aboutsummaryrefslogtreecommitdiff
path: root/src/rtl
diff options
context:
space:
mode:
authorJoachim StroĢˆmbergson <joachim@secworks.se>2018-05-21 15:35:55 +0200
committerJoachim StroĢˆmbergson <joachim@secworks.se>2018-05-21 15:35:55 +0200
commite389761d61a5616add66ce2dacd0f13feb68d1e1 (patch)
tree2fc3494df24eef6a05d51a478257eebf53760bb6 /src/rtl
Adding inital version of AES core optimized for performance.
Diffstat (limited to 'src/rtl')
-rw-r--r--src/rtl/aes.v278
-rw-r--r--src/rtl/aes_core.v339
-rw-r--r--src/rtl/aes_decipher_block.v525
-rw-r--r--src/rtl/aes_encipher_block.v486
-rw-r--r--src/rtl/aes_inv_sbox.v325
-rw-r--r--src/rtl/aes_key_mem.v454
-rw-r--r--src/rtl/aes_sbox.v325
7 files changed, 2732 insertions, 0 deletions
diff --git a/src/rtl/aes.v b/src/rtl/aes.v
new file mode 100644
index 0000000..0d719d2
--- /dev/null
+++ b/src/rtl/aes.v
@@ -0,0 +1,278 @@
+//======================================================================
+//
+// aes.v
+// --------
+// Top level wrapper for the AES block cipher core.
+//
+//
+// Author: Joachim Strombergson
+// Copyright (c) 2014, NORDUnet A/S
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+// - Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// - Neither the name of the NORDUnet nor the names of its contributors may
+// be used to endorse or promote products derived from this software
+// without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+// IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+// TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+// PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+//======================================================================
+
+module aes(
+ // Clock and reset.
+ input wire clk,
+ input wire reset_n,
+
+ // Control.
+ input wire cs,
+ input wire we,
+
+ // Data ports.
+ input wire [7 : 0] address,
+ input wire [31 : 0] write_data,
+ output wire [31 : 0] read_data,
+ output wire error
+ );
+
+ //----------------------------------------------------------------
+ // Internal constant and parameter definitions.
+ //----------------------------------------------------------------
+ localparam ADDR_NAME0 = 8'h00;
+ localparam ADDR_NAME1 = 8'h01;
+ localparam ADDR_VERSION = 8'h02;
+
+ localparam ADDR_CTRL = 8'h08;
+ localparam CTRL_INIT_BIT = 0;
+ localparam CTRL_NEXT_BIT = 1;
+
+ localparam ADDR_STATUS = 8'h09;
+ localparam STATUS_READY_BIT = 0;
+ localparam STATUS_VALID_BIT = 1;
+
+ localparam ADDR_CONFIG = 8'h0a;
+ localparam CTRL_ENCDEC_BIT = 0;
+ localparam CTRL_KEYLEN_BIT = 1;
+
+ localparam ADDR_KEY0 = 8'h10;
+ localparam ADDR_KEY7 = 8'h17;
+
+ localparam ADDR_BLOCK0 = 8'h20;
+ localparam ADDR_BLOCK3 = 8'h23;
+
+ localparam ADDR_RESULT0 = 8'h30;
+ localparam ADDR_RESULT1 = 8'h31;
+ localparam ADDR_RESULT2 = 8'h32;
+ localparam ADDR_RESULT3 = 8'h33;
+
+ localparam CORE_NAME0 = 32'h61657320; // "aes "
+ localparam CORE_NAME1 = 32'h20202020; // " "
+ localparam CORE_VERSION = 32'h302e3630; // "0.60"
+
+
+ //----------------------------------------------------------------
+ // Registers including update variables and write enable.
+ //----------------------------------------------------------------
+ reg init_reg;
+ reg init_new;
+
+ reg next_reg;
+ reg next_new;
+
+ reg encdec_reg;
+ reg keylen_reg;
+ reg config_we;
+
+ reg [31 : 0] block_reg [0 : 3];
+ reg block_we;
+
+ reg [31 : 0] key_reg [0 : 7];
+ reg key_we;
+
+ reg [127 : 0] result_reg;
+ reg valid_reg;
+ reg ready_reg;
+
+
+ //----------------------------------------------------------------
+ // Wires.
+ //----------------------------------------------------------------
+ reg [31 : 0] tmp_read_data;
+ reg tmp_error;
+
+ wire core_encdec;
+ wire core_init;
+ wire core_next;
+ wire core_ready;
+ wire [255 : 0] core_key;
+ wire core_keylen;
+ wire [127 : 0] core_block;
+ wire [127 : 0] core_result;
+ wire core_valid;
+
+
+ //----------------------------------------------------------------
+ // Concurrent connectivity for ports etc.
+ //----------------------------------------------------------------
+ assign read_data = tmp_read_data;
+ assign error = tmp_error;
+
+ assign core_key = {key_reg[0], key_reg[1], key_reg[2], key_reg[3],
+ key_reg[4], key_reg[5], key_reg[6], key_reg[7]};
+
+ assign core_block = {block_reg[0], block_reg[1],
+ block_reg[2], block_reg[3]};
+ assign core_init = init_reg;
+ assign core_next = next_reg;
+ assign core_encdec = encdec_reg;
+ assign core_keylen = keylen_reg;
+
+
+ //----------------------------------------------------------------
+ // core instantiation.
+ //----------------------------------------------------------------
+ aes_core core(
+ .clk(clk),
+ .reset_n(reset_n),
+
+ .encdec(core_encdec),
+ .init(core_init),
+ .next(core_next),
+ .ready(core_ready),
+
+ .key(core_key),
+ .keylen(core_keylen),
+
+ .block(core_block),
+ .result(core_result),
+ .result_valid(core_valid)
+ );
+
+
+ //----------------------------------------------------------------
+ // reg_update
+ // Update functionality for all registers in the core.
+ // All registers are positive edge triggered with asynchronous
+ // active low reset.
+ //----------------------------------------------------------------
+ always @ (posedge clk or negedge reset_n)
+ begin : reg_update
+ integer i;
+
+ if (!reset_n)
+ begin
+ for (i = 0 ; i < 4 ; i = i + 1)
+ block_reg[i] <= 32'h0;
+
+ for (i = 0 ; i < 8 ; i = i + 1)
+ key_reg[i] <= 32'h0;
+
+ init_reg <= 1'b0;
+ next_reg <= 1'b0;
+ encdec_reg <= 1'b0;
+ keylen_reg <= 1'b0;
+
+ result_reg <= 128'h0;
+ valid_reg <= 1'b0;
+ ready_reg <= 1'b0;
+ end
+ else
+ begin
+ ready_reg <= core_ready;
+ valid_reg <= core_valid;
+ result_reg <= core_result;
+ init_reg <= init_new;
+ next_reg <= next_new;
+
+ if (config_we)
+ begin
+ encdec_reg <= write_data[CTRL_ENCDEC_BIT];
+ keylen_reg <= write_data[CTRL_KEYLEN_BIT];
+ end
+
+ if (key_we)
+ key_reg[address[2 : 0]] <= write_data;
+
+ if (block_we)
+ block_reg[address[1 : 0]] <= write_data;
+ end
+ end // reg_update
+
+
+ //----------------------------------------------------------------
+ // api
+ //
+ // The interface command decoding logic.
+ //----------------------------------------------------------------
+ always @*
+ begin : api
+ init_new = 1'b0;
+ next_new = 1'b0;
+ config_we = 1'b0;
+ key_we = 1'b0;
+ block_we = 1'b0;
+ tmp_read_data = 32'h0;
+ tmp_error = 1'b0;
+
+ if (cs)
+ begin
+ if (we)
+ begin
+ if (address == ADDR_CTRL)
+ begin
+ init_new = write_data[CTRL_INIT_BIT];
+ next_new = write_data[CTRL_NEXT_BIT];
+ end
+
+ if (address == ADDR_CONFIG)
+ config_we = 1'b1;
+
+ if ((address >= ADDR_KEY0) && (address <= ADDR_KEY7))
+ key_we = 1'b1;
+
+ if ((address >= ADDR_BLOCK0) && (address <= ADDR_BLOCK3))
+ block_we = 1'b1;
+ end // if (we)
+
+ else
+ begin
+ case (address)
+ ADDR_NAME0: tmp_read_data = CORE_NAME0;
+ ADDR_NAME1: tmp_read_data = CORE_NAME1;
+ ADDR_VERSION: tmp_read_data = CORE_VERSION;
+ ADDR_CTRL: tmp_read_data = {28'h0, keylen_reg, encdec_reg, next_reg, init_reg};
+ ADDR_STATUS: tmp_read_data = {30'h0, valid_reg, ready_reg};
+
+ default:
+ begin
+ end
+ endcase // case (address)
+
+ if ((address >= ADDR_RESULT0) && (address <= ADDR_RESULT3))
+ tmp_read_data = result_reg[(3 - (address - ADDR_RESULT0)) * 32 +: 32];
+ end
+ end
+ end // addr_decoder
+endmodule // aes
+
+//======================================================================
+// EOF aes.v
+//======================================================================
diff --git a/src/rtl/aes_core.v b/src/rtl/aes_core.v
new file mode 100644
index 0000000..5196a1f
--- /dev/null
+++ b/src/rtl/aes_core.v
@@ -0,0 +1,339 @@
+//======================================================================
+//
+// aes.core.v
+// ----------
+// The AES core. This core supports key size of 128, and 256 bits.
+// Most of the functionality is within the submodules.
+//
+//
+// Author: Joachim Strombergson
+// Copyright (c) 2014, NORDUnet A/S
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+// - Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// - Neither the name of the NORDUnet nor the names of its contributors may
+// be used to endorse or promote products derived from this software
+// without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+// IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+// TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+// PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+//======================================================================
+
+module aes_core(
+ input wire clk,
+ input wire reset_n,
+
+ input wire encdec,
+ input wire init,
+ input wire next,
+ output wire ready,
+
+ input wire [255 : 0] key,
+ input wire keylen,
+
+ input wire [127 : 0] block,
+ output wire [127 : 0] result,
+ output wire result_valid
+ );
+
+
+
+
+ //----------------------------------------------------------------
+ // Internal constant and parameter definitions.
+ //----------------------------------------------------------------
+ localparam CTRL_IDLE = 2'h0;
+ localparam CTRL_INIT = 2'h1;
+ localparam CTRL_NEXT = 2'h2;
+
+
+ //----------------------------------------------------------------
+ // Registers including update variables and write enable.
+ //----------------------------------------------------------------
+ reg [1 : 0] aes_core_ctrl_reg;
+ reg [1 : 0] aes_core_ctrl_new;
+ reg aes_core_ctrl_we;
+
+ reg result_valid_reg;
+ reg result_valid_new;
+ reg result_valid_we;
+
+ reg ready_reg;
+ reg ready_new;
+ reg ready_we;
+
+
+ //----------------------------------------------------------------
+ // Wires.
+ //----------------------------------------------------------------
+ reg init_state;
+
+ wire [127 : 0] round_key;
+ wire key_ready;
+
+ reg enc_next;
+ wire [3 : 0] enc_round_nr;
+ wire [127 : 0] enc_new_block;
+ wire enc_ready;
+ wire [31 : 0] enc_sboxw;
+
+ reg dec_next;
+ wire [3 : 0] dec_round_nr;
+ wire [127 : 0] dec_new_block;
+ wire dec_ready;
+
+ reg [127 : 0] muxed_new_block;
+ reg [3 : 0] muxed_round_nr;
+ reg muxed_ready;
+
+ wire [31 : 0] keymem_sboxw;
+
+ reg [31 : 0] muxed_sboxw;
+ wire [31 : 0] new_sboxw;
+
+
+ //----------------------------------------------------------------
+ // Instantiations.
