Section 49. Crypto Engine and Random Number Generator...

Section 49. Crypto Engine and Random Number Generator (RNG)

Cryp

to E

ng

ine

an

d

Ran

do

m N

um

ber

Ge

ne

rator (R

NG

)

49

HIGHLIGHTS

This section of the manual contains the following major topics:

49.1 Introduction .................................................................................................................. 49-2

49.2 Control Registers ......................................................................................................... 49-4

49.3 Crypto Engine Buffer Descriptors .............................................................................. 49-22

49.4 Crypto Engine Security Association Structure ........................................................... 49-26

49.5 Crypto Engine Operation ........................................................................................... 49-33

49.6 Crypto Engine Interrupts ............................................................................................ 49-40

49.7 Random Number Generator Operation...................................................................... 49-42

49.8 Random Number Generator Interrupts ...................................................................... 49-43

49.9 Effects of Various Resets ........................................................................................... 49-43

49.10 Operation in Power-Saving Modes ............................................................................ 49-43

49.11 Related Application Notes.......................................................................................... 49-44

49.12 Revision History ......................................................................................................... 49-45

© 2013-2015 Microchip Technology Inc. DS60001246B-page 49-1

PIC32 Family Reference Manual

49.1 INTRODUCTION

49.1.1 Crypto Engine Features

The Crypto Engine is intended to accelerate applications that need cryptographic functions. Byexecuting these functions in the hardware module, software overhead is reduced, and actionssuch as encryption, decryption, and authentication can execute much more quickly.

The Crypto Engine uses a descriptor-based DMA for efficient programming of the security asso-ciation data and packet pointers (allowing scatter/gather data fetching). An intelligent statemachine schedules the Crypto Engine based on the protocol selection and packet boundaries.The hardware engines can perform the encryption and authentication in sequence or in parallel.

Key features of the Crypto Engine include: priority

• Bulk ciphers and hash engines• Integrated DMA to off-load processing:

- Buffer descriptor-based- Security Association per Buffer Descriptor

• Some functions can execute in parallel

Bulk ciphers that are handled by the Crypto Engine include:

• AES:- 128-bit, 192-bit, and 256-bit key sizes- CBC, ECB, CTR, CFB, and OFB modes

• DES/TDES:- CBC, ECB, CFB, and OFB modes

Authentication engines that are available through the Crypto Engine include:

• SHA-1• SHA-256• MD-5• AES-GCM• HMAC operation (for all authentication engines)

Figure 49-1: Crypto Engine Block Diagram

Note: This family reference manual section is meant to serve as a complement to devicedata sheets. Depending on the device variant, this manual section may not apply toall PIC32 devices.

Please consult the note at the beginning of the “Crypto Engine and RandomNumber Generator (RNG)” chapter in the current device data sheet to checkwhether this document supports the device you are using.

Device data sheets and family reference manual sections are available fordownload from the Microchip Worldwide Web site at: http://www.microchip.com

DMAController

System

INBFIFO

OUTBFIFO

CryptoFSM

PacketRD

PacketWR

AES

TDES

SHA-1/256

MD5

Loca

l Bus

SFRSystem

Bus

Bus

DS60001246B-page 49-2 © 2013-2015 Microchip Technology Inc.

http://www.microchip.com

Section 49. Crypto Engine and Random Number Generator (RNG)C

ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

49.1.2 Random Number Generator (RNG) Features

The Random Number Generator (RNG) core implements a thermal noise-based, True RandomNumber Generator (TRNG) and a cryptographically secure Pseudo-Random NumberGenerator (PRNG).

The TRNG uses multiple ring oscillators and the inherent thermal noise of integrated circuits togenerate true random numbers that can initialize the PRNG.

The PRNG is a flexible LSFR, which is capable of manifesting a maximal length LFSR of up to64-bits.

The following are some of the key features of the RNG:

• TRNG:

- Up to 25 Mbps of random bits

- Multi-Ring Oscillator-based design

- Built in Bias Corrector

• PRNG:

- LSFR-based

- Up to 64-bit polynomial length

- Programmable polynomial

- TRNG can be seed value

Figure 49-2: Random Number Generator Block Diagram

System Bus Target

PRNGSFR

Edge Comparator

RingRing

Bias Corrector

TRNG

Oscillator Oscillator



49.2 CONTROL REGISTERS

The Crypto Engine and RNG for PIC32 devices contain the following Special Function Registers(SFRs):

• CEVER: Crypto Engine Revision, Version, and ID Register

This read-only register contains version information for the Crypto Engine core.

• CECON: Crypto Engine Control Register

This register controls the Crypto Engine, enabling and disabling DMA and the BufferDescriptor Processor.

• CEBDADDR: Crypto Engine Buffer Descriptor Register

This read-only register contains the address of the current Buffer Descriptor the BufferDescriptor Processor is processing

• CEBDPADDR: Crypto Engine Buffer Descriptor Processor Register

This register controls the address from which the DMA starts fetching Buffer Descriptors.

• CESTAT: Crypto Engine Status Register

This read-only register contains the current status of the Crypto Engine.

• CEINTSRC: Crypto Engine Interrupt Source Register

This register indicates what triggered an interrupt from the Crypto Engine core. Possiblesources include DMA, an empty TX Buffer Descriptor, or a DMA packet completion.

• CEINTEN: Crypto Engine Interrupt Enable Register

This register controls which interrupts are enabled/disabled from the Crypto Engine core.

• CEPOLLCON: Crypto Engine Poll Control Register

This register controls how long the Buffer Descriptor Processor will wait before refetching adescriptor control word if the previous descriptor fetched was disabled.

• CEHDLEN: Crypto Engine Header Length Register

This register controls how much data in a packet should be unchanged before filling the data.

• CETRLLEN: Crypto Engine Trailer Length Register

This register controls how much data should be unchanged at the end of a packet.

• CEDTXSTAT: Crypto Engine DTX Debug Status Register

This read -only register indicates the status of the outgoing FIFO in the Crypto Engine.

• CEDRXSTAT: Crypto Engine DRX Debug Status Register

This read-only register indicates the status of the incoming FIFO in the Crypto Engine.

• RNGVER: Random Number Generator ID, Version, and Revision Register

This register read-only register contains version information for the RNG core.

• RNGCON: Random Number Generator Control Register

This register controls the RNG, enabling and disabling the TRNG and RNG, transferring theseed value from the TRNG to the PRNG, and enabling continuous pseudo-random numbergeneration.

• RNGPOLY1: Random Number Generator Polynomial Register 1

This register controls the Least Significant Byte 32-bits of the polynomial, which generates thepseudo-random bit.

• RNGPOLY2: Random Number Generator Polynomial Register 2

This register controls the Most Significant Byte 32-bits of the polynomial which generates thepseudo-random bit.



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

• RNGNUMGEN1: Random Number Generator Pseudo-Random Number Generator Register 1

This register contains the Least Significant Byte 32-bits of the current random number in thePRNG. It may be written to set an initial seed value for the PRNG.

• RNGNUMGEN2: Random Number Generator Pseudo-Random Number Generator Register 2

This register contains the Most Significant Byte 32-bits of the current random number in thePRNG. It may be written to set an initial seed value for the PRNG.

• RNGSEED1: True Random Number Generator Seed Register 1

This read-only register contains the Least Significant Byte 32-bits of the TRNG.

• RNGSEED2: True Random Number Generator Seed Register 2

This read-only register contains the Most Significant Byte 32-bits of the TRNG.

• RNGRCNT: True Random Number Generator Count Register

This read-only register indicates the number of valid bits in the TRNG registers,RNGSEEDx. To ensure randomness, developers should not use the RNGSEEDx registersuntil this register reaches the appropriate value for the number of bits desired.


PIC

32 Fam

ily Referen

ce Man

ual

DS

60001246B

-page 49-6

© 2013-2015 M

icrochip Technolo

gy Inc.

registers. Corresponding registers appear after

5 Bit 20/4 Bit 19/3 Bit 118/2 Bit 17/1 Bit 16/0

VERSION<7:0>

— — — — —

N — — BDPCHST BDPPLEN DMAEN

BDSTATE<3:0> START ACTIVE

— — — — —

— AREIF PKTIF CBDIF PENDIF

— — — — —

— AREIE PKTIE CBDIE PENDIE

— — — — —

— — — — —

HDRLEN<7:0>

— — — — —

TRLRLEN<7:0>

— DTXBLEN<15:12>

DTXSTATE<3:0>

— DRXBLEN<15:12>

DRXSTATE<3:0>

Table 49-1 and Table 49-2 provide brief summaries of the related Crypto Engine and RNG the summary, followed by a detailed description of each bit.

Table 49-1: Crypto Engine SFR Summary

Name Bit 31/15 Bit 30/14 Bit 29/13 Bit 28/12 Bit 27/11 Bit 26/10 Bit 25/9 Bit 24/8 Bit 23/7 Bit 22/6 Bit 21/

CEVER 31:16 REVISION<7:0>

15:0 ID<15:0>

CECON 31:16 — — — — — — — — — — —

15:0 — — — — — — — — SWAPOEN SWRST SWAPE

CEBDADDR 31:16 BDPADDR<31:16>

15:0 BDPADDR<15:0>

CEBDPADDR 31:16 BASEADDR<31:16>

15:0 BASEADDR<15:0>

CESTAT 31:16 ERRMODE<2:0> ERROP<2:0> ERRPHASE<1:0> — —

15:0 BDCTRL<15:0>

CEINTSRC 31:16 — — — — — — — — — — —

15:0 — — — — — — — — — — —

CEINTEN 31:16 — — — — — — — — — — —

15:0 — — — — — — — — — — —

CEPOLLCON 31:16 — — — — — — — — — — —

15:0 BDPPLCON<15:0>

CEHDLEN 31:16 — — — — — — — — — — —

15:0 — — — — — — — —

CETRLLEN 31:16 — — — — — — — — — — —

15:0 — — — — — — — —

CEDTXSTAT 31:16 — — — — — — — — — — —

15:0 DTXBLEN<11:0>

CEDRXSTAT 31:16 — — — — — — — — — — —

15:0 DTXBLEN<11:0>

Legend: — = unimplemented, read as ‘0’.

