Using MachXO3D ESB to Implement SHA256

Reference Design

FPGA-RD-02054-0.90

May 2019
Disclaimers
Lattice makes no warranty, representation, or guarantee regarding the accuracy of information contained in this document or the suitability of its products for any particular purpose. All information herein is provided AS IS and with all faults, and all risk associated with such information is entirely with Buyer. Buyer shall not rely on any data and performance specifications or parameters provided herein. Products sold by Lattice have been subject to limited testing and it is the Buyer’s responsibility to independently determine the suitability of any products and to test and verify the same. No Lattice products should be used in conjunction with mission- or safety-critical or any other application in which the failure of Lattice’s product could create a situation where personal injury, death, severe property or environmental damage may occur. The information provided in this document is proprietary to Lattice Semiconductor, and Lattice reserves the right to make any changes to the information in this document or to any products at any time without notice.
Contents

Acronyms in This Document ........................................................................................................... 4
1. Introduction .................................................................................................................................. 5
2. Reference Design Overview ......................................................................................................... 6
   2.1. Block Diagram ....................................................................................................................... 6
   2.2. Overview ............................................................................................................................... 6
3. Functional Description .................................................................................................................. 7
   3.1. Parameter of the Reference Design ....................................................................................... 7
   3.2. Input/Output of the Reference Design ................................................................................... 7
   3.3. Interface with WISHBONE Bus Only ..................................................................................... 8
   3.4. Interface with WISHBONE Bus and HSP Bus ...................................................................... 9
   3.5. ESB Registers for SHA256 .................................................................................................. 10
4. HDL Simulation and Verification ................................................................................................. 12
5. Implementation ............................................................................................................................. 14
References ........................................................................................................................................ 15
Technical Support Assistance ........................................................................................................... 16
Revision History ............................................................................................................................... 17

Figures

Figure 2.1. Top-Level Block Diagram ............................................................................................. 6
Figure 2.2. Top-Level Block Diagram ............................................................................................. 6
Figure 3.1. I/O Diagram of SHA256 Reference Design .................................................................. 7
Figure 3.2. Timing Diagram of Signal ready, Message Valid, and Message for WISHBONE Bus .... 8
Figure 3.3. Timing Diagram of Signal digest_valid and digest for WISHBONE Bus ....................... 8
Figure 3.4. Timing Diagram of Signal ready, Message Valid and Message for HSP Bus ................. 9
Figure 3.5. SHA256 Digest Generation Algorithm ......................................................................... 11
Figure 4.1. Emulated SHA256 Message Written Transmission with HSP Bus ...................... 12
Figure 4.2. Emulated SHA256 Digest Output Transmission with HSP Bus .............................. 12
Figure 4.3. Emulated SHA256 Message Written Transmission with WISHBONE Bus ............ 12
Figure 4.4. Emulated SHA256 Digest Output Transmission with WISHBONE Bus ................ 13

Tables

Table 3.1. SHA256 Parameter Description ..................................................................................... 7
Table 3.2. Pin Descriptions ............................................................................................................. 7
Table 3.3. Register Descriptions .................................................................................................... 10
Table 5.1. Performance and Resource Utilization Using WISHBONE Bus Only ...................... 14
Table 5.2. Performance and Resource Utilization Using WISHBONE Bus and HSP Bus ........ 14
## Acronyms in This Document

A list of acronyms used in this document.

<table>
<thead>
<tr>
<th>Acronym</th>
<th>Definition</th>
</tr>
</thead>
<tbody>
<tr>
<td>AES</td>
<td>Advanced Encryption Standard</td>
</tr>
<tr>
<td>ECDSA</td>
<td>Elliptic Curve Digital Signature Algorithm</td>
</tr>
<tr>
<td>ESB</td>
<td>Embedded Security Block</td>
</tr>
<tr>
<td>HSP</td>
<td>High Speed Port</td>
</tr>
<tr>
<td>SHA256</td>
<td>256-bit Secure Hash Algorithm</td>
</tr>
</tbody>
</table>
1. Introduction

A hash function maps an input of arbitrary length into a fixed number of output bits, the digest or hash value. This digest should be the same each time the same input is hashed. The hash function has two properties:

- If someone gets a digest, determining its original script is difficult or impossible.
- Having two different messages that can be hashed to the same digest is difficult or impossible.

SHA256 is a novel hash function with 256 bits fixed output. The most important use of this hash function is the information authentication protection and use as a digital signature schemes tool.

