eSi DES - avant-tek.com · eSi-DES Clock APB IRQ Registers DES / TDEA engine DMA i/f Figure 1:...
Transcript of eSi DES - avant-tek.com · eSi-DES Clock APB IRQ Registers DES / TDEA engine DMA i/f Figure 1:...
eSi-DES
eSi-DES
Version 1.0.0 - Confidential 2 of 16 © 2016 EnSilica Ltd, All Rights Reserved
1 Contents
1 Contents _____________________________________________________________ 2 2 Overview _____________________________________________________________ 3
2.1 Bit numbering ______________________________________________________ 3 2.2 Modes of operation ___________________________________________________ 3 2.3 DMA interface _______________________________________________________ 6
3 Hardware Interface _____________________________________________________ 8 3.1 Area and performance ________________________________________________ 8
4 Software Interface _____________________________________________________ 9 4.1 Register Map _______________________________________________________ 9 4.2 Interrupts _________________________________________________________ 15
5 Revision History ______________________________________________________ 16
eSi-DES
Version 1.0.0 - Confidential 3 of 16 © 2016 EnSilica Ltd, All Rights Reserved
2 Overview
The eSi-DES block performs encryption and decryption of 64-bit words using the DES (Data
Encryption Standard) and TDEA (Triple DES Encryption Algorithm) algorithm. It supports the
following features:
Standard (1 round per cycle) and Fast (2 rounds per cycle) RTL variants.
FIPS PUB 46-3 and NIST SP 800-67 compliant Single and Triple DES.
64-bit and 192-bit key words.
ECB, CBC, CFB and OFB modes.
16 or 32-bit wide, AMBA 3 APB slave interface.
DMA flow control interface
Standard Verilog HDL
2.1 Bit numbering
The FIPS documentation uses the vector[1:64] notation to specify data from left to right
“Blocks are composed of bits numbered from left to right, i.e., the left most bit of a block is bit one”.
The APB interface in this block uses the bit little-endian notation instead, i.e. vector[63:0].
Vector[1] in FIPS corresponds to vector[63] in esi-DES, vector[64] in FIPS corresponds to
vector[0] in esi-DES.
2.2 Modes of operation
The block supports ECB, CBC, CFB and OFB processing modes, selected with a control field.
The hardware automatically takes care of collecting the data from the present block cipher and
applying it to the next block cipher, following the connections in the diagrams below.
2.2.1 ECB – Electronic Codebook
Each 64-bit block is encrypted separately and no block chaining is performed. It is the simplest
but weakest mode.
eSi-DES
Clock
APB
IRQ
Registers DES / TDEA
engine
DMA i/f
Figure 1: eSi-DES
eSi-DES
Version 1.0.0 - Confidential 4 of 16 © 2016 EnSilica Ltd, All Rights Reserved
Block cipher
encryption
Plaintext
Ciphertext
Block cipher
encryption
Plaintext
Ciphertext
Key KeyBlock cipher
encryption
Plaintext
Ciphertext
Key
Figure 2: eSi-DES ECB encryption mode
Block cipher
decryption
Ciphertext
Plaintext
Block cipher
decryption
Ciphertext
Plaintext
Key KeyBlock cipher
decryption
Ciphertext
Plaintext
Key
Figure 3: eSi-DES ECB decryption mode
2.2.2 CBC – Cipher block chaining
Each block of plaintext is XORed with the previous ciphertext block before being encrypted. An
initial vector (IV) is used for the first block.
Block cipher
encryption
Plaintext
Ciphertext
IV
Block cipher
encryption
Plaintext
Ciphertext
Key KeyBlock cipher
encryption
Plaintext
Ciphertext
Key
Figure 4: eSi-DES CBC encryption mode
eSi-DES
Version 1.0.0 - Confidential 5 of 16 © 2016 EnSilica Ltd, All Rights Reserved
Block cipher
decryption
Ciphertext
Plaintext
IV
Block cipher
decryption
Ciphertext
Plaintext
Key KeyBlock cipher
decryption
Ciphertext
Plaintext
Key
Figure 5: eSi-DES CBC decryption mode
2.2.3 CFB - Cipher Feedback
Similar to CBC, but this mode is self-synchronising, i.e. if some ciphertext blocks are lost the
receiver should be able to continue correct decryption after processing some amount of input
ciphertext.
