//====================================================================== // // trng_csprng.v // ------------- // CSPRNG for the TRNG. // // // Author: Joachim Strombergson // Copyright (c) 2014, SUNET // All rights reserved. // // Redistribution and use in source and binary forms, with or // without modification, are permitted provided that the following // conditions are met: // // 1. Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // // 2. Redistributions in binary form must reproduce the above copyright // notice, this list of conditions and the following disclaimer in // the documentation and/or other materials provided with the // distribution. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE // COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, // BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; // LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER // CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF // ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // //====================================================================== module trng_csprng( // Clock and reset. input wire clk, input wire reset_n, input wire cs, input wire we, input wire [7 : 0] address, input wire [31 : 0] write_data, output wire [31 : 0] read_data, output wire error, input wire discard, input wire test_mode, output wire more_seed, output wire security_error, input [511 : 0] seed_data, input wire seed_syn, output wire seed_ack, output wire [7 : 0] debug, input wire debug_update ); //---------------------------------------------------------------- // Internal constant and parameter definitions. //---------------------------------------------------------------- localparam ADDR_NAME0 = 8'h00; localparam ADDR_NAME1 = 8'h01; localparam ADDR_VERSION = 8'h02; localparam ADDR_CTRL = 8'h08; localparam CTRL_ENABLE_BIT = 0; localparam CTRL_SEED_BIT = 1; localparam ADDR_STATUS = 8'h09; localparam STATUS_RND_VALID_BIT = 1; localparam ADDR_STAT_BLOCKS_LOW = 8'h14; localparam ADDR_STAT_BLOCKS_HIGH = 8'h15; localparam ADDR_STAT_RESEEDS = 8'h16; localparam ADDR_RND_DATA = 8'h20; localparam ADDR_NUM_ROUNDS = 8'h40; localparam ADDR_NUM_BLOCKS_LOW = 8'h41; localparam ADDR_NUM_BLOCKS_HIGH = 8'h42; localparam ADDR_TEST_SEED_W00 = 8'h80; localparam ADDR_TEST_SEED_W01 = 8'h81; localparam ADDR_TEST_SEED_W02 = 8'h82; localparam ADDR_TEST_SEED_W03 = 8'h83; localparam ADDR_TEST_SEED_W04 = 8'h84; localparam ADDR_TEST_SEED_W05 = 8'h85; localparam ADDR_TEST_SEED_W06 = 8'h86; localparam ADDR_TEST_SEED_W07 = 8'h87; localparam ADDR_TEST_SEED_W08 = 8'h88; localparam ADDR_TEST_SEED_W09 = 8'h89; localparam ADDR_TEST_SEED_W10 = 8'h8a; localparam ADDR_TEST_SEED_W11 = 8'h8b; localparam ADDR_TEST_SEED_W12 = 8'h8c; localparam ADDR_TEST_SEED_W13 = 8'h8d; localparam ADDR_TEST_SEED_W14 = 8'h8e; localparam ADDR_TEST_SEED_W15 = 8'h8f; localparam CIPHER_KEYLEN256 = 1'b1; // 256 bit key. localparam CIPHER_MAX_BLOCKS = 64'h0000000100000000; localparam CTRL_IDLE = 4'h0; localparam CTRL_SEED0 = 4'h1; localparam CTRL_NSYN = 4'h2; localparam CTRL_SEED1 = 4'h3; localparam CTRL_INIT0 = 4'h4; localparam CTRL_INIT1 = 4'h5; localparam CTRL_NEXT0 = 4'h6; localparam CTRL_NEXT1 = 4'h7; localparam CTRL_MORE = 4'h8; localparam CTRL_CANCEL = 4'hf; localparam DEFAULT_NUM_ROUNDS = 5'h18; localparam DEFAULT_NUM_BLOCKS = 64'h0000000001000000; parameter CORE_NAME0 = 32'h63737072; // "cspr" parameter CORE_NAME1 = 32'h6e672020; // "ng " parameter CORE_VERSION = 32'h302e3530; // "0.50" //---------------------------------------------------------------- // Registers including update variables and write enable. //---------------------------------------------------------------- reg [255 : 0] cipher_key_reg; reg [255 : 0] cipher_key_new; reg cipher_key_we; reg [63 : 0] cipher_iv_reg; reg [63 : 0] cipher_iv_new; reg cipher_iv_we; reg [63 : 0] cipher_ctr_reg; reg [63 : 