luke
/
verilator
mirror of https://github.com/verilator/verilator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add --generate-key.

This commit is contained in:
Wilson Snyder 2019-10-09 18:53:30 -04:00
parent 9b09309f51
commit a7c2037b7a
7 changed files with 75 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
MANIFEST.SKIP
View File

@ -50,6 +50,6 @@ nodist/
/simv.daidir/ /simv.daidir/
/vc_hdrs.h$ /vc_hdrs.h$
/csrc/ /csrc/
obj_dir/.* obj_dir.*
TAGS TAGS
.*~ .*~

14
bin/verilator
View File

@ -312,6 +312,7 @@ detailed descriptions in L</"VERILATION ARGUMENTS"> for more information.
-G<name>=<value> Overwrite toplevel parameter -G<name>=<value> Overwrite toplevel parameter
--gdb Run Verilator under GDB interactively --gdb Run Verilator under GDB interactively
--gdbbt Run Verilator under GDB for backtrace --gdbbt Run Verilator under GDB for backtrace
--generate-key Create random key for --protect-key
--getenv <var> Get environment variable with defaults --getenv <var> Get environment variable with defaults
--help Display this help --help Display this help
-I<dir> Directory to search for includes -I<dir> Directory to search for includes
@ -864,6 +865,11 @@ backtrace on exit, then exit GDB immediately. Without --debug or if GDB
doesn't seem to work, this flag is ignored. Intended for easy creation of doesn't seem to work, this flag is ignored. Intended for easy creation of
backtraces by users; otherwise see the --gdb flag. backtraces by users; otherwise see the --gdb flag.
=item --generate-key
Generate a true-random key suitable for use with --protect-key, print it,
and exit immediately.
=item --getenv I<variable> =item --getenv I<variable>
If the variable is declared in the environment, print it and exit If the variable is declared in the environment, print it and exit
@ -1159,10 +1165,10 @@ this into a nicer visual format and produce some related statistics.
=item --protect-key I<key> =item --protect-key I<key>
Specifies the private key for --protect-ids. For best security this key Specifies the private key for --protect-ids. For best security this key
should be 16 or more random bytes, a reasonable medium-security choice is should be 16 or more random bytes, a reasonable secure choice is the output
the output of uuidgen. Typically, a key would be created by the user once of C<verilator --generate-key>. Typically, a key would be created by the
for a given protected design library, then every Verilator run for user once for a given protected design library, then every Verilator run
subsequent versions of that library would be passed the same for subsequent versions of that library would be passed the same
--protect-key. Thus, if the input Verilog is similar between library --protect-key. Thus, if the input Verilog is similar between library
versions (Verilator runs), the Verilated code will likewise be mostly versions (Verilator runs), the Verilated code will likewise be mostly
similar. similar.

6
src/V3Options.cpp
View File

@ -569,7 +569,7 @@ string V3Options::protectKeyDefaulted() {
// Create a key with a human-readable symbol-like name. // Create a key with a human-readable symbol-like name.
// This conversion drops ~2 bits of entropy out of 256, shouldn't matter. // This conversion drops ~2 bits of entropy out of 256, shouldn't matter.
VHashSha256 digest (V3Os::trueRandom(32)); VHashSha256 digest (V3Os::trueRandom(32));
m_protectKey = digest.digestSymbol(); m_protectKey = "VL-KEY-"+digest.digestSymbol();
} }
return m_protectKey; return m_protectKey;
} }
@ -858,6 +858,10 @@ void V3Options::parseOptsList(FileLine* fl, const string& optdir, int argc, char
shift; shift;
m_gateStmts = atoi(argv[i]); m_gateStmts = atoi(argv[i]);
} }
else if (!strcmp(sw, "-generate-key")) {
cout<<protectKeyDefaulted()<<endl;
exit(0);
}
else if (!strcmp(sw, "-getenv") && (i+1)<argc) { else if (!strcmp(sw, "-getenv") && (i+1)<argc) {
shift; shift;
cout<<V3Options::getenvBuiltins(argv[i])<<endl; cout<<V3Options::getenvBuiltins(argv[i])<<endl;