Block cipher
encryption
IV
Ciphertext
Block cipher
encryption
Ciphertext
Key KeyBlock cipher
encryption
Ciphertext
Key
Plaintext Plaintext Plaintext
Figure 6: eSi-DES CFB encryption mode
Note how a CFB decryption is actually performed with a DES/TDEA encryption
Block cipher
encryption
IV
Plaintext
Block cipher
encryption
Plaintext
Key KeyBlock cipher
encryption
Plaintext
Key
Ciphertext Ciphertext Ciphertext
Figure 7: eSi-DES CFB decryption mode
eSi-DES
Version 1.0.0 - Confidential 6 of 16 © 2016 EnSilica Ltd, All Rights Reserved
2.2.4 OFB – Output Feedback
Block cipher
encryption
IV
Ciperhtext
Block cipher
encryption
Ciperhtext
Key KeyBlock cipher
encryption
Ciperhtext
Key
Plaintext Plaintext Plaintext
Figure 8: eSi-DES OFB encryption mode
As with CFB mode, an OFB decryption is actually performed with a DES/TDEA ecryption
Block cipher
encryption
IV
Plaintext
Block cipher
encryption
Plaintext
Key KeyBlock cipher
encryption
Plaintext
Key
Ciphertext Ciphertext Ciphertext
Figure 9: eSi-DES OFB decryption mode
2.3 DMA interface
To allow CPU-unattended encryption of data the DES block can interact with a DMA engine
(e.g. esi-DMA) to control the flow of data in to and out of the core. The flow control signals
allow the DES core to assert tx_ready to indicate to the DMA engine that it can accept new
data, and the rx_ready signal to indicate that it has fresh data available.
On receiving tx_ready the DMA engine will perform a write transaction to the data_in register
according to a pre-configured arrangement consisting of one to several beats depending on
the architecture.
Having transferred the data the DMA engine will acknowledge the transfer by asserting the
tx_ack signal. This will be held high until the tx_ready signal is cleared by the DES block.
The DMA engine will then proceed to de-assert the tx_ack signal.
The rx_ready and rx_ack signal pair operate in the same way but here the DMA engine reads
out the processed data from the data_out register.
eSi-DES
Version 1.0.0 - Confidential 7 of 16 © 2016 EnSilica Ltd, All Rights Reserved
tx_ready
Plaintext
tx_ack
data_in
rx_ready
Ciphertext
rx_ack
data_out
DMA write Encryption DMA read
Figure 10: Flow control interface operation
The flow-control interface is enabled by setting the control.DMA field. If disabled the flow-
control interface outputs are driven to zero and the inputs are ignored.
eSi-DES
Version 1.0.0 - Confidential 8 of 16 © 2016 EnSilica Ltd, All Rights Reserved
3 Hardware Interface
Module Name esi_apb_des
HDL Verilog
Technology Generic
Source Files esi_apb_des.v, esi_des_include.v, esi_des_funcs_include.v
Port Type Values Description APB_DATA_WIDTH (aka BITS) Integer 16, 32 Specifies the APB data width ROUNDS_PER_CYCLE Integer 1, 2 Number of DES rounds per clock cycle
Table 1: Parameters
Macro Description DMA_ENABLE When this macro is defined, the module supports autonomous
input/output from DMA engine
Table 2: Macros
Port Direction Width Description clk Input 1 Clock used for driving the cipher engine. Externally
gated. Enabled when cactive is asserted pclk Input 1 APB clock reset_n Input 1 System reset, active-low presetn Input 1 APB reset, active-low paddr Input 8 APB address psel Input 1 APB slave select penable Input 1 APB enable pwrite Input 1 APB write pwdata Input BITS APB write data tx_ack Input 1 DMA engine acknowledges tx_ready during WR transfer rx_ack Input 1 DMA engine acknowledges rx_ready during RD transfer cactive Output 1 Clock active. clk will toggle when this signal is asserted pready Output 1 APB ready prdata Output BITS APB read data pslverr Output 1 APB slave error tx_ready Output 1 DES requests new input data from DMA engine rx_ready Output 1 DES indicates that new data can be read by DMA engine interrupt_n Output 1 Interrupt request, active-low
