aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md74
-rwxr-xr-xsrc/model/python/aes.py1058
-rwxr-xr-xsrc/model/python/aes_key_gen.py568
-rw-r--r--src/model/python/rcon.py586
-rw-r--r--src/rtl/aes.v23
-rw-r--r--src/rtl/aes_core.v45
-rw-r--r--src/rtl/aes_decipher_block.v196
-rw-r--r--src/rtl/aes_encipher_block.v209
-rw-r--r--src/rtl/aes_key_mem.v22
-rw-r--r--src/tb/tb_aes.v100
-rw-r--r--src/tb/tb_aes_core.v89
-rw-r--r--src/tb/tb_aes_decipher_block.v10
-rw-r--r--src/tb/tb_aes_encipher_block.v27
-rw-r--r--src/tb/tb_aes_key_mem.v11
-rwxr-xr-xtoolruns/Makefile50
15 files changed, 284 insertions, 2784 deletions
diff --git a/README.md b/README.md
index 1b00442..0d552dd 100644
--- a/README.md
+++ b/README.md
@@ -1,17 +1,22 @@
-aes
-======
+aes_speed
+=========
+Speed optimized Verilog implementation of the symmetric block cipher AES
+(Advanced Encryption Standard) as specified in the NIST document [FIPS
+197](http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf).
-Verilog implementation of the symmetric block cipher AES (Advanced
-Encryption Standard) as specified in the NIST document [FIPS 197](http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf).
+This core is modified version of the Cryptech AES core. Note that the
+name of the core modules are identical to that core. The purpose of this
+is to allow a drop-in replacement in Cryptech designs.
-## Introduction ##
+## Status ##
+Second round of optimizations done. Core similates correctly. Core has
+been implemented in FPGA, but not functionally tested in real HW.
+
+## Introduction ##
This implementation supports 128 and 256 bit keys. The
-implementation is iterative and process one 128 block at a time. Blocks
-are processed on a word level with 4 S-boxes in the data path. The
-S-boxes for encryption are shared with the key expansion and the core
-can thus not do key update in parallel with block processing.
+implementation is iterative and process one 128 block at a time.
The encipher and decipher block processing datapaths are separated and
basically self contained given access to a set of round keys and a
@@ -21,41 +26,34 @@ will reduce the size to about 50%. For cipher modes such as CTR, GCM
decryption in the AES core will never be used and thus the decipher
block processing can be removed.
-This is a fairly compact implementation. Further reduction could be
-achived by just having a single S-box. Similarly the performane can be
-increased by having 8 or even 16 S-boxes which would reduce the number
-of cycles to two cycles for each round.
-
+The core has been equipped with 16 S-boxes for encipher and 16 Inverse
+S-boxes for decipher. This allows the core to perform the SubBytes and
+InverseSubBytes operations in the AES round functions in one cycle.
-## Implementation results ##
-The core has been implemented in Altera and Xilinx FPGA devices.
+The key expansion does not share S-boxes with the encipher datapath, so
+the total number of S-boxes is 40.
-### Altera Cyclone IV GX ###
-- 7497 LEs
-- 2994 Regs
-- 96 MHz fmax
-- 5 cycles/round
+## Performance comparison
+Number of cycles for the old Cryptech AES core:
+- AES-128 Encipher one block with key expansion: 57
+- AES-256 Decipher one block with key expansion: 77
-This means that we can do just about 2 Mblocks/s or 256 Mbps
-performance.
+Number of cycles for the Cryptech AES speed core:
+- AES-128 Encipher one block with key expansion: 16
+- AES-255 Decipher one block with key expansion: 20
-Removing the decipher module yields:
-- 5497 LEs
-- 2855 Regs
-- 106 MHz fmax
-- 5 cycles/round
+## Implementation comparison
+Implementation results for Xilinx Artix7-t200.
-### Xilinx Spartan6LX-3 ###
-- 2576 slices
-- 3000 regs
-- 100 MHz
-- 5 cycles/round
+Old Cryptech AES core:
+- 2094 slices
+- 2854 regs
+- 114 MHz (8.76ns)
-### Xilinx Artix7-3 T200 ###
-- 2102 slices
-- 2991 regs
-- 113 MHz (8.79ns)
-- 5 cycles/round
+Cryptec AES speed core:
+- 2112 slices
+- 2984 regs
+- 116 MHz. (8.62ns)
diff --git a/src/model/python/aes.py b/src/model/python/aes.py
deleted file mode 100755
index 848ca85..0000000
--- a/src/model/python/aes.py
+++ /dev/null
@@ -1,1058 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-#=======================================================================
-#
-# aes.py
-# ------
-# Simple, pure Python, word based model of the AES cipher with
-# support for 128 and 256 bit keys.
-#
-#
-# Author: Joachim Strombergson
-# Copyright (c) 2014, NORDUnet A/S
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-# - Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-#
-# - Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# - Neither the name of the NORDUnet nor the names of its contributors may
-# be used to endorse or promote products derived from this software
-# without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
-# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-#=======================================================================
-
-#-------------------------------------------------------------------
-# Python module imports.
-#-------------------------------------------------------------------
-import sys
-
-
-#-------------------------------------------------------------------
-# Constants.
-#-------------------------------------------------------------------
-VERBOSE = True
-DUMP_VARS = True
-
-AES_128_ROUNDS = 10
-AES_256_ROUNDS = 14
-
-
-sbox = [0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
- 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
- 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
- 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
- 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
- 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
- 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
- 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
- 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
- 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
- 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
- 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
- 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
- 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
- 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
- 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
- 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
- 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
- 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
- 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
- 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
- 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16]
-
-
-inv_sbox = [0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
- 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
- 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
- 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
- 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
- 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
- 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
- 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
- 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
- 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
- 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
- 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
- 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
- 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
- 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
- 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
- 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
- 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
- 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
- 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
- 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
- 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
- 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
- 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
- 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
- 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
- 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
- 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
- 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
- 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
- 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
- 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d]
-
-
-#-------------------------------------------------------------------
-# print_bytekeys()
-#
-# Print a set of round keys given as an array of bytes.
-#-------------------------------------------------------------------
-def print_bytekeys(keys):
- i = 0
- print("Number of round keys: %d" % (int(len(keys) / 16)))
- while i < (len(keys) - 1):
- for j in range(16):
- print("0x%02x " % keys[i + j], end="")
- print("")
- i += 16
-
-#-------------------------------------------------------------------
-# print_block()
-#
-# Print the given block as four 32 bit words.
-#-------------------------------------------------------------------
-def print_block(block):
- (w0, w1, w2, w3) = block
- print("0x%08x, 0x%08x, 0x%08x, 0x%08x" % (w0, w1, w2, w3))
-
-
-#-------------------------------------------------------------------
-# print_key()
-#
-# Print the given key as on or two sets of four 32 bit words.
-#-------------------------------------------------------------------
-def print_key(key):
- if len(key) == 8:
- (k0, k1, k2, k3, k4, k5, k6, k7) = key
- print_block((k0, k1, k2, k3))
- print_block((k4, k5, k6, k7))
- else:
- print_block(key)
-
-
-#-------------------------------------------------------------------
-# b2w()
-#
-# Create a word from the given bytes.
-#-------------------------------------------------------------------
-def b2w(b0, b1, b2, b3):
- return (b0 << 24) + (b1 << 16) + (b2 << 8) + b3
-
-
-#-------------------------------------------------------------------
-# w2b()
-#
-# Extracts the bytes in a word.
-#-------------------------------------------------------------------
-def w2b(w):
- b0 = w >> 24
- b1 = w >> 16 & 0xff
- b2 = w >> 8 & 0xff
- b3 = w & 0xff
-
- return (b0, b1, b2, b3)
-
-
-#-------------------------------------------------------------------
-# gm2()
-#
-# The specific Galois Multiplication by two for a given byte.
-#-------------------------------------------------------------------
-def gm2(b):
- return ((b << 1) ^ (0x1b & ((b >> 7) * 0xff))) & 0xff
-
-
-#-------------------------------------------------------------------
-# gm3()
-#
-# The specific Galois Multiplication by three for a given byte.
-#-------------------------------------------------------------------
-def gm3(b):
- return gm2(b) ^ b
-
-
-#-------------------------------------------------------------------
-# gm4()
-#
-# The specific Galois Multiplication by four for a given byte.
-#-------------------------------------------------------------------
-def gm4(b):
- return gm2(gm2(b))
-
-
-#-------------------------------------------------------------------
-# gm8()
-#
-# The specific Galois Multiplication by eight for a given byte.
-#-------------------------------------------------------------------
-def gm8(b):
- return gm2(gm4(b))
-
-
-#-------------------------------------------------------------------
-# gm09()
-#
-# The specific Galois Multiplication by nine for a given byte.
-#-------------------------------------------------------------------
-def gm09(b):
- return gm8(b) ^ b
-
-
-#-------------------------------------------------------------------
-# gm11()
-#
-# The specific Galois Multiplication by 11 for a given byte.
-#-------------------------------------------------------------------
-def gm11(b):
- return gm8(b) ^ gm2(b) ^ b
-
-
-#-------------------------------------------------------------------
-# gm13()
-#
-# The specific Galois Multiplication by 13 for a given byte.
-#-------------------------------------------------------------------
-def gm13(b):
- return gm8(b) ^ gm4(b) ^ b
-
-
-#-------------------------------------------------------------------
-# gm14()
-#
-# The specific Galois Multiplication by 14 for a given byte.
-#-------------------------------------------------------------------
-def gm14(b):
- return gm8(b) ^ gm4(b) ^ gm2(b)
-
-
-#-------------------------------------------------------------------
-# substw()
-#
-# Returns a 32-bit word in which each of the bytes in the
-# given 32-bit word has been used as lookup into the AES S-box.
-#-------------------------------------------------------------------
-def substw(w):
- (b0, b1, b2, b3) = w2b(w)
-
- s0 = sbox[b0]
- s1 = sbox[b1]
- s2 = sbox[b2]
- s3 = sbox[b3]
-
- res = b2w(s0, s1, s2, s3)
-
- if VERBOSE:
- print("Inside substw:")
- print("b0 = 0x%02x, b1 = 0x%02x, b2 = 0x%02x, b3 = 0x%02x" %
- (b0, b1, b2, b3))
- print("s0 = 0x%02x, s1 = 0x%02x, s2 = 0x%02x, s3 = 0x%02x" %
- (s0, s1, s2, s3))
- print("res = 0x%08x" % (res))
-
- return res
-
-
-#-------------------------------------------------------------------
-# inv_substw()
-#
-# Returns a 32-bit word in which each of the bytes in the
-# given 32-bit word has been used as lookup into
-# the inverse AES S-box.
-#-------------------------------------------------------------------
-def inv_substw(w):
- (b0, b1, b2, b3) = w2b(w)
-
- s0 = inv_sbox[b0]
- s1 = inv_sbox[b1]
- s2 = inv_sbox[b2]
- s3 = inv_sbox[b3]
-
- res = b2w(s0, s1, s2, s3)
-
- if VERBOSE:
- print("Inside inv_substw:")
- print("b0 = 0x%02x, b1 = 0x%02x, b2 = 0x%02x, b3 = 0x%02x" %
- (b0, b1, b2, b3))
- print("s0 = 0x%02x, s1 = 0x%02x, s2 = 0x%02x, s3 = 0x%02x" %
- (s0, s1, s2, s3))
- print("res = 0x%08x" % (res))
-
- return res
-
-
-#-------------------------------------------------------------------
-# rolx()
-#
-# Rotate the given 32 bit word x bits left.
-#-------------------------------------------------------------------
-def rolx(w, x):
- return ((w << x) | (w >> (32 - x))) & 0xffffffff
-
-
-#-------------------------------------------------------------------
-# next_128bit_key()
-#
-# Generate the next four key words for aes-128 based on given
-# rcon and previous key words.
-#-------------------------------------------------------------------
-def next_128bit_key(prev_key, rcon):
- (w0, w1, w2, w3) = prev_key
-
- rol = rolx(w3, 8)
- subst = substw(rol)
- t = subst ^ (rcon << 24)
-
- k0 = w0 ^ t
- k1 = w1 ^ w0 ^ t
- k2 = w2 ^ w1 ^ w0 ^ t
- k3 = w3 ^ w2 ^ w1 ^ w0 ^ t
-
- if VERBOSE:
- print("Inside next 128bit key:")
- print("w0 = 0x%08x, w1 = 0x%08x, w2 = 0x%08x, w3 = 0x%08x" %
- (w0, w1, w2, w3))
- print("rol = 0x%08x, subst = 0x%08x, rcon = 0x%02x, t = 0x%08x" %
- (rol, subst, rcon, t))
- print("k0 = 0x%08x, k1 = 0x%08x, k2 = 0x%08x, k3 = 0x%08x" %
- (k0, k1, k2, k3))
-
- return (k0, k1, k2, k3)
-
-
-#-------------------------------------------------------------------
-# key_gen128()
-#
-# Generating the keys for 128 bit keys.
-#-------------------------------------------------------------------
-def key_gen128(key):
- print("Doing the 128 bit key expansion")
-
- round_keys = []
-
- round_keys.append(key)
-
- for i in range(10):
- round_keys.append(next_128bit_key(round_keys[i], get_rcon(i + 1)))
-
- if VERBOSE:
- print("Input key:")
- print_block(key)
- print("")
-
- print("Generated keys:")
- for k in round_keys:
- print_block(k)
- print("")
-
- return round_keys
-
-
-#-------------------------------------------------------------------
-# next_256bit_key_a()
-#
-# Generate the next four key words for aes-256 using algorithm A
-# based on given rcon and the previous two keys.
-#-------------------------------------------------------------------
-def next_256it_key_a(key0, key1, rcon):
- (w0, w1, w2, w3) = key0
- (w4, w5, w6, w7) = key1
-
- sw = substw(rolx(w7, 8))
- rw = (rcon << 24)
- t = sw ^ rw
-
- k0 = w0 ^ t
- k1 = w1 ^ w0 ^ t
- k2 = w2 ^ w1 ^ w0 ^ t
- k3 = w3 ^ w2 ^ w1 ^ w0 ^ t
-
- if (DUMP_VARS):
- print("next_256bit_key_a:")
- print("w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x" % (w0, w1, w2, w3))
- print("w4 = 0x%08x, w5 = 0x%08x, w6 = 0x%08x, w7 = 0x%08x" % (w4, w5, w6, w7))
- print("t = 0x%08x, sw = 0x%08x, rw = 0x%08x" % (t, sw, rw))
- print("k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x" % (k0, k1, k2, k3))
- print("")
-
- return (k0, k1, k2, k3)
-
-
-#-------------------------------------------------------------------
-# next_256bit_key_b()
-#
-# Generate the next four key words for aes-256 using algorithm B
-# based on given previous eight keywords.
-#-------------------------------------------------------------------
-def next_256it_key_b(key0, key1):
- (w0, w1, w2, w3) = key0
- (w4, w5, w6, w7) = key1
-
- t = substw(w7)
-
- k0 = w0 ^ t
- k1 = w1 ^ w0 ^ t
- k2 = w2 ^ w1 ^ w0 ^ t
- k3 = w3 ^ w2 ^ w1 ^ w0 ^ t
-
- if (DUMP_VARS):
- print("next_256bit_key_b:")
- print("w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x" % (w0, w1, w2, w3))
- print("w4 = 0x%08x, w5 = 0x%08x, w6 = 0x%08x, w7 = 0x%08x" % (w4, w5, w6, w7))
- print("t = 0x%08x" % (t))
- print("k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x" % (k0, k1, k2, k3))
- print("")
-
- return (k0, k1, k2, k3)
-
-
-#-------------------------------------------------------------------
-# key_gen256()
-#
-# Generating the keys for 256 bit keys.
-#-------------------------------------------------------------------
-def key_gen256(key):
- round_keys = []
- (k0, k1, k2, k3, k4, k5, k6, k7) = key
-
- round_keys.append((k0, k1, k2, k3))
- round_keys.append((k4, k5, k6, k7))
-
- j = 1
- for i in range(0, (AES_256_ROUNDS - 2), 2):
- k = next_256it_key_a(round_keys[i], round_keys[i + 1], get_rcon(j))
- round_keys.append(k)
- k = next_256it_key_b(round_keys[i + 1], round_keys[i + 2])
- round_keys.append(k)
- j += 1
-
- # One final key needs to be generated.
- k = next_256it_key_a(round_keys[12], round_keys[13], get_rcon(7))
- round_keys.append(k)
-
- if VERBOSE:
- print("Input key:")
- print_block((k0, k1, k2, k3))
- print_block((k4, k5, k6, k7))
- print("")
-
- print("Generated keys:")
- for k in round_keys:
- print_block(k)
- print("")
-
- return round_keys
-
-
-#-------------------------------------------------------------------
-# get_rcon()
-#
-# Function implementation of rcon. Calculates rcon for a
-# given round. This could be implemented as an iterator.
