diff options
author | Joachim StroĢmbergson <joachim@secworks.se> | 2018-10-18 13:37:03 +0200 |
---|---|---|
committer | Joachim StroĢmbergson <joachim@secworks.se> | 2018-10-18 13:37:03 +0200 |
commit | 3fec1265673b898cdf0e4e5877eec6f8ff336212 (patch) | |
tree | e600c4bf3573b8cb4bd647c1d090bcc86dd8e98e /src | |
parent | 051b5914c988dcf58002817cb09e92bf7992f361 (diff) |
(1) Locked down API to ignore read or write requests that could leak info or cause incorrect behaviour during processing. (2) Cleaned up API registers and the API.
Diffstat (limited to 'src')
-rw-r--r-- | src/rtl/sha256.v | 431 | ||||
-rw-r--r-- | src/tb/tb_sha256.v | 8 |
2 files changed, 68 insertions, 371 deletions
diff --git a/src/rtl/sha256.v b/src/rtl/sha256.v index 67c8a6b..2ef1a57 100644 --- a/src/rtl/sha256.v +++ b/src/rtl/sha256.v @@ -98,7 +98,7 @@ module sha256( localparam CORE_NAME0 = 32'h73686132; // "sha2" localparam CORE_NAME1 = 32'h2d323536; // "-256" - localparam CORE_VERSION = 32'h312e3830; // "1.80" + localparam CORE_VERSION = 32'h312e3832; // "1.82" localparam MODE_SHA_224 = 1'h0; localparam MODE_SHA_256 = 1'h1; @@ -109,13 +109,9 @@ module sha256( //---------------------------------------------------------------- reg init_reg; reg init_new; - reg init_we; - reg init_set; reg next_reg; reg next_new; - reg next_we; - reg next_set; reg mode_reg; reg mode_new; @@ -123,38 +119,8 @@ module sha256( reg ready_reg; - reg [31 : 0] block0_reg; - reg block0_we; - reg [31 : 0] block1_reg; - reg block1_we; - reg [31 : 0] block2_reg; - reg block2_we; - reg [31 : 0] block3_reg; - reg block3_we; - reg [31 : 0] block4_reg; - reg block4_we; - reg [31 : 0] block5_reg; - reg block5_we; - reg [31 : 0] block6_reg; - reg block6_we; - reg [31 : 0] block7_reg; - reg block7_we; - reg [31 : 0] block8_reg; - reg block8_we; - reg [31 : 0] block9_reg; - reg block9_we; - reg [31 : 0] block10_reg; - reg block10_we; - reg [31 : 0] block11_reg; - reg block11_we; - reg [31 : 0] block12_reg; - reg block12_we; - reg [31 : 0] block13_reg; - reg block13_we; - reg [31 : 0] block14_reg; - reg block14_we; - reg [31 : 0] block15_reg; - reg block15_we; + reg [31 : 0] block_reg [0 : 15]; + reg block_we; reg [255 : 0] digest_reg; @@ -164,8 +130,6 @@ module sha256( //---------------------------------------------------------------- // Wires. //---------------------------------------------------------------- - wire core_init; - wire core_next; wire core_ready; wire [511 : 0] core_block; wire [255 : 0] core_digest; @@ -187,14 +151,10 @@ module sha256( //---------------------------------------------------------------- // Concurrent connectivity for ports etc. //---------------------------------------------------------------- - assign core_init = init_reg; - - assign core_next = next_reg; - - assign core_block = {block0_reg, block1_reg, block2_reg, block3_reg, - block4_reg, block5_reg, block6_reg, block7_reg, - block8_reg, block9_reg, block10_reg, block11_reg, - block12_reg, block13_reg, block14_reg, block15_reg}; + assign core_block = {block_reg[00], block_reg[01], block_reg[02], block_reg[03], + block_reg[04], block_reg[05], block_reg[06], block_reg[07], + block_reg[08], block_reg[09], block_reg[10], block_reg[11], + block_reg[12], block_reg[13], block_reg[14], block_reg[15]}; assign read_data = tmp_read_data; assign error = tmp_error; @@ -207,8 +167,8 @@ module sha256( .clk(clk), .reset_n(reset_n), - .init(core_init), - .next(core_next), + .init(init_reg), + .next(next_reg), .mode(mode_reg), .block(core_block), @@ -239,46 +199,27 @@ module sha256( // asynchronous active low reset. //---------------------------------------------------------------- always @ (posedge clk or negedge reset_n) - begin + begin : reg_update + integer i; + if (!reset_n) begin - init_reg <= 1'h0; - next_reg <= 1'h0; + for (i = 0 ; i < 16 ; i = i + 1) + block_reg[i] <= 32'h0; + + init_reg <= 0; + next_reg <= 0; + ready_reg <= 0; mode_reg <= MODE_SHA_256; - ready_reg <= 