aboutsummaryrefslogtreecommitdiff
path: root/README.md
blob: 1790058d7f786978d026d2582c6d9cb64c8a59e3 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

   

sha256

Hardware implementation of the SHA-256 cryptographic hash function. The implementation is written in Verilog 2001 compliant code. The implementation includes a core and a wrapper that provides a 32-bit interface for simple integration. There is also an alternative wrapper that implements a Wishbone compliant interface.

This is a low area implementation that iterates over the rounds but there is no sharing of operations such as adders.

The hardware implementation is complemented by a functional model written in Python.

Implementation details

The sha256 is divided into the following sections. - src/rtl - RTL source files - src/tb - Testbenches for the RTL files - src/model/python - Functional model written in python - doc - documentation (currently not done.) - toolruns - Where tools are supposed to be run. Includes a Makefile for building and simulating the design using Icarus Verilog

The actual core consists of the following files: - sha256_core.v - The core itself with wide interfaces. - sha256_w_mem.v - W message block memort and expansion logic. - sha256_k_constants.v - K constants ROM memory.

The top level entity is called sha256_core. This entity has wide interfaces (512 bit block input, 256 bit digest). In order to make it usable you probably want to wrap the core with a bus interface.

Unless you want to provide your own interface you therefore also need to select one top level wrapper. There are two wrappers provided: - sha256.v - A wrapper with a 32-bit memory like interface. - wb_sha256.v - A wrapper that implements a Wishbone interface.

Do not include both wrappers in the same project.

The core (sha256_core) will sample all data inputs when given the init or next signal. the wrappers provided contains additional data registers. This allows you to load a new block while the core is processing the previous block.

The W-memory scheduler is based on 16 32-bit registers. Thee registers are loaded with the current block. After 16 rounds the contents of the registers slide through the registers r5..r0 while the new W word is inserted at r15 as well as being returned to the core.

FPGA-results

Altera Cyclone FPGAs

Implementation results using Altera Quartus-II 13.1.

Cyclone IV E - EP4CE6F17C6 - 3882 LEs - 1813 registers - 74 MHz - 66 cycles latency

Cyclone IV GX - EP4CGX22CF19C6 - 3773 LEs - 1813 registers - 76 MHz - 66 cycles latency

Cyclone V - 5CGXFC7C7F23C8 - 1469 ALMs - 1813 registers - 79 MHz - 66 cycles latency

Xilinx Artix-7 FPGAs

Implementation results using Xilinx ISE 14.7 This implementation includes pipeline regsisters.

  • xc7a200t-1fbg484
  • 2229 Slice LUTs
  • 775 Slices
  • 1935 registers
  • 101 MHz
  • 130 cycles latency

TODO

  • Extensive verification in physical device.
  • Complete documentation.

Status

(2016-05-31)

The core now supports both sha224 and sha256 modes. The default mode is sha256.

NOTE: The mode bit is located in the ADDR_CTRL API register and this means that when writing to this register to start processing a block, care must be taken to set the mode bit to the intended mode. This means that old code that for example simply wrote 0x01 to initiate SHA256 processing will now initiate SHA224 processing. Writing 0x05 will now initiate SHA256 processing.

The API version has been bumped a major number to reflect this change.

Regarding SHA224, it is up to the user to only read seven, not eight words from the digest registers. The core will update the LSW too.

(2013-02-23)

Cleanup, more results etc. Move all wmem update logic to a separate process for a cleaner code.

(2014-02-22)

Redesigned the W-memory into a sliding window solution. This not only removed 48 32-registers but also several muxes and address decoders.

The old implementation resources and performance: - 9587 LEs - 3349 registers - 73 MHz - 66 cycles latency

The new implementation resources and performance: - 3765 LEs - 1813 registers - 76 MHz - 66 cycles latency

(2014-02-19) - The core has been added to the Cryptech repo. The core comes from https://github.com/secworks/sha256