Software APIs
dif_edn.h
Go to the documentation of this file.
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_LIB_DIF_DIF_EDN_H_
6 #define OPENTITAN_SW_DEVICE_LIB_DIF_DIF_EDN_H_
7 
8 /**
9  * @file
10  * @brief <a href="/hw/ip/edn/doc/">Entropy Distribution Network</a> Device
11  * Interface Functions
12  *
13  * This API implements the interface for the Entropy Distribution Network (EDN)
14  * hardware.
15  *
16  * There are two main modes of operation:
17  *
18  * - boot-time: EDN configures the associated CSRNG instance to fetch pre-FIPS
19  * entropy immediately at boot-time or after reset.
20  * - auto refresh: EDN sends reseed and generate commands to the associated
21  * CSRNG instance. The API allows the user to set the CSRNG instantiate,
22  * reseed and generate para meters, as well as the reseed frequency.
23  */
24 
25 #include <stdint.h>
26 
27 #include "sw/device/lib/base/macros.h"
28 #include "sw/device/lib/base/mmio.h"
29 #include "sw/device/lib/dif/dif_base.h"
30 
31 #include "sw/device/lib/dif/autogen/dif_edn_autogen.h"
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif // __cplusplus
36 
37 enum {
38  /**
39  * Maximum seed material number of uint32_t words supported in CSRNG
40  * instantiate and seed commands.
41  */
42  kDifEntropySeedMaterialMaxWordLen = 12,
43 };
44 
45 enum {
46  /**
47  * Maximum generate length supported in CSRNG generate commands.
48  */
49  kDifEntropySeedMaterialMaxGlen = 4095,
50 };
51 
52 enum {
53  /**
54  * Maximum number of generate commands between reseed commands in
55  * the EDN auto mode.
56  */
57  kDifMaxNumReqsBetweenReseeds = 0xffffffff,
58 };
59 
60 enum {
61  /**
62  * Csrng commands
63  */
64  kDifEdnCmdInstantiate = 1,
65  kDifEdnCmdReseed = 2,
66  kDifEdnCmdGenerate = 3
67 };
68 
69 /**
70  * CSRNG seed material for instantiate, reseed and generate commands.
71  */
72 typedef struct dif_edn_seed_material {
73  /**
74  * Number of uint32_t words in `data`. Up to
75  * `kDifEntropySeedMaterialMaxWordLen` words can be set to initialize or
76  * reseed the CSRNG. CSRNG will extend the `data` to zeros if the provided
77  * value is less than kDifEntropySeedMaterialMaxWordLen.
78  */
79  size_t len;
80  /**
81  * Seed material used in CSRNG instantiate, reseed or generate call.
82  */
83  uint32_t data[kDifEntropySeedMaterialMaxWordLen];
84 } dif_edn_seed_material_t;
85 
86 /**
87  * CSRNG command parameters for instantiate, reseed and generate commands.
88  */
89 typedef struct dif_edn_cmd {
90  /**
91  * The CSRNG application interface command header. For details, refer to the
92  * CSRNG documentation.
93  */
94  uint32_t cmd;
95  /**
96  * Optional seed material.
97  */
98  dif_edn_seed_material_t seed_material;
99 } dif_edn_cmd_t;
100 
101 /**
102  * Auto-generate EDN module configuration parameters.
103  */
104 typedef struct dif_edn_auto_params {
105  /**
106  * CSRNG instantiate command material.
107  */
108  dif_edn_cmd_t instantiate_cmd;
109  /**
110  * CSRNG reseed command material.
111  */
112  dif_edn_cmd_t reseed_cmd;
113  /**
114  * CSRNG generate command material.
115  */
116  dif_edn_cmd_t generate_cmd;
117  /**
118  * Number of generate calls that can be made before a reseed request is made.
119  */
120  uint32_t reseed_interval;
121 } dif_edn_auto_params_t;
122 
123 /**
124  * EDN Status flags.
125  */
126 typedef enum dif_edn_status {
127  /**
128  * SW command register is ready to receive the next word of a command.
129  */
130  kDifEdnStatusRegReady,
131  /**
132  * Device is ready to receive a command.
133  */
134  kDifEdnStatusReady,
135  /**
136  * Device has received an error from the CSRNG block.
137  */
138  kDifEdnStatusCsrngStatus,
139  /**
140  * Device has recieved an ACK from the CSRNG block.
141  */
142  kDifEdnStatusCsrngAck,
143 } dif_edn_status_t;
144 
145 /**
146  * EDN SM states as defined in the EDN state machine RTL.
147  */
148 typedef enum dif_edn_sm_state {
149  /**
150  * Device is idle.
151  */
152  kDifEdnSmStateIdle = 193,
153  /**
154  * Boot mode: load the instantiate command.
