Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added SCA randomness #5

Merged
merged 1 commit into from
Oct 3, 2024
Merged

added SCA randomness #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 51 additions & 5 deletions src/mldsa_top/rtl/mldsa_ctrl.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,9 @@ module mldsa_ctrl
output logic [1:0][3:0][19:0] sigdecode_z_rd_data_o,
input logic sigdecode_z_done_i,

output logic lfsr_enable_o,
output logic [1:0][LFSR_W-1:0] lfsr_seed_o,

//Interrupts
output logic error_intr,
output logic notif_intr
Expand All @@ -144,6 +147,7 @@ module mldsa_ctrl
logic [15:0] sampler_src_offset;
logic [15:0] sampler_imm;

logic [ENTROPY_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] entropy_reg;
logic [SEED_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] seed_reg;
logic [MSG_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] msg_reg;
logic [SIGN_RND_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] sign_rnd_reg;
Expand Down Expand Up @@ -192,12 +196,23 @@ module mldsa_ctrl

//Interrupts
logic mldsa_status_done_d, mldsa_status_done_p;

logic set_entropy;
logic [7:0][63:0] lfsr_entropy_reg;
logic [MsgWidth-1:0] counter_reg;

assign mldsa_reg_hwif_in_o = mldsa_reg_hwif_in;
assign mldsa_reg_hwif_out = mldsa_reg_hwif_out_i;

always_comb mldsa_ready = (prog_cntr == MLDSA_RESET);

always_ff @(posedge clk or negedge rst_b) begin
if (!rst_b)
counter_reg <= '0;
else
counter_reg <= counter_reg + 1;
end

//HWIF to reg block
always_comb mldsa_reg_hwif_in.reset_b = rst_b;
always_comb mldsa_reg_hwif_in.hard_reset_b = rst_b; //FIXME interface needs a hard reset signal?
Expand All @@ -220,7 +235,13 @@ module mldsa_ctrl
mldsa_reg_hwif_in.MLDSA_PUBKEY[dword].rd_ack = mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req & ~mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req_is_wr; //FIXME protect with key done
mldsa_reg_hwif_in.MLDSA_PUBKEY[dword].wr_ack = mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req & mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req_is_wr; //FIXME protect with busy
mldsa_reg_hwif_in.MLDSA_PUBKEY[dword].rd_data = publickey_reg.raw[PUBKEY_NUM_DWORDS-1-dword];
end
end

for (int dword=0; dword < ENTROPY_NUM_DWORDS; dword++)begin
entropy_reg[dword] = mldsa_reg_hwif_out.MLDSA_ENTROPY[ENTROPY_NUM_DWORDS-1-dword].ENTROPY.value;
mldsa_reg_hwif_in.MLDSA_ENTROPY[dword].ENTROPY.hwclr = zeroize;
end

for (int dword=0; dword < SEED_NUM_DWORDS; dword++)begin
seed_reg[dword] = mldsa_reg_hwif_out.MLDSA_SEED[SEED_NUM_DWORDS-1-dword].SEED.value;
mldsa_reg_hwif_in.MLDSA_SEED[dword].SEED.we = '0;
Expand Down Expand Up @@ -474,7 +495,9 @@ module mldsa_ctrl
MLDSA_RHO_P_KAPPA_ID: msg_data_o[0] = msg_done ? {48'b0,(kappa_reg + sampler_imm[2:0])} : rho_p_reg[sampler_src_offset[2:0]];
MLDSA_SIG_C_REG_ID: msg_data_o[0] = {signature_reg.enc.c[{sampler_src_offset[2:0],1'b1}], signature_reg.enc.c[{sampler_src_offset[2:0],1'b0}]};
MLDSA_PK_REG_ID: msg_data_o[0] = {publickey_reg.raw[{sampler_src_offset[8:0],1'b1}],publickey_reg.raw[{sampler_src_offset[8:0],1'b0}]};
default: msg_data_o[0] = '0;
MLDSA_ENTROPY_ID: msg_data_o[0] = lfsr_entropy_reg[sampler_src_offset[2:0]];
MLDSA_CNT_ID: msg_data_o[0] = counter_reg;
default: msg_data_o[0] = '0;
endcase
end

