Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ECDH rtl, tb, uvm updates #426

Merged
merged 3 commits into from
Feb 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/ecc/rtl/ecc_arith_unit.sv
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ module ecc_arith_unit
input wire zeroize,

// DATA PORT
input wire [2 : 0] ecc_cmd_i,
input wire [3 : 0] ecc_cmd_i,
input wire sca_en_i,
input wire [ADDR_WIDTH-1 : 0] addr_i,
input wire wr_op_sel_i,
Expand Down
121 changes: 76 additions & 45 deletions src/ecc/rtl/ecc_dsa_ctrl.sv
Original file line number Diff line number Diff line change
Expand Up @@ -107,9 +107,9 @@ module ecc_dsa_ctrl
logic pm_busy_o;

logic hw_privkey_we;
logic privkey_out_we;
logic privkey_we_reg;
logic privkey_we_reg_ff;
logic sharedkey_we_reg;
logic secretkey_we;
logic hw_pubkeyx_we;
logic hw_pubkeyy_we;
logic hw_r_we;
Expand All @@ -118,16 +118,17 @@ module ecc_dsa_ctrl
logic hw_scalar_PK_we;
logic hw_verify_r_we;
logic hw_pk_chk_we;
logic hw_sharedkey_we;
logic scalar_G_sel;

logic dsa_valid_reg;
logic dsa_ready_reg;
logic ecc_valid_reg;
logic ecc_ready_reg;

logic ecc_status_done_d;
logic ecc_status_done_p;

logic [1 : 0] cmd_reg;
logic [2 : 0] pm_cmd_reg;
logic [3 : 0] cmd_reg;
logic [3 : 0] pm_cmd_reg;
logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] msg_reg;
logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] msg_reduced_reg;
logic [REG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] privkey_reg;
Expand Down Expand Up @@ -155,7 +156,7 @@ module ecc_dsa_ctrl
logic scalar_sca_en;
logic scalar_sca_busy_o;

logic hmac_mode;
logic [1 : 0] hmac_mode;
logic hmac_init;
logic hmac_ready;
logic [REG_SIZE-1 : 0] hmac_drbg_result;
Expand Down Expand Up @@ -194,6 +195,7 @@ module ecc_dsa_ctrl
logic keygen_process;
logic signing_process;
logic verifying_process;
logic sharedkey_process;

logic privkey_input_outofrange;
logic r_output_outofrange;
Expand Down Expand Up @@ -259,7 +261,7 @@ module ecc_dsa_ctrl
.clk(clk),
.reset_n(reset_n),
.zeroize(zeroize_reg),
.keygen_sign(hmac_mode),
.hmac_mode(hmac_mode),
.en(hmac_init),
.ready(hmac_ready),
.keygen_seed(seed_reg),
Expand Down Expand Up @@ -322,44 +324,44 @@ module ecc_dsa_ctrl
begin : ecc_kv_reg
if (!reset_n) begin
privkey_we_reg <= '0;
privkey_we_reg_ff <= '0;
sharedkey_we_reg <= '0;
kv_reg <= '0;
kv_read_data_present <= '0;
end
else if (zeroize_reg) begin
privkey_we_reg <= '0;
privkey_we_reg_ff <= '0;
sharedkey_we_reg <= '0;
kv_reg <= '0;
kv_read_data_present <= '0;
end
//Store private key here before pushing to keyvault
else begin
privkey_we_reg <= hw_privkey_we;
privkey_we_reg_ff <= privkey_we_reg;
if (privkey_out_we & (dest_keyvault | kv_read_data_present))
privkey_we_reg <= hw_privkey_we;
sharedkey_we_reg <= hw_sharedkey_we;
if (secretkey_we & (dest_keyvault | kv_read_data_present))
kv_reg <= read_reg;

kv_read_data_present <= kv_read_data_present_set ? '1 :
kv_read_data_present_reset ? '0 : kv_read_data_present;
end
end

always_comb privkey_out_we = privkey_we_reg & ~privkey_we_reg_ff;
always_comb secretkey_we = (privkey_we_reg | sharedkey_we_reg);

assign error_intr = hwif_out.intr_block_rf.error_global_intr_r.intr;
assign notif_intr = hwif_out.intr_block_rf.notif_global_intr_r.intr;