-#-------------------------------------------------------------------
-def get_rcon(round):
- rcon = 0x8d
-
- for i in range(0, round):
- rcon = ((rcon << 1) ^ (0x11b & - (rcon >> 7))) & 0xff
-
- return rcon
-
-
-#-------------------------------------------------------------------
-# addroundkey()
-#
-# AES AddRoundKey block operation.
-# Perform XOR combination of the given block and the given key.
-#-------------------------------------------------------------------
-def addroundkey(key, block):
- (w0, w1, w2, w3) = block
- (k0, k1, k2, k3) = key
-
- res_block = (w0 ^ k0, w1 ^ k1, w2 ^ k2, w3 ^ k3)
-
- if VERBOSE:
- print("AddRoundKey key, block in and block out:")
- print_block(key)
- print_block(block)
- print_block(res_block)
- print("")
-
- return res_block
-
-
-#-------------------------------------------------------------------
-# mixw()
-#
-# Perform bit mixing of the given words.
-#-------------------------------------------------------------------
-def mixw(w):
- (b0, b1, b2, b3) = w2b(w)
-
- mb0 = gm2(b0) ^ gm3(b1) ^ b2 ^ b3
- mb1 = b0 ^ gm2(b1) ^ gm3(b2) ^ b3
- mb2 = b0 ^ b1 ^ gm2(b2) ^ gm3(b3)
- mb3 = gm3(b0) ^ b1 ^ b2 ^ gm2(b3)
-
- return b2w(mb0, mb1, mb2, mb3)
-
-
-#-------------------------------------------------------------------
-# mixcolumns()
-#
-# AES MixColumns on the given block.
-#-------------------------------------------------------------------
-def mixcolumns(block):
- (c0, c1, c2, c3) = block
-
- mc0 = mixw(c0)
- mc1 = mixw(c1)
- mc2 = mixw(c2)
- mc3 = mixw(c3)
-
- res_block = (mc0, mc1, mc2, mc3)
-
- if VERBOSE:
- print("MixColumns block in and block out:")
- print_block(block)
- print_block(res_block)
- print("")
-
- return res_block
-
-
-#-------------------------------------------------------------------
-# subbytes()
-#
-# AES SubBytes operation on the given block.
-#-------------------------------------------------------------------
-def subbytes(block):
- (w0, w1, w2, w3) = block
-
- res_block = (substw(w0), substw(w1), substw(w2), substw(w3))
-
- if VERBOSE:
- print("SubBytes block in and block out:")
- print_block(block)
- print_block(res_block)
- print("")
-
- return res_block
-
-
-#-------------------------------------------------------------------
-# shiftrows()
-#
-# AES ShiftRows block operation.
-#-------------------------------------------------------------------
-def shiftrows(block):
- (w0, w1, w2, w3) = block
-
- c0 = w2b(w0)
- c1 = w2b(w1)
- c2 = w2b(w2)
- c3 = w2b(w3)
-
- ws0 = b2w(c0[0], c1[1], c2[2], c3[3])
- ws1 = b2w(c1[0], c2[1], c3[2], c0[3])
- ws2 = b2w(c2[0], c3[1], c0[2], c1[3])
- ws3 = b2w(c3[0], c0[1], c1[2], c2[3])
-
- res_block = (ws0, ws1, ws2, ws3)
-
- if VERBOSE:
- print("ShiftRows block in and block out:")
- print_block(block)
- print_block(res_block)
- print("")
-
- return res_block
-
-
-#-------------------------------------------------------------------
-# aes_encipher()
-#
-# Perform AES encipher operation for the given block using the
-# given key length.
-#-------------------------------------------------------------------
-def aes_encipher_block(key, block):
- tmp_block = block[:]
-
- # Get round keys based on the given key.
- if len(key) == 4:
- round_keys = key_gen128(key)
- num_rounds = AES_128_ROUNDS
- else:
- round_keys = key_gen256(key)
- num_rounds = AES_256_ROUNDS
-
- # Init round
- print(" Initial AddRoundKeys round.")
- tmp_block4 = addroundkey(round_keys[0], block)
-
- # Main rounds
- for i in range(1 , (num_rounds)):
- print("")
- print(" Round %02d" % i)
- print(" ---------")
-
- tmp_block1 = subbytes(tmp_block4)
- tmp_block2 = shiftrows(tmp_block1)
- tmp_block3 = mixcolumns(tmp_block2)
- tmp_block4 = addroundkey(round_keys[i], tmp_block3)
-
-
- # Final round
- print(" Final round.")
- tmp_block1 = subbytes(tmp_block4)
- tmp_block2 = shiftrows(tmp_block1)
- tmp_block3 = addroundkey(round_keys[num_rounds], tmp_block2)
-
- return tmp_block3
-
-
-#-------------------------------------------------------------------
-# inv_mixw()
-#
-# Perform inverse bit mixing of the given words.
-#-------------------------------------------------------------------
-def inv_mixw(w):
- (b0, b1, b2, b3) = w2b(w)
-
- mb0 = gm14(b0) ^ gm11(b1) ^ gm13(b2) ^ gm09(b3)
- mb1 = gm09(b0) ^ gm14(b1) ^ gm11(b2) ^ gm13(b3)
- mb2 = gm13(b0) ^ gm09(b1) ^ gm14(b2) ^ gm11(b3)
- mb3 = gm11(b0) ^ gm13(b1) ^ gm09(b2) ^ gm14(b3)
-
- return b2w(mb0, mb1, mb2, mb3)
-
-
-#-------------------------------------------------------------------
-# inv_mixcolumns()
-#
-# AES Inverse MixColumns on the given block.
-#-------------------------------------------------------------------
-def inv_mixcolumns(block):
- (c0, c1, c2, c3) = block
-
- mc0 = inv_mixw(c0)
- mc1 = inv_mixw(c1)
- mc2 = inv_mixw(c2)
- mc3 = inv_mixw(c3)
-
- res_block = (mc0, mc1, mc2, mc3)
-
- if VERBOSE:
- print("Inverse MixColumns block in and block out:")
- print_block(block)
- print_block(res_block)
- print("")
-
- return res_block
-
-
-#-------------------------------------------------------------------
-# inv_shiftrows()
-#
-# AES inverse ShiftRows block operation.
-#-------------------------------------------------------------------
-def inv_shiftrows(block):
- (w0, w1, w2, w3) = block
-
- c0 = w2b(w0)
- c1 = w2b(w1)
- c2 = w2b(w2)
- c3 = w2b(w3)
-
- ws0 = b2w(c0[0], c3[1], c2[2], c1[3])
- ws1 = b2w(c1[0], c0[1], c3[2], c2[3])
- ws2 = b2w(c2[0], c1[1], c0[2], c3[3])
- ws3 = b2w(c3[0], c2[1], c1[2], c0[3])
-
- res_block = (ws0, ws1, ws2, ws3)
-
- if VERBOSE:
- print("Inverse ShiftRows block in and block out:")
- print_block(block)
- print_block(res_block)
- print("")
-
- return res_block
-
-
-#-------------------------------------------------------------------
-# inv_subbytes()
-#
-# AES inverse SubBytes operation on the given block.
-#-------------------------------------------------------------------
-def inv_subbytes(block):
- (w0, w1, w2, w3) = block
-
- res_block = (inv_substw(w0), inv_substw(w1), inv_substw(w2), inv_substw(w3))
-
- if VERBOSE:
- print("Inverse SubBytes block in and block out:")
- print_block(block)
- print_block(res_block)
- print("")
-
- return res_block
-
-
-#-------------------------------------------------------------------
-# aes_decipher()
-#
-# Perform AES decipher operation for the given block
-# using the given key length.
-#-------------------------------------------------------------------
-def aes_decipher_block(key, block):
- tmp_block = block[:]
-
- # Get round keys based on the given key.
- if len(key) == 4:
- round_keys = key_gen128(key)
- num_rounds = AES_128_ROUNDS
- else:
- round_keys = key_gen256(key)
- num_rounds = AES_256_ROUNDS
-
- # Initial round
- print(" Initial, partial round.")
- tmp_block1 = addroundkey(round_keys[len(round_keys) - 1], tmp_block)
- tmp_block2 = inv_shiftrows(tmp_block1)
- tmp_block4 = inv_subbytes(tmp_block2)
-
- # Main rounds
- for i in range(1 , (num_rounds)):
- print("")
- print(" Round %02d" % i)
- print(" ---------")
-
- tmp_block1 = addroundkey(round_keys[(len(round_keys) - i - 1)], tmp_block4)
- tmp_block2 = inv_mixcolumns(tmp_block1)
- tmp_block3 = inv_shiftrows(tmp_block2)
- tmp_block4 = inv_subbytes(tmp_block3)
-
- # Final round
- print(" Final AddRoundKeys round.")
- res_block = addroundkey(round_keys[0], tmp_block4)
-
- return res_block
-
-
-#-------------------------------------------------------------------
-# test_mixcolumns()
-#
-# Test the mixcolumns and inverse mixcolumns operations using
-# some simple test values.
-#-------------------------------------------------------------------
-def test_mixcolumns():
- nist_aes128_key = (0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c)
-
- print("Test of mixcolumns and inverse mixcolumns:")
- mixresult = mixcolumns(nist_aes128_key)
- inv_mixresult = inv_mixcolumns(mixresult)
-
- print("Test of mixw ochi inv_mixw:")
- testw = 0xdb135345
- expw = 0x8e4da1bc
- mixresult = mixw(testw)
- inv_mixresult = inv_mixw(mixresult)
- print("Testword: 0x%08x" % testw)
- print("expexted: 0x%08x" % expw)
- print("mixword: 0x%08x" % mixresult)
- print("invmixword: 0x%08x" % inv_mixresult)
-
-
-#-------------------------------------------------------------------
-# test_aes()
-#
-# Test the AES implementation with 128 and 256 bit keys.
-#-------------------------------------------------------------------
-def test_aes():
- nist_aes128_key = (0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c)
- nist_aes256_key = (0x603deb10, 0x15ca71be, 0x2b73aef0, 0x857d7781,
- 0x1f352c07, 0x3b6108d7, 0x2d9810a3, 0x0914dff4)
-
- nist_plaintext0 = (0x6bc1bee2, 0x2e409f96, 0xe93d7e11, 0x7393172a)
- nist_plaintext1 = (0xae2d8a57, 0x1e03ac9c, 0x9eb76fac, 0x45af8e51)
- nist_plaintext2 = (0x30c81c46, 0xa35ce411, 0xe5fbc119, 0x1a0a52ef)
- nist_plaintext3 = (0xf69f2445, 0xdf4f9b17, 0xad2b417b, 0xe66c3710)
-
- nist_exp128_0 = (0x3ad77bb4, 0x0d7a3660, 0xa89ecaf3, 0x2466ef97)
- nist_exp128_1 = (0xf5d3d585, 0x03b9699d, 0xe785895a, 0x96fdbaaf)
- nist_exp128_2 = (0x43b1cd7f, 0x598ece23, 0x881b00e3, 0xed030688)
- nist_exp128_3 = (0x7b0c785e, 0x27e8ad3f, 0x82232071, 0x04725dd4)
-
- nist_exp256_0 = (0xf3eed1bd, 0xb5d2a03c, 0x064b5a7e, 0x3db181f8)
- nist_exp256_1 = (0x591ccb10, 0xd410ed26, 0xdc5ba74a, 0x31362870)
- nist_exp256_2 = (0xb6ed21b9, 0x9ca6f4f9, 0xf153e7b1, 0xbeafed1d)
- nist_exp256_3 = (0x23304b7a, 0x39f9f3ff, 0x067d8d8f, 0x9e24ecc7)
-
-
- print("Doing block encryption.")
- enc_result128_0 = aes_encipher_block(nist_aes128_key, nist_plaintext0)
- enc_result128_1 = aes_encipher_block(nist_aes128_key, nist_plaintext1)
- enc_result128_2 = aes_encipher_block(nist_aes128_key, nist_plaintext2)
- enc_result128_3 = aes_encipher_block(nist_aes128_key, nist_plaintext3)
-
- enc_result256_0 = aes_encipher_block(nist_aes256_key, nist_plaintext0)
- enc_result256_1 = aes_encipher_block(nist_aes256_key, nist_plaintext1)
- enc_result256_2 = aes_encipher_block(nist_aes256_key, nist_plaintext2)
- enc_result256_3 = aes_encipher_block(nist_aes256_key, nist_plaintext3)
-
- print("Doing block decryption.")
- dec_result128_0 = aes_decipher_block(nist_aes128_key, nist_exp128_0)
- dec_result128_1 = aes_decipher_block(nist_aes128_key, nist_exp128_1)
- dec_result128_2 = aes_decipher_block(nist_aes128_key, nist_exp128_2)
- dec_result128_3 = aes_decipher_block(nist_aes128_key, nist_exp128_3)
-
- dec_result256_0 = aes_decipher_block(nist_aes256_key, nist_exp256_0)
- dec_result256_1 = aes_decipher_block(nist_aes256_key, nist_exp256_1)
- dec_result256_2 = aes_decipher_block(nist_aes256_key, nist_exp256_2)
- dec_result256_3 = aes_decipher_block(nist_aes256_key, nist_exp256_3)
-
-
- if VERBOSE:
- print(" AES Encipher tests")
- print(" ==================")
-
- print("Test 0 for AES-128.")
- print("Key:")
- print_key(nist_aes128_key)
- print("Block in:")
- print_block(nist_plaintext0)
- print("Expected block out:")
- print_block(nist_exp128_0)
- print("Got block out:")
- print_block(enc_result128_0)
- print("")
-
- print("Test 1 for AES-128.")
- print("Key:")
- print_key(nist_aes128_key)
- print("Block in:")
- print_block(nist_plaintext1)
- print("Expected block out:")
- print_block(nist_exp128_1)
- print("Got block out:")
- print_block(enc_result128_1)
- print("")
-
- print("Test 2 for AES-128.")
- print("Key:")
- print_key(nist_aes128_key)
- print("Block in:")
- print_block(nist_plaintext2)
- print("Expected block out:")
- print_block(nist_exp128_2)
- print("Got block out:")
- print_block(enc_result128_2)
- print("")
-
- print("Test 3 for AES-128.")
- print("Key:")
- print_key(nist_aes128_key)
- print("Block in:")
- print_block(nist_plaintext3)
- print("Expected block out:")
- print_block(nist_exp128_3)
- print("Got block out:")
- print_block(enc_result128_3)
- print("")
-
-
- print("Test 0 for AES-256.")
- print("Key:")
- print_key(nist_aes256_key)
- print("Block in:")
- print_block(nist_plaintext0)
- print("Expected block out:")
- print_block(nist_exp256_0)
- print("Got block out:")
- print_block(enc_result256_0)
- print("")
-
- print("Test 1 for AES-256.")
- print("Key:")
- print_key(nist_aes256_key)
- print("Block in:")
- print_block(nist_plaintext1)
- print("Expected block out:")
- print_block(nist_exp256_1)
- print("Got block out:")
- print_block(enc_result256_1)
- print("")
-
- print("Test 2 for AES-256.")
- print("Key:")
- print_key(nist_aes256_key)
- print("Block in:")
- print_block(nist_plaintext2)
- print("Expected block out:")
- print_block(nist_exp256_2)
- print("Got block out:")
- print_block(enc_result256_2)
- print("")
-
- print("Test 3 for AES-256.")
- print("Key:")
- print_key(nist_aes256_key)
- print("Block in:")
- print_block(nist_plaintext3)
- print("Expected block out:")
- print_block(nist_exp256_3)
- print("Got block out:")
- print_block(enc_result256_3)
- print("")
-
- print("")
- print(" AES Decipher tests")
- print(" ==================")
-
- print("Test 0 for AES-128.")
- print("Key:")
- print_key(nist_aes128_key)
- print("Block in:")
- print_block(nist_exp128_0)
- print("Expected block out:")
- print_block(nist_plaintext0)
- print("Got block out:")
- print_block(dec_result128_0)
- print("")
-
- print("Test 1 for AES-128.")
- print("Key:")
- print_key(nist_aes128_key)
- print("Block in:")
- print_block(nist_exp128_1)
- print("Expected block out:")
- print_block(nist_plaintext1)
- print("Got block out:")
- print_block(dec_result128_1)
- print("")
-
- print("Test 2 for AES-128.")
- print("Key:")
- print_key(nist_aes128_key)
- print("Block in:")
- print_block(nist_exp128_2)
- print("Expected block out:")
- print_block(nist_plaintext2)
- print("Got block out:")
- print_block(dec_result128_2)
- print("")
-
- print("Test 3 for AES-128.")
- print("Key:")
- print_key(nist_aes128_key)
- print("Block in:")
- print_block(nist_exp128_3)
- print("Expected block out:")
- print_block(nist_plaintext3)
- print("Got block out:")
- print_block(dec_result128_3)
- print("")
-
- print("Test 0 for AES-256.")
