Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crypto enhancement #594

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Crypto enhancement #594

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
acce92d
froze adder inputs to fix issue 194
Sep 16, 2024
8ca7970
removed deadcode found by FPV
Sep 16, 2024
f8ae71b
removed sca_en from ecc
Sep 16, 2024
eeaf65c
protect lfsr to stuck and remove zeroize from counter
Sep 17, 2024
b9fe057
Stop faulty ECC from continuing before zeroize
Sep 17, 2024
c84c92f
synchronized hmac_drbg READY to VALID by removing one cycle delay
Sep 18, 2024
6be8026
code cleanup
Sep 18, 2024
0ead3ca
Merge branch 'main' into mojtaba_crypto_enhancement
Sep 18, 2024
11b34e4
Merge branch 'main' of ssh://github.com/chipsalliance/caliptra-rtl in…
Sep 18, 2024
4a5ab72
remove one extra iteration in ecc_scalar_blinding
mojtaba-bisheh Sep 19, 2024
de14405
updated ecc error to be a pulse
mojtaba-bisheh Oct 10, 2024
16ca8fc
MICROSOFT AUTOMATED PIPELINE: Stamp 'mojtaba_crypto_enhancement' with…
mojtaba-bisheh Oct 10, 2024
68bd4aa
Merge branch 'main' into mojtaba_crypto_enhancement
mojtaba-bisheh Oct 10, 2024
921f1c1
merged by main
mojtaba-bisheh Oct 10, 2024
ffa9ba9
MICROSOFT AUTOMATED PIPELINE: Stamp 'mojtaba_crypto_enhancement' with…
mojtaba-bisheh Oct 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions src/doe/rtl/doe_core_cbc.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,8 +250,6 @@ module doe_core_cbc(
st_IV_engine_stars:
begin
if (IV_updated_delayed)
IV_enc_state <= st_IV_engine_idle;
else if(enc_ready)
IV_enc_state <= st_IV_engine_idle;
else
IV_enc_state <= st_IV_engine_stars;
Expand Down
13 changes: 10 additions & 3 deletions src/ecc/rtl/ecc_add_sub_mod_alter.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,23 +76,30 @@ module ecc_add_sub_mod_alter #(
);


assign sub_n = !sub_i;
assign opb0 = sub_i ? ~opb_i : opb_i;
assign opb1 = sub_i ? prime_i : ~prime_i;

always_ff @(posedge clk or negedge reset_n)
begin
if(!reset_n) begin
r0_reg <= '0;
carry0_reg <= '0;
sub_n <= '0;
opb1 <= '0;
end
else if (zeroize) begin
r0_reg <= '0;
carry0_reg <= '0;
sub_n <= '0;
opb1 <= '0;
end
else if (add_en_i) begin
r0_reg <= r0;
carry0_reg <= carry0;
sub_n <= !sub_i;
if (sub_i)
opb1 <= prime_i;
else
opb1 <= ~prime_i;
end
end

Expand All @@ -110,6 +117,6 @@ module ecc_add_sub_mod_alter #(

assign ready_o = push_result_reg[0];

assign res_o = sub_n ? (carry0_reg ^ carry1)? r1 : r0 : (carry0_reg) ? r0 : r1;
assign res_o = sub_n ? (carry0_reg ^ carry1)? r1 : r0_reg : (carry0_reg) ? r0_reg : r1;

endmodule
2 changes: 0 additions & 2 deletions src/ecc/rtl/ecc_arith_unit.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@ module ecc_arith_unit

// DATA PORT
input wire [3 : 0] ecc_cmd_i,
input wire sca_en_i,
input wire [ADDR_WIDTH-1 : 0] addr_i,
input wire wr_op_sel_i,
input wire wr_en_i,
Expand Down Expand Up @@ -101,7 +100,6 @@ module ecc_arith_unit
.reset_n(reset_n),
.zeroize(zeroize),
.ecc_cmd_i(ecc_cmd_i),
.sca_en_i(sca_en_i),
.digit_i(digit_in),
.instr_o(ecc_instr_s),
.req_digit_o(req_digit),
Expand Down
70 changes: 24 additions & 46 deletions src/ecc/rtl/ecc_dsa_ctrl.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,9 +142,7 @@ module ecc_dsa_ctrl
logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] r_reg;
logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] s_reg;
logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] IV_reg;
logic [REG_SIZE-1 : 0] lambda;
logic [REG_SIZE-1 : 0] lambda_reg;
logic [REG_SIZE-1 : 0] masking_rnd;
logic [REG_SIZE-1 : 0] masking_rnd_reg;
logic [REG_SIZE-1 : 0] pk_chk_reg;

