From e7474587db169f990fb4d762c69c0fcd096cc891 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joachim=20Stro=CC=88mbergson?= <joachim@secworks.se>
Date: Tue, 22 May 2018 10:21:58 +0200
Subject: Added wait_ready task to allow test cases to wait for the core to
 complete an operation. This makes it possible to measure cycles for an
 operation.

---
 src/tb/tb_aes.v | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/tb/tb_aes.v b/src/tb/tb_aes.v
index 188a21a..35fc1d9 100644
--- a/src/tb/tb_aes.v
+++ b/src/tb/tb_aes.v
@@ -306,6 +306,25 @@ module tb_aes();
   endtask // read_word
 
 
+  //----------------------------------------------------------------
+  // wait_ready
+  //
+  // Wait for the DUT to signal that the result is ready
+  //----------------------------------------------------------------
+  task wait_ready;
+    begin : wait_ready
+      reg rdy;
+      rdy = 1'b0;
+
+      while (rdy != 1'b1)
+        begin
+          read_word(ADDR_STATUS);
+          rdy = tb_read_data[STATUS_READY_BIT];
+        end
+    end
+  endtask // wait_ready
+
+
   //----------------------------------------------------------------
   // read_result()
   //
@@ -386,8 +405,9 @@ module tb_aes();
       write_word(ADDR_CONFIG, (8'h00 + (key_length << 1)+ encdec));
       write_word(ADDR_CTRL, 8'h02);
 
-      #(100 * CLK_PERIOD);
-
+      wait_ready();
+      $display("*** Ready has been set!");
+      dump_dut_state();
       read_result();
 
       if (result_data == expected)
-- 
cgit v1.2.3


From 83d7c243f4f1b31bf619f4b47634a866a6a1d346 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joachim=20Stro=CC=88mbergson?= <joachim@secworks.se>
Date: Tue, 22 May 2018 13:17:47 +0200
Subject: Added missing implementation results for Xilinx Artix7.

---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index f8a04fc..1b00442 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@ of cycles to two cycles for each round.
 ## Implementation results ##
 The core has been implemented in Altera and Xilinx FPGA devices.
 
+
 ### Altera Cyclone IV GX ###
 - 7497 LEs
 - 2994 Regs
@@ -51,3 +52,10 @@ Removing the decipher module yields:
 - 3000 regs
 - 100 MHz
 - 5 cycles/round
+
+
+### Xilinx Artix7-3 T200 ###
+- 2102 slices
+- 2991 regs
+- 113 MHz (8.79ns)
+- 5 cycles/round
-- 
cgit v1.2.3


From 4c94cf218237bf8bd3afef0f1828361baa284547 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joachim=20Stro=CC=88mbergson?= <joachim@secworks.se>
Date: Thu, 14 Jun 2018 13:47:43 +0200
Subject: Added CC_FLAGS and LINT_FLAGS.

---
 toolruns/Makefile | 50 ++++++++++++++++++++++++++------------------------
 1 file changed, 26 insertions(+), 24 deletions(-)

diff --git a/toolruns/Makefile b/toolruns/Makefile
index 835a92f..8408abd 100755
--- a/toolruns/Makefile
+++ b/toolruns/Makefile
@@ -37,44 +37,51 @@
 #
 #===================================================================
 
-SBOX_SRC=../src/rtl/aes_sbox.v
-INV_SBOX_SRC=../src/rtl/aes_inv_sbox.v
-KEYMEM_SRC=../src/rtl/aes_key_mem.v
-ENCIPHER_SRC=../src/rtl/aes_encipher_block.v
-DECIPHER_SRC=../src/rtl/aes_decipher_block.v
-CORE_SRC=../src/rtl/aes_core.v $(KEYMEM_SRC) $(SBOX_SRC) $(INV_SBOX_SRC) $(ENCIPHER_SRC) $(DECIPHER_SRC)
-TOP_SRC=../src/rtl/aes.v $(CORE_SRC)
+SBOX_SRC = ../src/rtl/aes_sbox.v
+INV_SBOX_SRC = ../src/rtl/aes_inv_sbox.v
+KEYMEM_SRC = ../src/rtl/aes_key_mem.v
+ENCIPHER_SRC = ../src/rtl/aes_encipher_block.v
+DECIPHER_SRC = ../src/rtl/aes_decipher_block.v
+CORE_SRC = ../src/rtl/aes_core.v $(KEYMEM_SRC) $(SBOX_SRC) $(INV_SBOX_SRC) $(ENCIPHER_SRC) $(DECIPHER_SRC)
+TOP_SRC = ../src/rtl/aes.v $(CORE_SRC)
 
