Section 49. Crypto Engine and Random Number Generator (RNG) HIGHLIGHTS This section of the manual contains the following major topics: 49.1 Introduction .................................................................................................................. 49-2 49.2 Control Registers ......................................................................................................... 49-4 49.3 Crypto Engine Buffer Descriptors .............................................................................. 49-22 49.4 Crypto Engine Security Association Structure ........................................................... 49-26 49.5 Crypto Engine Operation ........................................................................................... 49-33 49.6 Crypto Engine Interrupts ............................................................................................ 49-40 49.7 Random Number Generator Operation...................................................................... 49-42 49.8 Random Number Generator Interrupts ...................................................................... 49-43 49.9 Effects of Various Resets ........................................................................................... 49-43 49.10 Operation in Power-Saving Modes ............................................................................ 49-43 49.11 Related Application Notes.......................................................................................... 49-44 49.12 Revision History ......................................................................................................... 49-45 49 Crypto Engine and Random Number Generator (RNG) © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-1 PIC32 Family Reference Manual Note: This family reference manual section is meant to serve as a complement to device data sheets. Depending on the device variant, this manual section may not apply to all PIC32 devices. Please consult the note at the beginning of the “Crypto Engine and Random Number Generator (RNG)” chapter in the current device data sheet to check whether this document supports the device you are using. Device data sheets and family reference manual sections are available for download from the Microchip Worldwide Web site at: http://www.microchip.com 49.1 INTRODUCTION 49.1.1 Crypto Engine Features The Crypto Engine is intended to accelerate applications that need cryptographic functions. By executing these functions in the hardware module, software overhead is reduced, and actions such as encryption, decryption, and authentication can execute much more quickly. The Crypto Engine uses a descriptor-based DMA for efficient programming of the security association data and packet pointers (allowing scatter/gather data fetching). An intelligent state machine schedules the Crypto Engine based on the protocol selection and packet boundaries. The hardware engines can perform the encryption and authentication in sequence or in parallel. Key features of the Crypto Engine include: priority • Bulk ciphers and hash engines • Integrated DMA to off-load processing: - Buffer descriptor-based - Security Association per Buffer Descriptor • Some functions can execute in parallel Bulk ciphers that are handled by the Crypto Engine include: • AES: - 128-bit, 192-bit, and 256-bit key sizes - CBC, ECB, CTR, CFB, and OFB modes • DES/TDES: - CBC, ECB, CFB, and OFB modes Authentication engines that are available through the Crypto Engine include: SHA-1 SHA-256 MD-5 AES-GCM HMAC operation (for all authentication engines) Figure 49-1: System Bus SFR System Bus DS60001246B-page 49-2 Crypto Engine Block Diagram INB FIFO Packet RD DMA Controller Crypto FSM OUTB FIFO Packet WR AES Local Bus • • • • • TDES SHA-1/256 MD5 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) 49.1.2 Random Number Generator (RNG) Features The Random Number Generator (RNG) core implements a thermal noise-based, True Random Number Generator (TRNG) and a cryptographically secure Pseudo-Random Number Generator (PRNG). The TRNG uses multiple ring oscillators and the inherent thermal noise of integrated circuits to generate true random numbers that can initialize the PRNG. The PRNG is a flexible LSFR, which is capable of manifesting a maximal length LFSR of up to 64-bits. The following are some of the key features of the RNG: • TRNG: - Up to 25 Mbps of random bits - Multi-Ring Oscillator-based design - Built in Bias Corrector • PRNG: - LSFR-based - Up to 64-bit polynomial length - Programmable polynomial - TRNG can be seed value Figure 49-2: Random Number Generator Block Diagram System Bus Target SFR PRNG 49 TRNG Crypto Engine and Random Number Generator (RNG) Bias Corrector Edge Comparator Ring Oscillator © 2013-2015 Microchip Technology Inc. Ring Oscillator DS60001246B-page 49-3 PIC32 Family Reference Manual 49.2 CONTROL REGISTERS The Crypto Engine and RNG for PIC32 devices contain the following Special Function Registers (SFRs): • CEVER: Crypto Engine Revision, Version, and ID Register This read-only register contains version information for the Crypto Engine core. • CECON: Crypto Engine Control Register This register controls the Crypto Engine, enabling and disabling DMA and the Buffer Descriptor Processor. • CEBDADDR: Crypto Engine Buffer Descriptor Register This read-only register contains the address of the current Buffer Descriptor the Buffer Descriptor Processor is processing • CEBDPADDR: Crypto Engine Buffer Descriptor Processor Register This register controls the address from which the DMA starts fetching Buffer Descriptors. • CESTAT: Crypto Engine Status Register This read-only register contains the current status of the Crypto Engine. • CEINTSRC: Crypto Engine Interrupt Source Register This register indicates what triggered an interrupt from the Crypto Engine core. Possible sources include DMA, an empty TX Buffer Descriptor, or a DMA packet completion. • CEINTEN: Crypto Engine Interrupt Enable Register This register controls which interrupts are enabled/disabled from the Crypto Engine core. • CEPOLLCON: Crypto Engine Poll Control Register This register controls how long the Buffer Descriptor Processor will wait before refetching a descriptor control word if the previous descriptor fetched was disabled. • CEHDLEN: Crypto Engine Header Length Register This register controls how much data in a packet should be unchanged before filling the data. • CETRLLEN: Crypto Engine Trailer Length Register This register controls how much data should be unchanged at the end of a packet. • CEDTXSTAT: Crypto Engine DTX Debug Status Register This read -only register indicates the status of the outgoing FIFO in the Crypto Engine. • CEDRXSTAT: Crypto Engine DRX Debug Status Register This read-only register indicates the status of the incoming FIFO in the Crypto Engine. • RNGVER: Random Number Generator ID, Version, and Revision Register This register read-only register contains version information for the RNG core. • RNGCON: Random Number Generator Control Register This register controls the RNG, enabling and disabling the TRNG and RNG, transferring the seed value from the TRNG to the PRNG, and enabling continuous pseudo-random number generation. • RNGPOLY1: Random Number Generator Polynomial Register 1 This register controls the Least Significant Byte 32-bits of the polynomial, which generates the pseudo-random bit. • RNGPOLY2: Random Number Generator Polynomial Register 2 This register controls the Most Significant Byte 32-bits of the polynomial which generates the pseudo-random bit. DS60001246B-page 49-4 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) • RNGNUMGEN1: Random Number Generator Pseudo-Random Number Generator Register 1 This register contains the Least Significant Byte 32-bits of the current random number in the PRNG. It may be written to set an initial seed value for the PRNG. • RNGNUMGEN2: Random Number Generator Pseudo-Random Number Generator Register 2 This register contains the Most Significant Byte 32-bits of the current random number in the PRNG. It may be written to set an initial seed value for the PRNG. • RNGSEED1: True Random Number Generator Seed Register 1 This read-only register contains the Least Significant Byte 32-bits of the TRNG. • RNGSEED2: True Random Number Generator Seed Register 2 This read-only register contains the Most Significant Byte 32-bits of the TRNG. • RNGRCNT: True Random Number Generator Count Register This read-only register indicates the number of valid bits in the TRNG registers, RNGSEEDx. To ensure randomness, developers should not use the RNGSEEDx registers until this register reaches the appropriate value for the number of bits desired. 49 Crypto Engine and Random Number Generator (RNG) © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-5 Table 49-1: Crypto Engine SFR Summary Name CEVER Bit 31/15 Bit 30/14 Bit 29/13 31:16 Bit 28/12 Bit 27/11 Bit 26/10 Bit 25/9 CEBDADDR 31:16 — — — — — — — — 15:0 — — — — — — — — 31:16 ERRMODE<2:0> ERROP<2:0> — — SWAPOEN SWRST ERRPHASE<1:0> Bit 17/1 — — Bit 16/0 — — — SWAPEN — — BDPCHST BDPPLEN — DMAEN — — BDSTATE<3:0> START ACTIVE BDCTRL<15:0> 31:16 — — — — — — — — — — — — — — — — 15:0 — — — — — — — — — — — — AREIF PKTIF CBDIF PENDIF 31:16 — — — — — — — — — — — — — — — — 15:0 — — — — — — — — — — — — AREIE PKTIE CBDIE PENDIE — — — — — — — — — — — — — — — — — — — — — — — — — — 15:0 BDPPLCON<15:0> 31:16 — — — — — — — — 15:0 — — — — — — — — 31:16 — — — — — — — — 15:0 — — — — — — — — — — — — — — — — — — — — DTXBLEN<15:12> — — — — — DRXBLEN<15:12> CEDTXSTAT 31:16 © 2013-2015 Microchip Technology Inc. 15:0 CEDRXSTAT 31:16 — HDRLEN<7:0> — — — — — — — = unimplemented, read as ‘0’. — — — — — DTXBLEN<11:0> — TRLRLEN<7:0> DTXBLEN<11:0> 15:0 Legend: Bit 118/2 BASEADDR<15:0> 31:16 CEPOLLCON 31:16 CETRLLEN Bit 19/3 BDPADDR<15:0> 15:0 CEHDLEN Bit 20/4 BASEADDR<31:16> 15:0 CEINTEN Bit 21/5 BDPADDR<31:16> CEBDPADDR 31:16 CEINTSRC Bit 22/6 ID<15:0> 15:0 CESTAT Bit 23/7 VERSION<7:0> 15:0 CECON Bit 24/8 REVISION<7:0> DTXSTATE<3:0> DRXSTATE<3:0> PIC32 Family Reference Manual DS60001246B-page 49-6 Table 49-1 and Table 49-2 provide brief summaries of the related Crypto Engine and RNG registers. Corresponding registers appear after the summary, followed