21
test_regress/t/t_flag_generate_key.pl Executable file
View File

@ -0,0 +1,21 @@
#!/usr/bin/perl
if (!$::Driver) { use FindBin; exec("$FindBin::Bin/bootstrap.pl", @ARGV, $0); die; }
# DESCRIPTION: Verilator: Verilog Test driver/expect definition
#
# Copyright 2008 by Wilson Snyder. This program is free software; you can
# redistribute it and/or modify it under the terms of either the GNU
# Lesser General Public License Version 3 or the Perl Artistic License
# Version 2.0.
scenarios(vlt => 1);
compile(
v_flags2 => ["--generate-key"],
expect => qr/VL-KEY/,
verilator_make_gmake => 0,
make_top_shell => 0,
make_main => 0,
);
ok(1);
1;

5
test_regress/t/t_protect_ids.pl
View File

@ -21,6 +21,7 @@ foreach my $filename (glob ("$Self->{obj_dir}/*_PS*.cpp"
compile( compile(
verilator_flags2 => ["--protect-ids", verilator_flags2 => ["--protect-ids",
"--protect-key SECRET_KEY",
"--trace", "--trace",
"--coverage", "--coverage",
"-Wno-INSECURE", "-Wno-INSECURE",
@ -39,10 +40,10 @@ if ($Self->{vlt_all}) {
# Check for secret in any outputs # Check for secret in any outputs
my $any; my $any;
foreach my $filename (glob $Self->{obj_dir}."/*.[ch]*") { foreach my $filename (glob $Self->{obj_dir}."/*.[ch]*") {
if ($filename =~ /secret/) { if ($filename =~ /secret/i) {
$Self->error("Secret found in a filename: ".$filename); $Self->error("Secret found in a filename: ".$filename);
} }
file_grep_not($filename, qr/secret/); file_grep_not($filename, qr/secret/i);
$any = 1; $any = 1;
} }
$any or $Self->error("No outputs found"); $any or $Self->error("No outputs found");