-TB_TOP_SRC =../src/tb/tb_aes.v
-TB_CORE_SRC =../src/tb/tb_aes_core.v
-TB_KEYMEM_SRC =../src/tb/tb_aes_key_mem.v
-TB_ENCIPHER_SRC =../src/tb/tb_aes_encipher_block.v
-TB_DECIPHER_SRC =../src/tb/tb_aes_decipher_block.v
+TB_TOP_SRC = ../src/tb/tb_aes.v
+TB_CORE_SRC = ../src/tb/tb_aes_core.v
+TB_KEYMEM_SRC = ../src/tb/tb_aes_key_mem.v
+TB_ENCIPHER_SRC = ../src/tb/tb_aes_encipher_block.v
+TB_DECIPHER_SRC = ../src/tb/tb_aes_decipher_block.v
 
-CC=iverilog
-LINT=verilator
+CC = iverilog
+CC_FLAGS = -Wall
+
+LINT = verilator
+LINT_FLAGS = +1364-2001ext+ --lint-only  -Wall -Wno-fatal -Wno-DECLFILENAME
 
 
 all: top.sim core.sim keymem.sim encipher.sim decipher.sim
 
 top.sim: $(TB_TOP_SRC) $(TOP_SRC)
-	$(CC) -o top.sim $(TB_TOP_SRC) $(TOP_SRC)
+	$(CC) $(CC_FLAGS) -o top.sim $(TB_TOP_SRC) $(TOP_SRC)
 
 
 core.sim: $(TB_CORE_SRC) $(CORE_SRC)
-	$(CC) -o core.sim $(TB_CORE_SRC) $(CORE_SRC)
+	$(CC) $(CC_FLAGS) -o core.sim $(TB_CORE_SRC) $(CORE_SRC)
 
 
 keymem.sim:  $(TB_KEYMEM_SRC) $(KEYGEN_SRC) $(SBOX_SRC)
-	$(CC) -o keymem.sim $(TB_KEYMEM_SRC) $(KEYMEM_SRC) $(SBOX_SRC)
+	$(CC) $(CC_FLAGS) -o keymem.sim $(TB_KEYMEM_SRC) $(KEYMEM_SRC) $(SBOX_SRC)
 
 
 encipher.sim:  $(TB_ENCIPHER_SRC) $(ENCIPHER_SRC) $(SBOX_SRC)
-	$(CC) -o encipher.sim $(TB_ENCIPHER_SRC) $(ENCIPHER_SRC) $(SBOX_SRC)
+	$(CC) $(CC_FLAGS) -o encipher.sim $(TB_ENCIPHER_SRC) $(ENCIPHER_SRC) $(SBOX_SRC)
 
 
 decipher.sim:  $(TB_DECIPHER_SRC) $(DECIPHER_SRC) $(INV_SBOX_SRC)
-	$(CC) -o decipher.sim $(TB_DECIPHER_SRC) $(DECIPHER_SRC) $(INV_SBOX_SRC)
+	$(CC) $(CC_FLAGS) -o decipher.sim $(TB_DECIPHER_SRC) $(DECIPHER_SRC) $(INV_SBOX_SRC)
+
+
+lint:  $(TOP_SRC)
+	$(LINT) $(LINT_FLAGS) $(TOP_SRC)
 
 
 sim-keymem: keymem.sim
@@ -96,11 +103,6 @@ sim-core: core.sim
 sim-top: top.sim
 	./top.sim
 
-
-lint:
-	verilator +1364-2001ext+ --lint-only -Wall $(TOP_SRC)
-
-
 clean:
 	rm -f decipher.sim
 	rm -f encipher.sim
-- 
cgit v1.2.3


From fa155de5469627ae0ff942ea452f2f92f169767c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joachim=20Stro=CC=88mbergson?= <joachim@secworks.se>
Date: Wed, 4 Jul 2018 15:02:26 +0200
Subject: Added a test case for AES with test vectors from processing NIST KWP
 keywrap operation. This verifies that we are using the AES core correctly in
 the keywrap core. But it is a new test vector for AES too.

