PIC32 Family Reference Manual, Sect. 49 Crypto Engine and RNG

Section 49. Crypto Engine and Random Number
Generator (RNG)
HIGHLIGHTS
This section of the manual contains the following major topics:
49.1 Introduction .................................................................................................................. 49-2
49.2 Control Registers ......................................................................................................... 49-4
49.3 Crypto Engine Buffer Descriptors .............................................................................. 49-22
49.4 Crypto Engine Security Association Structure ........................................................... 49-26
49.5 Crypto Engine Operation ........................................................................................... 49-33
49.6 Crypto Engine Interrupts ............................................................................................ 49-40
49.7 Random Number Generator Operation...................................................................... 49-42
49.8 Random Number Generator Interrupts ...................................................................... 49-43
49.9 Effects of Various Resets ........................................................................................... 49-43
49.10 Operation in Power-Saving Modes ............................................................................ 49-43
49.11 Related Application Notes.......................................................................................... 49-44
49.12 Revision History ......................................................................................................... 49-45
49
Crypto Engine and
Random Number
Generator (RNG)
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-1
PIC32 Family Reference Manual
Note:
This family reference manual section is meant to serve as a complement to device
data sheets. Depending on the device variant, this manual section may not apply to
all PIC32 devices.
Please consult the note at the beginning of the “Crypto Engine and Random
Number Generator (RNG)” chapter in the current device data sheet to check
whether this document supports the device you are using.
Device data sheets and family reference manual sections are available for
download from the Microchip Worldwide Web site at: http://www.microchip.com
49.1
INTRODUCTION
49.1.1
Crypto Engine Features
The Crypto Engine is intended to accelerate applications that need cryptographic functions. By
executing these functions in the hardware module, software overhead is reduced, and actions
such as encryption, decryption, and authentication can execute much more quickly.
The Crypto Engine uses a descriptor-based DMA for efficient programming of the security association data and packet pointers (allowing scatter/gather data fetching). An intelligent state
machine schedules the Crypto Engine based on the protocol selection and packet boundaries.
The hardware engines can perform the encryption and authentication in sequence or in parallel.
Key features of the Crypto Engine include: priority
• Bulk ciphers and hash engines
• Integrated DMA to off-load processing:
- Buffer descriptor-based
- Security Association per Buffer Descriptor
• Some functions can execute in parallel
Bulk ciphers that are handled by the Crypto Engine include:
• AES:
- 128-bit, 192-bit, and 256-bit key sizes
- CBC, ECB, CTR, CFB, and OFB modes
• DES/TDES:
- CBC, ECB, CFB, and OFB modes
Authentication engines that are available through the Crypto Engine include:
SHA-1
SHA-256
MD-5
AES-GCM
HMAC operation (for all authentication engines)
Figure 49-1:
System
Bus
SFR
System
Bus
DS60001246B-page 49-2
Crypto Engine Block Diagram
INB
FIFO
Packet
RD
DMA
Controller
Crypto
FSM
OUTB
FIFO
Packet
WR
AES
Local Bus
•
•
•
•
•
TDES
SHA-1/256
MD5
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
49.1.2
Random Number Generator (RNG) Features
The Random Number Generator (RNG) core implements a thermal noise-based, True Random
Number Generator (TRNG) and a cryptographically secure Pseudo-Random Number
Generator (PRNG).
The TRNG uses multiple ring oscillators and the inherent thermal noise of integrated circuits to
generate true random numbers that can initialize the PRNG.
The PRNG is a flexible LSFR, which is capable of manifesting a maximal length LFSR of up to
64-bits.
The following are some of the key features of the RNG:
• TRNG:
- Up to 25 Mbps of random bits
- Multi-Ring Oscillator-based design
- Built in Bias Corrector
• PRNG:
- LSFR-based
- Up to 64-bit polynomial length
- Programmable polynomial
- TRNG can be seed value
Figure 49-2:
Random Number Generator Block Diagram
System Bus Target
SFR
PRNG
49
TRNG
Crypto Engine and
Random Number
Generator (RNG)
Bias Corrector
Edge Comparator
Ring
Oscillator
© 2013-2015 Microchip Technology Inc.
Ring
Oscillator
DS60001246B-page 49-3
PIC32 Family Reference Manual
49.2
CONTROL REGISTERS
The Crypto Engine and RNG for PIC32 devices contain the following Special Function Registers
(SFRs):
• CEVER: Crypto Engine Revision, Version, and ID Register
This read-only register contains version information for the Crypto Engine core.
• CECON: Crypto Engine Control Register
This register controls the Crypto Engine, enabling and disabling DMA and the Buffer
Descriptor Processor.
• CEBDADDR: Crypto Engine Buffer Descriptor Register
This read-only register contains the address of the current Buffer Descriptor the Buffer
Descriptor Processor is processing
• CEBDPADDR: Crypto Engine Buffer Descriptor Processor Register
This register controls the address from which the DMA starts fetching Buffer Descriptors.
• CESTAT: Crypto Engine Status Register
This read-only register contains the current status of the Crypto Engine.
• CEINTSRC: Crypto Engine Interrupt Source Register
This register indicates what triggered an interrupt from the Crypto Engine core. Possible
sources include DMA, an empty TX Buffer Descriptor, or a DMA packet completion.
• CEINTEN: Crypto Engine Interrupt Enable Register
This register controls which interrupts are enabled/disabled from the Crypto Engine core.
• CEPOLLCON: Crypto Engine Poll Control Register
This register controls how long the Buffer Descriptor Processor will wait before refetching a
descriptor control word if the previous descriptor fetched was disabled.
• CEHDLEN: Crypto Engine Header Length Register
This register controls how much data in a packet should be unchanged before filling the data.
• CETRLLEN: Crypto Engine Trailer Length Register
This register controls how much data should be unchanged at the end of a packet.
• CEDTXSTAT: Crypto Engine DTX Debug Status Register
This read -only register indicates the status of the outgoing FIFO in the Crypto Engine.
• CEDRXSTAT: Crypto Engine DRX Debug Status Register
This read-only register indicates the status of the incoming FIFO in the Crypto Engine.
• RNGVER: Random Number Generator ID, Version, and Revision Register
This register read-only register contains version information for the RNG core.
• RNGCON: Random Number Generator Control Register
This register controls the RNG, enabling and disabling the TRNG and RNG, transferring the
seed value from the TRNG to the PRNG, and enabling continuous pseudo-random number
generation.
• RNGPOLY1: Random Number Generator Polynomial Register 1
This register controls the Least Significant Byte 32-bits of the polynomial, which generates the
pseudo-random bit.
• RNGPOLY2: Random Number Generator Polynomial Register 2
This register controls the Most Significant Byte 32-bits of the polynomial which generates the
pseudo-random bit.
DS60001246B-page 49-4
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
• RNGNUMGEN1: Random Number Generator Pseudo-Random Number Generator
Register 1
This register contains the Least Significant Byte 32-bits of the current random number in the
PRNG. It may be written to set an initial seed value for the PRNG.
• RNGNUMGEN2: Random Number Generator Pseudo-Random Number Generator
Register 2
This register contains the Most Significant Byte 32-bits of the current random number in the
PRNG. It may be written to set an initial seed value for the PRNG.
• RNGSEED1: True Random Number Generator Seed Register 1
This read-only register contains the Least Significant Byte 32-bits of the TRNG.
• RNGSEED2: True Random Number Generator Seed Register 2
This read-only register contains the Most Significant Byte 32-bits of the TRNG.
• RNGRCNT: True Random Number Generator Count Register
This read-only register indicates the number of valid bits in the TRNG registers,
RNGSEEDx. To ensure randomness, developers should not use the RNGSEEDx registers
until this register reaches the appropriate value for the number of bits desired.
49
Crypto Engine and
Random Number
Generator (RNG)
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-5
Table 49-1:
Crypto Engine SFR Summary
Name
CEVER
Bit 31/15
Bit 30/14
Bit 29/13
31:16
Bit 28/12
Bit 27/11
Bit 26/10
Bit 25/9
CEBDADDR
31:16
—
—
—
—
—
—
—
—
15:0
—
—
—
—
—
—
—
—
31:16
ERRMODE<2:0>
ERROP<2:0>
—
—
SWAPOEN SWRST
ERRPHASE<1:0>
Bit 17/1
—
—
Bit 16/0
—
—
—
SWAPEN
—
—
BDPCHST BDPPLEN
—
DMAEN
—
—
BDSTATE<3:0>
START
ACTIVE
BDCTRL<15:0>
31:16
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
15:0
—
—
—
—
—
—
—
—
—
—
—
—
AREIF
PKTIF
CBDIF
PENDIF
31:16
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
15:0
—
—
—
—
—
—
—
—
—
—
—
—
AREIE
PKTIE
CBDIE
PENDIE
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
15:0
BDPPLCON<15:0>
31:16
—
—
—
—
—
—
—
—
15:0
—
—
—
—
—
—
—
—
31:16
—
—
—
—
—
—
—
—
15:0
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
DTXBLEN<15:12>
—
—
—
—
—
DRXBLEN<15:12>
CEDTXSTAT 31:16
© 2013-2015 Microchip Technology Inc.
15:0
CEDRXSTAT 31:16
—
HDRLEN<7:0>
—
—
—
—
—
—
— = unimplemented, read as ‘0’.
—
—
—
—
—
DTXBLEN<11:0>
—
TRLRLEN<7:0>
DTXBLEN<11:0>
15:0
Legend:
Bit 118/2
BASEADDR<15:0>
31:16
CEPOLLCON 31:16
CETRLLEN
Bit 19/3
BDPADDR<15:0>
15:0
CEHDLEN
Bit 20/4
BASEADDR<31:16>
15:0
CEINTEN
Bit 21/5
BDPADDR<31:16>
CEBDPADDR 31:16
CEINTSRC
Bit 22/6
ID<15:0>
15:0
CESTAT
Bit 23/7
VERSION<7:0>
15:0
CECON
Bit 24/8
REVISION<7:0>
DTXSTATE<3:0>
DRXSTATE<3:0>
PIC32 Family Reference Manual
DS60001246B-page 49-6
Table 49-1 and Table 49-2 provide brief summaries of the related Crypto Engine and RNG registers. Corresponding registers appear after
the summary, followed by a detailed description of each bit.
Random Number Generator SFR Summary
Name
RNGVER
Bit 31/15
Bit 30/14
Bit 29/13
RNGPOLY1
Bit 27/11
Bit 26/10
Bit 25/9
31:16
Bit 24/8
Bit 23/7
Bit 22/6
Bit 21/5
—
—
—
VERSION<7:0>
Bit 19/3
Bit 118/2
Bit 17/1
Bit 16/0
—
—
—
—
—
—
REVISION<7:0>
31:16
—
—
—
—
—
—
15:0
—
—
—
LOAD
—
CONT
—
—
PRNGEN TRNGEN
31:16
—
—
—
PLEN<6:0>
POLY1<31:16>
15:0
POLY1<15:0>
RNGPOLY2
31:16
POLY2<31:16>
15:0
POLY2<15:0>
RNG1
31:16
RNG1<31:16>
15:0
RNG1<15:0>
RNG2
31:16
RNG2<31:16>
15:0
RNG2<15:0>
RNGSEED1
31:16
RDATA1<31:16>
15:0
RDATA1<15:0>
RNGSEED2
31:16
RDATA2<31:16>
RNGRCNT
31:16
—
—
—
—
—
—
—
—
—
15:0
—
—
—
—
—
—
—
—
—
15:0
Legend:
Bit 20/4
ID<15:0>
15:0
RNGCON
Bit 28/12
RDATA2<15:0>
— = unimplemented, read as ‘0’.
—
—
—
—
RCNT<6:0>
DS60001246B-page 49-7
Section 49. Crypto Engine and Random Number Generator (RNG)
© 2013-2015 Microchip Technology Inc.