© 2013-2015 M

icrochip Technolo

gy Inc.

DS

60001246B

-page 49-7

Sectio

n 49. C

rypto

En

gin

e and

Ran

do

m N

um

ber G

enerato

r (RN

G)

Ta

Na Bit 20/4 Bit 19/3 Bit 118/2 Bit 17/1 Bit 16/0

RN

REVISION<7:0>

RN — — — — —

PLEN<6:0>

RN

RN

RN

RN

RN

RN

RN — — — — —

RCNT<6:0>

Le

Crypto Engine and Random Number Generator (RNG) 49

ble 49-2: Random Number Generator SFR Summary

me Bit 31/15 Bit 30/14 Bit 29/13 Bit 28/12 Bit 27/11 Bit 26/10 Bit 25/9 Bit 24/8 Bit 23/7 Bit 22/6 Bit 21/5

GVER 31:16 ID<15:0>

15:0 VERSION<7:0>

GCON 31:16 — — — — — — — — — — —

15:0 — — — LOAD — CONT PRNGEN TRNGEN —

GPOLY1 31:16 POLY1<31:16>

15:0 POLY1<15:0>

GPOLY2 31:16 POLY2<31:16>

15:0 POLY2<15:0>

G1 31:16 RNG1<31:16>

15:0 RNG1<15:0>

G2 31:16 RNG2<31:16>

15:0 RNG2<15:0>

GSEED1 31:16 RDATA1<31:16>

15:0 RDATA1<15:0>

GSEED2 31:16 RDATA2<31:16>

15:0 RDATA2<15:0>

GRCNT 31:16 — — — — — — — — — — —

15:0 — — — — — — — — —

gend: — = unimplemented, read as ‘0’.


Register 49-1: CEVER: Crypto Engine Revision, Version, and ID Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

REVISION<7:0>

23:16R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

VERSION<7:0>

15:8R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

ID<15:8>

7:0R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

ID<7:0>

Legend:

R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’

-n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared x = Bit is unknown

bit 31-24 REVISION<7:0>: Crypto Engine Revision bits

bit 23-16 VERSION<7:0>: Crypto Engine Version bits

bit 15-0 ID<15:0>: Crypto Engine Identification bits



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

Register 49-2: CECON: Crypto Engine Control Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

23:16U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

15:8U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

7:0R/W-0 R/W-0 R/W-0 U-0 U-0 R/W-0 R/W-0 R/W-0

SWAPOEN(1) SWRST SWAPEN — — BDPCHST BDPPLEN DMAEN

Legend:



bit 31-8 Unimplemented: Read as ‘0’

bit 7 SWAPOEN: Output Data Swap Enable bit(1)

1 = Output data is byte swapped when read by dedicated DMA0 = Output data is not byte swapped when read by dedicated DMA

bit 6 SWRST: Software Reset bit

1 = Initiate a software Reset of the Crypto Engine0 = Normal operation

bit 5 SWAPEN: Input Data Swap Enable bit

1 = Input data is byte swapped when read by dedicated DMA0 = Input data is not byte swapped when read by dedicated DMA


bit 2 BDPCHST: Buffer Descriptor Processor Fetch Enable bit

This bit should be enabled only after all DMA descriptor programming is completed.

1 = Buffer Descriptor Processor descriptor fetch is enabled0 = Buffer Descriptor Processor descriptor fetch is disabled

bit 1 BDPPLEN: Buffer Descriptor Processor Poll Enable bit

This bit should be enabled only after all DMA descriptor programming is completed.

1 = Poll for descriptor until valid bit is set0 = Do not poll

bit 0 DMAEN: DMA Enable bit

1 = Crypto Engine DMA is enabled0 = Crypto Engine DMA is disabled

Note 1: This bit is not available on all devices. Refer to the “Crypto Engine and RNG” chapter in the specific device data sheet to determine availability.



Register 49-3: CEBDADDR: Crypto Engine Buffer Descriptor Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

BDPADDR<31:24>

23:16R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

BDPADDR<23:16>

15:8R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

BDPADDR<15:8>

7:0R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

BDPADDR<7:0>

Legend:



bit 31-0 BDPADDR<31:0>: Current Buffer Descriptor Process Address Status bits

These bits contain the current descriptor address that is being processed by the Buffer DescriptorProcessor.

Register 49-4: CEBDPADDR: Crypto Engine Buffer Descriptor Processor Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0

BASEADDR<31:24>


BASEADDR<23:16>


BASEADDR<15:8>


BASEADDR<7:0>

Legend:



bit 31-0 BASEADDR<31:0>: DMA Base Address Status bits

These bits contain the base address of the DMA controller. After a reset, a fetch starts from this address.



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

Register 49-5: CESTAT: Crypto Engine Status Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

ERRMODE<2:0> ERROP<2:0> ERRPHASE<1:0>

23:16U-0 U-0 R-0 R-0 R-0 R-0 R-0 R-0

— — BDSTATE<3:0> START ACTIVE

15:8R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

BDCTRL<15:8>

7:0R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

BDCTRL<7:0>

Legend:



bit 31-29 ERRMOD<2:0>: Internal Error Mode Status bits111 = Reserved•••

001 = Reserved000 = Normal operation

bit 28-26 ERROP<2:0>: Internal Error Operation Status bits111 = Reserved110 = Reserved101 = Reserved100 = Authentication011 = Reserved010 = Decryption001 = Encryption000 = Reserved

bit 25-24 ERRPHASE<1:0>: Internal Error Phase of DMA Status bits11 = Destination data10 = Source data01 = Security Association access00 = Buffer Descriptor access


bit 21-18 BDSTATE<3:0>: Buffer Descriptor Processor State Status bitsThese bits contain a number, which indicates the current state of the Buffer Descriptor Processor:1111 = Reserved•••

0111 = Reserved 0110 = Security Association fetch0101 = Fetch Buffer Descriptor Processor is disabled0100 = Descriptor is done0011 = Data phase0010 = Buffer Descriptor Processor is loading0001 = Descriptor fetch request is pending0000 = Buffer Descriptor Processor is idle

bit 17 START: DMA Start Status bit1 = DMA start has occurred0 = DMA start has not occurred

bit 16 ACTIVE: Buffer Descriptor Processor Status bit1 = Buffer Descriptor Processor is active0 = Buffer Descriptor Processor is idle

bit 15-0 BDCTRL<15:0>: Descriptor Control Word Status bitsThese bits contain the current descriptor control word.



Register 49-6: CEINTSRC: Crypto Engine Interrupt Source Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

23:16U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

15:8U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

7:0U-0 U-0 U-0 U-0 R-0, HS R-0, HS R-0, HS R-0, HS

— — — — AREIF(1) PKTIF(1) CBDIF(1) PENDIF(1)

Legend: HS = Set by hardware




bit 3 AREIF: Access Response Error Interrupt bit(1)

1 = The Crypto Engine attempted to access an invalid memory location0 = No error has occurred

bit 2 PKTIF: DMA Packet Completion Interrupt Status bit(1)

1 = DMA packet was completed0 = DMA packet was not completed

bit 1 CBDIF: Buffer Descriptor Transmit Status bit(1)

1 = Last Buffer Descriptor transmit was processed0 = Last Buffer Descriptor transmit has not been processed

bit 0 PENDIF: Crypto Engine Interrupt Pending Status bit(1)

1 = Crypto Engine interrupt is pending (this value is the result of an OR of all interrupts in the Crypto Engine)0 = Crypto Engine interrupt is not pending

Note 1: Write a '1' to this bit to clear the interrupt.



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

Register 49-7: CEINTEN: Crypto Engine Interrupt Enable Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

23:16U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

15:8U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

7:0U-0 U-0 U-0 U-0 R/W-0 R/W-0 R/W-0 R/W-0

— — — — AREIE PKTIE BDPIE PENDIE(1)

Legend:




bit 3 AREIE: Access Response Error Interrupt Enable bit

1 = Access response error interrupts are enabled0 = Access response error interrupts are not enabled

bit 2 PKTIE: DMA Packet Completion Interrupt Enable bit

1 = DMA packet completion interrupts are enabled0 = DMA packet completion interrupts are not enabled

bit 1 BDPIE: DMA Buffer Descriptor Processor Interrupt Enable bit

1 = Buffer Descriptor Processor interrupts are enabled0 = Buffer Descriptor Processor interrupts are not enabled

bit 0 PENDIE: Master Interrupt Enable bit(1)

1 = Crypto Engine interrupts are enabled0 = Crypto Engine interrupts are not enabled

Note 1: The PENDIE bit is a Global enable bit and must be enabled together with the other interrupts desired.



Register 49-8: CEPOLLCON: Crypto Engine Poll Control Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

23:16U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —


BDPPLCON<15:8>


BDPPLCON<7:0>

Legend:




bit 15-0 BDPPLCON<15:0>: Buffer Descriptor Processor Poll Control bits

These bits determine the number of cycles that the DMA transmit Buffer Descriptor Processor would waitbefore refetching the descriptor control word if the previous descriptor fetched was disabled.

Register 49-9: CEHDLEN: Crypto Engine Header Length Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

23:16U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

15:8U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —


HDRLEN<7:0>

Legend:




bit 7-0 HDRLEN<7:0>: DMA Header Length bits

For every packet, leave this length of locations and start filling the data.



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

Register 49-10: CETRLLEN: Crypto Engine Trailer Length Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

23:16U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

15:8U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —


TRLRLEN<7:0>

Legend:




bit 7-0 TRLRLEN<7:0>: DMA Trailer Length bits

For every packet, leave this length of locations and start putting the next packet.