+ //----------------------------------------------------------------
+ aes_encipher_block enc_block(
+ .clk(clk),
+ .reset_n(reset_n),
+
+ .next(enc_next),
+
+ .keylen(keylen),
+ .round(enc_round_nr),
+ .round_key(round_key),
+
+ .sboxw(enc_sboxw),
+ .new_sboxw(new_sboxw),
+
+ .block(block),
+ .new_block(enc_new_block),
+ .ready(enc_ready)
+ );
+
+
+ aes_decipher_block dec_block(
+ .clk(clk),
+ .reset_n(reset_n),
+
+ .next(dec_next),
+
+ .keylen(keylen),
+ .round(dec_round_nr),
+ .round_key(round_key),
+
+ .block(block),
+ .new_block(dec_new_block),
+ .ready(dec_ready)
+ );
+
+
+ aes_key_mem keymem(
+ .clk(clk),
+ .reset_n(reset_n),
+
+ .key(key),
+ .keylen(keylen),
+ .init(init),
+
+ .round(muxed_round_nr),
+ .round_key(round_key),
+ .ready(key_ready),
+
+ .sboxw(keymem_sboxw),
+ .new_sboxw(new_sboxw)
+ );
+
+
+ aes_sbox sbox_inst(.sboxw(muxed_sboxw), .new_sboxw(new_sboxw));
+
+
+ //----------------------------------------------------------------
+ // Concurrent connectivity for ports etc.
+ //----------------------------------------------------------------
+ assign ready = ready_reg;
+ assign result = muxed_new_block;
+ assign result_valid = result_valid_reg;
+
+
+ //----------------------------------------------------------------
+ // reg_update
+ //
+ // Update functionality for all registers in the core.
+ // All registers are positive edge triggered with asynchronous
+ // active low reset. All registers have write enable.
+ //----------------------------------------------------------------
+ always @ (posedge clk or negedge reset_n)
+ begin: reg_update
+ if (!reset_n)
+ begin
+ result_valid_reg <= 1'b0;
+ ready_reg <= 1'b1;
+ aes_core_ctrl_reg <= CTRL_IDLE;
+ end
+ else
+ begin
+ if (result_valid_we)
+ result_valid_reg <= result_valid_new;
+
+ if (ready_we)
+ ready_reg <= ready_new;
+
+ if (aes_core_ctrl_we)
+ aes_core_ctrl_reg <= aes_core_ctrl_new;
+ end
+ end // reg_update
+
+
+ //----------------------------------------------------------------
+ // sbox_mux
+ //
+ // Controls which of the encipher datapath or the key memory
+ // that gets access to the sbox.
+ //----------------------------------------------------------------
+ always @*
+ begin : sbox_mux
+ if (init_state)
+ begin
+ muxed_sboxw = keymem_sboxw;
+ end
+ else
+ begin
+ muxed_sboxw = enc_sboxw;
+ end
+ end // sbox_mux
+
+
+ //----------------------------------------------------------------
+ // encdex_mux
+ //
+ // Controls which of the datapaths that get the next signal, have
+ // access to the memory as well as the block processing result.
+ //----------------------------------------------------------------
+ always @*
+ begin : encdec_mux
+ enc_next = 1'b0;
+ dec_next = 1'b0;
+
+ if (encdec)
+ begin
+ // Encipher operations
+ enc_next = next;
+ muxed_round_nr = enc_round_nr;
+ muxed_new_block = enc_new_block;
+ muxed_ready = enc_ready;
+ end
+ else
+ begin
+ // Decipher operations
+ dec_next = next;
+ muxed_round_nr = dec_round_nr;
+ muxed_new_block = dec_new_block;
+ muxed_ready = dec_ready;
+ end
+ end // encdec_mux
+
+
+ //----------------------------------------------------------------
+ // aes_core_ctrl
+ //
+ // Control FSM for aes core. Basically tracks if we are in
+ // key init, encipher or decipher modes and connects the
+ // different submodules to shared resources and interface ports.
+ //----------------------------------------------------------------
+ always @*
+ begin : aes_core_ctrl
+ init_state = 1'b0;
+ ready_new = 1'b0;
+ ready_we = 1'b0;
+ result_valid_new = 1'b0;
+ result_valid_we = 1'b0;
+ aes_core_ctrl_new = CTRL_IDLE;
+ aes_core_ctrl_we = 1'b0;
+
+ case (aes_core_ctrl_reg)
+ CTRL_IDLE:
+ begin
+ if (init)
+ begin
+ init_state = 1'b1;
+ ready_new = 1'b0;
+ ready_we = 1'b1;
+ result_valid_new = 1'b0;
+ result_valid_we = 1'b1;
+ aes_core_ctrl_new = CTRL_INIT;
+ aes_core_ctrl_we = 1'b1;
+ end
+ else if (next)
+ begin
+ init_state = 1'b0;
+ ready_new = 1'b0;
+ ready_we = 1'b1;
+ result_valid_new = 1'b0;
+ result_valid_we = 1'b1;
+ aes_core_ctrl_new = CTRL_NEXT;
+ aes_core_ctrl_we = 1'b1;
+ end
+ end
+
+ CTRL_INIT:
+ begin
+ init_state = 1'b1;
+
+ if (key_ready)
+ begin
+ ready_new = 1'b1;
+ ready_we = 1'b1;
+ aes_core_ctrl_new = CTRL_IDLE;
+ aes_core_ctrl_we = 1'b1;
+ end
+ end
+
+ CTRL_NEXT:
+ begin
+ init_state = 1'b0;
+
+ if (muxed_ready)
+ begin
+ ready_new = 1'b1;
+ ready_we = 1'b1;
+ result_valid_new = 1'b1;
+ result_valid_we = 1'b1;
+ aes_core_ctrl_new = CTRL_IDLE;
+ aes_core_ctrl_we = 1'b1;
+ end
+ end
+
+ default:
+ begin
+
+ end
+ endcase // case (aes_core_ctrl_reg)
+
+ end // aes_core_ctrl
+endmodule // aes_core
+
+//======================================================================
+// EOF aes_core.v
+//======================================================================
diff --git a/src/rtl/aes_decipher_block.v b/src/rtl/aes_decipher_block.v
new file mode 100644
index 0000000..82bdffb
--- /dev/null
+++ b/src/rtl/aes_decipher_block.v
@@ -0,0 +1,525 @@
+//======================================================================
+//
+// aes_decipher_block.v
+// --------------------
+// The AES decipher round. A pure combinational module that implements
+// the initial round, main round and final round logic for
+// decciper operations.
+//
+//
+// Author: Joachim Strombergson
+// Copyright (c) 2014, NORDUnet A/S
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+// - Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// - Neither the name of the NORDUnet nor the names of its contributors may
+// be used to endorse or promote products derived from this software
+// without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+// IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+// TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+// PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+//======================================================================
+
+module aes_decipher_block(
+ input wire clk,
+ input wire reset_n,
+
+ input wire next,
+
+ input wire keylen,
+ output wire [3 : 0] round,
+ input wire [127 : 0] round_key,
+
+ input wire [127 : 0] block,
+ output wire [127 : 0] new_block,
+ output wire ready
+ );
+
+
+ //----------------------------------------------------------------
+ // Internal constant and parameter definitions.
+ //----------------------------------------------------------------
+ localparam AES_128_BIT_KEY = 1'h0;
+ localparam AES_256_BIT_KEY = 1'h1;
+
+ localparam AES128_ROUNDS = 4'ha;
+ localparam AES256_ROUNDS = 4'he;
+
+ localparam NO_UPDATE = 3'h0;
+ localparam INIT_UPDATE = 3'h1;
+ localparam SBOX_UPDATE = 3'h2;
+ localparam MAIN_UPDATE = 3'h3;
+ localparam FINAL_UPDATE = 3'h4;
+
+ localparam CTRL_IDLE = 3'h0;
+ localparam CTRL_INIT = 3'h1;
+ localparam CTRL_SBOX = 3'h2;
+ localparam CTRL_MAIN = 3'h3;
+ localparam CTRL_FINAL = 3'h4;
+
+
+ //----------------------------------------------------------------
+ // Gaolis multiplication functions for Inverse MixColumn.
+ //----------------------------------------------------------------
+ function [7 : 0] gm2(input [7 : 0] op);
+ begin
+ gm2 = {op[6 : 0], 1'b0} ^ (8'h1b & {8{op[7]}});
+ end
+ endfunction // gm2
+
+ function [7 : 0] gm3(input [7 : 0] op);
+ begin
+ gm3 = gm2(op) ^ op;
+ end
+ endfunction // gm3
+
+ function [7 : 0] gm4(input [7 : 0] op);
+ begin
+ gm4 = gm2(gm2(op));
+ end
+ endfunction // gm4
+
+ function [7 : 0] gm8(input [7 : 0] op);
+ begin
+ gm8 = gm2(gm4(op));
+ end
+ endfunction // gm8
+
+ function [7 : 0] gm09(input [7 : 0] op);
+ begin
+ gm09 = gm8(op) ^ op;
+ end
+ endfunction // gm09
+
+ function [7 : 0] gm11(input [7 : 0] op);
+ begin
+ gm11 = gm8(op) ^ gm2(op) ^ op;
+ end
+ endfunction // gm11
+
+ function [7 : 0] gm13(input [7 : 0] op);
+ begin
+ gm13 = gm8(op) ^ gm4(op) ^ op;
+ end
+ endfunction // gm13
+
+ function [7 : 0] gm14(input [7 : 0] op);
+ begin
+ gm14 = gm8(op) ^ gm4(op) ^ gm2(op);
+ end
+ endfunction // gm14
+
+ function [31 : 0] inv_mixw(input [31 : 0] w);
+ reg [7 : 0] b0, b1, b2, b3;
+ reg [7 : 0] mb0, mb1, mb2, mb3;
+ begin
+ b0 = w[31 : 24];
+ b1 = w[23 : 16];
+ b2 = w[15 : 08];
+ b3 = w[07 : 00];
+
+ mb0 = gm14(b0) ^ gm11(b1) ^ gm13(b2) ^ gm09(b3);
+ mb1 = gm09(b0) ^ gm14(b1) ^ gm11(b2) ^ gm13(b3);
+ mb2 = gm13(b0) ^ gm09(b1) ^ gm14(b2) ^ gm11(b3);
+ mb3 = gm11(b0) ^ gm13(b1) ^ gm09(b2) ^ gm14(b3);
+
+ inv_mixw = {mb0, mb1, mb2, mb3};
+ end
+ endfunction // mixw
+
+ function [127 : 0] inv_mixcolumns(input [127 : 0] data);
+ reg [31 : 0] w0, w1, w2, w3;
+ reg [31 : 0] ws0, ws1, ws2, ws3;
+ begin
+ w0 = data[127 : 096];
+ w1 = data[095 : 064];
+ w2 = data[063 : 032];
+ w3 = data[031 : 000];
+
+ ws0 = inv_mixw(w0);
+ ws1 = inv_mixw(w1);
+ ws2 = inv_mixw(w2);
+ ws3 = inv_mixw(w3);
+
+ inv_mixcolumns = {ws0, ws1, ws2, ws3};
+ end
+ endfunction // inv_mixcolumns
+
+ function [127 : 0] inv_shiftrows(input [127 : 0] data);
+ reg [31 : 0] w0, w1, w2, w3;
+ reg [31 : 0] ws0, ws1, ws2, ws3;
+ begin
+ w0 = data[127 : 096];
+ w1 = data[095 : 064];
+ w2 = data[063 : 032];
+ w3 = data[031 : 000];
+
+ ws0 = {w0[31 : 24], w3[23 : 16], w2[15 : 08], w1[07 : 00]};
+ ws1 = {w1[31 : 24], w0[23 : 16], w3[15 : 08], w2[07 : 00]};
+ ws2 = {w2[31 : 24], w1[23 : 16], w0[15 : 08], w3[07 : 00]};
+ ws3 = {w3[31 : 24], w2[23 : 16], w1[15 : 08], w0[07 : 00]};
+
+ inv_shiftrows = {ws0, ws1, ws2, ws3};
+ end
+ endfunction // inv_shiftrows
+
+ function [127 : 0] addroundkey(input [127 : 0] data, input [127 : 0] rkey);
+ begin
+ addroundkey = data ^ rkey;
+ end
+ endfunction // addroundkey
+
+
+ //----------------------------------------------------------------
+ // Registers including update variables and write enable.