Table 49-2:
49
Crypto Engine and
Random Number
Generator (RNG)
PIC32 Family Reference Manual
Register 49-1:
Bit
Range
31:24
23:16
15:8
7:0
CEVER: Crypto Engine Revision, Version, and ID Register
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
R-0
R-0
R-0
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
REVISION<7:0>
R-0
R-0
R-0
R-0
R-0
VERSION<7:0>
R-0
R-0
R-0
R-0
ID<15:8>
R-0
R-0
R-0
R-0
ID<7:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
x = Bit is unknown
bit 31-24 REVISION<7:0>: Crypto Engine Revision bits
bit 23-16 VERSION<7:0>: Crypto Engine Version bits
bit 15-0
ID<15:0>: Crypto Engine Identification bits
DS60001246B-page 49-8
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
Register 49-2:
Bit
Range
31:24
23:16
15:8
7:0
CECON: Crypto Engine Control Register
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
R/W-0
R/W-0
R/W-0
U-0
U-0
R/W-0
R/W-0
R/W-0
SWAPOEN(1)
SWRST
SWAPEN
—
—
BDPCHST
BDPPLEN
DMAEN
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
x = Bit is unknown
bit 31-8 Unimplemented: Read as ‘0’
SWAPOEN: Output Data Swap Enable bit(1)
1 = Output data is byte swapped when read by dedicated DMA
0 = Output data is not byte swapped when read by dedicated DMA
bit 6
SWRST: Software Reset bit
1 = Initiate a software Reset of the Crypto Engine
0 = Normal operation
bit 5
SWAPEN: Input Data Swap Enable bit
1 = Input data is byte swapped when read by dedicated DMA
0 = Input data is not byte swapped when read by dedicated DMA
bit 4-3
Unimplemented: Read as ‘0’
bit 2
BDPCHST: Buffer Descriptor Processor Fetch Enable bit
This bit should be enabled only after all DMA descriptor programming is completed.
1 = Buffer Descriptor Processor descriptor fetch is enabled
0 = Buffer Descriptor Processor descriptor fetch is disabled
bit 1
BDPPLEN: Buffer Descriptor Processor Poll Enable bit
This bit should be enabled only after all DMA descriptor programming is completed.
1 = Poll for descriptor until valid bit is set
0 = Do not poll
bit 0
DMAEN: DMA Enable bit
1 = Crypto Engine DMA is enabled
0 = Crypto Engine DMA is disabled
Note 1:
49
This bit is not available on all devices. Refer to the “Crypto Engine and RNG” chapter in the specific
device data sheet to determine availability.
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-9
Crypto Engine and
Random Number
Generator (RNG)
bit 7
PIC32 Family Reference Manual
Register 49-3:
Bit
Range
CEBDADDR: Crypto Engine Buffer Descriptor Register
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
R-0
R-0
R-0
31:24
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
BDPADDR<31:24>
R-0
23:16
R-0
R-0
R-0
R-0
BDPADDR<23:16>
R-0
15:8
R-0
R-0
R-0
R-0
BDPADDR<15:8>
R-0
7:0
R-0
R-0
R-0
R-0
BDPADDR<7:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
bit 31-0
BDPADDR<31:0>: Current Buffer Descriptor Process Address Status bits
These bits contain the current descriptor address that is being processed by the Buffer Descriptor
Processor.
Register 49-4:
Bit
Range
31:24
23:16
15:8
7:0
x = Bit is unknown
CEBDPADDR: Crypto Engine Buffer Descriptor Processor Register
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
BASEADDR<31:24>
R/W-0
R/W-0
BASEADDR<23:16>
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
BASEADDR<15:8>
R/W-0
R/W-0
BASEADDR<7:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
bit 31-0
x = Bit is unknown
BASEADDR<31:0>: DMA Base Address Status bits
These bits contain the base address of the DMA controller. After a reset, a fetch starts from this address.
DS60001246B-page 49-10
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
Register 49-5:
Bit
Range
31:24
CESTAT: Crypto Engine Status Register
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
R-0
R-0
R-0
R-0
ERRMODE<2:0>
23:16
15:8
U-0
U-0
—
—
R-0
R-0
Bit
27/19/11/3
Bit
26/18/10/2
R-0
R-0
ERROP<2:0>
R-0
R-0
R-0
R-0
R-0
Bit
24/16/8/0
R-0
R-0
ERRPHASE<1:0>
R-0
R-0
R-0
START
ACTIVE
R-0
R-0
R-0
R-0
R-0
R-0
BDSTATE<3:0>
R-0
Bit
25/17/9/1
BDCTRL<15:8>
R-0
7:0
R-0
R-0
R-0
R-0
BDCTRL<7:0>
Legend:
R = Readable bit
-n = Value at POR
W = Writable bit
‘1’ = Bit is set
U = Unimplemented bit, read as ‘0’
‘0’ = Bit is cleared
x = Bit is unknown
bit 31-29 ERRMOD<2:0>: Internal Error Mode Status bits
111 = Reserved
•
•
•
bit 28-26
bit 25-24
•
•
•
bit 17
bit 16
bit 15-0
0111 = Reserved
0110 = Security Association fetch
0101 = Fetch Buffer Descriptor Processor is disabled
0100 = Descriptor is done
0011 = Data phase
0010 = Buffer Descriptor Processor is loading
0001 = Descriptor fetch request is pending
0000 = Buffer Descriptor Processor is idle
START: DMA Start Status bit
1 = DMA start has occurred
0 = DMA start has not occurred
ACTIVE: Buffer Descriptor Processor Status bit
1 = Buffer Descriptor Processor is active
0 = Buffer Descriptor Processor is idle
BDCTRL<15:0>: Descriptor Control Word Status bits
These bits contain the current descriptor control word.
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-11
49
Crypto Engine and
Random Number
Generator (RNG)
bit 23-22
bit 21-18
001 = Reserved
000 = Normal operation
ERROP<2:0>: Internal Error Operation Status bits
111 = Reserved
110 = Reserved
101 = Reserved
100 = Authentication
011 = Reserved
010 = Decryption
001 = Encryption
000 = Reserved
ERRPHASE<1:0>: Internal Error Phase of DMA Status bits
11 = Destination data
10 = Source data
01 = Security Association access
00 = Buffer Descriptor access
Unimplemented: Read as ‘0’
BDSTATE<3:0>: Buffer Descriptor Processor State Status bits
These bits contain a number, which indicates the current state of the Buffer Descriptor Processor:
1111 = Reserved
PIC32 Family Reference Manual
Register 49-6:
Bit
Range
31:24
23:16
15:8
7:0
CEINTSRC: Crypto Engine Interrupt Source Register
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
—
—
—
—
Legend:
R-0, HS
(1)
AREIF
R-0, HS
(1)
PKTIF
R-0, HS
(1)
CBDIF
—
R-0, HS
(1)
PENDIF
HS = Set by hardware
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
x = Bit is unknown
bit 31-4
Unimplemented: Read as ‘0’
bit 3
AREIF: Access Response Error Interrupt bit(1)
1 = The Crypto Engine attempted to access an invalid memory location
0 = No error has occurred
bit 2
PKTIF: DMA Packet Completion Interrupt Status bit(1)
1 = DMA packet was completed
0 = DMA packet was not completed
bit 1
CBDIF: Buffer Descriptor Transmit Status bit(1)
1 = Last Buffer Descriptor transmit was processed
0 = Last Buffer Descriptor transmit has not been processed
bit 0
PENDIF: Crypto Engine Interrupt Pending Status bit(1)
1 = Crypto Engine interrupt is pending (this value is the result of an OR of all interrupts in the Crypto Engine)
0 = Crypto Engine interrupt is not pending
Note 1:
Write a '1' to this bit to clear the interrupt.
DS60001246B-page 49-12
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
Register 49-7:
Bit
Range
31:24
23:16
15:8
7:0
CEINTEN: Crypto Engine Interrupt Enable Register
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
R/W-0
R/W-0
R/W-0
R/W-0
—
—
—
—
AREIE
PKTIE
BDPIE
PENDIE(1)
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
x = Bit is unknown
bit 31-4
Unimplemented: Read as ‘0’
bit 3
AREIE: Access Response Error Interrupt Enable bit
1 = Access response error interrupts are enabled
0 = Access response error interrupts are not enabled
bit 2
PKTIE: DMA Packet Completion Interrupt Enable bit
1 = DMA packet completion interrupts are enabled
0 = DMA packet completion interrupts are not enabled
bit 1
BDPIE: DMA Buffer Descriptor Processor Interrupt Enable bit
1 = Buffer Descriptor Processor interrupts are enabled
0 = Buffer Descriptor Processor interrupts are not enabled
bit 0
PENDIE: Master Interrupt Enable bit(1)
1 = Crypto Engine interrupts are enabled
0 = Crypto Engine interrupts are not enabled
Note 1:
The PENDIE bit is a Global enable bit and must be enabled together with the other interrupts desired.
49
Crypto Engine and
Random Number
Generator (RNG)
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-13
PIC32 Family Reference Manual
Register 49-8:
Bit
Range
CEPOLLCON: Crypto Engine Poll Control Register
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
31:24
23:16
15:8
BDPPLCON<15:8>
R/W-0
7:0
R/W-0
R/W-0
R/W-0
R/W-0
BDPPLCON<7:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
x = Bit is unknown
bit 31-16 Unimplemented: Read as ‘0’
bit 15-0
BDPPLCON<15:0>: Buffer Descriptor Processor Poll Control bits
These bits determine the number of cycles that the DMA transmit Buffer Descriptor Processor would wait
before refetching the descriptor control word if the previous descriptor fetched was disabled.
Register 49-9:
Bit
Range
31:24
23:16
15:8
7:0
CEHDLEN: Crypto Engine Header Length Register
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
HDRLEN<7:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
bit 31-8
Unimplemented: Read as ‘0’
bit 7-0
HDRLEN<7:0>: DMA Header Length bits
For every packet, leave this length of locations and start filling the data.
DS60001246B-page 49-14
x = Bit is unknown
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
Register 49-10: CETRLLEN: Crypto Engine Trailer Length Register
Bit
Range
31:24
23:16
15:8
7:0
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
TRLRLEN<7:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
bit 31-8
Unimplemented: Read as ‘0’
bit 7-0
TRLRLEN<7:0>: DMA Trailer Length bits
For every packet, leave this length of locations and start putting the next packet.
x = Bit is unknown
Register 49-11: CEDTXSTAT: Crypto Engine DTX Debug Status Register
Bit
Range
31:24
23:16
15:8
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
R-0
R-0
R-0
R-0
—
—
—
—
R-0
R-0
R-0
R-0
DTXBLEN<15:12>
R-0
R-0
R-0
R-0
R-0
R-0
R-0
DTXBLEN<11:4>
R-0
R-0
R-0
R-0
DTXBLEN<3:0>
DTXSTATE<3:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
x = Bit is unknown
bit 31-20 Unimplemented: Read as ‘0’
bit 19-4
DTXBLEN<15:0>: Current DMA Transmit Buffer Length Debug Status bits
bit 3-0
DTXSTATE<3:0>: Current DMA Transmit States Debug Status bits
1111 = Reserved
•
•
•
0110 = Reserved
0101 = Transmitting to internal Crypto Engine Memory
0100 = Reserved
0011 = Wait
0010 = Reserved
0001 = Reserved
0000 = Idle
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-15
49
Crypto Engine and
Random Number
Generator (RNG)
7:0
R-0
PIC32 Family Reference Manual
Register 49-12: CEDRXSTAT: Crypto Engine DRX Debug Status Register
Bit
Range
31:24
23:16
15:8
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
R-0
R-0
R-0
R-0
—
—
—
—
R-0
R-0
R-0
DRXBLEN<15:12>
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
DTXBLEN<11:4>
R-0
7:0
R-0
R-0
R-0
R-0
DRXBLEN<3:0>
DRXSTATE<3:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
x = Bit is unknown
bit 31-20 Unimplemented: Read as ‘0’
bit 19-4
DTXBLEN<15:0>: Current DMA Receive Buffer Length Debug Status bits
bit 3-0
DTXSTATE<3:0>: Current DMA Receive States Debug Status bits
1111 = Transaction is in progress
•
•
•
0001 = Transaction is in progress
0000 = Idle
Register 49-13: RNGVER: Random Number Generator ID, Version, and Revision Register
Bit
Range
31:24
23:16
15:8
7:0
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
ID<15:8>
R-0
R-0
R-0
R-0
ID<7:0>
R-0
R-0
R-0
R-0
R-0
R-0
R-0
VERSION<7:0>
R-0
R-0
REVISION<7:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
x = Bit is unknown
bit 31-16 ID<15:0>: Block Identification bits
bit 15-8
VERSION<7:0>: Block Version bits
bit 7-0
REVISION<7:0>: Block Revision bits
DS60001246B-page 49-16
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
Register 49-14: RNGCON: Random Number Generator Control Register
Bit
Range
31:24
23:16
15:8
7:0
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
R/W-0, HC
U-0
R/W-0
R/W-0
R/W-0
—
—
—
LOAD
—
CONT
PRNGEN
TRNGEN
U-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
—
PLEN<6:0>
Legend:
HC = Cleared by hardware
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
x = Bit is unknown
bit 31-13 Unimplemented: Read as ‘0’
bit 12
LOAD: Device Select bit
Setting this bit to ‘1’ loads the seed from the TRNG (i.e., the random value) as a seed to the PRNG. It is
cleared automatically by hardware.