Table 3: I/O Ports
For complete details of the APB signals, please refer to the AMBA 3 APB Protocol v1.0
Specification available at http://www.arm.com/products/system-ip/amba-specifications.php
3.1 Area and performance
Build Area Power Cycles (DES / TDEA)
APB_DATA_WIDTH=32,
ROUNDS_PER_CYCLE=1
7.3 Kgates 21 uW + 4.2 uW / MHz DES: 1 + 16
TDEA: 3 + 48
APB_DATA_WIDTH=32, ROUNDS_PER_CYCLE=2
9.0 Kgates 55 uW + 6.1 uW / MHz DES: 1 + 8 TDEA: 3 + 24
eSi-DES
Version 1.0.0 - Confidential 9 of 16 © 2016 EnSilica Ltd, All Rights Reserved
4 Software Interface
4.1 Register Map
Register Address
offset Access Description
control 0x00 R/W Controls different operation modes status 0x04 R/W Indicates current status of the DES/TDEA engine key_a[31:0] 0x08 R/W Key[31:0] for DES / 1st stage of DES/TDEA key_a[63:32] 0x0c R/W Key[63:32] for DES / 1st stage of DES/TDEA key_b[31:0] 0x10 R/W Key[31:0] for 2nd stage of TDEA key_b[63:32] 0x14 R/W Key[63:32] for 2nd stage of TDEA key_c[31:0] 0x18 R/W Key[31:0] for 3rd stage of TDEA key_c[63:32] 0x1c R/W Key[63:32] for 3rd stage of TDEA data_in[31:0] 0x20 R/W Data to be ciphered/de-ciphered [31:0] data_in[63:32] 0x24 R/W Data to be ciphered/de-ciphered [63:32] + start iv[31:0] 0x28 W Initialisation vector [31:0] iv[63:32] 0x2c W Initialisation vector [63:32] data_out[31:0] 0x30 R Ciphered/de-ciphered ouput data [31:0] data_out[63:32] 0x34 R Ciphered/de-ciphered ouput data [63:32]
Table 4: Register Map when BITS=32
Register Address
offset Access Description
control 0x00 R/W Controls different operation modes status 0x04 R/W Indicates current status of the DES/TDEA engine key_a[15:0] 0x08 R/W Key[15:0] for DES / 1st stage of DES/TDEA key_a[31:16] 0x0a R/W Key[31:16] for DES / 1st stage of DES/TDEA key_a[47:32] 0x0c R/W Key[47:32] for DES / 1st stage of DES/TDEA key_a[63:48] 0x0e R/W Key[63:48] for DES / 1st stage of DES/TDEA key_b[15:0] 0x10 R/W Key[15:0] for 2nd stage of TDEA key_b[31:16] 0x12 R/W Key[31:16] for 2nd stage of TDEA key_b[47:32] 0x14 R/W Key[47:32] for 2nd stage of TDEA key_b[63:48] 0x16 R/W Key[63:48 for 2nd stage of TDEA key_c[15:0] 0x18 R/W Key[15:0] for 3rd stage of TDEA key_c[31:16] 0x1a R/W Key[31:16] for 3rd stage of TDEA key_c[47:32] 0x1c R/W Key[47:32] for 3rd stage of TDEA key_c[63:48] 0x1e R/W Key[63:48 for 3rd stage of TDEA data_in[15:0] 0x20 R/W Data to be ciphered/de-ciphered [15:0] data_in[31:16] 0x22 R/W Data to be ciphered/de-ciphered [31:16] data_in[47:32] 0x24 R/W Data to be ciphered/de-ciphered [47:32] data_in[63:48] 0x26 R/W Data to be ciphered/de-ciphered [63:48] + start iv[15:0] 0x28 W Initialisation vector [15:0] iv[31:16] 0x2a W Initialisation vector [31:16] iv[47:32] 0x2c W Initialisation vector [47:32] iv[63:48] 0x2e W Initialisation vector [63:48] data_out[15:0] 0x30 R Ciphered/de-ciphered ouput data [15:0] data_out[31:16] 0x32 R Ciphered/de-ciphered ouput data [31:16] data_out[47:32] 0x34 R Ciphered/de-ciphered ouput data [47:32] data_out[63:48] 0x36 R Ciphered/de-ciphered ouput data [63:48]
Table 5: Register Map when BITS=16
eSi-DES
Version 1.0.0 - Confidential 10 of 16 © 2016 EnSilica Ltd, All Rights Reserved
4.1.1 Control Register
Sets up the DES/TDEA engine to perform in the given operation modes. Cipher/de-cipher will
not start until a write to the highest data_in register (data_in_1 when BITS=32 and
data_in_3 when BITS=16) is performed. Changes to this register while operation is in
progress will result in data corruption.