0] cipher_ctr_new; reg cipher_ctr_we; reg [511 : 0] cipher_block_reg; reg [511 : 0] cipher_block_new; reg cipher_block_we; reg [63 : 0] block_ctr_reg; reg [63 : 0] block_ctr_new; reg block_ctr_inc; reg block_ctr_rst; reg block_ctr_we; reg block_ctr_max; reg [63 : 0] block_stat_ctr_reg; reg [63 : 0] block_stat_ctr_new; reg block_stat_ctr_we; reg [31 : 0] reseed_stat_ctr_reg; reg [31 : 0] reseed_stat_ctr_new; reg reseed_stat_ctr_inc; reg reseed_stat_ctr_we; reg ready_reg; reg ready_new; reg ready_we; reg more_seed_reg; reg more_seed_new; reg seed_ack_reg; reg seed_ack_new; reg enable_reg; reg enable_new; reg enable_we; reg seed_reg; reg seed_new; reg [4 : 0] num_rounds_reg; reg [4 : 0] num_rounds_new; reg num_rounds_we; reg [31 : 0] num_blocks_low_reg; reg [31 : 0] num_blocks_low_new; reg num_blocks_low_we; reg [31 : 0] num_blocks_high_reg; reg [31 : 0] num_blocks_high_new; reg num_blocks_high_we; reg [3 : 0] csprng_ctrl_reg; reg [3 : 0] csprng_ctrl_new; reg csprng_ctrl_we; reg [31 : 0] tmp_read_data; //---------------------------------------------------------------- // Wires. //---------------------------------------------------------------- reg tmp_error; reg cipher_init; reg cipher_next; wire [511 : 0] cipher_data_out; wire cipher_data_out_valid; wire cipher_ready; wire fifo_more_data; reg fifo_discard; wire rnd_syn; wire [31 : 0] rnd_data; reg rnd_ack; reg fifo_cipher_data_valid; wire muxed_rnd_ack; //---------------------------------------------------------------- // Concurrent connectivity for ports etc. //---------------------------------------------------------------- assign read_data = tmp_read_data; assign error = tmp_error; assign seed_ack = seed_ack_reg; assign more_seed = more_seed_reg; assign debug = rnd_data[7 : 0]; assign security_error = 0; assign muxed_rnd_ack = rnd_ack | debug_update; //---------------------------------------------------------------- // core instantiation. //---------------------------------------------------------------- chacha_core cipher_inst( .clk(clk), .reset_n(reset_n), .init(cipher_init), .next(cipher_next), .key(cipher_key_reg), .keylen(CIPHER_KEYLEN256), .iv(cipher_iv_reg), .ctr(cipher_ctr_reg), .rounds(num_rounds_reg), .data_in(cipher_block_reg), .ready(cipher_ready), .data_out(cipher_data_out), .data_out_valid(cipher_data_out_valid) ); trng_csprng_fifo fifo_inst( .clk(clk), .reset_n(reset_n), .csprng_data(cipher_data_out), .csprng_data_valid(fifo_cipher_data_valid), .discard(fifo_discard), .more_data(fifo_more_data), .rnd_syn(rnd_syn), .rnd_data(rnd_data), .rnd_ack(muxed_rnd_ack) ); //---------------------------------------------------------------- // reg_update // // Update functionality for all registers in the core. // All registers are positive edge triggered with synchronous // active low reset. All registers have write enable. //---------------------------------------------------------------- always @ (posedge clk or negedge reset_n) begin if (!reset_n) begin cipher_key_reg <= {8{32'h00000000}}; cipher_iv_reg <= {2{32'h00000000}}; cipher_ctr_reg <= {2{32'h00000000}}; cipher_block_reg <= {16{32'h00000000}}; block_ctr_reg <= {2{32'h00000000}}; block_stat_ctr_reg <= {2{32'h00000000}}; reseed_stat_ctr_reg <= 32'h00000000; more_seed_reg <= 0; seed_ack_reg <= 0; ready_reg <= 0; enable_reg <= 1; seed_reg <= 0; num_rounds_reg <= DEFAULT_NUM_ROUNDS; num_blocks_low_reg <= DEFAULT_NUM_BLOCKS[31 : 0]; num_blocks_high_reg <= DEFAULT_NUM_BLOCKS[63 : 32]; csprng_ctrl_reg <= CTRL_IDLE; end else begin more_seed_reg <= more_seed_new; seed_ack_reg <= seed_ack_new; seed_reg <= seed_new; if (enable_we) enable_reg <= enable_new; if (cipher_key_we) cipher_key_reg <= cipher_key_new; if (cipher_iv_we) cipher_iv_reg <= cipher_iv_new; if (cipher_ctr_we) cipher_ctr_reg <= cipher_ctr_new; if (cipher_block_we) cipher_block_reg <= cipher_block_new; if (block_ctr_we) begin block_ctr_reg <= block_ctr_new; end if (block_stat_ctr_we) begin block_stat_ctr_reg <= block_stat_ctr_new; end if (reseed_stat_ctr_we) reseed_stat_ctr_reg <= reseed_stat_ctr_new; if (ready_we) ready_reg <= ready_new; if (csprng_ctrl_we) csprng_ctrl_reg <= csprng_ctrl_new; if (num_rounds_we) num_rounds_reg <= num_rounds_new; if (num_blocks_low_we) num_blocks_low_reg <= num_blocks_low_new; if (num_blocks_high_we) num_blocks_high_reg <= num_blocks_high_new; end end // reg_update //---------------------------------------------------------------- // csprng_api_logic //---------------------------------------------------------------- always @* begin : csprng_api_logic enable_new = 0; enable_we = 0; seed_new = 0; num_rounds_new = 5'h00; num_rounds_we = 0; num_blocks_low_new = 32'h00000000; num_blocks_low_we = 0; num_blocks_high_new = 32'h00000000; num_blocks_high_we = 0; rnd_ack = 0; tmp_read_data = 32'h00000000; tmp_error = 0; if (cs) begin if (we) begin // Write operations. case (address) // Write operations. ADDR_CTRL: begin enable_new = write_data[CTRL_ENABLE_BIT]; enable_we = 1; seed_new = write_data[CTRL_SEED_BIT]; end ADDR_NUM_ROUNDS: begin num_rounds_new = write_data[4 : 0]; num_rounds_we = 1; end ADDR_NUM_BLOCKS_LOW: begin num_blocks_low_new = write_data; num_blocks_low_we = 1; end ADDR_NUM_BLOCKS_HIGH: begin num_blocks_high_new = write_data; num_blocks_high_we = 1; end default: begin tmp_error = 1; end endcase // case (address) end // if (we) else begin // Read operations. case (address) // Read operations. ADDR_NAME0: tmp_read_data = CORE_NAME0; ADDR_NAME1: tmp_read_data = CORE_NAME1; ADDR_VERSION: tmp_read_data = CORE_VERSION; ADDR_CTRL: tmp_read_data = {30'h00000000, seed_reg, enable_reg}; ADDR_STATUS: tmp_read_data = {30'h00000000, rnd_syn, ready_reg}; ADDR_STAT_BLOCKS_LOW: tmp_read_data = block_stat_ctr_reg[31 : 0]; ADDR_STAT_BLOCKS_HIGH: tmp_read_data = block_stat_ctr_reg[63 : 32]; ADDR_STAT_RESEEDS: tmp_read_data = reseed_stat_ctr_reg; ADDR_RND_DATA: begin tmp_read_data = rnd_data; rnd_ack = 1; end ADDR_NUM_ROUNDS: tmp_read_data = {27'h0000000, num_rounds_reg}; ADDR_NUM_BLOCKS_LOW: tmp_read_data = num_blocks_low_reg; ADDR_NUM_BLOCKS_HIGH: tmp_read_data = num_blocks_high_reg; default: begin tmp_error = 1; end endcase // case (address) end end end // cspng_api_logic //---------------------------------------------------------------- // block_ctr // // Logic to implement the block counter. This includes the // ability to detect that maximum allowed number of blocks // has been reached. Either as defined by the application // or the hard coded CIPHER_MAX_BLOCKS value. // // The stat counter is a sepatate block counter updated in // sync with the block counter. It is only used to track the // number of blocks generated from the cipher as a metric // provided to the system. The stat counter is never reset. //---------------------------------------------------------------- always @* begin : block_ctr block_ctr_new = {2{32'h00000000}}; block_ctr_we = 1'b0; block_ctr_max = 1'b0; block_stat_ctr_new = {2{32'h00000000}}; block_stat_ctr_we = 1'b0; if (block_ctr_rst) begin block_ctr_new = {2{32'h00000000}}; block_ctr_we = 1'b1; end if (block_ctr_inc) begin block_ctr_new = block_ctr_reg + 1'b1; block_ctr_we = 1; block_stat_ctr_new = block_stat_ctr_reg + 1'b1; block_stat_ctr_we = 1; end if ((block_ctr_reg == {num_blocks_high_reg, num_blocks_low_reg}) || (block_ctr_reg == CIPHER_MAX_BLOCKS)) begin block_ctr_max = 1'b1; end end // block_ctr //---------------------------------------------------------------- // reseed_ctr // // A simple monotonically increasing counter that counts the // number of times the CSPRNG has been reseeded. is reseeded. // Note that the counter is 32-bit and it is up to SW to handle // wrap around issues. //---------------------------------------------------------------- always @* begin : reseed_ctr