155  */
156  kDifEdnSmStateBootLoadIns = 455,
157  /**
158  * Boot mode: wait for instantiate command ack.
159  */
160  kDifEdnSmStateBootInsAckWait = 121,
161  /**
162  * Boot mode: load the generate command.
163  */
164  kDifEdnSmStateBootLoadGen = 3,
165  /**
166  * Boot mode: wait for generate command ack.
167  */
168  kDifEdnSmStateBootGenAckWait = 119,
169  /**
170  * Boot mode: signal a done pulse.
171  */
172  kDifEdnSmStateBootPulse = 169,
173  /**
174  * Boot mode: stay in done state until reset.
175  */
176  kDifEdnSmStateBootDone = 240,
177  /**
178  * Boot mode: load the uninstantiate command.
179  */
180  kDifEdnSmStateBootLoadUni = 309,
181  /**
182  * Boot mode: wait for uninstantiate command ack.
183  */
184  kDifEdnSmStateBootUniAckWait = 44,
185  /**
186  * Auto mode: load the instantiate command.
187  */
188  kDifEdnSmStateAutoLoadIns = 444,
189  /**
190  * Auto mode: wait for first instantiate command ack.
191  */
192  kDifEdnSmStateAutoFirstAckWait = 419,
193  /**
194  * Auto mode: wait for instantiate command ack.
195  */
196  kDifEdnSmStateAutoAckWait = 146,
197  /**
198  * Auto mode: determine next command to be sent.
199  */
200  kDifEdnSmStateAutoDispatch = 353,
201  /**
202  * Auto mode: capture the gen fifo count.
203  */
204  kDifEdnSmStateAutoCaptGenCnt = 270,
205  /**
206  * Auto mode: send the generate command.
207  */
208  kDifEdnSmStateAutoSendGenCmd = 477,
209  /**
210  * Auto mode: capture the reseed fifo count.
211  */
212  kDifEdnSmStateAutoCaptReseedCnt = 191,
213  /**
214  * Auto mode: send the reseed command.
215  */
216  kDifEdnSmStateAutoSendReseedCmd = 106,
217  /**
218  * Sw port: no hw request mode.
219  */
220  kDifEdnSmStateSWPortMode = 149,
221  /**
222  * Stop accepting entropy from CSRNG.
223  */
224  kDifEdnSmStateRejectCsrngEntropy = 24,
225  /**
226  * Illegal state reached and hang.
227  */
228  kDifEdnSmStateError = 382,
229 } dif_edn_sm_state_t;
230 
231 /**
232  * Enumeration of EDN FIFOs, which indicates which part of the hardware
233  * produced an error.
234  */
235 typedef enum dif_edn_fifo {
236  kDifEdnFifoReseedCmd,
237  kDifEdnFifoGenerateCmd,
238 } dif_edn_fifo_t;
239 
240 /**
241  * Enumeration of EDN FIFO errors.
242  */
243 typedef enum dif_edn_error {
244  /**
245  * Indicates an error in the command ack state machine.
246  */
247  kDifEdnErrorAckSm,
248  /**
249  * Indicates an error in the main state machine.
250  */
251  kDifEdnErrorMainSm,
252  /**
253  * Indicates an error in a hardened counter.
254  */
255  kDifEdnErrorCounterFault,
256  /**
257  * Indicates a write to a full FIFO occured.
258  */
259  kDifEdnErrorFifoWrite,
260  /**
261  * Indicates a read from an empty FIFO occured.
262  */
263  kDifEdnErrorFifoRead,
264  /**
265  * Indicates a FIFO was somehow both full and empty.
266  */
267  kDifEdnErrorFifoFullAndEmpty,
268 } dif_edn_error_t;
269 
270 /**
271  * CSRNG consume seed from entropy source enable.
272  */
273 typedef enum dif_edn_entropy_src_toggle {
274  /**
275  * Seed material used as the only seed material.
276  *
277  * This configuration option will toggle the hardware state of the
278  * CSRNG to non-FIPS compliant until it is re-instantiated.
279  *
280  * Note: Software may opt to XOR the seed material with a seed to implement
281  * a software assisted FIPS mode of operation.
282  */
283  kDifEdnEntropySrcToggleDisable = 1,
284  /**
285  * Entropy source XOR'ed with the provided seed material.
286  */
287  kDifEdnEntropySrcToggleEnable = 0,
288 } dif_edn_entropy_src_toggle_t;
289 
290 /**
291  * Recoverable alerts emitted by the EDN.
292  */
293 typedef enum dif_edn_recoverable_alert {
294  /**
295  * Indicates a bad value was written to the EDN_ENABLE field of the control
296  * register.
297  */
298  kDifEdnRecoverableAlertBadEnable,
299  /**
300  * Indicates a bad value was written to the BOOT_REQ_MODE field of the control
301  * register.