The MachXO3D™ device is the next product family of the MachXO™ product line with key features such as security and on-chip dual boot. The ESB submodule of the MachXO3D device focuses on security features and involves cryptographic functions such as Elliptic Curve Digital Signature Algorithm (ECDSA), Advanced Encryption Standard (AES), and SHA256. This reference design takes advantage of the ESB implementing SHA256 function.

Note: Knowledge of the SHA256 algorithm details is not a requirement.


2. Reference Design Overview

2.1. Block Diagram

Figure 2.1 shows the block diagram of the reference design using the WISHBONE bus.

![Block Diagram](image1)

Figure 2.1. Top-Level Block Diagram

Figure 2.2 shows the block diagram of the reference design using the WISHBONE bus and the HSP bus.

![Block Diagram](image2)

Figure 2.2. Top-Level Block Diagram

2.2. Overview

This design provides two ways to access the ESB. One way is to use the WISHBONE interface to access the register of the ESB and transmit data between the state machine and the ESB, as shown in Figure 2.1. The other way is to use the WISHBONE interface to access the register of the ESB and to use HSP interface to transmit data between the state machine and the ESB, as shown in Figure 2.2. The state machine shows the detailed steps of accessing the register and the ESB memory. The user logic can utilize the state machine for SHA256 implementation. The features include:

- Simplify the user design and fulfill the SHA256 function with ESB.
- Flexibly use WISHBONE bus or HSP bus for the data traffic path.
- Specify the message size in bytes through the parameter.
3. Functional Description

3.1. Parameter of the Reference Design

Table 3.1. SHA256 Parameter Description

<table>
<thead>
<tr>
<th>Parameter</th>
<th>Description</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>NUM_BYTE</td>
<td>Specify the size of message in bytes.</td>
<td>1 to $2^{32}-1$</td>
</tr>
</tbody>
</table>

3.2. Input/Output of the Reference Design

Figure 3.1 is the I/O diagram of the SHA256 reference design.

![I/O Diagram of SHA256 Reference Design](image)

Table 3.2 lists the I/O ports of the reference design.

Table 3.2. Pin Descriptions

<table>
<thead>
<tr>
<th>Signal</th>
<th>Width</th>
<th>Type</th>
<th>Active</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>clk</td>
<td>1</td>
<td>Input</td>
<td>Rising edge</td>
<td>System clock</td>
</tr>
<tr>
<td>rstn</td>
<td>1</td>
<td>Input</td>
<td>Low</td>
<td>Asynchronous reset</td>
</tr>
<tr>
<td>sha256_en</td>
<td>1</td>
<td>Input</td>
<td>High</td>
<td>Enable signal. When asserted, the reference design runs SHA256 function in ESB.</td>
</tr>
<tr>
<td>mes_sha256</td>
<td>8</td>
<td>Input</td>
<td>N/A</td>
<td>Data bus with message for SHA256 processing.</td>
</tr>
<tr>
<td>mes_wr</td>
<td>1</td>
<td>Input</td>
<td>High</td>
<td>Message valid signal. When active, message is presented on the data bus.</td>
</tr>
<tr>
<td>ready</td>
<td>1</td>
<td>Output</td>
<td>High</td>
<td>Ready output. When active, it indicates that the design is ready to accept the next message byte.</td>
</tr>
<tr>
<td>digest</td>
<td>32</td>
<td>Output</td>
<td>N/A</td>
<td>Final result with the 32 bytes digest.</td>
</tr>
<tr>
<td>digest_valid</td>
<td>1</td>
<td>Output</td>
<td>High</td>
<td>Digest valid signal. When active, valid digest is on the digest bus.</td>
</tr>
</tbody>
</table>
3.3. Interface with WISHBONE Bus Only

The NUM_BYTE parameter needs to be set based on the size of the message in bytes before running the design. Then the sha256_en signal is asserted to run the design. Detecting the rising edge of sha256_en, the design initializes the ESB for operation, and asserts the ready signal to accept message from the user logic. The user logic needs to provide the message bytes along with the control signal mes_wr. The message is sent to the design using the procedure below:

1. The design informs the user logic that it is ready to receive the new message by asserting the ready signal for one clock cycle.
2. After asserting the ready signal, the design waits for the signal mes_wr to be active. If the design finds the signal mes_wr asserted by the user logic, it takes the signal mes_sha256 as the new message byte.
3. The design counts the size of the message in bytes until it reaches the value of NUM_BYTE. After the last byte of message is delivered, the user logic needs to wait for the signal digest_valid to be asserted.