Expand All @@ -153,7 +151,6 @@ module ecc_dsa_ctrl

logic [REG_SIZE-1 : 0] scalar_in_reg;
logic [REG_SIZE-1 : 0] scalar_rnd_reg;
logic [(REG_SIZE+RND_SIZE)-1 : 0] scalar_out;
logic [(REG_SIZE+RND_SIZE)-1 : 0] scalar_out_reg;
logic scalar_sca_en;
logic scalar_sca_busy_o;
Expand All @@ -164,10 +161,6 @@ module ecc_dsa_ctrl
logic [REG_SIZE-1 : 0] hmac_drbg_result;
logic hmac_busy;

logic sca_point_rnd_en;
logic sca_mask_sign_en;
logic sca_scalar_rnd_en;

//interface with kv client
logic kv_privkey_write_en;
logic [REG_OFFSET_W-1:0] kv_privkey_write_offset;
Expand Down Expand Up @@ -214,7 +207,6 @@ module ecc_dsa_ctrl

logic error_flag;
logic error_flag_reg;
logic error_flag_edge;

//----------------------------------------------------------------
// Module instantiantions.
Expand Down Expand Up @@ -247,7 +239,6 @@ module ecc_dsa_ctrl
.reset_n(reset_n),
.zeroize(zeroize_reg),
.ecc_cmd_i(pm_cmd_reg),
.sca_en_i(sca_scalar_rnd_en),
.addr_i(prog_instr.mem_addr),
.wr_op_sel_i(prog_instr.opcode.op_sel),

Expand All @@ -274,9 +265,9 @@ module ecc_dsa_ctrl
.privKey(privkey_reg),
.hashed_msg(msg_reduced_reg),
.IV(IV_reg),
.lambda(lambda),
.lambda(lambda_reg),
.scalar_rnd(scalar_rnd_reg),
.masking_rnd(masking_rnd),
.masking_rnd(masking_rnd_reg),
.drbg(hmac_drbg_result)
);

Expand All @@ -293,21 +284,10 @@ module ecc_dsa_ctrl
.en_i(scalar_sca_en),
.data_i(scalar_in_reg),
.rnd_i(scalar_rnd_reg[RND_SIZE-1 : 0]),
.data_o(scalar_out),
.data_o(scalar_out_reg),
.busy_o(scalar_sca_busy_o)
);

//----------------------------------------------------------------
// side-channel config update
// Update functionality for SCA registers in the core.
//----------------------------------------------------------------

always_comb
begin : SCA_config
scalar_out_reg = (sca_scalar_rnd_en)? scalar_out : (REG_SIZE+RND_SIZE)'(scalar_in_reg << RND_SIZE);
lambda_reg = (sca_point_rnd_en)? lambda : ONE_CONST;
masking_rnd_reg = (sca_mask_sign_en)? masking_rnd : ZERO_CONST;
end // SCA_config

//----------------------------------------------------------------
// ecc_reg_update
Expand All @@ -319,10 +299,6 @@ module ecc_dsa_ctrl
//Mask the command if KV clients are not idle
cmd_reg = {hwif_out.ECC_CTRL.DH_SHAREDKEY.value, hwif_out.ECC_CTRL.CTRL.value} & {3{kv_seed_ready}} & {3{kv_privkey_ready}};
zeroize_reg = hwif_out.ECC_CTRL.ZEROIZE.value || debugUnlock_or_scan_mode_switch;

sca_point_rnd_en = 1'b1;
sca_mask_sign_en = 1'b1;
sca_scalar_rnd_en = 1'b1;
end

//there is a clk cycle memory read delay between hw_privkey_we and read_reg
Expand Down Expand Up @@ -674,18 +650,13 @@ module ecc_dsa_ctrl