by a detailed description of each bit. Random Number Generator SFR Summary Name RNGVER Bit 31/15 Bit 30/14 Bit 29/13 RNGPOLY1 Bit 27/11 Bit 26/10 Bit 25/9 31:16 Bit 24/8 Bit 23/7 Bit 22/6 Bit 21/5 — — — VERSION<7:0> Bit 19/3 Bit 118/2 Bit 17/1 Bit 16/0 — — — — — — REVISION<7:0> 31:16 — — — — — — 15:0 — — — LOAD — CONT — — PRNGEN TRNGEN 31:16 — — — PLEN<6:0> POLY1<31:16> 15:0 POLY1<15:0> RNGPOLY2 31:16 POLY2<31:16> 15:0 POLY2<15:0> RNG1 31:16 RNG1<31:16> 15:0 RNG1<15:0> RNG2 31:16 RNG2<31:16> 15:0 RNG2<15:0> RNGSEED1 31:16 RDATA1<31:16> 15:0 RDATA1<15:0> RNGSEED2 31:16 RDATA2<31:16> RNGRCNT 31:16 — — — — — — — — — 15:0 — — — — — — — — — 15:0 Legend: Bit 20/4 ID<15:0> 15:0 RNGCON Bit 28/12 RDATA2<15:0> — = unimplemented, read as ‘0’. — — — — RCNT<6:0> DS60001246B-page 49-7 Section 49. Crypto Engine and Random Number Generator (RNG) © 2013-2015 Microchip Technology Inc. Table 49-2: 49 Crypto Engine and Random Number Generator (RNG) PIC32 Family Reference Manual Register 49-1: Bit Range 31:24 23:16 15:8 7:0 CEVER: Crypto Engine Revision, Version, and ID Register Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 R-0 R-0 R-0 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 REVISION<7:0> R-0 R-0 R-0 R-0 R-0 VERSION<7:0> R-0 R-0 R-0 R-0 ID<15:8> R-0 R-0 R-0 R-0 ID<7:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared x = Bit is unknown bit 31-24 REVISION<7:0>: Crypto Engine Revision bits bit 23-16 VERSION<7:0>: Crypto Engine Version bits bit 15-0 ID<15:0>: Crypto Engine Identification bits DS60001246B-page 49-8 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) Register 49-2: Bit Range 31:24 23:16 15:8 7:0 CECON: Crypto Engine Control Register Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — R/W-0 R/W-0 R/W-0 U-0 U-0 R/W-0 R/W-0 R/W-0 SWAPOEN(1) SWRST SWAPEN — — BDPCHST BDPPLEN DMAEN Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared x = Bit is unknown bit 31-8 Unimplemented: Read as ‘0’ SWAPOEN: Output Data Swap Enable bit(1) 1 = Output data is byte swapped when read by dedicated DMA 0 = Output data is not byte swapped when read by dedicated DMA bit 6 SWRST: Software Reset bit 1 = Initiate a software Reset of the Crypto Engine 0 = Normal operation bit 5 SWAPEN: Input Data Swap Enable bit 1 = Input data is byte swapped when read by dedicated DMA 0 = Input data is not byte swapped when read by dedicated DMA bit 4-3 Unimplemented: Read as ‘0’ bit 2 BDPCHST: Buffer Descriptor Processor Fetch Enable bit This bit should be enabled only after all DMA descriptor programming is completed. 1 = Buffer Descriptor Processor descriptor fetch is enabled 0 = Buffer Descriptor Processor descriptor fetch is disabled bit 1 BDPPLEN: Buffer Descriptor Processor Poll Enable bit This bit should be enabled only after all DMA descriptor programming is completed. 1 = Poll for descriptor until valid bit is set 0 = Do not poll bit 0 DMAEN: DMA Enable bit 1 = Crypto Engine DMA is enabled 0 = Crypto Engine DMA is disabled Note 1: 49 This bit is not available on all devices. Refer to the “Crypto Engine and RNG” chapter in the specific device data sheet to determine availability. © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-9 Crypto Engine and Random Number Generator (RNG) bit 7 PIC32 Family Reference Manual Register 49-3: Bit Range CEBDADDR: Crypto Engine Buffer Descriptor Register Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 R-0 R-0 R-0 31:24 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 BDPADDR<31:24> R-0 23:16 R-0 R-0 R-0 R-0 BDPADDR<23:16> R-0 15:8 R-0 R-0 R-0 R-0 BDPADDR<15:8> R-0 7:0 R-0 R-0 R-0 R-0 BDPADDR<7:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared bit 31-0 BDPADDR<31:0>: Current Buffer Descriptor Process Address Status bits These bits contain the current descriptor address that is being processed by the Buffer Descriptor Processor. Register 49-4: Bit Range 31:24 23:16 15:8 7:0 x = Bit is unknown CEBDPADDR: Crypto Engine Buffer Descriptor Processor Register Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 BASEADDR<31:24> R/W-0 R/W-0 BASEADDR<23:16> R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 BASEADDR<15:8> R/W-0 R/W-0 BASEADDR<7:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared bit 31-0 x = Bit is unknown BASEADDR<31:0>: DMA Base Address Status bits These bits contain the base address of the DMA controller. After a reset, a fetch starts from this address. DS60001246B-page 49-10 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) Register 49-5: Bit Range 31:24 CESTAT: Crypto Engine Status Register Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 R-0 R-0 R-0 R-0 ERRMODE<2:0> 23:16 15:8 U-0 U-0 — — R-0 R-0 Bit 27/19/11/3 Bit 26/18/10/2 R-0 R-0 ERROP<2:0> R-0 R-0 R-0 R-0 R-0 Bit 24/16/8/0 R-0 R-0 ERRPHASE<1:0> R-0 R-0 R-0 START ACTIVE R-0 R-0 R-0 R-0 R-0 R-0 BDSTATE<3:0> R-0 Bit 25/17/9/1 BDCTRL<15:8> R-0 7:0 R-0 R-0 R-0 R-0 BDCTRL<7:0> Legend: R = Readable bit -n = Value at POR W = Writable bit ‘1’ = Bit is set U = Unimplemented bit, read as ‘0’ ‘0’ = Bit is cleared x = Bit is unknown bit 31-29 ERRMOD<2:0>: Internal Error Mode Status bits 111 = Reserved • • • bit 28-26 bit 25-24 • • • bit 17 bit 16 bit 15-0 0111 = Reserved 0110 = Security Association fetch 0101 = Fetch Buffer Descriptor Processor is disabled 0100 = Descriptor is done 0011 = Data phase 0010 = Buffer Descriptor Processor is loading 0001 = Descriptor fetch request is pending 0000 = Buffer Descriptor Processor is idle START: DMA Start Status bit 1 = DMA start has occurred 0 = DMA start has not occurred ACTIVE: Buffer Descriptor Processor Status bit 1 = Buffer Descriptor Processor is active 0 = Buffer Descriptor Processor is idle BDCTRL<15:0>: Descriptor Control Word Status bits These bits contain the current descriptor control word. © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-11 49 Crypto Engine and Random Number Generator (RNG) bit 23-22 bit 21-18 001 = Reserved 000 = Normal operation ERROP<2:0>: Internal Error Operation Status bits 111 = Reserved 110 = Reserved 101 = Reserved 100 = Authentication 011 = Reserved 010 = Decryption 001 = Encryption 000 = Reserved ERRPHASE<1:0>: Internal Error Phase of DMA Status bits 11 = Destination data 10 = Source data 01 = Security Association access 00 = Buffer Descriptor access Unimplemented: Read as ‘0’ BDSTATE<3:0>: Buffer Descriptor Processor State Status bits These bits contain a number, which indicates the current state of the Buffer Descriptor Processor: 1111 = Reserved PIC32 Family Reference Manual Register 49-6: Bit Range 31:24 23:16 15:8 7:0 CEINTSRC: Crypto Engine Interrupt Source Register Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — U-0 U-0 U-0 U-0 — — — — Legend: R-0, HS (1) AREIF R-0, HS (1) PKTIF R-0, HS (1) CBDIF — R-0, HS (1) PENDIF HS = Set by hardware R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared x = Bit is unknown bit 31-4 Unimplemented: Read as ‘0’ bit 3 AREIF: Access Response Error Interrupt bit(1) 1 = The Crypto Engine attempted to access an invalid memory location 0 = No error has occurred bit 2 PKTIF: DMA Packet Completion Interrupt Status bit(1) 1 = DMA packet was completed 0 = DMA packet was not completed bit 1 CBDIF: Buffer Descriptor Transmit Status bit(1) 1 = Last Buffer Descriptor transmit was processed 0 = Last Buffer Descriptor transmit has not been processed bit 0 PENDIF: Crypto Engine Interrupt Pending Status bit(1) 1 = Crypto Engine interrupt is pending (this value is the result of an OR of all interrupts in the Crypto Engine) 0 = Crypto Engine interrupt is not pending Note 1: Write a '1' to this bit to clear the interrupt. DS60001246B-page 49-12 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) Register 49-7: Bit Range 31:24 23:16 15:8 7:0 CEINTEN: Crypto Engine Interrupt Enable Register Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 R/W-0 R/W-0 R/W-0 R/W-0 — — — — AREIE PKTIE BDPIE PENDIE(1) Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared x = Bit is unknown bit 31-4 Unimplemented: Read as ‘0’ bit 3 AREIE: Access Response Error Interrupt Enable bit 1 = Access response error interrupts are enabled 0 = Access response error interrupts are not enabled bit 2 PKTIE: DMA Packet Completion Interrupt Enable bit 1 = DMA packet completion interrupts are enabled 0 = DMA packet completion interrupts are not enabled bit 1 BDPIE: DMA Buffer Descriptor Processor Interrupt Enable bit 1 = Buffer Descriptor Processor interrupts are enabled 0 = Buffer Descriptor Processor interrupts are not enabled bit 0 PENDIE: Master Interrupt Enable bit(1) 1 = Crypto Engine interrupts are enabled 0 = Crypto Engine interrupts are not enabled Note 1: The PENDIE bit is a Global enable bit and must be enabled together with the other interrupts desired. 49 Crypto Engine and Random Number Generator (RNG) © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-13 PIC32 Family Reference Manual Register 49-8: Bit Range CEPOLLCON: Crypto Engine Poll Control Register Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 31:24 23:16 15:8 BDPPLCON<15:8> R/W-0 7:0 R/W-0 R/W-0 R/W-0 R/W-0 BDPPLCON<7:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared x = Bit is unknown bit 31-16 Unimplemented: Read as ‘0’ bit 15-0 BDPPLCON<15:0>: Buffer Descriptor Processor Poll Control bits These bits determine the number of cycles that the DMA transmit Buffer Descriptor Processor would wait before refetching the descriptor control word if the previous descriptor fetched was disabled. Register 49-9: Bit Range 31:24 23:16 15:8 7:0 CEHDLEN: Crypto Engine Header Length Register Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 HDRLEN<7:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared bit 31-8 Unimplemented: Read as ‘0’ bit 7-0 HDRLEN<7:0>: DMA Header Length bits For every packet, leave this length of locations and start filling the data. DS60001246B-page 49-14 x = Bit is unknown © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) Register 49-10: CETRLLEN: Crypto Engine Trailer Length Register Bit Range 31:24 23:16 15:8 7:0 Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 TRLRLEN<7:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared bit 31-8 Unimplemented: Read as ‘0’ bit 7-0 TRLRLEN<7:0>: DMA Trailer Length bits For every packet, leave this length of locations and start putting