![Timing Diagram of Signal ready, Message Valid, and Message for WISHBONE Bus](image)

Figure 3.2. Timing Diagram of Signal ready, Message Valid, and Message for WISHBONE Bus

The design asserts signal digest_valid to inform the user logic to receive the digest. The signal digest_valid is asserted for eight times to provide the 32 bytes digest, and each time asserted for one clock cycle. The digest is Little Endian.

![Timing Diagram of Signal digest_valid and digest for WISHBONE Bus](image)

Figure 3.3. Timing Diagram of Signal digest_valid and digest for WISHBONE Bus
3.4. Interface with WISHBONE Bus and HSP Bus

The NUM_BYTE parameter needs to be set based on the size of the message in bytes before running the design. Then the sha256_en signal is asserted to run the design. Detecting the rising edge of the sha256_en signal, the design initializes the ESB for operation, asserts the ready signal to indicate that it is ready to accept message from the user logic. The user logic needs to provide the message bytes along with the control signal mes_wr. The message is sent to the design using the procedure below:

1. The design informs the user logic that it is ready to receive the new message by asserting the ready signal. The ready signal is consecutive.
2. After asserting the ready signal, the design will wait for the signal mes_wr to be active. If the design finds the signal mes_wr asserted by the user logic, it takes the bus signal mes_sha256 as the new message byte.
3. The design will count the size of the message in bytes until it reaches the value of NUM_BYTE. After the last byte of message is delivered, the user logic needs to wait for the signal digest_valid to be active. The signal digest_valid is consecutive.

![Figure 3.4. Timing Diagram of Signal ready, Message Valid and Message for HSP Bus](image1)

![Figure 3.5. Timing Diagram of Signal Digest_valid and Digest for HSP Bus](image2)
3.5. ESB Registers for SHA256

Table 3.1 lists the registers of the reference design.

Table 3.3. Register Descriptions

<table>
<thead>
<tr>
<th>Register Type</th>
<th>Register Name</th>
<th>Address</th>
<th>Read/Write</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>Control</td>
<td>ro_gp0</td>
<td>18'h2_0020</td>
<td>Read</td>
<td>Check for busy status of ESB:</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
<td>0xB0: READY to get a new command</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
<td>0xB2: ESB operation done</td>
</tr>
<tr>
<td></td>
<td>as_src_sel</td>
<td>18'h2_003C</td>
<td>Write</td>
<td>Set SHA256 engine source:</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
<td>[1:0]: 0x2: Use WISHBONE interface to transmit data</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
<td>0x3: Use HSP interface to transmit data</td>
</tr>
<tr>
<td></td>
<td>sha_con</td>
<td>18'h2_3070</td>
<td>Write</td>
<td>SHA256 control:</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
<td>[0]: 0x1-&gt;0x0: initial SHA256 engine</td>
</tr>
<tr>
<td></td>
<td>ri_ctrl1</td>
<td>18'h2_0000C</td>
<td>Write</td>
<td>ESB function:</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
<td>0x05: Enable SHA256</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
<td>0x00: Disable SHA256</td>
</tr>
<tr>
<td>SHA Register</td>
<td>sha_in_byte</td>
<td>18'h2_304C</td>
<td>Write</td>
<td>Message input data (byte):</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
<td>[31]: last byte indicator</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
<td>[7:0]: payload</td>
</tr>
<tr>
<td></td>
<td>sha_res_0</td>
<td>18'h2_3050</td>
<td>Read</td>
<td>Digest result data [31:0]</td>
</tr>
<tr>
<td></td>
<td>sha_res_1</td>
<td>18'h2_3054</td>
<td>Read</td>
<td>Digest result data [63:32]</td>
</tr>
<tr>
<td></td>
<td>sha_res_2</td>
<td>18'h2_3058</td>
<td>Read</td>
<td>Digest result data [95:64]</td>
</tr>
<tr>
<td></td>
<td>sha_res_3</td>
<td>18'h2_3055</td>
<td>Read</td>
<td>Digest result data [127:96]</td>
</tr>
<tr>
<td></td>
<td>sha_res_4</td>
<td>18'h2_3060</td>
<td>Read</td>
<td>Digest result data [159:128]</td>
</tr>
<tr>
<td></td>
<td>sha_res_5</td>
<td>18'h2_3064</td>
<td>Read</td>
<td>Digest result data [191:160]</td>
</tr>
<tr>
<td></td>
<td>sha_res_6</td>
<td>18'h2_3068</td>
<td>Read</td>
<td>Digest result data [223:192]</td>
</tr>
<tr>
<td></td>
<td>sha_res_7</td>
<td>18'h2_3066</td>
<td>Read</td>
<td>Digest result data [255:224]</td>
</tr>
</tbody>
</table>