---
 src/tb/tb_aes.v | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/src/tb/tb_aes.v b/src/tb/tb_aes.v
index 35fc1d9..1e229d9 100644
--- a/src/tb/tb_aes.v
+++ b/src/tb/tb_aes.v
@@ -531,6 +531,33 @@ module tb_aes();
   endtask // aes_test
 
 
+
+  //----------------------------------------------------------------
+  // nist_kwp_ae_128_test()
+  //
+  // Test that we can perform operations based on NIST KWP
+  // AE 128 test vectors.
+  //----------------------------------------------------------------
+  task nist_kwp_ae_128_test;
+    reg [255 : 0] kwp_key;
+    reg [127 : 0] kwp_plaintext;
+    reg [127 : 0] kwp_expected;
+
+    begin
+      kwp_key       = 256'hc03db3cc1416dcd1c069a195a8d77e3d00000000000000000000000000000000;
+      kwp_plaintext = 128'ha65959a60000001f46f87f58cdda4200;
+      kwp_expected  = 128'hd1bac797ff82fa4bde9f7490729fd0a7;
+
+      $display("");
+      $display("NIST KWP AE 128 bit test");
+
+      ecb_mode_single_block_test(8'h01, AES_ENCIPHER, kwp_key, AES_128_BIT_KEY,
+                                 kwp_plaintext, kwp_expected);
+    end
+  endtask // nist_kwp_ae_128_test
+
+
+
   //----------------------------------------------------------------
   // main
   //
@@ -548,6 +575,7 @@ module tb_aes();
       dump_dut_state();
 
       aes_test();
+      nist_kwp_ae_128_test();
 
       display_test_results();
 
-- 
cgit v1.2.3


From 98cc06bdeccbd30da21a0439c1cbbf59f9a75f3e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joachim=20Stro=CC=88mbergson?= <joachim@secworks.se>
Date: Wed, 4 Jul 2018 15:21:27 +0200
Subject: (1) Added NIST KWP test to core. (2) Moved all other tests in core tb
 to a separate task. (3) Minor cleanup in top tb.

---
 src/tb/tb_aes.v      | 27 ++++++++--------
 src/tb/tb_aes_core.v | 89 +++++++++++++++++++++++++++++++++++-----------------
 2 files changed, 73 insertions(+), 43 deletions(-)

diff --git a/src/tb/tb_aes.v b/src/tb/tb_aes.v
index 1e229d9..6561b4d 100644
--- a/src/tb/tb_aes.v
+++ b/src/tb/tb_aes.v
@@ -429,11 +429,11 @@ module tb_aes();
 
 
   //----------------------------------------------------------------
-  // aes_test()
+  // nist_fips_tests()
   //
-  // Main test task will perform complete NIST test of AES.
+  // Perform tests based on NIST FIPS-197 test vectors.
   //----------------------------------------------------------------
-  task aes_test;
+  task nist_fips_tests;
     reg [255 : 0] nist_aes128_key;
     reg [255 : 0] nist_aes256_key;
 
@@ -472,8 +472,8 @@ module tb_aes();
       nist_ecb_256_enc_expected3 = 128'h23304b7a39f9f3ff067d8d8f9e24ecc7;
 
 
-      $display("ECB 128 bit key tests");
-      $display("---------------------");
+      $display("NIST FIPS ECB 128 bit key tests");
+      $display("-------------------------------");
       ecb_mode_single_block_test(8'h01, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
                                  nist_plaintext0, nist_ecb_128_enc_expected0);
 
@@ -501,8 +501,8 @@ module tb_aes();
 
 
       $display("");
-      $display("ECB 256 bit key tests");
-      $display("---------------------");
+      $display("NIST FIPS ECB 256 bit key tests");
+      $display("-------------------------------");
       ecb_mode_single_block_test(8'h10, AES_ENCIPHER, nist_aes256_key, AES_256_BIT_KEY,
                                  nist_plaintext0, nist_ecb_256_enc_expected0);
 
@@ -531,14 +531,13 @@ module tb_aes();
   endtask // aes_test
 
 
-
   //----------------------------------------------------------------
-  // nist_kwp_ae_128_test()
+  // nist_kwp_test()
   //
   // Test that we can perform operations based on NIST KWP
   // AE 128 test vectors.
   //----------------------------------------------------------------
-  task nist_kwp_ae_128_test;
+  task nist_kwp_test;
     reg [255 : 0] kwp_key;
     reg [127 : 0] kwp_plaintext;
     reg [127 : 0] kwp_expected;
@@ -551,10 +550,10 @@ module tb_aes();
       $display("");
       $display("NIST KWP AE 128 bit test");
 
-      ecb_mode_single_block_test(8'h01, AES_ENCIPHER, kwp_key, AES_128_BIT_KEY,
+      ecb_mode_single_block_test(8'h18, AES_ENCIPHER, kwp_key, AES_128_BIT_KEY,
                                  kwp_plaintext, kwp_expected);
     end
-  endtask // nist_kwp_ae_128_test
+  endtask // nist_kwp_test
 
 
 