the next packet. x = Bit is unknown Register 49-11: CEDTXSTAT: Crypto Engine DTX Debug Status Register Bit Range 31:24 23:16 15:8 Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 R-0 R-0 R-0 R-0 — — — — R-0 R-0 R-0 R-0 DTXBLEN<15:12> R-0 R-0 R-0 R-0 R-0 R-0 R-0 DTXBLEN<11:4> R-0 R-0 R-0 R-0 DTXBLEN<3:0> DTXSTATE<3:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared x = Bit is unknown bit 31-20 Unimplemented: Read as ‘0’ bit 19-4 DTXBLEN<15:0>: Current DMA Transmit Buffer Length Debug Status bits bit 3-0 DTXSTATE<3:0>: Current DMA Transmit States Debug Status bits 1111 = Reserved • • • 0110 = Reserved 0101 = Transmitting to internal Crypto Engine Memory 0100 = Reserved 0011 = Wait 0010 = Reserved 0001 = Reserved 0000 = Idle © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-15 49 Crypto Engine and Random Number Generator (RNG) 7:0 R-0 PIC32 Family Reference Manual Register 49-12: CEDRXSTAT: Crypto Engine DRX Debug Status Register Bit Range 31:24 23:16 15:8 Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 R-0 R-0 R-0 R-0 — — — — R-0 R-0 R-0 DRXBLEN<15:12> R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 DTXBLEN<11:4> R-0 7:0 R-0 R-0 R-0 R-0 DRXBLEN<3:0> DRXSTATE<3:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared x = Bit is unknown bit 31-20 Unimplemented: Read as ‘0’ bit 19-4 DTXBLEN<15:0>: Current DMA Receive Buffer Length Debug Status bits bit 3-0 DTXSTATE<3:0>: Current DMA Receive States Debug Status bits 1111 = Transaction is in progress • • • 0001 = Transaction is in progress 0000 = Idle Register 49-13: RNGVER: Random Number Generator ID, Version, and Revision Register Bit Range 31:24 23:16 15:8 7:0 Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 ID<15:8> R-0 R-0 R-0 R-0 ID<7:0> R-0 R-0 R-0 R-0 R-0 R-0 R-0 VERSION<7:0> R-0 R-0 REVISION<7:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared x = Bit is unknown bit 31-16 ID<15:0>: Block Identification bits bit 15-8 VERSION<7:0>: Block Version bits bit 7-0 REVISION<7:0>: Block Revision bits DS60001246B-page 49-16 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) Register 49-14: RNGCON: Random Number Generator Control Register Bit Range 31:24 23:16 15:8 7:0 Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 R/W-0, HC U-0 R/W-0 R/W-0 R/W-0 — — — LOAD — CONT PRNGEN TRNGEN U-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 — PLEN<6:0> Legend: HC = Cleared by hardware R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared x = Bit is unknown bit 31-13 Unimplemented: Read as ‘0’ bit 12 LOAD: Device Select bit Setting this bit to ‘1’ loads the seed from the TRNG (i.e., the random value) as a seed to the PRNG. It is cleared automatically by hardware. bit 11 Unimplemented: Read as ‘0’ bit 10 CONT: PRNG Number Shift Enable bit 1 = The PRNG random number is shifted every cycle 0 = The PRNG random number is shifted when the previous value is removed bit 9 PRNGEN: PRNG Operation Enable bit 1 = PRNG operation is enabled 0 = PRNG operation is not enabled bit 8 TRNGEN: TRNG Operation Enable bit 1 = TRNG operation is enabled 0 = TRNG operation is not enabled bit 7 Unimplemented: Read as ‘0’; must always be written as ‘0’ bit 6-0 PLEN<6:0>: PRNG Polynomial Length bits These bits contain the length of the polynomial used for the PRNG. Crypto Engine and Random Number Generator (RNG) © 2013-2015 Microchip Technology Inc. 49 DS60001246B-page 49-17 PIC32 Family Reference Manual Register 49-15: RNGPOLY1: Random Number Generator Polynomial Register 1 Bit Range 31:24 23:16 15:8 7:0 Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 POLY1<31:24> R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 POLY1<23:16> R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 POLY1<15:8> R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 POLY1<7:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared bit 31-0 x = Bit is unknown POLY1<31:0>: PRNG LFSR Polynomial Least Significant Byte bits These bits are reverse-order for the LSFR. Therefore, these bits actually represent bits 0-31 of the LSFR. Register 49-16: RNGPOLY2: Random Number Generator Polynomial Register 2 Bit Range 31:24 23:16 15:8 7:0 Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 POLY2<31:24> R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 POLY2<23:16> R/W-0 POLY2<15:8> R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 POLY2<7:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared bit 31-0 x = Bit is unknown POLY2<31:0>: PRNG LFSR Polynomial Most Significant Byte bits These bits are reverse-order for the LSFR. Therefore, these bits actually represent bits 32-63 of the LSFR. DS60001246B-page 49-18 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) Register 49-17: Bit Range 31:24 23:16 15:8 7:0 RNGNUMGEN1: Random Number Generator Pseudo-Random Number Generator Register 1 Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 RNG1<31:24> R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 RNG1<23:16> R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 RNG1<15:8> R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 RNG1<7:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared bit 31-0 x = Bit is unknown RNG1<31:0>: Current PRNG Least Significant Word Value bits Register 49-18: RNGNUMGEN2: Random Number Generator Pseudo-Random Number Generator Register 2 Bit Range 31:24 23:16 15:8 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 RNG2<31:24> R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 RNG2<23:16> R/W-0 RNG2<15:8> R/W-0 R/W-0 R/W-0 R/W-0 R/W-0 RNG2<7:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared bit 31-0 x = Bit is unknown RNG2<31:0>: Current PRNG Most Significant Word Value bits © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-19 49 Crypto Engine and Random Number Generator (RNG) 7:0 Bit 31/23/15/7 PIC32 Family Reference Manual Register 49-19: RNGSEED1: True Random Number Generator Seed Register 1 Bit Range 31:24 23:16 15:8 7:0 Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 R-0 R-0 R-0 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 RDATA1<31:24> R-0 R-0 R-0 R-0 R-0 RDATA1<23:16> R-0 R-0 R-0 R-0 R-0 RDATA1<15:8> R-0 R-0 R-0 R-0 R-0 RDATA1<7:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared bit 31-0 x = Bit is unknown RDATA1<31:0>: TRNG Least Significant Word bits Register 49-20: RNGSEED2: True Random Number Generator Seed Register 2 Bit Range 31:24 23:16 15:8 7:0 Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 R-0 R-0 R-0 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 RDATA2<31:24> R-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 RDATA2<23:16> R-0 R-0 RDATA2<15:8> R-0 R-0 R-0 R-0 R-0 RDATA2<7:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared bit 31-0 x = Bit is unknown RDATA2<31:0>: TRNG Most Significant Word bits DS60001246B-page 49-20 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) Register 49-21: RNGRCNT: True Random Number Generator Count Register Bit Range 31:24 23:16 15:8 7:0 Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 U-0 U-0 U-0 U-0 U-0 U-0 U-0 — — — — — — — — U-0 R-0 R-0 R-0 R-0 R-0 R-0 R-0 — RCNT<6:0> Legend: R = Readable bit W = Writable bit U = Unimplemented bit, read as ‘0’ -n = Value at POR ‘1’ = Bit is set ‘0’ = Bit is cleared bit 31-7 Unimplemented: Read as ‘0’ bit 6-0 RCNT<6:0>: Number of Valid TRNG Generated bits When this count reaches 64, a new number is ready in the RNGSEEDx registers. x = Bit is unknown 49 Crypto Engine and Random Number Generator (RNG) © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-21 PIC32 Family Reference Manual 49.3 CRYPTO ENGINE BUFFER DESCRIPTORS Host software creates a linked list of Buffer Descriptors and the hardware updates them. Table 49-3 provides a list of the Crypto Engine Buffer Descriptors, followed by format descriptions (see Figure 49-3 through Figure 49-10). Table 49-3: Crypto Engine Buffer Descriptors Bit 31/23/15/7 Name BD_CTRL 31:24 DESC_EN 23:16 15:8 7:0 — Bit 30/22/14/6 Bit 29/21/13/5 — — SA_FETCH_EN — Bit 28/20/12/4 Bit Bit 27/19/11/3 26/18/10/2 CRY_MODE<2:0> — LAST_BD 23:16 BD_SAADDR<23:16> 15:8 BD_SAADDR<15:8> BD_SRCADDR<31:24> 23:16 BD_SRCADDR<23:16> 15:8 BD_SRCADDR<15:8> BD_DSTADDR<31:24> 23:16 BD_DSTADDR<23:16> 15:8 BD_DSTADDR<15:8> 7:0 BD_DSTADDR<7:0> 31:24 BD_NXTADDR<31:24> 23:16 BD_NXTADDR<23:16> 15:8 BD_NXTADDR<15:8> 7:0 BD_NXTADDR<7:0> 31:24 BD_UPDADDR<31:24> 23:16 BD_UPDADDR<23:16> 15:8 BD_UPDADDR<15:8> 7:0 BD_UPDADDR<7:0> BD_MSG_LEN 31:24 MSG_LENGTH<31:24> 23:16 MSG_LENGTH<23:16> 15:8 MSG_LENGTH<15:8> 7:0 MSG_LENGTH<7:0> BD_ENC_OFF 31:24 ENCR_OFFSET<31:24> 23:16 ENCR_OFFSET<23:16> 15:8 ENCR_OFFSET<15:8> 7:0 ENCR_OFFSET<7:0> DS60001246B-page 49-22 PKT_INT_EN CBD_INT_EN BD_SRCADDR<7:0> BD_DSTADDR 31:24 BD_UPDPTR — BD_SAADR<7:0> BD_SRCADDR 31:24 BD_NXTPTR — BD_BUFLEN<7:0> BD_SAADDR<31:24> 7:0 LIFM Bit 24/16/8/0 BD_BUFLEN<15:8> BD_SA_ADDR 31:24 7:0 — Bit 25/17/9/1 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) Figure 49-3: Format of BD_CTRL Bit Range Bit 31/23/15/7 31-24 DESC_EN — — SA_ FETCH_EN 23-16 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 CRY_MODE<2:0> — — LAST_BD 15-8 BD_BUFLEN<15:8> 7-0 BD_BUFLEN<7:0> Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 — — — LIFM PKT_ INT_EN CBD_ INT_EN bit 31 DESC_EN: Descriptor Enable 1 = The descriptor is owned by hardware. After processing the BD, hardware resets this bit to ‘0’. 0 = The descriptor is owned by software bit 30 Unimplemented: Must be written as ‘0’ bit 29-27 CRY_MODE<2:0>: Crypto Mode 111 = Reserved 110 = Reserved 101 = Reserved 100 = Reserved 011 = CEK operation 010 = KEK operation 001 = Preboot authentication 000 = Normal operation bit 26-23 Unimplemented: Must be written as ‘0’ bit 22 SA_FETCH_EN: Fetch Security Association From External Memory 1 = Fetch SA from the SA pointer. This bit needs to be set to ‘1’ for every new packet. 