bit 11
Unimplemented: Read as ‘0’
bit 10
CONT: PRNG Number Shift Enable bit
1 = The PRNG random number is shifted every cycle
0 = The PRNG random number is shifted when the previous value is removed
bit 9
PRNGEN: PRNG Operation Enable bit
1 = PRNG operation is enabled
0 = PRNG operation is not enabled
bit 8
TRNGEN: TRNG Operation Enable bit
1 = TRNG operation is enabled
0 = TRNG operation is not enabled
bit 7
Unimplemented: Read as ‘0’; must always be written as ‘0’
bit 6-0
PLEN<6:0>: PRNG Polynomial Length bits
These bits contain the length of the polynomial used for the PRNG.
Crypto Engine and
Random Number
Generator (RNG)
© 2013-2015 Microchip Technology Inc.
49
DS60001246B-page 49-17
PIC32 Family Reference Manual
Register 49-15: RNGPOLY1: Random Number Generator Polynomial Register 1
Bit
Range
31:24
23:16
15:8
7:0
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
POLY1<31:24>
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
POLY1<23:16>
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
POLY1<15:8>
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
POLY1<7:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
bit 31-0
x = Bit is unknown
POLY1<31:0>: PRNG LFSR Polynomial Least Significant Byte bits
These bits are reverse-order for the LSFR. Therefore, these bits actually represent bits 0-31 of the LSFR.
Register 49-16: RNGPOLY2: Random Number Generator Polynomial Register 2
Bit
Range
31:24
23:16
15:8
7:0
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
POLY2<31:24>
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
POLY2<23:16>
R/W-0
POLY2<15:8>
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
POLY2<7:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
bit 31-0
x = Bit is unknown
POLY2<31:0>: PRNG LFSR Polynomial Most Significant Byte bits
These bits are reverse-order for the LSFR. Therefore, these bits actually represent bits 32-63 of the LSFR.
DS60001246B-page 49-18
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
Register 49-17:
Bit
Range
31:24
23:16
15:8
7:0
RNGNUMGEN1: Random Number Generator Pseudo-Random Number Generator Register 1
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
RNG1<31:24>
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
RNG1<23:16>
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
RNG1<15:8>
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
RNG1<7:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
bit 31-0
x = Bit is unknown
RNG1<31:0>: Current PRNG Least Significant Word Value bits
Register 49-18: RNGNUMGEN2: Random Number Generator Pseudo-Random Number Generator Register 2
Bit
Range
31:24
23:16
15:8
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
RNG2<31:24>
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
RNG2<23:16>
R/W-0
RNG2<15:8>
R/W-0
R/W-0
R/W-0
R/W-0
R/W-0
RNG2<7:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
bit 31-0
x = Bit is unknown
RNG2<31:0>: Current PRNG Most Significant Word Value bits
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-19
49
Crypto Engine and
Random Number
Generator (RNG)
7:0
Bit
31/23/15/7
PIC32 Family Reference Manual
Register 49-19: RNGSEED1: True Random Number Generator Seed Register 1
Bit
Range
31:24
23:16
15:8
7:0
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
R-0
R-0
R-0
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
RDATA1<31:24>
R-0
R-0
R-0
R-0
R-0
RDATA1<23:16>
R-0
R-0
R-0
R-0
R-0
RDATA1<15:8>
R-0
R-0
R-0
R-0
R-0
RDATA1<7:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
bit 31-0
x = Bit is unknown
RDATA1<31:0>: TRNG Least Significant Word bits
Register 49-20: RNGSEED2: True Random Number Generator Seed Register 2
Bit
Range
31:24
23:16
15:8
7:0
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
R-0
R-0
R-0
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
RDATA2<31:24>
R-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
RDATA2<23:16>
R-0
R-0
RDATA2<15:8>
R-0
R-0
R-0
R-0
R-0
RDATA2<7:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
bit 31-0
x = Bit is unknown
RDATA2<31:0>: TRNG Most Significant Word bits
DS60001246B-page 49-20
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
Register 49-21: RNGRCNT: True Random Number Generator Count Register
Bit
Range
31:24
23:16
15:8
7:0
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
U-0
U-0
U-0
U-0
U-0
U-0
U-0
—
—
—
—
—
—
—
—
U-0
R-0
R-0
R-0
R-0
R-0
R-0
R-0
—
RCNT<6:0>
Legend:
R = Readable bit
W = Writable bit
U = Unimplemented bit, read as ‘0’
-n = Value at POR
‘1’ = Bit is set
‘0’ = Bit is cleared
bit 31-7
Unimplemented: Read as ‘0’
bit 6-0
RCNT<6:0>: Number of Valid TRNG Generated bits
When this count reaches 64, a new number is ready in the RNGSEEDx registers.
x = Bit is unknown
49
Crypto Engine and
Random Number
Generator (RNG)
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-21
PIC32 Family Reference Manual
49.3
CRYPTO ENGINE BUFFER DESCRIPTORS
Host software creates a linked list of Buffer Descriptors and the hardware updates them.
Table 49-3 provides a list of the Crypto Engine Buffer Descriptors, followed by format
descriptions (see Figure 49-3 through Figure 49-10).
Table 49-3:
Crypto Engine Buffer Descriptors
Bit
31/23/15/7
Name
BD_CTRL
31:24 DESC_EN
23:16
15:8
7:0
—
Bit
30/22/14/6
Bit
29/21/13/5
—
—
SA_FETCH_EN
—
Bit
28/20/12/4
Bit
Bit
27/19/11/3 26/18/10/2
CRY_MODE<2:0>
—
LAST_BD
23:16
BD_SAADDR<23:16>
15:8
BD_SAADDR<15:8>
BD_SRCADDR<31:24>
23:16
BD_SRCADDR<23:16>
15:8
BD_SRCADDR<15:8>
BD_DSTADDR<31:24>
23:16
BD_DSTADDR<23:16>
15:8
BD_DSTADDR<15:8>
7:0
BD_DSTADDR<7:0>
31:24
BD_NXTADDR<31:24>
23:16
BD_NXTADDR<23:16>
15:8
BD_NXTADDR<15:8>
7:0
BD_NXTADDR<7:0>
31:24
BD_UPDADDR<31:24>
23:16
BD_UPDADDR<23:16>
15:8
BD_UPDADDR<15:8>
7:0
BD_UPDADDR<7:0>
BD_MSG_LEN 31:24
MSG_LENGTH<31:24>
23:16
MSG_LENGTH<23:16>
15:8
MSG_LENGTH<15:8>
7:0
MSG_LENGTH<7:0>
BD_ENC_OFF 31:24
ENCR_OFFSET<31:24>
23:16
ENCR_OFFSET<23:16>
15:8
ENCR_OFFSET<15:8>
7:0
ENCR_OFFSET<7:0>
DS60001246B-page 49-22
PKT_INT_EN CBD_INT_EN
BD_SRCADDR<7:0>
BD_DSTADDR 31:24
BD_UPDPTR
—
BD_SAADR<7:0>
BD_SRCADDR 31:24
BD_NXTPTR
—
BD_BUFLEN<7:0>
BD_SAADDR<31:24>
7:0
LIFM
Bit
24/16/8/0
BD_BUFLEN<15:8>
BD_SA_ADDR 31:24
7:0
—
Bit
25/17/9/1
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
Figure 49-3:
Format of BD_CTRL
Bit
Range
Bit
31/23/15/7
31-24
DESC_EN
—
—
SA_
FETCH_EN
23-16
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
CRY_MODE<2:0>
—
—
LAST_BD
15-8
BD_BUFLEN<15:8>
7-0
BD_BUFLEN<7:0>
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
—
—
—
LIFM
PKT_
INT_EN
CBD_
INT_EN
bit 31
DESC_EN: Descriptor Enable
1 = The descriptor is owned by hardware. After processing the BD, hardware resets this bit to ‘0’.
0 = The descriptor is owned by software
bit 30
Unimplemented: Must be written as ‘0’
bit 29-27
CRY_MODE<2:0>: Crypto Mode
111 = Reserved
110 = Reserved
101 = Reserved
100 = Reserved
011 = CEK operation
010 = KEK operation
001 = Preboot authentication
000 = Normal operation
bit 26-23
Unimplemented: Must be written as ‘0’
bit 22
SA_FETCH_EN: Fetch Security Association From External Memory
1 = Fetch SA from the SA pointer. This bit needs to be set to ‘1’ for every new packet.
0 = User current fetched SA or the internal SA
bit 21-20
Unimplemented: Must be written as ‘0’
bit 19
LAST_BD: Last Buffer Descriptors
After the last BD, the BD_PTR goes to the base address in the CSR.
bit 18
LIFM: Last In Frame
In case of Receive Packets (from H/W-> Host), this field is filled by the Hardware to indicate whether the packet
goes across multiple buffer descriptors. In case of transmit packets (from Host -> H/W), this field indicates
whether this BD is the last in the frame.
bit 17
PKT_INT_EN: Packet Interrupt Enable
Generate an interrupt after processing the current buffer descriptor, if it is the end of the packet.
bit 16
CBD_INT_EN: CBD Interrupt Enable
Generate an interrupt after processing the current buffer descriptor.
bit 15-0
BD_BUFLEN<15:0>: Buffer Descriptor Length
This field contains the length of the buffer and is updated with the actual length filled by the receiver.
Bit
Range
Format of BD_SADDR
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
31-24
BD_SAADDR<31:24>
23-16
BD_SAADDR<23:16>
15-8
BD_SAADDR<15:8>
7-0
BD_SAADDR<7:0>
bit 31-0
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
BD_SAADDR: Security Association IP Session Address
The sessions’ Security Association pointer has the keys and IV values.
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-23
Crypto Engine and
Random Number
Generator (RNG)
Figure 49-4:
49
PIC32 Family Reference Manual
Figure 49-5:
Bit
Range
Format of BD_SRCADDR
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
31-24
BD_SCRADDR<31:24>
23-16
BD_SCRADDR<23:16>
15-8
BD_SCRADDR<15:8>
7-0
BD_SCRADDR<7:0>
bit 31-0
Figure 49-6:
Bit
Range
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
23-16
BD_DSTADDR<23:16>
15-8
BD_DSTADDR<15:8>
7-0
BD_DSTADDR<7:0>
Bit
Range
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
23-16
BD_NXTADDR<23:16>
15-8
BD_NXTADDR<15:8>
7-0
BD_NXTADDR<7:0>
Bit
Range
Bit
24/16/8/0
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
Bit
25/17/9/1
Bit
24/16/8/0
BD_NXTADDR: Next Buffer Descriptor Pointer Address Has Next Buffer Descriptor
The next buffer can be a next segment of the previous buffer or a new packet.