- print("Key:")
- print_key(nist_aes256_key)
- print("Block in:")
- print_block(nist_exp256_0)
- print("Expected block out:")
- print_block(nist_plaintext0)
- print("Got block out:")
- print_block(dec_result256_0)
- print("")
-
- print("Test 1 for AES-256.")
- print("Key:")
- print_key(nist_aes256_key)
- print("Block in:")
- print_block(nist_exp256_1)
- print("Expected block out:")
- print_block(nist_plaintext1)
- print("Got block out:")
- print_block(dec_result256_1)
- print("")
-
- print("Test 2 for AES-256.")
- print("Key:")
- print_key(nist_aes256_key)
- print("Block in:")
- print_block(nist_exp256_2)
- print("Expected block out:")
- print_block(nist_plaintext2)
- print("Got block out:")
- print_block(dec_result256_2)
- print("")
-
- print("Test 3 for AES-256.")
- print("Key:")
- print_key(nist_aes256_key)
- print("Block in:")
- print_block(nist_exp256_3)
- print("Expected block out:")
- print_block(nist_plaintext3)
- print("Got block out:")
- print_block(dec_result256_3)
- print("")
-
-
-#-------------------------------------------------------------------
-# main()
-#
-# If executed tests the ChaCha class using known test vectors.
-#-------------------------------------------------------------------
-def main():
- print("Testing the AES cipher model")
- print("============================")
- print
-
- # test_mixcolumns()
- test_aes()
-
-
-#-------------------------------------------------------------------
-# __name__
-# Python thingy which allows the file to be run standalone as
-# well as parsed from within a Python interpreter.
-#-------------------------------------------------------------------
-if __name__=="__main__":
- # Run the main function.
- sys.exit(main())
-
-#=======================================================================
-# EOF aes_key_gen.py
-#=======================================================================
diff --git a/src/model/python/aes_key_gen.py b/src/model/python/aes_key_gen.py
deleted file mode 100755
index 626c740..0000000
--- a/src/model/python/aes_key_gen.py
+++ /dev/null
@@ -1,568 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-#=======================================================================
-#
-# aes_key_gen.py
-# -------------
-# Simple, pure Python test model of the AES key generation.
-# This one is operating on 32 bit words. The key generation
-# supports 128 and 256 bit keys.
-#
-#
-# Author: Joachim Strombergson
-# Copyright (c) 2014, NORDUnet A/S
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-# - Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-#
-# - Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# - Neither the name of the NORDUnet nor the names of its contributors may
-# be used to endorse or promote products derived from this software
-# without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
-# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-#=======================================================================
-
-#-------------------------------------------------------------------
-# Python module imports.
-#-------------------------------------------------------------------
-import sys
-
-
-#-------------------------------------------------------------------
-# Constants.
-#-------------------------------------------------------------------
-VERBOSE = True
-
-DUMP_VARS = True
-
-AES_128_ROUNDS = 10
-AES_256_ROUNDS = 14
-
-
-sbox = [0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
- 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
- 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
- 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
- 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
- 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
- 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
- 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
- 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
- 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
- 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
- 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
- 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
- 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
- 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
- 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
- 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
- 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
- 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
- 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
- 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
- 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16]
-
-
-#-------------------------------------------------------------------
-# substw()
-#
-# Returns a 32-bit word in which each of the bytes in the
-# given 32-bit word has been used as lookup into the AES S-box.
-#-------------------------------------------------------------------
-def substw(w):
- b0 = w >> 24
- b1 = w >> 16 & 0xff
- b2 = w >> 8 & 0xff
- b3 = w & 0xff
-
- s0 = sbox[b0]
- s1 = sbox[b1]
- s2 = sbox[b2]
- s3 = sbox[b3]
-
- res = (s0 << 24) + (s1 << 16) + (s2 << 8) + s3
-
- if VERBOSE:
- print("Inside substw:")
- print("b0 = 0x%02x, b1 = 0x%02x, b2 = 0x%02x, b3 = 0x%02x" %
- (b0, b1, b2, b3))
- print("s0 = 0x%02x, s1 = 0x%02x, s2 = 0x%02x, s3 = 0x%02x" %
- (s0, s1, s2, s3))
- print("res = 0x%08x" % (res))
-
- return res
-
-
-#-------------------------------------------------------------------
-# rol8()
-#
-# Rotate the given 32 bit word 8 bits left.
-#-------------------------------------------------------------------
-def rol8(w):
- return ((w << 8) | (w >> 24)) & 0xffffffff
-
-
-#-------------------------------------------------------------------
-# next_128bit_key()
-#
-# Generate the next four key words for aes-128 based on given
-# rcon and previous key words.
-#-------------------------------------------------------------------
-def next_128bit_key(prev_key, rcon):
- (w0, w1, w2, w3) = prev_key
-
- rol = rol8(w3)
- subst = substw(rol)
- t = subst ^ (rcon << 24)
-
- k0 = w0 ^ t
- k1 = w1 ^ w0 ^ t
- k2 = w2 ^ w1 ^ w0 ^ t
- k3 = w3 ^ w2 ^ w1 ^ w0 ^ t
-
- if VERBOSE:
- print("Inside next 128bit key:")
- print("w0 = 0x%08x, w1 = 0x%08x, w2 = 0x%08x, w3 = 0x%08x" %
- (w0, w1, w2, w3))
- print("rol = 0x%08x, subst = 0x%08x, rcon = 0x%02x, t = 0x%08x" %
- (rol, subst, rcon, t))
- print("k0 = 0x%08x, k1 = 0x%08x, k2 = 0x%08x, k3 = 0x%08x" %
- (k0, k1, k2, k3))
-
- return (k0, k1, k2, k3)
-
-
-#-------------------------------------------------------------------
-# key_gen128()
-#
-# Generating the keys for 128 bit keys.
-#-------------------------------------------------------------------
-def key_gen128(key):
- round_keys = []
-
- round_keys.append(key)
-
- round_keys.append(next_128bit_key(round_keys[0], get_rcon(1)))
- round_keys.append(next_128bit_key(round_keys[1], get_rcon(2)))
- round_keys.append(next_128bit_key(round_keys[2], get_rcon(3)))
- round_keys.append(next_128bit_key(round_keys[3], get_rcon(4)))
- round_keys.append(next_128bit_key(round_keys[4], get_rcon(5)))
- round_keys.append(next_128bit_key(round_keys[5], get_rcon(6)))
- round_keys.append(next_128bit_key(round_keys[6], get_rcon(7)))
- round_keys.append(next_128bit_key(round_keys[7], get_rcon(8)))
- round_keys.append(next_128bit_key(round_keys[8], get_rcon(9)))
- round_keys.append(next_128bit_key(round_keys[9], get_rcon(10)))
-
- return round_keys
-
-
-#-------------------------------------------------------------------
-# next_256bit_key_a()
-#
-# Generate the next four key words for aes-256 using algorithm A
-# based on given rcon and the previous two keys.
-#-------------------------------------------------------------------
-def next_256it_key_a(key0, key1, rcon):
- (w0, w1, w2, w3) = key0
- (w4, w5, w6, w7) = key1
-
- sw = substw(rol8(w7))
- rw = (rcon << 24)
- t = sw ^ rw
-
- k0 = w0 ^ t
- k1 = w1 ^ w0 ^ t
- k2 = w2 ^ w1 ^ w0 ^ t
- k3 = w3 ^ w2 ^ w1 ^ w0 ^ t
-
- if (DUMP_VARS):
- print("next_256bit_key_a:")
- print("w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x" % (w0, w1, w2, w3))
- print("w4 = 0x%08x, w5 = 0x%08x, w6 = 0x%08x, w7 = 0x%08x" % (w4, w5, w6, w7))
- print("t = 0x%08x, sw = 0x%08x, rw = 0x%08x" % (t, sw, rw))
- print("k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x" % (k0, k1, k2, k3))
- print("")
-
- return (k0, k1, k2, k3)
-
-
-#-------------------------------------------------------------------
-# next_256bit_key_b()
-#
-# Generate the next four key words for aes-256 using algorithm B
-# based on given previous eight keywords.
-#-------------------------------------------------------------------
-def next_256it_key_b(key0, key1):
- (w0, w1, w2, w3) = key0
- (w4, w5, w6, w7) = key1
-
- t = substw(w7)
-
- k0 = w0 ^ t
- k1 = w1 ^ w0 ^ t
- k2 = w2 ^ w1 ^ w0 ^ t
- k3 = w3 ^ w2 ^ w1 ^ w0 ^ t
-
- if (DUMP_VARS):
- print("next_256bit_key_b:")
- print("w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x, w0 = 0x%08x" % (w0, w1, w2, w3))
- print("w4 = 0x%08x, w5 = 0x%08x, w6 = 0x%08x, w7 = 0x%08x" % (w4, w5, w6, w7))
- print("t = 0x%08x" % (t))
- print("k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x, k0 = 0x%08x" % (k0, k1, k2, k3))
- print("")
-
- return (k0, k1, k2, k3)
-
-
-#-------------------------------------------------------------------
-# key_gen256()
-#
-# Generating the keys for 256 bit keys.
-#-------------------------------------------------------------------
-def key_gen256(key):
- round_keys = []
- (k0, k1, k2, k3, k4, k5, k6, k7) = key
-
- round_keys.append((k0, k1, k2, k3))
- round_keys.append((k4, k5, k6, k7))
-
- j = 1
- for i in range(0, (AES_256_ROUNDS - 2), 2):
- k = next_256it_key_a(round_keys[i], round_keys[i + 1], get_rcon(j))
- round_keys.append(k)
- k = next_256it_key_b(round_keys[i + 1], round_keys[i + 2])
- round_keys.append(k)
- j += 1
-
- # One final key needs to be generated.
- k = next_256it_key_a(round_keys[12], round_keys[13], get_rcon(7))
- round_keys.append(k)
-
- return round_keys
-
-
-#-------------------------------------------------------------------
-# key_gen()
-#
-# The actual key generation.
-#-------------------------------------------------------------------
-def key_gen(key):
- if VERBOSE:
- print("Generating keys for AES-%d." % (len(key) * 32))
-
- if (len(key) * 32) == 128:
- return key_gen128(key)
-
- else:
- return key_gen256(key)
-
-
-#-------------------------------------------------------------------
-# get_rcon()
-#
-# Function implementation of rcon. Calculates rcon for a
-# given round. This could be implemented as an iterator.
-#-------------------------------------------------------------------
-def get_rcon(round):
- rcon = 0x8d
-
- for i in range(0, round):
- rcon = ((rcon << 1) ^ (0x11b & - (rcon >> 7))) & 0xff
-
- return rcon
-
-
-#-------------------------------------------------------------------
-# print_bytekeys()
-#
-# Print a set of round keys given as an array of bytes.
-#-------------------------------------------------------------------
-def print_bytekeys(keys):
- i = 0
- print("Number of round keys: %d" % (int(len(keys) / 16)))
- while i < (len(keys) - 1):
- for j in range(16):
- print("0x%02x " % keys[i + j], end="")
- print("")
- i += 16
-
-
-#-------------------------------------------------------------------
-# test_rcon()
-#
-# Test of the rcon function.
-#-------------------------------------------------------------------
-def test_rcon():
- print("Testing rcon:")
- for i in range(20):
- print("rcon %02d = 0x%02x" % (i, get_rcon(i)))
-
-
-#-------------------------------------------------------------------
-# test_key()
-#
-# Generate round keys for a given key and compare them to
-# the given expected round keys.
-#-------------------------------------------------------------------
-def test_key(key, expected):
- if len(key) not in [4, 8]:
- print("Error: Key is %d bits, not 128 or 256 bits" % (len(key) * 32))
- return
-
- generated = key_gen(key)
-
- if VERBOSE:
- for k in generated:
- (w0, w1, w2, w3) = k
- print("0x%08x, 0x%08x, 0x%08x, 0x%08x" %
- (w0, w1, w2, w3))
-
- if (len(generated) != len(expected)):
- print("Error: Incorrect number of keys generated.")
- print("Expected number of round keys: %d" % len(expected))
- print("Got number of round keys: %d" % len(generated))
-
- for i in range(len(generated)):
- exp = expected[i]
- got = generated[i]
- if (exp != got):
- print("Error: Error in round key %d." % i)
- (e0, e1, e2, e3) = exp
- (g0, g1, g2, g3) = got
- print("Expected: 0x%08x 0x%08x 0x%08x 0x%08x"\
- % (e0, e1, e2, e3))
- print("Got: 0x%08x 0x%08x 0x%08x 0x%08x"\
- % (g0, g1, g2, g3))
- else:
- print("Correct key generated.")
-
-
-#-------------------------------------------------------------------
-# test_key_expansion()
-#
-# Perform key expansion tests.
-# The test keys and expected round keys are taken from:
-# http://www.samiam.org/key-schedule.html
-#-------------------------------------------------------------------
-def test_key_expansion():
- # 128 bit keys.
- key128_1 = (0x00000000, 0x00000000, 0x00000000, 0x00000000)
- exp128_1 = ((0x00000000, 0x00000000, 0x00000000, 0x00000000),
- (0x62636363, 0x62636363, 0x62636363, 0x62636363),
- (0x9b9898c9, 0xf9fbfbaa, 0x9b9898c9, 0xf9fbfbaa),
- (0x90973450, 0x696ccffa, 0xf2f45733, 0x0b0fac99),
- (0xee06da7b, 0x876a1581, 0x759e42b2, 0x7e91ee2b),
- (0x7f2e2b88, 0xf8443e09, 0x8dda7cbb, 0xf34b9290),
- (0xec614b85, 0x1425758c, 0x99ff0937, 0x6ab49ba7),
- (0x21751787, 0x3550620b, 0xacaf6b3c, 0xc61bf09b),
- (0x0ef90333, 0x3ba96138, 0x97060a04, 0x511dfa9f),
- (0xb1d4d8e2, 0x8a7db9da, 0x1d7bb3de, 0x4c664941),
- (0xb4ef5bcb, 0x3e92e211, 0x23e951cf, 0x6f8f188e))
-
- key128_2 = (0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff)
- exp128_2 = ((0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
- (0xe8e9e9e9, 0x17161616, 0xe8e9e9e9, 0x17161616),
- (0xadaeae19, 0xbab8b80f, 0x525151e6, 0x454747f0),
- (0x090e2277, 0xb3b69a78, 0xe1e7cb9e, 0xa4a08c6e),
- (0xe16abd3e, 0x52dc2746, 0xb33becd8, 0x179b60b6),
- (0xe5baf3ce, 0xb766d488, 0x045d3850, 0x13c658e6),
- (0x71d07db3, 0xc6b6a93b, 0xc2eb916b, 0xd12dc98d),
- (0xe90d208d, 0x2fbb89b6, 0xed5018dd, 0x3c7dd150),
- (0x96337366, 0xb988fad0, 0x54d8e20d, 0x68a5335d),
- (0x8bf03f23, 0x3278c5f3, 0x66a027fe, 0x0e0514a3),
- (0xd60a3588, 0xe472f07b, 0x82d2d785, 0x8cd7c326))
-
- key128_3 = (0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f)
- exp128_3 = ((0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f),
- (0xd6aa74fd, 0xd2af72fa, 0xdaa678f1, 0xd6ab76fe),
- (0xb692cf0b, 0x643dbdf1, 0xbe9bc500, 0x6830b3fe),
- (0xb6ff744e, 0xd2c2c9bf, 0x6c590cbf, 0x0469bf41),
- (0x47f7f7bc, 0x95353e03, 0xf96c32bc, 0xfd058dfd),
- (0x3caaa3e8, 0xa99f9deb, 0x50f3af57, 0xadf622aa),
- (0x5e390f7d, 0xf7a69296, 0xa7553dc1, 0x0aa31f6b),
- (0x14f9701a, 0xe35fe28c, 0x440adf4d, 0x4ea9c026),
- (0x47438735, 0xa41c65b9, 0xe016baf4, 0xaebf7ad2),
- (0x549932d1, 0xf0855768, 0x1093ed9c, 0xbe2c974e),
- (0x13111d7f, 0xe3944a17, 0xf307a78b, 0x4d2b30c5))
-
- key128_4 = (0x6920e299, 0xa5202a6d, 0x656e6368, 0x69746f2a)
- exp128_4 = ((0x6920e299, 0xa5202a6d, 0x656e6368, 0x69746f2a),
- (0xfa880760, 0x5fa82d0d, 0x3ac64e65, 0x53b2214f),
- (0xcf75838d, 0x90ddae80, 0xaa1be0e5, 0xf9a9c1aa),
- (0x180d2f14, 0x88d08194, 0x22cb6171, 0xdb62a0db),
- (0xbaed96ad, 0x323d1739, 0x10f67648, 0xcb94d693),
- (0x881b4ab2, 0xba265d8b, 0xaad02bc3, 0x6144fd50),
- (0xb34f195d, 0x096944d6, 0xa3b96f15, 0xc2fd9245),
- (0xa7007778, 0xae6933ae, 0x0dd05cbb, 0xcf2dcefe),
- (0xff8bccf2, 0x51e2ff5c, 0x5c32a3e7, 0x931f6d19),
- (0x24b7182e, 0x7555e772, 0x29674495, 0xba78298c),
- (0xae127cda, 0xdb479ba8, 0xf220df3d, 0x4858f6b1))
-
- nist_aes128_key = (0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c)
- exp_nist128_key = ((0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c),
- (0xa0fafe17, 0x88542cb1, 0x23a33939, 0x2a6c7605),
- (0xf2c295f2, 0x7a96b943, 0x5935807a, 0x7359f67f),
- (0x3d80477d, 0x4716fe3e, 0x1e237e44, 0x6d7a883b),
- (0xef44a541, 0xa8525b7f, 0xb671253b, 0xdb0bad00),
- (0xd4d1c6f8, 0x7c839d87, 0xcaf2b8bc, 0x11f915bc),
- (0x6d88a37a, 0x110b3efd, 0xdbf98641, 0xca0093fd),
- (0x4e54f70e, 0x5f5fc9f3, 0x84a64fb2, 0x4ea6dc4f),
- (0xead27321, 0xb58dbad2, 0x312bf560, 0x7f8d292f),
- (0xac7766f3, 0x19fadc21, 0x28d12941, 0x575c006e),
- (0xd014f9a8, 0xc9ee2589, 0xe13f0cc8, 0xb6630ca6))
-
-
- # 256 bit keys.