Expand All @@ -501,6 +524,23 @@ module mldsa_ctrl
end
end

// without zeroize to make it more complex
always_ff @(posedge clk or negedge rst_b) begin
if (!rst_b) begin
lfsr_seed_o <= '0;
lfsr_entropy_reg <= '0;
end
else if (set_entropy) begin
lfsr_entropy_reg <= lfsr_entropy_reg ^ entropy_reg;
end
else if (sampler_state_dv_i) begin
if (instr.operand3 == MLDSA_DEST_LFSR_SEED_REG_ID) begin
lfsr_seed_o <= sampler_state_data_i[0][2*LFSR_W-1:0];
lfsr_entropy_reg <= sampler_state_data_i[0][2*LFSR_W+511:2*LFSR_W];
end
end
end

always_ff @(posedge clk or negedge rst_b) begin
if (!rst_b) begin
kappa_reg <= '0;
Expand Down Expand Up @@ -613,6 +653,7 @@ module mldsa_ctrl
set_c_valid = 0;
update_kappa = 0;
set_verify_valid = 0;
set_entropy = 0;
prog_cntr_nxt = MLDSA_RESET;

unique case (prog_cntr) inside
Expand All @@ -622,10 +663,12 @@ module mldsa_ctrl
MLDSA_KEYGEN : begin // keygen
prog_cntr_nxt = MLDSA_KG_S;
keygen_process_nxt = 1;
set_entropy = 1;
end
MLDSA_SIGN : begin // signing
prog_cntr_nxt = MLDSA_SIGN_S;
prog_cntr_nxt = MLDSA_SIGN_RND_S;
signing_process_nxt = 1;
set_entropy = 1;
end
MLDSA_VERIFY : begin // verifying
prog_cntr_nxt = MLDSA_VERIFY_S;
Expand All @@ -635,6 +678,7 @@ module mldsa_ctrl
MLDSA_KEYGEN_SIGN : begin // KEYGEN + SIGNING
prog_cntr_nxt = MLDSA_KG_S;
keygen_signing_process_nxt = 1;
set_entropy = 1;
end
default : begin
prog_cntr_nxt = MLDSA_RESET;
Expand Down Expand Up @@ -803,6 +847,7 @@ always_comb begin : primary_ctrl_fsm_out_combo
sigdecode_h_enable_o = 0;
sigdecode_z_enable_o = 0;
normcheck_enable[0] = 0;
lfsr_enable_o = 0;

unique case (ctrl_fsm_ps)
MLDSA_CTRL_IDLE: begin
Expand Down Expand Up @@ -853,7 +898,7 @@ always_comb begin : primary_ctrl_fsm_out_combo
sigdecode_h_enable_o = (instr.opcode.mode.aux_mode == MLDSA_SIGDEC_H);
sigdecode_z_enable_o = (instr.opcode.mode.aux_mode == MLDSA_SIGDEC_Z);
normcheck_enable[0] = (instr.opcode.mode.aux_mode == MLDSA_NORMCHK);

lfsr_enable_o = (instr.opcode.mode.aux_mode == MLDSA_LFSR);
end
end
MLDSA_CTRL_DONE: begin
Expand All @@ -864,7 +909,8 @@ always_comb begin : primary_ctrl_fsm_out_combo
(instr.opcode.aux_en & (instr.opcode.mode.aux_mode == MLDSA_PKDECODE) & pkdecode_done_i) |
(instr.opcode.aux_en & (instr.opcode.mode.aux_mode == MLDSA_SIGDEC_H) & sigdecode_h_done_i) |
(instr.opcode.aux_en & (instr.opcode.mode.aux_mode == MLDSA_SIGDEC_Z) & sigdecode_z_done_i) |
(instr.opcode.aux_en & (instr.opcode.mode.aux_mode == MLDSA_NORMCHK) & normcheck_done_i)) begin
(instr.opcode.aux_en & (instr.opcode.mode.aux_mode == MLDSA_NORMCHK) & normcheck_done_i) |
(instr.opcode.aux_en & (instr.opcode.mode.aux_mode == MLDSA_LFSR)) ) begin

ctrl_fsm_ns = MLDSA_CTRL_IDLE;

Expand Down
22 changes: 16 additions & 6 deletions src/mldsa_top/rtl/mldsa_ctrl_pkg.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,9 @@ package mldsa_ctrl_pkg;

localparam T1_NUM_COEFF = 2048;
localparam T1_COEFF_W = 10;

localparam RND_W = 236; //5*46 + 6
localparam LFSR_W = RND_W / 2;

typedef struct packed {
logic [415:0][63:0] t0;
Expand Down Expand Up @@ -120,7 +123,8 @@ package mldsa_ctrl_pkg;
MLDSA_SIGDEC_H,
MLDSA_SIGDEC_Z,
MLDSA_HINTSUM,
MLDSA_DECOMP
MLDSA_DECOMP,
MLDSA_LFSR
} mldsa_aux_mode_e;