Format of BD_UPDPTR
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
31-24
BD_UPDADDR<31:24>
23-16
BD_UPDADDR<23:16>
15-8
BD_UPDADDR<15:8>
7-0
BD_UPDADDR<7:0>
bit 31-0
Bit
25/17/9/1
Format of BD_NXTADDR
BD_NXTADDR<31:24>
Figure 49-8:
Bit
26/18/10/2
BD_DSTADDR: Buffer Destination Address
The destination address of the buffer that needs to be passed through the PE-CRDMA for encryption or
authentication.
31-24
bit 31-0
Bit
24/16/8/0
Format of BD_DSTADDR
BD_DSTADDR<31:24>
Figure 49-7:
Bit
25/17/9/1
BD_SCRADDR: Buffer Source Address
The source address of the buffer that needs to be passed through the PE-CRDMA for encryption or
authentication.
31-24
bit 31-0
Bit
26/18/10/2
Bit
26/18/10/2
BD_UPDADDR: UPD Address Location
The update address has the location where the CRDMA results are posted. The updated results are the ICV
values, key output values as needed.
DS60001246B-page 49-24
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
Figure 49-9:
Bit
Range
Format of BD_MSG_LEN
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
31-24
MSG_LENGTH<31:24>
23-16
MSG_LENGTH<23:16>
15-8
MSG_LENGTH<15:8>
7-0
MSG_LENGTH<7:0>
bit 31-0
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
MSG_LENGTH: Total Message Length
Total message length for the hash and HMAC algorithms in bytes. Total number of Crypto bytes in case of GCM
algorithm (LEN-C).
Figure 49-10: Format of BD_ENC_OFF
Bit
Range
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
31-24
ENCR_OFFSET<31:24>
23-16
ENCR_OFFSET<23:16>
15-8
ENCR_OFFSET<15:8>
7-0
ENCR_OFFSET<7:0>
bit 31-0
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
ENCR_OFFSET: Encryption Offset
Encryption offset for the multi-task test cases (both encryption and authentication). The number of AAD bytes in
the case of GCM algorithm (LEN-A).
Example 49-1:
Buffer Descriptor C Structures
typedef struct bdCtrl {
unsigned int BUFLEN : 16;
unsigned int CBD_INT_EN : 1;
unsigned int PKT_INT_EN : 1;
unsigned int LIFM : 1;
unsigned int LAST_BD: 1;
unsigned int : 2;
unsigned int SA_FETCH_EN : 1;
unsigned int : 4;
unsigned int CRY_MODE: 3;
unsigned int : 1;
unsigned int DESC_EN : 1;
} bdCtrl;
49
Crypto Engine and
Random Number
Generator (RNG)
typedef struct bufferDescriptor {
bdCtrl BD_CTRL;
unsigned int SA_ADDR;
unsigned int SRCADDR;
unsigned int DSTADDR;
unsigned int NXTPTR;
unsigned int UPDPTR;
unsigned int MSGLEN;
unsigned int ENCOFF;
} bufferDescriptor;
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-25
PIC32 Family Reference Manual
49.4
CRYPTO ENGINE SECURITY ASSOCIATION STRUCTURE
Table 49-4 shows the Security Association structure.
The Crypto Engine uses the Security Association to determine the settings for processing a
Buffer Descriptor Processor. The Security Association contains:
•
•
•
•
•
•
•
Table 49-4:
Crypto Engine Security Association Structure
Bit
31/23/15/7
Name
SA_CTRL
Which algorithm to use
Whether to use engines in parallel (for both authentication and encryption/decryption)
The size of the key
Authentication key
Encryption/decryption key
Authentication Initialization Vector (IV)
Encryption IV
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
31:24
—
—
VERIFY
—
NO_RX
OR_EN
ICVONLY
IRFLAG
23:16
LNC
LOADIV
FB
FLAGS
—
—
—
ALGO<6>
ENCTYPE
KEYSIZE<1>
15:8
7:0
ALGO<5:0>
KEYSIZE<0>
MULTITASK<2:0>
CRYPTOALGO<3:0>
SA_AUTHKEY1 31:24
AUTHKEY<31:24>
23:16
AUTHKEY<23:16>
15:8
AUTHKEY<15:8>
7:0
AUTHKEY<7:0>
SA_AUTHKEY2 31:24
AUTHKEY<31:24>
23:16
AUTHKEY<23:16>
15:8
AUTHKEY<15:8>
7:0
AUTHKEY<7:0>
SA_AUTHKEY3 31:24
AUTHKEY<31:24>
23:16
AUTHKEY<23:16>
15:8
AUTHKEY<15:8>
7:0
AUTHKEY<7:0>
SA_AUTHKEY4 31:24
AUTHKEY<31:24>
23:16
AUTHKEY<23:16>
15:8
AUTHKEY<15:8>
7:0
AUTHKEY<7:0>
SA_AUTHKEY5 31:24
AUTHKEY<31:24>
23:16
AUTHKEY<23:16>
15:8
AUTHKEY<15:8>
7:0
AUTHKEY<7:0>
SA_AUTHKEY6 31:24
AUTHKEY<31:24>
23:16
AUTHKEY<23:16>
15:8
AUTHKEY<15:8>
7:0
AUTHKEY<7:0>
SA_AUTHKEY7 31:24
AUTHKEY<31:24>
23:16
AUTHKEY<23:16>
15:8
AUTHKEY<15:8>
7:0
AUTHKEY<7:0>
SA_AUTHKEY8 31:24
AUTHKEY<31:24>
23:16
AUTHKEY<23:16>
15:8
AUTHKEY<15:8>
SA_ENCKEY1
SA_ENCKEY2
Bit
24/16/8/0
7:0
AUTHKEY<7:0>
31:24
ENCKEY<31:24>
23:16
ENCKEY<23:16>
15:8
ENCKEY<15:8>
7:0
ENCKEY<7:0>
31:24
ENCKEY<31:24>
23:16
ENCKEY<23:16>
15:8
ENCKEY<15:8>
7:0
ENCKEY<7:0>
DS60001246B-page 49-26
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
Table 49-4:
Crypto Engine Security Association Structure (Continued)
Bit
31/23/15/7
Name
SA_ENCKEY3
SA_ENCKEY4
SA_ENCKEY5
SA_ENCKEY6
SA_ENCKEY7
SA_ENCKEY8
SA_AUTHIV1
SA_AUTHIV2
SA_AUTHIV3
SA_AUTHIV5
SA_AUTHIV6
SA_AUTHIV7
SA_AUTHIV8
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
31:24
ENCKEY<31:24>
23:16
ENCKEY<23:16>
15:8
ENCKEY<15:8>
7:0
ENCKEY<7:0>
31:24
ENCKEY<31:24>
23:16
ENCKEY<23:16>
15:8
ENCKEY<15:8>
7:0
ENCKEY<7:0>
31:24
ENCKEY<31:24>
23:16
ENCKEY<23:16>
15:8
ENCKEY<15:8>
7:0
ENCKEY<7:0>
31:24
ENCKEY<31:24>
23:16
ENCKEY<23:16>
15:8
ENCKEY<15:8>
7:0
ENCKEY<7:0>
31:24
ENCKEY<31:24>
23:16
ENCKEY<23:16>
15:8
ENCKEY<15:8>
7:0
ENCKEY<7:0>
31:24
ENCKEY<31:24>
23:16
ENCKEY<23:16>
15:8
ENCKEY<15:8>
7:0
ENCKEY<7:0>
31:24
AUTHIV<31:24>
23:16
AUTHIV<23:16>
15:8
AUTHIV<15:8>
7:0
AUTHIV<7:0>
31:24
AUTHIV<31:24>
23:16
AUTHIV<23:16>
15:8
AUTHIV<15:8>
7:0
AUTHIV<7:0>
31:24
AUTHIV<31:24>
23:16
AUTHIV<23:16>
15:8
AUTHIV<15:8>
7:0
AUTHIV<7:0>
31:24
AUTHIV<31:24>
23:16
AUTHIV<23:16>
15:8
AUTHIV<15:8>
7:0
AUTHIV<7:0>
31:24
AUTHIV<31:24>
23:16
AUTHIV<23:16>
15:8
AUTHIV<15:8>
7:0
AUTHIV<7:0>
31:24
AUTHIV<31:24>
23:16
AUTHIV<23:16>
15:8
AUTHIV<15:8>
7:0
AUTHIV<7:0>
31:24
AUTHIV<31:24>
23:16
AUTHIV<23:16>
15:8
AUTHIV<15:8>
7:0
AUTHIV<7:0>
31:24
AUTHIV<31:24>
23:16
AUTHIV<23:16>
15:8
AUTHIV<15:8>
7:0
AUTHIV<7:0>
© 2013-2015 Microchip Technology Inc.
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
49
Crypto Engine and
Random Number
Generator (RNG)
SA_AUTHIV4
Bit
30/22/14/6
DS60001246B-page 49-27
PIC32 Family Reference Manual
Table 49-4:
Crypto Engine Security Association Structure (Continued)
Bit
31/23/15/7
Name
SA_ENCIV1
SA_ENCIV2
SA_ENCIV3
SA_ENCIV4
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
31:24
ENCIV<31:24>
23:16
ENCIV<23:16>
15:8
ENCIV<15:8>
7:0
ENCIV<7:0>
31:24
ENCIV<31:24>
23:16
ENCIV<23:16>
15:8
ENCIV<15:8>
7:0
ENCIV<7:0>
31:24
ENCIV<31:24>
23:16
ENCIV<23:16>
15:8
ENCIV<15:8>
7:0
ENCIV<7:0>
31:24
ENCIV<31:24>
23:16
ENCIV<23:16>
15:8
ENCIV<15:8>
7:0
ENCIV<7:0>
DS60001246B-page 49-28
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
Figure 49-11:
Bit
Range
Format of SA_CTRL
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
31-24
—
—
VERIFY
—
NO_RX
OR_EN
ICVONLY
IRFLAG
23-16
LNC
LOADIV
FB
FLAGS
—
—
—
ALGO<6>
ENC
KEYSIZE<1>
15-8
7-0
ALGO<5:0>
KEYSIZE<0>
MULTITASK<2:0>
CRYPTOALGO<3:0>
bit 31-30 Reserved: Do not use
bit 29
VERIFY: NIST Procedure Verification Setting
1 = NIST procedures are to be used
0 = Do not use NIST procedures
bit 28
Reserved: Do not use
bit 27
NO_RX: Receive DMA Control Setting
1 = Only calculate ICV for authentication calculations
0 = Normal processing
bit 26
OR_EN: OR Register Bits Enable Setting
1 = OR the register bits with the internal value of the CSR register
0 = Normal processing
bit 25
ICVONLY: Incomplete Check Value Only Flag
This affects the SHA-1 algorithm only. It has no effect on the AES algorithm.
1 = Only three words of the HMAC result are available
0 = All results from the HMAC result are available
bit 24
IRFLAG: Immediate Result of Hash Setting
This bit is set when the immediate result for hashing is requested.
1 = Save the immediate result for hashing
0 = Do not save the immediate result
bit 23
LNC: Load New Keys Setting
1 = Load a new set of keys for encryption and authentication
0 = Do not load new keys
bit 22
LOADIV: Load IV Setting
1 = Load the IV from this Security Association
0 = Use the next IV
bit 21
FB: First Block Setting
This bit indicates that this is the first block of data to feed the IV value.