reseed_stat_ctr_new = 32'h00000000; reseed_stat_ctr_we = 0; if (reseed_stat_ctr_inc) begin reseed_stat_ctr_new = reseed_stat_ctr_reg + 1'b1; reseed_stat_ctr_we = 1; end end // reseed_ctr //---------------------------------------------------------------- // csprng_ctrl_fsm // // Control FSM for the CSPRNG. //---------------------------------------------------------------- always @* begin : csprng_ctrl_fsm cipher_key_new = {8{32'h00000000}}; cipher_key_we = 0; cipher_iv_new = {2{32'h00000000}}; cipher_iv_we = 0; cipher_ctr_new = {2{32'h00000000}}; cipher_ctr_we = 0; cipher_block_new = {16{32'h00000000}}; cipher_block_we = 0; cipher_init = 0; cipher_next = 0; block_ctr_rst = 0; block_ctr_inc = 0; ready_new = 0; ready_we = 0; seed_ack_new = 0; more_seed_new = 0; fifo_discard = 0; fifo_cipher_data_valid = 0; reseed_stat_ctr_inc = 0; csprng_ctrl_new = CTRL_IDLE; csprng_ctrl_we = 0; case (csprng_ctrl_reg) CTRL_IDLE: begin if (!enable_reg || discard) begin csprng_ctrl_new = CTRL_CANCEL; csprng_ctrl_we = 1; end else if (fifo_more_data) begin more_seed_new = 1; csprng_ctrl_new = CTRL_SEED0; csprng_ctrl_we = 1; end end CTRL_SEED0: begin if ((!enable_reg) || seed_reg || discard) begin csprng_ctrl_new = CTRL_CANCEL; csprng_ctrl_we = 1; end else if (seed_syn) begin seed_ack_new = 1; cipher_block_new = seed_data; cipher_block_we = 1; csprng_ctrl_new = CTRL_NSYN; csprng_ctrl_we = 1; end end CTRL_NSYN: begin if ((!enable_reg) || seed_reg || discard) begin csprng_ctrl_new = CTRL_CANCEL; csprng_ctrl_we = 1; end else begin more_seed_new = 1; csprng_ctrl_new = CTRL_SEED1; csprng_ctrl_we = 1; end end CTRL_SEED1: begin if ((!enable_reg) || seed_reg || discard) begin csprng_ctrl_new = CTRL_CANCEL; csprng_ctrl_we = 1; end else if (seed_syn) begin seed_ack_new = 1; cipher_key_new = seed_data[255 : 0]; cipher_key_we = 1; cipher_iv_new = seed_data[319 : 256]; cipher_iv_we = 1; cipher_ctr_new = seed_data[383 : 320]; cipher_ctr_we = 1; csprng_ctrl_new = CTRL_INIT0; csprng_ctrl_we = 1; end else begin more_seed_new = 1; end end CTRL_INIT0: begin if ((!enable_reg) || seed_reg || discard) begin csprng_ctrl_new = CTRL_CANCEL; csprng_ctrl_we = 1; end else begin reseed_stat_ctr_inc = 1; cipher_init = 1; block_ctr_rst = 1; csprng_ctrl_new = CTRL_INIT1; csprng_ctrl_we = 1; end end CTRL_INIT1: begin if ((!enable_reg) || seed_reg || discard) begin csprng_ctrl_new = CTRL_CANCEL; csprng_ctrl_we = 1; end else if (cipher_ready) begin csprng_ctrl_new = CTRL_NEXT0; csprng_ctrl_we = 1; end end CTRL_NEXT0: begin if ((!enable_reg) || seed_reg || discard) begin csprng_ctrl_new = CTRL_CANCEL; csprng_ctrl_we = 1; end else begin cipher_next = 1; csprng_ctrl_new = CTRL_NEXT1; csprng_ctrl_we = 1; end end CTRL_NEXT1: if ((!enable_reg) || seed_reg || discard) begin csprng_ctrl_new = CTRL_CANCEL; csprng_ctrl_we = 1; end else if (cipher_ready && cipher_data_out_valid) begin block_ctr_inc = 1; fifo_cipher_data_valid = 1; csprng_ctrl_new = CTRL_MORE; csprng_ctrl_we = 1; end CTRL_MORE: begin if ((!enable_reg) || seed_reg || discard) begin csprng_ctrl_new = CTRL_CANCEL; csprng_ctrl_we = 1; end else if (fifo_more_data) begin if (block_ctr_max) begin more_seed_new = 1; csprng_ctrl_new = CTRL_SEED0; csprng_ctrl_we = 1; end else begin csprng_ctrl_new = CTRL_NEXT0; csprng_ctrl_we = 1; end end end CTRL_CANCEL: begin fifo_discard = 1; cipher_key_new = {8{32'h00000000}}; cipher_key_we = 1; cipher_iv_new = {2{32'h00000000}}; cipher_iv_we = 1; cipher_ctr_new = {2{32'h00000000}}; cipher_ctr_we = 1; cipher_block_new = {16{32'h00000000}}; cipher_block_we = 1; block_ctr_rst = 1; csprng_ctrl_new = CTRL_IDLE; csprng_ctrl_we = 1; end default: begin end endcase // case (cspng_ctrl_reg) end // csprng_ctrl_fsm endmodule // trng_csprng //====================================================================== // EOF trng_csprng.v //======================================================================