68
test_regress/t/t_protect_ids_key.out
View File

@ -1,41 +1,41 @@
<?xml version="1.0" ?> <?xml version="1.0" ?>
<!-- DESCRIPTION: Verilator output: XML representation of netlist --> <!-- DESCRIPTION: Verilator output: XML representation of netlist -->
<verilator_id_map> <verilator_id_map>
<map from="PSbKTb" to="TOP__t__DOT__secret_inst"/> <map from="PSlhR1" to="TOP__t__DOT__secret_inst"/>
<map from="TOPp" to="TOPp"/> <map from="TOPp" to="TOPp"/>
<map from="PSbvpV" to="Vt_protect_ids_key__Vcb_dpix_a_func_t"/> <map from="PS5Fdb" to="Vt_protect_ids_key__Vcb_dpix_a_func_t"/>
<map from="PSkBNa" to="Vt_protect_ids_key__Vcb_dpix_a_task_t"/> <map from="PSlYpp" to="Vt_protect_ids_key__Vcb_dpix_a_task_t"/>
<map from="PS49FI" to="_Syms"/> <map from="PSOAAo" to="_Syms"/>
<map from="PSA0ET" to="__PVT__secret_cyc"/> <map from="PSm6SZ" to="__PVT__secret_cyc"/>
<map from="PS7KZL" to="__PVT__secret_cyc_r"/> <map from="PSfqIT" to="__PVT__secret_cyc_r"/>
<map from="PShnzQ" to="__PVT__secret_r"/> <map from="PStVCQ" to="__PVT__secret_r"/>
<map from="PS39wi" to="__PVT__t__DOT__secret_inst"/> <map from="PSfqS0" to="__PVT__t__DOT__secret_inst"/>
<map from="PSgHnb" to="__Vclklast__TOP__clk"/> <map from="PS8pOJ" to="__Vclklast__TOP__clk"/>
<map from="PSTDrn" to="__Vconfigure"/> <map from="PSx9Nt" to="__Vconfigure"/>
<map from="PSAer0" to="__Vdly__secret_cyc"/> <map from="PSrjMj" to="__Vdly__secret_cyc"/>
<map from="PSswQ3" to="__Vdly__t__DOT__secret_inst2__DOT__secret_cyc"/> <map from="PSAW38" to="__Vdly__t__DOT__secret_inst2__DOT__secret_cyc"/>
<map from="PSH9UL" to="__Vdpiexp_dpix_a_func_TOP__t__DOT__secret_inst"/> <map from="PS4o5S" to="__Vdpiexp_dpix_a_func_TOP__t__DOT__secret_inst"/>
<map from="PSabB6" to="__Vdpiexp_dpix_a_task_TOP__t__DOT__secret_inst"/> <map from="PStVA8" to="__Vdpiexp_dpix_a_task_TOP__t__DOT__secret_inst"/>
<map from="PS8F1t" to="__Vdpiimwrap_dpii_a_func_TOP__t__DOT__secret_inst"/> <map from="PSxbIE" to="__Vdpiimwrap_dpii_a_func_TOP__t__DOT__secret_inst"/>
<map from="PSBPcq" to="__Vdpiimwrap_dpii_a_task_TOP__t__DOT__secret_inst"/> <map from="PSIv2l" to="__Vdpiimwrap_dpii_a_task_TOP__t__DOT__secret_inst"/>
<map from="PSY85C" to="__Vfunc_dpii_a_func__0__Vfuncout"/> <map from="PS76My" to="__Vfunc_dpii_a_func__0__Vfuncout"/>
<map from="PSUcyn" to="__Vscope_t__secret_inst"/> <map from="PSEGxK" to="__Vscope_t__secret_inst"/>
<map from="PS27AG" to="__Vtask_dpix_a_task__1__i"/> <map from="PS25fg" to="__Vtask_dpix_a_task__1__i"/>
<map from="PSgcfL" to="_change_request"/> <map from="PSHuZZ" to="_change_request"/>
<map from="PSNQUa" to="_ctor_var_reset"/> <map from="PSyTg5" to="_ctor_var_reset"/>
<map from="PSeP2H" to="_eval"/> <map from="PS8lsQ" to="_eval"/>
<map from="PS8Ytd" to="_eval_debug_assertions"/> <map from="PSKZ7c" to="_eval_debug_assertions"/>
<map from="PSGiE1" to="_eval_initial"/> <map from="PSABAY" to="_eval_initial"/>
<map from="PSCvUR" to="_eval_initial_loop"/> <map from="PSOLeN" to="_eval_initial_loop"/>
<map from="PSrrKr" to="_eval_settle"/> <map from="PSBUJ6" to="_eval_settle"/>
<map from="PSVBHr" to="_sequent__TOP__1"/> <map from="PSV5uq" to="_sequent__TOP__1"/>
<map from="PSJVjb" to="_sequent__TOP__t__DOT__secret_inst__1"/> <map from="PS8sdG" to="_sequent__TOP__t__DOT__secret_inst__1"/>
<map from="PSnkZP" to="clk"/> <map from="PScyq8" to="clk"/>
<map from="PSLGUV" to="secret_inst"/> <map from="PSnRoO" to="secret_inst"/>
<map from="PSCwHq" to="secret_sub"/> <map from="PSS3Gk" to="secret_sub"/>
<map from="PSwmbl" to="t"/> <map from="PSxvlA" to="t"/>
<map from="PS4YQ7" to="t/t_protect_ids.v"/> <map from="PSBSVV" to="t/t_protect_ids.v"/>
<map from="PSkXXg" to="t__DOT__secret_inst2__DOT__secret_cyc"/> <map from="PSB07q" to="t__DOT__secret_inst2__DOT__secret_cyc"/>
<map from="this" to="this"/> <map from="this" to="this"/>
<map from="vlSymsp" to="vlSymsp"/> <map from="vlSymsp" to="vlSymsp"/>
<map from="vlTOPp" to="vlTOPp"/> <map from="vlTOPp" to="vlTOPp"/>

2
test_regress/t/t_protect_ids_key.pl
View File

@ -12,7 +12,7 @@ scenarios(vlt => 1);
top_filename("t/t_protect_ids.v"); top_filename("t/t_protect_ids.v");
compile( compile(
verilator_flags2 => ["--protect-ids --protect-key MY_KEY", verilator_flags2 => ["--protect-ids --protect-key SECRET_KEY",
"t/t_protect_ids_c.cpp"], "t/t_protect_ids_c.cpp"],
); );