7 6 5:4 3 2 1 0
- INIT_CH IE MODE TDES ENC DMA EN
Figure 11: Format of the control register
Register Values Description EN 0 – Disable
1 – Enable
Main control switch to enable / disable the DES/TDEA
peripheral DMA 0 – Disable
1 – Enable
Enables DMA interface
ENC 0 - Decrypt
1 - Encrypt
Perform encryption or decryption of 64-bit data vector
TDES 0 - Single DES
1 - Triple DES
Single DES or Triple DES operation
MODE 0 - ECB
1 - CBC
2 - CFB
3 - OFB
Inter block chaining selection. Combines Data_out of the
previous iteration (or an IV vector for the first run) with
new Data_in to improve security
IE 0 - Disable
1 - Enable
Interrupt enable
INIT_CH 0 - Existing chain
1 - New chain
Write a 1 to this bit to start a new inter-block chain. The
written 1 will self clear after the next block is computed.
In CBC, CFB or OFB modes the IV vector will be used
when INIT_CH = 1
Table 6: Fields of the control register
4.1.2 Status Register
Returns the status of the encryption engine. The DONE flag will be asserted once a full block
cipher/de-cipher has completed. Polling this field until a ‘1’ is seen is a way to monitor when
the engine has completed a block if interrupts are not suppored. Writing a 1 to this field will
clear the DONE flag and de-assert the interrupt request to the CPU. Writing a 0 has no effect.
While an operation is ongoing the BLOCK_NUM field will show which block iteration is being
performed. This can be only block1 for single DES and block1 to block3 for TDEA. Writing to
this field will have no effect.
2:1 0
- BLOCK_NUM DONE
Figure 12: Format of the status register
Register Values Description DONE 0 - Not done
1 - Done
Full cipher / de-chipher operation done. For TDEA this bit
will be asserted only after the 3rd stage has completed BLOCK_NUM 0 - Inactive
1 - Block1
2 - Block2
3 - Block3
Block number being performed. 0 when no cipher/de-
cipher in progress.
Table 7: Fields of the status register
eSi-DES
Version 1.0.0 - Confidential 11 of 16 © 2016 EnSilica Ltd, All Rights Reserved
4.1.3 Key_a Register
This 64-bit register holds the key for a Single DES operation or the key for the first stage of a
TDEA operation. It is split in two 32-bit or four 16-bit physical registers depending upon the
value of the BITS configuration point.
BITS = 32
31 0
key_a[31:0]
Figure 13: Format of the key_a_0 register when BITS=32
31 0
key_a[63:32]
Figure 14: Format of the key_a_1 register when BITS=32
BITS = 16
15 0
key_a[15:0]
Figure 15: Format of the key_a_0 register when BITS=16
15 0
key_a[31:16]
Figure 16: Format of the key_a_1 register when BITS=16
15 0
key_a[47:32]
Figure 17: Format of the key_a_2 register when BITS=16
15 0
key_a[63:48]
Figure 18: Format of the key_a_3 register when BITS=16
4.1.4 Key_b Register
This 64-bit register holds the key for the second stage of a TDEA operation. Unused in Single
DES mode. It is split in two 32-bit or four 16-bit physical registers depending upon the value
of the BITS configuration point.
BITS = 32
31 0
key_b[31:0]
Figure 19: Format of the key_b_0 register when BITS=32
31 0
key_b[63:32]
eSi-DES
Version 1.0.0 - Confidential 12 of 16 © 2016 EnSilica Ltd, All Rights Reserved
Figure 20: Format of the key_b_1 register when BITS=32
BITS = 16
15 0
key_b[15:0]
Figure 21: Format of the key_b_0 register when BITS=16
15 0
key_b[31:16]
Figure 22: Format of the key_b_1 register when BITS=16
15 0
key_b[47:32]
Figure 23: Format of the key_b_2 register when BITS=16
15 0
key_b[63:48]
Figure 24: Format of the key_b_3 register when BITS=16
4.1.5 Key_c Register
This 64-bit register holds the key for the third stage of a TDEA operation. Unused in Single
DES mode. It is split in two 32-bit or four 16-bit physical registers depending upon the value
of the BITS configuration point.