// write the registers by hw
always_comb hwif_in.reset_b = reset_n;
always_comb hwif_in.hard_reset_b = cptra_pwrgood;
always_comb hwif_in.ecc_ready = dsa_ready_reg;
always_comb hwif_in.ecc_ready = ecc_ready_reg;
always_comb hwif_in.ECC_NAME[0].NAME.next = ECC_CORE_NAME[31 : 0];
always_comb hwif_in.ECC_NAME[1].NAME.next = ECC_CORE_NAME[63 : 32];
always_comb hwif_in.ECC_VERSION[0].VERSION.next = ECC_CORE_VERSION[31 : 0];
always_comb hwif_in.ECC_VERSION[1].VERSION.next = ECC_CORE_VERSION[63 : 32];

always_comb hwif_in.ECC_STATUS.READY.next = dsa_ready_reg;
always_comb hwif_in.ECC_STATUS.VALID.next = dsa_valid_reg;
always_comb hwif_in.ECC_STATUS.READY.next = ecc_ready_reg;
always_comb hwif_in.ECC_STATUS.VALID.next = ecc_valid_reg;


always_comb begin // ecc_reg_writing
Expand All @@ -374,7 +376,7 @@ module ecc_dsa_ctrl

for (int dword=0; dword < 12; dword++)begin
//If keyvault is not enabled, grab the sw value as usual
hwif_in.ECC_PRIVKEY_OUT[dword].PRIVKEY_OUT.we = (privkey_out_we & ~(dest_keyvault | kv_read_data_present)) & !zeroize_reg;
hwif_in.ECC_PRIVKEY_OUT[dword].PRIVKEY_OUT.we = (privkey_we_reg & ~(dest_keyvault | kv_read_data_present)) & !zeroize_reg;
hwif_in.ECC_PRIVKEY_OUT[dword].PRIVKEY_OUT.next = read_reg[11-dword];
hwif_in.ECC_PRIVKEY_OUT[dword].PRIVKEY_OUT.hwclr = zeroize_reg;
end
Expand Down Expand Up @@ -436,6 +438,12 @@ module ecc_dsa_ctrl
IV_reg[dword] = hwif_out.ECC_IV[11-dword].IV.value;
hwif_in.ECC_IV[dword].IV.hwclr = zeroize_reg;
end

for (int dword=0; dword < 12; dword++)begin
hwif_in.ECC_DH_SHARED_KEY[dword].DH_SHARED_KEY.we = (sharedkey_we_reg & ~(dest_keyvault | kv_read_data_present)) & !zeroize_reg;
hwif_in.ECC_DH_SHARED_KEY[dword].DH_SHARED_KEY.next = read_reg[11-dword];
hwif_in.ECC_DH_SHARED_KEY[dword].DH_SHARED_KEY.hwclr = zeroize_reg;
end
end

//transformed msg into modulo q
Expand Down Expand Up @@ -491,8 +499,8 @@ module ecc_dsa_ctrl
`CALIPTRA_KV_WRITE_CTRL_REG2STRUCT(kv_write_ctrl_reg, ecc_kv_wr_pkey_ctrl)

//Force result into KV reg whenever source came from KV
always_comb kv_read_data_present_set = kv_seed_read_ctrl_reg.read_en;
always_comb kv_read_data_present_reset = kv_read_data_present & privkey_out_we;
always_comb kv_read_data_present_set = kv_seed_read_ctrl_reg.read_en | kv_privkey_read_ctrl_reg.read_en;
always_comb kv_read_data_present_reset = kv_read_data_present & secretkey_we;

always_comb pcr_sign_mode = hwif_out.ECC_CTRL.PCR_SIGN.value;

