sv -${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg_lfsr.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_reg_pkg.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_defines_pkg.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_params_pkg.sv diff --git a/src/integration/config/caliptra_top_tb.vf b/src/integration/config/caliptra_top_tb.vf index 7848871bc..4500df6bf 100644 --- a/src/integration/config/caliptra_top_tb.vf +++ b/src/integration/config/caliptra_top_tb.vf @@ -239,15 +239,15 @@ ${CALIPTRA_ROOT}/src/doe/rtl/doe_reg.sv ${CALIPTRA_ROOT}/src/doe/rtl/doe_fsm.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_core.sv -${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_lfsr.sv +${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_w_mem.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_param_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_ctrl.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_core.v ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg.sv +${CALIPTRA_ROOT}/src/hmac/rtl/hmac_lfsr.sv ${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg.sv -${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg_lfsr.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_reg_pkg.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_defines_pkg.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_params_pkg.sv diff --git a/src/integration/config/caliptra_top_trng_tb.vf b/src/integration/config/caliptra_top_trng_tb.vf index 52c42d8ff..75a9cde59 100644 --- a/src/integration/config/caliptra_top_trng_tb.vf +++ b/src/integration/config/caliptra_top_trng_tb.vf @@ -239,15 +239,15 @@ ${CALIPTRA_ROOT}/src/doe/rtl/doe_reg.sv ${CALIPTRA_ROOT}/src/doe/rtl/doe_fsm.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_core.sv -${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_lfsr.sv +${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_w_mem.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_param_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg_pkg.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_ctrl.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac.sv ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_core.v ${CALIPTRA_ROOT}/src/hmac/rtl/hmac_reg.sv +${CALIPTRA_ROOT}/src/hmac/rtl/hmac_lfsr.sv ${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg.sv -${CALIPTRA_ROOT}/src/hmac_drbg/rtl/hmac_drbg_lfsr.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_reg_pkg.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_defines_pkg.sv ${CALIPTRA_ROOT}/src/ecc/rtl/ecc_params_pkg.sv diff --git a/src/integration/rtl/caliptra_reg.h b/src/integration/rtl/caliptra_reg.h index 74b0db32a..b9e942264 100644 --- a/src/integration/rtl/caliptra_reg.h +++ b/src/integration/rtl/caliptra_reg.h @@ -676,6 +676,20 @@ #define HMAC_REG_HMAC384_LFSR_SEED_3 (0x13c) #define CLP_HMAC_REG_HMAC384_LFSR_SEED_4 (0x10010140) #define HMAC_REG_HMAC384_LFSR_SEED_4 (0x140) +#define CLP_HMAC_REG_HMAC384_LFSR_SEED_5 (0x10010144) +#define HMAC_REG_HMAC384_LFSR_SEED_5 (0x144) +#define CLP_HMAC_REG_HMAC384_LFSR_SEED_6 (0x10010148) +#define HMAC_REG_HMAC384_LFSR_SEED_6 (0x148) +#define CLP_HMAC_REG_HMAC384_LFSR_SEED_7 (0x1001014c) +#define HMAC_REG_HMAC384_LFSR_SEED_7 (0x14c) +#define CLP_HMAC_REG_HMAC384_LFSR_SEED_8 (0x10010150) +#define HMAC_REG_HMAC384_LFSR_SEED_8 (0x150) +#define CLP_HMAC_REG_HMAC384_LFSR_SEED_9 (0x10010154) +#define HMAC_REG_HMAC384_LFSR_SEED_9 (0x154) +#define CLP_HMAC_REG_HMAC384_LFSR_SEED_10 (0x10010158) +#define HMAC_REG_HMAC384_LFSR_SEED_10 (0x158) +#define CLP_HMAC_REG_HMAC384_LFSR_SEED_11 (0x1001015c) +#define HMAC_REG_HMAC384_LFSR_SEED_11 (0x15c) #define CLP_HMAC_REG_HMAC384_KV_RD_KEY_CTRL (0x10010600) #define HMAC_REG_HMAC384_KV_RD_KEY_CTRL (0x600) #define HMAC_REG_HMAC384_KV_RD_KEY_CTRL_READ_EN_LOW (0) diff --git a/src/integration/rtl/caliptra_reg_defines.svh b/src/integration/rtl/caliptra_reg_defines.svh index 8f6aa8008..fa35a7f13 100644 --- a/src/integration/rtl/caliptra_reg_defines.svh +++ b/src/integration/rtl/caliptra_reg_defines.svh @@ -676,6 +676,20 @@ `define HMAC_REG_HMAC384_LFSR_SEED_3 (32'h13c) `define CLP_HMAC_REG_HMAC384_LFSR_SEED_4 (32'h10010140) `define HMAC_REG_HMAC384_LFSR_SEED_4 (32'h140) +`define CLP_HMAC_REG_HMAC384_LFSR_SEED_5 (32'h10010144) +`define HMAC_REG_HMAC384_LFSR_SEED_5 (32'h144) +`define CLP_HMAC_REG_HMAC384_LFSR_SEED_6 (32'h10010148) +`define HMAC_REG_HMAC384_LFSR_SEED_6 (32'h148) +`define CLP_HMAC_REG_HMAC384_LFSR_SEED_7 (32'h1001014c) +`define HMAC_REG_HMAC384_LFSR_SEED_7 (32'h14c) +`define CLP_HMAC_REG_HMAC384_LFSR_SEED_8 (32'h10010150) +`define HMAC_REG_HMAC384_LFSR_SEED_8 (32'h150) +`define CLP_HMAC_REG_HMAC384_LFSR_SEED_9 (32'h10010154) +`define HMAC_REG_HMAC384_LFSR_SEED_9 (32'h154) +`define CLP_HMAC_REG_HMAC384_LFSR_SEED_10 (32'h10010158) +`define HMAC_REG_HMAC384_LFSR_SEED_10 (32'h158) +`define CLP_HMAC_REG_HMAC384_LFSR_SEED_11 (32'h1001015c) +`define HMAC_REG_HMAC384_LFSR_SEED_11 (32'h15c) `define CLP_HMAC_REG_HMAC384_KV_RD_KEY_CTRL (32'h10010600) `define HMAC_REG_HMAC384_KV_RD_KEY_CTRL (32'h600) `define HMAC_REG_HMAC384_KV_RD_KEY_CTRL_READ_EN_LOW (0) diff --git a/src/integration/test_suites/libs/hmac/hmac.c b/src/integration/test_suites/libs/hmac/hmac.c index 7d6f28e46..4ba69cddf 100644 --- a/src/integration/test_suites/libs/hmac/hmac.c +++ b/src/integration/test_suites/libs/hmac/hmac.c @@ -88,7 +88,7 @@ void hmac_flow(hmac_io key, hmac_io block, hmac_io lfsr_seed, hmac_io tag){ // Program LFSR_SEED reg_ptr = (uint32_t*) CLP_HMAC_REG_HMAC384_LFSR_SEED_0; offset = 0; - while (reg_ptr <= (uint32_t*) CLP_HMAC_REG_HMAC384_LFSR_SEED_4) { + while (reg_ptr <= (uint32_t*) CLP_HMAC_REG_HMAC384_LFSR_SEED_11) { *reg_ptr++ = lfsr_seed.data[offset++]; } diff --git a/src/integration/test_suites/smoke_test_fw_kv_backtoback_hmac/smoke_test_fw_kv_backtoback_hmac.c b/src/integration/test_suites/smoke_test_fw_kv_backtoback_hmac/smoke_test_fw_kv_backtoback_hmac.c index 8b2cc5203..0141addc5 100644 --- a/src/integration/test_suites/smoke_test_fw_kv_backtoback_hmac/smoke_test_fw_kv_backtoback_hmac.c +++ b/src/integration/test_suites/smoke_test_fw_kv_backtoback_hmac/smoke_test_fw_kv_backtoback_hmac.c @@ -112,12 +112,19 @@ void main() { 0x00000000, 0x00000440}; - //this is a random lfsr_seed 160-bit - uint32_t lfsr_seed_data[5] = {0xC8F518D4, - 0xF3AA1BD4, - 0x6ED56C1C, - 0x3C9E16FB, - 0x800AF504}; + //this is a random lfsr_seed + uint32_t lfsr_seed_data[12] = {0xC8F518D4, + 0xF3AA1BD4, + 0x6ED56C1C, + 0x3C9E16FB, + 0x800AF504, + 0xC8F518D4, + 0xF3AA1BD4, + 0x6ED56C1C, + 0x3C9E16FB, + 0x800AF504, + 0xC8F518D4, + 0xF3AA1BD4}; uint32_t expected_tag[12] = {0xb6a8d563, 0x6f5c6a72, @@ -166,7 +173,7 @@ void main() { hmac_block.data[i] = block[i]; hmac_lfsr_seed.kv_intf = FALSE; - hmac_lfsr_seed.data_size = 5; + hmac_lfsr_seed.data_size = 12; for (int i = 0; i < hmac_lfsr_seed.data_size; i++) hmac_lfsr_seed.data[i] = lfsr_seed_data[i]; diff --git a/src/integration/test_suites/smoke_test_hmac/smoke_test_hmac.c b/src/integration/test_suites/smoke_test_hmac/smoke_test_hmac.c index 4015330b1..47124e6dc 100644 --- a/src/integration/test_suites/smoke_test_hmac/smoke_test_hmac.c +++ b/src/integration/test_suites/smoke_test_hmac/smoke_test_hmac.c @@ -112,12 +112,19 @@ void main() { 0x5b3297b4, 0xfb68dab9, 0xf1b582c2}; - //this is a random lfsr_seed 160-bit - uint32_t lfsr_seed_data[] = {0xC8F518D4, - 0xF3AA1BD4, - 0x6ED56C1C, - 0x3C9E16FB, - 0x800AF504}; + //this is a random lfsr_seed + uint32_t lfsr_seed_data[12] = {0xC8F518D4, + 0xF3AA1BD4, + 0x6ED56C1C, + 0x3C9E16FB, + 0x800AF504, + 0xC8F518D4, + 0xF3AA1BD4, + 0x6ED56C1C, + 0x3C9E16FB, + 0x800AF504, + 0xC8F518D4, + 0xF3AA1BD4}; // Entry message @@ -144,7 +151,7 @@ void main() { hmac_block.data[i] = block_data[i]; hmac_lfsr_seed.kv_intf = FALSE; - hmac_lfsr_seed.data_size = 5; + hmac_lfsr_seed.data_size = 12; for (int i = 0; i < hmac_lfsr_seed.data_size; i++) hmac_lfsr_seed.data[i] = lfsr_seed_data[i]; diff --git a/src/integration/test_suites/smoke_test_kv_crypto_flow/smoke_test_kv_crypto_flow.c b/src/integration/test_suites/smoke_test_kv_crypto_flow/smoke_test_kv_crypto_flow.c index 12383a871..57d79fcfa 100644 --- a/src/integration/test_suites/smoke_test_kv_crypto_flow/smoke_test_kv_crypto_flow.c +++ b/src/integration/test_suites/smoke_test_kv_crypto_flow/smoke_test_kv_crypto_flow.c @@ -123,7 +123,7 @@ void kv_hmac(uint8_t key_id, uint8_t block_id, uint8_t tag_id){ uint32_t block[] = {0xcfc155a3,0x967de347,0xf58fa2e8,0xbbeb4183,0xd6d32f74,0x27155e6a,0xb39cddf2,0xe627c572,0x80000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000500}; - uint32_t