Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crypto enhancement #594

Merged
merged 15 commits into from
Oct 18, 2024
Merged

Crypto enhancement #594

merged 15 commits into from
Oct 18, 2024

Conversation

mojtaba-bisheh
Copy link
Contributor

@mojtaba-bisheh mojtaba-bisheh commented Sep 18, 2024
edited
Loading

Enhanced crypto modules including:

  1. remove deadcode in doe_core_cbc (found by FPV)
    dead code in line 254-255 doe_core_cbc.sv:
    else if(enc_ready)
    IV_enc_state <= st_IV_engine_idle;

  2. froze adder inputs to fix [ECC] add_sub_mod_alter ready not aligned with result  #194 (found by FPV)
    With this PR, there is no more constraints on keeping inputs fixed. The only constraint is having a single pulse add_en_i, and do not enable it again until ready_o.

  3. remove sca_en_i since countermeasures are hardcoded to be enabled (found by FPV)

  4. remove deadcode in ecc_pm_ctrl:163 (found by FPV)
    in ecc_pm_ctrl:163 the last else if () is always taken. This PR switches to just else to avoid confusion.

  5. Stop faulty ECC from continuing before zeroize (found by FPV): When the error happens for the first time, the error flag goes high and will remain high until zeroize. We expect that uC issues zeroize if there is an error in ECC. In this scenario, although the second command will be performed, the results should not be used since error flag is kept high. However, this PR stops faulty ECC from continuing before zeroize.

  6. removed one cycle delay for hmac_drbg ready (found by FPV)
    This PR synchronizes hmac_drbg READY to VALID by removing one cycle delay

  7. add all_1 protection for LFSR
    This PR has protection for the LFSR to stuck to be all 1.

  8. Remove zeroize for the counter used as countermeasure (found by IOActive)

  9. Remove one extra iteration in ecc_scalar_blinding (found by FPV)
    In line 300 of scalar_blinding, we have a loop of 20 iterations (0 to 19). However, when we enter the last round, the scalar blinding flag changes to done and we don't perform the last iteration. This PR reduces the iteration by one by updating FULL_DIG_NUM.

@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Sep 18, 2024
edited
Loading

CLA Missing ID CLA Not Signed

@mojtaba-bisheh mojtaba-bisheh self-assigned this Sep 18, 2024
Nitsirks
Nitsirks previously approved these changes Sep 19, 2024
View reviewed changes
@mojtaba-bisheh mojtaba-bisheh added the enhancement New feature or request label Sep 20, 2024
@calebofearth calebofearth merged commit 2717847 into main Oct 18, 2024
57 of 58 checks passed
@calebofearth calebofearth deleted the mojtaba_crypto_enhancement branch October 18, 2024 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@upadhyayulakiran upadhyayulakiran upadhyayulakiran approved these changes

@calebofearth calebofearth calebofearth approved these changes

@Nitsirks Nitsirks Nitsirks left review comments

Assignees

@mojtaba-bisheh mojtaba-bisheh

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ECC] add_sub_mod_alter ready not aligned with result
4 participants
@mojtaba-bisheh @calebofearth @Nitsirks @upadhyayulakiran