0 = User current fetched SA or the internal SA bit 21-20 Unimplemented: Must be written as ‘0’ bit 19 LAST_BD: Last Buffer Descriptors After the last BD, the BD_PTR goes to the base address in the CSR. bit 18 LIFM: Last In Frame In case of Receive Packets (from H/W-> Host), this field is filled by the Hardware to indicate whether the packet goes across multiple buffer descriptors. In case of transmit packets (from Host -> H/W), this field indicates whether this BD is the last in the frame. bit 17 PKT_INT_EN: Packet Interrupt Enable Generate an interrupt after processing the current buffer descriptor, if it is the end of the packet. bit 16 CBD_INT_EN: CBD Interrupt Enable Generate an interrupt after processing the current buffer descriptor. bit 15-0 BD_BUFLEN<15:0>: Buffer Descriptor Length This field contains the length of the buffer and is updated with the actual length filled by the receiver. Bit Range Format of BD_SADDR Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 31-24 BD_SAADDR<31:24> 23-16 BD_SAADDR<23:16> 15-8 BD_SAADDR<15:8> 7-0 BD_SAADDR<7:0> bit 31-0 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 BD_SAADDR: Security Association IP Session Address The sessions’ Security Association pointer has the keys and IV values. © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-23 Crypto Engine and Random Number Generator (RNG) Figure 49-4: 49 PIC32 Family Reference Manual Figure 49-5: Bit Range Format of BD_SRCADDR Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 31-24 BD_SCRADDR<31:24> 23-16 BD_SCRADDR<23:16> 15-8 BD_SCRADDR<15:8> 7-0 BD_SCRADDR<7:0> bit 31-0 Figure 49-6: Bit Range Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 23-16 BD_DSTADDR<23:16> 15-8 BD_DSTADDR<15:8> 7-0 BD_DSTADDR<7:0> Bit Range Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 23-16 BD_NXTADDR<23:16> 15-8 BD_NXTADDR<15:8> 7-0 BD_NXTADDR<7:0> Bit Range Bit 24/16/8/0 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 Bit 25/17/9/1 Bit 24/16/8/0 BD_NXTADDR: Next Buffer Descriptor Pointer Address Has Next Buffer Descriptor The next buffer can be a next segment of the previous buffer or a new packet. Format of BD_UPDPTR Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 31-24 BD_UPDADDR<31:24> 23-16 BD_UPDADDR<23:16> 15-8 BD_UPDADDR<15:8> 7-0 BD_UPDADDR<7:0> bit 31-0 Bit 25/17/9/1 Format of BD_NXTADDR BD_NXTADDR<31:24> Figure 49-8: Bit 26/18/10/2 BD_DSTADDR: Buffer Destination Address The destination address of the buffer that needs to be passed through the PE-CRDMA for encryption or authentication. 31-24 bit 31-0 Bit 24/16/8/0 Format of BD_DSTADDR BD_DSTADDR<31:24> Figure 49-7: Bit 25/17/9/1 BD_SCRADDR: Buffer Source Address The source address of the buffer that needs to be passed through the PE-CRDMA for encryption or authentication. 31-24 bit 31-0 Bit 26/18/10/2 Bit 26/18/10/2 BD_UPDADDR: UPD Address Location The update address has the location where the CRDMA results are posted. The updated results are the ICV values, key output values as needed. DS60001246B-page 49-24 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) Figure 49-9: Bit Range Format of BD_MSG_LEN Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 31-24 MSG_LENGTH<31:24> 23-16 MSG_LENGTH<23:16> 15-8 MSG_LENGTH<15:8> 7-0 MSG_LENGTH<7:0> bit 31-0 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 MSG_LENGTH: Total Message Length Total message length for the hash and HMAC algorithms in bytes. Total number of Crypto bytes in case of GCM algorithm (LEN-C). Figure 49-10: Format of BD_ENC_OFF Bit Range Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 31-24 ENCR_OFFSET<31:24> 23-16 ENCR_OFFSET<23:16> 15-8 ENCR_OFFSET<15:8> 7-0 ENCR_OFFSET<7:0> bit 31-0 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 ENCR_OFFSET: Encryption Offset Encryption offset for the multi-task test cases (both encryption and authentication). The number of AAD bytes in the case of GCM algorithm (LEN-A). Example 49-1: Buffer Descriptor C Structures typedef struct bdCtrl { unsigned int BUFLEN : 16; unsigned int CBD_INT_EN : 1; unsigned int PKT_INT_EN : 1; unsigned int LIFM : 1; unsigned int LAST_BD: 1; unsigned int : 2; unsigned int SA_FETCH_EN : 1; unsigned int : 4; unsigned int CRY_MODE: 3; unsigned int : 1; unsigned int DESC_EN : 1; } bdCtrl; 49 Crypto Engine and Random Number Generator (RNG) typedef struct bufferDescriptor { bdCtrl BD_CTRL; unsigned int SA_ADDR; unsigned int SRCADDR; unsigned int DSTADDR; unsigned int NXTPTR; unsigned int UPDPTR; unsigned int MSGLEN; unsigned int ENCOFF; } bufferDescriptor; © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-25 PIC32 Family Reference Manual 49.4 CRYPTO ENGINE SECURITY ASSOCIATION STRUCTURE Table 49-4 shows the Security Association structure. The Crypto Engine uses the Security Association to determine the settings for processing a Buffer Descriptor Processor. The Security Association contains: • • • • • • • Table 49-4: Crypto Engine Security Association Structure Bit 31/23/15/7 Name SA_CTRL Which algorithm to use Whether to use engines in parallel (for both authentication and encryption/decryption) The size of the key Authentication key Encryption/decryption key Authentication Initialization Vector (IV) Encryption IV Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 31:24 — — VERIFY — NO_RX OR_EN ICVONLY IRFLAG 23:16 LNC LOADIV FB FLAGS — — — ALGO<6> ENCTYPE KEYSIZE<1> 15:8 7:0 ALGO<5:0> KEYSIZE<0> MULTITASK<2:0> CRYPTOALGO<3:0> SA_AUTHKEY1 31:24 AUTHKEY<31:24> 23:16 AUTHKEY<23:16> 15:8 AUTHKEY<15:8> 7:0 AUTHKEY<7:0> SA_AUTHKEY2 31:24 AUTHKEY<31:24> 23:16 AUTHKEY<23:16> 15:8 AUTHKEY<15:8> 7:0 AUTHKEY<7:0> SA_AUTHKEY3 31:24 AUTHKEY<31:24> 23:16 AUTHKEY<23:16> 15:8 AUTHKEY<15:8> 7:0 AUTHKEY<7:0> SA_AUTHKEY4 31:24 AUTHKEY<31:24> 23:16 AUTHKEY<23:16> 15:8 AUTHKEY<15:8> 7:0 AUTHKEY<7:0> SA_AUTHKEY5 31:24 AUTHKEY<31:24> 23:16 AUTHKEY<23:16> 15:8 AUTHKEY<15:8> 7:0 AUTHKEY<7:0> SA_AUTHKEY6 31:24 AUTHKEY<31:24> 23:16 AUTHKEY<23:16> 15:8 AUTHKEY<15:8> 7:0 AUTHKEY<7:0> SA_AUTHKEY7 31:24 AUTHKEY<31:24> 23:16 AUTHKEY<23:16> 15:8 AUTHKEY<15:8> 7:0 AUTHKEY<7:0> SA_AUTHKEY8 31:24 AUTHKEY<31:24> 23:16 AUTHKEY<23:16> 15:8 AUTHKEY<15:8> SA_ENCKEY1 SA_ENCKEY2 Bit 24/16/8/0 7:0 AUTHKEY<7:0> 31:24 ENCKEY<31:24> 23:16 ENCKEY<23:16> 15:8 ENCKEY<15:8> 7:0 ENCKEY<7:0> 31:24 ENCKEY<31:24> 23:16 ENCKEY<23:16> 15:8 ENCKEY<15:8> 7:0 ENCKEY<7:0> DS60001246B-page 49-26 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) Table 49-4: Crypto Engine Security Association Structure (Continued) Bit 31/23/15/7 Name SA_ENCKEY3 SA_ENCKEY4 SA_ENCKEY5 SA_ENCKEY6 SA_ENCKEY7 SA_ENCKEY8 SA_AUTHIV1 SA_AUTHIV2 SA_AUTHIV3 SA_AUTHIV5 SA_AUTHIV6 SA_AUTHIV7 SA_AUTHIV8 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 31:24 ENCKEY<31:24> 23:16 ENCKEY<23:16> 15:8 ENCKEY<15:8> 7:0 ENCKEY<7:0> 31:24 ENCKEY<31:24> 23:16 ENCKEY<23:16> 15:8 ENCKEY<15:8> 7:0 ENCKEY<7:0> 31:24 ENCKEY<31:24> 23:16 ENCKEY<23:16> 15:8 ENCKEY<15:8> 7:0 ENCKEY<7:0> 31:24 ENCKEY<31:24> 23:16 ENCKEY<23:16> 15:8 ENCKEY<15:8> 7:0 ENCKEY<7:0> 31:24 ENCKEY<31:24> 23:16 ENCKEY<23:16> 15:8 ENCKEY<15:8> 7:0 ENCKEY<7:0> 31:24 ENCKEY<31:24> 23:16 ENCKEY<23:16> 15:8 ENCKEY<15:8> 7:0 ENCKEY<7:0> 31:24 AUTHIV<31:24> 23:16 AUTHIV<23:16> 15:8 AUTHIV<15:8> 7:0 AUTHIV<7:0> 31:24 AUTHIV<31:24> 23:16 AUTHIV<23:16> 15:8 AUTHIV<15:8> 7:0 AUTHIV<7:0> 31:24 AUTHIV<31:24> 23:16 AUTHIV<23:16> 15:8 AUTHIV<15:8> 7:0 AUTHIV<7:0> 31:24 AUTHIV<31:24> 23:16 AUTHIV<23:16> 15:8 AUTHIV<15:8> 7:0 AUTHIV<7:0> 31:24 AUTHIV<31:24> 23:16 AUTHIV<23:16> 15:8 AUTHIV<15:8> 7:0 AUTHIV<7:0> 31:24 AUTHIV<31:24> 23:16 AUTHIV<23:16> 15:8 AUTHIV<15:8> 7:0 AUTHIV<7:0> 31:24 AUTHIV<31:24> 23:16 AUTHIV<23:16> 15:8 AUTHIV<15:8> 7:0 AUTHIV<7:0> 31:24 AUTHIV<31:24> 23:16 AUTHIV<23:16> 15:8 AUTHIV<15:8> 7:0 AUTHIV<7:0> © 2013-2015 Microchip Technology Inc. Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 49 Crypto Engine and Random Number Generator (RNG) SA_AUTHIV4 Bit 30/22/14/6 DS60001246B-page 49-27 PIC32 Family Reference Manual Table 49-4: Crypto Engine Security Association Structure (Continued) Bit 31/23/15/7 Name SA_ENCIV1 SA_ENCIV2 SA_ENCIV3 SA_ENCIV4 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 31:24 ENCIV<31:24> 23:16 ENCIV<23:16> 15:8 ENCIV<15:8> 7:0 ENCIV<7:0> 31:24 ENCIV<31:24> 23:16 ENCIV<23:16> 15:8 ENCIV<15:8> 7:0 ENCIV<7:0> 31:24 ENCIV<31:24> 23:16 ENCIV<23:16> 15:8 ENCIV<15:8> 7:0 ENCIV<7:0> 31:24 ENCIV<31:24> 23:16 ENCIV<23:16> 15:8 ENCIV<15:8> 7:0 ENCIV<7:0> DS60001246B-page 49-28 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) Figure 49-11: Bit Range Format of SA_CTRL Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 31-24 — — VERIFY — NO_RX OR_EN ICVONLY IRFLAG 23-16 LNC LOADIV FB FLAGS — — — ALGO<6> ENC KEYSIZE<1> 15-8 7-0 ALGO<5:0> KEYSIZE<0> MULTITASK<2:0> CRYPTOALGO<3:0> bit 31-30 Reserved: Do not use bit 29 VERIFY: NIST Procedure Verification Setting 1 = NIST procedures are to be used 0 = Do not use NIST procedures bit 28 Reserved: Do not use bit 27 NO_RX: Receive DMA Control Setting 1 = Only calculate ICV for authentication calculations 0 = Normal processing bit 26 OR_EN: OR Register Bits Enable Setting 1 = OR the register bits with the internal value of the CSR register 0 = Normal processing bit 25 ICVONLY: Incomplete Check Value Only Flag This affects the SHA-1 algorithm only. It has no effect on the AES algorithm. 1 = Only three words of the HMAC result are available 0 = All results from the HMAC result are available bit 24 IRFLAG: Immediate Result of Hash Setting This bit is set when the immediate result for hashing is requested. 1 = Save the immediate result for hashing 0 = Do not save the immediate result bit 23 LNC: Load New Keys Setting 1 = Load a new set of keys for encryption and authentication 0 = Do not load new keys bit 22 LOADIV: Load IV Setting 1 = Load the IV from this Security Association 0 = Use the next IV bit 21 FB: First Block Setting This bit indicates that this is the first block of data to feed the IV value. 