1'h0; digest_reg <= 256'h0; - digest_valid_reg <= 1'h0; - block0_reg <= 32'h0; - block1_reg <= 32'h0; - block2_reg <= 32'h0; - block3_reg <= 32'h0; - block4_reg <= 32'h0; - block5_reg <= 32'h0; - block6_reg <= 32'h0; - block7_reg <= 32'h0; - block8_reg <= 32'h0; - block9_reg <= 32'h0; - block10_reg <= 32'h0; - block11_reg <= 32'h0; - block12_reg <= 32'h0; - block13_reg <= 32'h0; - block14_reg <= 32'h0; - block15_reg <= 32'h0; + digest_valid_reg <= 0; end else begin ready_reg <= core_ready; digest_valid_reg <= core_digest_valid; - - if (init_we) - begin - init_reg <= init_new; - end - - if (next_we) - begin - next_reg <= next_new; - end + init_reg <= init_new; + next_reg <= next_new; if (mode_we) mode_reg <= mode_new; @@ -288,127 +229,13 @@ module sha256( digest_reg <= core_digest; end - if (block0_we) - begin - block0_reg <= write_data; - end - - if (block1_we) - begin - block1_reg <= write_data; - end - - if (block2_we) - begin - block2_reg <= write_data; - end - - if (block3_we) - begin - block3_reg <= write_data; - end - - if (block4_we) - begin - block4_reg <= write_data; - end - - if (block5_we) - begin - block5_reg <= write_data; - end - - if (block6_we) - begin - block6_reg <= write_data; - end - - if (block7_we) - begin - block7_reg <= write_data; - end - - if (block8_we) - begin - block8_reg <= write_data; - end - - if (block9_we) - begin - block9_reg <= write_data; - end - - if (block10_we) - begin - block10_reg <= write_data; - end - - if (block11_we) - begin - block11_reg <= write_data; - end - - if (block12_we) - begin - block12_reg <= write_data; - end - - if (block13_we) - begin - block13_reg <= write_data; - end - - if (block14_we) - begin - block14_reg <= write_data; - end - - if (block15_we) - begin - block15_reg <= write_data; - end - + if (block_we) + block_reg[address[3 : 0]] <= write_data; end end // reg_update //---------------------------------------------------------------- - // flag_reset - // - // Logic to reset init and next flags that has been set. - //---------------------------------------------------------------- - always @* - begin : flag_reset - init_new = 0; - init_we = 0; - next_new = 0; - next_we = 0; - - if (init_set) - begin - init_new = 1; - init_we = 1; - end - else if (init_reg) - begin - init_new = 0; - init_we = 1; - end - - if (next_set) - begin - next_new = 1; - next_we = 1; - end - else if (next_reg) - begin - next_new = 0; - next_we = 1; - end - end - - - //---------------------------------------------------------------- // api_logic // // Implementation of the api logic. If cs is enabled will either @@ -416,26 +243,11 @@ module sha256( //---------------------------------------------------------------- always @* begin : api_logic - init_set = 0; - next_set = 0; + init_new = 0; + next_new = 0; mode_new = 0; mode_we = 0; - block0_we = 0; - block1_we = 0; - block2_we = 0; - block3_we = 0; - block4_we = 0; - block5_we = 0; - block6_we = 0; - block7_we = 0; - block8_we = 0; - block9_we = 0; - block10_we = 0; - block11_we = 0; - block12_we = 0; - block13_we = 0; - block14_we = 0; - block15_we = 0; + block_we = 0; state0_we = 0; state1_we = 0; state2_we = 0; @@ -444,105 +256,65 @@ module sha256( state5_we = 0; state6_we = 0; state7_we = 0; - - tmp_read_data = 32'h00000000; + tmp_read_data = 32'h0; tmp_error = 0; if (cs) begin if (we) begin - case (address) - // Write operations. - ADDR_CTRL: - begin - init_set = write_data[CTRL_INIT_BIT]; - next_set = write_data[CTRL_NEXT_BIT]; - mode_new = write_data[CTRL_MODE_BIT]; - mode_we = 1; - end + if (core_ready) + begin - ADDR_BLOCK0: - block0_we = 1; + if ((address >= ADDR_BLOCK0) && (address <= ADDR_BLOCK15)) + block_we = 1; - ADDR_BLOCK1: - block1_we = 1; + case (address) + ADDR_CTRL: + begin + init_new = write_data[CTRL_INIT_BIT]; + next_new = write_data[CTRL_NEXT_BIT]; + mode_new = write_data[CTRL_MODE_BIT]; + mode_we = 1; + end - ADDR_BLOCK2: - block2_we = 1; + ADDR_DIGEST0: + state0_we = 1; - ADDR_BLOCK3: - block3_we = 1; + ADDR_DIGEST1: + state1_we = 1; - ADDR_BLOCK4: - block4_we = 1; + ADDR_DIGEST2: + state2_we = 1; - ADDR_BLOCK5: - block5_we = 1; + ADDR_DIGEST3: + state3_we = 1; - ADDR_BLOCK6: - block6_we = 1; + ADDR_DIGEST4: + state4_we = 1; - ADDR_BLOCK7: - block7_we = 1; + ADDR_DIGEST5: + state5_we = 1; - ADDR_BLOCK8: - block8_we = 1; + ADDR_DIGEST6: + state6_we = 1; - ADDR_BLOCK9: - block9_we = 1; + ADDR_DIGEST7: + state7_we = 1; - ADDR_BLOCK10: - block10_we = 1; - - ADDR_BLOCK11: - block11_we = 1; - - ADDR_BLOCK12: - block12_we = 1; - - ADDR_BLOCK13: - block13_we = 1; - - ADDR_BLOCK14: - block14_we = 1; - - ADDR_BLOCK15: - block15_we = 1; - - ADDR_DIGEST0: - state0_we = 1; - - ADDR_DIGEST1: - state1_we = 1; - - ADDR_DIGEST2: - state2_we = 1; - - ADDR_DIGEST3: - state3_we = 1; - - ADDR_DIGEST4: - state4_we = 1; - - ADDR_DIGEST5: - state5_we = 1; - - ADDR_DIGEST6: - state6_we = 1; - - ADDR_DIGEST7: - state7_we = 1; - - default: - begin - tmp_error = 1; - end - endcase // case (address) + default: + begin + tmp_error = 1; + end + endcase // case (address) + end // if (core_ready) end // if (we) else begin + if ((address >= ADDR_DIGEST0) && (address <= ADDR_DIGEST7)) + tmp_read_data = digest_reg[(7 - (address - ADDR_DIGEST0)) * 32 +: 32]; + case (address) // Read operations. ADDR_NAME0: @@ -554,84 +326,9 @@ module sha256( ADDR_VERSION: tmp_read_data = CORE_VERSION; - ADDR_CTRL: - tmp_read_data = {29'h0, mode_reg, next_reg, init_reg}; - ADDR_STATUS: tmp_read_data = {30'h0, digest_valid_reg, ready_reg}; - ADDR_BLOCK0: - tmp_read_data = block0_reg; - - ADDR_BLOCK1: - tmp_read_data = block1_reg; - - ADDR_BLOCK2: - tmp_read_data = block2_reg; - - ADDR_BLOCK3: - tmp_read_data = block3_reg; - - ADDR_BLOCK4: - tmp_read_data = block4_reg; - - ADDR_BLOCK5: - tmp_read_data = block5_reg; - - ADDR_BLOCK6: - tmp_read_data = block6_reg; - - ADDR_BLOCK7: - tmp_read_data = block7_reg; - - ADDR_BLOCK8: - tmp_read_data = block8_reg; - - ADDR_BLOCK9: - tmp_read_data = block9_reg; - - ADDR_BLOCK10: - tmp_read_data = block10_reg; - - ADDR_BLOCK11: - tmp_read_data = block11_reg; - - ADDR_BLOCK12: - tmp_read_data = block12_reg; - - ADDR_BLOCK13: - tmp_read_data = block13_reg; - - ADDR_BLOCK14: - tmp_read_data = block14_reg; - - ADDR_BLOCK15: - tmp_read_data = block15_reg; - - ADDR_DIGEST0: - tmp_read_data = digest_reg[255 : 224]; - - ADDR_DIGEST1: - tmp_read_data = digest_reg[223 : 192]; - - ADDR_DIGEST2: - tmp_read_data = digest_reg[191 : 160]; - - ADDR_DIGEST3: - tmp_read_data = digest_reg[159 : 128]; - - ADDR_DIGEST4: - tmp_read_data = digest_reg[127 : 96]; - - ADDR_DIGEST5: - tmp_read_data = digest_reg[95 : 64]; - - ADDR_DIGEST6: - tmp_read_data = digest_reg[63 : 32]; - - ADDR_DIGEST7: - tmp_read_data = digest_reg[31 : 0]; - default: begin tmp_error = 1; diff --git a/src/tb/tb_sha256.v b/src/tb/tb_sha256.v index 01aa66e..99bdcfd 100644 --- a/src/tb/tb_sha256.v +++ b/src/tb/tb_sha256.v @@ -182,14 +182,14 @@ module tb_sha256(); $display("Message block:"); $display("block0 = 0x%08x, block1 = 0x%08x, block2 = 0x%08x, block3 = 0x%08x", - dut.block0_reg, dut.block1_reg, dut.block2_reg, dut.block3_reg); + dut.block_reg[0], dut.block_reg[1], dut.block_reg[2], dut.block_reg[3]); $display("block4 = 0x%08x, block5 = 0x%08x, block6 = 0x%08x, block7 = 0x%08x", - dut.block4_reg, dut.block5_reg, dut.block6_reg, dut.block7_reg); + dut.block_reg[4], dut.block_reg[5], dut.block_reg[6], dut.block_reg[7]); $display("block8 = 0x%08x, block9 = 0x%08x, block10 = 0x%08x, block11 = 0x%08x", - dut.block8_reg, dut.block9_reg, dut.block10_reg, dut.block11_reg); + dut.block_reg[8], dut.block_reg[9], dut.block_reg[10], dut.block_reg[11]); $display("block12 = 0x%08x, block13 = 0x%08x, block14 = 0x%08x, block15 = 0x%08x", - dut.block12_reg, dut.block13_reg, dut.block14_reg, dut.block15_reg); + dut.block_reg[12], dut.block_reg[13], dut.block_reg[14], dut.block_reg[15]); $display(""); $display("Digest:"); |