+ //----------------------------------------------------------------
+ reg [1 : 0] sword_ctr_reg;
+ reg [1 : 0] sword_ctr_new;
+ reg sword_ctr_we;
+ reg sword_ctr_inc;
+ reg sword_ctr_rst;
+
+ reg [3 : 0] round_ctr_reg;
+ reg [3 : 0] round_ctr_new;
+ reg round_ctr_we;
+ reg round_ctr_set;
+ reg round_ctr_dec;
+
+ reg [127 : 0] block_new;
+ reg [31 : 0] block_w0_reg;
+ reg [31 : 0] block_w1_reg;
+ reg [31 : 0] block_w2_reg;
+ reg [31 : 0] block_w3_reg;
+ reg block_w0_we;
+ reg block_w1_we;
+ reg block_w2_we;
+ reg block_w3_we;
+
+ reg ready_reg;
+ reg ready_new;
+ reg ready_we;
+
+ reg [2 : 0] dec_ctrl_reg;
+ reg [2 : 0] dec_ctrl_new;
+ reg dec_ctrl_we;
+
+
+ //----------------------------------------------------------------
+ // Wires.
+ //----------------------------------------------------------------
+ reg [31 : 0] tmp_sboxw;
+ wire [31 : 0] new_sboxw;
+ reg [2 : 0] update_type;
+
+
+ //----------------------------------------------------------------
+ // Instantiations.
+ //----------------------------------------------------------------
+ aes_inv_sbox inv_sbox_inst(.sword(tmp_sboxw), .new_sword(new_sboxw));
+
+
+ //----------------------------------------------------------------
+ // Concurrent connectivity for ports etc.
+ //----------------------------------------------------------------
+ assign round = round_ctr_reg;
+ assign new_block = {block_w0_reg, block_w1_reg, block_w2_reg, block_w3_reg};
+ assign ready = ready_reg;
+
+
+ //----------------------------------------------------------------
+ // reg_update
+ //
+ // Update functionality for all registers in the core.
+ // All registers are positive edge triggered with synchronous
+ // active low reset. All registers have write enable.
+ //----------------------------------------------------------------
+ always @ (posedge clk or negedge reset_n)
+ begin: reg_update
+ if (!reset_n)
+ begin
+ block_w0_reg <= 32'h0;
+ block_w1_reg <= 32'h0;
+ block_w2_reg <= 32'h0;
+ block_w3_reg <= 32'h0;
+ sword_ctr_reg <= 2'h0;
+ round_ctr_reg <= 4'h0;
+ ready_reg <= 1'b1;
+ dec_ctrl_reg <= CTRL_IDLE;
+ end
+ else
+ begin
+ if (block_w0_we)
+ block_w0_reg <= block_new[127 : 096];
+
+ if (block_w1_we)
+ block_w1_reg <= block_new[095 : 064];
+
+ if (block_w2_we)
+ block_w2_reg <= block_new[063 : 032];
+
+ if (block_w3_we)
+ block_w3_reg <= block_new[031 : 000];
+
+ if (sword_ctr_we)
+ sword_ctr_reg <= sword_ctr_new;
+
+ if (round_ctr_we)
+ round_ctr_reg <= round_ctr_new;
+
+ if (ready_we)
+ ready_reg <= ready_new;
+
+ if (dec_ctrl_we)
+ dec_ctrl_reg <= dec_ctrl_new;
+ end
+ end // reg_update
+
+
+ //----------------------------------------------------------------
+ // round_logic
+ //
+ // The logic needed to implement init, main and final rounds.
+ //----------------------------------------------------------------
+ always @*
+ begin : round_logic
+ reg [127 : 0] old_block, inv_shiftrows_block, inv_mixcolumns_block;
+ reg [127 : 0] addkey_block;
+
+ inv_shiftrows_block = 128'h0;
+ inv_mixcolumns_block = 128'h0;
+ addkey_block = 128'h0;
+ block_new = 128'h0;
+ tmp_sboxw = 32'h0;
+ block_w0_we = 1'b0;
+ block_w1_we = 1'b0;
+ block_w2_we = 1'b0;
+ block_w3_we = 1'b0;
+
+ old_block = {block_w0_reg, block_w1_reg, block_w2_reg, block_w3_reg};
+
+ // Update based on update type.
+ case (update_type)
+ // InitRound
+ INIT_UPDATE:
+ begin
+ old_block = block;
+ addkey_block = addroundkey(old_block, round_key);
+ inv_shiftrows_block = inv_shiftrows(addkey_block);
+ block_new = inv_shiftrows_block;
+ block_w0_we = 1'b1;
+ block_w1_we = 1'b1;
+ block_w2_we = 1'b1;
+ block_w3_we = 1'b1;
+ end
+
+ SBOX_UPDATE:
+ begin
+ block_new = {new_sboxw, new_sboxw, new_sboxw, new_sboxw};
+
+ case (sword_ctr_reg)
+ 2'h0:
+ begin
+ tmp_sboxw = block_w0_reg;
+ block_w0_we = 1'b1;
+ end
+
+ 2'h1:
+ begin
+ tmp_sboxw = block_w1_reg;
+ block_w1_we = 1'b1;
+ end
+
+ 2'h2:
+ begin
+ tmp_sboxw = block_w2_reg;
+ block_w2_we = 1'b1;
+ end
+
+ 2'h3:
+ begin
+ tmp_sboxw = block_w3_reg;
+ block_w3_we = 1'b1;
+ end
+ endcase // case (sbox_mux_ctrl_reg)
+ end
+
+ MAIN_UPDATE:
+ begin
+ addkey_block = addroundkey(old_block, round_key);
+ inv_mixcolumns_block = inv_mixcolumns(addkey_block);
+ inv_shiftrows_block = inv_shiftrows(inv_mixcolumns_block);
+ block_new = inv_shiftrows_block;
+ block_w0_we = 1'b1;
+ block_w1_we = 1'b1;
+ block_w2_we = 1'b1;
+ block_w3_we = 1'b1;
+ end
+
+ FINAL_UPDATE:
+ begin
+ block_new = addroundkey(old_block, round_key);
+ block_w0_we = 1'b1;
+ block_w1_we = 1'b1;
+ block_w2_we = 1'b1;
+ block_w3_we = 1'b1;
+ end
+
+ default:
+ begin
+ end
+ endcase // case (update_type)
+ end // round_logic
+
+
+ //----------------------------------------------------------------
+ // sword_ctr
+ //
+ // The subbytes word counter with reset and increase logic.
+ //----------------------------------------------------------------
+ always @*
+ begin : sword_ctr
+ sword_ctr_new = 2'h0;
+ sword_ctr_we = 1'b0;
+
+ if (sword_ctr_rst)
+ begin
+ sword_ctr_new = 2'h0;
+ sword_ctr_we = 1'b1;
+ end
+ else if (sword_ctr_inc)
+ begin
+ sword_ctr_new = sword_ctr_reg + 1'b1;
+ sword_ctr_we = 1'b1;
+ end
+ end // sword_ctr
+
+
+ //----------------------------------------------------------------
+ // round_ctr
+ //
+ // The round counter with reset and increase logic.
+ //----------------------------------------------------------------
+ always @*
+ begin : round_ctr
+ round_ctr_new = 4'h0;
+ round_ctr_we = 1'b0;
+
+ if (round_ctr_set)
+ begin
+ if (keylen == AES_256_BIT_KEY)
+ begin
+ round_ctr_new = AES256_ROUNDS;
+ end
+ else
+ begin
+ round_ctr_new = AES128_ROUNDS;
+ end
+ round_ctr_we = 1'b1;
+ end
+ else if (round_ctr_dec)
+ begin
+ round_ctr_new = round_ctr_reg - 1'b1;
+ round_ctr_we = 1'b1;
+ end
+ end // round_ctr
+
+
+ //----------------------------------------------------------------
+ // decipher_ctrl
+ //
+ // The FSM that controls the decipher operations.
+ //----------------------------------------------------------------
+ always @*
+ begin: decipher_ctrl
+ sword_ctr_inc = 1'b0;
+ sword_ctr_rst = 1'b0;
+ round_ctr_dec = 1'b0;
+ round_ctr_set = 1'b0;
+ ready_new = 1'b0;
+ ready_we = 1'b0;
+ update_type = NO_UPDATE;
+ dec_ctrl_new = CTRL_IDLE;
+ dec_ctrl_we = 1'b0;
+
+ case(dec_ctrl_reg)
+ CTRL_IDLE:
+ begin
+ if (next)
+ begin
+ round_ctr_set = 1'b1;
+ ready_new = 1'b0;
+ ready_we = 1'b1;
+ dec_ctrl_new = CTRL_INIT;
+ dec_ctrl_we = 1'b1;
+ end
+ end
+
+ CTRL_INIT:
+ begin
+ sword_ctr_rst = 1'b1;
+ update_type = INIT_UPDATE;
+ dec_ctrl_new = CTRL_SBOX;
+ dec_ctrl_we = 1'b1;
+ end
+
+ CTRL_SBOX:
+ begin
+ sword_ctr_inc = 1'b1;
+ update_type = SBOX_UPDATE;
+ if (sword_ctr_reg == 2'h3)
+ begin
+ round_ctr_dec = 1'b1;
+ dec_ctrl_new = CTRL_MAIN;
+ dec_ctrl_we = 1'b1;
+ end
+ end
+
+ CTRL_MAIN:
+ begin
+ sword_ctr_rst = 1'b1;
+ if (round_ctr_reg > 0)
+ begin
+ update_type = MAIN_UPDATE;
+ dec_ctrl_new = CTRL_SBOX;
+ dec_ctrl_we = 1'b1;
+ end
+ else
+ begin
+ update_type = FINAL_UPDATE;
+ ready_new = 1'b1;
+ ready_we = 1'b1;
+ dec_ctrl_new = CTRL_IDLE;
+ dec_ctrl_we = 1'b1;
+ end
+ end
+
+ default:
+ begin
+ // Empty. Just here to make the synthesis tool happy.
+ end
+ endcase // case (dec_ctrl_reg)
+ end // decipher_ctrl
+endmodule // aes_decipher_block
+
+//======================================================================
+// EOF aes_decipher_block.v
+//======================================================================
diff --git a/src/rtl/aes_encipher_block.v b/src/rtl/aes_encipher_block.v
new file mode 100644
index 0000000..094653a
--- /dev/null
+++ b/src/rtl/aes_encipher_block.v
@@ -0,0 +1,486 @@
+//======================================================================
+//
+// aes_encipher_block.v
+// --------------------
+// The AES encipher round. A pure combinational module that implements
+// the initial round, main round and final round logic for
+// enciper operations.
+//
+//
+// Author: Joachim Strombergson
+// Copyright (c) 2014, NORDUnet A/S
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+// - Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// - Neither the name of the NORDUnet nor the names of its contributors may
+// be used to endorse or promote products derived from this software
+// without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+// IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+// TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+// PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+//======================================================================
+
+module aes_encipher_block(
+ input wire clk,
+ input wire reset_n,
+
+ input wire next,
+
+ input wire keylen,
+ output wire [3 : 0] round,
+ input wire [127 : 0] round_key,
+
+ output wire [31 : 0] sboxw,
+ input wire [31 : 0] new_sboxw,
+
+ input wire [127 : 0] block,
+ output wire [127 : 0] new_block,
+ output wire ready
+ );
+
+
+ //----------------------------------------------------------------
+ // Internal constant and parameter definitions.
