[otbn] Replaced urnd LFSR with xoshiro

Signed-off-by: Vladimir Rozic <vrozic@lowrisc.org>
lowRISC · Sep 16, 2021 · b2b192f · b2b192f
1 parent a6e88b0
commit b2b192f
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 7 deletions.
diff --git a/hw/ip/otbn/otbn.core b/hw/ip/otbn/otbn.core
@@ -11,6 +11,7 @@ filesets:
       - lowrisc:prim:assert
       - lowrisc:prim:util
       - lowrisc:prim:lfsr
+      - lowrisc:prim:xoshiro256ss
       - lowrisc:prim:cipher_pkg
       - lowrisc:ip:edn_pkg
       - lowrisc:ip:otbn_pkg

diff --git a/hw/ip/otbn/rtl/otbn_rnd.sv b/hw/ip/otbn/rtl/otbn_rnd.sv
@@ -129,16 +129,16 @@ module otbn_rnd import otbn_pkg::*;
     end
   end
 
-  logic lfsr_seed_en;
-  logic [UrndChunkLfsrWidth-1:0] lfsr_seed  [LfsrChunksPerWLEN];
-  logic [UrndChunkLfsrWidth-1:0] lfsr_state [LfsrChunksPerWLEN];
+  logic xoshiro_seed_en;
+  // logic [UrndChunkLfsrWidth-1:0] lfsr_seed  [LfsrChunksPerWLEN];
+  // logic [UrndChunkLfsrWidth-1:0] lfsr_state [LfsrChunksPerWLEN];
 
-  assign lfsr_seed_en = edn_urnd_req_complete;
+  assign xoshiro_seed_en = edn_urnd_req_complete;
 
   // We use multiple LFSR instances each having a width of ChunkSize.
   // This is a functional prototype of the final URND functionality and is subject to change
   // https://github.com/lowRISC/opentitan/issues/6083
-  for (genvar c = 0; c < LfsrChunksPerWLEN; c++) begin : gen_lfsr_chunks
+  /*for (genvar c = 0; c < LfsrChunksPerWLEN; c++) begin : gen_lfsr_chunks
     localparam logic [UrndChunkLfsrWidth-1:0] LfsrChunkSeed =
         RndCnstUrndLfsrSeed[c * UrndChunkLfsrWidth +: UrndChunkLfsrWidth];
 
@@ -161,14 +161,29 @@ module otbn_rnd import otbn_pkg::*;
       .state_o   ( lfsr_state[c]  )
     );
   end
-
+  */
+prim_xoshiro256ss  #(
+  .OutputDw    ( WLEN  ),
+  .DefaultSeed ( RndCnstUrndLfsrSeed )
+) u_xoshiro256ss(
+  .clk_i        ( clk_i          ),
+  .rst_ni       ( rst_ni         ),
+  .seed_en_i    ( xoshiro_seed_en),
+  .seed_i       ( edn_urnd_data_i),
+  .xoshiro_en_i ( urnd_advance_i ),
+  .entropy_i    ( '0             ),
+  .data_o       ( urnd_data_o    )
+  );
+  //end
   // Further "scramble" the LFSR state at the byte level to break linear shift patterns.
-  for (genvar c = 0; c < LfsrChunksPerWLEN; c++) begin : gen_lfsr_state_scramble_outer
+  /*for (genvar c = 0; c < LfsrChunksPerWLEN; c++) begin : gen_lfsr_state_scramble_outer
     for (genvar b = 0;b < BytesPerLfsrChunk; b++) begin : gen_lfsr_start_scramble_inner
       assign urnd_data_o[b * 8 + c * UrndChunkLfsrWidth +: 8] =
         prim_cipher_pkg::sbox4_8bit(lfsr_state[c][b*8 +: 8], prim_cipher_pkg::PRINCE_SBOX4);
     end
   end
+  */
+
 
   `ASSERT(rnd_req_stable, rnd_req_i & ~rnd_valid_o |=> rnd_req_i)
   `ASSERT(rnd_clear_on_req_complete, rnd_req_complete |=> ~rnd_valid_q)