1 = Indicates this is the first block of data 0 = Indicates this is not the first block of data bit 20 49 Crypto Engine and Random Number Generator (RNG) FLAGS: Incoming/Outgoing Flow Setting 1 = Security Association is associated with an outgoing flow 0 = Security Association is associated with an incoming flow bit 19-17 Reserved: Do not use bit 16-10 ALGO<6:0>: Type of Algorithm to Use 1xxxxxx = HMAC 1 x1xxxxx = SHA-256 xx1xxxx = SHA1 xxx1xxx = MD5 xxxx1xx = AES xxxxx1x = TDES xxxxxx1 = DES bit 9 ENC: Type of Encryption Setting 1 = Encryption 0 = Decryption bit 8-7 KEYSIZE<1:0>: Size of Keys in SA_AUTHKEYx or SA_ENCKEYx(1) 11 = Reserved; do not use 10 = 256 bits 01 = 192 bits 00 = 128 bits © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-29 PIC32 Family Reference Manual Figure 49-11: Format of SA_CTRL (Continued) bit 6-4 MULTITASK<2:0>: How to Combine Parallel Operations in the Crypto Engine 111 = Parallel pass (decrypt and authenticate incoming data in parallel) 101 = Pipe pass (encrypt the incoming data, and then perform authentication on the encrypted data) 011 = Reserved 010 = Reserved 001 = Reserved 000 = Encryption or authentication or decryption (no pass) bit 3-0 CRYPTOALGO<3:0>: Mode of operation for the Crypto Algorithm 1111 = Reserved 1110 = AES_GCM (for AES processing) 1101 = RCTR (for AES processing) 1100 = RCBC_MAC (for AES processing) 1011 = ROFB (for AES processing) 1010 = RCFB (for AES processing) 1001 = RCBC (for AES processing) 1000 = REBC (for AES processing) 0111 = TOFB (for Triple-DES processing) 0110 = TCFB (for Triple-DES processing) 0101 = TCBC (for Triple-DES processing) 0100 = TECB (for Triple-DES processing) 0011 = OFB (for DES processing) 0010 = CFB (for DES processing) 0001 = CBC (for DES processing) 0000 = ECB (for DES processing) Note 1: This setting does not alter the size of SA_AUTHKEYx or SA_ENCKEYx in the Security Association, only the number of bits of SA_AUTHKEYx and SA_ENCKEYx that are used. DS60001246B-page 49-30 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) Figure 49-12: Format of SA_AUTHKEYx (x = 1 through 8) Bit Range Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 31-24 AUTHKEY<31:24> 23-16 AUTHKEY<23:16> 15-8 AUTHKEY<15:8> 7-0 AUTHKEY<7:0> bit 31-0 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 AUTHKEY<31:0>: Key Used in Authentication Engine Processing These entries should be set to ‘0’ if the Authentication Engine is not being used. Figure 49-13: Format of SA_ENCKEYx (x = 1 through 8) Bit Range Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 31-24 ENCKEY<31:24> 23-16 ENCKEY<23:16> 15-8 ENCKEY<15:8> 7-0 ENCKEY<7:0> bit 31-0 ENCKEY<31:0>: Key Used in Crypto Engine Processing These entries should be set to ‘0’ if the Crypto Engine is not being used. Figure 49-14: Format of SA_AUTHIVx (x = 1 through 8) Bit Range Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 AUTHIV<31:24> 23-16 AUTHIV<23:16> 15-8 AUTHIV<15:8> 7-0 AUTHIV<7:0> bit 31-0 49 Crypto Engine and Random Number Generator (RNG) 31-24 AUTHIV<31:0>: IV Used in Authentication Engine Processing These entries should be set to ‘0’ if the Authentication Engine is not being used. Figure 49-15: Format of SA_ENCIVx (x = 1 through 4) Bit Range Bit 31/23/15/7 Bit 30/22/14/6 Bit 29/21/13/5 Bit 28/20/12/4 Bit 27/19/11/3 31-24 ENCIV<31:24> 23-16 ENCIV<23:16> 15-8 ENCIV<15:8> 7-0 ENCIV<7:0> bit 31-0 Bit 26/18/10/2 Bit 25/17/9/1 Bit 24/16/8/0 ENCIV<31:0>: IV Used in Crypto Engine Processing These entries should be set to ‘0’ if the Crypto Engine is not being used. © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-31 PIC32 Family Reference Manual Example 49-2: Security Association C Structures typedef struct saCtrl { unsigned int CRYPTOALGO : 4; unsigned int MULTITASK : 3; unsigned int KEYSIZE : 2; unsigned int ENCTYPE : 1; unsigned int ALGO : 7; unsigned int : 3; unsigned int FLAGS : 1; unsigned int FB : 1; unsigned int LOADIV : 1; unsigned int LNC : 1; unsigned int IRFLAG : 1; unsigned int ICVONLY : 1; unsigned int OR_EN : 1; unsigned int NO_RX : 1; unsigned int : 1; unsigned int VERIFY : 1; unsigned int : 2; } saCtrl; typedef struct securityAssociation { saCtrl SA_CTRL; unsigned int SA_AUTHKEY[8]; unsigned int SA_ENCKEY[8]; unsigned int SA_AUTHIV[8]; unsigned int SA_ENCIV[4]; } securityAssociation; DS60001246B-page 49-32 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) 49.5 CRYPTO ENGINE OPERATION 49.5.1 Cryptographic Security Engines To reduce the processing requirements of the PIC32 family, the Crypto Engine includes four different cryptographic security engines. These security engines perform the types of encryptions, decryptions, and mathematical computations that are most commonly used for a variety of security applications. They accelerate the computation of public or private key pair negotiations, message hash authentication, and bulk data encryption/decryption. These engines may be used in parallel, or daisy-chained to provide additional security. The four engines implemented are: • • • • Triple Data Encryption Standard (TDES) Advanced Encryption Standard (AES) Secure Hash Algorithm (SHA-1 and SHA-256) Message Digest 5 (MD5) 49.5.1.1 TRIPLE DATA ENCRYPTION STANDARD (TDES) The Data Encryption Standard (DES) is an encryption algorithm developed in the early 1970s. It is a block cipher, encrypting data in 64-bit blocks. For each 64-bit block sent through the engine, a 64-bit block is returned. The key length used by DES is 56-bits long. It is usually represented as a 64-bit number; however, per the DES standard, every eighth bit of the key is used for parity checking of the key, and then discarded. That is, positions 8, 16, 24, 32, 40, 48, 56, and 64 are removed from the 64-bit key, leaving only the 56-bit key. Padding must be added to ensure the size of the incoming data to be processed is a multiple of 8 bytes. This padding is exclusive of any header or trailer data that is skipped over and should consist of zeros. Triple DES (TDES) uses the algorithm three times on the same block of data, rather than only once, and can use key lengths of 56, 112, or 168 bits. Like DES, TDES is a symmetric algorithm, meaning the same algorithm and key are used for both encryption and decryption of data. 49.5.1.2 ADVANCED ENCRYPTION STANDARD (AES) The key length used by AES can be 128, 192, or 256 bits, and determines the number of transformation rounds used to convert the input to the output. The key length also determines the effective bit rate for algorithm execution. Padding must be added to ensure the size of the incoming data to be processed is a multiple of 16 bytes (128 bits). This padding is exclusive of any header/trailer data that is skipped over and should consist of zeros. 49.5.1.3 SECURE HASH ALGORITHM (SHA-1 AND SHA-256) Secure Hash Algorithm (SHA) is a cryptographic hash function designed by the United States National Security Agency (NSA). It is a one-way message digest function, taking an unlimited amount of input data, and producing a digest of 160 bits (for SHA-1) or 256 bits (for SHA-256). Both versions operate on 512-bit blocks. Padding is required to make the input data a multiple of 64 bytes. The most significant bit of the padding must be a ‘1’, followed by as many zeros as needed to make the length 64 bits short of a multiple of 512 bits (64 bytes). The final 64 bits are a binary representation of the length of the message before padding. This ensures that different messages will not look the same after padding. © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-33 49 Crypto Engine and Random Number Generator (RNG) The Advanced Encryption Standard (AES) engine implements the Advanced Encryption Standard (originally known as Rijndael), as described in the NIST Federal Information Processing Standard Publication 197. Like DES, it is a block cipher, and the same key is used to both encrypt and decrypt data. It operates on 128-bit blocks regardless of the key size. PIC32 Family Reference Manual 49.5.1.4 MESSAGE DIGEST 5 (MD5) Message Digest 5 (MD5) is similar to SHA, in that it is a cryptographic hash function. It was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. MD5 takes an unlimited amount of input data, and produces a 128-bit hash value. MD5 operates on 512-bit blocks. Padding is required to make the input data a multiple of 64 bytes. The most significant bit of the padding must be a 1, followed by as many zeros as needed to make the length 64 bits short of a multiple of 512 bits (64 bytes). The final 64 bits are a binary representation of the length of the message before padding. This ensures that different messages will not look the same after padding. 49.5.1.5 MODES OF OPERATION The TDES and AES block cipher engines offer up to six modes of operation, which enables the repeated and secure use of the cipher under a single key. The six modes are: • • • • • • Cipher-Block Chaining (CBC) Electronic Code Book (ECB) Counter (CTR) - AES only Cipher Feedback (CFB) Output Feedback (OFB) Galois/Counter (GCM) - AES only The modes in use are decided by the Security Association structure when the data is processed. 49.5.2 Running the Crypto Engine The Crypto Engine is configured via a set of Buffer Descriptors, which instruct the engine, for a particular block of data, how to process it and which Security Association to use with it. One Security Association can be associated with multiple Buffer Descriptors, thus saving memory. Figure 49-16 illustrates the relationship between one Security Association, multiple Buffer Descriptors, and the data to be processed. Figure 49-16: Relationship of Security Association, Buffer Descriptor and Pending Processed Data 0x80001300 Security Association Buffer Descriptor 1 BD_CTRL BD_SA_ADDR BD_SRCADDR BD_DSTADDR BD_NXTPTR BD_UPDPTR BD_MSG_LEN BD_ENC_OFF 0x80001000 0x80002000 Data 1 0x80001340 Header Trailer 0x80002100 Data 2 Buffer Descriptor 2 SA_CTRL Header Header Data 2 Trailer 0x80001188 0x80001504 Header Data 1 Trailer 0x80001100 0x80001500 SA_AUTHKEY Header Trailer 0x80002188 Header 0x80001380 Buffer Descriptor 3 0x80001524 SA_ENCKEY Data 3 Data 3 Trailer Trailer 0x80001544 SA_AUTHIV 0x80001F00 0x80001564 SA_ENCIV 0x80001400 Buffer Descriptor n DS60001246B-page 49-34 Header 0x80002F00 Header Data n Data n Trailer Trailer © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) 49.5.2.1 DATA BLOCK HEADER AND TRAILER For some applications, each data block may have header and/or trailer information that should not be processed by the Crypto Engine, but should be passed through without alteration. The CEHDLEN and CETRLLEN registers determine the length of the header and trailer. Setting each register reserves up to 255 bytes. 