caesar io specification v1 1

8/10/2019 CAESAR IO Specification v1 1

1/7

Specification of the

CAESAR Input/Output Processors

Ekawat Homsirikamol

ver. 1.1

December 7, 2014


2/7

Input Processor: Generics

Name DefaultValue

Definition

G_W 64 Public data width (bits)

G_SW 64 Secret data width (bits)

G_IV_SIZE 128 IV or Nonce size (bits) G_BLOCK_SIZE 128 Block size (bits)

G_BS_BYTES 4 The number of bits required to hold the size of an incomplete block, expressed in bytes = log2_ceil(G_BLOCK_SIZE/8)

G_KEY_SIZE 128 Key size (bits)

G_PAD 0 Enable padding

G_DISABLE_IV_PORT 0 Disable IV port

Input Processor: Constants(defined in ae_pkg.vhd)

Name Default Value DefinitionCTR_AD_SIZE 64 The width of the len_a port representing

the length of associated dataCTR_D_SIZE 64 The width of the len_d port

representing the length of data (thelength of message for encryption, andthe length of ciphertext for decryption)


3/7

Input Processor: Ports

Name Direction Width Definition

clk in 1 Global clock signal

rst in 1 Global reset signal (synchronous)

pdi in W Public data input

pdi_ready in 1 Public data input ready

pdi_read out 1 Public data input read

sdi in SW Secret data input

sdi_ready in 1 Secret data input ready

sdi_read out 1 Secret data input read

key out KEY_SIZE Key data

bdi out BLOCK_SIZE Input block data

iv out IV_SIZE IV or Nonce. This port is inactive if G_DISABLE_IV_PORT = 1.

len_a out CTR_AD_SIZE Length of authenticated data in bytes (used in some algorithms) len_d out CTR_D_SIZE Length of data in bytes (used in some algorithms)

key_ready out 1 Key ready signal.

key_needs_update out 1 Key needs an update signal. This signal indicates to the crypto corethat the key should be updated (i.e., new round keys calculated). Thecrypto core should update the key before the next input is processed.

key_updated in 1 Return signal from the crypto core acknowledging that the key has been updated

iv_ready out 1 IV ready signal. This port is inactive if G_DISABLE_IV_PORT = 1

bdi_ready out 1 Block ready signal

bdi_ad out 1 Input block is an authenticated data

bdi_nsec out 1 Input block is a secret message number

bdi_decrypt out 1 Current input should be decrypted. See FAQ for more info.

bdi_pad out 1 Current block has been padded

bdi_eot out 1 Current block is the last block of its type. There may be more data blocks belonging to different segments following this block. Forinstance, if the current block is IV, the subsequent block is generallyeither of type message or authenticated data.

bdi_eoi out 1 Current block is the last block of the given public data input (i.e., all

segments associated with a given message or ciphertext). This signifiesthat the following block will be the first block of the group ofsegments associated with another message or ciphertext..

bdi_nodata out 1 Current block has no data (it contains only padding)

bdi_read in 1 Return signal from the crypto core indicating that data block is beingread

bdi_size out G_BS_BYTES The size of the current block in bytes (0 for full blocks)

bypass_full in 1 Bypass FIFO indicating that it is full

bypass_wr out 1 Write signal to bypass FIFO


4/7

Output Processor: Generics

Name DefaultValue

Definition

G_W 64 Output width (bits)

G_BLOCK_SIZE 128 Output block size (bits)

G_TAG_SIZE 128 Tag size (bits)


5/7

Output Processor: Ports

Port Direction Width Definition

clk in 1 Global clock signal

rst in 1 Global reset signal (synchronous)

do in W Output data out

do_ready in 1 Output ready

do_write out 1 Output write

bypass_data in W Bypass FIFO data

bypass_empty in 1 Bypass FIFO empty

bypass_rd out 1 Bypass FIFO read

piso_ready out 1 Signal indicating that the unit is ready to accept more data

piso_write in 1 Input data write

piso_data in BLOCK_SIZE Input data from crypto core


6/7

FAQ

What is a Bypass FIFO?

Bypass FIFO is a standard FIFO used for holding public input data that should be transferred to the output moduleunchanged. These data include for example segment headers and authenticated data. This data is held in the Bypass FIFO fora short period of time until the output processor is ready to receive it.

What should I do when an output port is not being used?

When an output port is not being used, one can simply ignore the output port or assign the value open in the port mapinstantiation. For instance, bdi_size => open, would tell the synthesis tool to ignore this output port.

How to load a new key and activate it?

For the first message and the subsequent key change, a new key must be loaded into the input processor via the SDI porfirst. This can be done by providing the LOAD_KEY instruction. A typical key loading sequence of words is shown below:

# 001 : Instruction(Opcode=Load key)1 INS = 0104010000000000

# 001 : SgtHdr (Size= 16) (PAD=0)(EOI=1)(EOT=1)(SgtType=Key)2 HDR = 01630000000000103 DAT = D7B1CB5221D16D924 DAT = BB910D157C6F1C04

The first word specifies the load key instruction. The second word specifies that the subsequent data segment is of the keytype, with the size of 16 bytes (128 bits). No padding is used. This segment is also the end-of-type and the end-of-inputsegment. The next two words consist of the key data.

Before the new key becomes active, it must be activated via the PDI port first. This mechanism facilitates the

synchronization between the two input ports. It also allows us to load a new key without interfering with the key that is beingused. A typical key activation process is shown below:

# 001 : Instruction (Opcode=Activate key)1 INS = 0105010000000000

This word must be applied before any other instruction word.

In order to properly handle keys, the cryptographic core should monitor the key_needs_update and key_ready signals, and provide key_updated signal at the appropriate time. The circuit should operate as follows:

o After reset, key_needs_update and key_ready are low.

At this point, a new key can be loaded into the input processor at any time.o After the new key is loaded, key_ready goes high.o After the instruction ACTIVATE_KEY is received at the PDI port, the key_needs_update goes high.

Note: If the ACTIVATE_KEY instruction is applied at the PDI port before the key is fully loaded, the input_processorwill automatically stall the PDI loading process. User needs not worry about synchronization at this point.

o After the key_needs_update goes high, the cryptographic core should respond with an active key_updated signal after thekey scheduling is completed. If there is no key scheduling required, user can set the key_updated signal right away.

o After the key_updated is received, the key_needs_update signal goes low and remains low until the nextACTIVATE_KEY instruction.

o The key_ready signal goes low again at the end of input.


7/7

caesar io specification v1 1

Documents