The product uses a hardware module implementing a cryptographic algorithm that writes sensitive information about the intermediate state or results of its cryptographic operations via one of its output wires (typically the output port containing the final result).
N/A
Threat Mapped score: 3.0
Industry: Finiancial
Threat priority: P2 - Serious (High)
N/A
N/A
| Phase | Note |
|---|---|
| Implementation | This can occur when intermediate cryptographic states are directly assigned to output wires or ports. |
Intro: The following SystemVerilog code is a crypto module that takes input data and encrypts it by processing the data through multiple encryption rounds. Note: this example is derived from [REF-1469].
Body: In line 50 above, data_state_q is assigned to data_o. Since data_state_q contains intermediate state/results, this allows an attacker to obtain these results through data_o.
01 | module crypto_core_with_leakage 02 | ( 03 | input clk, 04 | input rst, 05 | input [127:0] data_i, 06 | output [127:0] data_o, 07 | output valid 08 | ); 09 | 10 | localparam int total_rounds = 10; 11 | logic [3:0] round_id_q; 12 | logic [127:0] data_state_q, data_state_d; 13 | logic [127:0] key_state_q, key_state_d; 14 | 15 | crypto_algo_round u_algo_round ( 16 | .clk (clk), 17 | .rst (rst), 18 | .round_i (round_id_q ), 19 | .key_i (key_state_q ), 20 | .data_i (data_state_q), 21 | .key_o (key_state_d ), 22 | .data_o (data_state_d) 23 | ); 24 | 25 | always @(posedge clk) begin 26 | if (rst) begin 27 | data_state_q <= 0; 28 | key_state_q <= 0; 29 | round_id_q <= 0; 30 | end 31 | else begin 32 | case (round_id_q) 33 | total_rounds: begin 34 | data_state_q <= 0; 35 | key_state_q <= 0; 36 | round_id_q <= 0; 37 | end 38 | 39 | default: begin 40 | data_state_q <= data_state_d; 41 | key_state_q <= key_state_d; 42 | round_id_q <= round_id_q + 1; 43 | end 44 | endcase 45 | end 46 | end 47 | 48 | assign valid = (round_id_q == total_rounds) ? 1'b1 : 1'b0; 49 | 50 | assign data_o = data_state_q; 51 | 52 | endmodule