- key256_1 = (0x00000000, 0x00000000, 0x00000000, 0x00000000,
- 0x00000000, 0x00000000, 0x00000000, 0x0000000)
- exp256_1 = ((0x00000000, 0x00000000, 0x00000000, 0x00000000),
- (0x00000000, 0x00000000, 0x00000000, 0x00000000),
- (0x62636363, 0x62636363, 0x62636363, 0x62636363),
- (0xaafbfbfb, 0xaafbfbfb, 0xaafbfbfb, 0xaafbfbfb),
- (0x6f6c6ccf, 0x0d0f0fac, 0x6f6c6ccf, 0x0d0f0fac),
- (0x7d8d8d6a, 0xd7767691, 0x7d8d8d6a, 0xd7767691),
- (0x5354edc1, 0x5e5be26d, 0x31378ea2, 0x3c38810e),
- (0x968a81c1, 0x41fcf750, 0x3c717a3a, 0xeb070cab),
- (0x9eaa8f28, 0xc0f16d45, 0xf1c6e3e7, 0xcdfe62e9),
- (0x2b312bdf, 0x6acddc8f, 0x56bca6b5, 0xbdbbaa1e),
- (0x6406fd52, 0xa4f79017, 0x553173f0, 0x98cf1119),
- (0x6dbba90b, 0x07767584, 0x51cad331, 0xec71792f),
- (0xe7b0e89c, 0x4347788b, 0x16760b7b, 0x8eb91a62),
- (0x74ed0ba1, 0x739b7e25, 0x2251ad14, 0xce20d43b),
- (0x10f80a17, 0x53bf729c, 0x45c979e7, 0xcb706385))
-
-
- key256_2 = (0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff,
- 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff)
- exp256_2 = ((0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
- (0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
- (0xe8e9e9e9, 0x17161616, 0xe8e9e9e9, 0x17161616),
- (0x0fb8b8b8, 0xf0474747, 0x0fb8b8b8, 0xf0474747),
- (0x4a494965, 0x5d5f5f73, 0xb5b6b69a, 0xa2a0a08c),
- (0x355858dc, 0xc51f1f9b, 0xcaa7a723, 0x3ae0e064),
- (0xafa80ae5, 0xf2f75596, 0x4741e30c, 0xe5e14380),
- (0xeca04211, 0x29bf5d8a, 0xe318faa9, 0xd9f81acd),
- (0xe60ab7d0, 0x14fde246, 0x53bc014a, 0xb65d42ca),
- (0xa2ec6e65, 0x8b5333ef, 0x684bc946, 0xb1b3d38b),
- (0x9b6c8a18, 0x8f91685e, 0xdc2d6914, 0x6a702bde),
- (0xa0bd9f78, 0x2beeac97, 0x43a565d1, 0xf216b65a),
- (0xfc223491, 0x73b35ccf, 0xaf9e35db, 0xc5ee1e05),
- (0x0695ed13, 0x2d7b4184, 0x6ede2455, 0x9cc8920f),
- (0x546d424f, 0x27de1e80, 0x88402b5b, 0x4dae355e))
-
-
- key256_3 = (0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f,
- 0x10111213, 0x14151617, 0x18191a1b, 0x1c1d1e1f)
- exp256_3 = ((0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f),
- (0x10111213, 0x14151617, 0x18191a1b, 0x1c1d1e1f),
- (0xa573c29f, 0xa176c498, 0xa97fce93, 0xa572c09c),
- (0x1651a8cd, 0x0244beda, 0x1a5da4c1, 0x0640bade),
- (0xae87dff0, 0x0ff11b68, 0xa68ed5fb, 0x03fc1567),
- (0x6de1f148, 0x6fa54f92, 0x75f8eb53, 0x73b8518d),
- (0xc656827f, 0xc9a79917, 0x6f294cec, 0x6cd5598b),
- (0x3de23a75, 0x524775e7, 0x27bf9eb4, 0x5407cf39),
- (0x0bdc905f, 0xc27b0948, 0xad5245a4, 0xc1871c2f),
- (0x45f5a660, 0x17b2d387, 0x300d4d33, 0x640a820a),
- (0x7ccff71c, 0xbeb4fe54, 0x13e6bbf0, 0xd261a7df),
- (0xf01afafe, 0xe7a82979, 0xd7a5644a, 0xb3afe640),
- (0x2541fe71, 0x9bf50025, 0x8813bbd5, 0x5a721c0a),
- (0x4e5a6699, 0xa9f24fe0, 0x7e572baa, 0xcdf8cdea),
- (0x24fc79cc, 0xbf0979e9, 0x371ac23c, 0x6d68de36))
-
-
- nist_aes256_key = (0x603deb10, 0x15ca71be, 0x2b73aef0, 0x857d7781,
- 0x1f352c07, 0x3b6108d7, 0x2d9810a3, 0x0914dff4)
-
- exp_nist256_key = ((0x603deb10, 0x15ca71be, 0x2b73aef0, 0x857d7781),
- (0x1f352c07, 0x3b6108d7, 0x2d9810a3, 0x0914dff4),
- (0x9ba35411, 0x8e6925af, 0xa51a8b5f, 0x2067fcde),
- (0xa8b09c1a, 0x93d194cd, 0xbe49846e, 0xb75d5b9a),
- (0xd59aecb8, 0x5bf3c917, 0xfee94248, 0xde8ebe96),
- (0xb5a9328a, 0x2678a647, 0x98312229, 0x2f6c79b3),
- (0x812c81ad, 0xdadf48ba, 0x24360af2, 0xfab8b464),
- (0x98c5bfc9, 0xbebd198e, 0x268c3ba7, 0x09e04214),
- (0x68007bac, 0xb2df3316, 0x96e939e4, 0x6c518d80),
- (0xc814e204, 0x76a9fb8a, 0x5025c02d, 0x59c58239),
- (0xde136967, 0x6ccc5a71, 0xfa256395, 0x9674ee15),
- (0x5886ca5d, 0x2e2f31d7, 0x7e0af1fa, 0x27cf73c3),
- (0x749c47ab, 0x18501dda, 0xe2757e4f, 0x7401905a),
- (0xcafaaae3, 0xe4d59b34, 0x9adf6ace, 0xbd10190d),
- (0xfe4890d1, 0xe6188d0b, 0x046df344, 0x706c631e))
-
- print("*** Test of 128 bit keys: ***")
- test_key(key128_1, exp128_1)
- test_key(key128_2, exp128_2)
- test_key(key128_3, exp128_3)
- test_key(key128_4, exp128_4)
-
- print("The NIST 128 key:")
- test_key(nist_aes128_key, exp_nist128_key)
- print("")
-
-
- print("*** Test of 256 bit keys: ***")
- test_key(key256_1, exp256_1)
- test_key(key256_2, exp256_2)
- test_key(key256_3, exp256_3)
-
- print("The NIST 256 key:")
- test_key(nist_aes256_key, exp_nist256_key)
- print("")
-
- print("")
-
-
-#-------------------------------------------------------------------
-# main()
-#
-# If executed tests the ChaCha class using known test vectors.
-#-------------------------------------------------------------------
-def main():
- print("Testing the AES key generation")
- print("==============================")
- print
-
- test_key_expansion()
-
-
-#-------------------------------------------------------------------
-# __name__
-# Python thingy which allows the file to be run standalone as
-# well as parsed from within a Python interpreter.
-#-------------------------------------------------------------------
-if __name__=="__main__":
- # Run the main function.
- sys.exit(main())
-
-#=======================================================================
-# EOF aes_key_gen.py
-#=======================================================================
diff --git a/src/model/python/rcon.py b/src/model/python/rcon.py
deleted file mode 100644
index acd6ea4..0000000
--- a/src/model/python/rcon.py
+++ /dev/null
@@ -1,586 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-#=======================================================================
-#
-# aes_key_gen.py
-# -------------
-# Simple, pure Python test model of the AES key generation.
-#
-#
-# Author: Joachim Strombergson
-# Copyright (c) 2014, NORDUnet A/S
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-# - Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-#
-# - Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# - Neither the name of the NORDUnet nor the names of its contributors may
-# be used to endorse or promote products derived from this software
-# without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
-# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-#=======================================================================
-
-#-------------------------------------------------------------------
-# Python module imports.
-#-------------------------------------------------------------------
-import sys
-
-
-#-------------------------------------------------------------------
-# Constants.
-#-------------------------------------------------------------------
-VERBOSE = True
-
-AES_128_ROUNDS = 10
-AES_192_ROUNDS = 12
-AES_256_ROUNDS = 14
-
-
-sbox = [0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
- 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
- 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
- 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
- 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
- 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
- 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
- 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
- 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
- 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
- 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
- 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
- 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
- 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
- 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
- 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
- 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
- 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
- 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
- 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
- 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
- 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16]
-
-
-#-------------------------------------------------------------------
-# substw()
-#
-# Returns a 32-bit word in which each of the bytes in the
-# given 32-bit word has been used as lookup into the AES S-box.
-#-------------------------------------------------------------------
-def substw(w):
- b0 = w >> 24
- b1 = w >> 16 & 0xff
- b2 = w >> 8 & 0xff
- b3 = w & 0xff
-
- s0 = sbox[b0]
- s1 = sbox[b1]
- s2 = sbox[b2]
- s3 = sbox[b3]
-
- return (s0 << 24) + (s1 << 16) + (s2 << 8) + s3
-
-
-#-------------------------------------------------------------------
-# rol8()
-#
-# Rotate the given 32 bit word 8 bits left.
-#-------------------------------------------------------------------
-def rol8(w):
- return ((w << 8) | (w >> 24)) & 0xffffffff
-
-
-#-------------------------------------------------------------------
-# next_words()
-#
-# Generate the next four key words based on given rcon and
-# previous key words.
-#-------------------------------------------------------------------
-def next_words(prev_words, rcon):
- (prev_x0, prev_x1, prev_x2, prev_x3) = prev_words
- tmp = substw(rol8(prev_x3)) ^ (rcon << 24)
- x0 = prev_x0 ^ tmp
- x1 = prev_x1 ^ x0
- x2 = prev_x2 ^ x1
- x3 = prev_x3 ^ x2
- return (x0, x1, x2, x3)
-
-
-#-------------------------------------------------------------------
-# key_gen()
-#
-# The actual key generation.
-#-------------------------------------------------------------------
-def key_gen(key):
- nr_rounds = {4:AES_128_ROUNDS, 6:AES_192_ROUNDS, 8:AES_256_ROUNDS}[len(key)]
- if VERBOSE:
- print("Generating keys for AES-%d." % (len(key) * 32))
-
- round_keys = []
- if nr_rounds == AES_128_ROUNDS:
- round_keys.append(key)
-
- elif nr_rounds == AES_192_ROUNDS:
- (k0, k1, k2, k3, k4, k5) = key
- round_keys.append((k0, k1, k2, k3))
- rcon = ((0x8d << 1) ^ (0x11b & - (0x8d >> 7))) & 0xff
- (x0, x1, x2, x3) = next_words((k0, k1, k2, k3), rcon)
- round_keys.append((k4, k5, x2, x3))
- nr_rounds -= 1
-
- else:
- # nr_rounds == AES_192_ROUNDS
- (k0, k1, k2, k3, k4, k5, k6, k7) = key
- round_keys.append((k0, k1, k2, k3))
- round_keys.append((k4, k5, k6, k7))
- nr_rounds -= 1
-
- rcon = 0x8d
-
- for i in range(0, nr_rounds):
- rcon = ((rcon << 1) ^ (0x11b & - (rcon >> 7))) & 0xff
- round_keys.append(next_words(round_keys[i], rcon))
-
- return round_keys
-
-
-#-------------------------------------------------------------------
-# sam_rcon()
-#
-# Function implementation of rcon. Calculates rcon for a
-# given round. This could be implemented as an iterator
-#-------------------------------------------------------------------
-def sam_rcon(round):
- rcon = 0x8d
-
- for i in range(0, round):
- rcon = ((rcon << 1) ^ (0x11b & - (rcon >> 7))) & 0xff
-
- return rcon
-
-
-#-------------------------------------------------------------------
-# sam_schedule_core()
-#
-# Perform the rotate and SubBytes operation used in all schedules.
-#-------------------------------------------------------------------
-def sam_schedule_core(word, i):
- # Rotate one byte left
- word = word[1 : 4] + [word[0]]
-
- # Perform SubBytes on all bytes in the word.
- for a in range(4):
- word[a] = sbox[word[a]]
-
- # XOR with rcon on the first byte
- rcon = sam_rcon(i)
- print("rcon = 0x%02x" % rcon)
- word[0] = word[0] ^ rcon
-
- return word
-
-
-#-------------------------------------------------------------------
-# sam_128_bit_key_expansion()
-#
-# Byte based key expansion for 128 bit keys by Sam Trenholme:
-# http://www.samiam.org/key-schedule.html
-#
-# the key here should be supplied as an array of bytes.
-# The array will be updated during processing.
-#-------------------------------------------------------------------
-def sam_128_bit_key_expansion(key):
- t = [0] * 4
- expkey = [0x0] * (11 * 16)
- expkey[0:15] = key[:]
-
- # c is 16 because the first sub-key is the user-supplied key
- c = 16;
- i = 1;
-
- # We need 11 sets of sixteen bytes each for 128-bit mode
- # 11 * 16 = 176
- while (c < 176):
- # Copy the temporary variable over from the last 4-byte block
- for a in range(4):
- t[a] = expkey[a + c - 4]
-
- # Every four blocks (of four bytes), do a complex calculation */
- if (c % 16 == 0):
- t = sam_schedule_core(t, i)
- i += 1
-
- # New key is old key xored with the copied and possibly
- # transformed word.
- for a in range(4):
- expkey[c] = expkey[c - 16] ^ t[a]
- c += 1
-
- return expkey
-
-
-#-------------------------------------------------------------------
-# sam_192_bit_key_expansion()
-#
-# Byte based key expansion for 192 bit keys by Sam Trenholme:
-# http://www.samiam.org/key-schedule.html
-#-------------------------------------------------------------------
-def sam_192_bit_key_expansion(key):
- pass
-#void expand_key(unsigned char *key) {
-# unsigned char t[4];
-# unsigned char c = 24;
-# unsigned char i = 1;
-# unsigned char a;
-# while(c < 208) {
-# /* Copy the temporary variable over */
-# for(a = 0; a < 4; a++)
-# t[a] = key[a + c - 4];
-# /* Every six sets, do a complex calculation */
-# if(c % 24 == 0) {
-# schedule_code(t,i);
-# i++;
-# }
-# for(a = 0; a < 4; a++) {
-# key[c] = key[c - 24] ^ t[a];
-# c++;
-# }
-# }
-#}
-
-
-
-
-#-------------------------------------------------------------------
-# sam_256_bit_key_expansion()
-#
-# Byte based key expansion for 256 bit keys by Sam Trenholme:
-# http://www.samiam.org/key-schedule.html
-#-------------------------------------------------------------------
-def sam_256_bit_key_expansion(key):
- pass
-#void expand_key(unsigned char *key) {
-# unsigned char t[4];
-# unsigned char c = 32;
-# unsigned char i = 1;
-# unsigned char a;
-# while(c < 240) {
-# /* Copy the temporary variable over */
-# for(a = 0; a < 4; a++)
-# t[a] = key[a + c - 4];
-# /* Every eight sets, do a complex calculation */
-# if(c % 32 == 0) {
-# schedule_core(t,i);
-# i++;
-# }
-# /* For 256-bit keys, we add an extra sbox to the
-# * calculation */
-# if(c % 32 == 16) {
-# for(a = 0; a < 4; a++)
-# t[a] = sbox(t[a]);
-# }
-# for(a = 0; a < 4; a++) {
-# key[c] = key[c - 32] ^ t[a];
-# c++;
-# }
-# }
-#}
-
-
-#-------------------------------------------------------------------
-# print_bytekeys()
-#
-# Print a set of round keys given as an array of bytes.