+ //----------------------------------------------------------------
+ localparam AES_128_BIT_KEY = 1'h0;
+ localparam AES_256_BIT_KEY = 1'h1;
+
+ localparam AES128_ROUNDS = 4'ha;
+ localparam AES256_ROUNDS = 4'he;
+
+ localparam NO_UPDATE = 3'h0;
+ localparam INIT_UPDATE = 3'h1;
+ localparam SBOX_UPDATE = 3'h2;
+ localparam MAIN_UPDATE = 3'h3;
+ localparam FINAL_UPDATE = 3'h4;
+
+ localparam CTRL_IDLE = 3'h0;
+ localparam CTRL_INIT = 3'h1;
+ localparam CTRL_SBOX = 3'h2;
+ localparam CTRL_MAIN = 3'h3;
+ localparam CTRL_FINAL = 3'h4;
+
+
+ //----------------------------------------------------------------
+ // Round functions with sub functions.
+ //----------------------------------------------------------------
+ function [7 : 0] gm2(input [7 : 0] op);
+ begin
+ gm2 = {op[6 : 0], 1'b0} ^ (8'h1b & {8{op[7]}});
+ end
+ endfunction // gm2
+
+ function [7 : 0] gm3(input [7 : 0] op);
+ begin
+ gm3 = gm2(op) ^ op;
+ end
+ endfunction // gm3
+
+ function [31 : 0] mixw(input [31 : 0] w);
+ reg [7 : 0] b0, b1, b2, b3;
+ reg [7 : 0] mb0, mb1, mb2, mb3;
+ begin
+ b0 = w[31 : 24];
+ b1 = w[23 : 16];
+ b2 = w[15 : 08];
+ b3 = w[07 : 00];
+
+ mb0 = gm2(b0) ^ gm3(b1) ^ b2 ^ b3;
+ mb1 = b0 ^ gm2(b1) ^ gm3(b2) ^ b3;
+ mb2 = b0 ^ b1 ^ gm2(b2) ^ gm3(b3);
+ mb3 = gm3(b0) ^ b1 ^ b2 ^ gm2(b3);
+
+ mixw = {mb0, mb1, mb2, mb3};
+ end
+ endfunction // mixw
+
+ function [127 : 0] mixcolumns(input [127 : 0] data);
+ reg [31 : 0] w0, w1, w2, w3;
+ reg [31 : 0] ws0, ws1, ws2, ws3;
+ begin
+ w0 = data[127 : 096];
+ w1 = data[095 : 064];
+ w2 = data[063 : 032];
+ w3 = data[031 : 000];
+
+ ws0 = mixw(w0);
+ ws1 = mixw(w1);
+ ws2 = mixw(w2);
+ ws3 = mixw(w3);
+
+ mixcolumns = {ws0, ws1, ws2, ws3};
+ end
+ endfunction // mixcolumns
+
+ function [127 : 0] shiftrows(input [127 : 0] data);
+ reg [31 : 0] w0, w1, w2, w3;
+ reg [31 : 0] ws0, ws1, ws2, ws3;
+ begin
+ w0 = data[127 : 096];
+ w1 = data[095 : 064];
+ w2 = data[063 : 032];
+ w3 = data[031 : 000];
+
+ ws0 = {w0[31 : 24], w1[23 : 16], w2[15 : 08], w3[07 : 00]};
+ ws1 = {w1[31 : 24], w2[23 : 16], w3[15 : 08], w0[07 : 00]};
+ ws2 = {w2[31 : 24], w3[23 : 16], w0[15 : 08], w1[07 : 00]};
+ ws3 = {w3[31 : 24], w0[23 : 16], w1[15 : 08], w2[07 : 00]};
+
+ shiftrows = {ws0, ws1, ws2, ws3};
+ end
+ endfunction // shiftrows
+
+ function [127 : 0] addroundkey(input [127 : 0] data, input [127 : 0] rkey);
+ begin
+ addroundkey = data ^ rkey;
+ end
+ endfunction // addroundkey
+
+
+ //----------------------------------------------------------------
+ // Registers including update variables and write enable.
+ //----------------------------------------------------------------
+ reg [1 : 0] sword_ctr_reg;
+ reg [1 : 0] sword_ctr_new;
+ reg sword_ctr_we;
+ reg sword_ctr_inc;
+ reg sword_ctr_rst;
+
+ reg [3 : 0] round_ctr_reg;
+ reg [3 : 0] round_ctr_new;
+ reg round_ctr_we;
+ reg round_ctr_rst;
+ reg round_ctr_inc;
+
+ reg [127 : 0] block_new;
+ reg [31 : 0] block_w0_reg;
+ reg [31 : 0] block_w1_reg;
+ reg [31 : 0] block_w2_reg;
+ reg [31 : 0] block_w3_reg;
+ reg block_w0_we;
+ reg block_w1_we;
+ reg block_w2_we;
+ reg block_w3_we;
+
+ reg ready_reg;
+ reg ready_new;
+ reg ready_we;
+
+ reg [2 : 0] enc_ctrl_reg;
+ reg [2 : 0] enc_ctrl_new;
+ reg enc_ctrl_we;
+
+
+ //----------------------------------------------------------------
+ // Wires.
+ //----------------------------------------------------------------
+ reg [2 : 0] update_type;
+ reg [31 : 0] muxed_sboxw;
+
+
+ //----------------------------------------------------------------
+ // Concurrent connectivity for ports etc.
+ //----------------------------------------------------------------
+ assign round = round_ctr_reg;
+ assign sboxw = muxed_sboxw;
+ assign new_block = {block_w0_reg, block_w1_reg, block_w2_reg, block_w3_reg};
+ assign ready = ready_reg;
+
+
+ //----------------------------------------------------------------
+ // reg_update
+ //
+ // Update functionality for all registers in the core.
+ // All registers are positive edge triggered with asynchronous
+ // active low reset. All registers have write enable.
+ //----------------------------------------------------------------
+ always @ (posedge clk or negedge reset_n)
+ begin: reg_update
+ if (!reset_n)
+ begin
+ block_w0_reg <= 32'h0;
+ block_w1_reg <= 32'h0;
+ block_w2_reg <= 32'h0;
+ block_w3_reg <= 32'h0;
+ sword_ctr_reg <= 2'h0;
+ round_ctr_reg <= 4'h0;
+ ready_reg <= 1'b1;
+ enc_ctrl_reg <= CTRL_IDLE;
+ end
+ else
+ begin
+ if (block_w0_we)
+ block_w0_reg <= block_new[127 : 096];
+
+ if (block_w1_we)
+ block_w1_reg <= block_new[095 : 064];
+
+ if (block_w2_we)
+ block_w2_reg <= block_new[063 : 032];
+
+ if (block_w3_we)
+ block_w3_reg <= block_new[031 : 000];
+
+ if (sword_ctr_we)
+ sword_ctr_reg <= sword_ctr_new;
+
+ if (round_ctr_we)
+ round_ctr_reg <= round_ctr_new;
+
+ if (ready_we)
+ ready_reg <= ready_new;
+
+ if (enc_ctrl_we)
+ enc_ctrl_reg <= enc_ctrl_new;
+ end
+ end // reg_update
+
+
+ //----------------------------------------------------------------
+ // round_logic
+ //
+ // The logic needed to implement init, main and final rounds.
+ //----------------------------------------------------------------
+ always @*
+ begin : round_logic
+ reg [127 : 0] old_block, shiftrows_block, mixcolumns_block;
+ reg [127 : 0] addkey_init_block, addkey_main_block, addkey_final_block;
+
+ block_new = 128'h0;
+ muxed_sboxw = 32'h0;
+ block_w0_we = 1'b0;
+ block_w1_we = 1'b0;
+ block_w2_we = 1'b0;
+ block_w3_we = 1'b0;
+
+ old_block = {block_w0_reg, block_w1_reg, block_w2_reg, block_w3_reg};
+ shiftrows_block = shiftrows(old_block);
+ mixcolumns_block = mixcolumns(shiftrows_block);
+ addkey_init_block = addroundkey(block, round_key);
+ addkey_main_block = addroundkey(mixcolumns_block, round_key);
+ addkey_final_block = addroundkey(shiftrows_block, round_key);
+
+ case (update_type)
+ INIT_UPDATE:
+ begin
+ block_new = addkey_init_block;
+ block_w0_we = 1'b1;
+ block_w1_we = 1'b1;
+ block_w2_we = 1'b1;
+ block_w3_we = 1'b1;
+ end
+
+ SBOX_UPDATE:
+ begin
+ block_new = {new_sboxw, new_sboxw, new_sboxw, new_sboxw};
+
+ case (sword_ctr_reg)
+ 2'h0:
+ begin
+ muxed_sboxw = block_w0_reg;
+ block_w0_we = 1'b1;
+ end
+
+ 2'h1:
+ begin
+ muxed_sboxw = block_w1_reg;
+ block_w1_we = 1'b1;
+ end
+
+ 2'h2:
+ begin
+ muxed_sboxw = block_w2_reg;
+ block_w2_we = 1'b1;
+ end
+
+ 2'h3:
+ begin
+ muxed_sboxw = block_w3_reg;
+ block_w3_we = 1'b1;
+ end
+ endcase // case (sbox_mux_ctrl_reg)
+ end
+
+ MAIN_UPDATE:
+ begin
+ block_new = addkey_main_block;
+ block_w0_we = 1'b1;
+ block_w1_we = 1'b1;
+ block_w2_we = 1'b1;
+ block_w3_we = 1'b1;
+ end
+
+ FINAL_UPDATE:
+ begin
+ block_new = addkey_final_block;
+ block_w0_we = 1'b1;
+ block_w1_we = 1'b1;
+ block_w2_we = 1'b1;
+ block_w3_we = 1'b1;
+ end
+
+ default:
+ begin
+ end
+ endcase // case (update_type)
+ end // round_logic
+
+
+ //----------------------------------------------------------------
+ // sword_ctr
+ //
+ // The subbytes word counter with reset and increase logic.
+ //----------------------------------------------------------------
+ always @*
+ begin : sword_ctr
+ sword_ctr_new = 2'h0;
+ sword_ctr_we = 1'b0;
+
+ if (sword_ctr_rst)
+ begin
+ sword_ctr_new = 2'h0;
+ sword_ctr_we = 1'b1;
+ end
+ else if (sword_ctr_inc)
+ begin
+ sword_ctr_new = sword_ctr_reg + 1'b1;
+ sword_ctr_we = 1'b1;
+ end
+ end // sword_ctr
+
+
+ //----------------------------------------------------------------
+ // round_ctr
+ //
+ // The round counter with reset and increase logic.
+ //----------------------------------------------------------------
+ always @*
+ begin : round_ctr
+ round_ctr_new = 4'h0;
+ round_ctr_we = 1'b0;
+
+ if (round_ctr_rst)
+ begin
+ round_ctr_new = 4'h0;
+ round_ctr_we = 1'b1;
+ end
+ else if (round_ctr_inc)
+ begin
+ round_ctr_new = round_ctr_reg + 1'b1;
+ round_ctr_we = 1'b1;
+ end
+ end // round_ctr
+
+
+ //----------------------------------------------------------------
+ // encipher_ctrl
+ //
+ // The FSM that controls the encipher operations.