Expand Down Expand Up @@ -181,6 +185,7 @@ package mldsa_ctrl_pkg;
localparam mldsa_opcode_t MLDSA_UOP_HINTSUM = '{keccak_en: 1'b0, sampler_en:1'b0, ntt_en:1'b0, aux_en: 1'b1, mode:MLDSA_HINTSUM, sca_en:1'b0};
localparam mldsa_opcode_t MLDSA_UOP_USEHINT = '{keccak_en: 1'b0, sampler_en:1'b0, ntt_en:1'b0, aux_en: 1'b1, mode:MLDSA_USEHINT, sca_en:1'b0};
localparam mldsa_opcode_t MLDSA_UOP_PWR2RND = '{keccak_en: 1'b0, sampler_en:1'b0, ntt_en:1'b0, aux_en: 1'b1, mode:MLDSA_PWR2RND, sca_en:1'b0};
localparam mldsa_opcode_t MLDSA_UOP_LFSR = '{keccak_en: 1'b0, sampler_en:1'b0, ntt_en:1'b0, aux_en: 1'b1, mode:MLDSA_LFSR, sca_en:1'b0};

//Immediate encodings
localparam [MLDSA_IMM_WIDTH-1:0] MLDSA_NORMCHK_Z = 'h0000;
Expand All @@ -200,6 +205,7 @@ package mldsa_ctrl_pkg;
localparam [MLDSA_OPR_WIDTH-1 : 0] MLDSA_DEST_SIG_C_REG_ID = 'd5;
localparam [MLDSA_OPR_WIDTH-1 : 0] MLDSA_DEST_TR_REG_ID = 'd6;
localparam [MLDSA_OPR_WIDTH-1 : 0] MLDSA_DEST_VERIFY_RES_REG_ID = 'd7;
localparam [MLDSA_OPR_WIDTH-1 : 0] MLDSA_DEST_LFSR_SEED_REG_ID = 'd8;

//SRC register IDs
localparam [MLDSA_OPR_WIDTH-1 : 0] MLDSA_MSG_ID = 'd15;
Expand All @@ -213,6 +219,8 @@ package mldsa_ctrl_pkg;
localparam [MLDSA_OPR_WIDTH-1 : 0] MLDSA_RHO_P_KAPPA_ID = 'd23;
localparam [MLDSA_OPR_WIDTH-1 : 0] MLDSA_SIG_C_REG_ID = 'd24;
localparam [MLDSA_OPR_WIDTH-1 : 0] MLDSA_PK_REG_ID = 'd25;
localparam [MLDSA_OPR_WIDTH-1 : 0] MLDSA_ENTROPY_ID = 'd26;
localparam [MLDSA_OPR_WIDTH-1 : 0] MLDSA_CNT_ID = 'd27;

//SK offsets in dwords
localparam [MLDSA_OPR_WIDTH-1 : 0] MLDSA_SK_S1_OFFSET = 'd32;
Expand Down Expand Up @@ -354,14 +362,16 @@ package mldsa_ctrl_pkg;
//KG
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_RESET = 'd0;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_KG_S = MLDSA_RESET + 2;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_KG_JUMP_SIGN = MLDSA_KG_S + 98;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_KG_E = MLDSA_KG_S + 99;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_KG_JUMP_SIGN = MLDSA_KG_S + 101;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_KG_E = MLDSA_KG_JUMP_SIGN + 1;
//Signing
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_S = MLDSA_KG_E + 2;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_RND_S = MLDSA_KG_E + 2;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_S = MLDSA_SIGN_RND_S + 3;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_CHECK_Y_CLR = MLDSA_SIGN_S+ 5;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_MAKE_Y_S = MLDSA_SIGN_CHECK_Y_CLR + 1;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_LFSR_S = MLDSA_SIGN_CHECK_Y_CLR + 1;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_MAKE_Y_S = MLDSA_SIGN_LFSR_S + 3;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_CHECK_W0_CLR = MLDSA_SIGN_MAKE_Y_S+ 14;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_MAKE_W_S = MLDSA_SIGN_MAKE_Y_S+ 15;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_MAKE_W_S = MLDSA_SIGN_CHECK_W0_CLR+ 1;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_SET_Y = MLDSA_SIGN_MAKE_W_S+ 64;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_MAKE_W = MLDSA_SIGN_MAKE_W_S+ 66;
localparam [MLDSA_PROG_ADDR_W-1 : 0] MLDSA_SIGN_SET_W0 = MLDSA_SIGN_MAKE_W+ 1;
Expand Down
Loading
Loading