1 = Indicates this is the first block of data
0 = Indicates this is not the first block of data
bit 20
49
Crypto Engine and
Random Number
Generator (RNG)
FLAGS: Incoming/Outgoing Flow Setting
1 = Security Association is associated with an outgoing flow
0 = Security Association is associated with an incoming flow
bit 19-17 Reserved: Do not use
bit 16-10 ALGO<6:0>: Type of Algorithm to Use
1xxxxxx = HMAC 1
x1xxxxx = SHA-256
xx1xxxx = SHA1
xxx1xxx = MD5
xxxx1xx = AES
xxxxx1x = TDES
xxxxxx1 = DES
bit 9
ENC: Type of Encryption Setting
1 = Encryption
0 = Decryption
bit 8-7
KEYSIZE<1:0>: Size of Keys in SA_AUTHKEYx or SA_ENCKEYx(1)
11 = Reserved; do not use
10 = 256 bits
01 = 192 bits
00 = 128 bits
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-29
PIC32 Family Reference Manual
Figure 49-11:
Format of SA_CTRL (Continued)
bit 6-4
MULTITASK<2:0>: How to Combine Parallel Operations in the Crypto Engine
111 = Parallel pass (decrypt and authenticate incoming data in parallel)
101 = Pipe pass (encrypt the incoming data, and then perform authentication on the encrypted data)
011 = Reserved
010 = Reserved
001 = Reserved
000 = Encryption or authentication or decryption (no pass)
bit 3-0
CRYPTOALGO<3:0>: Mode of operation for the Crypto Algorithm
1111 = Reserved
1110 = AES_GCM
(for AES processing)
1101 = RCTR
(for AES processing)
1100 = RCBC_MAC
(for AES processing)
1011 = ROFB
(for AES processing)
1010 = RCFB
(for AES processing)
1001 = RCBC
(for AES processing)
1000 = REBC
(for AES processing)
0111 = TOFB
(for Triple-DES processing)
0110 = TCFB
(for Triple-DES processing)
0101 = TCBC
(for Triple-DES processing)
0100 = TECB
(for Triple-DES processing)
0011 = OFB
(for DES processing)
0010 = CFB
(for DES processing)
0001 = CBC
(for DES processing)
0000 = ECB
(for DES processing)
Note 1:
This setting does not alter the size of SA_AUTHKEYx or SA_ENCKEYx in the Security Association, only the
number of bits of SA_AUTHKEYx and SA_ENCKEYx that are used.
DS60001246B-page 49-30
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
Figure 49-12: Format of SA_AUTHKEYx (x = 1 through 8)
Bit
Range
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
31-24
AUTHKEY<31:24>
23-16
AUTHKEY<23:16>
15-8
AUTHKEY<15:8>
7-0
AUTHKEY<7:0>
bit 31-0
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
AUTHKEY<31:0>: Key Used in Authentication Engine Processing
These entries should be set to ‘0’ if the Authentication Engine is not being used.
Figure 49-13: Format of SA_ENCKEYx (x = 1 through 8)
Bit
Range
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
31-24
ENCKEY<31:24>
23-16
ENCKEY<23:16>
15-8
ENCKEY<15:8>
7-0
ENCKEY<7:0>
bit 31-0
ENCKEY<31:0>: Key Used in Crypto Engine Processing
These entries should be set to ‘0’ if the Crypto Engine is not being used.
Figure 49-14: Format of SA_AUTHIVx (x = 1 through 8)
Bit
Range
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
AUTHIV<31:24>
23-16
AUTHIV<23:16>
15-8
AUTHIV<15:8>
7-0
AUTHIV<7:0>
bit 31-0
49
Crypto Engine and
Random Number
Generator (RNG)
31-24
AUTHIV<31:0>: IV Used in Authentication Engine Processing
These entries should be set to ‘0’ if the Authentication Engine is not being used.
Figure 49-15: Format of SA_ENCIVx (x = 1 through 4)
Bit
Range
Bit
31/23/15/7
Bit
30/22/14/6
Bit
29/21/13/5
Bit
28/20/12/4
Bit
27/19/11/3
31-24
ENCIV<31:24>
23-16
ENCIV<23:16>
15-8
ENCIV<15:8>
7-0
ENCIV<7:0>
bit 31-0
Bit
26/18/10/2
Bit
25/17/9/1
Bit
24/16/8/0
ENCIV<31:0>: IV Used in Crypto Engine Processing
These entries should be set to ‘0’ if the Crypto Engine is not being used.
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-31
PIC32 Family Reference Manual
Example 49-2:
Security Association C Structures
typedef struct saCtrl {
unsigned int CRYPTOALGO : 4;
unsigned int MULTITASK : 3;
unsigned int KEYSIZE : 2;
unsigned int ENCTYPE : 1;
unsigned int ALGO : 7;
unsigned int : 3;
unsigned int FLAGS : 1;
unsigned int FB : 1;
unsigned int LOADIV : 1;
unsigned int LNC : 1;
unsigned int IRFLAG : 1;
unsigned int ICVONLY : 1;
unsigned int OR_EN : 1;
unsigned int NO_RX : 1;
unsigned int : 1;
unsigned int VERIFY : 1;
unsigned int : 2;
} saCtrl;
typedef struct securityAssociation {
saCtrl SA_CTRL;
unsigned int SA_AUTHKEY[8];
unsigned int SA_ENCKEY[8];
unsigned int SA_AUTHIV[8];
unsigned int SA_ENCIV[4];
} securityAssociation;
DS60001246B-page 49-32
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
49.5
CRYPTO ENGINE OPERATION
49.5.1
Cryptographic Security Engines
To reduce the processing requirements of the PIC32 family, the Crypto Engine includes four
different cryptographic security engines. These security engines perform the types of
encryptions, decryptions, and mathematical computations that are most commonly used for a
variety of security applications. They accelerate the computation of public or private key pair
negotiations, message hash authentication, and bulk data encryption/decryption. These engines
may be used in parallel, or daisy-chained to provide additional security.
The four engines implemented are:
•
•
•
•
Triple Data Encryption Standard (TDES)
Advanced Encryption Standard (AES)
Secure Hash Algorithm (SHA-1 and SHA-256)
Message Digest 5 (MD5)
49.5.1.1
TRIPLE DATA ENCRYPTION STANDARD (TDES)
The Data Encryption Standard (DES) is an encryption algorithm developed in the early 1970s. It
is a block cipher, encrypting data in 64-bit blocks. For each 64-bit block sent through the engine,
a 64-bit block is returned.
The key length used by DES is 56-bits long. It is usually represented as a 64-bit number;
however, per the DES standard, every eighth bit of the key is used for parity checking of the key,
and then discarded. That is, positions 8, 16, 24, 32, 40, 48, 56, and 64 are removed from the
64-bit key, leaving only the 56-bit key.
Padding must be added to ensure the size of the incoming data to be processed is a multiple of
8 bytes. This padding is exclusive of any header or trailer data that is skipped over and should
consist of zeros.
Triple DES (TDES) uses the algorithm three times on the same block of data, rather than only
once, and can use key lengths of 56, 112, or 168 bits. Like DES, TDES is a symmetric algorithm,
meaning the same algorithm and key are used for both encryption and decryption of data.
49.5.1.2
ADVANCED ENCRYPTION STANDARD (AES)
The key length used by AES can be 128, 192, or 256 bits, and determines the number of
transformation rounds used to convert the input to the output. The key length also determines
the effective bit rate for algorithm execution.
Padding must be added to ensure the size of the incoming data to be processed is a multiple of
16 bytes (128 bits). This padding is exclusive of any header/trailer data that is skipped over and
should consist of zeros.
49.5.1.3
SECURE HASH ALGORITHM (SHA-1 AND SHA-256)
Secure Hash Algorithm (SHA) is a cryptographic hash function designed by the United States
National Security Agency (NSA). It is a one-way message digest function, taking an unlimited
amount of input data, and producing a digest of 160 bits (for SHA-1) or 256 bits (for SHA-256).
Both versions operate on 512-bit blocks. Padding is required to make the input data a multiple of
64 bytes. The most significant bit of the padding must be a ‘1’, followed by as many zeros as
needed to make the length 64 bits short of a multiple of 512 bits (64 bytes). The final 64 bits are
a binary representation of the length of the message before padding. This ensures that different
messages will not look the same after padding.
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-33
49
Crypto Engine and
Random Number
Generator (RNG)
The Advanced Encryption Standard (AES) engine implements the Advanced Encryption
Standard (originally known as Rijndael), as described in the NIST Federal Information
Processing Standard Publication 197. Like DES, it is a block cipher, and the same key is used to
both encrypt and decrypt data. It operates on 128-bit blocks regardless of the key size.
PIC32 Family Reference Manual
49.5.1.4
MESSAGE DIGEST 5 (MD5)
Message Digest 5 (MD5) is similar to SHA, in that it is a cryptographic hash function. It was
designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. MD5 takes an unlimited
amount of input data, and produces a 128-bit hash value.
MD5 operates on 512-bit blocks. Padding is required to make the input data a multiple of 64
bytes. The most significant bit of the padding must be a 1, followed by as many zeros as needed
to make the length 64 bits short of a multiple of 512 bits (64 bytes). The final 64 bits are a binary
representation of the length of the message before padding. This ensures that different
messages will not look the same after padding.
49.5.1.5
MODES OF OPERATION
The TDES and AES block cipher engines offer up to six modes of operation, which enables the
repeated and secure use of the cipher under a single key. The six modes are:
•
•
•
•
•
•
Cipher-Block Chaining (CBC)
Electronic Code Book (ECB)
Counter (CTR) - AES only
Cipher Feedback (CFB)
Output Feedback (OFB)
Galois/Counter (GCM) - AES only
The modes in use are decided by the Security Association structure when the data is processed.
49.5.2
Running the Crypto Engine
The Crypto Engine is configured via a set of Buffer Descriptors, which instruct the engine, for a
particular block of data, how to process it and which Security Association to use with it. One
Security Association can be associated with multiple Buffer Descriptors, thus saving memory.
Figure 49-16 illustrates the relationship between one Security Association, multiple Buffer
Descriptors, and the data to be processed.
Figure 49-16: Relationship of Security Association, Buffer Descriptor and Pending Processed Data
0x80001300
Security Association
Buffer Descriptor 1
BD_CTRL
BD_SA_ADDR
BD_SRCADDR
BD_DSTADDR
BD_NXTPTR
BD_UPDPTR
BD_MSG_LEN
BD_ENC_OFF
0x80001000
0x80002000
Data 1
0x80001340
Header
Trailer
0x80002100
Data 2
Buffer
Descriptor 2
SA_CTRL
Header
Header
Data 2
Trailer
0x80001188
0x80001504
Header
Data 1
Trailer
0x80001100
0x80001500
SA_AUTHKEY
Header
Trailer
0x80002188
Header
0x80001380
Buffer
Descriptor 3
0x80001524
SA_ENCKEY
Data 3
Data 3
Trailer
Trailer
0x80001544
SA_AUTHIV
0x80001F00
0x80001564
SA_ENCIV
0x80001400
Buffer
Descriptor n
DS60001246B-page 49-34
Header
0x80002F00
Header
Data n
Data n
Trailer
Trailer
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
49.5.2.1
DATA BLOCK HEADER AND TRAILER
For some applications, each data block may have header and/or trailer information that should
not be processed by the Crypto Engine, but should be passed through without alteration. The
CEHDLEN and CETRLLEN registers determine the length of the header and trailer. Setting each
register reserves up to 255 bytes.
49.5.2.2
CREATING THE SECURITY ASSOCIATION
The Security Association describes to the Crypto Engine how to run the engine for the given
block, and what security keys and Initialization Vectors (IV) to use. At a minimum, the Security
Association must contain the following information:
•
•
•
•
•
•
•
The algorithm to use (HMAC, SHA256, SHA1, MD5, AES, TDES, DES)
Whether to load the Initialization Vector (IV)
The direction of flow (incoming or outgoing)
Encryption or decryption
Key size
Multi-task options
Mode of operation (only applies to certain algorithms)
An example for creating and setting up a Security Association is shown in Example 49-3.