The state machine in this reference design runs the ESB using the procedure below (Figure 3.5):  
1. Poll the register ro_gp0 in the ESB until the value of this register is 0x0B0.  
2. Set the register as_src_sel of the ESB to select SHA256 engine data source to be either WISHBONE or HSP.  
3. Set the register sha_con to 0x1 and then to 0x0 in order to initialize the ESB’s SHA256 engine.  
4. Set register ri_ctrl1 in the ESB to 0x05.  
5. Assert the ready signal and wait for the signal mes_wr to be active.  
6. If the asserting of the signal mes_wr is detected, receive the message byte until the amount of the message byte is equal to NUM_BYTE.  
7. Read register ro_gp0 in the ESB until the value of this register is 0x0B2.  
8. Read the digest from the ESB and assert the signal digest_valid.
Check if ESB busy

Yes

Write as_src_sel register

Initialize SHA-256 engine
(Write SHA CONREG)

Write ri_ctrl1
(Enable SHA256 function)

Input message to SHA engine (51200 bits)

Read ro_gp0 (wait for Done)

Read 256 bit Message Digest SHA Result

Write ri_ctrl1 to 0
(Disable SHA256 function)

No

Yes

[Addr, Data] = [18'h2_0020, 32'hB0]

[Addr, Data] = [18'h2_003C, 32'h02]

[Addr, Data] = [18'h2_3070, 32'h01 → 32'h00]

[Addr, Data] = [18'h2_000C, 32'h05]

[Addr, Data] = [18'h2_304C, 32'h_input_data]

[Addr, Data] = [18'h2_0020, 32'hB2]

[Addr, Data] = [18'h2_000C, 32'h00]

Figure 3.5. SHA256 Digest Generation Algorithm
4. HDL Simulation and Verification

The simulation takes a golden data as an example. The simulation sets the parameter NUM_BYTE to be 6400. After reset, the test bench asserts sha256_en and then inputs the message (Figure 4.1 and Figure 4.3). The design processes the message and generates the digest output using the ESB engine. The testbench compares the simulation output with the golden output to check the functionality (Figure 4.2 and Figure 4.4).

![Figure 4.1. Emulated SHA256 Message Written Transmission with HSP Bus](image1)

![Figure 4.2. Emulated SHA256 Digest Output Transmission with HSP Bus](image2)

![Figure 4.3. Emulated SHA256 Message Written Transmission with WISHBONE Bus](image3)
Figure 4.4. Emulated SHA256 Digest Output Transmission with WISHBONE Bus
5. Implementation

This reference design is implemented in Verilog HDL using Lattice Diamond® software with Synplify Pro® as the synthesis tool. When using this design in a different device, density, or speed, performance and utilization may vary.

Table 5.1. Performance and Resource Utilization Using WISHBONE Bus Only

<table>
<thead>
<tr>
<th>Device Family</th>
<th>Language</th>
<th>Utilization</th>
<th>Operating Frequency</th>
<th>ESB Primitive</th>
<th>OSC Primitive</th>
<th>Number of I/O</th>
</tr>
</thead>
<tbody>
<tr>
<td>LCMXO3D-9400HC</td>
<td>Verilog HDL</td>
<td>203 LUTs</td>
<td>&gt;50 MHz</td>
<td>Yes</td>
<td>Yes</td>
<td>46</td>
</tr>
</tbody>
</table>

Table 5.2. Performance and Resource Utilization Using WISHBONE Bus and HSP Bus

<table>
<thead>
<tr>
<th>Device Family</th>
<th>Language</th>
<th>Utilization</th>
<th>Operating Frequency</th>
<th>ESB Primitive</th>
<th>OSC Primitive</th>
<th>Number of I/O</th>
</tr>
</thead>
<tbody>
<tr>
<td>LCMXO3D-9400HC</td>
<td>Verilog HDL</td>
<td>195 LUTs</td>
<td>&gt;50 MHz</td>
<td>Yes</td>
<td>Yes</td>
<td>46</td>
</tr>
</tbody>
</table>

Note: Performance and utilization characteristics are generated LCMXO3D-9400HC, using Diamond 3.11 design software.
References

MachXO3D Embedded Security Block (FPGA-TN-02091)
Technical Support Assistance
Submit a technical support case through www.latticesemi.com/techsupport.
## Revision History

**Revision 0.90, May 2019**

<table>
<thead>
<tr>
<th>Section</th>
<th>Change Summary</th>
</tr>
</thead>
<tbody>
<tr>
<td>All</td>
<td>First preliminary release.</td>
</tr>
</tbody>
</table>