-#-------------------------------------------------------------------
-def print_bytekeys(keys):
- i = 0
- print("Number of round keys: %d" % (int(len(keys) / 16)))
- while i < (len(keys) - 1):
- for j in range(16):
- print("0x%02x " % keys[i + j], end="")
- print("")
- i += 16
-
-
-#-------------------------------------------------------------------
-# test_key()
-#
-# Generate round keys for a given key and compare them to
-# the given expected round keys.
-#-------------------------------------------------------------------
-def test_key(key, expected):
- if len(key) not in [4, 6, 8]:
- print("Error: Key is %d bits, not 128, 192 or 256 bits" % (len(key) * 32))
- return
-
- generated = key_gen(key)
-
- if (len(generated) != len(expected)):
- print("Error: Incorrect number of keys generated.")
- print("Expected number of round keys: %d" % len(expected))
- print("Got number of round keys: %d" % len(generated))
-
- for i in range(len(generated)):
- exp = expected[i]
- got = generated[i]
- if (exp != got):
- print("Error: Error in round key %d." % i)
- (e0, e1, e2, e3) = exp
- (g0, g1, g2, g3) = got
- print("Expected: 0x%08x 0x%08x 0x%08x 0x%08x"\
- % (e0, e1, e2, e3))
- print("Got: 0x%08x 0x%08x 0x%08x 0x%08x"\
- % (g0, g1, g2, g3))
-
-
-#-------------------------------------------------------------------
-# test_key_expansion()
-#
-# Perform key expansion tests.
-# The test keys and expected round keys are taken from:
-# http://www.samiam.org/key-schedule.html
-#-------------------------------------------------------------------
-def test_key_expansion():
- # recon-test
- print("rcon test:")
- for i in range(20):
- print("rcon %02d = 0x%02x" % (i, sam_rcon(i)))
-
- # Test of sam-implementations.
- sam_key128_1 = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]
-
- my_expkey = sam_128_bit_key_expansion(sam_key128_1)
- print_bytekeys(my_expkey)
-
-
- # 128 bit keys.
-# key128_1 = (0x00000000, 0x00000000, 0x00000000, 0x00000000)
-# exp128_1 = ((0x00000000, 0x00000000, 0x00000000, 0x00000000),
-# (0x62636363, 0x62636363, 0x62636363, 0x62636363),
-# (0x9b9898c9, 0xf9fbfbaa, 0x9b9898c9, 0xf9fbfbaa),
-# (0x90973450, 0x696ccffa, 0xf2f45733, 0x0b0fac99),
-# (0xee06da7b, 0x876a1581, 0x759e42b2, 0x7e91ee2b),
-# (0x7f2e2b88, 0xf8443e09, 0x8dda7cbb, 0xf34b9290),
-# (0xec614b85, 0x1425758c, 0x99ff0937, 0x6ab49ba7),
-# (0x21751787, 0x3550620b, 0xacaf6b3c, 0xc61bf09b),
-# (0x0ef90333, 0x3ba96138, 0x97060a04, 0x511dfa9f),
-# (0xb1d4d8e2, 0x8a7db9da, 0x1d7bb3de, 0x4c664941),
-# (0xb4ef5bcb, 0x3e92e211, 0x23e951cf, 0x6f8f188e))
-#
-# key128_2 = (0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff)
-# exp128_2 = ((0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
-# (0xe8e9e9e9, 0x17161616, 0xe8e9e9e9, 0x17161616),
-# (0xadaeae19, 0xbab8b80f, 0x525151e6, 0x454747f0),
-# (0x090e2277, 0xb3b69a78, 0xe1e7cb9e, 0xa4a08c6e),
-# (0xe16abd3e, 0x52dc2746, 0xb33becd8, 0x179b60b6),
-# (0xe5baf3ce, 0xb766d488, 0x045d3850, 0x13c658e6),
-# (0x71d07db3, 0xc6b6a93b, 0xc2eb916b, 0xd12dc98d),
-# (0xe90d208d, 0x2fbb89b6, 0xed5018dd, 0x3c7dd150),
-# (0x96337366, 0xb988fad0, 0x54d8e20d, 0x68a5335d),
-# (0x8bf03f23, 0x3278c5f3, 0x66a027fe, 0x0e0514a3),
-# (0xd60a3588, 0xe472f07b, 0x82d2d785, 0x8cd7c326))
-#
-# key128_3 = (0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f)
-# exp128_3 = ((0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f),
-# (0xd6aa74fd, 0xd2af72fa, 0xdaa678f1, 0xd6ab76fe),
-# (0xb692cf0b, 0x643dbdf1, 0xbe9bc500, 0x6830b3fe),
-# (0xb6ff744e, 0xd2c2c9bf, 0x6c590cbf, 0x0469bf41),
-# (0x47f7f7bc, 0x95353e03, 0xf96c32bc, 0xfd058dfd),
-# (0x3caaa3e8, 0xa99f9deb, 0x50f3af57, 0xadf622aa),
-# (0x5e390f7d, 0xf7a69296, 0xa7553dc1, 0x0aa31f6b),
-# (0x14f9701a, 0xe35fe28c, 0x440adf4d, 0x4ea9c026),
-# (0x47438735, 0xa41c65b9, 0xe016baf4, 0xaebf7ad2),
-# (0x549932d1, 0xf0855768, 0x1093ed9c, 0xbe2c974e),
-# (0x13111d7f, 0xe3944a17, 0xf307a78b, 0x4d2b30c5))
-#
-# key128_4 = (0x6920e299, 0xa5202a6d, 0x656e6368, 0x69746f2a)
-# exp128_4 = ((0x6920e299, 0xa5202a6d, 0x656e6368, 0x69746f2a),
-# (0xfa880760, 0x5fa82d0d, 0x3ac64e65, 0x53b2214f),
-# (0xcf75838d, 0x90ddae80, 0xaa1be0e5, 0xf9a9c1aa),
-# (0x180d2f14, 0x88d08194, 0x22cb6171, 0xdb62a0db),
-# (0xbaed96ad, 0x323d1739, 0x10f67648, 0xcb94d693),
-# (0x881b4ab2, 0xba265d8b, 0xaad02bc3, 0x6144fd50),
-# (0xb34f195d, 0x096944d6, 0xa3b96f15, 0xc2fd9245),
-# (0xa7007778, 0xae6933ae, 0x0dd05cbb, 0xcf2dcefe),
-# (0xff8bccf2, 0x51e2ff5c, 0x5c32a3e7, 0x931f6d19),
-# (0x24b7182e, 0x7555e772, 0x29674495, 0xba78298c),
-# (0xae127cda, 0xdb479ba8, 0xf220df3d, 0x4858f6b1))
-#
-# # 192 bit keys.
-# key192_1 = (0x00000000, 0x00000000, 0x00000000,
-# 0x00000000, 0x00000000, 0x00000000)
-# exp192_1 = ((0x00000000, 0x00000000, 0x00000000, 0x00000000),
-# (0x00000000, 0x00000000, 0x62636363, 0x62636363),
-# (0x62636363, 0x62636363, 0x62636363, 0x62636363),
-# (0x9b9898c9, 0xf9fbfbaa, 0x9b9898c9, 0xf9fbfbaa),
-# (0x9b9898c9, 0xf9fbfbaa, 0x90973450, 0x696ccffa),
-# (0xf2f45733, 0x0b0fac99, 0x90973450, 0x696ccffa),
-# (0xc81d19a9, 0xa171d653, 0x53858160, 0x588a2df9),
-# (0xc81d19a9, 0xa171d653, 0x7bebf49b, 0xda9a22c8),
-# (0x891fa3a8, 0xd1958e51, 0x198897f8, 0xb8f941ab),
-# (0xc26896f7, 0x18f2b43f, 0x91ed1797, 0x407899c6),
-# (0x59f00e3e, 0xe1094f95, 0x83ecbc0f, 0x9b1e0830),
-# (0x0af31fa7, 0x4a8b8661, 0x137b885f, 0xf272c7ca),
-# (0x432ac886, 0xd834c0b6, 0xd2c7df11, 0x984c5970))
-#
-# key192_2 = (0xffffffff, 0xffffffff, 0xffffffff,
-# 0xffffffff, 0xffffffff, 0xffffffff)
-# exp192_2 = ((0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
-# (0xffffffff, 0xffffffff, 0xe8e9e9e9, 0x17161616),
-# (0xe8e9e9e9, 0x17161616, 0xe8e9e9e9, 0x17161616),
-# (0xadaeae19, 0xbab8b80f, 0x525151e6, 0x454747f0),
-# (0xadaeae19, 0xbab8b80f, 0xc5c2d8ed, 0x7f7a60e2),
-# (0x2d2b3104, 0x686c76f4, 0xc5c2d8ed, 0x7f7a60e2),
-# (0x1712403f, 0x686820dd, 0x454311d9, 0x2d2f672d),
-# (0xe8edbfc0, 0x9797df22, 0x8f8cd3b7, 0xe7e4f36a),
-# (0xa2a7e2b3, 0x8f88859e, 0x67653a5e, 0xf0f2e57c),
-# (0x2655c33b, 0xc1b13051, 0x6316d2e2, 0xec9e577c),
-# (0x8bfb6d22, 0x7b09885e, 0x67919b1a, 0xa620ab4b),
-# (0xc53679a9, 0x29a82ed5, 0xa25343f7, 0xd95acba9),
-# (0x598e482f, 0xffaee364, 0x3a989acd, 0x1330b418))
-#
-# key192_3 = (0x00010203, 0x04050607, 0x08090a0b,
-# 0x0c0d0e0f, 0x10111213, 0x14151617)
-# exp192_3 = ((0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f),
-# (0x10111213, 0x14151617, 0x5846f2f9, 0x5c43f4fe),
-# (0x544afef5, 0x5847f0fa, 0x4856e2e9, 0x5c43f4fe),
-# (0x40f949b3, 0x1cbabd4d, 0x48f043b8, 0x10b7b342),
-# (0x58e151ab, 0x04a2a555, 0x7effb541, 0x6245080c),
-# (0x2ab54bb4, 0x3a02f8f6, 0x62e3a95d, 0x66410c08),
-# (0xf5018572, 0x97448d7e, 0xbdf1c6ca, 0x87f33e3c),
-# (0xe5109761, 0x83519b69, 0x34157c9e, 0xa351f1e0),
-# (0x1ea0372a, 0x99530916, 0x7c439e77, 0xff12051e),
-# (0xdd7e0e88, 0x7e2fff68, 0x608fc842, 0xf9dcc154),
-# (0x859f5f23, 0x7a8d5a3d, 0xc0c02952, 0xbeefd63a),
-# (0xde601e78, 0x27bcdf2c, 0xa223800f, 0xd8aeda32),
-# (0xa4970a33, 0x1a78dc09, 0xc418c271, 0xe3a41d5d))
-#
-# # 256 bit keys.
-# key256_1 = (0x00000000, 0x00000000, 0x00000000, 0x00000000,
-# 0x00000000, 0x00000000, 0x00000000, 0x0000000)
-# exp256_1 = ((0x00000000, 0x00000000, 0x00000000, 0x00000000),
-# (0x00000000, 0x00000000, 0x00000000, 0x00000000),
-# (0x62636363, 0x62636363, 0x62636363, 0x62636363),
-# (0xaafbfbfb, 0xaafbfbfb, 0xaafbfbfb, 0xaafbfbfb),
-# (0x6f6c6ccf, 0x0d0f0fac, 0x6f6c6ccf, 0x0d0f0fac),
-# (0x7d8d8d6a, 0xd7767691, 0x7d8d8d6a, 0xd7767691),
-# (0x5354edc1, 0x5e5be26d, 0x31378ea2, 0x3c38810e),
-# (0x968a81c1, 0x41fcf750, 0x3c717a3a, 0xeb070cab),
-# (0x9eaa8f28, 0xc0f16d45, 0xf1c6e3e7, 0xcdfe62e9),
-# (0x2b312bdf, 0x6acddc8f, 0x56bca6b5, 0xbdbbaa1e),
-# (0x6406fd52, 0xa4f79017, 0x553173f0, 0x98cf1119),
-# (0x6dbba90b, 0x07767584, 0x51cad331, 0xec71792f),
-# (0xe7b0e89c, 0x4347788b, 0x16760b7b, 0x8eb91a62),
-# (0x74ed0ba1, 0x739b7e25, 0x2251ad14, 0xce20d43b),
-# (0x10f80a17, 0x53bf729c, 0x45c979e7, 0xcb706385))
-#
-# key256_2 = (0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff,
-# 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff)
-# exp256_2 = ((0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
-# (0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff),
-# (0xe8e9e9e9, 0x17161616, 0xe8e9e9e9, 0x17161616),
-# (0x0fb8b8b8, 0xf0474747, 0x0fb8b8b8, 0xf0474747),
-# (0x4a494965, 0x5d5f5f73, 0xb5b6b69a, 0xa2a0a08c),
-# (0x355858dc, 0xc51f1f9b, 0xcaa7a723, 0x3ae0e064),
-# (0xafa80ae5, 0xf2f75596, 0x4741e30c, 0xe5e14380),
-# (0xeca04211, 0x29bf5d8a, 0xe318faa9, 0xd9f81acd),
-# (0xe60ab7d0, 0x14fde246, 0x53bc014a, 0xb65d42ca),
-# (0xa2ec6e65, 0x8b5333ef, 0x684bc946, 0xb1b3d38b),
-# (0x9b6c8a18, 0x8f91685e, 0xdc2d6914, 0x6a702bde),
-# (0xa0bd9f78, 0x2beeac97, 0x43a565d1, 0xf216b65a),
-# (0xfc223491, 0x73b35ccf, 0xaf9e35db, 0xc5ee1e05),
-# (0x0695ed13, 0x2d7b4184, 0x6ede2455, 0x9cc8920f),
-# (0x546d424f, 0x27de1e80, 0x88402b5b, 0x4dae355e))
-#
-# key256_3 = (0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f,
-# 0x10111213, 0x14151617, 0x18191a1b, 0x1c1d1e1f)
-# exp256_3 = ((0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f),
-# (0x10111213, 0x14151617, 0x18191a1b, 0x1c1d1e1f),
-# (0xa573c29f, 0xa176c498, 0xa97fce93, 0xa572c09c),
-# (0x1651a8cd, 0x0244beda, 0x1a5da4c1, 0x0640bade),
-# (0xae87dff0, 0x0ff11b68, 0xa68ed5fb, 0x03fc1567),
-# (0x6de1f148, 0x6fa54f92, 0x75f8eb53, 0x73b8518d),
-# (0xc656827f, 0xc9a79917, 0x6f294cec, 0x6cd5598b),
-# (0x3de23a75, 0x524775e7, 0x27bf9eb4, 0x5407cf39),
-# (0x0bdc905f, 0xc27b0948, 0xad5245a4, 0xc1871c2f),
-# (0x45f5a660, 0x17b2d387, 0x300d4d33, 0x640a820a),
-# (0x7ccff71c, 0xbeb4fe54, 0x13e6bbf0, 0xd261a7df),
-# (0xf01afafe, 0xe7a82979, 0xd7a5644a, 0xb3afe640),
-# (0x2541fe71, 0x9bf50025, 0x8813bbd5, 0x5a721c0a),
-# (0x4e5a6699, 0xa9f24fe0, 0x7e572baa, 0xcdf8cdea),
-# (0x24fc79cc, 0xbf0979e9, 0x371ac23c, 0x6d68de36))
-#
-# print("*** Test of 128 bit keys: ***")
-# test_key(key128_1, exp128_1)
-# test_key(key128_2, exp128_2)
-# test_key(key128_3, exp128_3)
-# test_key(key128_4, exp128_4)
-# print("")
-#
-# print("*** Test of 192 bit keys: ***")
-# test_key(key192_1, exp192_1)
-# test_key(key192_2, exp192_2)
-# test_key(key192_3, exp192_3)
-# print("")
-#
-# print("*** Test of 256 bit keys: ***")
-# test_key(key256_1, exp256_1)
-# test_key(key256_2, exp256_2)
-# test_key(key256_3, exp256_3)
-# print("")
-
-
-#-------------------------------------------------------------------
-# main()
-#
-# If executed tests the ChaCha class using known test vectors.