+ //----------------------------------------------------------------
+ always @*
+ begin: encipher_ctrl
+ reg [3 : 0] num_rounds;
+
+ if (keylen == AES_256_BIT_KEY)
+ begin
+ num_rounds = AES256_ROUNDS;
+ end
+ else
+ begin
+ num_rounds = AES128_ROUNDS;
+ end
+
+ sword_ctr_inc = 1'b0;
+ sword_ctr_rst = 1'b0;
+ round_ctr_inc = 1'b0;
+ round_ctr_rst = 1'b0;
+ ready_new = 1'b0;
+ ready_we = 1'b0;
+ update_type = NO_UPDATE;
+ enc_ctrl_new = CTRL_IDLE;
+ enc_ctrl_we = 1'b0;
+
+ case(enc_ctrl_reg)
+ CTRL_IDLE:
+ begin
+ if (next)
+ begin
+ round_ctr_rst = 1'b1;
+ ready_new = 1'b0;
+ ready_we = 1'b1;
+ enc_ctrl_new = CTRL_INIT;
+ enc_ctrl_we = 1'b1;
+ end
+ end
+
+ CTRL_INIT:
+ begin
+ round_ctr_inc = 1'b1;
+ sword_ctr_rst = 1'b1;
+ update_type = INIT_UPDATE;
+ enc_ctrl_new = CTRL_SBOX;
+ enc_ctrl_we = 1'b1;
+ end
+
+ CTRL_SBOX:
+ begin
+ sword_ctr_inc = 1'b1;
+ update_type = SBOX_UPDATE;
+ if (sword_ctr_reg == 2'h3)
+ begin
+ enc_ctrl_new = CTRL_MAIN;
+ enc_ctrl_we = 1'b1;
+ end
+ end
+
+ CTRL_MAIN:
+ begin
+ sword_ctr_rst = 1'b1;
+ round_ctr_inc = 1'b1;
+ if (round_ctr_reg < num_rounds)
+ begin
+ update_type = MAIN_UPDATE;
+ enc_ctrl_new = CTRL_SBOX;
+ enc_ctrl_we = 1'b1;
+ end
+ else
+ begin
+ update_type = FINAL_UPDATE;
+ ready_new = 1'b1;
+ ready_we = 1'b1;
+ enc_ctrl_new = CTRL_IDLE;
+ enc_ctrl_we = 1'b1;
+ end
+ end
+
+ default:
+ begin
+ // Empty. Just here to make the synthesis tool happy.
+ end
+ endcase // case (enc_ctrl_reg)
+ end // encipher_ctrl
+
+endmodule // aes_encipher_block
+
+//======================================================================
+// EOF aes_encipher_block.v
+//======================================================================
diff --git a/src/rtl/aes_inv_sbox.v b/src/rtl/aes_inv_sbox.v
new file mode 100644
index 0000000..807f397
--- /dev/null
+++ b/src/rtl/aes_inv_sbox.v
@@ -0,0 +1,325 @@
+//======================================================================
+//
+// aes_inv_sbox.v
+// --------------
+// The inverse AES S-box. Basically a 256 Byte ROM.
+//
+//
+// Author: Joachim Strombergson
+// Copyright (c) 2014, NORDUnet A/S
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+// - Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// - Neither the name of the NORDUnet nor the names of its contributors may
+// be used to endorse or promote products derived from this software
+// without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+// IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+// TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+// PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+//======================================================================
+
+module aes_inv_sbox(
+ input wire [31 : 0] sword,
+ output wire [31 : 0] new_sword
+ );
+
+
+ //----------------------------------------------------------------
+ // The inverse sbox array.
+ //----------------------------------------------------------------
+ wire [7 : 0] inv_sbox [0 : 255];
+
+
+ //----------------------------------------------------------------
+ // Four parallel muxes.
+ //----------------------------------------------------------------
+ assign new_sword[31 : 24] = inv_sbox[sword[31 : 24]];
+ assign new_sword[23 : 16] = inv_sbox[sword[23 : 16]];
+ assign new_sword[15 : 08] = inv_sbox[sword[15 : 08]];
+ assign new_sword[07 : 00] = inv_sbox[sword[07 : 00]];
+
+
+ //----------------------------------------------------------------
+ // Creating the contents of the array.
+ //----------------------------------------------------------------
+ assign inv_sbox[8'h00] = 8'h52;
+ assign inv_sbox[8'h01] = 8'h09;
+ assign inv_sbox[8'h02] = 8'h6a;
+ assign inv_sbox[8'h03] = 8'hd5;
+ assign inv_sbox[8'h04] = 8'h30;
+ assign inv_sbox[8'h05] = 8'h36;
+ assign inv_sbox[8'h06] = 8'ha5;
+ assign inv_sbox[8'h07] = 8'h38;
+ assign inv_sbox[8'h08] = 8'hbf;
+ assign inv_sbox[8'h09] = 8'h40;
+ assign inv_sbox[8'h0a] = 8'ha3;
+ assign inv_sbox[8'h0b] = 8'h9e;
+ assign inv_sbox[8'h0c] = 8'h81;
+ assign inv_sbox[8'h0d] = 8'hf3;
+ assign inv_sbox[8'h0e] = 8'hd7;
+ assign inv_sbox[8'h0f] = 8'hfb;
+ assign inv_sbox[8'h10] = 8'h7c;
+ assign inv_sbox[8'h11] = 8'he3;
+ assign inv_sbox[8'h12] = 8'h39;
+ assign inv_sbox[8'h13] = 8'h82;
+ assign inv_sbox[8'h14] = 8'h9b;
+ assign inv_sbox[8'h15] = 8'h2f;
+ assign inv_sbox[8'h16] = 8'hff;
+ assign inv_sbox[8'h17] = 8'h87;
+ assign inv_sbox[8'h18] = 8'h34;
+ assign inv_sbox[8'h19] = 8'h8e;
+ assign inv_sbox[8'h1a] = 8'h43;
+ assign inv_sbox[8'h1b] = 8'h44;
+ assign inv_sbox[8'h1c] = 8'hc4;
+ assign inv_sbox[8'h1d] = 8'hde;
+ assign inv_sbox[8'h1e] = 8'he9;
+ assign inv_sbox[8'h1f] = 8'hcb;
+ assign inv_sbox[8'h20] = 8'h54;
+ assign inv_sbox[8'h21] = 8'h7b;
+ assign inv_sbox[8'h22] = 8'h94;
+ assign inv_sbox[8'h23] = 8'h32;
+ assign inv_sbox[8'h24] = 8'ha6;
+ assign inv_sbox[8'h25] = 8'hc2;
+ assign inv_sbox[8'h26] = 8'h23;
+ assign inv_sbox[8'h27] = 8'h3d;
+ assign inv_sbox[8'h28] = 8'hee;
+ assign inv_sbox[8'h29] = 8'h4c;
+ assign inv_sbox[8'h2a] = 8'h95;
+ assign inv_sbox[8'h2b] = 8'h0b;
+ assign inv_sbox[8'h2c] = 8'h42;
+ assign inv_sbox[8'h2d] = 8'hfa;
+ assign inv_sbox[8'h2e] = 8'hc3;
+ assign inv_sbox[8'h2f] = 8'h4e;
+ assign inv_sbox[8'h30] = 8'h08;
+ assign inv_sbox[8'h31] = 8'h2e;
+ assign inv_sbox[8'h32] = 8'ha1;
+ assign inv_sbox[8'h33] = 8'h66;
+ assign inv_sbox[8'h34] = 8'h28;
+ assign inv_sbox[8'h35] = 8'hd9;
+ assign inv_sbox[8'h36] = 8'h24;
+ assign inv_sbox[8'h37] = 8'hb2;
+ assign inv_sbox[8'h38] = 8'h76;
+ assign inv_sbox[8'h39] = 8'h5b;
+ assign inv_sbox[8'h3a] = 8'ha2;
+ assign inv_sbox[8'h3b] = 8'h49;
+ assign inv_sbox[8'h3c] = 8'h6d;
+ assign inv_sbox[8'h3d] = 8'h8b;
+ assign inv_sbox[8'h3e] = 8'hd1;
+ assign inv_sbox[8'h3f] = 8'h25;
+ assign inv_sbox[8'h40] = 8'h72;
+ assign inv_sbox[8'h41] = 8'hf8;
+ assign inv_sbox[8'h42] = 8'hf6;
+ assign inv_sbox[8'h43] = 8'h64;
+ assign inv_sbox[8'h44] = 8'h86;
+ assign inv_sbox[8'h45] = 8'h68;
+ assign inv_sbox[8'h46] = 8'h98;
+ assign inv_sbox[8'h47] = 8'h16;
+ assign inv_sbox[8'h48] = 8'hd4;
+ assign inv_sbox[8'h49] = 8'ha4;
+ assign inv_sbox[8'h4a] = 8'h5c;
+ assign inv_sbox[8'h4b] = 8'hcc;
+ assign inv_sbox[8'h4c] = 8'h5d;
+ assign inv_sbox[8'h4d] = 8'h65;
+ assign inv_sbox[8'h4e] = 8'hb6;
+ assign inv_sbox[8'h4f] = 8'h92;
+ assign inv_sbox[8'h50] = 8'h6c;
+ assign inv_sbox[8'h51] = 8'h70;
+ assign inv_sbox[8'h52] = 8'h48;
+ assign inv_sbox[8'h53] = 8'h50;
+ assign inv_sbox[8'h54] = 8'hfd;
+ assign inv_sbox[8'h55] = 8'hed;
+ assign inv_sbox[8'h56] = 8'hb9;
+ assign inv_sbox[8'h57] = 8'hda;
+ assign inv_sbox[8'h58] = 8'h5e;
+ assign inv_sbox[8'h59] = 8'h15;
+ assign inv_sbox[8'h5a] = 8'h46;
+ assign inv_sbox[8'h5b] = 8'h57;
+ assign inv_sbox[8'h5c] = 8'ha7;
+ assign inv_sbox[8'h5d] = 8'h8d;
+ assign inv_sbox[8'h5e] = 8'h9d;
+ assign inv_sbox[8'h5f] = 8'h84;
+ assign inv_sbox[8'h60] = 8'h90;
+ assign inv_sbox[8'h61] = 8'hd8;
+ assign inv_sbox[8'h62] = 8'hab;
+ assign inv_sbox[8'h63] = 8'h00;
+ assign inv_sbox[8'h64] = 8'h8c;
+ assign inv_sbox[8'h65] = 8'hbc;
+ assign inv_sbox[8'h66] = 8'hd3;
+ assign inv_sbox[8'h67] = 8'h0a;
+ assign inv_sbox[8'h68] = 8'hf7;
+ assign inv_sbox[8'h69] = 8'he4;
+ assign inv_sbox[8'h6a] = 8'h58;
+ assign inv_sbox[8'h6b] = 8'h05;
+ assign inv_sbox[8'h6c] = 8'hb8;
+ assign inv_sbox[8'h6d] = 8'hb3;
+ assign inv_sbox[8'h6e] = 8'h45;
+ assign inv_sbox[8'h6f] = 8'h06;
+ assign inv_sbox[8'h70] = 8'hd0;
+ assign inv_sbox[8'h71] = 8'h2c;
+ assign inv_sbox[8'h72] = 8'h1e;
+ assign inv_sbox[8'h73] = 8'h8f;
+ assign inv_sbox[8'h74] = 8'hca;
+ assign inv_sbox[8'h75] = 8'h3f;
+ assign inv_sbox[8'h76] = 8'h0f;
+ assign inv_sbox[8'h77] = 8'h02;
+ assign inv_sbox[8'h78] = 8'hc1;
+ assign inv_sbox[8'h79] = 8'haf;
+ assign inv_sbox[8'h7a] = 8'hbd;
+ assign inv_sbox[8'h7b] = 8'h03;
+ assign inv_sbox[8'h7c] = 8'h01;
+ assign inv_sbox[8'h7d] = 8'h13;
+ assign inv_sbox[8'h7e] = 8'h8a;
+ assign inv_sbox[8'h7f] = 8'h6b;
+ assign inv_sbox[8'h80] = 8'h3a;
+ assign inv_sbox[8'h81] = 8'h91;
+ assign inv_sbox[8'h82] = 8'h11;
+ assign inv_sbox[8'h83] = 8'h41;
+ assign inv_sbox[8'h84] = 8'h4f;
+ assign inv_sbox[8'h85] = 8'h67;
+ assign inv_sbox[8'h86] = 8'hdc;
+ assign inv_sbox[8'h87] = 8'hea;
+ assign inv_sbox[8'h88] = 8'h97;
+ assign inv_sbox[8'h89] = 8'hf2;
+ assign inv_sbox[8'h8a] = 8'hcf;
+ assign inv_sbox[8'h8b] = 8'hce;