Example 49-3:
Setting Up a Security Association
securityAssociation enc_sa __attribute__((aligned (8)));
securityAssociation dec_sa __attribute__((aligned (8)));
memset((void *)&enc_sa, 0, sizeof(enc_sa));
memset((void *)&dec_sa, 0, sizeof(dec_sa));
/* Set up the Security Association */
enc_sa.SA_CTRL.ALGO = 0b0000010; /* TDES */
enc_sa.SA_CTRL.LNC = 1;
enc_sa.SA_CTRL.LOADIV = 1;
enc_sa.SA_CTRL.FB = 1;
enc_sa.SA_CTRL.ENCTYPE = 1; /* Encryption */
enc_sa.SA_CTRL.CRYPTOALGO = 0b0101; /* TCBC */
dec_sa.SA_CTRL.ALGO = 0b0000010; /* TDES */
dec_sa.SA_CTRL.LNC = 1;
dec_sa.SA_CTRL.LOADIV = 1;
dec_sa.SA_CTRL.FB = 1;
dec_sa.SA_CTRL.ENCTYPE = 0; /* Decryption */
dec_sa.SA_CTRL.CRYPTOALGO = 0b0101; /* TCBC */
49
Crypto Engine and
Random Number
Generator (RNG)
/* Load the encryption keys */
enc_sa.SA_ENCKEY[2] = 0x01234567;
enc_sa.SA_ENCKEY[3] = 0x89abcdef;
enc_sa.SA_ENCKEY[4] = 0xfedeba98;
enc_sa.SA_ENCKEY[5] = 0x76543210;
enc_sa.SA_ENCKEY[6] = 0x89abcdef;
enc_sa.SA_ENCKEY[7] = 0x01234567;
dec_sa.SA_ENCKEY[2]
dec_sa.SA_ENCKEY[3]
dec_sa.SA_ENCKEY[4]
dec_sa.SA_ENCKEY[5]
dec_sa.SA_ENCKEY[6]
dec_sa.SA_ENCKEY[7]
=
=
=
=
=
=
0x01234567;
0x89abcdef;
0xfedeba98;
0x76543210;
0x89abcdef;
0x01234567;
/* Load the initialization vector (IV) */
enc_sa.SA_ENCIV[2] = 0x12345678;
enc_sa.SA_ENCIV[3] = 0x90abcdef;
dec_sa.SA_ENCIV[2] = 0x12345678;
dec_sa.SA_ENCIV[3] = 0x90abcdef;
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-35
PIC32 Family Reference Manual
49.5.2.3
SECURITY ASSOCIATION ENCRYPTION KEY AND IV DATA
ALIGNMENT
When copying the key and initialization vectors into the security association, the position of each
vector is important to generate the correct results.
Figure 49-17 through Figure 49-21 illustrate how the alignment of each is to be affected for all of
the available hardware encryption algorithms. Note that all of the Keys and IVs in the Security
Association must be in Big-Endian order.
Figure 49-17: Key and IV Layout in Security Association for AES (128-bit Key)
Byte 3
Byte 2
Byte 1
Byte 0
SA_ENCKEY1
Byte 3
Byte 2
Unused(1)
Byte 1
Byte 0
SA_ENCIV1
0
1
2
3
SA_ENCKEY2
Unused(1)
SA_ENCIV2
4
5
6
7
SA_ENCKEY3
Unused
(1)
SA_ENCIV3
8
9
10
11
SA_ENCKEY4
Unused(1)
SA_ENCIV4
12
13
14
15
SA_ENCKEY5
0
1
2
3
SA_ENCIV5
Unused(1)
SA_ENCKEY6
4
5
6
7
SA_ENCIV6
Unused(1)
SA_ENCKEY7
8
9
10
11
SA_ENCIV7
Unused(1)
SA_ENCKEY8
12
13
14
15
SA_ENCIV8
Unused(1)
Note 1:
2:
Unused bytes should be cleared to ‘0’.
All 32-bit words are in Big-Endian order.
Figure 49-18: Key and IV Layout in Security Association for AES (192-bit Key)
Byte 3
Byte 2
Byte 1
Byte 0
SA_ENCKEY1
Byte 3
Byte 2
Unused(1)
Byte 1
Byte 0
SA_ENCIV1
0
1
2
3
SA_ENCKEY2
Unused(1)
SA_ENCIV2
4
5
6
7
3
SA_ENCIV3
8
9
10
11
12
13
14
15
SA_ENCKEY3
0
1
SA_ENCKEY4
4
5
6
7
SA_ENCIV4
SA_ENCKEY5
8
9
10
11
SA_ENCIV5
Unused(1)
SA_ENCKEY6
12
13
14
15
SA_ENCIV6
Unused(1)
SA_ENCKEY7
16
17
18
19
SA_ENCIV7
Unused(1)
SA_ENCKEY8
20
21
22
23
SA_ENCIV8
Unused(1)
Note 1:
2:
2
Unused bytes should be cleared to ‘0’.
All 32-bit words are in Big-Endian order.
Figure 49-19: Key and IV Layout in Security Association for AES (256-bit Key)
SA_ENCKEY1
Byte 3
Byte 2
Byte 1
Byte 0
0
1
2
3
SA_ENCIV1
Byte 3
Byte 2
Byte 1
Byte 0
0
1
2
3
SA_ENCKEY2
4
5
6
7
SA_ENCIV2
4
5
6
7
SA_ENCKEY3
8
9
10
11
SA_ENCIV3
8
9
10
11
SA_ENCKEY4
12
13
14
15
SA_ENCIV4
12
13
14
15
SA_ENCKEY5
16
17
18
19
SA_ENCIV5
Unused(1)
SA_ENCKEY6
20
21
22
23
SA_ENCIV6
Unused(1)
SA_ENCKEY7
24
25
26
27
SA_ENCIV7
Unused(1)
SA_ENCKEY8
28
29
30
31
SA_ENCIV8
Unused(1)
Note 1:
2:
Unused bytes should be cleared to ‘0’.
All 32-bit words are in Big-Endian order.
DS60001246B-page 49-36
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
Figure 49-20: Key and IV Layout in Security Association for Triple-DES
Byte 3
Byte 2
Byte 1
Byte 0
Byte 3
Byte 2
Byte 1
SA_ENCKEY1
Unused(1)
SA_ENCIV1
Unused(1)
SA_ENCKEY2
Unused(1)
SA_ENCIV2
Unused(1)
SA_ENCKEY3
0
1
2
3
SA_ENCIV3
0
1
4
5
2
3
6
7
Byte 1
Byte 0
SA_ENCKEY4
4
5
6
7
SA_ENCIV4
SA_ENCKEY5
8
9
10
11
SA_ENCIV5
Unused(1)
SA_ENCKEY6
12
13
14
15
SA_ENCIV6
Unused(1)
SA_ENCKEY7
16
17
18
19
SA_ENCIV7
Unused(1)
SA_ENCKEY8
20
21
22
23
SA_ENCIV8
Unused(1)
Note 1:
2:
Byte 0
Unused bytes should be cleared to ‘0’.
All 32-bit words are in Big-Endian order.
Figure 49-21: Key and IV Layout in Security Association for DES
Byte 3
Byte 2
Byte 1
Byte 0
Byte 3
Byte 2
SA_ENCKEY1
Unused
(1)
(1)
SA_ENCIV1
Unused
SA_ENCKEY2
Unused(1)
SA_ENCIV2
Unused(1)
SA_ENCKEY3
Unused(1)
SA_ENCIV3
0
1
2
3
SA_ENCKEY4
Unused(1)
SA_ENCIV4
4
5
6
7
SA_ENCKEY5
Unused
(1)
SA_ENCIV5
Unused(1)
SA_ENCKEY6
Unused(1)
SA_ENCIV6
Unused(1)
SA_ENCKEY7
0
1
2
3
SA_ENCIV7
Unused(1)
SA_ENCKEY8
4
5
6
7
SA_ENCIV8
Unused(1)
Note 1:
2:
Unused bytes should be cleared to ‘0’.
All 32-bit words are in Big-Endian order.
49.5.2.4
CREATING THE BUFFER DESCRIPTOR
For each block of data that needs to be processed, the Buffer Descriptor tells the Crypto Engine
how to process the data. At a minimum, the Buffer Descriptor must include the following
information:
The address of the Security Association (BD_SA_ADDR)
The address of the source data to process (BD_SRCADDR)
The address of the destination data after processing (BD_DSTADDR)
The address of the next Buffer Descriptor (BD_NXTPTR)
The address of the place to store updates for hash algorithms (BD_UPDADDR)
The total message length in bytes (MSG_LENGTH)
An example of creating and setting up a series of Buffer Descriptors is shown in Example 49-4.
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-37
49
Crypto Engine and
Random Number
Generator (RNG)
•
•
•
•
•
•
PIC32 Family Reference Manual
Example 49-4:
Setting Up Buffer Descriptors
/*
vector is the source data for the encryption phase.
cipher is the destination for the encryption phase,
and the source data for the decryption phase.
plain is the destination for the decryption phase.
/* Set up the Buffer Descriptor */
enc_bd.BD_CTRL.BUFLEN = sizeof(vector);
enc_bd.BD_CTRL.LIFM = 1;
enc_bd.BD_CTRL.SA_FETCH_EN = 1;
enc_bd.BD_CTRL.LAST_BD = 1;
enc_bd.BD_CTRL.DESC_EN = 1;
dec_bd.BD_CTRL.BUFLEN = sizeof(cipher);
dec_bd.BD_CTRL.LIFM = 1;
dec_bd.BD_CTRL.SA_FETCH_EN = 1;
dec_bd.BD_CTRL.LAST_BD = 1;
dec_bd.BD_CTRL.DESC_EN = 1;
enc_bd.SA_ADDR
enc_bd.SRCADDR
enc_bd.DSTADDR
enc_bd.NXTPTR
enc_bd.MSGLEN
=
=
=
=
=
KVA_TO_PA(&enc_sa);
KVA_TO_PA(vector);
KVA_TO_PA(cipher);
KVA_TO_PA(&dec_bd);
sizeof(vector);
dec_bd.SA_ADDR
dec_bd.SRCADDR
dec_bd.DSTADDR
dec_bd.MSGLEN
=
=
=
=
KVA_TO_PA(&dec_sa);
KVA_TO_PA(cipher);
KVA_TO_PA(plain);
sizeof(cipher);
49.5.2.5
STARTING THE BUFFER DESCRIPTOR PROCESSOR
When the Security Associations and Buffer Descriptors have been set up, starting the BDP is
done as follows:
1.
2.
3.
Tell the engine the address of the first Buffer Descriptor.
Selecting the interrupts to enable.
Turning on the Crypto DMA engine.
An example of starting the processing is shown in Example 49-5.
Example 49-5:
Setting Up the Crypto Engine to Process Buffer Descriptors
CEBDPADDR = KVA_TO_PA(&enc_bd);
CEINTEN = 0x07;
CECON = 0x07;
DS60001246B-page 49-38
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
49.5.3
Crypto Engine Operation Guidelines
The following guidelines are used to ensure proper configuration and operation of the Crypto
Engine.
Note:
To avoid cache coherency problems on devices with L1 cache, all Buffer
Descriptors and Security Associations must be accessed from KSEG1 or KSEG3
(uncached) segments only.
• Data Alignment
- Security Association structures shall be aligned on a 8-byte boundary. This can be
done with an alignment attribute for the variable, see Example 49-3.
- Buffer Descriptor structures shall be aligned on a 8-byte boundary. This can be done
with an alignment attribute for the variable, see Example 49-4.
- The source and destination addresses used in the Buffer Descriptor shall be aligned
on a 32-bit boundary.
• Data Lengths
- The Buffer Length field of each Buffer Descriptor shall be an integral multiple of the
word size of the Crypto algorithm used. Data blocks should be expanded to meet the
required size and filled with zeros to avoid corruption. The word sizes for each
algorithm are listed in Table 49-5.