49.5.2.2 CREATING THE SECURITY ASSOCIATION The Security Association describes to the Crypto Engine how to run the engine for the given block, and what security keys and Initialization Vectors (IV) to use. At a minimum, the Security Association must contain the following information: • • • • • • • The algorithm to use (HMAC, SHA256, SHA1, MD5, AES, TDES, DES) Whether to load the Initialization Vector (IV) The direction of flow (incoming or outgoing) Encryption or decryption Key size Multi-task options Mode of operation (only applies to certain algorithms) An example for creating and setting up a Security Association is shown in Example 49-3. Example 49-3: Setting Up a Security Association securityAssociation enc_sa __attribute__((aligned (8))); securityAssociation dec_sa __attribute__((aligned (8))); memset((void *)&enc_sa, 0, sizeof(enc_sa)); memset((void *)&dec_sa, 0, sizeof(dec_sa)); /* Set up the Security Association */ enc_sa.SA_CTRL.ALGO = 0b0000010; /* TDES */ enc_sa.SA_CTRL.LNC = 1; enc_sa.SA_CTRL.LOADIV = 1; enc_sa.SA_CTRL.FB = 1; enc_sa.SA_CTRL.ENCTYPE = 1; /* Encryption */ enc_sa.SA_CTRL.CRYPTOALGO = 0b0101; /* TCBC */ dec_sa.SA_CTRL.ALGO = 0b0000010; /* TDES */ dec_sa.SA_CTRL.LNC = 1; dec_sa.SA_CTRL.LOADIV = 1; dec_sa.SA_CTRL.FB = 1; dec_sa.SA_CTRL.ENCTYPE = 0; /* Decryption */ dec_sa.SA_CTRL.CRYPTOALGO = 0b0101; /* TCBC */ 49 Crypto Engine and Random Number Generator (RNG) /* Load the encryption keys */ enc_sa.SA_ENCKEY[2] = 0x01234567; enc_sa.SA_ENCKEY[3] = 0x89abcdef; enc_sa.SA_ENCKEY[4] = 0xfedeba98; enc_sa.SA_ENCKEY[5] = 0x76543210; enc_sa.SA_ENCKEY[6] = 0x89abcdef; enc_sa.SA_ENCKEY[7] = 0x01234567; dec_sa.SA_ENCKEY[2] dec_sa.SA_ENCKEY[3] dec_sa.SA_ENCKEY[4] dec_sa.SA_ENCKEY[5] dec_sa.SA_ENCKEY[6] dec_sa.SA_ENCKEY[7] = = = = = = 0x01234567; 0x89abcdef; 0xfedeba98; 0x76543210; 0x89abcdef; 0x01234567; /* Load the initialization vector (IV) */ enc_sa.SA_ENCIV[2] = 0x12345678; enc_sa.SA_ENCIV[3] = 0x90abcdef; dec_sa.SA_ENCIV[2] = 0x12345678; dec_sa.SA_ENCIV[3] = 0x90abcdef; © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-35 PIC32 Family Reference Manual 49.5.2.3 SECURITY ASSOCIATION ENCRYPTION KEY AND IV DATA ALIGNMENT When copying the key and initialization vectors into the security association, the position of each vector is important to generate the correct results. Figure 49-17 through Figure 49-21 illustrate how the alignment of each is to be affected for all of the available hardware encryption algorithms. Note that all of the Keys and IVs in the Security Association must be in Big-Endian order. Figure 49-17: Key and IV Layout in Security Association for AES (128-bit Key) Byte 3 Byte 2 Byte 1 Byte 0 SA_ENCKEY1 Byte 3 Byte 2 Unused(1) Byte 1 Byte 0 SA_ENCIV1 0 1 2 3 SA_ENCKEY2 Unused(1) SA_ENCIV2 4 5 6 7 SA_ENCKEY3 Unused (1) SA_ENCIV3 8 9 10 11 SA_ENCKEY4 Unused(1) SA_ENCIV4 12 13 14 15 SA_ENCKEY5 0 1 2 3 SA_ENCIV5 Unused(1) SA_ENCKEY6 4 5 6 7 SA_ENCIV6 Unused(1) SA_ENCKEY7 8 9 10 11 SA_ENCIV7 Unused(1) SA_ENCKEY8 12 13 14 15 SA_ENCIV8 Unused(1) Note 1: 2: Unused bytes should be cleared to ‘0’. All 32-bit words are in Big-Endian order. Figure 49-18: Key and IV Layout in Security Association for AES (192-bit Key) Byte 3 Byte 2 Byte 1 Byte 0 SA_ENCKEY1 Byte 3 Byte 2 Unused(1) Byte 1 Byte 0 SA_ENCIV1 0 1 2 3 SA_ENCKEY2 Unused(1) SA_ENCIV2 4 5 6 7 3 SA_ENCIV3 8 9 10 11 12 13 14 15 SA_ENCKEY3 0 1 SA_ENCKEY4 4 5 6 7 SA_ENCIV4 SA_ENCKEY5 8 9 10 11 SA_ENCIV5 Unused(1) SA_ENCKEY6 12 13 14 15 SA_ENCIV6 Unused(1) SA_ENCKEY7 16 17 18 19 SA_ENCIV7 Unused(1) SA_ENCKEY8 20 21 22 23 SA_ENCIV8 Unused(1) Note 1: 2: 2 Unused bytes should be cleared to ‘0’. All 32-bit words are in Big-Endian order. Figure 49-19: Key and IV Layout in Security Association for AES (256-bit Key) SA_ENCKEY1 Byte 3 Byte 2 Byte 1 Byte 0 0 1 2 3 SA_ENCIV1 Byte 3 Byte 2 Byte 1 Byte 0 0 1 2 3 SA_ENCKEY2 4 5 6 7 SA_ENCIV2 4 5 6 7 SA_ENCKEY3 8 9 10 11 SA_ENCIV3 8 9 10 11 SA_ENCKEY4 12 13 14 15 SA_ENCIV4 12 13 14 15 SA_ENCKEY5 16 17 18 19 SA_ENCIV5 Unused(1) SA_ENCKEY6 20 21 22 23 SA_ENCIV6 Unused(1) SA_ENCKEY7 24 25 26 27 SA_ENCIV7 Unused(1) SA_ENCKEY8 28 29 30 31 SA_ENCIV8 Unused(1) Note 1: 2: Unused bytes should be cleared to ‘0’. All 32-bit words are in Big-Endian order. DS60001246B-page 49-36 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) Figure 49-20: Key and IV Layout in Security Association for Triple-DES Byte 3 Byte 2 Byte 1 Byte 0 Byte 3 Byte 2 Byte 1 SA_ENCKEY1 Unused(1) SA_ENCIV1 Unused(1) SA_ENCKEY2 Unused(1) SA_ENCIV2 Unused(1) SA_ENCKEY3 0 1 2 3 SA_ENCIV3 0 1 4 5 2 3 6 7 Byte 1 Byte 0 SA_ENCKEY4 4 5 6 7 SA_ENCIV4 SA_ENCKEY5 8 9 10 11 SA_ENCIV5 Unused(1) SA_ENCKEY6 12 13 14 15 SA_ENCIV6 Unused(1) SA_ENCKEY7 16 17 18 19 SA_ENCIV7 Unused(1) SA_ENCKEY8 20 21 22 23 SA_ENCIV8 Unused(1) Note 1: 2: Byte 0 Unused bytes should be cleared to ‘0’. All 32-bit words are in Big-Endian order. Figure 49-21: Key and IV Layout in Security Association for DES Byte 3 Byte 2 Byte 1 Byte 0 Byte 3 Byte 2 SA_ENCKEY1 Unused (1) (1) SA_ENCIV1 Unused SA_ENCKEY2 Unused(1) SA_ENCIV2 Unused(1) SA_ENCKEY3 Unused(1) SA_ENCIV3 0 1 2 3 SA_ENCKEY4 Unused(1) SA_ENCIV4 4 5 6 7 SA_ENCKEY5 Unused (1) SA_ENCIV5 Unused(1) SA_ENCKEY6 Unused(1) SA_ENCIV6 Unused(1) SA_ENCKEY7 0 1 2 3 SA_ENCIV7 Unused(1) SA_ENCKEY8 4 5 6 7 SA_ENCIV8 Unused(1) Note 1: 2: Unused bytes should be cleared to ‘0’. All 32-bit words are in Big-Endian order. 49.5.2.4 CREATING THE BUFFER DESCRIPTOR For each block of data that needs to be processed, the Buffer Descriptor tells the Crypto Engine how to process the data. At a minimum, the Buffer Descriptor must include the following information: The address of the Security Association (BD_SA_ADDR) The address of the source data to process (BD_SRCADDR) The address of the destination data after processing (BD_DSTADDR) The address of the next Buffer Descriptor (BD_NXTPTR) The address of the place to store updates for hash algorithms (BD_UPDADDR) The total message length in bytes (MSG_LENGTH) An example of creating and setting up a series of Buffer Descriptors is shown in Example 49-4. © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-37 49 Crypto Engine and Random Number Generator (RNG) • • • • • • PIC32 Family Reference Manual Example 49-4: Setting Up Buffer Descriptors /* vector is the source data for the encryption phase. cipher is the destination for the encryption phase, and the source data for the decryption phase. plain is the destination for the decryption phase. /* Set up the Buffer Descriptor */ enc_bd.BD_CTRL.BUFLEN = sizeof(vector); enc_bd.BD_CTRL.LIFM = 1; enc_bd.BD_CTRL.SA_FETCH_EN = 1; enc_bd.BD_CTRL.LAST_BD = 1; enc_bd.BD_CTRL.DESC_EN = 1; dec_bd.BD_CTRL.BUFLEN = sizeof(cipher); dec_bd.BD_CTRL.LIFM = 1; dec_bd.BD_CTRL.SA_FETCH_EN = 1; dec_bd.BD_CTRL.LAST_BD = 1; dec_bd.BD_CTRL.DESC_EN = 1; enc_bd.SA_ADDR enc_bd.SRCADDR enc_bd.DSTADDR enc_bd.NXTPTR enc_bd.MSGLEN = = = = = KVA_TO_PA(&enc_sa); KVA_TO_PA(vector); KVA_TO_PA(cipher); KVA_TO_PA(&dec_bd); sizeof(vector); dec_bd.SA_ADDR dec_bd.SRCADDR dec_bd.DSTADDR dec_bd.MSGLEN = = = = KVA_TO_PA(&dec_sa); KVA_TO_PA(cipher); KVA_TO_PA(plain); sizeof(cipher); 49.5.2.5 STARTING THE BUFFER DESCRIPTOR PROCESSOR When the Security Associations and Buffer Descriptors have been set up, starting the BDP is done as follows: 1. 2. 3. Tell the engine the address of the first Buffer Descriptor. Selecting the interrupts to enable. Turning on the Crypto DMA engine. An example of starting the processing is shown in Example 49-5. Example 49-5: Setting Up the Crypto Engine to Process Buffer Descriptors CEBDPADDR = KVA_TO_PA(&enc_bd); CEINTEN = 0x07; CECON = 0x07; DS60001246B-page 49-38 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) 49.5.3 Crypto Engine Operation Guidelines The following guidelines are used to ensure proper configuration and operation of the Crypto Engine. Note: To avoid cache coherency problems on devices with L1 cache, all Buffer Descriptors and Security Associations must be accessed from KSEG1 or KSEG3 (uncached) segments only. • Data Alignment - Security Association structures shall be aligned on a 8-byte boundary. This can be done with an alignment attribute for the variable, see Example 49-3. - Buffer Descriptor structures shall be aligned on a 8-byte boundary. This can be done with an alignment attribute for the variable, see Example 49-4. - The source and destination addresses used in the Buffer Descriptor shall be aligned on a 32-bit boundary. • Data Lengths - The Buffer Length field of each Buffer Descriptor shall be an integral multiple of the word size of the Crypto algorithm used. Data blocks should be expanded to meet the required size and filled with zeros to avoid corruption. The word sizes for each algorithm are listed in Table 49-5. Table 49-5: Encryption Algorithm Word Sizes Algorithm Word Size AES 16 Bytes TDES 24 Bytes DES 8 Bytes © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-39 49 Crypto Engine and Random Number Generator (RNG) - The total length of the data across multiple buffer descriptors shall be an integral multiple of the word size of the Crypto algorithm used. The word sizes for each algorithm are listed in Table 49-5. - For the hashing algorithms (MD5, SHA1, SHA256) the packet length shall be a minimum of 64 bytes - If the input data length does not match the above guidelines, it should be zero-padded to make it the correct length • Algorithms, Initialization Vectors (IV) - IV size is restricted to 96 bits for AES GCM - The fourth word (LSB 32-bit) of Encryption IV for AES GCM shall be 1 - When encryption is used in parallel with authentication, HMAC shall be used - HMAC shall be used in combination with one of the authentication engines (MD5/SHA1/SHA256) PIC32 Family Reference Manual 49.6 CRYPTO ENGINE INTERRUPTS The PIC32 device can generate interrupts reflecting the events that occur during the Crypto Engine's operation. Each of the Crypto Engine interrupt events has a corresponding interrupt enable bit in the CEINTEN register, which must be set for an interrupt to be generated. However, regardless of the value of the CEINTEN register, the status of all interrupt events is directly readable via the CEINTSRC register. Therefore, the software has visibility of an event generating a potential interrupt by polling the register and not having an interrupt propagate out of the module. To clear an interrupt, the software must write a '1' to both the particular interrupt and the PENDIF bits in the CEINTSRC register. Following is a description of the interrupt events generated by the Crypto Engine: • Access Response error interrupt, signaled by the AREIF bit (CEINTSRC<3>) and