+ assign inv_sbox[8'h8c] = 8'hf0;
+ assign inv_sbox[8'h8d] = 8'hb4;
+ assign inv_sbox[8'h8e] = 8'he6;
+ assign inv_sbox[8'h8f] = 8'h73;
+ assign inv_sbox[8'h90] = 8'h96;
+ assign inv_sbox[8'h91] = 8'hac;
+ assign inv_sbox[8'h92] = 8'h74;
+ assign inv_sbox[8'h93] = 8'h22;
+ assign inv_sbox[8'h94] = 8'he7;
+ assign inv_sbox[8'h95] = 8'had;
+ assign inv_sbox[8'h96] = 8'h35;
+ assign inv_sbox[8'h97] = 8'h85;
+ assign inv_sbox[8'h98] = 8'he2;
+ assign inv_sbox[8'h99] = 8'hf9;
+ assign inv_sbox[8'h9a] = 8'h37;
+ assign inv_sbox[8'h9b] = 8'he8;
+ assign inv_sbox[8'h9c] = 8'h1c;
+ assign inv_sbox[8'h9d] = 8'h75;
+ assign inv_sbox[8'h9e] = 8'hdf;
+ assign inv_sbox[8'h9f] = 8'h6e;
+ assign inv_sbox[8'ha0] = 8'h47;
+ assign inv_sbox[8'ha1] = 8'hf1;
+ assign inv_sbox[8'ha2] = 8'h1a;
+ assign inv_sbox[8'ha3] = 8'h71;
+ assign inv_sbox[8'ha4] = 8'h1d;
+ assign inv_sbox[8'ha5] = 8'h29;
+ assign inv_sbox[8'ha6] = 8'hc5;
+ assign inv_sbox[8'ha7] = 8'h89;
+ assign inv_sbox[8'ha8] = 8'h6f;
+ assign inv_sbox[8'ha9] = 8'hb7;
+ assign inv_sbox[8'haa] = 8'h62;
+ assign inv_sbox[8'hab] = 8'h0e;
+ assign inv_sbox[8'hac] = 8'haa;
+ assign inv_sbox[8'had] = 8'h18;
+ assign inv_sbox[8'hae] = 8'hbe;
+ assign inv_sbox[8'haf] = 8'h1b;
+ assign inv_sbox[8'hb0] = 8'hfc;
+ assign inv_sbox[8'hb1] = 8'h56;
+ assign inv_sbox[8'hb2] = 8'h3e;
+ assign inv_sbox[8'hb3] = 8'h4b;
+ assign inv_sbox[8'hb4] = 8'hc6;
+ assign inv_sbox[8'hb5] = 8'hd2;
+ assign inv_sbox[8'hb6] = 8'h79;
+ assign inv_sbox[8'hb7] = 8'h20;
+ assign inv_sbox[8'hb8] = 8'h9a;
+ assign inv_sbox[8'hb9] = 8'hdb;
+ assign inv_sbox[8'hba] = 8'hc0;
+ assign inv_sbox[8'hbb] = 8'hfe;
+ assign inv_sbox[8'hbc] = 8'h78;
+ assign inv_sbox[8'hbd] = 8'hcd;
+ assign inv_sbox[8'hbe] = 8'h5a;
+ assign inv_sbox[8'hbf] = 8'hf4;
+ assign inv_sbox[8'hc0] = 8'h1f;
+ assign inv_sbox[8'hc1] = 8'hdd;
+ assign inv_sbox[8'hc2] = 8'ha8;
+ assign inv_sbox[8'hc3] = 8'h33;
+ assign inv_sbox[8'hc4] = 8'h88;
+ assign inv_sbox[8'hc5] = 8'h07;
+ assign inv_sbox[8'hc6] = 8'hc7;
+ assign inv_sbox[8'hc7] = 8'h31;
+ assign inv_sbox[8'hc8] = 8'hb1;
+ assign inv_sbox[8'hc9] = 8'h12;
+ assign inv_sbox[8'hca] = 8'h10;
+ assign inv_sbox[8'hcb] = 8'h59;
+ assign inv_sbox[8'hcc] = 8'h27;
+ assign inv_sbox[8'hcd] = 8'h80;
+ assign inv_sbox[8'hce] = 8'hec;
+ assign inv_sbox[8'hcf] = 8'h5f;
+ assign inv_sbox[8'hd0] = 8'h60;
+ assign inv_sbox[8'hd1] = 8'h51;
+ assign inv_sbox[8'hd2] = 8'h7f;
+ assign inv_sbox[8'hd3] = 8'ha9;
+ assign inv_sbox[8'hd4] = 8'h19;
+ assign inv_sbox[8'hd5] = 8'hb5;
+ assign inv_sbox[8'hd6] = 8'h4a;
+ assign inv_sbox[8'hd7] = 8'h0d;
+ assign inv_sbox[8'hd8] = 8'h2d;
+ assign inv_sbox[8'hd9] = 8'he5;
+ assign inv_sbox[8'hda] = 8'h7a;
+ assign inv_sbox[8'hdb] = 8'h9f;
+ assign inv_sbox[8'hdc] = 8'h93;
+ assign inv_sbox[8'hdd] = 8'hc9;
+ assign inv_sbox[8'hde] = 8'h9c;
+ assign inv_sbox[8'hdf] = 8'hef;
+ assign inv_sbox[8'he0] = 8'ha0;
+ assign inv_sbox[8'he1] = 8'he0;
+ assign inv_sbox[8'he2] = 8'h3b;
+ assign inv_sbox[8'he3] = 8'h4d;
+ assign inv_sbox[8'he4] = 8'hae;
+ assign inv_sbox[8'he5] = 8'h2a;
+ assign inv_sbox[8'he6] = 8'hf5;
+ assign inv_sbox[8'he7] = 8'hb0;
+ assign inv_sbox[8'he8] = 8'hc8;
+ assign inv_sbox[8'he9] = 8'heb;
+ assign inv_sbox[8'hea] = 8'hbb;
+ assign inv_sbox[8'heb] = 8'h3c;
+ assign inv_sbox[8'hec] = 8'h83;
+ assign inv_sbox[8'hed] = 8'h53;
+ assign inv_sbox[8'hee] = 8'h99;
+ assign inv_sbox[8'hef] = 8'h61;
+ assign inv_sbox[8'hf0] = 8'h17;
+ assign inv_sbox[8'hf1] = 8'h2b;
+ assign inv_sbox[8'hf2] = 8'h04;
+ assign inv_sbox[8'hf3] = 8'h7e;
+ assign inv_sbox[8'hf4] = 8'hba;
+ assign inv_sbox[8'hf5] = 8'h77;
+ assign inv_sbox[8'hf6] = 8'hd6;
+ assign inv_sbox[8'hf7] = 8'h26;
+ assign inv_sbox[8'hf8] = 8'he1;
+ assign inv_sbox[8'hf9] = 8'h69;
+ assign inv_sbox[8'hfa] = 8'h14;
+ assign inv_sbox[8'hfb] = 8'h63;
+ assign inv_sbox[8'hfc] = 8'h55;
+ assign inv_sbox[8'hfd] = 8'h21;
+ assign inv_sbox[8'hfe] = 8'h0c;
+ assign inv_sbox[8'hff] = 8'h7d;
+
+endmodule // aes_inv_sbox
+
+//======================================================================
+// EOF aes_inv_sbox.v
+//======================================================================
diff --git a/src/rtl/aes_key_mem.v b/src/rtl/aes_key_mem.v
new file mode 100644
index 0000000..496fc08
--- /dev/null
+++ b/src/rtl/aes_key_mem.v
@@ -0,0 +1,454 @@
+//======================================================================
+//
+// aes_key_mem.v
+// -------------
+// The AES key memort including round key generator.
+//
+//
+// Author: Joachim Strombergson
+// Copyright (c) 2014, NORDUnet A/S
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+// - Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// - Neither the name of the NORDUnet nor the names of its contributors may
+// be used to endorse or promote products derived from this software
+// without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+// IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+// TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+// PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+//======================================================================
+
+module aes_key_mem(
+ input wire clk,
+ input wire reset_n,
+
+ input wire [255 : 0] key,
+ input wire keylen,
+ input wire init,
+
+ input wire [3 : 0] round,
+ output wire [127 : 0] round_key,
+ output wire ready,
+
+
+ output wire [31 : 0] sboxw,
+ input wire [31 : 0] new_sboxw
+ );
+
+
+ //----------------------------------------------------------------
+ // Parameters.
+ //----------------------------------------------------------------
+ localparam AES_128_BIT_KEY = 1'h0;
+ localparam AES_256_BIT_KEY = 1'h1;
+
+ localparam AES_128_NUM_ROUNDS = 4'ha;
+ localparam AES_256_NUM_ROUNDS = 4'he;
+
+ localparam CTRL_IDLE = 3'h0;
+ localparam CTRL_INIT = 3'h1;
+ localparam CTRL_GENERATE = 3'h2;
+ localparam CTRL_DONE = 3'h3;
+
+
+ //----------------------------------------------------------------
+ // Registers.
+ //----------------------------------------------------------------
+ reg [127 : 0] key_mem [0 : 14];
+ reg [127 : 0] key_mem_new;
+ reg key_mem_we;
+
+ reg [127 : 0] prev_key0_reg;
+ reg [127 : 0] prev_key0_new;
+ reg prev_key0_we;
+
+ reg [127 : 0] prev_key1_reg;
+ reg [127 : 0] prev_key1_new;
+ reg prev_key1_we;
+
+ reg [3 : 0] round_ctr_reg;
+ reg [3 : 0] round_ctr_new;
+ reg round_ctr_rst;
+ reg round_ctr_inc;
+ reg round_ctr_we;
+
+ reg [2 : 0] key_mem_ctrl_reg;
+ reg [2 : 0] key_mem_ctrl_new;
+ reg key_mem_ctrl_we;
+
+ reg ready_reg;
+ reg ready_new;
+ reg ready_we;
+
+ reg [7 : 0] rcon_reg;
+ reg [7 : 0] rcon_new;
+ reg rcon_we;
+ reg rcon_set;
+ reg rcon_next;
+
+
+ //----------------------------------------------------------------
+ // Wires.
+ //----------------------------------------------------------------
+ reg [31 : 0] tmp_sboxw;
+
+ reg round_key_update;
+ reg [3 : 0] num_rounds;
+
+ reg [127 : 0] tmp_round_key;
+
+
+ //----------------------------------------------------------------
+ // Concurrent assignments for ports.
+ //----------------------------------------------------------------
+ assign round_key = tmp_round_key;
+ assign ready = ready_reg;
+ assign sboxw = tmp_sboxw;
+
+
+ //----------------------------------------------------------------
+ // reg_update
+ //
+ // Update functionality for all registers in the core.
+ // All registers are positive edge triggered with asynchronous
+ // active low reset. All registers have write enable.
+ //----------------------------------------------------------------
+ always @ (posedge clk or negedge reset_n)
+ begin: reg_update
+ integer i;
+
+ if (!reset_n)
+ begin
+ for (i = 0 ; i < 4 ; i = i + 1)
+ key_mem [i] <= 128'h0;
+
+ rcon_reg <= 8'h0;
+ ready_reg <= 1'b0;
+ round_ctr_reg <= 4'h0;
+ key_mem_ctrl_reg <= CTRL_IDLE;
+ end
+ else
+ begin
+ if (round_ctr_we)
+ round_ctr_reg <= round_ctr_new;
+
+ if (ready_we)
+ ready_reg <= ready_new;
+
+ if (rcon_we)
+ rcon_reg <= rcon_new;
+
+ if (key_mem_we)
+ key_mem[round_ctr_reg] <= key_mem_new;
+
+ if (prev_key0_we)
+ prev_key0_reg <= prev_key0_new;
+
+ if (prev_key1_we)
+ prev_key1_reg <= prev_key1_new;
+
+ if (key_mem_ctrl_we)
+ key_mem_ctrl_reg <= key_mem_ctrl_new;
+ end
+ end // reg_update
+
+
+ //----------------------------------------------------------------
+ // key_mem_read
+ //
+ // Combinational read port for the key memory.
