In XTS mode of operation, two error indications are provided by the core as
per the specifications and certification requirements through separate output ports.
Although the xts_max_blk_err
condition would deassert the
s_axis_tready
and prohibit any more packets from entering
the core, the xts_same_key_err
indication is used to alert
you and does not stop the functioning of the core. This method was done because the size of
a data unit not being more than 220 blocks is a mandatory
requirement for any implementation of the XTS algorithm, the requirement for the two keys
within an XTS key not being the same is a security recommendation and not mandatory from the
AES IP perspective. The core still provides
you this indication to find any flaws in system design and thus the usage of the xts_same_key_err
port is left to you.
If xts_max_blk_err
is asserted, you must
apply a reset before the core can start functioning again. Note that the output for all the
data that has already been sent to the core can be expected at the output interface.
For more information on these errors, see the following links:
- The XTS-AES Validation System (XTSVS) (Section 6.1, Step 7d)
- Implementation Guidance for FIPS 140-2 and the Cryptographic Module Validation Program (Section A.9 XTS-AES Key Generation Requirements)