From 1f5772daae75cb088c341cd370d2fe0128192f7a Mon Sep 17 00:00:00 2001 From: Pirmin Vogel Date: Thu, 12 Dec 2024 16:41:56 +0100 Subject: [PATCH] [prim/doc] Add pointer to hardened Keccak implementation in prim_keccak The unhardened prim_keccak primitive is not actually used in the design. It's purpose is serve as an FPV example. Signed-off-by: Pirmin Vogel --- hw/ip/prim/doc/prim_keccak.md | 6 +++--- hw/ip/prim/rtl/prim_keccak.sv | 5 ++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/hw/ip/prim/doc/prim_keccak.md b/hw/ip/prim/doc/prim_keccak.md index 122489ea848f5..e5e5d6ea04a39 100644 --- a/hw/ip/prim/doc/prim_keccak.md +++ b/hw/ip/prim/doc/prim_keccak.md @@ -2,11 +2,11 @@ # Overview -`prim_keccak` is a single round implementation of the permutation stage in [SHA3 algorithm][fibs-pub-202]. +`prim_keccak` is a single round implementation of the Keccak_p permutation stage in [SHA3 algorithm][fibs-pub-202]. Keccak primitive module assumes the number of rounds is less than or equal to 12 + 2L. It supports all combinations of the data width described in the [spec][fibs-pub-202]. -This implementation is not currently hardened against side-channel or fault injection attacks. -It implements the Keccak_p function. +Note that this implementation does not include any countermeasures for security hardening against implementation attacks. +Please refer to the [`keccak_2share` module](https://github.com/lowRISC/opentitan/blob/master/hw/ip/kmac/rtl/keccak_2share.sv) for the side-channel-hardened implementation used in the [hardened KMAC hardware IP block](../../kmac/README.md). [fibs-pub-202]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf diff --git a/hw/ip/prim/rtl/prim_keccak.sv b/hw/ip/prim/rtl/prim_keccak.sv index 42984515c32d7..76c1f23ac603c 100644 --- a/hw/ip/prim/rtl/prim_keccak.sv +++ b/hw/ip/prim/rtl/prim_keccak.sv @@ -2,7 +2,10 @@ // Licensed under the Apache License, Version 2.0, see LICENSE for details. // SPDX-License-Identifier: Apache-2.0 // -// prim_keccak is single round permutation module +// This module implements a single-round Keccak permutation. It is unhardened. For an +// implementation with side-channel hardening, refer to the keccak_2share module used in the +// KMAC hardware IP block. + `include "prim_assert.sv" module prim_keccak #( parameter int Width = 1600, // b= {25, 50, 100, 200, 400, 800, 1600}