Expand Down Expand Up @@ -535,6 +543,7 @@ module ecc_dsa_ctrl
hw_scalar_PK_we = 0;
hw_verify_r_we = 0;
hw_pk_chk_we = 0;
hw_sharedkey_we = 0;
if ((prog_instr.opcode == DSA_UOP_RD_CORE) & (cycle_cnt == 0)) begin
unique casez (prog_instr.reg_id)
PRIVKEY_ID : hw_privkey_we = 1;
Expand All @@ -546,6 +555,7 @@ module ecc_dsa_ctrl
SCALAR_PK_ID : hw_scalar_PK_we = 1;
VERIFY_R_ID : hw_verify_r_we = 1;
PK_VALID_ID : hw_pk_chk_we = 1;
DH_SHAREDKEY_ID : hw_sharedkey_we = 1;
default :
begin
hw_privkey_we = 0;
Expand All @@ -557,6 +567,7 @@ module ecc_dsa_ctrl
hw_scalar_PK_we = 0;
hw_verify_r_we = 0;
hw_pk_chk_we = 0;
hw_sharedkey_we = 0;
end
endcase
end
Expand Down Expand Up @@ -682,34 +693,36 @@ module ecc_dsa_ctrl
always_ff @(posedge clk or negedge reset_n)
begin : ECDSA_FSM
if(!reset_n) begin
prog_cntr <= DSA_RESET;
prog_cntr <= ECC_RESET;
cycle_cnt <= '0;
pm_cmd_reg <= '0;
dsa_valid_reg <= 0;
ecc_valid_reg <= 0;
scalar_G_sel <= 0;
hmac_mode <= 0;
hmac_mode <= '0;
hmac_init <= 0;
scalar_sca_en <= 0;
keygen_process <= 0;
signing_process <= 0;
verifying_process <= 0;
sharedkey_process <= 0;
end
else if(zeroize_reg) begin
prog_cntr <= DSA_RESET;
prog_cntr <= ECC_RESET;
cycle_cnt <= '0;
pm_cmd_reg <= '0;
dsa_valid_reg <= 0;
ecc_valid_reg <= 0;
scalar_G_sel <= 0;
hmac_mode <= 0;
hmac_mode <= '0;
hmac_init <= 0;
scalar_sca_en <= 0;
keygen_process <= 0;
signing_process <= 0;
verifying_process <= 0;
sharedkey_process <= 0;
end
else begin
if (error_flag_edge) begin
prog_cntr <= DSA_NOP;
prog_cntr <= ECC_NOP;
cycle_cnt <= 2'd3;
pm_cmd_reg <= '0;
scalar_sca_en <= 0;
Expand All @@ -728,37 +741,46 @@ module ecc_dsa_ctrl
else begin
cycle_cnt <= '0;
unique casez (prog_cntr)
DSA_NOP : begin
ECC_NOP : begin
keygen_process <= 0;
signing_process <= 0;
verifying_process <= 0;
sharedkey_process <= 0;
// Waiting for new valid command
unique casez (cmd_reg)
KEYGEN : begin // keygen
prog_cntr <= DSA_KG_S;
dsa_valid_reg <= 0;
ecc_valid_reg <= 0;
scalar_G_sel <= 0;
hmac_mode <= 0;
hmac_mode <= 2'b00;
keygen_process <= 1;
end

SIGN : begin // signing
prog_cntr <= DSA_SGN_S;
dsa_valid_reg <= 0;
ecc_valid_reg <= 0;
scalar_G_sel <= 0;
hmac_mode <= 1;
hmac_mode <= 2'b01;
signing_process <= 1;
end

VERIFY : begin // verifying
prog_cntr <= DSA_VER_S;
dsa_valid_reg <= 0;
ecc_valid_reg <= 0;
scalar_G_sel <= 1;
verifying_process <= 1;
end

SHARED_KEY : begin // DH shared_key
prog_cntr <= DH_SHARED_S;
ecc_valid_reg <= 0;
scalar_G_sel <= 1;
hmac_mode <= 2'b10;
sharedkey_process <= 1;
end

default : begin
prog_cntr <= DSA_NOP;
prog_cntr <= ECC_NOP;
scalar_G_sel <= 0;
end
endcase
Expand All @@ -767,24 +789,30 @@ module ecc_dsa_ctrl
end

DSA_KG_E : begin // end of keygen
prog_cntr <= DSA_NOP;
dsa_valid_reg <= 1;
prog_cntr <= ECC_NOP;
ecc_valid_reg <= 1;
end

DSA_SGN_E : begin // end of signing
prog_cntr <= DSA_NOP;
dsa_valid_reg <= 1;
prog_cntr <= ECC_NOP;
ecc_valid_reg <= 1;
end

DSA_VER_E : begin // end of verifying
prog_cntr <= DSA_NOP;
dsa_valid_reg <= 1;
prog_cntr <= ECC_NOP;
ecc_valid_reg <= 1;
end

DH_SHARED_E: begin // end of DH shared key
prog_cntr <= ECC_NOP;
ecc_valid_reg <= 1;
end

DSA_RESET,
ECC_RESET,
DSA_KG_S,
DSA_SGN_S,
DSA_VER_S : begin
DSA_VER_S,
DH_SHARED_S : begin
prog_cntr <= prog_cntr + 1;
pm_cmd_reg <= prog_instr.opcode.pm_cmd;
hmac_init <= prog_instr.opcode.hmac_drbg_en;
Expand Down Expand Up @@ -813,8 +841,8 @@ module ecc_dsa_ctrl
always_comb ecc_status_done_p = hwif_in.ECC_STATUS.VALID.next && !ecc_status_done_d;