302  */
303  kDifEdnRecoverableAlertBadBootReqMode,
304  /**
305  * Indicates a bad value was written to the AUTO_REQ_MODE field of the
306  * control register.
307  */
308  kDifEdnRecoverableAlertBadAutoReqMode,
309  /**
310  * Indicates a bad value was written to the CMD_FIFO_RST field of the
311  * control register.
312  */
313  kDifEdnRecoverableAlertBadFifoClear,
314  /**
315  * Indicates the genbits bus saw two identical values, indicating a possible
316  * attack.
317  */
318  kDifEdnRecoverableAlertRepeatedGenBits,
319 } dif_edn_recoverable_alert_t;
320 
321 /**
322  * Configures EDN with runtime information.
323  *
324  * This function should need to be called once for the lifetime of `handle`.
325  *
326  * @param edn An EDN handle.
327  * @return The result of the operation.
328  */
329 OT_WARN_UNUSED_RESULT
330 dif_result_t dif_edn_configure(const dif_edn_t *edn);
331 
332 /**
333  * Locks out EDN functionality.
334  *
335  * This function is reentrant: calling it while functionality is locked will
336  * have no effect and return `kDifEdnOk`.
337  *
338  * @param edn An EDN handle.
339  * @return The result of the operation.
340  */
341 OT_WARN_UNUSED_RESULT
342 dif_result_t dif_edn_lock(const dif_edn_t *edn);
343 
344 /**
345  * Checks whether this EDN is locked.
346  *
347  * @param edn An EDN handle.
348  * @param[out] is_locked Out-param for the locked state.
349  * @return The result of the operation.
350  */
351 OT_WARN_UNUSED_RESULT
352 dif_result_t dif_edn_is_locked(const dif_edn_t *edn, bool *is_locked);
353 
354 /**
355  * Enables the EDN in boot-time mode.
356  *
357  * Each call to this function should be sequenced with a call to
358  * `dif_edn_stop()`.
359  *
360  * @param edn An EDN handle.
361  * @return The result of the operation.
362  */
363 OT_WARN_UNUSED_RESULT
364 dif_result_t dif_edn_set_boot_mode(const dif_edn_t *edn);
365 
366 /**
367  * Enables the EDN in auto refresh mode.
368  *
369  * Each call to this function should be sequenced with a call to
370  * `dif_edn_stop()`.
371  *
372  * @param edn An EDN handle.
373  * @param config Auto request configuration parameters.
374  * @return The result of the operation.
375  */
376 OT_WARN_UNUSED_RESULT
377 dif_result_t dif_edn_set_auto_mode(const dif_edn_t *edn,
378  dif_edn_auto_params_t config);
379 
380 /**
381  * Queries the EDN status flags.
382  *
383  * @param edn An EDN handle.
384  * @param flag Status flag to query.
385  * @param set Flag state (set/unset).
386  * @return The result of the operation.
387  */
388 OT_WARN_UNUSED_RESULT
389 dif_result_t dif_edn_get_status(const dif_edn_t *edn, dif_edn_status_t flag,
390  bool *set);
391 
392 /**
393  * Queries the EDN error flags.
394  *
395  * @param edn An EDN handle.
396  * @param[out] unhealthy_fifos Bitset of FIFOs in an unhealthy state; indices
397  * are `dif_edn_fifo_t`.
398  * @param[out] errors Bitset of errors relating to the above FIFOs; indices are
399  * `dif_edn_error_t`.
400  * @return The result of the operation.
401  */
402 OT_WARN_UNUSED_RESULT
403 dif_result_t dif_edn_get_errors(const dif_edn_t *edn, uint32_t *unhealthy_fifos,
404  uint32_t *errors);
405 
406 /**
407  * Forces the status registers to indicate `fifo` as being in an unhealthy
408  * state.
409  *
410  * @param edn An EDN handle
411  * @param fifo The FIFO to mark as unhealthy.
412  * @return The result of the operation.
413  */
414 OT_WARN_UNUSED_RESULT
415 dif_result_t dif_edn_get_cmd_unhealthy_fifo_force(const dif_edn_t *edn,
416  dif_edn_fifo_t fifo);
417 
418 /**
419  * Forces the status registers to indicate a particular error cause.
420  *
421  * @param edn An EDN handle
422  * @param error The error to force.
423  * @return The result of the operation.
424  */
425 OT_WARN_UNUSED_RESULT
426 dif_result_t dif_edn_get_cmd_error_force(const dif_edn_t *edn,
427  dif_edn_error_t error);
428 
429 /**
430  * Returns an opaque blob indicating the main state machine's current state.
431  *
432  * @param csrng An EDN handle
433  * @param state[out] The state machine state as an opaque blob.
434  * @return The result of the operation.