@@ -574,8 +573,8 @@ module tb_aes();
       reset_dut();
       dump_dut_state();
 
-      aes_test();
-      nist_kwp_ae_128_test();
+      nist_fips_tests();
+      nist_kwp_test();
 
       display_test_results();
 
diff --git a/src/tb/tb_aes_core.v b/src/tb/tb_aes_core.v
index d36d0bc..d7c424c 100644
--- a/src/tb/tb_aes_core.v
+++ b/src/tb/tb_aes_core.v
@@ -339,15 +339,8 @@ module tb_aes_core();
   endtask // ecb_mode_single_block_test
 
 
-  //----------------------------------------------------------------
-  // aes_core_test
-  // The main test functionality.
-  //
-  // Test cases taken from NIST SP 800-38A:
-  // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
-  //----------------------------------------------------------------
-  initial
-    begin : aes_core_test
+  task nist_fips_tests;
+    begin : fips_tests
       reg [255 : 0] nist_aes128_key;
       reg [255 : 0] nist_aes256_key;
 
@@ -385,29 +378,19 @@ module tb_aes_core();
       nist_ecb_256_enc_expected3 = 128'h23304b7a39f9f3ff067d8d8f9e24ecc7;
 
 
-      $display("   -= Testbench for aes core started =-");
-      $display("     ================================");
-      $display("");
-
-      init_sim();
-      dump_dut_state();
-      reset_dut();
-      dump_dut_state();
-
-
-      $display("ECB 128 bit key tests");
-      $display("---------------------");
+      $display("NIST FIPS ECB 128 bit key tests");
+      $display("-------------------------------");
       ecb_mode_single_block_test(8'h01, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
                                  nist_plaintext0, nist_ecb_128_enc_expected0);
 
-     ecb_mode_single_block_test(8'h02, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
-                                nist_plaintext1, nist_ecb_128_enc_expected1);
+      ecb_mode_single_block_test(8'h02, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
+                                 nist_plaintext1, nist_ecb_128_enc_expected1);
 
-     ecb_mode_single_block_test(8'h03, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
-                                nist_plaintext2, nist_ecb_128_enc_expected2);
+      ecb_mode_single_block_test(8'h03, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
+                                 nist_plaintext2, nist_ecb_128_enc_expected2);
 
-     ecb_mode_single_block_test(8'h04, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
-                                nist_plaintext3, nist_ecb_128_enc_expected3);
+      ecb_mode_single_block_test(8'h04, AES_ENCIPHER, nist_aes128_key, AES_128_BIT_KEY,
+                                 nist_plaintext3, nist_ecb_128_enc_expected3);
 
 
       ecb_mode_single_block_test(8'h05, AES_DECIPHER, nist_aes128_key, AES_128_BIT_KEY,
@@ -424,8 +407,8 @@ module tb_aes_core();
 
 
       $display("");
-      $display("ECB 256 bit key tests");
-      $display("---------------------");
+      $display("NIST FIPS ECB 256 bit key tests");
+      $display("-------------------------------");
       ecb_mode_single_block_test(8'h10, AES_ENCIPHER, nist_aes256_key, AES_256_BIT_KEY,
                                  nist_plaintext0, nist_ecb_256_enc_expected0);
 
@@ -450,7 +433,55 @@ module tb_aes_core();
 
       ecb_mode_single_block_test(8'h17, AES_DECIPHER, nist_aes256_key, AES_256_BIT_KEY,
                                  nist_ecb_256_enc_expected3, nist_plaintext3);
+    end
+  endtask // nist_fips_tests
+
+
+  //----------------------------------------------------------------
+  // nist_kwp_test()
+  //
+  // Test that we can perform operations based on NIST KWP
+  // AE 128 test vectors.
+  //----------------------------------------------------------------
+  task nist_kwp_test;
+    reg [255 : 0] kwp_key;
+    reg [127 : 0] kwp_plaintext;
+    reg [127 : 0] kwp_expected;
+
+    begin
+      kwp_key       = 256'hc03db3cc1416dcd1c069a195a8d77e3d00000000000000000000000000000000;
+      kwp_plaintext = 128'ha65959a60000001f46f87f58cdda4200;
+      kwp_expected  = 128'hd1bac797ff82fa4bde9f7490729fd0a7;
+
+      $display("");
+      $display("NIST KWP AE 128 bit test");
+
+      ecb_mode_single_block_test(8'h18, AES_ENCIPHER, kwp_key, AES_128_BIT_KEY,
+                                 kwp_plaintext, kwp_expected);
+    end
+  endtask // nist_kwp_test
+
+
+  //----------------------------------------------------------------
+  // aes_core_test
+  // The main test functionality.
+  //
+  // Test cases taken from NIST SP 800-38A:
+  // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+  //----------------------------------------------------------------
+  initial
+    begin : aes_core_test
+      $display("   -= Testbench for aes core started =-");
+      $display("     ================================");
+      $display("");
+
+      init_sim();
+      dump_dut_state();
+      reset_dut();
+      dump_dut_state();
 