enabled using the AREIE bit (CEINTEN<3>). This event occurs when the Crypto Engine DMA encounters a bus error during a memory access and is caused by an addressing error. For example, if the Crypto Engine attempts to access reserved memory, or memory that has been protected from access by the Crypto Engine, this interrupt will be generated. Recovering from this error requires a soft reset of the Crypto Engine using the SWRST bit (CECON<6>). • DMA Packet Completion interrupt, signaled by the PKTIF bit (CEINTSRC<2>) and enabled using the PKTIE bit (CEINTEN<2>). This event occurs when the Crypto Engine has completed transferring memory. • Buffer Descriptor Processing interrupt, signaled by the CBDIF bit (CEINTSRC<1>) and enabled using the CBDIE bit (CEINTEN<1>). This event occurs when the Crypto Engine has completed processing a Buffer Descriptor. • Pending interrupt, signaled by the PENDIF bit (CEINTSRC<0>) and enabled using the PENDIE bit (CEINTEN<0>). This is a global interrupt, combining the values of the other interrupt sources. This bit must be enabled in addition to the other interrupt sources in order to generate interrupts from the Crypto Engine. All interrupts belonging to the Crypto Engine map to the Crypto Engine interrupt vector. The corresponding Crypto Engine interrupt flag is CRPTIF (IFS3<11>). This interrupt flag must be cleared in software once the cause generating the interrupt is processed. The Crypto Engine is enabled as a source of interrupts via the respective Crypto Engine interrupt enable bit, CRPTIE (IEC3<11>). The interrupt priority-level bits and interrupt sub-priority-level bits must also be configured: • CRPTIP<2:0> (IPC26<28:26>) • CRPTIS<1:0> (IPC26<25:24>) The interrupt service routine that is to be used when a Crypto Engine interrupt is generated is configured via the VOFF107<17:1> bits (OFF107<17:1>). Note: 49.6.1 Refer to Section 8. “Interrupts” (DS60001108) in the “PIC32 Family Reference Manual” for detailed descriptions of the IFSx, IECx, IPCx, and OFFx register interrupt bits. Interrupt Configuration The Crypto Engine has multiple internal interrupt flags (AREIF, PKTIF, CBDIF, PENDIF) and corresponding enable interrupt control bits (AREIE, PKTIE, CBDIE, PENDIE). However, for the Interrupt Controller, there is one dedicated interrupt flag bit for the Crypto Engine: CRPTIF (IFS3<11>) and the corresponding interrupt enable/mask bit, CRPTIE (IEC3<11>). Note: All of the interrupt conditions for the Crypto Engine share one interrupt vector. The Crypto Engine has its own priority and sub-priority levels independent of other peripherals. The CRPTIF bit will be set without regard to the state of the corresponding enable bit, CRPTIE. The CRPTIF bit can be polled by software if desired. DS60001246B-page 49-40 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) The CRPTIE bit is used to define the behavior of the Interrupt Controller when the corresponding CRPTIF bit is set. When the corresponding CRPTIE bit is clear, the Interrupt Controller does not generate a CPU interrupt for the event. If the CRPTIE bit is set, the Interrupt Controller will generate an interrupt to the CPU when the CRPTIF bit is set (subject to the priority and sub-priority as follows). It is the responsibility of the user's software routine that services a particular interrupt to clear the interrupt flag bit before the service routine is complete. The priority of the Crypto Engine interrupt can be set using the IPC26 register of the Interrupt Controller. This priority defines the priority group to which the interrupt source will be assigned. The priority groups range from a value of 7 (the highest priority) to a value of 0, which does not generate an interrupt. An interrupt being serviced will be preempted by an interrupt in a higher priority group. The sub-priority bits allow setting the priority of an interrupt source within a priority group. The values for the sub-priority range from 3 (the highest priority) to 0 (the lowest priority). An interrupt with the same priority group, but having a higher sub-priority value, will not pre-empt a lower sub-priority interrupt that is in progress. Rather, if two interrupts in the same priority group are pending, the one with the higher sub-priority value will be serviced first. The priority group and sub-priority bits allow more than one interrupt source to share the same priority and sub-priority. If simultaneous interrupts occur in this configuration, the natural order of the interrupt sources within a priority/sub-priority group pair determine the interrupt generated. The natural priority is based on the vector numbers of the interrupt sources. The lower the vector number, the higher the natural priority of the interrupt. Any interrupts that were overridden by natural order will then generate their respective interrupts based on priority, sub-priority and natural order after the interrupt flag for the current interrupt is cleared. After an enabled interrupt is generated, the CPU will jump to the vector assigned to that interrupt. The vector number for the interrupt is the same as the natural order number. The CPU will then begin executing code at the vector address. The user's code at this vector address should perform any application-specific operations and clear the CRPTIF interrupt flags (as well as the corresponding event in the CEINTSRC register if a software clearable interrupt) and then exit. Refer to the vector address table details in Section 8. “Interrupts” (DS60001108) in the “PIC32 Family Reference Manual” for more information. Example 49-6: Crypto Engine Initialization with Interrupts Enabled Code 49 © 2013-2015 Microchip Technology Inc. Crypto Engine and Random Number Generator (RNG) /* Start the engine */ CEBDPADDR = KVA_TO_PA(&enc_bd); CEINTEN = 0x07; CECON = 0x07; DS60001246B-page 49-41 PIC32 Family Reference Manual 49.7 RANDOM NUMBER GENERATOR OPERATION The Random Number Generator (RNG) core implements a thermal noise-based True Random Number Generator (TRNG) and a cryptographically secure Pseudo-Random Number Generator (PRNG). The TRNG uses multiple ring oscillators and the inherent thermal noise of integrated circuits to generate true random numbers that can initialize the PRNG. The PRNG is a flexible Linear Shift Feedback Register (LSFR), which is capable of manifesting a maximal length LFSR of up to 64 bits. 49.7.1 TRNG Usage Enabling the TRNG for operation is done using the TRNGEN bit (RNGCON<8>). Setting this bit starts the TRNG generating numbers. The random numbers are read through the RNGSEED1 and RNGSEED2 registers. This provides up to a 64-bit wide number for use. The number of valid bits in the registers are indicated in the RNGCNT register. It is recommended to wait until the value in that register equals or exceeds the number of bits desired before reading the value. 49.7.2 PRNG Usage Before starting the PRNG, it is necessary to set up the initial seed value, set the length of the polynomial, and the polynomial equation. The initial seed value is set by writing to the RNGNUMGEN1 and RNGNUMGEN2 registers, which are also the registers where the random value are read. The initial seed value can also be loaded from the TRNG by writing a '1' to the LOAD bit (RNGCON<12>). This action transfers the current value in the RNGSEEDx registers to the corresponding RNGNUMGENx registers. The polynomial length for the LSFR is set by writing the length (in bits) to the PLEN<7:0> bits (RNGCON<7:0>). Since the polynomial can be a maximum of 64 bits, the maximum value for this register would be 64. However, the actual length needed will depend on the needs of the application and the degree of pseudo-randomness needed. The polynomial equation itself is set via the RNGPOLYx registers. Setting a bit in these registers turns on the corresponding tap for the generation of the random numbers. Enabling the PRNG for operation is done by writing a '1' to the PRNGEN bit (RNGCON<9>). The following example sets the PRNG for a 42-bit maximal-length polynomial with the equation, x42 + x41 + x20 + x19 + 1, initializes the random number with a set value, and turns on the PRNG. Example 49-7: PRNG Configuration RNGPOLY1 = 0x00C00003; RNGPOLY2 = 0x00000000; RNGNUMGEN1 = 0x090a0b0c; RNGNUMGEN2 = 0x0d0e0f10; RNGCON.PLEN = 42; RNGCON.CONT = 1; Once the PRNG has been turned on, it is necessary to wait PLEN cycles before reading the RNGNUMGENx registers. Reading the RNGNUMGENx registers will trigger the generation of the next random number, which will take PLEN clock cycles to complete. Optionally, a new random number can be generated every PLEN clock cycles by setting the CONT bit (RNGCON<10>). DS60001246B-page 49-42 © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) 49.8 RANDOM NUMBER GENERATOR INTERRUPTS The RNG does not generate interrupts in PIC32 devices. 49.9 EFFECTS OF VARIOUS RESETS 49.9.1 Device Reset All Crypto Engine and RNG registers are forced to their reset states upon a device Reset. For the Crypto Engine, and any on-going data transfers are aborted. For the RNG, the TRNG and PRNG halt their operations. 49.9.2 Power-on Reset All Crypto Engine and RNG registers are forced to their reset states upon a Power-on Reset. 49.9.3 NMI Reset All Crypto Engine and RNG registers are forced to their reset states if the NMI countdown lapses and a full reset is issued. 49.10 OPERATION IN POWER-SAVING MODES 49.10.1 Crypto Engine Operation in Sleep Mode When the PIC32 device enters Sleep mode, the system clock is disabled. No Crypto Engine transfers can occur in this mode. All clocks are stopped, so no further Crypto Engine activity can take place. Software is responsible for determining if a Crypto Engine operation is in progress and whether to prevent going to Sleep mode until such actions are finished. 