lfsr_seed_data[]={0xC8F518D4,0xF3AA1BD4,0x6ED56C1C,0x3C9E16FB,0x800AF504}; //this is a random lfsr_seed 160-bit + uint32_t lfsr_seed_data[]={0xC8F518D4,0xF3AA1BD4,0x6ED56C1C,0x3C9E16FB,0x800AF504,0xC8F518D4,0xF3AA1BD4,0x6ED56C1C,0x3C9E16FB,0x800AF504,0xC8F518D4,0xF3AA1BD4}; //this is a random lfsr_seed uint32_t expected_tag[] = {0xaf2799d0,0x1f135a1e,0xf963dfd0,0x59f99604,0xb0e33be1,0xca38e70c,0x9b2c1073,0x1f17173a,0xd8f2681c,0xa64aeac5,0xf5a4b368,0x457460dc}; hmac_key.kv_intf = TRUE; @@ -135,7 +135,7 @@ void kv_hmac(uint8_t key_id, uint8_t block_id, uint8_t tag_id){ VPRINTF(LOW,"hmac block kv id = %x\n", hmac_block.kv_id); hmac_lfsr_seed.kv_intf = FALSE; - hmac_lfsr_seed.data_size = 5; + hmac_lfsr_seed.data_size = 12; for (int i = 0; i < hmac_lfsr_seed.data_size; i++) hmac_lfsr_seed.data[i] = rand() % 0xffffffff; diff --git a/src/integration/test_suites/smoke_test_kv_hmac_flow/smoke_test_kv_hmac_flow.c b/src/integration/test_suites/smoke_test_kv_hmac_flow/smoke_test_kv_hmac_flow.c index f43580d77..507a3bc09 100644 --- a/src/integration/test_suites/smoke_test_kv_hmac_flow/smoke_test_kv_hmac_flow.c +++ b/src/integration/test_suites/smoke_test_kv_hmac_flow/smoke_test_kv_hmac_flow.c @@ -109,12 +109,19 @@ void main() { 0x00000000, 0x00000440}; - //this is a random lfsr_seed 160-bit - uint32_t lfsr_seed_data[5] = {0xC8F518D4, - 0xF3AA1BD4, - 0x6ED56C1C, - 0x3C9E16FB, - 0x800AF504}; + //this is a random lfsr_seed + uint32_t lfsr_seed_data[12] = {0xC8F518D4, + 0xF3AA1BD4, + 0x6ED56C1C, + 0x3C9E16FB, + 0x800AF504, + 0xC8F518D4, + 0xF3AA1BD4, + 0x6ED56C1C, + 0x3C9E16FB, + 0x800AF504, + 0xC8F518D4, + 0xF3AA1BD4}; uint32_t expected_tag[12] = {0xb6a8d563, 0x6f5c6a72, @@ -149,7 +156,7 @@ void main() { hmac_block.data[i] = block[i]; hmac_lfsr_seed.kv_intf = FALSE; - hmac_lfsr_seed.data_size = 5; + hmac_lfsr_seed.data_size = 12; for (int i = 0; i < hmac_lfsr_seed.data_size; i++) hmac_lfsr_seed.data[i] = lfsr_seed_data[i]; diff --git a/src/integration/test_suites/smoke_test_zeroize_crypto/smoke_test_zeroize_crypto.c b/src/integration/test_suites/smoke_test_zeroize_crypto/smoke_test_zeroize_crypto.c index 5d2305faf..0fb74a00b 100644 --- a/src/integration/test_suites/smoke_test_zeroize_crypto/smoke_test_zeroize_crypto.c +++ b/src/integration/test_suites/smoke_test_zeroize_crypto/smoke_test_zeroize_crypto.c @@ -109,12 +109,19 @@ void main() { 0x00000000, 0x00000440}; - //this is a random lfsr_seed 160-bit - uint32_t lfsr_seed_data[5] = {0xC8F518D4, - 0xF3AA1BD4, - 0x6ED56C1C, - 0x3C9E16FB, - 0x800AF504}; + //this is a random lfsr_seed + uint32_t lfsr_seed_data[12] = {0xC8F518D4, + 0xF3AA1BD4, + 0x6ED56C1C, + 0x3C9E16FB, + 0x800AF504, + 0xC8F518D4, + 0xF3AA1BD4, + 0x6ED56C1C, + 0x3C9E16FB, + 0x800AF504, + 0xC8F518D4, + 0xF3AA1BD4}; uint32_t expected_tag[12] = {0xb6a8d563, 0x6f5c6a72, @@ -164,7 +171,7 @@ void main() { // Program LFSR_SEED reg_ptr = (uint32_t*) CLP_HMAC_REG_HMAC384_LFSR_SEED_0; offset = 0; - while (reg_ptr <= (uint32_t*) CLP_HMAC_REG_HMAC384_LFSR_SEED_4) { + while (reg_ptr <= (uint32_t*) CLP_HMAC_REG_HMAC384_LFSR_SEED_11) { *reg_ptr++ = lfsr_seed_data[offset++]; } diff --git a/src/sha512_masked/config/compile.yml b/src/sha512_masked/config/compile.yml index 224e563cd..174837a09 100755 --- a/src/sha512_masked/config/compile.yml +++ b/src/sha512_masked/config/compile.yml @@ -9,7 +9,7 @@ targets: files: - $COMPILE_ROOT/rtl/sha512_masked_defines_pkg.sv - $COMPILE_ROOT/rtl/sha512_masked_core.sv - - $COMPILE_ROOT/rtl/sha512_masked_lfsr.sv + - $COMPILE_ROOT/rtl/sha512_masked_w_mem.sv tops: [sha512_masked_core] #rtl_lint: #directories: [] diff --git a/src/sha512_masked/config/sha512_masked_core.vf b/src/sha512_masked/config/sha512_masked_core.vf index e9d04af99..5df569161 100644 --- a/src/sha512_masked/config/sha512_masked_core.vf +++ b/src/sha512_masked/config/sha512_masked_core.vf @@ -42,4 +42,4 @@ ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_w_mem.v ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_reg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_core.sv -${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_lfsr.sv \ No newline at end of file +${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_w_mem.sv \ No newline at end of file diff --git a/src/sha512_masked/config/sha512_masked_core_tb.vf b/src/sha512_masked/config/sha512_masked_core_tb.vf index b9fa2a419..fbbbffe17 100644 --- a/src/sha512_masked/config/sha512_masked_core_tb.vf +++ b/src/sha512_masked/config/sha512_masked_core_tb.vf @@ -44,4 +44,4 @@ ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_w_mem.v ${CALIPTRA_ROOT}/src/sha512/rtl/sha512_reg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv ${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_core.sv -${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_lfsr.sv \ No newline at end of file +${CALIPTRA_ROOT}/src/sha512_masked/rtl/sha512_masked_w_mem.sv \ No newline at end of file diff --git a/src/sha512_masked/rtl/sha512_masked_core.sv b/src/sha512_masked/rtl/sha512_masked_core.sv index 4ea9a5253..c6b0f97c2 100644 --- a/src/sha512_masked/rtl/sha512_masked_core.sv +++ b/src/sha512_masked/rtl/sha512_masked_core.sv @@ -56,9 +56,6 @@ module sha512_masked_core import sha512_masked_defines_pkg::*; - #( - parameter [73 : 0] LFSR_INIT_SEED = 74'h23A_A79D_0EC1_1E38_9277 // a random value - ) ( // Clock and reset. input wire clk, @@ -70,7 +67,7 @@ module sha512_masked_core input wire [1 : 0] mode, // Data port. - input wire [73 : 0] lfsr_seed, + input wire [191 : 0] entropy, input wire [1023 : 0] block_msg, @@ -96,11 +93,11 @@ module sha512_masked_core //---------------------------------------------------------------- // Registers including update variables and write enable. //---------------------------------------------------------------- - logic [73:0] lfsr_rnd; logic masking_init; logic masking_update; + logic [23:0][63:0] masking_rnd; logic [7:0][63:0] rh_masking_rnd; - logic [63:0] rw_masking_rnd; + logic [1023:0] rw_masking_rnd; logic [9:0] q_masking_rnd; logic init_reg_set; @@ -182,7 +179,6 @@ module sha512_masked_core masked_reg_t a_new_a2b; masked_reg_t e_new_a2b; - wire [63 : 0] w_val; wire [63 : 0] k_data; reg w_init; @@ -202,20 +198,6 @@ module sha512_masked_core //---------------------------------------------------------------- // Module instantiantions. //---------------------------------------------------------------- - sha512_masked_lfsr #( - .REG_SIZE(74), - .INIT_SEED(LFSR_INIT_SEED) - ) - lfsr_inst - ( - .clk(clk), - .reset_n(reset_n), - .zeroize(zeroize), - .en(init_cmd), - .seed(lfsr_seed), - .rnd(lfsr_rnd) - ); - sha512_k_constants k_constants_inst( .addr(round_ctr_reg), .K_val(k_data) @@ -236,87 +218,20 @@ module sha512_masked_core ); - sha512_w_mem w_mem_inst( + sha512_masked_w_mem w_mem_inst( .clk(clk), .reset_n(reset_n), .zeroize(zeroize), .block_msg(block_msg), + .rw_masking_rnd(rw_masking_rnd), + .entropy(entropy[4 : 0]), .init_cmd(w_init), .next_cmd(w_next), - .w_val(w_val) + .w_val(w_data) ); - //---------------------------------------------------------------- - // Function definition. - //---------------------------------------------------------------- - function masked_reg_t masked_not (input masked_reg_t x); - return {~x.masked, x.random}; - endfunction - - function reg [63:0] masked_and (input masked_reg_t x, y); - return ~y.masked & (~y.random & x.random | y.random & x.masked) | y.masked & (y.random & x.random | ~y.random & x.masked); //x & y; - endfunction - - function masked_reg_t masked_maj (input masked_reg_t a, b, c); - return {masked_and(a, b) ^ masked_and(a, c) ^ masked_and(b, c), b.random}; - endfunction - - function masked_reg_t masked_ch (input masked_reg_t e, f, g); - return {masked_and(e, f) ^ masked_and(g, masked_not(e)), e.random ^ g.random}; - endfunction - - function reg [63:0] sigma0 (input reg [63:0] x); - return {x[27 : 0], x[63 : 28]} ^ - {x[33 : 0], x[63 : 34]} ^ - {x[38 : 0], x[63 : 39]}; - endfunction - - function reg [63:0] sigma1 (input reg [63:0] x); - return {x[13 : 0], x[63 : 14]} ^ - {x[17 : 0], x[63 : 18]} ^ - {x[40 : 0], x[63 : 41]}; - endfunction - - function masked_reg_t masked_sum (input masked_reg_t x, y); - return {(x.masked + y.masked), (x.random + y.random)}; - endfunction - - function masked_reg_t B2A_conv (input masked_reg_t x, logic q); // convert x_masked = x ^ rnd to x_prime = x + rand - reg [63 : 0] masked_carry; // masked_carry[j] = c[j] ^ q - reg [63 : 0] x_prime; - for (int j = 0; j < 64 ; j++) begin - if (j == 0) begin - masked_carry[j] = ~x.masked[j] & (x.random[j] ^ q) | (x.masked[j] & q); - x_prime[j] = x.masked[j]; - end - else begin - masked_carry[j] = ~x.masked[j] & (x.random[j] ^ q) | x.masked[j] & masked_carry[j-1]; - x_prime[j] = (x.masked[j] ^ masked_carry[j-1]) ^ q; - end - end - return {x_prime, x.random}; - endfunction - - function masked_reg_t A2B_conv (input masked_reg_t x, logic q); // convert x_prime = x + rand to x_masked = x ^ rnd - reg [63 : 0] masked_carry; // masked_carry[j] = c[j] ^ q - reg [63 : 0] x_masked; - - for (int j = 0; j < 64 ; j++) begin - if (j == 0) begin - masked_carry[j] = (~x.masked[0] & x.random[0]) ^ q; - x_masked[j] = x.masked[j]; - end - else begin - masked_carry[j] = (x.masked[j] ^ x.random[j]) & (x.random[j] ^ q) | (~x.masked[j] ^ x.random[j]) & masked_carry[j-1]; - x_masked[j] = (x.masked[j] ^ masked_carry[j-1]) ^ q; - end - end - return {x_masked, x.random}; - endfunction - - //---------------------------------------------------------------- // Concurrent connectivity for ports etc. //---------------------------------------------------------------- @@ -327,7 +242,17 @@ module sha512_masked_core assign digest_valid = digest_valid_reg; + genvar i; + generate + for (i=0; i < 8; i++) begin : rh_masking_assign + assign rh_masking_rnd[i] = masking_rnd[i]; + end + endgenerate + assign rw_masking_rnd = {masking_rnd[08], masking_rnd[09], masking_rnd[10], masking_rnd[11], + masking_rnd[12], masking_rnd[13], masking_rnd[14], masking_rnd[15], + masking_rnd[16], masking_rnd[17], masking_rnd[18], masking_rnd[19], + masking_rnd[20], masking_rnd[21], masking_rnd[22], masking_rnd[23]}; //---------------------------------------------------------------- // reg_update // Update functionality for all registers in the core. @@ -359,7 +284,7 @@ module sha512_masked_core round_ctr_reg <= 7'h0; rnd_ctr_reg <= 7'h0; sha512_ctrl_reg <= CTRL_IDLE; - rh_masking_rnd <= '0; + masking_rnd <= '0; end else if (zeroize) @@ -385,7 +310,7 @@ module sha512_masked_core round_ctr_reg <= 7'h0; rnd_ctr_reg <= 7'h0; sha512_ctrl_reg <= CTRL_IDLE; - rh_masking_rnd <= '0; + masking_rnd <= '0; end else @@ -429,8 +354,11 @@ module sha512_masked_core if (sha512_ctrl_we) sha512_ctrl_reg <= sha512_ctrl_new; - if (masking_init) - rh_masking_rnd[rnd_ctr_reg[2 : 0]] <= lfsr_rnd[63 : 0]; + if (masking_init) begin + masking_rnd[3*rnd_ctr_reg[2 : 0]] <= entropy[63 : 0]; + masking_rnd[3*rnd_ctr_reg[2 : 0]+1] <= entropy[127 : 64]; + masking_rnd[3*rnd_ctr_reg[2 : 0]+2] <= entropy[191 : 128]; + end end end // reg_update @@ -490,16 +418,6 @@ module sha512_masked_core end end // digest_logic - - //---------------------------------------------------------------- - // Mask the w_data - // - // - //---------------------------------------------------------------- - always @* begin : w_data_logic - w_data = {w_val ^ rw_masking_rnd, rw_masking_rnd}; - end - //---------------------------------------------------------------- // t1_logic // @@ -687,15 +605,13 @@ module sha512_masked_core // Update logic for the rw_masking_rnd and q_masking_rnd //---------------------------------------------------------------- always @* - begin : masking_rnd + begin : masking_random masking_init = rnd_ctr_inc; masking_update = round_ctr_inc; - rw_masking_rnd = '0; q_masking_rnd = '0; if (masking_update) begin - rw_masking_rnd = lfsr_rnd[63 : 0]; - q_masking_rnd = lfsr_rnd[73 : 64]; + q_masking_rnd = entropy[14 : 5]; end end // masking_rnd diff --git a/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv b/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv index 1519894f7..14c986ffa 100644 --- a/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv +++ b/src/sha512_masked/rtl/sha512_masked_defines_pkg.sv @@ -22,6 +22,86 @@ package sha512_masked_defines_pkg; reg [63:0] random; } masked_reg_t; + //---------------------------------------------------------------- + // Function definition. + //---------------------------------------------------------------- + function masked_reg_t masked_not (input masked_reg_t x); + return {~x.masked, x.random}; + endfunction + + function reg [63:0] masked_and (input masked_reg_t x, y); + return ~y.masked & (~y.random & x.random | y.random & x.masked) | y.masked & (y.random & x.random | ~y.random & x.masked); //x & y; + endfunction + + function masked_reg_t masked_maj (input masked_reg_t a, b, c); + return {masked_and(a, b) ^ masked_and(a, c) ^ masked_and(b, c), b.random}; + endfunction + + function masked_reg_t masked_ch (input masked_reg_t e, f, g); + return {masked_and(e, f) ^ masked_and(g, masked_not(e)), e.random ^ g.random}; + endfunction + + function reg [63:0] sigma0 (input reg [63:0] x); + return {x[27 : 0], x[63 : 28]} ^ + {x[33 : 0], x[63 : 34]} ^ + {x[38 : 0], x[63 : 39]}; + endfunction + + function reg [63:0] sigma1 (input reg [63:0] x); + return {x[13 : 0], x[63 : 14]} ^ + {x[17 : 0], x[63 : 18]} ^ + {x[40 : 0], x[63 : 41]}; + endfunction + + function reg [63:0] ROT1 (input reg [63:0] x); + return {x[0], x[63 : 1]} ^ // ROTR1 + {x[7 : 0], x[63 : 8]} ^ // ROTR8 + {7'b0000000, x[63 : 7]}; // SHR7 + endfunction + + function reg [63:0] ROT14 (input reg [63:0] x); + return {x[18 : 0], x[63 : 19]} ^ // ROTR19 + {x[60 : 0], x[63 : 61]} ^ // ROTR61 + {6'b000000, x[63 : 6]}; // SHR6 + endfunction + + function masked_reg_t masked_sum (input masked_reg_t x, y); + return {(x.masked + y.masked), (x.random + y.random)}; + endfunction + + function masked_reg_t B2A_conv (input masked_reg_t x, logic q); // convert x_masked = x ^ rnd to x_prime = x + rand + reg [63 : 0] masked_carry; // masked_carry[j] = c[j] ^ q + reg [63 : 0] x_prime; + for (int j = 0; j < 64 ; j++) begin + if (j == 0) begin + masked_carry[j] = ~x.masked[j] & (x.random[j] ^ q) | (x.masked[j] & q); + x_prime[j] = x.masked[j]; + end + else begin + masked_carry[j] = ~x.masked[j] & (x.random[j] ^ q) | x.masked[j] & masked_carry[j-1]; + x_prime[j] = (x.masked[j] ^ masked_carry[j-1]) ^ q; + end + end + return {x_prime, x.random}; + endfunction + + function masked_reg_t A2B_conv (input masked_reg_t x, logic q); // convert x_prime = x + rand to x_masked = x ^ rnd + reg [63 : 0] masked_carry; // masked_carry[j] = c[j] ^ q + reg [63 : 0] x_masked; + + for (int j = 0; j < 64 ; j++) begin + if (j == 0) begin + masked_carry[j] = (~x.masked[0] & x.random[0]) ^ q; + x_masked[j] = x.masked[j]; + end + else begin + masked_carry[j] = (x.masked[j] ^ x.random[j]) & (x.random[j] ^ q) | (~x.masked[j] ^ x.random[j]) & masked_carry[j-1]; + x_masked[j] = (x.masked[j] ^ masked_carry[j-1]) ^ q; + end + end + return {x_masked, x.random}; + endfunction + endpackage `endif \ No newline at end of file diff --git a/src/sha512_masked/rtl/sha512_masked_lfsr.sv b/src/sha512_masked/rtl/sha512_masked_lfsr.sv deleted file mode 100644 index 49ef3076c..000000000 --- a/src/sha512_masked/rtl/sha512_masked_lfsr.sv +++ /dev/null @@ -1,74 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//====================================================================== -// -// sha512_masked_lfsr.sv -// ------ -// 74-bit LFSR -// -//====================================================================== - -module sha512_masked_lfsr -#( - parameter REG_SIZE = 74, - parameter [REG_SIZE-1 : 0] INIT_SEED = 74'h23A_A79D_0EC1_1E38_9277 // a random value -) -( - // Clock and reset. - input wire clk, - input wire reset_n, - input wire zeroize, - - //Control - input wire en, - - //Data - input wire [REG_SIZE-1 : 0] seed, - output wire [REG_SIZE-1 : 0] rnd -); - - //---------------------------------------------------------------- - // Registers including update variables and write enable. - //---------------------------------------------------------------- - reg [REG_SIZE-1 : 0] rnd_reg; - reg [REG_SIZE-1 : 0] rnd_next; - - logic feedback; - - //---------------------------------------------------------------- - // reg_update - // Update functionality for all registers in the core. - //---------------------------------------------------------------- - - // TAPs are: 74,73,59,58 based on Xilinx doc: https://docs.xilinx.com/v/u/en-US/xapp052 - always_comb feedback = rnd_reg[73] ^ rnd_reg[72] ^ rnd_reg[58] ^ rnd_reg[57]; - - always_comb rnd_next = {rnd_reg[REG_SIZE-2 : 0], feedback}; - - always_ff @ (posedge clk or negedge reset_n) - begin - if (!reset_n) - rnd_reg <= INIT_SEED; - else if (zeroize) - rnd_reg <= INIT_SEED; - else if (en) - rnd_reg <= seed; - else - rnd_reg <= rnd_next; - end - - assign rnd = rnd_reg; - -endmodule \ No newline at end of file diff --git