diff options
author | Joachim StroĢmbergson <joachim@secworks.se> | 2018-10-18 13:37:03 +0200 |
---|---|---|
committer | Joachim StroĢmbergson <joachim@secworks.se> | 2018-10-18 13:37:03 +0200 |
commit | 3fec1265673b898cdf0e4e5877eec6f8ff336212 (patch) | |
tree | e600c4bf3573b8cb4bd647c1d090bcc86dd8e98e | |
parent | 051b5914c988dcf58002817cb09e92bf7992f361 (diff) |
(1) Locked down API to ignore read or write requests that could leak info or cause incorrect behaviour during processing. (2) Cleaned up API registers and the API.
-rw-r--r-- | src/rtl/sha256.v | 431 | ||||
-rw-r--r-- | src/tb/tb_sha256.v | 8 |
2 files changed, 68 insertions, 371 deletions
diff --git a/src/rtl/sha256.v b/src/rtl/sha256.v index 67c8a6b..2ef1a57 100644 --- a/src/rtl/sha256.v +++ b/src/rtl/sha256.v @@ -98,7 +98,7 @@ module sha256( localparam CORE_NAME0 = 32'h73686132; // "sha2" localparam CORE_NAME1 = 32'h2d323536; // "-256" - localparam CORE_VERSION = 32'h312e3830; // "1.80" + localparam CORE_VERSION = 32'h312e3832; // "1.82" localparam MODE_SHA_224 = 1'h0; localparam MODE_SHA_256 = 1'h1; @@ -109,13 +109,9 @@ module sha256( //---------------------------------------------------------------- reg init_reg; reg init_new; - reg init_we; - reg init_set; reg next_reg; reg next_new; - reg next_we; - reg next_set; reg mode_reg; reg mode_new; @@ -123,38 +119,8 @@ module sha256( reg ready_reg; - reg [31 : 0] block0_reg; - reg block0_we; - reg [31 : 0] block1_reg; - reg block1_we; - reg [31 : 0] block2_reg; - reg block2_we; - reg [31 : 0] block3_reg; - reg block3_we; - reg [31 : 0] block4_reg; - reg block4_we; - reg [31 : 0] block5_reg; - reg block5_we; - reg [31 : 0] block6_reg; - reg block6_we; - reg [31 : 0] block7_reg; - reg block7_we; - reg [31 : 0] block8_reg; - reg block8_we; - reg [31 : 0] block9_reg; - reg block9_we; - reg [31 : 0] block10_reg; - reg block10_we; - reg [31 : 0] block11_reg; - reg block11_we; - reg [31 : 0] block12_reg; - reg block12_we; - reg [31 : 0] block13_reg; - reg block13_we; - reg [31 : 0] block14_reg; - reg block14_we; - reg [31 : 0] block15_reg; - reg block15_we; + reg [31 : 0] block_reg [0 : 15]; + reg block_we; reg [255 : 0] digest_reg; @@ -164,8 +130,6 @@ module sha256( //---------------------------------------------------------------- // Wires. //---------------------------------------------------------------- - wire core_init; - wire core_next; wire core_ready; wire [511 : 0] core_block; wire [255 : 0] core_digest; @@ -187,14 +151,10 @@ module sha256( //---------------------------------------------------------------- // Concurrent connectivity for ports etc. //---------------------------------------------------------------- - assign core_init = init_reg; - - assign core_next = next_reg; - - assign core_block = {block0_reg, block1_reg, block2_reg, block3_reg, - block4_reg, block5_reg, block6_reg, block7_reg, - block8_reg, block9_reg, block10_reg, block11_reg, - block12_reg, block13_reg, block14_reg, block15_reg}; + assign core_block = {block_reg[00], block_reg[01], block_reg[02], block_reg[03], + block_reg[04], block_reg[05], block_reg[06], block_reg[07], + block_reg[08], block_reg[09], block_reg[10], block_reg[11], + block_reg[12], block_reg[13], block_reg[14], block_reg[15]}; assign read_data = tmp_read_data; assign error = tmp_error; @@ -207,8 +167,8 @@ module sha256( .clk(clk), .reset_n(reset_n), - .init(core_init), - .next(core_next), + .init(init_reg), + .next(next_reg), .mode(mode_reg), .block(core_block), @@ -239,46 +199,27 @@ module sha256( // asynchronous active low reset. //---------------------------------------------------------------- always @ (posedge clk or negedge reset_n) - begin + begin : reg_update + integer i; + if (!reset_n) begin - init_reg <= 1'h0; - next_reg <= 1'h0; + for (i = 0 ; i < 16 ; i = i + 1) + block_reg[i] <= 32'h0; + + init_reg <= 0; + next_reg <= 0; + ready_reg <= 0; mode_reg <= MODE_SHA_256; - ready_reg <= 1'h0; digest_reg <= 