Register 49-11: CEDTXSTAT: Crypto Engine DTX Debug Status Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

23:16U-0 U-0 U-0 U-0 R-0 R-0 R-0 R-0

— — — — DTXBLEN<15:12>

15:8R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

DTXBLEN<11:4>

7:0R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

DTXBLEN<3:0> DTXSTATE<3:0>

Legend:




bit 19-4 DTXBLEN<15:0>: Current DMA Transmit Buffer Length Debug Status bits

bit 3-0 DTXSTATE<3:0>: Current DMA Transmit States Debug Status bits

1111 = Reserved•••

0110 = Reserved0101 = Transmitting to internal Crypto Engine Memory0100 = Reserved0011 = Wait0010 = Reserved0001 = Reserved0000 = Idle



Register 49-12: CEDRXSTAT: Crypto Engine DRX Debug Status Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

23:16U-0 U-0 U-0 U-0 R-0 R-0 R-0 R-0

— — — — DRXBLEN<15:12>

15:8R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

DTXBLEN<11:4>

7:0R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

DRXBLEN<3:0> DRXSTATE<3:0>

Legend:




bit 19-4 DTXBLEN<15:0>: Current DMA Receive Buffer Length Debug Status bits

bit 3-0 DTXSTATE<3:0>: Current DMA Receive States Debug Status bits

1111 = Transaction is in progress•••

0001 = Transaction is in progress0000 = Idle

Register 49-13: RNGVER: Random Number Generator ID, Version, and Revision Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

ID<15:8>

23:16R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

ID<7:0>

15:8R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

VERSION<7:0>

7:0R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

REVISION<7:0>

Legend:



bit 31-16 ID<15:0>: Block Identification bits

bit 15-8 VERSION<7:0>: Block Version bits

bit 7-0 REVISION<7:0>: Block Revision bits



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

Register 49-14: RNGCON: Random Number Generator Control Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

23:16U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

15:8U-0 U-0 U-0 R/W-0, HC U-0 R/W-0 R/W-0 R/W-0

— — — LOAD — CONT PRNGEN TRNGEN

7:0U-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0

— PLEN<6:0>

Legend: HC = Cleared by hardware




bit 12 LOAD: Device Select bit

Setting this bit to ‘1’ loads the seed from the TRNG (i.e., the random value) as a seed to the PRNG. It is cleared automatically by hardware.

bit 11 Unimplemented: Read as ‘0’

bit 10 CONT: PRNG Number Shift Enable bit

1 = The PRNG random number is shifted every cycle0 = The PRNG random number is shifted when the previous value is removed

bit 9 PRNGEN: PRNG Operation Enable bit

1 = PRNG operation is enabled0 = PRNG operation is not enabled

bit 8 TRNGEN: TRNG Operation Enable bit

1 = TRNG operation is enabled0 = TRNG operation is not enabled

bit 7 Unimplemented: Read as ‘0’; must always be written as ‘0’

bit 6-0 PLEN<6:0>: PRNG Polynomial Length bits

These bits contain the length of the polynomial used for the PRNG.



Register 49-15: RNGPOLY1: Random Number Generator Polynomial Register 1

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0


POLY1<31:24>


POLY1<23:16>


POLY1<15:8>


POLY1<7:0>

Legend:



bit 31-0 POLY1<31:0>: PRNG LFSR Polynomial Least Significant Byte bits

These bits are reverse-order for the LSFR. Therefore, these bits actually represent bits 0-31 of the LSFR.

Register 49-16: RNGPOLY2: Random Number Generator Polynomial Register 2

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0


POLY2<31:24>


POLY2<23:16>


POLY2<15:8>


POLY2<7:0>

Legend:



bit 31-0 POLY2<31:0>: PRNG LFSR Polynomial Most Significant Byte bits

These bits are reverse-order for the LSFR. Therefore, these bits actually represent bits 32-63 of the LSFR.



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

Register 49-17: RNGNUMGEN1: Random Number Generator Pseudo-Random Number Generator Register 1

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0


RNG1<31:24>


RNG1<23:16>


RNG1<15:8>


RNG1<7:0>

Legend:



bit 31-0 RNG1<31:0>: Current PRNG Least Significant Word Value bits

Register 49-18: RNGNUMGEN2: Random Number Generator Pseudo-Random Number Generator Register 2

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0


RNG2<31:24>


RNG2<23:16>


RNG2<15:8>


RNG2<7:0>

Legend:



bit 31-0 RNG2<31:0>: Current PRNG Most Significant Word Value bits



Register 49-19: RNGSEED1: True Random Number Generator Seed Register 1

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

RDATA1<31:24>

23:16R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

RDATA1<23:16>

15:8R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

RDATA1<15:8>

7:0R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

RDATA1<7:0>

Legend:



bit 31-0 RDATA1<31:0>: TRNG Least Significant Word bits

Register 49-20: RNGSEED2: True Random Number Generator Seed Register 2

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

RDATA2<31:24>

23:16R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

RDATA2<23:16>

15:8R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

RDATA2<15:8>

7:0R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

RDATA2<7:0>

Legend:



bit 31-0 RDATA2<31:0>: TRNG Most Significant Word bits



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

Register 49-21: RNGRCNT: True Random Number Generator Count Register

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31:24U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

23:16U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

15:8U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0

— — — — — — — —

7:0U-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0

— RCNT<6:0>

Legend:




bit 6-0 RCNT<6:0>: Number of Valid TRNG Generated bits

When this count reaches 64, a new number is ready in the RNGSEEDx registers.



49.3 CRYPTO ENGINE BUFFER DESCRIPTORS

Host software creates a linked list of Buffer Descriptors and the hardware updates them.Table 49-3 provides a list of the Crypto Engine Buffer Descriptors, followed by formatdescriptions (see Figure 49-3 through Figure 49-10).

Table 49-3: Crypto Engine Buffer Descriptors

NameBit

31/23/15/7Bit

30/22/14/6Bit

29/21/13/5Bit

28/20/12/4Bit

27/19/11/3Bit

26/18/10/2Bit

25/17/9/1Bit

24/16/8/0

BD_CTRL 31:24 DESC_EN — — CRY_MODE<2:0> — — —

23:16 — SA_FETCH_EN — — LAST_BD LIFM PKT_INT_EN CBD_INT_EN

15:8 BD_BUFLEN<15:8>

7:0 BD_BUFLEN<7:0>

BD_SA_ADDR 31:24 BD_SAADDR<31:24>

23:16 BD_SAADDR<23:16>

15:8 BD_SAADDR<15:8>

7:0 BD_SAADR<7:0>

BD_SRCADDR 31:24 BD_SRCADDR<31:24>

23:16 BD_SRCADDR<23:16>

15:8 BD_SRCADDR<15:8>

7:0 BD_SRCADDR<7:0>

BD_DSTADDR 31:24 BD_DSTADDR<31:24>

23:16 BD_DSTADDR<23:16>

15:8 BD_DSTADDR<15:8>

7:0 BD_DSTADDR<7:0>

BD_NXTPTR 31:24 BD_NXTADDR<31:24>

23:16 BD_NXTADDR<23:16>

15:8 BD_NXTADDR<15:8>

7:0 BD_NXTADDR<7:0>

BD_UPDPTR 31:24 BD_UPDADDR<31:24>

23:16 BD_UPDADDR<23:16>

15:8 BD_UPDADDR<15:8>

7:0 BD_UPDADDR<7:0>

BD_MSG_LEN 31:24 MSG_LENGTH<31:24>

23:16 MSG_LENGTH<23:16>

15:8 MSG_LENGTH<15:8>

7:0 MSG_LENGTH<7:0>

BD_ENC_OFF 31:24 ENCR_OFFSET<31:24>

23:16 ENCR_OFFSET<23:16>





ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

Figure 49-3: Format of BD_CTRL

Figure 49-4: Format of BD_SADDR

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31-24 DESC_EN — CRY_MODE<2:0> — — —

23-16 —SA_

FETCH_EN— — LAST_BD LIFM

PKT_INT_EN

CBD_INT_EN

15-8 BD_BUFLEN<15:8>

7-0 BD_BUFLEN<7:0>

bit 31 DESC_EN: Descriptor Enable1 = The descriptor is owned by hardware. After processing the BD, hardware resets this bit to ‘0’.0 = The descriptor is owned by software

bit 30 Unimplemented: Must be written as ‘0’

bit 29-27 CRY_MODE<2:0>: Crypto Mode111 = Reserved110 = Reserved101 = Reserved100 = Reserved011 = CEK operation010 = KEK operation001 = Preboot authentication000 = Normal operation

bit 26-23 Unimplemented: Must be written as ‘0’

bit 22 SA_FETCH_EN: Fetch Security Association From External Memory1 = Fetch SA from the SA pointer. This bit needs to be set to ‘1’ for every new packet.0 = User current fetched SA or the internal SA

bit 21-20 Unimplemented: Must be written as ‘0’

bit 19 LAST_BD: Last Buffer DescriptorsAfter the last BD, the BD_PTR goes to the base address in the CSR.

bit 18 LIFM: Last In FrameIn case of Receive Packets (from H/W-> Host), this field is filled by the Hardware to indicate whether the packet goes across multiple buffer descriptors. In case of transmit packets (from Host -> H/W), this field indicates whether this BD is the last in the frame.

bit 17 PKT_INT_EN: Packet Interrupt EnableGenerate an interrupt after processing the current buffer descriptor, if it is the end of the packet.

bit 16 CBD_INT_EN: CBD Interrupt EnableGenerate an interrupt after processing the current buffer descriptor.

bit 15-0 BD_BUFLEN<15:0>: Buffer Descriptor LengthThis field contains the length of the buffer and is updated with the actual length filled by the receiver.

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31-24 BD_SAADDR<31:24>

23-16 BD_SAADDR<23:16>

15-8 BD_SAADDR<15:8>

7-0 BD_SAADDR<7:0>

bit 31-0 BD_SAADDR: Security Association IP Session AddressThe sessions’ Security Association pointer has the keys and IV values.



Figure 49-5: Format of BD_SRCADDR

Figure 49-6: Format of BD_DSTADDR

Figure 49-7: Format of BD_NXTADDR

Figure 49-8: Format of BD_UPDPTR

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31-24 BD_SCRADDR<31:24>

23-16 BD_SCRADDR<23:16>

15-8 BD_SCRADDR<15:8>

7-0 BD_SCRADDR<7:0>

bit 31-0 BD_SCRADDR: Buffer Source AddressThe source address of the buffer that needs to be passed through the PE-CRDMA for encryption or authentication.