always_ff @(posedge clk or negedge reset_n)
begin : error_detection
if(!reset_n) begin
error_flag_reg <= '0;
end
else if(zeroize_reg) begin
error_flag_reg <= '0;
end
else begin
error_flag_reg <= error_flag;
end
if(!reset_n)
error_flag_reg <= 1'b0;
else if(zeroize_reg)
error_flag_reg <= 1'b0;
else if (error_flag)
error_flag_reg <= 1'b1;
end // error_detection

assign error_flag_edge = error_flag & (!error_flag_reg);

assign privkey_input_outofrange = signing_process & ((privkey_reg == 0) | (privkey_reg >= GROUP_ORDER));
assign r_output_outofrange = signing_process & (hw_r_we & (read_reg == 0));
Expand Down Expand Up @@ -738,15 +709,22 @@ module ecc_dsa_ctrl
verifying_process <= 0;
sharedkey_process <= 0;
end
else if (error_flag | error_flag_reg) begin
prog_cntr <= ECC_NOP;
cycle_cnt <= '0;
pm_cmd_reg <= '0;
ecc_valid_reg <= 0;
scalar_G_sel <= 0;
hmac_mode <= '0;
hmac_init <= 0;
scalar_sca_en <= 0;
keygen_process <= 0;
signing_process <= 0;
verifying_process <= 0;
sharedkey_process <= 0;
end
else begin
if (error_flag_edge) begin
prog_cntr <= ECC_NOP;
cycle_cnt <= 2'd3;
pm_cmd_reg <= '0;
scalar_sca_en <= 0;
hmac_init <= 0;
end
else if (subcomponent_busy) begin //Stalled until sub-component is done
if (subcomponent_busy) begin //Stalled until sub-component is done
prog_cntr <= prog_cntr;
cycle_cnt <= 2'd3;
pm_cmd_reg <= '0;
Expand Down
14 changes: 5 additions & 9 deletions src/ecc/rtl/ecc_hmac_drbg_interface.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,7 @@

module ecc_hmac_drbg_interface#(
parameter REG_SIZE = 384,
parameter [REG_SIZE-1 : 0] GROUP_ORDER = 384'hffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973,
parameter [REG_SIZE-1 : 0] LFSR_INIT_SEED = 384'hc48555929cd58779f4819c1e6570c2ef20bccd503284e2d366f3273a66e9719b07ac999c80740d6277af88ceb4c3029c // a random value
parameter [REG_SIZE-1 : 0] GROUP_ORDER = 384'hffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973
)
(
// Clock and reset.
Expand Down Expand Up @@ -115,8 +114,7 @@ module ecc_hmac_drbg_interface#(

hmac_drbg #(
.REG_SIZE(REG_SIZE),
.HMAC_DRBG_PRIME(GROUP_ORDER),
.LFSR_INIT_SEED(LFSR_INIT_SEED)
.HMAC_DRBG_PRIME(GROUP_ORDER)
)
hmac_drbg_i (
.clk(clk),
Expand Down Expand Up @@ -200,14 +198,14 @@ module ecc_hmac_drbg_interface#(
scalar_rnd_reg <= '0;
masking_rnd_reg <= '0;
drbg_reg <= '0;
lfsr_seed_reg <= LFSR_INIT_SEED;
lfsr_seed_reg <= '0;
end
else if (zeroize) begin
lambda_reg <= '0;
scalar_rnd_reg <= '0;
masking_rnd_reg <= '0;
drbg_reg <= '0;
lfsr_seed_reg <= LFSR_INIT_SEED;
lfsr_seed_reg <= '0;
end
else
if (hmac_done_edge) begin
Expand All @@ -223,7 +221,7 @@ module ecc_hmac_drbg_interface#(
scalar_rnd_reg <= '0;
masking_rnd_reg <= '0;
drbg_reg <= '0;
lfsr_seed_reg <= LFSR_INIT_SEED;
lfsr_seed_reg <= '0;
end
endcase
end
Expand Down Expand Up @@ -263,8 +261,6 @@ module ecc_hmac_drbg_interface#(
begin : counter_reg_update
if (!reset_n)
counter_reg <= '0;
else if (zeroize)
counter_reg <= '0;
else
counter_reg <= counter_reg + 1;
end // counter_reg_update
Expand Down
9 changes: 4 additions & 5 deletions src/ecc/rtl/ecc_pm_ctrl.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,6 @@ module ecc_pm_ctrl