+      nist_fips_tests();
+      nist_kwp_test();
 
       display_test_result();
       $display("");
-- 
cgit v1.2.3


From 277c73b0b7d8cb4af191a35979fb3164ee9808f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joachim=20Stro=CC=88mbergson?= <joachim@secworks.se>
Date: Tue, 16 Oct 2018 09:55:04 +0200
Subject: Added the regs missing in reset also in the old aes core.

---
 src/rtl/aes_key_mem.v | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/rtl/aes_key_mem.v b/src/rtl/aes_key_mem.v
index 496fc08..b26b870 100644
--- a/src/rtl/aes_key_mem.v
+++ b/src/rtl/aes_key_mem.v
@@ -138,9 +138,11 @@ module aes_key_mem(
 
       if (!reset_n)
         begin
-          for (i = 0 ; i < 4 ; i = i + 1)
+          for (i = 0 ; i < 14 ; i = i + 1)
             key_mem [i] <= 128'h0;
 
+          prev_key0_reg    <= 128'h0;
+          prev_key1_reg    <= 128'h0;
           rcon_reg         <= 8'h0;
           ready_reg        <= 1'b0;
           round_ctr_reg    <= 4'h0;
-- 
cgit v1.2.3


From 1ad1120086e4d9f6599555ed2ea6a54994ec8e1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joachim=20Stro=CC=88mbergson?= <joachim@secworks.se>
Date: Tue, 23 Oct 2018 10:42:00 +0200
Subject: For completeness sake added API hardening to the aes core too. The
 AES core has been replaced with the aes_speed core but is still available as
 a separate repo.

---
 src/rtl/aes.v         | 26 +++++++++++++++-----------
 src/rtl/aes_key_mem.v |  2 +-
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/src/rtl/aes.v b/src/rtl/aes.v
index 0d719d2..4f668bc 100644
--- a/src/rtl/aes.v
+++ b/src/rtl/aes.v
@@ -236,20 +236,23 @@ module aes(
         begin
           if (we)
             begin
-              if (address == ADDR_CTRL)
+              if (core_ready)
                 begin
-                  init_new = write_data[CTRL_INIT_BIT];
-                  next_new = write_data[CTRL_NEXT_BIT];
-                end
+                  if (address == ADDR_CTRL)
+                    begin
+                      init_new = write_data[CTRL_INIT_BIT];
+                      next_new = write_data[CTRL_NEXT_BIT];
+                    end
 
-              if (address == ADDR_CONFIG)
-                config_we = 1'b1;
+                  if (address == ADDR_CONFIG)
+                    config_we = 1'b1;
 
-              if ((address >= ADDR_KEY0) && (address <= ADDR_KEY7))
-                key_we = 1'b1;
+                  if ((address >= ADDR_KEY0) && (address <= ADDR_KEY7))
+                    key_we = 1'b1;
 
-              if ((address >= ADDR_BLOCK0) && (address <= ADDR_BLOCK3))
-                block_we = 1'b1;
+                  if ((address >= ADDR_BLOCK0) && (address <= ADDR_BLOCK3))
+                    block_we = 1'b1;
+                end
             end // if (we)
 
           else
@@ -267,7 +270,8 @@ module aes(
               endcase // case (address)
 
               if ((address >= ADDR_RESULT0) && (address <= ADDR_RESULT3))
-                tmp_read_data = result_reg[(3 - (address - ADDR_RESULT0)) * 32 +: 32];
+                if (core_ready)
+                  tmp_read_data = result_reg[(3 - (address - ADDR_RESULT0)) * 32 +: 32];
             end
         end
     end // addr_decoder
diff --git a/src/rtl/aes_key_mem.v b/src/rtl/aes_key_mem.v
index b26b870..f57d4dd 100644
--- a/src/rtl/aes_key_mem.v
+++ b/src/rtl/aes_key_mem.v
@@ -138,7 +138,7 @@ module aes_key_mem(
 
       if (!reset_n)
         begin
-          for (i = 0 ; i < 14 ; i = i + 1)
+          for (i = 0 ; i < 15 ; i = i + 1)
             key_mem [i] <= 128'h0;
 
           prev_key0_reg    <= 128'h0;
-- 
cgit v1.2.3