-#-------------------------------------------------------------------
-def main():
- print("Testing the AES key generation")
- print("==============================")
- print
-
- test_key_expansion()
-
-
-#-------------------------------------------------------------------
-# __name__
-# Python thingy which allows the file to be run standalone as
-# well as parsed from within a Python interpreter.
-#-------------------------------------------------------------------
-if __name__=="__main__":
- # Run the main function.
- sys.exit(main())
-
-#=======================================================================
-# EOF aes_key_gen.py
-#=======================================================================
diff --git a/src/rtl/aes.v b/src/rtl/aes.v
index 4f668bc..492ba56 100644
--- a/src/rtl/aes.v
+++ b/src/rtl/aes.v
@@ -107,10 +107,6 @@ module aes(
reg [31 : 0] key_reg [0 : 7];
reg key_we;
- reg [127 : 0] result_reg;
- reg valid_reg;
- reg ready_reg;
-
//----------------------------------------------------------------
// Wires.
@@ -189,16 +185,9 @@ module aes(
next_reg <= 1'b0;
encdec_reg <= 1'b0;
keylen_reg <= 1'b0;
-
- result_reg <= 128'h0;
- valid_reg <= 1'b0;
- ready_reg <= 1'b0;
end
else
begin
- ready_reg <= core_ready;
- valid_reg <= core_valid;
- result_reg <= core_result;
init_reg <= init_new;
next_reg <= next_new;
@@ -239,10 +228,10 @@ module aes(
if (core_ready)
begin
if (address == ADDR_CTRL)
- begin
- init_new = write_data[CTRL_INIT_BIT];
- next_new = write_data[CTRL_NEXT_BIT];
- end
+ begin
+ init_new = write_data[CTRL_INIT_BIT];
+ next_new = write_data[CTRL_NEXT_BIT];
+ end
if (address == ADDR_CONFIG)
config_we = 1'b1;
@@ -262,7 +251,7 @@ module aes(
ADDR_NAME1: tmp_read_data = CORE_NAME1;
ADDR_VERSION: tmp_read_data = CORE_VERSION;
ADDR_CTRL: tmp_read_data = {28'h0, keylen_reg, encdec_reg, next_reg, init_reg};
- ADDR_STATUS: tmp_read_data = {30'h0, valid_reg, ready_reg};
+ ADDR_STATUS: tmp_read_data = {30'h0, core_valid, core_ready};
default:
begin
@@ -271,7 +260,7 @@ module aes(
if ((address >= ADDR_RESULT0) && (address <= ADDR_RESULT3))
if (core_ready)
- tmp_read_data = result_reg[(3 - (address - ADDR_RESULT0)) * 32 +: 32];
+ tmp_read_data = core_result[(3 - (address - ADDR_RESULT0)) * 32 +: 32];
end
end
end // addr_decoder
diff --git a/src/rtl/aes_core.v b/src/rtl/aes_core.v
index 5196a1f..518b20f 100644
--- a/src/rtl/aes_core.v
+++ b/src/rtl/aes_core.v
@@ -85,8 +85,6 @@ module aes_core(
//----------------------------------------------------------------
// Wires.
//----------------------------------------------------------------
- reg init_state;
-
wire [127 : 0] round_key;
wire key_ready;
@@ -94,7 +92,6 @@ module aes_core(
wire [3 : 0] enc_round_nr;
wire [127 : 0] enc_new_block;
wire enc_ready;
- wire [31 : 0] enc_sboxw;
reg dec_next;
wire [3 : 0] dec_round_nr;
@@ -105,11 +102,6 @@ module aes_core(
reg [3 : 0] muxed_round_nr;
reg muxed_ready;
- wire [31 : 0] keymem_sboxw;
-
- reg [31 : 0] muxed_sboxw;
- wire [31 : 0] new_sboxw;
-
//----------------------------------------------------------------
// Instantiations.
@@ -124,9 +116,6 @@ module aes_core(
.round(enc_round_nr),
.round_key(round_key),
- .sboxw(enc_sboxw),
- .new_sboxw(new_sboxw),
-
.block(block),
.new_block(enc_new_block),
.ready(enc_ready)
@@ -159,15 +148,10 @@ module aes_core(
.round(muxed_round_nr),
.round_key(round_key),
- .ready(key_ready),
-
- .sboxw(keymem_sboxw),
- .new_sboxw(new_sboxw)
+ .ready(key_ready)
);
- aes_sbox sbox_inst(.sboxw(muxed_sboxw), .new_sboxw(new_sboxw));
-
//----------------------------------------------------------------
// Concurrent connectivity for ports etc.
@@ -207,25 +191,6 @@ module aes_core(
//----------------------------------------------------------------
- // sbox_mux
- //
- // Controls which of the encipher datapath or the key memory
- // that gets access to the sbox.
- //----------------------------------------------------------------
- always @*
- begin : sbox_mux
- if (init_state)
- begin
- muxed_sboxw = keymem_sboxw;
- end
- else
- begin
- muxed_sboxw = enc_sboxw;
- end
- end // sbox_mux
-
-
- //----------------------------------------------------------------
// encdex_mux
//
// Controls which of the datapaths that get the next signal, have
@@ -264,7 +229,6 @@ module aes_core(
//----------------------------------------------------------------
always @*
begin : aes_core_ctrl
- init_state = 1'b0;
ready_new = 1'b0;
ready_we = 1'b0;
result_valid_new = 1'b0;
@@ -277,7 +241,6 @@ module aes_core(
begin
if (init)
begin
- init_state = 1'b1;
ready_new = 1'b0;
ready_we = 1'b1;
result_valid_new = 1'b0;
@@ -287,7 +250,6 @@ module aes_core(
end
else if (next)
begin
- init_state = 1'b0;
ready_new = 1'b0;
ready_we = 1'b1;
result_valid_new = 1'b0;
@@ -299,8 +261,6 @@ module aes_core(
CTRL_INIT:
begin
- init_state = 1'b1;
-
if (key_ready)
begin
ready_new = 1'b1;
@@ -312,8 +272,6 @@ module aes_core(
CTRL_NEXT:
begin
- init_state = 1'b0;
-
if (muxed_ready)
begin
ready_new = 1'b1;
@@ -327,7 +285,6 @@ module aes_core(
default:
begin
-
end
endcase // case (aes_core_ctrl_reg)
diff --git a/src/rtl/aes_decipher_block.v b/src/rtl/aes_decipher_block.v
index 82bdffb..b62065c 100644
--- a/src/rtl/aes_decipher_block.v
+++ b/src/rtl/aes_decipher_block.v
@@ -64,17 +64,14 @@ module aes_decipher_block(
localparam AES128_ROUNDS = 4'ha;
localparam AES256_ROUNDS = 4'he;
- localparam NO_UPDATE = 3'h0;
- localparam INIT_UPDATE = 3'h1;
- localparam SBOX_UPDATE = 3'h2;
- localparam MAIN_UPDATE = 3'h3;
- localparam FINAL_UPDATE = 3'h4;
+ localparam NO_UPDATE = 2'h0;
+ localparam INIT_UPDATE = 2'h1;
+ localparam MAIN_UPDATE = 2'h2;
+ localparam FINAL_UPDATE = 2'h3;
- localparam CTRL_IDLE = 3'h0;
- localparam CTRL_INIT = 3'h1;
- localparam CTRL_SBOX = 3'h2;
- localparam CTRL_MAIN = 3'h3;
- localparam CTRL_FINAL = 3'h4;
+ localparam CTRL_IDLE = 2'h0;
+ localparam CTRL_INIT = 2'h1;
+ localparam CTRL_MAIN = 2'h2;
//----------------------------------------------------------------
@@ -192,11 +189,9 @@ module aes_decipher_block(
//----------------------------------------------------------------
// Registers including update variables and write enable.
//----------------------------------------------------------------
- reg [1 : 0] sword_ctr_reg;
- reg [1 : 0] sword_ctr_new;
- reg sword_ctr_we;
- reg sword_ctr_inc;
- reg sword_ctr_rst;
+ reg [127 : 0] block_reg;
+ reg [127 : 0] block_new;
+ reg block_we;
reg [3 : 0] round_ctr_reg;
reg [3 : 0] round_ctr_new;
@@ -204,44 +199,43 @@ module aes_decipher_block(
reg round_ctr_set;
reg round_ctr_dec;
- reg [127 : 0] block_new;
- reg [31 : 0] block_w0_reg;
- reg [31 : 0] block_w1_reg;
- reg [31 : 0] block_w2_reg;
- reg [31 : 0] block_w3_reg;
- reg block_w0_we;
- reg block_w1_we;
- reg block_w2_we;
- reg block_w3_we;
-
reg ready_reg;
reg ready_new;
reg ready_we;
- reg [2 : 0] dec_ctrl_reg;
- reg [2 : 0] dec_ctrl_new;
+ reg [1 : 0] dec_ctrl_reg;
+ reg [1 : 0] dec_ctrl_new;
reg dec_ctrl_we;
//----------------------------------------------------------------
// Wires.
//----------------------------------------------------------------
- reg [31 : 0] tmp_sboxw;
- wire [31 : 0] new_sboxw;
- reg [2 : 0] update_type;
+ reg [31 : 0] sboxw0;
+ reg [31 : 0] sboxw1;
+ reg [31 : 0] sboxw2;
+ reg [31 : 0] sboxw3;
+ wire [31 : 0] new_sboxw0;
+ wire [31 : 0] new_sboxw1;
+ wire [31 : 0] new_sboxw2;
+ wire [31 : 0] new_sboxw3;
+ reg [1 : 0] update_type;
//----------------------------------------------------------------
- // Instantiations.
+ // Inverse S-boxes.
//----------------------------------------------------------------
- aes_inv_sbox inv_sbox_inst(.sword(tmp_sboxw), .new_sword(new_sboxw));
+ aes_inv_sbox inv_sbox_inst0(.sword(sboxw0), .new_sword(new_sboxw0));
+ aes_inv_sbox inv_sbox_inst1(.sword(sboxw1), .new_sword(new_sboxw1));
+ aes_inv_sbox inv_sbox_inst2(.sword(sboxw2), .new_sword(new_sboxw2));
+ aes_inv_sbox inv_sbox_inst3(.sword(sboxw3), .new_sword(new_sboxw3));
//----------------------------------------------------------------
// Concurrent connectivity for ports etc.
//----------------------------------------------------------------
+ assign new_block = block_reg;
assign round = round_ctr_reg;
- assign new_block = {block_w0_reg, block_w1_reg, block_w2_reg, block_w3_reg};
assign ready = ready_reg;
@@ -256,31 +250,15 @@ module aes_decipher_block(
begin: reg_update
if (!reset_n)
begin
- block_w0_reg <= 32'h0;
- block_w1_reg <= 32'h0;
- block_w2_reg <= 32'h0;
- block_w3_reg <= 32'h0;
- sword_ctr_reg <= 2'h0;
+ block_reg <= 128'h0;
round_ctr_reg <= 4'h0;
ready_reg <= 1'b1;
dec_ctrl_reg <= CTRL_IDLE;
end
else
begin
- if (block_w0_we)
- block_w0_reg <= block_new[127 : 096];
-
- if (block_w1_we)
- block_w1_reg <= block_new[095 : 064];
-
- if (block_w2_we)
- block_w2_reg <= block_new[063 : 032];
-
- if (block_w3_we)
- block_w3_reg <= block_new[031 : 000];
-
- if (sword_ctr_we)
- sword_ctr_reg <= sword_ctr_new;
+ if (block_we)
+ block_reg <= block_new;
if (round_ctr_we)
round_ctr_reg <= round_ctr_new;
@@ -301,86 +279,43 @@ module aes_decipher_block(
//----------------------------------------------------------------
always @*
begin : round_logic
- reg [127 : 0] old_block, inv_shiftrows_block, inv_mixcolumns_block;
+ reg [127 : 0] subbytes_block, inv_shiftrows_block, inv_mixcolumns_block;
reg [127 : 0] addkey_block;
inv_shiftrows_block = 128'h0;
inv_mixcolumns_block = 128'h0;
addkey_block = 128'h0;
block_new = 128'h0;
- tmp_sboxw = 32'h0;
- block_w0_we = 1'b0;
- block_w1_we = 1'b0;
- block_w2_we = 1'b0;
- block_w3_we = 1'b0;
+ block_we = 1'b0;
- old_block = {block_w0_reg, block_w1_reg, block_w2_reg, block_w3_reg};
+ sboxw0 = block_reg[127 : 96];
+ sboxw1 = block_reg[95 : 64];
+ sboxw2 = block_reg[63 : 32];
+ sboxw3 = block_reg[31 : 0];
+ subbytes_block = {new_sboxw0, new_sboxw1, new_sboxw2, new_sboxw3};
- // Update based on update type.
case (update_type)
- // InitRound
INIT_UPDATE:
begin
- old_block = block;
- addkey_block = addroundkey(old_block, round_key);
+ addkey_block = addroundkey(block, round_key);
inv_shiftrows_block = inv_shiftrows(addkey_block);
block_new = inv_shiftrows_block;
- block_w0_we = 1'b1;
- block_w1_we = 1'b1;
- block_w2_we = 1'b1;
- block_w3_we = 1'b1;
- end
-
- SBOX_UPDATE:
- begin
- block_new = {new_sboxw, new_sboxw, new_sboxw, new_sboxw};
-
- case (sword_ctr_reg)
- 2'h0:
- begin
- tmp_sboxw = block_w0_reg;
- block_w0_we = 1'b1;
- end
-
- 2'h1:
- begin
- tmp_sboxw = block_w1_reg;
- block_w1_we = 1'b1;
- end
-
- 2'h2:
- begin
- tmp_sboxw = block_w2_reg;
- block_w2_we = 1'b1;
- end
-
- 2'h3:
- begin
- tmp_sboxw = block_w3_reg;
- block_w3_we = 1'b1;
- end
- endcase // case (sbox_mux_ctrl_reg)
+ block_we = 1'b1;
end
MAIN_UPDATE:
begin
- addkey_block = addroundkey(old_block, round_key);
+ addkey_block = addroundkey(subbytes_block, round_key);
inv_mixcolumns_block = inv_mixcolumns(addkey_block);
inv_shiftrows_block = inv_shiftrows(inv_mixcolumns_block);
block_new = inv_shiftrows_block;
- block_w0_we = 1'b1;
- block_w1_we = 1'b1;
- block_w2_we = 1'b1;
- block_w3_we = 1'b1;
+ block_we = 1'b1;
end
FINAL_UPDATE:
begin
- block_new = addroundkey(old_block, round_key);
- block_w0_we = 1'b1;
- block_w1_we = 1'b1;
- block_w2_we = 1'b1;
- block_w3_we = 1'b1;
+ block_new = addroundkey(subbytes_block, round_key);
+ block_we = 1'b1;
end
default:
@@ -391,29 +326,6 @@ module aes_decipher_block(
//----------------------------------------------------------------
- // sword_ctr
- //
- // The subbytes word counter with reset and increase logic.
- //----------------------------------------------------------------
- always @*
- begin : sword_ctr
- sword_ctr_new = 2'h0;
- sword_ctr_we = 1'b0;
-
- if (sword_ctr_rst)
- begin
- sword_ctr_new = 2'h0;
- sword_ctr_we = 1'b1;
- end
- else if (sword_ctr_inc)
- begin
- sword_ctr_new = sword_ctr_reg + 1'b1;
- sword_ctr_we = 1'b1;
- end
- end // sword_ctr
-
-
- //----------------------------------------------------------------
// round_ctr
//
// The round counter with reset and increase logic.