// Set the ready/busy flag of ECC
assign dsa_busy = (prog_cntr == DSA_NOP)? 1'b0 : 1'b1;
always_comb dsa_ready_reg = !(dsa_busy | pm_busy_o);
assign dsa_busy = (prog_cntr == ECC_NOP)? 1'b0 : 1'b1;
always_comb ecc_ready_reg = !(dsa_busy | pm_busy_o);

//Key Vault Control Modules
//Read PRIVKEY
Expand Down Expand Up @@ -892,12 +920,15 @@ module ecc_dsa_ctrl

//interface with client
.dest_keyvault(dest_keyvault),
.dest_data_avail(privkey_out_we),
.dest_data_avail(secretkey_we),
.dest_data(kv_reg),

.error_code(kv_write_error),
.kv_ready(kv_write_ready),
.dest_done(kv_write_done)
);

`CALIPTRA_ASSERT_MUTEX(ERR_ECC_PRIVKEY_WE_MUTEX, {hw_privkey_we, privkey_we_reg}, clk, reset_n)
`CALIPTRA_ASSERT_MUTEX(ERR_ECC_SHAREDKEY_WE_MUTEX, {hw_sharedkey_we , sharedkey_we_reg}, clk, reset_n)

endmodule
21 changes: 21 additions & 0 deletions src/ecc/rtl/ecc_dsa_sequencer.sv
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,27 @@ module ecc_dsa_sequencer
DSA_VER_S+ 22 : douta <= {DSA_UOP_RD_CORE, VERIFY_R_ID, UOP_OPR_Qx_AFFN};
DSA_VER_S+ 23 : douta <= {DSA_UOP_NOP, NOP_ID, UOP_OPR_DONTCARE};


//DH SHARED_KEY
DH_SHARED_S : douta <= {DSA_UOP_WR_CORE, CONST_E_b_MONT_ID, UOP_OPR_CONST_E_b};
DH_SHARED_S+ 1 : douta <= {DSA_UOP_WR_CORE, PUBKEYX_ID, UOP_OPR_Qx_AFFN};
DH_SHARED_S+ 2 : douta <= {DSA_UOP_WR_CORE, PUBKEYY_ID, UOP_OPR_Qy_AFFN};
DH_SHARED_S+ 3 : douta <= {DSA_UOP_PK_CHK, NOP_ID, UOP_OPR_DONTCARE};
DH_SHARED_S+ 4 : douta <= {DSA_UOP_NOP, NOP_ID, UOP_OPR_DONTCARE};
DH_SHARED_S+ 5 : douta <= {DSA_UOP_RD_CORE, PK_VALID_ID, UOP_OPR_PK_VALID};
DH_SHARED_S+ 6 : douta <= {DSA_UOP_HMAC_DRBG, NOP_ID, UOP_OPR_DONTCARE};
DH_SHARED_S+ 7 : douta <= {DSA_UOP_NOP, NOP_ID, UOP_OPR_DONTCARE};
DH_SHARED_S+ 8 : douta <= {DSA_UOP_WR_CORE, PRIVKEY_ID, UOP_OPR_SCALAR_PK};
DH_SHARED_S+ 9 : douta <= {DSA_UOP_RD_CORE, SCALAR_G_ID, UOP_OPR_SCALAR_PK};
DH_SHARED_S+ 10 : douta <= {DSA_UOP_SCALAR_SCA, SCALAR_G_ID, UOP_OPR_DONTCARE};
DH_SHARED_S+ 11 : douta <= {DSA_UOP_NOP, NOP_ID, UOP_OPR_DONTCARE};
DH_SHARED_S+ 12 : douta <= {DSA_UOP_WR_SCALAR, SCALAR_ID, UOP_OPR_DONTCARE};
DH_SHARED_S+ 13 : douta <= {DSA_UOP_WR_CORE, LAMBDA_ID, UOP_OPR_LAMBDA};
DH_SHARED_S+ 14 : douta <= {DH_UOP_SHAREDKEY, NOP_ID, UOP_OPR_DONTCARE};
DH_SHARED_S+ 15 : douta <= {DSA_UOP_NOP, NOP_ID, UOP_OPR_DONTCARE};
DH_SHARED_S+ 16 : douta <= {DSA_UOP_RD_CORE, DH_SHAREDKEY_ID, UOP_OPR_Qx_AFFN};
DH_SHARED_S+ 17 : douta <= {DSA_UOP_NOP, NOP_ID, UOP_OPR_DONTCARE};

default : douta <= {DSA_UOP_NOP, NOP_ID, UOP_OPR_DONTCARE};
endcase
end
Expand Down
Loading
Loading