49.10.2 Crypto Engine Operation in Idle Mode When the device enters Idle mode, the system and peripheral bus clock sources remain functional. The Crypto Engine will continue to operate in Idle mode, can continue operations, and can generate interrupts that will wake the CPU. 49.10.3 Random Number Generator Operation in Sleep Mode 49.10.4 Random Number Generator Operation in Idle Mode When the device enters Idle mode, the system and peripheral bus clock sources remain functional. The PRNG will continue to generate random numbers if the CONT bit was set. The TRNG will continue generating random numbers. The RNG cannot generate interrupts, and therefore it cannot wake the CPU. © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-43 49 Crypto Engine and Random Number Generator (RNG) When the PIC32 device enters Sleep mode, the system clock is disabled. The PRNG halts generating random numbers if the CONT bit was set. The state of the RNG registers is preserved, so random numbers can continue from their stopping point when Sleep mode was entered. The TRNG may continue generating random numbers, since it is dependent on ring oscillators that do not depend on the system clock. However, the random numbers may not be clocked into the RNGSEEDx registers. PIC32 Family Reference Manual 49.11 RELATED APPLICATION NOTES This section lists application notes that are related to this section of the manual. These application notes may not be written specifically for the PIC32 device family, but the concepts are pertinent and could be used with modification and possible limitations. The current application notes related to the Crypto Engine and Random Number Generator (RNG) are: Title Application Note # No related application notes at this time. Note: DS60001246B-page 49-44 N/A Please visit the Microchip web site (www.microchip.com) for additional application notes and code examples for the PIC32 family of devices. © 2013-2015 Microchip Technology Inc. Section 49. Crypto Engine and Random Number Generator (RNG) 49.12 REVISION HISTORY Revision A (November 2013) This is the initial released version of this document. Revision A (May 2015) This revision includes the following updates: • The Swap Output Data Enable bit (SWAPOEN) was added (see Table 49-1 and Register 49-2) • The Crypto Engine Buffer Descriptors were updated (see Table 49-3) • The ‘111’ and ‘110’ bit value definitions for the MULTITASK<2:0> bits were updated (see Figure 49-11) • 49.5.2.3 “Security Association Encryption Key and IV Data Alignment” was added • Additional minor updates to text and formatting were incorporated throughout the document 49 Crypto Engine and Random Number Generator (RNG) © 2013-2015 Microchip Technology Inc. DS60001246B-page 49-45 PIC32 Family Reference Manual NOTES: DS60001246B-page 49-46 © 2013-2015 Microchip Technology Inc. Note the following details of the code protection feature on Microchip devices: • Microchip products meet the specification contained in their particular Microchip Data Sheet. • Microchip believes that its family of products is one of the most secure families of its kind on the market today, when used in the intended manner and under normal conditions. • There are dishonest and possibly illegal methods used to breach the code protection feature. All of these methods, to our knowledge, require using the Microchip products in a manner outside the operating specifications contained in Microchip’s Data Sheets. Most likely, the person doing so is engaged in theft of intellectual property. • Microchip is willing to work with the customer who is concerned about the integrity of their code. • Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code. Code protection does not mean that we are guaranteeing the product as “unbreakable.” Code protection is constantly evolving. We at Microchip are committed to continuously improving the code protection features of our products. Attempts to break Microchip’s code protection feature may be a violation of the Digital Millennium Copyright Act. If such acts allow unauthorized access to your software or other copyrighted work, you may have a right to sue for relief under that Act. Information contained in this publication regarding device applications and the like is provided only for your convenience and may be superseded by updates. It is your responsibility to ensure that your application meets with your specifications. MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHER EXPRESS OR IMPLIED, WRITTEN OR ORAL, STATUTORY OR OTHERWISE, RELATED TO THE INFORMATION, INCLUDING BUT NOT LIMITED TO ITS CONDITION, QUALITY, PERFORMANCE, MERCHANTABILITY OR FITNESS FOR PURPOSE. Microchip disclaims all liability arising from this information and its use. Use of Microchip devices in life support and/or safety applications is entirely at the buyer’s risk, and the buyer agrees to defend, indemnify and hold harmless Microchip from any and all damages, claims, suits, or expenses resulting from such use. No licenses are conveyed, implicitly or otherwise, under any Microchip intellectual property rights. Trademarks The Microchip name and logo, the Microchip logo, dsPIC, FlashFlex, flexPWR, JukeBlox, KEELOQ, KEELOQ logo, Kleer, LANCheck, MediaLB, MOST, MOST logo, MPLAB, OptoLyzer, PIC, PICSTART, PIC32 logo, RightTouch, SpyNIC, SST, SST Logo, SuperFlash and UNI/O are registered trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. The Embedded Control Solutions Company and mTouch are registered trademarks of Microchip Technology Incorporated in the U.S.A. Analog-for-the-Digital Age, BodyCom, chipKIT, chipKIT logo, CodeGuard, dsPICDEM, dsPICDEM.net, ECAN, In-Circuit Serial Programming, ICSP, Inter-Chip Connectivity, KleerNet, KleerNet logo, MiWi, MPASM, MPF, MPLAB Certified logo, MPLIB, MPLINK, MultiTRAK, NetDetach, Omniscient Code Generation, PICDEM, PICDEM.net, PICkit, PICtail, RightTouch logo, REAL ICE, SQI, Serial Quad I/O, Total Endurance, TSHARC, USBCheck, VariSense, ViewSpan, WiperLock, Wireless DNA, and ZENA are trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. SQTP is a service mark of Microchip Technology Incorporated in the U.S.A. Silicon Storage Technology is a registered trademark of Microchip Technology Inc. in other countries. GestIC is a registered trademarks of Microchip Technology Germany II GmbH & Co. KG, a subsidiary of Microchip Technology Inc., in other countries. All other trademarks mentioned herein are property of their respective companies. © 2013-2015, Microchip Technology Incorporated, Printed in the U.S.A., All Rights Reserved. ISBN: 978-1-63277-420-0 QUALITY MANAGEMENT SYSTEM CERTIFIED BY DNV == ISO/TS 16949 == 2013-2015 Microchip Technology Inc. Microchip received ISO/TS-16949:2009 certification for its worldwide headquarters, design and wafer fabrication facilities in Chandler and Tempe, Arizona; Gresham, Oregon and design centers in California and India. The Company’s quality system processes and procedures are for its PIC® MCUs and dsPIC® DSCs, KEELOQ® code hopping devices, Serial EEPROMs, microperipherals, nonvolatile memory and analog products. In addition, Microchip’s quality system for the design and manufacture of development systems is ISO 9001:2000 certified. DS60001246B-page 49-47 Worldwide Sales and Service AMERICAS ASIA/PACIFIC ASIA/PACIFIC EUROPE Corporate Office 2355 West Chandler Blvd. Chandler, AZ 85224-6199 Tel: 480-792-7200 Fax: 480-792-7277 Technical Support: http://www.microchip.com/ support Web Address: www.microchip.com Asia Pacific Office Suites 3707-14, 37th Floor Tower 6, The Gateway Harbour City, Kowloon Hong Kong Tel: 852-2943-5100 Fax: 852-2401-3431 China - Xiamen Tel: 86-592-2388138 Fax: 86-592-2388130 China - Zhuhai Tel: 86-756-3210040 Fax: 86-756-3210049 Austria - Wels Tel: 43-7242-2244-39 Fax: 43-7242-2244-393 Denmark - Copenhagen Tel: 45-4450-2828 Fax: 45-4485-2829 India - Bangalore Tel: 91-80-3090-4444 Fax: 91-80-3090-4123 France - Paris Tel: 33-1-69-53-63-20 Fax: 33-1-69-30-90-79 India - New Delhi Tel: 91-11-4160-8631 Fax: 91-11-4160-8632 Germany - Dusseldorf Tel: 49-2129-3766400 Atlanta Duluth, GA Tel: 678-957-9614 Fax: 678-957-1455 Austin, TX Tel: 512-257-3370 Boston Westborough, MA Tel: 774-760-0087 Fax: 774-760-0088 Chicago Itasca, IL Tel: 630-285-0071 Fax: 630-285-0075 Cleveland Independence, OH Tel: 216-447-0464 Fax: 216-447-0643 Australia - Sydney Tel: 61-2-9868-6733 Fax: 61-2-9868-6755 China - Beijing Tel: 86-10-8569-7000 Fax: 86-10-8528-2104 China - Chengdu Tel: 86-28-8665-5511 Fax: 86-28-8665-7889 China - Chongqing Tel: 86-23-8980-9588 Fax: 86-23-8980-9500 China - Dongguan Tel: 86-769-8702-9880 China - Hangzhou Tel: 86-571-8792-8115 Fax: 86-571-8792-8116 Germany - Munich Tel: 49-89-627-144-0 Fax: 49-89-627-144-44 India - Pune Tel: 91-20-3019-1500 Germany - Pforzheim Tel: 49-7231-424750 Japan - Osaka Tel: 81-6-6152-7160 Fax: 81-6-6152-9310 Italy - Milan Tel: 39-0331-742611 Fax: 39-0331-466781 Japan - Tokyo Tel: 81-3-6880- 3770 Fax: 81-3-6880-3771 Italy - Venice Tel: 39-049-7625286 Korea - Daegu Tel: 82-53-744-4301 Fax: 82-53-744-4302 Netherlands - Drunen Tel: 31-416-690399 Fax: 31-416-690340 China - Hong Kong SAR Tel: 852-2943-5100 Fax: 852-2401-3431 Korea - Seoul Tel: 82-2-554-7200 Fax: 82-2-558-5932 or 82-2-558-5934 China - Nanjing Tel: 86-25-8473-2460 Fax: 86-25-8473-2470 Malaysia - Kuala Lumpur Tel: 60-3-6201-9857 Fax: 60-3-6201-9859 Detroit Novi, MI Tel: 248-848-4000 China - Qingdao Tel: 86-532-8502-7355 Fax: 86-532-8502-7205 Malaysia - Penang Tel: 60-4-227-8870 Fax: 60-4-227-4068 Houston, TX Tel: 281-894-5983 China - Shanghai Tel: 86-21-5407-5533 Fax: 86-21-5407-5066 Philippines - Manila Tel: 63-2-634-9065 Fax: 63-2-634-9069 China - Shenyang Tel: 86-24-2334-2829 Fax: 86-24-2334-2393 Singapore Tel: 65-6334-8870 Fax: 65-6334-8850 China - Shenzhen Tel: 86-755-8864-2200 Fax: 86-755-8203-1760 Taiwan - Hsin Chu Tel: 886-3-5778-366 Fax: 886-3-5770-955 China - Wuhan Tel: 86-27-5980-5300 Fax: 86-27-5980-5118 Taiwan - Kaohsiung Tel: 886-7-213-7828 Dallas Addison, TX Tel: 972-818-7423 Fax: 972-818-2924 Indianapolis Noblesville, IN Tel: 317-773-8323 Fax: 317-773-5453 Los Angeles Mission Viejo, CA Tel: 949-462-9523 Fax: 949-462-9608 New York, NY Tel: 631-435-6000 San Jose, CA Tel: 408-735-9110 Canada - Toronto Tel: 905-673-0699 Fax: 905-673-6509 China - Xian Tel: 86-29-8833-7252 Fax: 86-29-8833-7256 Poland - Warsaw Tel: 48-22-3325737 Spain - Madrid Tel: 34-91-708-08-90 Fax: 34-91-708-08-91 Sweden - Stockholm Tel: 46-8-5090-4654 UK - Wokingham Tel: 44-118-921-5800 Fax: 44-118-921-5820 Taiwan - Taipei Tel: 886-2-2508-8600 Fax: 886-2-2508-0102 Thailand - Bangkok Tel: 66-2-694-1351 Fax: 66-2-694-1350 01/27/15 DS60001246B-page 49-48 2013-2015 Microchip Technology Inc.