// from arith_unit
input wire [3 : 0] ecc_cmd_i,
input wire sca_en_i,
input wire digit_i,
output pm_instr_struct_t instr_o,
output logic req_digit_o,
Expand Down Expand Up @@ -160,19 +159,19 @@ module ecc_pm_ctrl
default : begin stalled <= 1'b0; stall_cntr <= '0; end
endcase
end
else if ((!stalled) | (stalled & (stall_cntr == 0))) begin
else begin
stalled <= 0;
unique case (prog_cntr)
NOP : begin // Waiting for new valid command
ecc_cmd_reg <= ecc_cmd_i;
unique case (ecc_cmd_i)
KEYGEN_CMD : begin // keygen
mont_cntr <= (sca_en_i)? Secp384_SCA_MONT_COUNT : Secp384_MONT_COUNT;
mont_cntr <= Secp384_SCA_MONT_COUNT;
prog_cntr <= PM_INIT_G_S;
end

SIGN_CMD : begin // signing
mont_cntr <= (sca_en_i)? Secp384_SCA_MONT_COUNT : Secp384_MONT_COUNT;
mont_cntr <= Secp384_SCA_MONT_COUNT;
prog_cntr <= PM_INIT_G_S;
end

Expand All @@ -194,7 +193,7 @@ module ecc_pm_ctrl
end

DH_SHARED_CMD : begin // DH shared key
mont_cntr <= (sca_en_i)? Secp384_SCA_MONT_COUNT : Secp384_MONT_COUNT;
mont_cntr <= Secp384_SCA_MONT_COUNT;
prog_cntr <= PM_INIT_DH_S;
end

Expand Down
10 changes: 5 additions & 5 deletions src/ecc/rtl/ecc_scalar_blinding.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ module ecc_scalar_blinding #(
// Equivalent to $ceil(REG_SIZE/RADIX) + 1
localparam REG_DIG_NUM = (((REG_SIZE + RADIX) - 1) / RADIX) + 1; //13
localparam RND_DIG_NUM = (((RND_SIZE + RADIX) - 1) / RADIX) + 1; //7
localparam FULL_DIG_NUM = REG_DIG_NUM + RND_DIG_NUM; //20
localparam FULL_DIG_NUM = REG_DIG_NUM + RND_DIG_NUM - 1; //19

localparam FULL_REG_SIZE = REG_DIG_NUM * RADIX;
localparam FULL_RND_SIZE = RND_DIG_NUM * RADIX;
Expand Down Expand Up @@ -225,14 +225,14 @@ module ecc_scalar_blinding #(

always_ff @(posedge clk or negedge reset_n) begin
if (!reset_n) begin
product_idx_reg <= FULL_DIG_NUM[P_ARR_WIDTH-1 : 0] - 1;
product_idx_reg <= FULL_DIG_NUM[P_ARR_WIDTH-1 : 0];
operand_idx_reg <= '0;
shift_state <= 0;
add1_cin <= 0;
carry_garbage_bits0 <= '0;
end
else if (zeroize) begin
product_idx_reg <= FULL_DIG_NUM[P_ARR_WIDTH-1 : 0] - 1;
product_idx_reg <= FULL_DIG_NUM[P_ARR_WIDTH-1 : 0];
operand_idx_reg <= '0;
shift_state <= 0;
add1_cin <= 0;
Expand All @@ -245,7 +245,7 @@ module ecc_scalar_blinding #(
add1_cin <= 0;
end
else begin
if (product_idx < (FULL_DIG_NUM-1)) begin
if (product_idx < FULL_DIG_NUM) begin
if (shift_state) begin
product_idx_reg <= product_idx + 1;
if (product_idx < (REG_DIG_NUM-1))
Expand All @@ -272,7 +272,7 @@ module ecc_scalar_blinding #(

assign accu_store = (accu_done)? 0 : (!shift_state);
assign accu_shift = (accu_done)? 0 : shift_state;
assign accu_done = (product_idx == (FULL_DIG_NUM-1));
assign accu_done = (product_idx == FULL_DIG_NUM);

// Determines which a and b is pushed through the multiplier
always_comb begin
Expand Down
Loading
Loading