+ //----------------------------------------------------------------
+ always @*
+ begin : key_mem_read
+ tmp_round_key = key_mem[round];
+ end // key_mem_read
+
+
+ //----------------------------------------------------------------
+ // round_key_gen
+ //
+ // The round key generator logic for AES-128 and AES-256.
+ //----------------------------------------------------------------
+ always @*
+ begin: round_key_gen
+ reg [31 : 0] w0, w1, w2, w3, w4, w5, w6, w7;
+ reg [31 : 0] k0, k1, k2, k3;
+ reg [31 : 0] rconw, rotstw, tw, trw;
+
+ // Default assignments.
+ key_mem_new = 128'h0;
+ key_mem_we = 1'b0;
+ prev_key0_new = 128'h0;
+ prev_key0_we = 1'b0;
+ prev_key1_new = 128'h0;
+ prev_key1_we = 1'b0;
+
+ k0 = 32'h0;
+ k1 = 32'h0;
+ k2 = 32'h0;
+ k3 = 32'h0;
+
+ rcon_set = 1'b1;
+ rcon_next = 1'b0;
+
+ // Extract words and calculate intermediate values.
+ // Perform rotation of sbox word etc.
+ w0 = prev_key0_reg[127 : 096];
+ w1 = prev_key0_reg[095 : 064];
+ w2 = prev_key0_reg[063 : 032];
+ w3 = prev_key0_reg[031 : 000];
+
+ w4 = prev_key1_reg[127 : 096];
+ w5 = prev_key1_reg[095 : 064];
+ w6 = prev_key1_reg[063 : 032];
+ w7 = prev_key1_reg[031 : 000];
+
+ rconw = {rcon_reg, 24'h0};
+ tmp_sboxw = w7;
+ rotstw = {new_sboxw[23 : 00], new_sboxw[31 : 24]};
+ trw = rotstw ^ rconw;
+ tw = new_sboxw;
+
+ // Generate the specific round keys.
+ if (round_key_update)
+ begin
+ rcon_set = 1'b0;
+ key_mem_we = 1'b1;
+ case (keylen)
+ AES_128_BIT_KEY:
+ begin
+ if (round_ctr_reg == 0)
+ begin
+ key_mem_new = key[255 : 128];
+ prev_key1_new = key[255 : 128];
+ prev_key1_we = 1'b1;
+ rcon_next = 1'b1;
+ end
+ else
+ begin
+ k0 = w4 ^ trw;
+ k1 = w5 ^ w4 ^ trw;
+ k2 = w6 ^ w5 ^ w4 ^ trw;
+ k3 = w7 ^ w6 ^ w5 ^ w4 ^ trw;
+
+ key_mem_new = {k0, k1, k2, k3};
+ prev_key1_new = {k0, k1, k2, k3};
+ prev_key1_we = 1'b1;
+ rcon_next = 1'b1;
+ end
+ end
+
+ AES_256_BIT_KEY:
+ begin
+ if (round_ctr_reg == 0)
+ begin
+ key_mem_new = key[255 : 128];
+ prev_key0_new = key[255 : 128];
+ prev_key0_we = 1'b1;
+ end
+ else if (round_ctr_reg == 1)
+ begin
+ key_mem_new = key[127 : 0];
+ prev_key1_new = key[127 : 0];
+ prev_key1_we = 1'b1;
+ rcon_next = 1'b1;
+ end
+ else
+ begin
+ if (round_ctr_reg[0] == 0)
+ begin
+ k0 = w0 ^ trw;
+ k1 = w1 ^ w0 ^ trw;
+ k2 = w2 ^ w1 ^ w0 ^ trw;
+ k3 = w3 ^ w2 ^ w1 ^ w0 ^ trw;
+ end
+ else
+ begin
+ k0 = w0 ^ tw;
+ k1 = w1 ^ w0 ^ tw;
+ k2 = w2 ^ w1 ^ w0 ^ tw;
+ k3 = w3 ^ w2 ^ w1 ^ w0 ^ tw;
+ rcon_next = 1'b1;
+ end
+
+ // Store the generated round keys.
+ key_mem_new = {k0, k1, k2, k3};
+ prev_key1_new = {k0, k1, k2, k3};
+ prev_key1_we = 1'b1;
+ prev_key0_new = prev_key1_reg;
+ prev_key0_we = 1'b1;
+ end
+ end
+
+ default:
+ begin
+ end
+ endcase // case (keylen)
+ end
+ end // round_key_gen
+
+
+ //----------------------------------------------------------------
+ // rcon_logic
+ //
+ // Caclulates the rcon value for the different key expansion
+ // iterations.
+ //----------------------------------------------------------------
+ always @*
+ begin : rcon_logic
+ reg [7 : 0] tmp_rcon;
+ rcon_new = 8'h00;
+ rcon_we = 1'b0;
+
+ tmp_rcon = {rcon_reg[6 : 0], 1'b0} ^ (8'h1b & {8{rcon_reg[7]}});
+
+ if (rcon_set)
+ begin
+ rcon_new = 8'h8d;
+ rcon_we = 1'b1;
+ end
+
+ if (rcon_next)
+ begin
+ rcon_new = tmp_rcon[7 : 0];
+ rcon_we = 1'b1;
+ end
+ end
+
+
+ //----------------------------------------------------------------
+ // round_ctr
+ //
+ // The round counter logic with increase and reset.
+ //----------------------------------------------------------------
+ always @*
+ begin : round_ctr
+ round_ctr_new = 4'h0;
+ round_ctr_we = 1'b0;
+
+ if (round_ctr_rst)
+ begin
+ round_ctr_new = 4'h0;
+ round_ctr_we = 1'b1;
+ end
+
+ else if (round_ctr_inc)
+ begin
+ round_ctr_new = round_ctr_reg + 1'b1;
+ round_ctr_we = 1'b1;
+ end
+ end
+
+
+ //----------------------------------------------------------------
+ // num_rounds_logic
+ //
+ // Logic to select the number of rounds to generate keys for
+ //----------------------------------------------------------------
+ always @*
+ begin : num_rounds_logic
+ num_rounds = 4'h0;
+
+ case (keylen)
+ AES_128_BIT_KEY:
+ begin
+ num_rounds = AES_128_NUM_ROUNDS;
+ end
+
+ AES_256_BIT_KEY:
+ begin
+ num_rounds = AES_256_NUM_ROUNDS;
+ end
+
+ default:
+ begin
+ end
+ endcase // case (keylen)
+ end
+
+
+ //----------------------------------------------------------------
+ // key_mem_ctrl
+ //
+ //
+ // The FSM that controls the round key generation.
+ //----------------------------------------------------------------
+ always @*
+ begin: key_mem_ctrl
+ // Default assignments.
+ ready_new = 1'b0;
+ ready_we = 1'b0;
+ round_key_update = 1'b0;
+ round_ctr_rst = 1'b0;
+ round_ctr_inc = 1'b0;
+ key_mem_ctrl_new = CTRL_IDLE;
+ key_mem_ctrl_we = 1'b0;
+
+ case(key_mem_ctrl_reg)
+ CTRL_IDLE:
+ begin
+ if (init)
+ begin
+ ready_new = 1'b0;
+ ready_we = 1'b1;
+ key_mem_ctrl_new = CTRL_INIT;
+ key_mem_ctrl_we = 1'b1;
+ end
+ end
+
+ CTRL_INIT:
+ begin
+ round_ctr_rst = 1'b1;
+ key_mem_ctrl_new = CTRL_GENERATE;
+ key_mem_ctrl_we = 1'b1;
+ end
+
+ CTRL_GENERATE:
+ begin
+ round_ctr_inc = 1'b1;
+ round_key_update = 1'b1;
+ if (round_ctr_reg == num_rounds)
+ begin
+ key_mem_ctrl_new = CTRL_DONE;
+ key_mem_ctrl_we = 1'b1;
+ end
+ end
+
+ CTRL_DONE:
+ begin
+ ready_new = 1'b1;
+ ready_we = 1'b1;
+ key_mem_ctrl_new = CTRL_IDLE;
+ key_mem_ctrl_we = 1'b1;
+ end
+
+ default:
+ begin
+ end
+ endcase // case (key_mem_ctrl_reg)
+
+ end // key_mem_ctrl
+endmodule // aes_key_mem
+
+//======================================================================
+// EOF aes_key_mem.v
+//======================================================================
diff --git a/src/rtl/aes_sbox.v b/src/rtl/aes_sbox.v
new file mode 100644
index 0000000..09ba129
--- /dev/null
+++ b/src/rtl/aes_sbox.v
@@ -0,0 +1,325 @@
+//======================================================================
+//
+// aes_sbox.v
+// ----------
+// The AES S-box. Basically a 256 Byte ROM. This implementation
+// contains four parallel S-boxes to handle a 32 bit word.
+//
+//
+// Copyright (c) 2013 NORDUnet A/S
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+// - Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// - Neither the name of the NORDUnet nor the names of its contributors may
+// be used to endorse or promote products derived from this software
+// without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+// IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+// TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+// PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+//======================================================================
+
+module aes_sbox(
+ input wire [31 : 0] sboxw,
+ output wire [31 : 0] new_sboxw
+ );
+
+
+ //----------------------------------------------------------------
+ // The sbox array.
+ //----------------------------------------------------------------
+ wire [7 : 0] sbox [0 : 255];
+
+
+ //----------------------------------------------------------------
+ // Four parallel muxes.
+ //----------------------------------------------------------------
+ assign new_sboxw[31 : 24] = sbox[sboxw[31 : 24]];
+ assign new_sboxw[23 : 16] = sbox[sboxw[23 : 16]];
+ assign new_sboxw[15 : 08] = sbox[sboxw[15 : 08]];
+ assign new_sboxw[07 : 00] = sbox[sboxw[07 : 00]];
+
+
+ //----------------------------------------------------------------
+ // Creating the sbox array contents.