@@ -450,8 +362,6 @@ module aes_decipher_block(
//----------------------------------------------------------------
always @*
begin: decipher_ctrl
- sword_ctr_inc = 1'b0;
- sword_ctr_rst = 1'b0;
round_ctr_dec = 1'b0;
round_ctr_set = 1'b0;
ready_new = 1'b0;
@@ -475,32 +385,18 @@ module aes_decipher_block(
CTRL_INIT:
begin
- sword_ctr_rst = 1'b1;
+ round_ctr_dec = 1'b1;
update_type = INIT_UPDATE;
- dec_ctrl_new = CTRL_SBOX;
+ dec_ctrl_new = CTRL_MAIN;
dec_ctrl_we = 1'b1;
end
- CTRL_SBOX:
- begin
- sword_ctr_inc = 1'b1;
- update_type = SBOX_UPDATE;
- if (sword_ctr_reg == 2'h3)
- begin
- round_ctr_dec = 1'b1;
- dec_ctrl_new = CTRL_MAIN;
- dec_ctrl_we = 1'b1;
- end
- end
-
CTRL_MAIN:
begin
- sword_ctr_rst = 1'b1;
if (round_ctr_reg > 0)
begin
+ round_ctr_dec = 1'b1;
update_type = MAIN_UPDATE;
- dec_ctrl_new = CTRL_SBOX;
- dec_ctrl_we = 1'b1;
end
else
begin
diff --git a/src/rtl/aes_encipher_block.v b/src/rtl/aes_encipher_block.v
index 094653a..f98d755 100644
--- a/src/rtl/aes_encipher_block.v
+++ b/src/rtl/aes_encipher_block.v
@@ -49,9 +49,6 @@ module aes_encipher_block(
output wire [3 : 0] round,
input wire [127 : 0] round_key,
- output wire [31 : 0] sboxw,
- input wire [31 : 0] new_sboxw,
-
input wire [127 : 0] block,
output wire [127 : 0] new_block,
output wire ready
@@ -67,17 +64,14 @@ module aes_encipher_block(
localparam AES128_ROUNDS = 4'ha;
localparam AES256_ROUNDS = 4'he;
- localparam NO_UPDATE = 3'h0;
- localparam INIT_UPDATE = 3'h1;
- localparam SBOX_UPDATE = 3'h2;
- localparam MAIN_UPDATE = 3'h3;
- localparam FINAL_UPDATE = 3'h4;
+ localparam NO_UPDATE = 2'h0;
+ localparam INIT_UPDATE = 2'h1;
+ localparam MAIN_UPDATE = 2'h2;
+ localparam FINAL_UPDATE = 2'h3;
- localparam CTRL_IDLE = 3'h0;
- localparam CTRL_INIT = 3'h1;
- localparam CTRL_SBOX = 3'h2;
- localparam CTRL_MAIN = 3'h3;
- localparam CTRL_FINAL = 3'h4;
+ localparam CTRL_IDLE = 2'h0;
+ localparam CTRL_INIT = 2'h1;
+ localparam CTRL_MAIN = 2'h2;
//----------------------------------------------------------------
@@ -159,11 +153,9 @@ module aes_encipher_block(
//----------------------------------------------------------------
// Registers including update variables and write enable.
//----------------------------------------------------------------
- reg [1 : 0] sword_ctr_reg;
- reg [1 : 0] sword_ctr_new;
- reg sword_ctr_we;
- reg sword_ctr_inc;
- reg sword_ctr_rst;
+ reg [127 : 0] block_reg;
+ reg [127 : 0] block_new;
+ reg block_we;
reg [3 : 0] round_ctr_reg;
reg [3 : 0] round_ctr_new;
@@ -171,42 +163,48 @@ module aes_encipher_block(
reg round_ctr_rst;
reg round_ctr_inc;
- reg [127 : 0] block_new;
- reg [31 : 0] block_w0_reg;
- reg [31 : 0] block_w1_reg;
- reg [31 : 0] block_w2_reg;
- reg [31 : 0] block_w3_reg;
- reg block_w0_we;
- reg block_w1_we;
- reg block_w2_we;
- reg block_w3_we;
-
reg ready_reg;
reg ready_new;
reg ready_we;
- reg [2 : 0] enc_ctrl_reg;
- reg [2 : 0] enc_ctrl_new;
+ reg [1 : 0] enc_ctrl_reg;
+ reg [1 : 0] enc_ctrl_new;
reg enc_ctrl_we;
//----------------------------------------------------------------
// Wires.
//----------------------------------------------------------------
- reg [2 : 0] update_type;
- reg [31 : 0] muxed_sboxw;
+ reg [1 : 0] update_type;
+
+ reg [31 : 0] sboxw0;
+ reg [31 : 0] sboxw1;
+ reg [31 : 0] sboxw2;
+ reg [31 : 0] sboxw3;
+ wire [31 : 0] new_sboxw0;
+ wire [31 : 0] new_sboxw1;
+ wire [31 : 0] new_sboxw2;
+ wire [31 : 0] new_sboxw3;
//----------------------------------------------------------------
// Concurrent connectivity for ports etc.
//----------------------------------------------------------------
+ assign new_block = block_reg;
assign round = round_ctr_reg;
- assign sboxw = muxed_sboxw;
- assign new_block = {block_w0_reg, block_w1_reg, block_w2_reg, block_w3_reg};
assign ready = ready_reg;
//----------------------------------------------------------------
+ // Sboxes
+ //----------------------------------------------------------------
+ aes_sbox sbox_inst0(.sboxw(sboxw0), .new_sboxw(new_sboxw0));
+ aes_sbox sbox_inst1(.sboxw(sboxw1), .new_sboxw(new_sboxw1));
+ aes_sbox sbox_inst2(.sboxw(sboxw2), .new_sboxw(new_sboxw2));
+ aes_sbox sbox_inst3(.sboxw(sboxw3), .new_sboxw(new_sboxw3));
+
+
+ //----------------------------------------------------------------
// reg_update
//
// Update functionality for all registers in the core.
@@ -217,31 +215,15 @@ module aes_encipher_block(
begin: reg_update
if (!reset_n)
begin
- block_w0_reg <= 32'h0;
- block_w1_reg <= 32'h0;
- block_w2_reg <= 32'h0;
- block_w3_reg <= 32'h0;
- sword_ctr_reg <= 2'h0;
+ block_reg <= 128'h0;
round_ctr_reg <= 4'h0;
ready_reg <= 1'b1;
enc_ctrl_reg <= CTRL_IDLE;
end
else
begin
- if (block_w0_we)
- block_w0_reg <= block_new[127 : 096];
-
- if (block_w1_we)
- block_w1_reg <= block_new[095 : 064];
-
- if (block_w2_we)
- block_w2_reg <= block_new[063 : 032];
-
- if (block_w3_we)
- block_w3_reg <= block_new[031 : 000];
-
- if (sword_ctr_we)
- sword_ctr_reg <= sword_ctr_new;
+ if (block_we)
+ block_reg <= block_new;
if (round_ctr_we)
round_ctr_reg <= round_ctr_new;
@@ -262,18 +244,19 @@ module aes_encipher_block(
//----------------------------------------------------------------
always @*
begin : round_logic
- reg [127 : 0] old_block, shiftrows_block, mixcolumns_block;
+ reg [127 : 0] subbytes_block, shiftrows_block, mixcolumns_block;
reg [127 : 0] addkey_init_block, addkey_main_block, addkey_final_block;
- block_new = 128'h0;
- muxed_sboxw = 32'h0;
- block_w0_we = 1'b0;
- block_w1_we = 1'b0;
- block_w2_we = 1'b0;
- block_w3_we = 1'b0;
+ block_new = 128'h0;
+ block_we = 1'b0;
- old_block = {block_w0_reg, block_w1_reg, block_w2_reg, block_w3_reg};
- shiftrows_block = shiftrows(old_block);
+ sboxw0 = block_reg[127 : 96];
+ sboxw1 = block_reg[95 : 64];
+ sboxw2 = block_reg[63 : 32];
+ sboxw3 = block_reg[31 : 0];
+
+ subbytes_block = {new_sboxw0, new_sboxw1, new_sboxw2, new_sboxw3};
+ shiftrows_block = shiftrows(subbytes_block);
mixcolumns_block = mixcolumns(shiftrows_block);
addkey_init_block = addroundkey(block, round_key);
addkey_main_block = addroundkey(mixcolumns_block, round_key);
@@ -282,60 +265,20 @@ module aes_encipher_block(
case (update_type)
INIT_UPDATE:
begin
- block_new = addkey_init_block;
- block_w0_we = 1'b1;
- block_w1_we = 1'b1;
- block_w2_we = 1'b1;
- block_w3_we = 1'b1;
- end
-
- SBOX_UPDATE:
- begin
- block_new = {new_sboxw, new_sboxw, new_sboxw, new_sboxw};
-
- case (sword_ctr_reg)
- 2'h0:
- begin
- muxed_sboxw = block_w0_reg;
- block_w0_we = 1'b1;
- end
-
- 2'h1:
- begin
- muxed_sboxw = block_w1_reg;
- block_w1_we = 1'b1;
- end
-
- 2'h2:
- begin
- muxed_sboxw = block_w2_reg;
- block_w2_we = 1'b1;
- end
-
- 2'h3:
- begin
- muxed_sboxw = block_w3_reg;
- block_w3_we = 1'b1;
- end
- endcase // case (sbox_mux_ctrl_reg)
+ block_new = addkey_init_block;
+ block_we = 1'b1;
end
MAIN_UPDATE:
begin
- block_new = addkey_main_block;
- block_w0_we = 1'b1;
- block_w1_we = 1'b1;
- block_w2_we = 1'b1;
- block_w3_we = 1'b1;
+ block_new = addkey_main_block;
+ block_we = 1'b1;
end
FINAL_UPDATE:
begin
- block_new = addkey_final_block;
- block_w0_we = 1'b1;
- block_w1_we = 1'b1;
- block_w2_we = 1'b1;
- block_w3_we = 1'b1;
+ block_new = addkey_final_block;
+ block_we = 1'b1;
end
default:
@@ -346,29 +289,6 @@ module aes_encipher_block(
//----------------------------------------------------------------
- // sword_ctr
- //
- // The subbytes word counter with reset and increase logic.
- //----------------------------------------------------------------
- always @*
- begin : sword_ctr
- sword_ctr_new = 2'h0;
- sword_ctr_we = 1'b0;
-
- if (sword_ctr_rst)
- begin
- sword_ctr_new = 2'h0;
- sword_ctr_we = 1'b1;
- end
- else if (sword_ctr_inc)
- begin
- sword_ctr_new = sword_ctr_reg + 1'b1;
- sword_ctr_we = 1'b1;
- end
- end // sword_ctr
-
-
- //----------------------------------------------------------------
// round_ctr
//
// The round counter with reset and increase logic.
@@ -401,16 +321,10 @@ module aes_encipher_block(
reg [3 : 0] num_rounds;
if (keylen == AES_256_BIT_KEY)
- begin
- num_rounds = AES256_ROUNDS;
- end
+ num_rounds = AES256_ROUNDS;
else
- begin
- num_rounds = AES128_ROUNDS;
- end
+ num_rounds = AES128_ROUNDS;
- sword_ctr_inc = 1'b0;
- sword_ctr_rst = 1'b0;
round_ctr_inc = 1'b0;
round_ctr_rst = 1'b0;
ready_new = 1'b0;
@@ -435,32 +349,17 @@ module aes_encipher_block(
CTRL_INIT:
begin
round_ctr_inc = 1'b1;
- sword_ctr_rst = 1'b1;
update_type = INIT_UPDATE;
- enc_ctrl_new = CTRL_SBOX;
+ enc_ctrl_new = CTRL_MAIN;
enc_ctrl_we = 1'b1;
end
- CTRL_SBOX:
- begin
- sword_ctr_inc = 1'b1;
- update_type = SBOX_UPDATE;
- if (sword_ctr_reg == 2'h3)
- begin
- enc_ctrl_new = CTRL_MAIN;
- enc_ctrl_we = 1'b1;
- end
- end
-
CTRL_MAIN:
begin
- sword_ctr_rst = 1'b1;
round_ctr_inc = 1'b1;
if (round_ctr_reg < num_rounds)
begin
update_type = MAIN_UPDATE;
- enc_ctrl_new = CTRL_SBOX;
- enc_ctrl_we = 1'b1;
end
else
begin
diff --git a/src/rtl/aes_key_mem.v b/src/rtl/aes_key_mem.v
index f57d4dd..07e338f 100644
--- a/src/rtl/aes_key_mem.v
+++ b/src/rtl/aes_key_mem.v
@@ -47,11 +47,7 @@ module aes_key_mem(
input wire [3 : 0] round,
output wire [127 : 0] round_key,
- output wire ready,
-
-
- output wire [31 : 0] sboxw,
- input wire [31 : 0] new_sboxw
+ output wire ready
);
@@ -109,7 +105,8 @@ module aes_key_mem(
//----------------------------------------------------------------
// Wires.
//----------------------------------------------------------------
- reg [31 : 0] tmp_sboxw;
+ reg [31 : 0] sboxw;
+ wire [31 : 0] new_sboxw;
reg round_key_update;
reg [3 : 0] num_rounds;
@@ -122,7 +119,12 @@ module aes_key_mem(
//----------------------------------------------------------------
assign round_key = tmp_round_key;
assign ready = ready_reg;
- assign sboxw = tmp_sboxw;
+
+
+ //----------------------------------------------------------------
+ // S-box for key expansion.
+ //----------------------------------------------------------------
+ aes_sbox sbox_inst(.sboxw(sboxw), .new_sboxw(new_sboxw));
//----------------------------------------------------------------
@@ -141,11 +143,11 @@ module aes_key_mem(
for (i = 0 ; i < 15 ; i = i + 1)
key_mem [i] <= 128'h0;
- prev_key0_reg <= 128'h0;
- prev_key1_reg <= 128'h0;
rcon_reg <= 8'h0;
ready_reg <= 1'b0;
round_ctr_reg <= 4'h0;
+ prev_key0_reg <= 128'h0;
+ prev_key1_reg <= 128'h0;
key_mem_ctrl_reg <= CTRL_IDLE;
end
else
@@ -225,7 +227,7 @@ module aes_key_mem(
w7 = prev_key1_reg[031 : 000];
rconw = {rcon_reg, 24'h0};
- tmp_sboxw = w7;
+ sboxw = w7;
rotstw = {new_sboxw[23 : 00], new_sboxw[31 : 24]};
trw = rotstw ^ rconw;
tw = new_sboxw;
diff --git a/src/tb/tb_aes.v b/src/tb/tb_aes.v
index 6561b4d..84be6a8 100644
--- a/src/tb/tb_aes.v
+++ b/src/tb/tb_aes.v
@@ -429,11 +429,64 @@ module tb_aes();
//----------------------------------------------------------------
- // nist_fips_tests()
+ // single_block_mangle_test()
//
- // Perform tests based on NIST FIPS-197 test vectors.
+ // Perform single block test, but try to mangle the operation
+ // by changing from encryption to decryption mid-processing.
+ // This should cause errors unless changes to config during
+ // processing.
+ //----------------------------------------------------------------
+ task single_block_mangle_test(input [7 : 0] tc_number,
+ input [255 : 0] key,
+ input [127 : 0] block,
+ input [127 : 0] expected);
+ begin
+ $display("*** TC %0d mangle test started.", tc_number);
+ tc_ctr = tc_ctr + 1;
+
+ init_key(key, AES_128_BIT_KEY);
+ write_block(block);
+ dump_dut_state();
+
+ // Set that we want to encipher and start processing.
+ $display("*** Staring encipher operation");
+ write_word(ADDR_CONFIG, (8'h00 + (AES_128_BIT_KEY << 1) + AES_ENCIPHER));
+ write_word(ADDR_CTRL, 8'h02);
+
+ // Wait a number of cycles and then switch from encipher to decipher.
+ #(10 * CLK_PERIOD);
+ $display("*** Switching to decipher operation");
+ write_word(ADDR_CONFIG, (8'h00 + (AES_128_BIT_KEY << 1) + AES_DECIPHER));
+
+ wait_ready();
+ $display("*** Ready has been set!");
+ dump_dut_state();
+ read_result();
+
+ if (result_data == expected)
+ begin
+ $display("*** TC %0d successful.", tc_number);
+ $display("");
+ end
+ else
+ begin
+ $display("*** ERROR: TC %0d NOT successful.", tc_number);
+ $display("Expected: 0x%032x", expected);
+ $display("Got: 0x%032x", result_data);
+ $display("");
+
+ error_ctr = error_ctr + 1;
+ end
+ end
+ endtask // ecb_mode_single_block_test
+
+
//----------------------------------------------------------------
- task nist_fips_tests;
+ // aes_test()
+ //
+ // Main test task will perform complete NIST test of AES.
+ //----------------------------------------------------------------
+ task aes_test;
reg [255 : 0] nist_aes128_key;
reg [255 : 0] nist_aes256_key;
@@ -472,8 +525,8 @@ module tb_aes();
nist_ecb_256_enc_expected3 = 128'h23304b7a39f9f3ff067d8d8f9e24ecc7;
- $display("NIST FIPS ECB 128 bit key tests");
- $display("-------------------------------");
+ $display("ECB 128 bit key tests");
+ $display("---------------------");
ecb_mode_single_block_test(8'h01, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
nist_plaintext0, nist_ecb_128_enc_expected0);
@@ -501,8 +554,8 @@ module tb_aes();
$display("");
- $display("NIST FIPS ECB 256 bit key tests");
- $display("-------------------------------");
+ $display("ECB 256 bit key tests");
+ $display("---------------------");
ecb_mode_single_block_test(8'h10, AES_ENCIPHER, nist_aes256_key, AES_256_BIT_KEY,
nist_plaintext0, nist_ecb_256_enc_expected0);
@@ -527,34 +580,14 @@ module tb_aes();
ecb_mode_single_block_test(8'h17, AES_DECIPHER, nist_aes256_key, AES_256_BIT_KEY,
nist_ecb_256_enc_expected3, nist_plaintext3);
- end
- endtask // aes_test
-
- //----------------------------------------------------------------
- // nist_kwp_test()
- //
- // Test that we can perform operations based on NIST KWP
- // AE 128 test vectors.