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31-24 BD_DSTADDR<31:24>

23-16 BD_DSTADDR<23:16>

15-8 BD_DSTADDR<15:8>

7-0 BD_DSTADDR<7:0>

bit 31-0 BD_DSTADDR: Buffer Destination AddressThe destination address of the buffer that needs to be passed through the PE-CRDMA for encryption or authentication.

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31-24 BD_NXTADDR<31:24>

23-16 BD_NXTADDR<23:16>

15-8 BD_NXTADDR<15:8>

7-0 BD_NXTADDR<7:0>

bit 31-0 BD_NXTADDR: Next Buffer Descriptor Pointer Address Has Next Buffer DescriptorThe next buffer can be a next segment of the previous buffer or a new packet.

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31-24 BD_UPDADDR<31:24>

23-16 BD_UPDADDR<23:16>

15-8 BD_UPDADDR<15:8>

7-0 BD_UPDADDR<7:0>

bit 31-0 BD_UPDADDR: UPD Address LocationThe update address has the location where the CRDMA results are posted. The updated results are the ICV values, key output values as needed.



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

Figure 49-9: Format of BD_MSG_LEN

Figure 49-10: Format of BD_ENC_OFF

Example 49-1: Buffer Descriptor C Structures

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31-24 MSG_LENGTH<31:24>

23-16 MSG_LENGTH<23:16>

15-8 MSG_LENGTH<15:8>

7-0 MSG_LENGTH<7:0>

bit 31-0 MSG_LENGTH: Total Message LengthTotal message length for the hash and HMAC algorithms in bytes. Total number of Crypto bytes in case of GCM algorithm (LEN-C).

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31-24 ENCR_OFFSET<31:24>




bit 31-0 ENCR_OFFSET: Encryption OffsetEncryption offset for the multi-task test cases (both encryption and authentication). The number of AAD bytes in the case of GCM algorithm (LEN-A).

typedef struct bdCtrl { unsigned int BUFLEN : 16; unsigned int CBD_INT_EN : 1; unsigned int PKT_INT_EN : 1; unsigned int LIFM : 1; unsigned int LAST_BD: 1; unsigned int : 2; unsigned int SA_FETCH_EN : 1; unsigned int : 4; unsigned int CRY_MODE: 3; unsigned int : 1; unsigned int DESC_EN : 1; } bdCtrl;

typedef struct bufferDescriptor { bdCtrl BD_CTRL; unsigned int SA_ADDR; unsigned int SRCADDR; unsigned int DSTADDR; unsigned int NXTPTR; unsigned int UPDPTR; unsigned int MSGLEN; unsigned int ENCOFF; } bufferDescriptor;



49.4 CRYPTO ENGINE SECURITY ASSOCIATION STRUCTURE

Table 49-4 shows the Security Association structure.

The Crypto Engine uses the Security Association to determine the settings for processing aBuffer Descriptor Processor. The Security Association contains:

• Which algorithm to use

• Whether to use engines in parallel (for both authentication and encryption/decryption)

• The size of the key

• Authentication key

• Encryption/decryption key

• Authentication Initialization Vector (IV)

• Encryption IV

Table 49-4: Crypto Engine Security Association Structure

NameBit

31/23/15/7Bit

30/22/14/6Bit

29/21/13/5Bit

28/20/12/4Bit

27/19/11/3Bit

26/18/10/2Bit

25/17/9/1Bit

24/16/8/0

SA_CTRL 31:24 — — VERIFY — NO_RX OR_EN ICVONLY IRFLAG

23:16 LNC LOADIV FB FLAGS — — — ALGO<6>

15:8 ALGO<5:0> ENCTYPE KEYSIZE<1>

7:0 KEYSIZE<0> MULTITASK<2:0> CRYPTOALGO<3:0>

SA_AUTHKEY1 31:24 AUTHKEY<31:24>

23:16 AUTHKEY<23:16>

15:8 AUTHKEY<15:8>

7:0 AUTHKEY<7:0>


23:16 AUTHKEY<23:16>

15:8 AUTHKEY<15:8>

7:0 AUTHKEY<7:0>


23:16 AUTHKEY<23:16>

15:8 AUTHKEY<15:8>

7:0 AUTHKEY<7:0>


23:16 AUTHKEY<23:16>

15:8 AUTHKEY<15:8>

7:0 AUTHKEY<7:0>


23:16 AUTHKEY<23:16>

15:8 AUTHKEY<15:8>

7:0 AUTHKEY<7:0>


23:16 AUTHKEY<23:16>

15:8 AUTHKEY<15:8>

7:0 AUTHKEY<7:0>


23:16 AUTHKEY<23:16>

15:8 AUTHKEY<15:8>

7:0 AUTHKEY<7:0>


23:16 AUTHKEY<23:16>

15:8 AUTHKEY<15:8>

7:0 AUTHKEY<7:0>

SA_ENCKEY1 31:24 ENCKEY<31:24>

23:16 ENCKEY<23:16>

15:8 ENCKEY<15:8>

7:0 ENCKEY<7:0>


23:16 ENCKEY<23:16>

15:8 ENCKEY<15:8>

7:0 ENCKEY<7:0>



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49


23:16 ENCKEY<23:16>

15:8 ENCKEY<15:8>

7:0 ENCKEY<7:0>


23:16 ENCKEY<23:16>

15:8 ENCKEY<15:8>

7:0 ENCKEY<7:0>


23:16 ENCKEY<23:16>

15:8 ENCKEY<15:8>

7:0 ENCKEY<7:0>


23:16 ENCKEY<23:16>

15:8 ENCKEY<15:8>

7:0 ENCKEY<7:0>


23:16 ENCKEY<23:16>

15:8 ENCKEY<15:8>

7:0 ENCKEY<7:0>


23:16 ENCKEY<23:16>

15:8 ENCKEY<15:8>

7:0 ENCKEY<7:0>

SA_AUTHIV1 31:24 AUTHIV<31:24>

23:16 AUTHIV<23:16>

15:8 AUTHIV<15:8>

7:0 AUTHIV<7:0>


23:16 AUTHIV<23:16>

15:8 AUTHIV<15:8>

7:0 AUTHIV<7:0>


23:16 AUTHIV<23:16>

15:8 AUTHIV<15:8>

7:0 AUTHIV<7:0>


23:16 AUTHIV<23:16>

15:8 AUTHIV<15:8>

7:0 AUTHIV<7:0>


23:16 AUTHIV<23:16>

15:8 AUTHIV<15:8>

7:0 AUTHIV<7:0>


23:16 AUTHIV<23:16>

15:8 AUTHIV<15:8>

7:0 AUTHIV<7:0>


23:16 AUTHIV<23:16>

15:8 AUTHIV<15:8>

7:0 AUTHIV<7:0>


23:16 AUTHIV<23:16>

15:8 AUTHIV<15:8>

7:0 AUTHIV<7:0>

Table 49-4: Crypto Engine Security Association Structure (Continued)

NameBit

31/23/15/7Bit

30/22/14/6Bit

29/21/13/5Bit

28/20/12/4Bit

27/19/11/3Bit

26/18/10/2Bit

25/17/9/1Bit

24/16/8/0



SA_ENCIV1 31:24 ENCIV<31:24>

23:16 ENCIV<23:16>

15:8 ENCIV<15:8>

7:0 ENCIV<7:0>


23:16 ENCIV<23:16>

15:8 ENCIV<15:8>

7:0 ENCIV<7:0>


23:16 ENCIV<23:16>

15:8 ENCIV<15:8>

7:0 ENCIV<7:0>


23:16 ENCIV<23:16>

15:8 ENCIV<15:8>

7:0 ENCIV<7:0>

Table 49-4: Crypto Engine Security Association Structure (Continued)

NameBit

31/23/15/7Bit

30/22/14/6Bit

29/21/13/5Bit

28/20/12/4Bit

27/19/11/3Bit

26/18/10/2Bit

25/17/9/1Bit

24/16/8/0



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

Figure 49-11: Format of SA_CTRL

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31-24 — — VERIFY — NO_RX OR_EN ICVONLY IRFLAG

23-16 LNC LOADIV FB FLAGS — — — ALGO<6>

15-8 ALGO<5:0> ENC KEYSIZE<1>

7-0 KEYSIZE<0> MULTITASK<2:0> CRYPTOALGO<3:0>

bit 31-30 Reserved: Do not use

bit 29 VERIFY: NIST Procedure Verification Setting1 = NIST procedures are to be used0 = Do not use NIST procedures

bit 28 Reserved: Do not use

bit 27 NO_RX: Receive DMA Control Setting1 = Only calculate ICV for authentication calculations0 = Normal processing

bit 26 OR_EN: OR Register Bits Enable Setting1 = OR the register bits with the internal value of the CSR register0 = Normal processing

bit 25 ICVONLY: Incomplete Check Value Only FlagThis affects the SHA-1 algorithm only. It has no effect on the AES algorithm.1 = Only three words of the HMAC result are available0 = All results from the HMAC result are available

bit 24 IRFLAG: Immediate Result of Hash SettingThis bit is set when the immediate result for hashing is requested.1 = Save the immediate result for hashing0 = Do not save the immediate result

bit 23 LNC: Load New Keys Setting1 = Load a new set of keys for encryption and authentication0 = Do not load new keys

bit 22 LOADIV: Load IV Setting1 = Load the IV from this Security Association0 = Use the next IV

bit 21 FB: First Block SettingThis bit indicates that this is the first block of data to feed the IV value.1 = Indicates this is the first block of data0 = Indicates this is not the first block of data

bit 20 FLAGS: Incoming/Outgoing Flow Setting1 = Security Association is associated with an outgoing flow0 = Security Association is associated with an incoming flow

bit 19-17 Reserved: Do not use

bit 16-10 ALGO<6:0>: Type of Algorithm to Use1xxxxxx = HMAC 1x1xxxxx = SHA-256xx1xxxx = SHA1xxx1xxx = MD5xxxx1xx = AESxxxxx1x = TDESxxxxxx1 = DES

bit 9 ENC: Type of Encryption Setting1 = Encryption0 = Decryption

bit 8-7 KEYSIZE<1:0>: Size of Keys in SA_AUTHKEYx or SA_ENCKEYx(1)

11 = Reserved; do not use10 = 256 bits01 = 192 bits00 = 128 bits



Figure 49-11: Format of SA_CTRL (Continued)

bit 6-4 MULTITASK<2:0>: How to Combine Parallel Operations in the Crypto Engine111 = Parallel pass (decrypt and authenticate incoming data in parallel)101 = Pipe pass (encrypt the incoming data, and then perform authentication on the encrypted data)011 = Reserved010 = Reserved001 = Reserved000 = Encryption or authentication or decryption (no pass)

bit 3-0 CRYPTOALGO<3:0>: Mode of operation for the Crypto Algorithm1111 = Reserved1110 = AES_GCM (for AES processing)1101 = RCTR (for AES processing)1100 = RCBC_MAC (for AES processing)1011 = ROFB (for AES processing)1010 = RCFB (for AES processing)1001 = RCBC (for AES processing)1000 = REBC (for AES processing)0111 = TOFB (for Triple-DES processing)0110 = TCFB (for Triple-DES processing)0101 = TCBC (for Triple-DES processing)0100 = TECB (for Triple-DES processing)0011 = OFB (for DES processing)0010 = CFB (for DES processing)0001 = CBC (for DES processing)0000 = ECB (for DES processing)

Note 1: This setting does not alter the size of SA_AUTHKEYx or SA_ENCKEYx in the Security Association, only the number of bits of SA_AUTHKEYx and SA_ENCKEYx that are used.