256'h0; - digest_valid_reg <= 1'h0; - block0_reg <= 32'h0; - block1_reg <= 32'h0; - block2_reg <= 32'h0; - block3_reg <= 32'h0; - block4_reg <= 32'h0; - block5_reg <= 32'h0; - block6_reg <= 32'h0; - block7_reg <= 32'h0; - block8_reg <= 32'h0; - block9_reg <= 32'h0; - block10_reg <= 32'h0; - block11_reg <= 32'h0; - block12_reg <= 32'h0; - block13_reg <= 32'h0; - block14_reg <= 32'h0; - block15_reg <= 32'h0; + digest_valid_reg <= 0; end else begin ready_reg <= core_ready; digest_valid_reg <= core_digest_valid; - - if (init_we) - begin - init_reg <= init_new; - end - - if (next_we) - begin - next_reg <= next_new; - end + init_reg <= init_new; + next_reg <= next_new; if (mode_we) mode_reg <= mode_new; @@ -288,127 +229,13 @@ module sha256( digest_reg <= core_digest; end - if (block0_we) - begin - block0_reg <= write_data; - end - - if (block1_we) - begin - block1_reg <= write_data; - end - - if (block2_we) - begin - block2_reg <= write_data; - end - - if (block3_we) - begin - block3_reg <= write_data; - end - - if (block4_we) - begin - block4_reg <= write_data; - end - - if (block5_we) - begin - block5_reg <= write_data; - end - - if (block6_we) - begin - block6_reg <= write_data; - end - - if (block7_we) - begin - block7_reg <= write_data; - end - - if (block8_we) - begin - block8_reg <= write_data; - end - - if (block9_we) - begin - block9_reg <= write_data; - end - - if (block10_we) - begin - block10_reg <= write_data; - end - - if (block11_we) - begin - block11_reg <= write_data; - end - - if (block12_we) - begin - block12_reg <= write_data; - end - - if (block13_we) - begin - block13_reg <= write_data; - end - - if (block14_we) - begin - block14_reg <= write_data; - end - - if (block15_we) - begin - block15_reg <= write_data; - end - + if (block_we) + block_reg[address[3 : 0]] <= write_data; end end // reg_update //---------------------------------------------------------------- - // flag_reset - // - // Logic to reset init and next flags that has been set. - //---------------------------------------------------------------- - always @* - begin : flag_reset - init_new = 0; - init_we = 0; - next_new = 0; - next_we = 0; - - if (init_set) - begin - init_new = 1; - init_we = 1; - end - else if (init_reg) - begin - init_new = 0; - init_we = 1; - end - - if (next_set) - begin - next_new = 1; - next_we = 1; - end - else if (next_reg) - begin - next_new = 0; - next_we = 1; - end - end - - - //---------------------------------------------------------------- // api_logic // // Implementation of the api logic. If cs is enabled will either @@ -416,26 +243,11 @@ module sha256( //---------------------------------------------------------------- always @* begin : api_logic - init_set = 0; - next_set = 0; + init_new = 0; + next_new = 0; mode_new = 0; mode_we = 0; - block0_we = 0; - block1_we = 0; - block2_we = 0; - block3_we = 0; - block4_we = 0; - block5_we = 0; - block6_we = 0; - block7_we = 0; - block8_we = 0; - block9_we = 0; - block10_we = 0; - block11_we = 0; - block12_we = 0; - block13_we = 0; - block14_we = 0; - block15_we = 0; + block_we = 0; state0_we = 0; state1_we = 0; state2_we = 0; @@ -444,105 +256,65 @@ module sha256( state5_we = 0; state6_we = 0; state7_we = 0; - - tmp_read_data = 32'h00000000; + tmp_read_data = 32'h0; tmp_error = 0; if (cs) begin if (we) begin - case (address) - // Write operations. - ADDR_CTRL: - begin - init_set = write_data[CTRL_INIT_BIT]; - next_set = write_data[CTRL_NEXT_BIT]; - mode_new = write_data[CTRL_MODE_BIT]; - mode_we = 1; - end + if (core_ready) + begin - ADDR_BLOCK0: - block0_we = 1; + if ((address >= ADDR_BLOCK0) && (address <= ADDR_BLOCK15)) + block_we = 1; - ADDR_BLOCK1: - block1_we = 1; + case (address) + ADDR_CTRL: + begin + init_new = write_data[CTRL_INIT_BIT]; + next_new = write_data[CTRL_NEXT_BIT]; + mode_new = write_data[CTRL_MODE_BIT]; + mode_we = 1; + end - ADDR_BLOCK2: - block2_we = 1; + ADDR_DIGEST0: + state0_we = 