435  */
436 OT_WARN_UNUSED_RESULT
437 dif_result_t dif_edn_get_main_state_machine(const dif_edn_t *edn,
438  uint32_t *state);
439 
440 /**
441  * Initializes CSRNG instance with a new seed value.
442  *
443  * `seed_material` is used as specified in NIST SP 800-90Ar1 section
444  * 10.2.1.3.1.
445  *
446  * `seed_material` can be NULL, in which case CSRNG will use a zero
447  * vector instead.
448  *
449  * @param edn An EDN handle.
450  * @param entropy_src_enable Entropy source input enable.
451  * @param seed_material Seed initialization parameters.
452  * @return The result of the operation.
453  */
454 OT_WARN_UNUSED_RESULT
455 dif_result_t dif_edn_instantiate(
456  const dif_edn_t *edn, dif_edn_entropy_src_toggle_t entropy_src_enable,
457  const dif_edn_seed_material_t *seed_material);
458 
459 /**
460  * Reseeds CSRNG instance.
461  *
462  * When `seed_material.seed_material_len` is set to 0, only the entropy source
463  * seed is used to reseed the instance, otherwise it will be XOR'ed with the
464  * entropy source.
465  *
466  * @param edn An EDN handle.
467  * @param seed_material Reseed parameters.
468  * @return The result of the operation.
469  */
470 OT_WARN_UNUSED_RESULT
471 dif_result_t dif_edn_reseed(const dif_edn_t *edn,
472  const dif_edn_seed_material_t *seed_material);
473 
474 /**
475  * Updates CSRNG state.
476  *
477  * This function is similar to `dif_edn_reseed()`, except:
478  *
479  * - Only `seed_material.seed_material` is used in the update operation.
480  * - The update operation does not reset the internal CSRNG reseed
481  * counter.
482  *
483  * @param edn An EDN handle.
484  * @param seed_material Update parameters.
485  * @return The result of the operation.
486  */
487 OT_WARN_UNUSED_RESULT
488 dif_result_t dif_edn_update(const dif_edn_t *edn,
489  const dif_edn_seed_material_t *seed_material);
490 
491 /**
492  * Requests cryptographic entropy bits from the CSRNG.
493  *
494  * The prediction resistance flag as specified in SP 800-90Ar1 section
495  * 10.2.1.1 is not directly supported by the hardware. It is the
496  * responsibility of the caller to reseed as needed before calling
497  * this function.
498  *
499  * The CSRNG accepts generation requests with 128-bit granularity, with
500  * a minimum 128-bit request size. This function will increase the size
501  * of the request to align it to the nearest 128-bit boundary.
502  *
503  * @param edn An EDN handle.
504  * @param len Number of uint32_t words to generate.
505  * @return The result of the operation. KDifOutOfRange if the `len` parameter
506  * results in a 128bit block level size greater than 0x800.
507  */
508 OT_WARN_UNUSED_RESULT
509 dif_result_t dif_edn_generate_start(const dif_edn_t *edn, size_t len);
510 
511 /**
512  * Uninstantiates CSRNG.
513  *
514  * Resets the CSRNG instance. Values in the CSRNG are zeroed out. This
515  * command effectively resets the CSRNG, clearing any errors that it
516  * may have encountered due to processing or entropy source errors.
517  *
518  * @param edn An EDN handle.
519  * @return The result of the operation.
520  */
521 OT_WARN_UNUSED_RESULT
522 dif_result_t dif_edn_uninstantiate(const dif_edn_t *edn);
523 
524 /**
525  * Stops the current mode of operation and disables the entropy module.
526  *
527  * @param edn An EDN handle.
528  * @return The result of the operation.
529  */
530 OT_WARN_UNUSED_RESULT
531 dif_result_t dif_edn_stop(const dif_edn_t *edn);
532 
533 /**
534  * Gets the recoverable alerts currently recorded in the EDN block.
535  *
536  * This function returns the alerts in a bitset whose indices are given by
537  * `dif_edn_recoverable_alert_t`.
538  *
539  * @param edn An EDN handle.
540  * @param[out] alerts Bitset of alerts currently recorded.
541  * @return The result of the operation.
542  */
543 OT_WARN_UNUSED_RESULT
544 dif_result_t dif_edn_get_recoverable_alerts(const dif_edn_t *edn,
545  uint32_t *alerts);
546 
547 /**
548  * Clears all recoverable alerts currently recorded in the EDN block.
549  *
550  * @param edn An EDN handle.
551  * @return The result of the operation.
552  */
553 OT_WARN_UNUSED_RESULT
554 dif_result_t dif_edn_clear_recoverable_alerts(const dif_edn_t *edn);
555 
556 #ifdef __cplusplus
557 } // extern "C"
558 #endif // __cplusplus
559 
560 #endif // OPENTITAN_SW_DEVICE_LIB_DIF_DIF_EDN_H_
Return to OpenTitan Documentation