- //----------------------------------------------------------------
- task nist_kwp_test;
- reg [255 : 0] kwp_key;
- reg [127 : 0] kwp_plaintext;
- reg [127 : 0] kwp_expected;
- begin
- kwp_key = 256'hc03db3cc1416dcd1c069a195a8d77e3d00000000000000000000000000000000;
- kwp_plaintext = 128'ha65959a60000001f46f87f58cdda4200;
- kwp_expected = 128'hd1bac797ff82fa4bde9f7490729fd0a7;
-
- $display("");
- $display("NIST KWP AE 128 bit test");
-
- ecb_mode_single_block_test(8'h18, AES_ENCIPHER, kwp_key, AES_128_BIT_KEY,
- kwp_plaintext, kwp_expected);
+ $display("Block processing mangling test");
+ $display("------------------------------");
+ single_block_mangle_test(8'h18, nist_aes128_key, nist_plaintext0,
+ nist_ecb_128_enc_expected0);
end
- endtask // nist_kwp_test
-
+ endtask // aes_test
//----------------------------------------------------------------
@@ -573,8 +606,7 @@ module tb_aes();
reset_dut();
dump_dut_state();
- nist_fips_tests();
- nist_kwp_test();
+ aes_test();
display_test_results();
diff --git a/src/tb/tb_aes_core.v b/src/tb/tb_aes_core.v
index d7c424c..d36d0bc 100644
--- a/src/tb/tb_aes_core.v
+++ b/src/tb/tb_aes_core.v
@@ -339,8 +339,15 @@ module tb_aes_core();
endtask // ecb_mode_single_block_test
- task nist_fips_tests;
- begin : fips_tests
+ //----------------------------------------------------------------
+ // aes_core_test
+ // The main test functionality.
+ //
+ // Test cases taken from NIST SP 800-38A:
+ // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+ //----------------------------------------------------------------
+ initial
+ begin : aes_core_test
reg [255 : 0] nist_aes128_key;
reg [255 : 0] nist_aes256_key;
@@ -378,19 +385,29 @@ module tb_aes_core();
nist_ecb_256_enc_expected3 = 128'h23304b7a39f9f3ff067d8d8f9e24ecc7;
- $display("NIST FIPS ECB 128 bit key tests");
- $display("-------------------------------");
+ $display(" -= Testbench for aes core started =-");
+ $display(" ================================");
+ $display("");
+
+ init_sim();
+ dump_dut_state();
+ reset_dut();
+ dump_dut_state();
+
+
+ $display("ECB 128 bit key tests");
+ $display("---------------------");
ecb_mode_single_block_test(8'h01, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
nist_plaintext0, nist_ecb_128_enc_expected0);
- ecb_mode_single_block_test(8'h02, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
- nist_plaintext1, nist_ecb_128_enc_expected1);
+ ecb_mode_single_block_test(8'h02, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
+ nist_plaintext1, nist_ecb_128_enc_expected1);
- ecb_mode_single_block_test(8'h03, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
- nist_plaintext2, nist_ecb_128_enc_expected2);
+ ecb_mode_single_block_test(8'h03, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
+ nist_plaintext2, nist_ecb_128_enc_expected2);
- ecb_mode_single_block_test(8'h04, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
- nist_plaintext3, nist_ecb_128_enc_expected3);
+ ecb_mode_single_block_test(8'h04, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
+ nist_plaintext3, nist_ecb_128_enc_expected3);
ecb_mode_single_block_test(8'h05, AES_DECIPHER, nist_aes128_key, AES_128_BIT_KEY,
@@ -407,8 +424,8 @@ module tb_aes_core();
$display("");
- $display("NIST FIPS ECB 256 bit key tests");
- $display("-------------------------------");
+ $display("ECB 256 bit key tests");
+ $display("---------------------");
ecb_mode_single_block_test(8'h10, AES_ENCIPHER, nist_aes256_key, AES_256_BIT_KEY,
nist_plaintext0, nist_ecb_256_enc_expected0);
@@ -433,55 +450,7 @@ module tb_aes_core();
ecb_mode_single_block_test(8'h17, AES_DECIPHER, nist_aes256_key, AES_256_BIT_KEY,
nist_ecb_256_enc_expected3, nist_plaintext3);
- end
- endtask // nist_fips_tests
-
-
- //----------------------------------------------------------------
- // nist_kwp_test()
- //
- // Test that we can perform operations based on NIST KWP
- // AE 128 test vectors.
- //----------------------------------------------------------------
- task nist_kwp_test;
- reg [255 : 0] kwp_key;
- reg [127 : 0] kwp_plaintext;
- reg [127 : 0] kwp_expected;
-
- begin
- kwp_key = 256'hc03db3cc1416dcd1c069a195a8d77e3d00000000000000000000000000000000;
- kwp_plaintext = 128'ha65959a60000001f46f87f58cdda4200;
- kwp_expected = 128'hd1bac797ff82fa4bde9f7490729fd0a7;
-
- $display("");
- $display("NIST KWP AE 128 bit test");
-
- ecb_mode_single_block_test(8'h18, AES_ENCIPHER, kwp_key, AES_128_BIT_KEY,
- kwp_plaintext, kwp_expected);
- end
- endtask // nist_kwp_test
-
-
- //----------------------------------------------------------------
- // aes_core_test
- // The main test functionality.
- //
- // Test cases taken from NIST SP 800-38A:
- // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
- //----------------------------------------------------------------
- initial
- begin : aes_core_test
- $display(" -= Testbench for aes core started =-");
- $display(" ================================");
- $display("");
-
- init_sim();
- dump_dut_state();
- reset_dut();
- dump_dut_state();
- nist_fips_tests();
- nist_kwp_test();
display_test_result();
$display("");
diff --git a/src/tb/tb_aes_decipher_block.v b/src/tb/tb_aes_decipher_block.v
index ec228c0..13b9949 100644
--- a/src/tb/tb_aes_decipher_block.v
+++ b/src/tb/tb_aes_decipher_block.v
@@ -152,17 +152,15 @@ module tb_aes_decipher_block();
$display("Control states");
$display("round = 0x%01x", dut.round);
- $display("dec_ctrl = 0x%01x, update_type = 0x%01x, sword_ctr = 0x%01x, round_ctr = 0x%01x",
- dut.dec_ctrl_reg, dut.update_type, dut.sword_ctr_reg, dut.round_ctr_reg);
+ $display("dec_ctrl = 0x%01x, update_type = 0x%01x, round_ctr = 0x%01x",
+ dut.dec_ctrl_reg, dut.update_type, dut.round_ctr_reg);
$display("");
$display("Internal data values");
$display("round_key = 0x%016x", dut.round_key);
- $display("sboxw = 0x%08x, new_sboxw = 0x%08x", dut.tmp_sboxw, dut.new_sboxw);
- $display("block_w0_reg = 0x%08x, block_w1_reg = 0x%08x, block_w2_reg = 0x%08x, block_w3_reg = 0x%08x",
- dut.block_w0_reg, dut.block_w1_reg, dut.block_w2_reg, dut.block_w3_reg);
+ $display("block_reg = 0x%016x", dut.block_reg);
$display("");
- $display("old_block = 0x%08x", dut.round_logic.old_block);
+ $display("subbytes_block = 0x%08x", dut.round_logic.subbytes_block);
$display("inv_shiftrows_block = 0x%08x", dut.round_logic.inv_shiftrows_block);
$display("inv_mixcolumns_block = 0x%08x", dut.round_logic.inv_mixcolumns_block);
$display("addkey_block = 0x%08x", dut.round_logic.addkey_block);
diff --git a/src/tb/tb_aes_encipher_block.v b/src/tb/tb_aes_encipher_block.v
index 68e88dd..0606d95 100644
--- a/src/tb/tb_aes_encipher_block.v
+++ b/src/tb/tb_aes_encipher_block.v
@@ -74,9 +74,6 @@ module tb_aes_encipher_block();
wire [3 : 0] tb_round;
wire [127 : 0] tb_round_key;
- wire [31 : 0] tb_sboxw;
- wire [31 : 0] tb_new_sboxw;
-
reg [127 : 0] tb_block;
wire [127 : 0] tb_new_block;
@@ -92,13 +89,6 @@ module tb_aes_encipher_block();
//----------------------------------------------------------------
// Device Under Test.
//----------------------------------------------------------------
- // We need an sbox for the tests.
- aes_sbox sbox(
- .sboxw(tb_sboxw),
- .new_sboxw(tb_new_sboxw)
- );
-
-
// The device under test.
aes_encipher_block dut(
.clk(tb_clk),
@@ -110,9 +100,6 @@ module tb_aes_encipher_block();
.round(tb_round),
.round_key(tb_round_key),
- .sboxw(tb_sboxw),
- .new_sboxw(tb_new_sboxw),
-
.block(tb_block),
.new_block(tb_new_block),
.ready(tb_ready)
@@ -166,25 +153,21 @@ module tb_aes_encipher_block();
$display("Control states");
$display("round = 0x%01x", dut.round);
- $display("enc_ctrl = 0x%01x, update_type = 0x%01x, sword_ctr = 0x%01x, round_ctr = 0x%01x",
- dut.enc_ctrl_reg, dut.update_type, dut.sword_ctr_reg, dut.round_ctr_reg);
+ $display("enc_ctrl = 0x%01x, update_type = 0x%01x, round_ctr = 0x%01x",
+ dut.enc_ctrl_reg, dut.update_type, dut.round_ctr_reg);
$display("");
$display("Internal data values");
$display("round_key = 0x%016x", dut.round_key);
- $display("sboxw = 0x%08x, new_sboxw = 0x%08x", dut.sboxw, dut.new_sboxw);
- $display("block_w0_reg = 0x%08x, block_w1_reg = 0x%08x, block_w2_reg = 0x%08x, block_w3_reg = 0x%08x",
- dut.block_w0_reg, dut.block_w1_reg, dut.block_w2_reg, dut.block_w3_reg);
+ $display("block_reg = 0x%016x", dut.block_reg);
$display("");
- $display("old_block = 0x%08x", dut.round_logic.old_block);
+ $display("subbytes_block = 0x%08x", dut.round_logic.subbytes_block);
$display("shiftrows_block = 0x%08x", dut.round_logic.shiftrows_block);
$display("mixcolumns_block = 0x%08x", dut.round_logic.mixcolumns_block);
$display("addkey_init_block = 0x%08x", dut.round_logic.addkey_init_block);
$display("addkey_main_block = 0x%08x", dut.round_logic.addkey_main_block);
$display("addkey_final_block = 0x%08x", dut.round_logic.addkey_final_block);
- $display("block_w0_new = 0x%08x, block_w1_new = 0x%08x, block_w2_new = 0x%08x, block_w3_new = 0x%08x",
- dut.block_new[127 : 096], dut.block_new[095 : 064],
- dut.block_new[063 : 032], dut.block_new[031 : 000]);
+ $display("block_new = 0x%08x", dut.block_new);
$display("");
end
endtask // dump_dut_state
diff --git a/src/tb/tb_aes_key_mem.v b/src/tb/tb_aes_key_mem.v
index cac216a..b76fb64 100644
--- a/src/tb/tb_aes_key_mem.v
+++ b/src/tb/tb_aes_key_mem.v
@@ -78,9 +78,6 @@ module tb_aes_key_mem();
wire [127 : 0] tb_round_key;
wire tb_ready;
- wire [31 : 0] tb_sboxw;
- wire [31 : 0] tb_new_sboxw;
-
//----------------------------------------------------------------
// Device Under Test.
@@ -95,15 +92,9 @@ module tb_aes_key_mem();
.round(tb_round),
.round_key(tb_round_key),
- .ready(tb_ready),
-
- .sboxw(tb_sboxw),
- .new_sboxw(tb_new_sboxw)
+ .ready(tb_ready)
);
- // The DUT requirees Sboxes.
- aes_sbox sbox(.sboxw(tb_sboxw), .new_sboxw(tb_new_sboxw));
-
//----------------------------------------------------------------
// clk_gen
diff --git a/toolruns/Makefile b/toolruns/Makefile
index 8408abd..835a92f 100755
--- a/toolruns/Makefile
+++ b/toolruns/Makefile
@@ -37,51 +37,44 @@
#
#===================================================================
-SBOX_SRC = ../src/rtl/aes_sbox.v
-INV_SBOX_SRC = ../src/rtl/aes_inv_sbox.v
-KEYMEM_SRC = ../src/rtl/aes_key_mem.v
-ENCIPHER_SRC = ../src/rtl/aes_encipher_block.v
-DECIPHER_SRC = ../src/rtl/aes_decipher_block.v
-CORE_SRC = ../src/rtl/aes_core.v $(KEYMEM_SRC) $(SBOX_SRC) $(INV_SBOX_SRC) $(ENCIPHER_SRC) $(DECIPHER_SRC)
-TOP_SRC = ../src/rtl/aes.v $(CORE_SRC)
+SBOX_SRC=../src/rtl/aes_sbox.v
+INV_SBOX_SRC=../src/rtl/aes_inv_sbox.v
+KEYMEM_SRC=../src/rtl/aes_key_mem.v
+ENCIPHER_SRC=../src/rtl/aes_encipher_block.v
+DECIPHER_SRC=../src/rtl/aes_decipher_block.v
+CORE_SRC=../src/rtl/aes_core.v $(KEYMEM_SRC) $(SBOX_SRC) $(INV_SBOX_SRC) $(ENCIPHER_SRC) $(DECIPHER_SRC)
+TOP_SRC=../src/rtl/aes.v $(CORE_SRC)
-TB_TOP_SRC = ../src/tb/tb_aes.v
-TB_CORE_SRC = ../src/tb/tb_aes_core.v
-TB_KEYMEM_SRC = ../src/tb/tb_aes_key_mem.v
-TB_ENCIPHER_SRC = ../src/tb/tb_aes_encipher_block.v
-TB_DECIPHER_SRC = ../src/tb/tb_aes_decipher_block.v
+TB_TOP_SRC =../src/tb/tb_aes.v
+TB_CORE_SRC =../src/tb/tb_aes_core.v
+TB_KEYMEM_SRC =../src/tb/tb_aes_key_mem.v
+TB_ENCIPHER_SRC =../src/tb/tb_aes_encipher_block.v
+TB_DECIPHER_SRC =../src/tb/tb_aes_decipher_block.v
-CC = iverilog
-CC_FLAGS = -Wall
-
-LINT = verilator
-LINT_FLAGS = +1364-2001ext+ --lint-only -Wall -Wno-fatal -Wno-DECLFILENAME
+CC=iverilog
+LINT=verilator
all: top.sim core.sim keymem.sim encipher.sim decipher.sim
top.sim: $(TB_TOP_SRC) $(TOP_SRC)
- $(CC) $(CC_FLAGS) -o top.sim $(TB_TOP_SRC) $(TOP_SRC)
+ $(CC) -o top.sim $(TB_TOP_SRC) $(TOP_SRC)
core.sim: $(TB_CORE_SRC) $(CORE_SRC)
- $(CC) $(CC_FLAGS) -o core.sim $(TB_CORE_SRC) $(CORE_SRC)
+ $(CC) -o core.sim $(TB_CORE_SRC) $(CORE_SRC)
keymem.sim: $(TB_KEYMEM_SRC) $(KEYGEN_SRC) $(SBOX_SRC)
- $(CC) $(CC_FLAGS) -o keymem.sim $(TB_KEYMEM_SRC) $(KEYMEM_SRC) $(SBOX_SRC)
+ $(CC) -o keymem.sim $(TB_KEYMEM_SRC) $(KEYMEM_SRC) $(SBOX_SRC)
encipher.sim: $(TB_ENCIPHER_SRC) $(ENCIPHER_SRC) $(SBOX_SRC)
- $(CC) $(CC_FLAGS) -o encipher.sim $(TB_ENCIPHER_SRC) $(ENCIPHER_SRC) $(SBOX_SRC)
+ $(CC) -o encipher.sim $(TB_ENCIPHER_SRC) $(ENCIPHER_SRC) $(SBOX_SRC)
decipher.sim: $(TB_DECIPHER_SRC) $(DECIPHER_SRC) $(INV_SBOX_SRC)
- $(CC) $(CC_FLAGS) -o decipher.sim $(TB_DECIPHER_SRC) $(DECIPHER_SRC) $(INV_SBOX_SRC)
-
-
-lint: $(TOP_SRC)
- $(LINT) $(LINT_FLAGS) $(TOP_SRC)
+ $(CC) -o decipher.sim $(TB_DECIPHER_SRC) $(DECIPHER_SRC) $(INV_SBOX_SRC)
sim-keymem: keymem.sim
@@ -103,6 +96,11 @@ sim-core: core.sim
sim-top: top.sim
./top.sim
+
+lint:
+ verilator +1364-2001ext+ --lint-only -Wall $(TOP_SRC)
+
+
clean:
rm -f decipher.sim
rm -f encipher.sim