Table 49-5:
Encryption Algorithm Word Sizes
Algorithm
Word Size
AES
16 Bytes
TDES
24 Bytes
DES
8 Bytes
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-39
49
Crypto Engine and
Random Number
Generator (RNG)
- The total length of the data across multiple buffer descriptors shall be an integral multiple of the word size of the Crypto algorithm used. The word sizes for each algorithm
are listed in Table 49-5.
- For the hashing algorithms (MD5, SHA1, SHA256) the packet length shall be a
minimum of 64 bytes
- If the input data length does not match the above guidelines, it should be zero-padded
to make it the correct length
• Algorithms, Initialization Vectors (IV)
- IV size is restricted to 96 bits for AES GCM
- The fourth word (LSB 32-bit) of Encryption IV for AES GCM shall be 1
- When encryption is used in parallel with authentication, HMAC shall be used
- HMAC shall be used in combination with one of the authentication engines
(MD5/SHA1/SHA256)
PIC32 Family Reference Manual
49.6
CRYPTO ENGINE INTERRUPTS
The PIC32 device can generate interrupts reflecting the events that occur during the Crypto
Engine's operation. Each of the Crypto Engine interrupt events has a corresponding interrupt
enable bit in the CEINTEN register, which must be set for an interrupt to be generated. However,
regardless of the value of the CEINTEN register, the status of all interrupt events is directly
readable via the CEINTSRC register. Therefore, the software has visibility of an event generating
a potential interrupt by polling the register and not having an interrupt propagate out of the
module.
To clear an interrupt, the software must write a '1' to both the particular interrupt and the PENDIF
bits in the CEINTSRC register.
Following is a description of the interrupt events generated by the Crypto Engine:
• Access Response error interrupt, signaled by the AREIF bit (CEINTSRC<3>) and enabled
using the AREIE bit (CEINTEN<3>). This event occurs when the Crypto Engine DMA
encounters a bus error during a memory access and is caused by an addressing error. For
example, if the Crypto Engine attempts to access reserved memory, or memory that has
been protected from access by the Crypto Engine, this interrupt will be generated. Recovering from this error requires a soft reset of the Crypto Engine using the SWRST bit
(CECON<6>).
• DMA Packet Completion interrupt, signaled by the PKTIF bit (CEINTSRC<2>) and enabled
using the PKTIE bit (CEINTEN<2>). This event occurs when the Crypto Engine has
completed transferring memory.
• Buffer Descriptor Processing interrupt, signaled by the CBDIF bit (CEINTSRC<1>) and
enabled using the CBDIE bit (CEINTEN<1>). This event occurs when the Crypto Engine
has completed processing a Buffer Descriptor.
• Pending interrupt, signaled by the PENDIF bit (CEINTSRC<0>) and enabled using the
PENDIE bit (CEINTEN<0>). This is a global interrupt, combining the values of the other
interrupt sources. This bit must be enabled in addition to the other interrupt sources in order
to generate interrupts from the Crypto Engine.
All interrupts belonging to the Crypto Engine map to the Crypto Engine interrupt vector.
The corresponding Crypto Engine interrupt flag is CRPTIF (IFS3<11>). This interrupt flag must
be cleared in software once the cause generating the interrupt is processed.
The Crypto Engine is enabled as a source of interrupts via the respective Crypto Engine interrupt
enable bit, CRPTIE (IEC3<11>).
The interrupt priority-level bits and interrupt sub-priority-level bits must also be configured:
• CRPTIP<2:0> (IPC26<28:26>)
• CRPTIS<1:0> (IPC26<25:24>)
The interrupt service routine that is to be used when a Crypto Engine interrupt is generated is
configured via the VOFF107<17:1> bits (OFF107<17:1>).
Note:
49.6.1
Refer to Section 8. “Interrupts” (DS60001108) in the “PIC32 Family Reference
Manual” for detailed descriptions of the IFSx, IECx, IPCx, and OFFx register
interrupt bits.
Interrupt Configuration
The Crypto Engine has multiple internal interrupt flags (AREIF, PKTIF, CBDIF, PENDIF) and
corresponding enable interrupt control bits (AREIE, PKTIE, CBDIE, PENDIE). However, for the
Interrupt Controller, there is one dedicated interrupt flag bit for the Crypto Engine: CRPTIF
(IFS3<11>) and the corresponding interrupt enable/mask bit, CRPTIE (IEC3<11>).
Note:
All of the interrupt conditions for the Crypto Engine share one interrupt vector.
The Crypto Engine has its own priority and sub-priority levels independent of other peripherals.
The CRPTIF bit will be set without regard to the state of the corresponding enable bit, CRPTIE.
The CRPTIF bit can be polled by software if desired.
DS60001246B-page 49-40
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
The CRPTIE bit is used to define the behavior of the Interrupt Controller when the corresponding
CRPTIF bit is set. When the corresponding CRPTIE bit is clear, the Interrupt Controller does not
generate a CPU interrupt for the event. If the CRPTIE bit is set, the Interrupt Controller will
generate an interrupt to the CPU when the CRPTIF bit is set (subject to the priority and
sub-priority as follows).
It is the responsibility of the user's software routine that services a particular interrupt to clear the
interrupt flag bit before the service routine is complete.
The priority of the Crypto Engine interrupt can be set using the IPC26 register of the Interrupt
Controller. This priority defines the priority group to which the interrupt source will be assigned.
The priority groups range from a value of 7 (the highest priority) to a value of 0, which does not
generate an interrupt. An interrupt being serviced will be preempted by an interrupt in a higher
priority group.
The sub-priority bits allow setting the priority of an interrupt source within a priority group. The
values for the sub-priority range from 3 (the highest priority) to 0 (the lowest priority). An interrupt
with the same priority group, but having a higher sub-priority value, will not pre-empt a lower
sub-priority interrupt that is in progress. Rather, if two interrupts in the same priority group are
pending, the one with the higher sub-priority value will be serviced first.
The priority group and sub-priority bits allow more than one interrupt source to share the same
priority and sub-priority. If simultaneous interrupts occur in this configuration, the natural order of
the interrupt sources within a priority/sub-priority group pair determine the interrupt generated.
The natural priority is based on the vector numbers of the interrupt sources. The lower the vector
number, the higher the natural priority of the interrupt. Any interrupts that were overridden by
natural order will then generate their respective interrupts based on priority, sub-priority and
natural order after the interrupt flag for the current interrupt is cleared.
After an enabled interrupt is generated, the CPU will jump to the vector assigned to that interrupt.
The vector number for the interrupt is the same as the natural order number. The CPU will then
begin executing code at the vector address. The user's code at this vector address should
perform any application-specific operations and clear the CRPTIF interrupt flags (as well as the
corresponding event in the CEINTSRC register if a software clearable interrupt) and then exit.
Refer to the vector address table details in Section 8. “Interrupts” (DS60001108) in the “PIC32
Family Reference Manual” for more information.
Example 49-6:
Crypto Engine Initialization with Interrupts Enabled Code
49
© 2013-2015 Microchip Technology Inc.
Crypto Engine and
Random Number
Generator (RNG)
/* Start the engine */
CEBDPADDR = KVA_TO_PA(&enc_bd);
CEINTEN = 0x07;
CECON = 0x07;
DS60001246B-page 49-41
PIC32 Family Reference Manual
49.7
RANDOM NUMBER GENERATOR OPERATION
The Random Number Generator (RNG) core implements a thermal noise-based True Random
Number Generator (TRNG) and a cryptographically secure Pseudo-Random Number Generator
(PRNG).
The TRNG uses multiple ring oscillators and the inherent thermal noise of integrated circuits to
generate true random numbers that can initialize the PRNG.
The PRNG is a flexible Linear Shift Feedback Register (LSFR), which is capable of manifesting
a maximal length LFSR of up to 64 bits.
49.7.1
TRNG Usage
Enabling the TRNG for operation is done using the TRNGEN bit (RNGCON<8>). Setting this bit
starts the TRNG generating numbers.
The random numbers are read through the RNGSEED1 and RNGSEED2 registers. This
provides up to a 64-bit wide number for use. The number of valid bits in the registers are indicated
in the RNGCNT register. It is recommended to wait until the value in that register equals or
exceeds the number of bits desired before reading the value.
49.7.2
PRNG Usage
Before starting the PRNG, it is necessary to set up the initial seed value, set the length of the
polynomial, and the polynomial equation.
The initial seed value is set by writing to the RNGNUMGEN1 and RNGNUMGEN2 registers,
which are also the registers where the random value are read.
The initial seed value can also be loaded from the TRNG by writing a '1' to the LOAD bit
(RNGCON<12>). This action transfers the current value in the RNGSEEDx registers to the
corresponding RNGNUMGENx registers.
The polynomial length for the LSFR is set by writing the length (in bits) to the PLEN<7:0> bits
(RNGCON<7:0>). Since the polynomial can be a maximum of 64 bits, the maximum value for
this register would be 64. However, the actual length needed will depend on the needs of the
application and the degree of pseudo-randomness needed.
The polynomial equation itself is set via the RNGPOLYx registers. Setting a bit in these registers
turns on the corresponding tap for the generation of the random numbers.
Enabling the PRNG for operation is done by writing a '1' to the PRNGEN bit (RNGCON<9>).
The following example sets the PRNG for a 42-bit maximal-length polynomial with the equation,
x42 + x41 + x20 + x19 + 1, initializes the random number with a set value, and turns on the PRNG.
Example 49-7:
PRNG Configuration
RNGPOLY1 = 0x00C00003;
RNGPOLY2 = 0x00000000;
RNGNUMGEN1 = 0x090a0b0c;
RNGNUMGEN2 = 0x0d0e0f10;
RNGCON.PLEN = 42;
RNGCON.CONT = 1;
Once the PRNG has been turned on, it is necessary to wait PLEN cycles before reading the
RNGNUMGENx registers. Reading the RNGNUMGENx registers will trigger the generation of
the next random number, which will take PLEN clock cycles to complete. Optionally, a new
random number can be generated every PLEN clock cycles by setting the CONT bit
(RNGCON<10>).
DS60001246B-page 49-42
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
49.8
RANDOM NUMBER GENERATOR INTERRUPTS
The RNG does not generate interrupts in PIC32 devices.
49.9
EFFECTS OF VARIOUS RESETS
49.9.1
Device Reset
All Crypto Engine and RNG registers are forced to their reset states upon a device Reset. For
the Crypto Engine, and any on-going data transfers are aborted. For the RNG, the TRNG and
PRNG halt their operations.
49.9.2
Power-on Reset
All Crypto Engine and RNG registers are forced to their reset states upon a Power-on Reset.
49.9.3
NMI Reset
All Crypto Engine and RNG registers are forced to their reset states if the NMI countdown lapses
and a full reset is issued.
49.10
OPERATION IN POWER-SAVING MODES
49.10.1 Crypto Engine Operation in Sleep Mode
When the PIC32 device enters Sleep mode, the system clock is disabled. No Crypto Engine
transfers can occur in this mode. All clocks are stopped, so no further Crypto Engine activity can
take place. Software is responsible for determining if a Crypto Engine operation is in progress
and whether to prevent going to Sleep mode until such actions are finished.
49.10.2 Crypto Engine Operation in Idle Mode
When the device enters Idle mode, the system and peripheral bus clock sources remain
functional. The Crypto Engine will continue to operate in Idle mode, can continue operations, and
can generate interrupts that will wake the CPU.
49.10.3 Random Number Generator Operation in Sleep Mode
49.10.4 Random Number Generator Operation in Idle Mode
When the device enters Idle mode, the system and peripheral bus clock sources remain
functional. The PRNG will continue to generate random numbers if the CONT bit was set. The
TRNG will continue generating random numbers. The RNG cannot generate interrupts, and
therefore it cannot wake the CPU.