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

Figure 49-12: Format of SA_AUTHKEYx (x = 1 through 8)

Figure 49-13: Format of SA_ENCKEYx (x = 1 through 8)

Figure 49-14: Format of SA_AUTHIVx (x = 1 through 8)

Figure 49-15: Format of SA_ENCIVx (x = 1 through 4)

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31-24 AUTHKEY<31:24>

23-16 AUTHKEY<23:16>

15-8 AUTHKEY<15:8>

7-0 AUTHKEY<7:0>

bit 31-0 AUTHKEY<31:0>: Key Used in Authentication Engine ProcessingThese entries should be set to ‘0’ if the Authentication Engine is not being used.

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31-24 ENCKEY<31:24>

23-16 ENCKEY<23:16>

15-8 ENCKEY<15:8>

7-0 ENCKEY<7:0>

bit 31-0 ENCKEY<31:0>: Key Used in Crypto Engine ProcessingThese entries should be set to ‘0’ if the Crypto Engine is not being used.

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31-24 AUTHIV<31:24>

23-16 AUTHIV<23:16>

15-8 AUTHIV<15:8>

7-0 AUTHIV<7:0>

bit 31-0 AUTHIV<31:0>: IV Used in Authentication Engine ProcessingThese entries should be set to ‘0’ if the Authentication Engine is not being used.

Bit Range

Bit31/23/15/7

Bit30/22/14/6

Bit29/21/13/5

Bit28/20/12/4

Bit27/19/11/3

Bit26/18/10/2

Bit25/17/9/1

Bit24/16/8/0

31-24 ENCIV<31:24>

23-16 ENCIV<23:16>

15-8 ENCIV<15:8>

7-0 ENCIV<7:0>

bit 31-0 ENCIV<31:0>: IV Used in Crypto Engine ProcessingThese entries should be set to ‘0’ if the Crypto Engine is not being used.



Example 49-2: Security Association C Structures

typedef struct saCtrl { unsigned int CRYPTOALGO : 4; unsigned int MULTITASK : 3; unsigned int KEYSIZE : 2; unsigned int ENCTYPE : 1; unsigned int ALGO : 7; unsigned int : 3; unsigned int FLAGS : 1; unsigned int FB : 1; unsigned int LOADIV : 1; unsigned int LNC : 1; unsigned int IRFLAG : 1; unsigned int ICVONLY : 1; unsigned int OR_EN : 1; unsigned int NO_RX : 1; unsigned int : 1; unsigned int VERIFY : 1; unsigned int : 2; } saCtrl;

typedef struct securityAssociation { saCtrl SA_CTRL; unsigned int SA_AUTHKEY[8]; unsigned int SA_ENCKEY[8]; unsigned int SA_AUTHIV[8]; unsigned int SA_ENCIV[4]; } securityAssociation;



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

49.5 CRYPTO ENGINE OPERATION

49.5.1 Cryptographic Security Engines

To reduce the processing requirements of the PIC32 family, the Crypto Engine includes fourdifferent cryptographic security engines. These security engines perform the types ofencryptions, decryptions, and mathematical computations that are most commonly used for avariety of security applications. They accelerate the computation of public or private key pairnegotiations, message hash authentication, and bulk data encryption/decryption. These enginesmay be used in parallel, or daisy-chained to provide additional security.

The four engines implemented are:

• Triple Data Encryption Standard (TDES)

• Advanced Encryption Standard (AES)

• Secure Hash Algorithm (SHA-1 and SHA-256)

• Message Digest 5 (MD5)

49.5.1.1 TRIPLE DATA ENCRYPTION STANDARD (TDES)

The Data Encryption Standard (DES) is an encryption algorithm developed in the early 1970s. Itis a block cipher, encrypting data in 64-bit blocks. For each 64-bit block sent through the engine,a 64-bit block is returned.

The key length used by DES is 56-bits long. It is usually represented as a 64-bit number;however, per the DES standard, every eighth bit of the key is used for parity checking of the key,and then discarded. That is, positions 8, 16, 24, 32, 40, 48, 56, and 64 are removed from the64-bit key, leaving only the 56-bit key.

Padding must be added to ensure the size of the incoming data to be processed is a multiple of8 bytes. This padding is exclusive of any header or trailer data that is skipped over and shouldconsist of zeros.

Triple DES (TDES) uses the algorithm three times on the same block of data, rather than onlyonce, and can use key lengths of 56, 112, or 168 bits. Like DES, TDES is a symmetric algorithm,meaning the same algorithm and key are used for both encryption and decryption of data.

49.5.1.2 ADVANCED ENCRYPTION STANDARD (AES)

The Advanced Encryption Standard (AES) engine implements the Advanced EncryptionStandard (originally known as Rijndael), as described in the NIST Federal InformationProcessing Standard Publication 197. Like DES, it is a block cipher, and the same key is used toboth encrypt and decrypt data. It operates on 128-bit blocks regardless of the key size.

The key length used by AES can be 128, 192, or 256 bits, and determines the number oftransformation rounds used to convert the input to the output. The key length also determinesthe effective bit rate for algorithm execution.

Padding must be added to ensure the size of the incoming data to be processed is a multiple of16 bytes (128 bits). This padding is exclusive of any header/trailer data that is skipped over andshould consist of zeros.

49.5.1.3 SECURE HASH ALGORITHM (SHA-1 AND SHA-256)

Secure Hash Algorithm (SHA) is a cryptographic hash function designed by the United StatesNational Security Agency (NSA). It is a one-way message digest function, taking an unlimitedamount of input data, and producing a digest of 160 bits (for SHA-1) or 256 bits (for SHA-256).

Both versions operate on 512-bit blocks. Padding is required to make the input data a multiple of64 bytes. The most significant bit of the padding must be a ‘1’, followed by as many zeros asneeded to make the length 64 bits short of a multiple of 512 bits (64 bytes). The final 64 bits area binary representation of the length of the message before padding. This ensures that differentmessages will not look the same after padding.



49.5.1.4 MESSAGE DIGEST 5 (MD5)

Message Digest 5 (MD5) is similar to SHA, in that it is a cryptographic hash function. It wasdesigned by Ron Rivest in 1991 to replace an earlier hash function, MD4. MD5 takes an unlimitedamount of input data, and produces a 128-bit hash value.

MD5 operates on 512-bit blocks. Padding is required to make the input data a multiple of 64bytes. The most significant bit of the padding must be a 1, followed by as many zeros as neededto make the length 64 bits short of a multiple of 512 bits (64 bytes). The final 64 bits are a binaryrepresentation of the length of the message before padding. This ensures that differentmessages will not look the same after padding.

49.5.1.5 MODES OF OPERATION

The TDES and AES block cipher engines offer up to six modes of operation, which enables therepeated and secure use of the cipher under a single key. The six modes are:

• Cipher-Block Chaining (CBC)• Electronic Code Book (ECB)• Counter (CTR) - AES only• Cipher Feedback (CFB)• Output Feedback (OFB)• Galois/Counter (GCM) - AES only

The modes in use are decided by the Security Association structure when the data is processed.

49.5.2 Running the Crypto Engine

The Crypto Engine is configured via a set of Buffer Descriptors, which instruct the engine, for aparticular block of data, how to process it and which Security Association to use with it. OneSecurity Association can be associated with multiple Buffer Descriptors, thus saving memory.

Figure 49-16 illustrates the relationship between one Security Association, multiple BufferDescriptors, and the data to be processed.

Figure 49-16: Relationship of Security Association, Buffer Descriptor and Pending Processed Data

Header

Data 1

Trailer

Header

Data 2

Trailer

Header

Data 3

Trailer

Header

Data n

Trailer

SA_CTRL

0x80001000

0x80001100

0x80001188

0x80001F00

BD_CTRLBuffer Descriptor 1

0x80001300BD_SA_ADDRBD_SRCADDRBD_DSTADDRBD_NXTPTRBD_UPDPTR

BD_MSG_LENBD_ENC_OFF

0x80001500Buffer

0x80001340

Buffer

0x80001380

Buffer

0x80001400

SA_AUTHKEY

SA_ENCKEY

SA_AUTHIV

SA_ENCIV

Security Association

0x80001504

0x80001524

0x80001544

0x80001564

Descriptor 2

Descriptor 3

Descriptor n

Header

Data 1

Trailer

Header

Data 2

Trailer

Header

Data 3

Trailer

Header

Data n

Trailer

0x80002000

0x80002100

0x80002188

0x80002F00



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

49.5.2.1 DATA BLOCK HEADER AND TRAILER

For some applications, each data block may have header and/or trailer information that shouldnot be processed by the Crypto Engine, but should be passed through without alteration. TheCEHDLEN and CETRLLEN registers determine the length of the header and trailer. Setting eachregister reserves up to 255 bytes.