BITS = 32
31 0
key_c[31:0]
Figure 25: Format of the key_c_0 register when BITS=32
31 0
key_c[63:32]
Figure 26: Format of the key_c_1 register when BITS=32
BITS = 16
15 0
key_c[15:0]
Figure 27: Format of the key_c_0 register when BITS=16
15 0
key_c[31:16]
Figure 28: Format of the key_c_1 register when BITS=16
15 0
key_c[47:32]
eSi-DES
Version 1.0.0 - Confidential 13 of 16 © 2016 EnSilica Ltd, All Rights Reserved
Figure 29: Format of the key_c_2 register when BITS=16
15 0
key_c[63:48]
Figure 30: Format of the key_c_3 register when BITS=16
4.1.6 Data_In Register
This 64-bit register holds the data block to be encrypted or decrypted. It is split in two 32-bit
or four 16-bit physical registers depending upon the value of BITS. Writing to the top data_in
register (data_in_1 when BITS=32 or data_in_3 when BITS=16) will trigger the DES/TDEA
engine to start processing input data. Therefore this should be the last register to write to
prior to a DES/TDEA cipher/de-cipher operation.
BITS = 32 31 0
data_in[31:0]
Figure 31: Format of the data_in_0 register
31 0
data_in[63:32]
Figure 32: Format of the data_in_1 register
BITS = 16
15 0
data_in[15:0]
Figure 33: Format of the data_in_0 register
15 0
data_in[31:16]
Figure 34: Format of the data_in_1 register
15 0
data_in[47:32]
Figure 35: Format of the data_in_2 register
15 0
data_in[63:48]
Figure 36: Format of the data_in_3 register
4.1.7 IV Register
The initialisation vector is a 64-bit write-only register used in all modes except ECB to
randomise encryption/decryption at the start of the chain. It is only used during the first block
cipher/de-chipher when INIT_CH = 1. It is split in two 32-bit or four 16-bit physical registers
depending upon the value of the BITS configuration point.
eSi-DES
Version 1.0.0 - Confidential 14 of 16 © 2016 EnSilica Ltd, All Rights Reserved
BITS = 32
31 0
iv[31:0]
Figure 37: Format of the iv_0 register when BITS=32
31 0
iv[63:32]
Figure 38: Format of the iv_1 register when BITS=32
BITS = 16
15 0
iv[15:0]
Figure 39: Format of the iv_0 register when BITS=16
15 0
iv[31:16]
Figure 40: Format of the iv_1 register when BITS=16
15 0
iv[47:32]
Figure 41: Format of the iv_2 register when BITS=16
15 0
iv[63:48]
Figure 42: Format of the iv_3 register when BITS=16
4.1.8 Data_Out Register
This 64-bit read-only register holds the data result of the completed encryption/decryption. It
is split in two 32-bit or four 16-bit physical registers depending upon the value of BITS.
BITS = 32
31 0
data_out[31:0]
Figure 43: Format of the data_out_0 register
31 0
data_out[63:32]
Figure 44: Format of the data_out_1 register
BITS = 16
31 0
data_out[15:0]
Figure 45: Format of the data_out_0 register
eSi-DES
Version 1.0.0 - Confidential 15 of 16 © 2016 EnSilica Ltd, All Rights Reserved
31 0
data_out[31:16]
Figure 46: Format of the data_out_1 register
31 0
data_out[47:32]
Figure 47: Format of the data_out_2 register
31 0
data_out[63:48]
Figure 48: Format of the data_out_3 register
4.2 Interrupts
The eSi-DES supports the following interrupt requests:
Block done interrupt
This interrupt will be raised when an entire DES/TDEA operation completes. This involves 16
rounds of encryption or decryption in the case of single DES, or 48 rounds in three stages for
TDEA. The interrupt will be asserted low at the same time as the status.DONE register is
asserted high only if the register control.IE is enabled. The interrupt will be cleared when a
1 is written to this register.
eSi-DES
Version 1.0.0 - Confidential 16 of 16 © 2016 EnSilica Ltd, All Rights Reserved
5 Revision History
Hardware
Revision
Software
Release
Description
1.0.0 1.0.0 Initial release
1.1.0 1.0.0 Added support for DMA flow control and global enable control.EN field
Table 8: Revision History