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-43
49
Crypto Engine and
Random Number
Generator (RNG)
When the PIC32 device enters Sleep mode, the system clock is disabled. The PRNG halts
generating random numbers if the CONT bit was set. The state of the RNG registers is
preserved, so random numbers can continue from their stopping point when Sleep mode was
entered. The TRNG may continue generating random numbers, since it is dependent on ring
oscillators that do not depend on the system clock. However, the random numbers may not be
clocked into the RNGSEEDx registers.
PIC32 Family Reference Manual
49.11
RELATED APPLICATION NOTES
This section lists application notes that are related to this section of the manual. These
application notes may not be written specifically for the PIC32 device family, but the concepts are
pertinent and could be used with modification and possible limitations. The current application
notes related to the Crypto Engine and Random Number Generator (RNG) are:
Title
Application Note #
No related application notes at this time.
Note:
DS60001246B-page 49-44
N/A
Please visit the Microchip web site (www.microchip.com) for additional application
notes and code examples for the PIC32 family of devices.
© 2013-2015 Microchip Technology Inc.
Section 49. Crypto Engine and Random Number Generator (RNG)
49.12
REVISION HISTORY
Revision A (November 2013)
This is the initial released version of this document.
Revision A (May 2015)
This revision includes the following updates:
• The Swap Output Data Enable bit (SWAPOEN) was added (see Table 49-1 and
Register 49-2)
• The Crypto Engine Buffer Descriptors were updated (see Table 49-3)
• The ‘111’ and ‘110’ bit value definitions for the MULTITASK<2:0> bits were updated (see
Figure 49-11)
• 49.5.2.3 “Security Association Encryption Key and IV Data Alignment” was added
• Additional minor updates to text and formatting were incorporated throughout the document
49
Crypto Engine and
Random Number
Generator (RNG)
© 2013-2015 Microchip Technology Inc.
DS60001246B-page 49-45
PIC32 Family Reference Manual
NOTES:
DS60001246B-page 49-46
© 2013-2015 Microchip Technology Inc.
Note the following details of the code protection feature on Microchip devices:
•
Microchip products meet the specification contained in their particular Microchip Data Sheet.
•
Microchip believes that its family of products is one of the most secure families of its kind on the market today, when used in the
intended manner and under normal conditions.
•
There are dishonest and possibly illegal methods used to breach the code protection feature. All of these methods, to our
knowledge, require using the Microchip products in a manner outside the operating specifications contained in Microchip’s Data
Sheets. Most likely, the person doing so is engaged in theft of intellectual property.
•
Microchip is willing to work with the customer who is concerned about the integrity of their code.
•
Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code. Code protection does not
mean that we are guaranteeing the product as “unbreakable.”
Code protection is constantly evolving. We at Microchip are committed to continuously improving the code protection features of our
products. Attempts to break Microchip’s code protection feature may be a violation of the Digital Millennium Copyright Act. If such acts
allow unauthorized access to your software or other copyrighted work, you may have a right to sue for relief under that Act.
Information contained in this publication regarding device
applications and the like is provided only for your convenience
and may be superseded by updates. It is your responsibility to
ensure that your application meets with your specifications.
MICROCHIP MAKES NO REPRESENTATIONS OR
WARRANTIES OF ANY KIND WHETHER EXPRESS OR
IMPLIED, WRITTEN OR ORAL, STATUTORY OR
OTHERWISE, RELATED TO THE INFORMATION,
INCLUDING BUT NOT LIMITED TO ITS CONDITION,
QUALITY, PERFORMANCE, MERCHANTABILITY OR
FITNESS FOR PURPOSE. Microchip disclaims all liability
arising from this information and its use. Use of Microchip
devices in life support and/or safety applications is entirely at
the buyer’s risk, and the buyer agrees to defend, indemnify and
hold harmless Microchip from any and all damages, claims,
suits, or expenses resulting from such use. No licenses are
conveyed, implicitly or otherwise, under any Microchip
intellectual property rights.
Trademarks
The Microchip name and logo, the Microchip logo, dsPIC,
FlashFlex, flexPWR, JukeBlox, KEELOQ, KEELOQ logo, Kleer,
LANCheck, MediaLB, MOST, MOST logo, MPLAB,
OptoLyzer, PIC, PICSTART, PIC32 logo, RightTouch, SpyNIC,
SST, SST Logo, SuperFlash and UNI/O are registered
trademarks of Microchip Technology Incorporated in the
U.S.A. and other countries.
The Embedded Control Solutions Company and mTouch are
registered trademarks of Microchip Technology Incorporated
in the U.S.A.
Analog-for-the-Digital Age, BodyCom, chipKIT, chipKIT logo,
CodeGuard, dsPICDEM, dsPICDEM.net, ECAN, In-Circuit
Serial Programming, ICSP, Inter-Chip Connectivity, KleerNet,
KleerNet logo, MiWi, MPASM, MPF, MPLAB Certified logo,
MPLIB, MPLINK, MultiTRAK, NetDetach, Omniscient Code
Generation, PICDEM, PICDEM.net, PICkit, PICtail,
RightTouch logo, REAL ICE, SQI, Serial Quad I/O, Total
Endurance, TSHARC, USBCheck, VariSense, ViewSpan,
WiperLock, Wireless DNA, and ZENA are trademarks of
Microchip Technology Incorporated in the U.S.A. and other
countries.
SQTP is a service mark of Microchip Technology Incorporated
in the U.S.A.
Silicon Storage Technology is a registered trademark of
Microchip Technology Inc. in other countries.
GestIC is a registered trademarks of Microchip Technology
Germany II GmbH & Co. KG, a subsidiary of Microchip
Technology Inc., in other countries.
All other trademarks mentioned herein are property of their
respective companies.
© 2013-2015, Microchip Technology Incorporated, Printed in
the U.S.A., All Rights Reserved.
ISBN: 978-1-63277-420-0
QUALITY MANAGEMENT SYSTEM
CERTIFIED BY DNV
== ISO/TS 16949 ==
 2013-2015 Microchip Technology Inc.
Microchip received ISO/TS-16949:2009 certification for its worldwide
headquarters, design and wafer fabrication facilities in Chandler and
Tempe, Arizona; Gresham, Oregon and design centers in California
and India. The Company’s quality system processes and procedures
are for its PIC® MCUs and dsPIC® DSCs, KEELOQ® code hopping
devices, Serial EEPROMs, microperipherals, nonvolatile memory and
analog products. In addition, Microchip’s quality system for the design
and manufacture of development systems is ISO 9001:2000 certified.
DS60001246B-page 49-47
Worldwide Sales and Service
AMERICAS
ASIA/PACIFIC
ASIA/PACIFIC
EUROPE
Corporate Office
2355 West Chandler Blvd.
Chandler, AZ 85224-6199
Tel: 480-792-7200
Fax: 480-792-7277
Technical Support:
http://www.microchip.com/
support
Web Address:
www.microchip.com
Asia Pacific Office
Suites 3707-14, 37th Floor
Tower 6, The Gateway
Harbour City, Kowloon
Hong Kong
Tel: 852-2943-5100
Fax: 852-2401-3431
China - Xiamen
Tel: 86-592-2388138
Fax: 86-592-2388130
China - Zhuhai
Tel: 86-756-3210040
Fax: 86-756-3210049
Austria - Wels
Tel: 43-7242-2244-39
Fax: 43-7242-2244-393
Denmark - Copenhagen
Tel: 45-4450-2828
Fax: 45-4485-2829
India - Bangalore
Tel: 91-80-3090-4444
Fax: 91-80-3090-4123
France - Paris
Tel: 33-1-69-53-63-20
Fax: 33-1-69-30-90-79
India - New Delhi
Tel: 91-11-4160-8631
Fax: 91-11-4160-8632
Germany - Dusseldorf
Tel: 49-2129-3766400
Atlanta
Duluth, GA
Tel: 678-957-9614
Fax: 678-957-1455
Austin, TX
Tel: 512-257-3370
Boston
Westborough, MA
Tel: 774-760-0087
Fax: 774-760-0088
Chicago
Itasca, IL
Tel: 630-285-0071
Fax: 630-285-0075
Cleveland
Independence, OH
Tel: 216-447-0464
Fax: 216-447-0643
Australia - Sydney
Tel: 61-2-9868-6733
Fax: 61-2-9868-6755
China - Beijing
Tel: 86-10-8569-7000
Fax: 86-10-8528-2104
China - Chengdu
Tel: 86-28-8665-5511
Fax: 86-28-8665-7889
China - Chongqing
Tel: 86-23-8980-9588
Fax: 86-23-8980-9500
China - Dongguan
Tel: 86-769-8702-9880
China - Hangzhou
Tel: 86-571-8792-8115
Fax: 86-571-8792-8116
Germany - Munich
Tel: 49-89-627-144-0
Fax: 49-89-627-144-44
India - Pune
Tel: 91-20-3019-1500
Germany - Pforzheim
Tel: 49-7231-424750
Japan - Osaka
Tel: 81-6-6152-7160
Fax: 81-6-6152-9310
Italy - Milan
Tel: 39-0331-742611
Fax: 39-0331-466781
Japan - Tokyo
Tel: 81-3-6880- 3770
Fax: 81-3-6880-3771
Italy - Venice
Tel: 39-049-7625286
Korea - Daegu
Tel: 82-53-744-4301
Fax: 82-53-744-4302
Netherlands - Drunen
Tel: 31-416-690399
Fax: 31-416-690340
China - Hong Kong SAR
Tel: 852-2943-5100
Fax: 852-2401-3431
Korea - Seoul
Tel: 82-2-554-7200
Fax: 82-2-558-5932 or
82-2-558-5934
China - Nanjing
Tel: 86-25-8473-2460
Fax: 86-25-8473-2470
Malaysia - Kuala Lumpur
Tel: 60-3-6201-9857
Fax: 60-3-6201-9859
Detroit
Novi, MI
Tel: 248-848-4000
China - Qingdao
Tel: 86-532-8502-7355
Fax: 86-532-8502-7205
Malaysia - Penang
Tel: 60-4-227-8870
Fax: 60-4-227-4068
Houston, TX
Tel: 281-894-5983
China - Shanghai
Tel: 86-21-5407-5533
Fax: 86-21-5407-5066
Philippines - Manila
Tel: 63-2-634-9065
Fax: 63-2-634-9069
China - Shenyang
Tel: 86-24-2334-2829
Fax: 86-24-2334-2393
Singapore
Tel: 65-6334-8870
Fax: 65-6334-8850
China - Shenzhen
Tel: 86-755-8864-2200
Fax: 86-755-8203-1760
Taiwan - Hsin Chu
Tel: 886-3-5778-366
Fax: 886-3-5770-955
China - Wuhan
Tel: 86-27-5980-5300
Fax: 86-27-5980-5118
Taiwan - Kaohsiung
Tel: 886-7-213-7828
Dallas
Addison, TX
Tel: 972-818-7423
Fax: 972-818-2924
Indianapolis
Noblesville, IN
Tel: 317-773-8323
Fax: 317-773-5453
Los Angeles
Mission Viejo, CA
Tel: 949-462-9523
Fax: 949-462-9608
New York, NY
Tel: 631-435-6000
San Jose, CA
Tel: 408-735-9110
Canada - Toronto
Tel: 905-673-0699
Fax: 905-673-6509
China - Xian
Tel: 86-29-8833-7252
Fax: 86-29-8833-7256
Poland - Warsaw
Tel: 48-22-3325737
Spain - Madrid
Tel: 34-91-708-08-90
Fax: 34-91-708-08-91
Sweden - Stockholm
Tel: 46-8-5090-4654
UK - Wokingham
Tel: 44-118-921-5800
Fax: 44-118-921-5820
Taiwan - Taipei
Tel: 886-2-2508-8600
Fax: 886-2-2508-0102
Thailand - Bangkok
Tel: 66-2-694-1351
Fax: 66-2-694-1350
01/27/15
DS60001246B-page 49-48
 2013-2015 Microchip Technology Inc.