49.5.2.2 CREATING THE SECURITY ASSOCIATION

The Security Association describes to the Crypto Engine how to run the engine for the givenblock, and what security keys and Initialization Vectors (IV) to use. At a minimum, the SecurityAssociation must contain the following information:

• The algorithm to use (HMAC, SHA256, SHA1, MD5, AES, TDES, DES)

• Whether to load the Initialization Vector (IV)

• The direction of flow (incoming or outgoing)

• Encryption or decryption

• Key size

• Multi-task options

• Mode of operation (only applies to certain algorithms)

An example for creating and setting up a Security Association is shown in Example 49-3.

Example 49-3: Setting Up a Security Association securityAssociation enc_sa __attribute__((aligned (8))); securityAssociation dec_sa __attribute__((aligned (8)));

memset((void *)&enc_sa, 0, sizeof(enc_sa)); memset((void *)&dec_sa, 0, sizeof(dec_sa));

/* Set up the Security Association */ enc_sa.SA_CTRL.ALGO = 0b0000010; /* TDES */ enc_sa.SA_CTRL.LNC = 1; enc_sa.SA_CTRL.LOADIV = 1; enc_sa.SA_CTRL.FB = 1; enc_sa.SA_CTRL.ENCTYPE = 1; /* Encryption */ enc_sa.SA_CTRL.CRYPTOALGO = 0b0101; /* TCBC */

dec_sa.SA_CTRL.ALGO = 0b0000010; /* TDES */ dec_sa.SA_CTRL.LNC = 1; dec_sa.SA_CTRL.LOADIV = 1; dec_sa.SA_CTRL.FB = 1; dec_sa.SA_CTRL.ENCTYPE = 0; /* Decryption */ dec_sa.SA_CTRL.CRYPTOALGO = 0b0101; /* TCBC */

/* Load the encryption keys */enc_sa.SA_ENCKEY[2] = 0x01234567;enc_sa.SA_ENCKEY[3] = 0x89abcdef;enc_sa.SA_ENCKEY[4] = 0xfedeba98;enc_sa.SA_ENCKEY[5] = 0x76543210;enc_sa.SA_ENCKEY[6] = 0x89abcdef;enc_sa.SA_ENCKEY[7] = 0x01234567;

dec_sa.SA_ENCKEY[2] = 0x01234567;dec_sa.SA_ENCKEY[3] = 0x89abcdef;dec_sa.SA_ENCKEY[4] = 0xfedeba98;dec_sa.SA_ENCKEY[5] = 0x76543210;dec_sa.SA_ENCKEY[6] = 0x89abcdef;dec_sa.SA_ENCKEY[7] = 0x01234567;

/* Load the initialization vector (IV) */enc_sa.SA_ENCIV[2] = 0x12345678;enc_sa.SA_ENCIV[3] = 0x90abcdef;

dec_sa.SA_ENCIV[2] = 0x12345678;dec_sa.SA_ENCIV[3] = 0x90abcdef;



49.5.2.3 SECURITY ASSOCIATION ENCRYPTION KEY AND IV DATA ALIGNMENT

When copying the key and initialization vectors into the security association, the position of eachvector is important to generate the correct results.

Figure 49-17 through Figure 49-21 illustrate how the alignment of each is to be affected for all ofthe available hardware encryption algorithms. Note that all of the Keys and IVs in the SecurityAssociation must be in Big-Endian order.

Figure 49-17: Key and IV Layout in Security Association for AES (128-bit Key)



Byte 3 Byte 2 Byte 1 Byte 0 Byte 3 Byte 2 Byte 1 Byte 0

SA_ENCKEY1 Unused(1) SA_ENCIV1 0 1 2 3




SA_ENCKEY5 0 1 2 3 SA_ENCIV5 Unused(1)




Note 1: Unused bytes should be cleared to ‘0’.2: All 32-bit words are in Big-Endian order.




SA_ENCKEY3 0 1 2 3 SA_ENCIV3 8 9 10 11



















ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

Figure 49-20: Key and IV Layout in Security Association for Triple-DES

Figure 49-21: Key and IV Layout in Security Association for DES

49.5.2.4 CREATING THE BUFFER DESCRIPTOR

For each block of data that needs to be processed, the Buffer Descriptor tells the Crypto Enginehow to process the data. At a minimum, the Buffer Descriptor must include the followinginformation:

• The address of the Security Association (BD_SA_ADDR)

• The address of the source data to process (BD_SRCADDR)

• The address of the destination data after processing (BD_DSTADDR)

• The address of the next Buffer Descriptor (BD_NXTPTR)

• The address of the place to store updates for hash algorithms (BD_UPDADDR)

• The total message length in bytes (MSG_LENGTH)

An example of creating and setting up a series of Buffer Descriptors is shown in Example 49-4.


SA_ENCKEY1 Unused(1) SA_ENCIV1 Unused(1)





















Example 49-4: Setting Up Buffer Descriptors

49.5.2.5 STARTING THE BUFFER DESCRIPTOR PROCESSOR

When the Security Associations and Buffer Descriptors have been set up, starting the BDP isdone as follows:

1. Tell the engine the address of the first Buffer Descriptor.

2. Selecting the interrupts to enable.

3. Turning on the Crypto DMA engine.

An example of starting the processing is shown in Example 49-5.

Example 49-5: Setting Up the Crypto Engine to Process Buffer Descriptors

/* vector is the source data for the encryption phase. cipher is the destination for the encryption phase,

and the source data for the decryption phase. plain is the destination for the decryption phase.

/* Set up the Buffer Descriptor */ enc_bd.BD_CTRL.BUFLEN = sizeof(vector); enc_bd.BD_CTRL.LIFM = 1; enc_bd.BD_CTRL.SA_FETCH_EN = 1; enc_bd.BD_CTRL.LAST_BD = 1; enc_bd.BD_CTRL.DESC_EN = 1;

dec_bd.BD_CTRL.BUFLEN = sizeof(cipher); dec_bd.BD_CTRL.LIFM = 1; dec_bd.BD_CTRL.SA_FETCH_EN = 1; dec_bd.BD_CTRL.LAST_BD = 1; dec_bd.BD_CTRL.DESC_EN = 1;

enc_bd.SA_ADDR = KVA_TO_PA(&enc_sa); enc_bd.SRCADDR = KVA_TO_PA(vector); enc_bd.DSTADDR = KVA_TO_PA(cipher);

enc_bd.NXTPTR = KVA_TO_PA(&dec_bd); enc_bd.MSGLEN = sizeof(vector);

dec_bd.SA_ADDR = KVA_TO_PA(&dec_sa); dec_bd.SRCADDR = KVA_TO_PA(cipher); dec_bd.DSTADDR = KVA_TO_PA(plain); dec_bd.MSGLEN = sizeof(cipher);

CEBDPADDR = KVA_TO_PA(&enc_bd); CEINTEN = 0x07; CECON = 0x07;



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

49.5.3 Crypto Engine Operation Guidelines

The following guidelines are used to ensure proper configuration and operation of the CryptoEngine.

• Data Alignment

- Security Association structures shall be aligned on a 8-byte boundary. This can be done with an alignment attribute for the variable, see Example 49-3.

- Buffer Descriptor structures shall be aligned on a 8-byte boundary. This can be done with an alignment attribute for the variable, see Example 49-4.

- The source and destination addresses used in the Buffer Descriptor shall be aligned on a 32-bit boundary.

• Data Lengths

- The Buffer Length field of each Buffer Descriptor shall be an integral multiple of the word size of the Crypto algorithm used. Data blocks should be expanded to meet the required size and filled with zeros to avoid corruption. The word sizes for each algorithm are listed in Table 49-5.

Table 49-5: Encryption Algorithm Word Sizes

- The total length of the data across multiple buffer descriptors shall be an integral multi-ple of the word size of the Crypto algorithm used. The word sizes for each algorithm are listed in Table 49-5.

- For the hashing algorithms (MD5, SHA1, SHA256) the packet length shall be a minimum of 64 bytes

- If the input data length does not match the above guidelines, it should be zero-padded to make it the correct length

• Algorithms, Initialization Vectors (IV)

- IV size is restricted to 96 bits for AES GCM

- The fourth word (LSB 32-bit) of Encryption IV for AES GCM shall be 1

- When encryption is used in parallel with authentication, HMAC shall be used

- HMAC shall be used in combination with one of the authentication engines (MD5/SHA1/SHA256)

Note: To avoid cache coherency problems on devices with L1 cache, all BufferDescriptors and Security Associations must be accessed from KSEG1 or KSEG3(uncached) segments only.

Algorithm Word Size

AES 16 Bytes

TDES 24 Bytes

DES 8 Bytes



49.6 CRYPTO ENGINE INTERRUPTS

The PIC32 device can generate interrupts reflecting the events that occur during the CryptoEngine's operation. Each of the Crypto Engine interrupt events has a corresponding interruptenable bit in the CEINTEN register, which must be set for an interrupt to be generated. However,regardless of the value of the CEINTEN register, the status of all interrupt events is directlyreadable via the CEINTSRC register. Therefore, the software has visibility of an event generatinga potential interrupt by polling the register and not having an interrupt propagate out of themodule.

To clear an interrupt, the software must write a '1' to both the particular interrupt and the PENDIFbits in the CEINTSRC register.

Following is a description of the interrupt events generated by the Crypto Engine:

• Access Response error interrupt, signaled by the AREIF bit (CEINTSRC<3>) and enabled using the AREIE bit (CEINTEN<3>). This event occurs when the Crypto Engine DMA encounters a bus error during a memory access and is caused by an addressing error. For example, if the Crypto Engine attempts to access reserved memory, or memory that has been protected from access by the Crypto Engine, this interrupt will be generated. Recov-ering from this error requires a soft reset of the Crypto Engine using the SWRST bit (CECON<6>).

• DMA Packet Completion interrupt, signaled by the PKTIF bit (CEINTSRC<2>) and enabled using the PKTIE bit (CEINTEN<2>). This event occurs when the Crypto Engine has completed transferring memory.

• Buffer Descriptor Processing interrupt, signaled by the CBDIF bit (CEINTSRC<1>) and enabled using the CBDIE bit (CEINTEN<1>). This event occurs when the Crypto Engine has completed processing a Buffer Descriptor.