+ //----------------------------------------------------------------
+ assign sbox[8'h00] = 8'h63;
+ assign sbox[8'h01] = 8'h7c;
+ assign sbox[8'h02] = 8'h77;
+ assign sbox[8'h03] = 8'h7b;
+ assign sbox[8'h04] = 8'hf2;
+ assign sbox[8'h05] = 8'h6b;
+ assign sbox[8'h06] = 8'h6f;
+ assign sbox[8'h07] = 8'hc5;
+ assign sbox[8'h08] = 8'h30;
+ assign sbox[8'h09] = 8'h01;
+ assign sbox[8'h0a] = 8'h67;
+ assign sbox[8'h0b] = 8'h2b;
+ assign sbox[8'h0c] = 8'hfe;
+ assign sbox[8'h0d] = 8'hd7;
+ assign sbox[8'h0e] = 8'hab;
+ assign sbox[8'h0f] = 8'h76;
+ assign sbox[8'h10] = 8'hca;
+ assign sbox[8'h11] = 8'h82;
+ assign sbox[8'h12] = 8'hc9;
+ assign sbox[8'h13] = 8'h7d;
+ assign sbox[8'h14] = 8'hfa;
+ assign sbox[8'h15] = 8'h59;
+ assign sbox[8'h16] = 8'h47;
+ assign sbox[8'h17] = 8'hf0;
+ assign sbox[8'h18] = 8'had;
+ assign sbox[8'h19] = 8'hd4;
+ assign sbox[8'h1a] = 8'ha2;
+ assign sbox[8'h1b] = 8'haf;
+ assign sbox[8'h1c] = 8'h9c;
+ assign sbox[8'h1d] = 8'ha4;
+ assign sbox[8'h1e] = 8'h72;
+ assign sbox[8'h1f] = 8'hc0;
+ assign sbox[8'h20] = 8'hb7;
+ assign sbox[8'h21] = 8'hfd;
+ assign sbox[8'h22] = 8'h93;
+ assign sbox[8'h23] = 8'h26;
+ assign sbox[8'h24] = 8'h36;
+ assign sbox[8'h25] = 8'h3f;
+ assign sbox[8'h26] = 8'hf7;
+ assign sbox[8'h27] = 8'hcc;
+ assign sbox[8'h28] = 8'h34;
+ assign sbox[8'h29] = 8'ha5;
+ assign sbox[8'h2a] = 8'he5;
+ assign sbox[8'h2b] = 8'hf1;
+ assign sbox[8'h2c] = 8'h71;
+ assign sbox[8'h2d] = 8'hd8;
+ assign sbox[8'h2e] = 8'h31;
+ assign sbox[8'h2f] = 8'h15;
+ assign sbox[8'h30] = 8'h04;
+ assign sbox[8'h31] = 8'hc7;
+ assign sbox[8'h32] = 8'h23;
+ assign sbox[8'h33] = 8'hc3;
+ assign sbox[8'h34] = 8'h18;
+ assign sbox[8'h35] = 8'h96;
+ assign sbox[8'h36] = 8'h05;
+ assign sbox[8'h37] = 8'h9a;
+ assign sbox[8'h38] = 8'h07;
+ assign sbox[8'h39] = 8'h12;
+ assign sbox[8'h3a] = 8'h80;
+ assign sbox[8'h3b] = 8'he2;
+ assign sbox[8'h3c] = 8'heb;
+ assign sbox[8'h3d] = 8'h27;
+ assign sbox[8'h3e] = 8'hb2;
+ assign sbox[8'h3f] = 8'h75;
+ assign sbox[8'h40] = 8'h09;
+ assign sbox[8'h41] = 8'h83;
+ assign sbox[8'h42] = 8'h2c;
+ assign sbox[8'h43] = 8'h1a;
+ assign sbox[8'h44] = 8'h1b;
+ assign sbox[8'h45] = 8'h6e;
+ assign sbox[8'h46] = 8'h5a;
+ assign sbox[8'h47] = 8'ha0;
+ assign sbox[8'h48] = 8'h52;
+ assign sbox[8'h49] = 8'h3b;
+ assign sbox[8'h4a] = 8'hd6;
+ assign sbox[8'h4b] = 8'hb3;
+ assign sbox[8'h4c] = 8'h29;
+ assign sbox[8'h4d] = 8'he3;
+ assign sbox[8'h4e] = 8'h2f;
+ assign sbox[8'h4f] = 8'h84;
+ assign sbox[8'h50] = 8'h53;
+ assign sbox[8'h51] = 8'hd1;
+ assign sbox[8'h52] = 8'h00;
+ assign sbox[8'h53] = 8'hed;
+ assign sbox[8'h54] = 8'h20;
+ assign sbox[8'h55] = 8'hfc;
+ assign sbox[8'h56] = 8'hb1;
+ assign sbox[8'h57] = 8'h5b;
+ assign sbox[8'h58] = 8'h6a;
+ assign sbox[8'h59] = 8'hcb;
+ assign sbox[8'h5a] = 8'hbe;
+ assign sbox[8'h5b] = 8'h39;
+ assign sbox[8'h5c] = 8'h4a;
+ assign sbox[8'h5d] = 8'h4c;
+ assign sbox[8'h5e] = 8'h58;
+ assign sbox[8'h5f] = 8'hcf;
+ assign sbox[8'h60] = 8'hd0;
+ assign sbox[8'h61] = 8'hef;
+ assign sbox[8'h62] = 8'haa;
+ assign sbox[8'h63] = 8'hfb;
+ assign sbox[8'h64] = 8'h43;
+ assign sbox[8'h65] = 8'h4d;
+ assign sbox[8'h66] = 8'h33;
+ assign sbox[8'h67] = 8'h85;
+ assign sbox[8'h68] = 8'h45;
+ assign sbox[8'h69] = 8'hf9;
+ assign sbox[8'h6a] = 8'h02;
+ assign sbox[8'h6b] = 8'h7f;
+ assign sbox[8'h6c] = 8'h50;
+ assign sbox[8'h6d] = 8'h3c;
+ assign sbox[8'h6e] = 8'h9f;
+ assign sbox[8'h6f] = 8'ha8;
+ assign sbox[8'h70] = 8'h51;
+ assign sbox[8'h71] = 8'ha3;
+ assign sbox[8'h72] = 8'h40;
+ assign sbox[8'h73] = 8'h8f;
+ assign sbox[8'h74] = 8'h92;
+ assign sbox[8'h75] = 8'h9d;
+ assign sbox[8'h76] = 8'h38;
+ assign sbox[8'h77] = 8'hf5;
+ assign sbox[8'h78] = 8'hbc;
+ assign sbox[8'h79] = 8'hb6;
+ assign sbox[8'h7a] = 8'hda;
+ assign sbox[8'h7b] = 8'h21;
+ assign sbox[8'h7c] = 8'h10;
+ assign sbox[8'h7d] = 8'hff;
+ assign sbox[8'h7e] = 8'hf3;
+ assign sbox[8'h7f] = 8'hd2;
+ assign sbox[8'h80] = 8'hcd;
+ assign sbox[8'h81] = 8'h0c;
+ assign sbox[8'h82] = 8'h13;
+ assign sbox[8'h83] = 8'hec;
+ assign sbox[8'h84] = 8'h5f;
+ assign sbox[8'h85] = 8'h97;
+ assign sbox[8'h86] = 8'h44;
+ assign sbox[8'h87] = 8'h17;
+ assign sbox[8'h88] = 8'hc4;
+ assign sbox[8'h89] = 8'ha7;
+ assign sbox[8'h8a] = 8'h7e;
+ assign sbox[8'h8b] = 8'h3d;
+ assign sbox[8'h8c] = 8'h64;
+ assign sbox[8'h8d] = 8'h5d;
+ assign sbox[8'h8e] = 8'h19;
+ assign sbox[8'h8f] = 8'h73;
+ assign sbox[8'h90] = 8'h60;
+ assign sbox[8'h91] = 8'h81;
+ assign sbox[8'h92] = 8'h4f;
+ assign sbox[8'h93] = 8'hdc;
+ assign sbox[8'h94] = 8'h22;
+ assign sbox[8'h95] = 8'h2a;
+ assign sbox[8'h96] = 8'h90;
+ assign sbox[8'h97] = 8'h88;
+ assign sbox[8'h98] = 8'h46;
+ assign sbox[8'h99] = 8'hee;
+ assign sbox[8'h9a] = 8'hb8;
+ assign sbox[8'h9b] = 8'h14;
+ assign sbox[8'h9c] = 8'hde;
+ assign sbox[8'h9d] = 8'h5e;
+ assign sbox[8'h9e] = 8'h0b;
+ assign sbox[8'h9f] = 8'hdb;
+ assign sbox[8'ha0] = 8'he0;
+ assign sbox[8'ha1] = 8'h32;
+ assign sbox[8'ha2] = 8'h3a;
+ assign sbox[8'ha3] = 8'h0a;
+ assign sbox[8'ha4] = 8'h49;
+ assign sbox[8'ha5] = 8'h06;
+ assign sbox[8'ha6] = 8'h24;
+ assign sbox[8'ha7] = 8'h5c;
+ assign sbox[8'ha8] = 8'hc2;
+ assign sbox[8'ha9] = 8'hd3;
+ assign sbox[8'haa] = 8'hac;
+ assign sbox[8'hab] = 8'h62;
+ assign sbox[8'hac] = 8'h91;
+ assign sbox[8'had] = 8'h95;
+ assign sbox[8'hae] = 8'he4;
+ assign sbox[8'haf] = 8'h79;
+ assign sbox[8'hb0] = 8'he7;
+ assign sbox[8'hb1] = 8'hc8;
+ assign sbox[8'hb2] = 8'h37;
+ assign sbox[8'hb3] = 8'h6d;
+ assign sbox[8'hb4] = 8'h8d;
+ assign sbox[8'hb5] = 8'hd5;
+ assign sbox[8'hb6] = 8'h4e;
+ assign sbox[8'hb7] = 8'ha9;
+ assign sbox[8'hb8] = 8'h6c;
+ assign sbox[8'hb9] = 8'h56;
+ assign sbox[8'hba] = 8'hf4;
+ assign sbox[8'hbb] = 8'hea;
+ assign sbox[8'hbc] = 8'h65;
+ assign sbox[8'hbd] = 8'h7a;
+ assign sbox[8'hbe] = 8'hae;
+ assign sbox[8'hbf] = 8'h08;
+ assign sbox[8'hc0] = 8'hba;
+ assign sbox[8'hc1] = 8'h78;
+ assign sbox[8'hc2] = 8'h25;
+ assign sbox[8'hc3] = 8'h2e;
+ assign sbox[8'hc4] = 8'h1c;
+ assign sbox[8'hc5] = 8'ha6;
+ assign sbox[8'hc6] = 8'hb4;
+ assign sbox[8'hc7] = 8'hc6;
+ assign sbox[8'hc8] = 8'he8;
+ assign sbox[8'hc9] = 8'hdd;
+ assign sbox[8'hca] = 8'h74;
+ assign sbox[8'hcb] = 8'h1f;
+ assign sbox[8'hcc] = 8'h4b;
+ assign sbox[8'hcd] = 8'hbd;
+ assign sbox[8'hce] = 8'h8b;
+ assign sbox[8'hcf] = 8'h8a;
+ assign sbox[8'hd0] = 8'h70;
+ assign sbox[8'hd1] = 8'h3e;
+ assign sbox[8'hd2] = 8'hb5;
+ assign sbox[8'hd3] = 8'h66;
+ assign sbox[8'hd4] = 8'h48;
+ assign sbox[8'hd5] = 8'h03;
+ assign sbox[8'hd6] = 8'hf6;
+ assign sbox[8'hd7] = 8'h0e;
+ assign sbox[8'hd8] = 8'h61;
+ assign sbox[8'hd9] = 8'h35;
+ assign sbox[8'hda] = 8'h57;
+ assign sbox[8'hdb] = 8'hb9;
+ assign sbox[8'hdc] = 8'h86;
+ assign sbox[8'hdd] = 8'hc1;
+ assign sbox[8'hde] = 8'h1d;
+ assign sbox[8'hdf] = 8'h9e;
+ assign sbox[8'he0] = 8'he1;
+ assign sbox[8'he1] = 8'hf8;
+ assign sbox[8'he2] = 8'h98;
+ assign sbox[8'he3] = 8'h11;
+ assign sbox[8'he4] = 8'h69;
+ assign sbox[8'he5] = 8'hd9;
+ assign sbox[8'he6] = 8'h8e;
+ assign sbox[8'he7] = 8'h94;
+ assign sbox[8'he8] = 8'h9b;
+ assign sbox[8'he9] = 8'h1e;
+ assign sbox[8'hea] = 8'h87;
+ assign sbox[8'heb] = 8'he9;
+ assign sbox[8'hec] = 8'hce;
+ assign sbox[8'hed] = 8'h55;
+ assign sbox[8'hee] = 8'h28;
+ assign sbox[8'hef] = 8'hdf;
+ assign sbox[8'hf0] = 8'h8c;
+ assign sbox[8'hf1] = 8'ha1;
+ assign sbox[8'hf2] = 8'h89;
+ assign sbox[8'hf3] = 8'h0d;
+ assign sbox[8'hf4] = 8'hbf;
+ assign sbox[8'hf5] = 8'he6;
+ assign sbox[8'hf6] = 8'h42;
+ assign sbox[8'hf7] = 8'h68;
+ assign sbox[8'hf8] = 8'h41;
+ assign sbox[8'hf9] = 8'h99;
+ assign sbox[8'hfa] = 8'h2d;
+ assign sbox[8'hfb] = 8'h0f;
+ assign sbox[8'hfc] = 8'hb0;
+ assign sbox[8'hfd] = 8'h54;
+ assign sbox[8'hfe] = 8'hbb;
+ assign sbox[8'hff] = 8'h16;
+
+endmodule // aes_sbox
+
+//======================================================================
+// EOF aes_sbox.v
+//======================================================================