1; - ADDR_BLOCK3: - block3_we = 1; + ADDR_DIGEST1: + state1_we = 1; - ADDR_BLOCK4: - block4_we = 1; + ADDR_DIGEST2: + state2_we = 1; - ADDR_BLOCK5: - block5_we = 1; + ADDR_DIGEST3: + state3_we = 1; - ADDR_BLOCK6: - block6_we = 1; + ADDR_DIGEST4: + state4_we = 1; - ADDR_BLOCK7: - block7_we = 1; + ADDR_DIGEST5: + state5_we = 1; - ADDR_BLOCK8: - block8_we = 1; + ADDR_DIGEST6: + state6_we = 1; - ADDR_BLOCK9: - block9_we = 1; + ADDR_DIGEST7: + state7_we = 1; - ADDR_BLOCK10: - block10_we = 1; - - ADDR_BLOCK11: - block11_we = 1; - - ADDR_BLOCK12: - block12_we = 1; - - ADDR_BLOCK13: - block13_we = 1; - - ADDR_BLOCK14: - block14_we = 1; - - ADDR_BLOCK15: - block15_we = 1; - - ADDR_DIGEST0: - state0_we = 1; - - ADDR_DIGEST1: - state1_we = 1; - - ADDR_DIGEST2: - state2_we = 1; - - ADDR_DIGEST3: - state3_we = 1; - - ADDR_DIGEST4: - state4_we = 1; - - ADDR_DIGEST5: - state5_we = 1; - - ADDR_DIGEST6: - state6_we = 1; - - ADDR_DIGEST7: - state7_we = 1; - - default: - begin - tmp_error = 1; - end - endcase // case (address) + default: + begin + tmp_error = 1; + end + endcase // case (address) + end // if (core_ready) end // if (we) else begin + if ((address >= ADDR_DIGEST0) && (address <= ADDR_DIGEST7)) + tmp_read_data = digest_reg[(7 - (address - ADDR_DIGEST0)) * 32 +: 32]; + case (address) // Read operations. ADDR_NAME0: @@ -554,84 +326,9 @@ module sha256( ADDR_VERSION: tmp_read_data = CORE_VERSION; - ADDR_CTRL: - tmp_read_data = {29'h0, mode_reg, next_reg, init_reg}; - ADDR_STATUS: tmp_read_data = {30'h0, digest_valid_reg, ready_reg}; - ADDR_BLOCK0: - tmp_read_data = block0_reg; - - ADDR_BLOCK1: - tmp_read_data = block1_reg; - - ADDR_BLOCK2: - tmp_read_data = block2_reg; - - ADDR_BLOCK3: - tmp_read_data = block3_reg; - - ADDR_BLOCK4: - tmp_read_data = block4_reg; - - ADDR_BLOCK5: - tmp_read_data = block5_reg; - - ADDR_BLOCK6: - tmp_read_data = block6_reg; - - ADDR_BLOCK7: - tmp_read_data = block7_reg; - - ADDR_BLOCK8: - tmp_read_data = block8_reg; - - ADDR_BLOCK9: - tmp_read_data = block9_reg; - - ADDR_BLOCK10: - tmp_read_data = block10_reg; - - ADDR_BLOCK11: - tmp_read_data = block11_reg; - - ADDR_BLOCK12: - tmp_read_data = block12_reg; - - ADDR_BLOCK13: - tmp_read_data = block13_reg; - - ADDR_BLOCK14: - tmp_read_data = block14_reg; - - ADDR_BLOCK15: - tmp_read_data = block15_reg; - - ADDR_DIGEST0: - tmp_read_data = digest_reg[255 : 224]; - - ADDR_DIGEST1: - tmp_read_data = digest_reg[223 : 192]; - - ADDR_DIGEST2: - tmp_read_data = digest_reg[191 : 160]; - - ADDR_DIGEST3: - tmp_read_data = digest_reg[159 : 128]; - - ADDR_DIGEST4: - tmp_read_data = digest_reg[127 : 96]; - - ADDR_DIGEST5: - tmp_read_data = digest_reg[95 : 64]; - - ADDR_DIGEST6: - tmp_read_data = digest_reg[63 : 32]; - - ADDR_DIGEST7: - tmp_read_data = digest_reg[31 : 0]; - default: begin tmp_error = 1; diff --git a/src/tb/tb_sha256.v b/src/tb/tb_sha256.v index 01aa66e..99bdcfd 100644 --- a/src/tb/tb_sha256.v +++ b/src/tb/tb_sha256.v @@ -182,14 +182,14 @@ module tb_sha256(); $display("Message block:"); $display("block0 = 0x%08x, block1 = 0x%08x, block2 = 0x%08x, block3 = 0x%08x", - dut.block0_reg, dut.block1_reg, dut.block2_reg, dut.block3_reg); + dut.block_reg[0], dut.block_reg[1], dut.block_reg[2], dut.block_reg[3]); $display("block4 = 0x%08x, block5 = 0x%08x, block6 = 0x%08x, block7 = 0x%08x", - dut.block4_reg, dut.block5_reg, dut.block6_reg, dut.block7_reg); + dut.block_reg[4], dut.block_reg[5], dut.block_reg[6], dut.block_reg[7]); $display("block8 = 0x%08x, block9 = 0x%08x, block10 = 0x%08x, block11 = 0x%08x", - dut.block8_reg, dut.block9_reg, dut.block10_reg, dut.block11_reg); + dut.block_reg[8], dut.block_reg[9], dut.block_reg[10], dut.block_reg[11]); $display("block12 = 0x%08x, block13 = 0x%08x, block14 = 0x%08x, block15 = 0x%08x", - dut.block12_reg, dut.block13_reg, dut.block14_reg, dut.block15_reg); + dut.block_reg[12], dut.block_reg[13], dut.block_reg[14], dut.block_reg[15]); $display(""); $display("Digest:"); |