• Pending interrupt, signaled by the PENDIF bit (CEINTSRC<0>) and enabled using the PENDIE bit (CEINTEN<0>). This is a global interrupt, combining the values of the other interrupt sources. This bit must be enabled in addition to the other interrupt sources in order to generate interrupts from the Crypto Engine.

All interrupts belonging to the Crypto Engine map to the Crypto Engine interrupt vector.

The corresponding Crypto Engine interrupt flag is CRPTIF (IFS3<11>). This interrupt flag mustbe cleared in software once the cause generating the interrupt is processed.

The Crypto Engine is enabled as a source of interrupts via the respective Crypto Engine interruptenable bit, CRPTIE (IEC3<11>).

The interrupt priority-level bits and interrupt sub-priority-level bits must also be configured:

• CRPTIP<2:0> (IPC26<28:26>)

• CRPTIS<1:0> (IPC26<25:24>)

The interrupt service routine that is to be used when a Crypto Engine interrupt is generated isconfigured via the VOFF107<17:1> bits (OFF107<17:1>).

49.6.1 Interrupt Configuration

The Crypto Engine has multiple internal interrupt flags (AREIF, PKTIF, CBDIF, PENDIF) andcorresponding enable interrupt control bits (AREIE, PKTIE, CBDIE, PENDIE). However, for theInterrupt Controller, there is one dedicated interrupt flag bit for the Crypto Engine: CRPTIF(IFS3<11>) and the corresponding interrupt enable/mask bit, CRPTIE (IEC3<11>).

The Crypto Engine has its own priority and sub-priority levels independent of other peripherals.The CRPTIF bit will be set without regard to the state of the corresponding enable bit, CRPTIE.The CRPTIF bit can be polled by software if desired.

Note: Refer to Section 8. “Interrupts” (DS60001108) in the “PIC32 Family ReferenceManual” for detailed descriptions of the IFSx, IECx, IPCx, and OFFx registerinterrupt bits.

Note: All of the interrupt conditions for the Crypto Engine share one interrupt vector.



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

The CRPTIE bit is used to define the behavior of the Interrupt Controller when the correspondingCRPTIF bit is set. When the corresponding CRPTIE bit is clear, the Interrupt Controller does notgenerate a CPU interrupt for the event. If the CRPTIE bit is set, the Interrupt Controller willgenerate an interrupt to the CPU when the CRPTIF bit is set (subject to the priority andsub-priority as follows).

It is the responsibility of the user's software routine that services a particular interrupt to clear theinterrupt flag bit before the service routine is complete.

The priority of the Crypto Engine interrupt can be set using the IPC26 register of the InterruptController. This priority defines the priority group to which the interrupt source will be assigned.The priority groups range from a value of 7 (the highest priority) to a value of 0, which does notgenerate an interrupt. An interrupt being serviced will be preempted by an interrupt in a higherpriority group.

The sub-priority bits allow setting the priority of an interrupt source within a priority group. Thevalues for the sub-priority range from 3 (the highest priority) to 0 (the lowest priority). An interruptwith the same priority group, but having a higher sub-priority value, will not pre-empt a lowersub-priority interrupt that is in progress. Rather, if two interrupts in the same priority group arepending, the one with the higher sub-priority value will be serviced first.

The priority group and sub-priority bits allow more than one interrupt source to share the samepriority and sub-priority. If simultaneous interrupts occur in this configuration, the natural order ofthe interrupt sources within a priority/sub-priority group pair determine the interrupt generated.

The natural priority is based on the vector numbers of the interrupt sources. The lower the vectornumber, the higher the natural priority of the interrupt. Any interrupts that were overridden bynatural order will then generate their respective interrupts based on priority, sub-priority andnatural order after the interrupt flag for the current interrupt is cleared.

After an enabled interrupt is generated, the CPU will jump to the vector assigned to that interrupt.The vector number for the interrupt is the same as the natural order number. The CPU will thenbegin executing code at the vector address. The user's code at this vector address shouldperform any application-specific operations and clear the CRPTIF interrupt flags (as well as thecorresponding event in the CEINTSRC register if a software clearable interrupt) and then exit.

Refer to the vector address table details in Section 8. “Interrupts” (DS60001108) in the “PIC32Family Reference Manual” for more information.

Example 49-6: Crypto Engine Initialization with Interrupts Enabled Code/* Start the engine */CEBDPADDR = KVA_TO_PA(&enc_bd);CEINTEN = 0x07;CECON = 0x07;



49.7 RANDOM NUMBER GENERATOR OPERATION

The Random Number Generator (RNG) core implements a thermal noise-based True RandomNumber Generator (TRNG) and a cryptographically secure Pseudo-Random Number Generator(PRNG).

The TRNG uses multiple ring oscillators and the inherent thermal noise of integrated circuits togenerate true random numbers that can initialize the PRNG.

The PRNG is a flexible Linear Shift Feedback Register (LSFR), which is capable of manifestinga maximal length LFSR of up to 64 bits.

49.7.1 TRNG Usage

Enabling the TRNG for operation is done using the TRNGEN bit (RNGCON<8>). Setting this bitstarts the TRNG generating numbers.

The random numbers are read through the RNGSEED1 and RNGSEED2 registers. Thisprovides up to a 64-bit wide number for use. The number of valid bits in the registers are indicatedin the RNGCNT register. It is recommended to wait until the value in that register equals orexceeds the number of bits desired before reading the value.

49.7.2 PRNG Usage

Before starting the PRNG, it is necessary to set up the initial seed value, set the length of thepolynomial, and the polynomial equation.

The initial seed value is set by writing to the RNGNUMGEN1 and RNGNUMGEN2 registers,which are also the registers where the random value are read.

The initial seed value can also be loaded from the TRNG by writing a '1' to the LOAD bit(RNGCON<12>). This action transfers the current value in the RNGSEEDx registers to thecorresponding RNGNUMGENx registers.

The polynomial length for the LSFR is set by writing the length (in bits) to the PLEN<7:0> bits(RNGCON<7:0>). Since the polynomial can be a maximum of 64 bits, the maximum value forthis register would be 64. However, the actual length needed will depend on the needs of theapplication and the degree of pseudo-randomness needed.

The polynomial equation itself is set via the RNGPOLYx registers. Setting a bit in these registersturns on the corresponding tap for the generation of the random numbers.

Enabling the PRNG for operation is done by writing a '1' to the PRNGEN bit (RNGCON<9>).

The following example sets the PRNG for a 42-bit maximal-length polynomial with the equation,x42 + x41 + x20 + x19 + 1, initializes the random number with a set value, and turns on the PRNG.

Example 49-7: PRNG Configuration

Once the PRNG has been turned on, it is necessary to wait PLEN cycles before reading theRNGNUMGENx registers. Reading the RNGNUMGENx registers will trigger the generation ofthe next random number, which will take PLEN clock cycles to complete. Optionally, a newrandom number can be generated every PLEN clock cycles by setting the CONT bit(RNGCON<10>).

RNGPOLY1 = 0x00C00003;RNGPOLY2 = 0x00000000;RNGNUMGEN1 = 0x090a0b0c;RNGNUMGEN2 = 0x0d0e0f10;RNGCON.PLEN = 42;RNGCON.CONT = 1;



ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

49.8 RANDOM NUMBER GENERATOR INTERRUPTS

The RNG does not generate interrupts in PIC32 devices.

49.9 EFFECTS OF VARIOUS RESETS

49.9.1 Device Reset

All Crypto Engine and RNG registers are forced to their reset states upon a device Reset. Forthe Crypto Engine, and any on-going data transfers are aborted. For the RNG, the TRNG andPRNG halt their operations.

49.9.2 Power-on Reset

All Crypto Engine and RNG registers are forced to their reset states upon a Power-on Reset.

49.9.3 NMI Reset

All Crypto Engine and RNG registers are forced to their reset states if the NMI countdown lapsesand a full reset is issued.

49.10 OPERATION IN POWER-SAVING MODES

49.10.1 Crypto Engine Operation in Sleep Mode

When the PIC32 device enters Sleep mode, the system clock is disabled. No Crypto Enginetransfers can occur in this mode. All clocks are stopped, so no further Crypto Engine activity cantake place. Software is responsible for determining if a Crypto Engine operation is in progressand whether to prevent going to Sleep mode until such actions are finished.

49.10.2 Crypto Engine Operation in Idle Mode

When the device enters Idle mode, the system and peripheral bus clock sources remainfunctional. The Crypto Engine will continue to operate in Idle mode, can continue operations, andcan generate interrupts that will wake the CPU.

49.10.3 Random Number Generator Operation in Sleep Mode

When the PIC32 device enters Sleep mode, the system clock is disabled. The PRNG haltsgenerating random numbers if the CONT bit was set. The state of the RNG registers ispreserved, so random numbers can continue from their stopping point when Sleep mode wasentered. The TRNG may continue generating random numbers, since it is dependent on ringoscillators that do not depend on the system clock. However, the random numbers may not beclocked into the RNGSEEDx registers.

49.10.4 Random Number Generator Operation in Idle Mode

When the device enters Idle mode, the system and peripheral bus clock sources remainfunctional. The PRNG will continue to generate random numbers if the CONT bit was set. TheTRNG will continue generating random numbers. The RNG cannot generate interrupts, andtherefore it cannot wake the CPU.



49.11 RELATED APPLICATION NOTES

This section lists application notes that are related to this section of the manual. Theseapplication notes may not be written specifically for the PIC32 device family, but the concepts arepertinent and could be used with modification and possible limitations. The current applicationnotes related to the Crypto Engine and Random Number Generator (RNG) are:

Title Application Note #

No related application notes at this time. N/A

Note: Please visit the Microchip web site (www.microchip.com) for additional applicationnotes and code examples for the PIC32 family of devices.





ryp

to E

ng

ine

an

d

Ra

nd

om

Nu

mb

er

Ge

ne

rato

r (RN

G)

49

49.12 REVISION HISTORY

Revision A (November 2013)

This is the initial released version of this document.