a/src/sha512_masked/rtl/sha512_masked_w_mem.sv b/src/sha512_masked/rtl/sha512_masked_w_mem.sv new file mode 100644 index 000000000..f07789401 --- /dev/null +++ b/src/sha512_masked/rtl/sha512_masked_w_mem.sv @@ -0,0 +1,290 @@ +//====================================================================== +// +// sha512_masked_w_mem_regs.v +// ------------------- +// The W memory for the SHA-512 core. This version uses 16 +// 32-bit registers as a sliding window to generate the 64 words. +// +// +// Author: Joachim Strombergson +// Copyright (c) 2014 Secworks Sweden AB +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or +// without modification, are permitted provided that the following +// conditions are met: +// +// 1. Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright +// notice, this list of conditions and the following disclaimer in +// the documentation and/or other materials provided with the +// distribution. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +// ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +// +//====================================================================== + +module sha512_masked_w_mem + import sha512_masked_defines_pkg::*; + ( + input wire clk, + input wire reset_n, + input wire zeroize, + + input wire [1023 : 0] block_msg, + input wire [1023 : 0] rw_masking_rnd, + input wire [4 : 0] entropy, + + input wire init_cmd, + input wire next_cmd, + output wire masked_reg_t w_val + ); + + + //---------------------------------------------------------------- + // Registers including update variables and write enable. + //---------------------------------------------------------------- + masked_reg_t w_mem [0 : 15]; + masked_reg_t w_mem00_new; + masked_reg_t w_mem01_new; + masked_reg_t w_mem02_new; + masked_reg_t w_mem03_new; + masked_reg_t w_mem04_new; + masked_reg_t w_mem05_new; + masked_reg_t w_mem06_new; + masked_reg_t w_mem07_new; + masked_reg_t w_mem08_new; + masked_reg_t w_mem09_new; + masked_reg_t w_mem10_new; + masked_reg_t w_mem11_new; + masked_reg_t w_mem12_new; + masked_reg_t w_mem13_new; + masked_reg_t w_mem14_new; + masked_reg_t w_mem15_new; + reg w_mem_we; + + reg [6 : 0] w_ctr_reg; + reg [6 : 0] w_ctr_new; + reg w_ctr_we; + + //---------------------------------------------------------------- + // Wires. + //---------------------------------------------------------------- + masked_reg_t w_tmp; + masked_reg_t w_new; + + + //---------------------------------------------------------------- + // Concurrent connectivity for ports etc. + //---------------------------------------------------------------- + assign w_val = w_tmp; + + + //---------------------------------------------------------------- + // reg_update + // Update functionality for all registers in the core. + // All registers are positive edge triggered with asynchronous + // active low reset. All registers have write enable. + //---------------------------------------------------------------- + always @ (posedge clk or negedge reset_n) + begin : reg_update + integer ii; + + if (!reset_n) begin + for (ii = 0; ii < 16; ii = ii + 1) + w_mem[ii] <= {64'h0, 64'h0}; + + w_ctr_reg <= 7'h0; + end + else begin + if (zeroize) begin + for (ii = 0; ii < 16; ii = ii + 1) + w_mem[ii] <= {64'h0, 64'h0}; + + w_ctr_reg <= 7'h0; + end + else begin + if (w_mem_we) + begin + w_mem[00] <= w_mem00_new; + w_mem[01] <= w_mem01_new; + w_mem[02] <= w_mem02_new; + w_mem[03] <= w_mem03_new; + w_mem[04] <= w_mem04_new; + w_mem[05] <= w_mem05_new; + w_mem[06] <= w_mem06_new; + w_mem[07] <= w_mem07_new; + w_mem[08] <= w_mem08_new; + w_mem[09] <= w_mem09_new; + w_mem[10] <= w_mem10_new; + w_mem[11] <= w_mem11_new; + w_mem[12] <= w_mem12_new; + w_mem[13] <= w_mem13_new; + w_mem[14] <= w_mem14_new; + w_mem[15] <= w_mem15_new; + end + + if (w_ctr_we) + w_ctr_reg <= w_ctr_new; + end + end + end // reg_update + + + //---------------------------------------------------------------- + // select_w + // + // Mux for the external read operation. This is where we exract + // the W variable. + //---------------------------------------------------------------- + always @* + begin : select_w + if (w_ctr_reg < 16) + w_tmp = w_mem[w_ctr_reg[3 : 0]]; + else + w_tmp = w_new; + end // select_w + + + //---------------------------------------------------------------- + // w_new_logic + // + // Logic that calculates the next value to be inserted into + // the sliding window of the memory. + //---------------------------------------------------------------- + masked_reg_t w_0; + masked_reg_t w_1; + masked_reg_t w_9; + masked_reg_t w_14; + masked_reg_t d0; + masked_reg_t d1; + + masked_reg_t w_0_b2a; + masked_reg_t w_9_b2a; + masked_reg_t d0_b2a; + masked_reg_t d1_b2a; + + always @* + begin : w_mem_update_logic + + + w_mem00_new = {64'h0, 64'h0}; + w_mem01_new = {64'h0, 64'h0}; + w_mem02_new = {64'h0, 64'h0}; + w_mem03_new = {64'h0, 64'h0}; + w_mem04_new = {64'h0, 64'h0}; + w_mem05_new = {64'h0, 64'h0}; + w_mem06_new = {64'h0, 64'h0}; + w_mem07_new = {64'h0, 64'h0}; + w_mem08_new = {64'h0, 64'h0}; + w_mem09_new = {64'h0, 64'h0}; + w_mem10_new = {64'h0, 64'h0}; + w_mem11_new = {64'h0, 64'h0}; + w_mem12_new = {64'h0, 64'h0}; + w_mem13_new = {64'h0, 64'h0}; + w_mem14_new = {64'h0, 64'h0}; + w_mem15_new = {64'h0, 64'h0}; + w_mem_we = 0; + + w_0 = w_mem[0]; + w_1 = w_mem[1]; + w_9 = w_mem[9]; + w_14 = w_mem[14]; + + d0 = {ROT1(w_1.masked), ROT1(w_1.random)}; + + d1 = {ROT14(w_14.masked), ROT14(w_14.random)}; + + w_0_b2a = B2A_conv(w_0, entropy[0]); + d0_b2a = B2A_conv(d0, entropy[1]); + w_9_b2a = B2A_conv(w_9, entropy[2]); + d1_b2a = B2A_conv(d1, entropy[3]); + + //w_new = w_0 + d0 + w_9 + d1; + w_new = A2B_conv(masked_sum(w_0_b2a, masked_sum(d0_b2a, masked_sum(w_9_b2a, d1_b2a))), entropy[4]); + + if (init_cmd) + begin + w_mem00_new = {block_msg[1023 : 960] ^ rw_masking_rnd[1023 : 960], rw_masking_rnd[1023 : 960]}; + w_mem01_new = {block_msg[959 : 896] ^ rw_masking_rnd[959 : 896], rw_masking_rnd[959 : 896]}; + w_mem02_new = {block_msg[895 : 832] ^ rw_masking_rnd[895 : 832], rw_masking_rnd[895 : 832]}; + w_mem03_new = {block_msg[831 : 768] ^ rw_masking_rnd[831 : 768], rw_masking_rnd[831 : 768]}; + w_mem04_new = {block_msg[767 : 704] ^ rw_masking_rnd[767 : 704], rw_masking_rnd[767 : 704]}; + w_mem05_new = {block_msg[703 : 640] ^ rw_masking_rnd[703 : 640], rw_masking_rnd[703 : 640]}; + w_mem06_new = {block_msg[639 : 576] ^ rw_masking_rnd[639 : 576], rw_masking_rnd[639 : 576]}; + w_mem07_new = {block_msg[575 : 512] ^ rw_masking_rnd[575 : 512], rw_masking_rnd[575 : 512]}; + w_mem08_new = {block_msg[511 : 448] ^ rw_masking_rnd[511 : 448], rw_masking_rnd[511 : 448]}; + w_mem09_new = {block_msg[447 : 384] ^ rw_masking_rnd[447 : 384], rw_masking_rnd[447 : 384]}; + w_mem10_new = {block_msg[383 : 320] ^ rw_masking_rnd[383 : 320], rw_masking_rnd[383 : 320]}; + w_mem11_new = {block_msg[319 : 256] ^ rw_masking_rnd[319 : 256], rw_masking_rnd[319 : 256]}; + w_mem12_new = {block_msg[255 : 192] ^ rw_masking_rnd[255 : 192], rw_masking_rnd[255 : 192]}; + w_mem13_new = {block_msg[191 : 128] ^ rw_masking_rnd[191 : 128], rw_masking_rnd[191 : 128]}; + w_mem14_new = {block_msg[127 : 64] ^ rw_masking_rnd[127 : 64], rw_masking_rnd[127 : 64]}; + w_mem15_new = {block_msg[63 : 0] ^ rw_masking_rnd[63 : 0], rw_masking_rnd[63 : 0]}; + w_mem_we = 1; + end + + if (next_cmd && (w_ctr_reg > 15)) + begin + w_mem00_new = w_mem[01]; + w_mem01_new = w_mem[02]; + w_mem02_new = w_mem[03]; + w_mem03_new = w_mem[04]; + w_mem04_new = w_mem[05]; + w_mem05_new = w_mem[06]; + w_mem06_new = w_mem[07]; + w_mem07_new = w_mem[08]; + w_mem08_new = w_mem[09]; + w_mem09_new = w_mem[10]; + w_mem10_new = w_mem[11]; + w_mem11_new = w_mem[12]; + w_mem12_new = w_mem[13]; + w_mem13_new = w_mem[14]; + w_mem14_new = w_mem[15]; + w_mem15_new = w_new; + w_mem_we = 1; + end + end // w_mem_update_logic + + + //---------------------------------------------------------------- + // w_ctr + // W schedule adress counter. Counts from 0x10 to 0x3f and + // is used to expand the block into words. + //---------------------------------------------------------------- + always @* + begin : w_ctr + w_ctr_new = 7'h0; + w_ctr_we = 1'h0; + + if (init_cmd) + begin + w_ctr_new = 7'h00; + w_ctr_we = 1'h1; + end + + if (next_cmd) + begin + w_ctr_new = w_ctr_reg + 7'h01; + w_ctr_we = 1'h1; + end + end // w_ctr + +endmodule // sha512_w_mem + +//====================================================================== +// EOF sha512_masked_w_mem.v +//====================================================================== \ No newline at end of file