Revision A (May 2015)

This revision includes the following updates:

• The Swap Output Data Enable bit (SWAPOEN) was added (see Table 49-1 and Register 49-2)

• The Crypto Engine Buffer Descriptors were updated (see Table 49-3)

• The ‘111’ and ‘110’ bit value definitions for the MULTITASK<2:0> bits were updated (see Figure 49-11)

• 49.5.2.3 “Security Association Encryption Key and IV Data Alignment” was added

• Additional minor updates to text and formatting were incorporated throughout the document



NOTES:


Note the following details of the code protection feature on Microchip devices:

• Microchip products meet the specification contained in their particular Microchip Data Sheet.

• Microchip believes that its family of products is one of the most secure families of its kind on the market today, when used in the intended manner and under normal conditions.

• There are dishonest and possibly illegal methods used to breach the code protection feature. All of these methods, to our knowledge, require using the Microchip products in a manner outside the operating specifications contained in Microchip’s Data Sheets. Most likely, the person doing so is engaged in theft of intellectual property.

• Microchip is willing to work with the customer who is concerned about the integrity of their code.

• Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code. Code protection does not mean that we are guaranteeing the product as “unbreakable.”

Code protection is constantly evolving. We at Microchip are committed to continuously improving the code protection features of ourproducts. Attempts to break Microchip’s code protection feature may be a violation of the Digital Millennium Copyright Act. If such actsallow unauthorized access to your software or other copyrighted work, you may have a right to sue for relief under that Act.

Information contained in this publication regarding deviceapplications and the like is provided only for your convenienceand may be superseded by updates. It is your responsibility toensure that your application meets with your specifications.MICROCHIP MAKES NO REPRESENTATIONS ORWARRANTIES OF ANY KIND WHETHER EXPRESS ORIMPLIED, WRITTEN OR ORAL, STATUTORY OROTHERWISE, RELATED TO THE INFORMATION,INCLUDING BUT NOT LIMITED TO ITS CONDITION,QUALITY, PERFORMANCE, MERCHANTABILITY ORFITNESS FOR PURPOSE. Microchip disclaims all liabilityarising from this information and its use. Use of Microchipdevices in life support and/or safety applications is entirely atthe buyer’s risk, and the buyer agrees to defend, indemnify andhold harmless Microchip from any and all damages, claims,suits, or expenses resulting from such use. No licenses areconveyed, implicitly or otherwise, under any Microchipintellectual property rights.

2013-2015 Microchip Technology Inc.

QUALITY MANAGEMENT SYSTEM CERTIFIED BY DNV

== ISO/TS 16949 ==

Trademarks

The Microchip name and logo, the Microchip logo, dsPIC, FlashFlex, flexPWR, JukeBlox, KEELOQ, KEELOQ logo, Kleer, LANCheck, MediaLB, MOST, MOST logo, MPLAB, OptoLyzer, PIC, PICSTART, PIC32 logo, RightTouch, SpyNIC, SST, SST Logo, SuperFlash and UNI/O are registered trademarks of Microchip Technology Incorporated in the U.S.A. and other countries.

The Embedded Control Solutions Company and mTouch are registered trademarks of Microchip Technology Incorporated in the U.S.A.

Analog-for-the-Digital Age, BodyCom, chipKIT, chipKIT logo, CodeGuard, dsPICDEM, dsPICDEM.net, ECAN, In-Circuit Serial Programming, ICSP, Inter-Chip Connectivity, KleerNet, KleerNet logo, MiWi, MPASM, MPF, MPLAB Certified logo, MPLIB, MPLINK, MultiTRAK, NetDetach, Omniscient Code Generation, PICDEM, PICDEM.net, PICkit, PICtail, RightTouch logo, REAL ICE, SQI, Serial Quad I/O, Total Endurance, TSHARC, USBCheck, VariSense, ViewSpan, WiperLock, Wireless DNA, and ZENA are trademarks of Microchip Technology Incorporated in the U.S.A. and other countries.

SQTP is a service mark of Microchip Technology Incorporated in the U.S.A.

Silicon Storage Technology is a registered trademark of Microchip Technology Inc. in other countries.

GestIC is a registered trademarks of Microchip Technology Germany II GmbH & Co. KG, a subsidiary of Microchip Technology Inc., in other countries.

All other trademarks mentioned herein are property of their respective companies.

© 2013-2015, Microchip Technology Incorporated, Printed in the U.S.A., All Rights Reserved.

ISBN: 978-1-63277-420-0

DS60001246B-page 49-47

Microchip received ISO/TS-16949:2009 certification for its worldwide headquarters, design and wafer fabrication facilities in Chandler and Tempe, Arizona; Gresham, Oregon and design centers in California and India. The Company’s quality system processes and procedures are for its PIC® MCUs and dsPIC® DSCs, KEELOQ® code hopping devices, Serial EEPROMs, microperipherals, nonvolatile memory and analog products. In addition, Microchip’s quality system for the design and manufacture of development systems is ISO 9001:2000 certified.

DS60001246B-page 49-48 2013-2015 Microchip Technology Inc.

AMERICASCorporate Office2355 West Chandler Blvd.Chandler, AZ 85224-6199Tel: 480-792-7200 Fax: 480-792-7277Technical Support: http://www.microchip.com/supportWeb Address: www.microchip.com

AtlantaDuluth, GA Tel: 678-957-9614 Fax: 678-957-1455

Austin, TXTel: 512-257-3370

BostonWestborough, MA Tel: 774-760-0087 Fax: 774-760-0088

ChicagoItasca, IL Tel: 630-285-0071 Fax: 630-285-0075

ClevelandIndependence, OH Tel: 216-447-0464 Fax: 216-447-0643

DallasAddison, TX Tel: 972-818-7423 Fax: 972-818-2924

DetroitNovi, MI Tel: 248-848-4000

Houston, TX Tel: 281-894-5983

IndianapolisNoblesville, IN Tel: 317-773-8323Fax: 317-773-5453

Los AngelesMission Viejo, CA Tel: 949-462-9523 Fax: 949-462-9608

New York, NY Tel: 631-435-6000

San Jose, CA Tel: 408-735-9110

Canada - TorontoTel: 905-673-0699 Fax: 905-673-6509

ASIA/PACIFICAsia Pacific OfficeSuites 3707-14, 37th FloorTower 6, The GatewayHarbour City, KowloonHong KongTel: 852-2943-5100Fax: 852-2401-3431

Australia - SydneyTel: 61-2-9868-6733Fax: 61-2-9868-6755

China - BeijingTel: 86-10-8569-7000 Fax: 86-10-8528-2104

China - ChengduTel: 86-28-8665-5511Fax: 86-28-8665-7889

China - ChongqingTel: 86-23-8980-9588Fax: 86-23-8980-9500

China - Dongguan

Tel: 86-769-8702-9880

China - HangzhouTel: 86-571-8792-8115 Fax: 86-571-8792-8116

China - Hong Kong SARTel: 852-2943-5100 Fax: 852-2401-3431

China - NanjingTel: 86-25-8473-2460Fax: 86-25-8473-2470

China - QingdaoTel: 86-532-8502-7355Fax: 86-532-8502-7205

China - ShanghaiTel: 86-21-5407-5533 Fax: 86-21-5407-5066

China - ShenyangTel: 86-24-2334-2829Fax: 86-24-2334-2393

China - ShenzhenTel: 86-755-8864-2200 Fax: 86-755-8203-1760

China - WuhanTel: 86-27-5980-5300Fax: 86-27-5980-5118

China - XianTel: 86-29-8833-7252Fax: 86-29-8833-7256

ASIA/PACIFICChina - XiamenTel: 86-592-2388138 Fax: 86-592-2388130

China - ZhuhaiTel: 86-756-3210040 Fax: 86-756-3210049

India - BangaloreTel: 91-80-3090-4444 Fax: 91-80-3090-4123

India - New DelhiTel: 91-11-4160-8631Fax: 91-11-4160-8632

India - PuneTel: 91-20-3019-1500

Japan - OsakaTel: 81-6-6152-7160 Fax: 81-6-6152-9310

Japan - TokyoTel: 81-3-6880- 3770 Fax: 81-3-6880-3771

Korea - DaeguTel: 82-53-744-4301Fax: 82-53-744-4302

Korea - SeoulTel: 82-2-554-7200Fax: 82-2-558-5932 or 82-2-558-5934

Malaysia - Kuala LumpurTel: 60-3-6201-9857Fax: 60-3-6201-9859

Malaysia - PenangTel: 60-4-227-8870Fax: 60-4-227-4068

Philippines - ManilaTel: 63-2-634-9065Fax: 63-2-634-9069

SingaporeTel: 65-6334-8870Fax: 65-6334-8850

Taiwan - Hsin ChuTel: 886-3-5778-366Fax: 886-3-5770-955

Taiwan - KaohsiungTel: 886-7-213-7828

Taiwan - TaipeiTel: 886-2-2508-8600 Fax: 886-2-2508-0102

Thailand - BangkokTel: 66-2-694-1351Fax: 66-2-694-1350

EUROPEAustria - WelsTel: 43-7242-2244-39Fax: 43-7242-2244-393Denmark - CopenhagenTel: 45-4450-2828 Fax: 45-4485-2829

France - ParisTel: 33-1-69-53-63-20 Fax: 33-1-69-30-90-79

Germany - DusseldorfTel: 49-2129-3766400

Germany - MunichTel: 49-89-627-144-0 Fax: 49-89-627-144-44

Germany - PforzheimTel: 49-7231-424750

Italy - Milan Tel: 39-0331-742611 Fax: 39-0331-466781

Italy - VeniceTel: 39-049-7625286

Netherlands - DrunenTel: 31-416-690399 Fax: 31-416-690340

Poland - WarsawTel: 48-22-3325737

Spain - MadridTel: 34-91-708-08-90Fax: 34-91-708-08-91

Sweden - StockholmTel: 46-8-5090-4654

UK - WokinghamTel: 44-118-921-5800Fax: 44-118-921-5820

Worldwide Sales and Service

01/27/15

http://support.microchip.com


Section 49. Crypto Engine and Random Number Generator...

Documents

Transcript of Section 49. Crypto Engine and Random Number Generator...