aboutsummaryrefslogtreecommitdiff
path: root/src/rtl
diff options
context:
space:
mode:
authorPaul Selkirk <paul@psgd.org>2021-06-07 14:13:23 -0400
committerPaul Selkirk <paul@psgd.org>2021-06-07 14:13:23 -0400
commit4b8d3a9da9a1d2639dd5d3adeaad55f338ead612 (patch)
tree74e7247843ce9775216432b8c48f2a59f30c3fe4 /src/rtl
parent2e38d480fa2767b2501a477766149476b0d03537 (diff)
Add mode bits for the various flavors of SHA-3, so that the softwaresha3_mode
driver doesn't have to know that the internal block size is actually 1600 bits. This involves having the "init" state zero-extend the block data, and having "next" only absorb the block bits for that mode.
Diffstat (limited to 'src/rtl')
-rw-r--r--src/rtl/sha3.v86
-rw-r--r--src/rtl/sha3_wrapper.v19
2 files changed, 87 insertions, 18 deletions
diff --git a/src/rtl/sha3.v b/src/rtl/sha3.v
index a8b41bc..31b6465 100644
--- a/src/rtl/sha3.v
+++ b/src/rtl/sha3.v
@@ -44,20 +44,23 @@
`define SHA3_NUM_ROUNDS 5'd24
module sha3( input wire clk,
- input wire nreset,
- input wire w,
- input wire [ 8:2] addr,
- input wire [32-1:0] din,
+ input wire nreset,
+ input wire w,
+ input wire [ 8:2] addr,
+ input wire [32-1:0] din,
output wire [32-1:0] dout,
- input wire init,
- input wire next,
- output wire ready);
+ input wire init,
+ input wire next,
+ input wire [ 1:0] mode,
+ output wire ready);
- /* The SHA-3 algorithm really wants everything to be little-endian,
+ /*
+ * The SHA-3 algorithm really wants everything to be little-endian,
* which is at odds with everything else in our system (including the
* register interface to sha3_wrapper). Rather than trying to rewrite
- * Bernd's beautiful code, we'll just byte-swap all I/O.
+ * Bernd's beautiful code, I'll isolate it in its own little-endian
+ * universe by byte-swapping all reads and writes.
*/
reg [31:0] dout_swap;
@@ -193,10 +196,69 @@ module sha3( input wire clk,
round <= round + 'd1;
- end else if (init || next) begin
+ end else if (init) begin
+
+ /*
+ * I'd like to have something concise like this,
+ * but the tools don't like it.
+
+ for (i = 0; i < blksize[mode]; i = i + 1)
+ st[i] <= st[i];
+
+ for (i < blksize[mode]; i < 25; i = i + 1)
+ st[i] <= 64'h0;
+
+ */
+
+ case (mode)
+ 0: begin
+ for (i = 0; i < 18; i = i + 1)
+ st[i] <= blk[i];
+ for (i = 18; i < 25; i = i + 1)
+ st[i] <= 64'h0;
+ end
+ 1: begin
+ for (i = 0; i < 17; i = i + 1)
+ st[i] <= blk[i];
+ for (i = 17; i < 25; i = i + 1)
+ st[i] <= 64'h0;
+ end
+ 2: begin
+ for (i = 0; i < 13; i = i + 1)
+ st[i] <= blk[i];
+ for (i = 13; i < 25; i = i + 1)
+ st[i] <= 64'h0;
+ end
+ 3: begin
+ for (i = 0; i < 9; i = i + 1)
+ st[i] <= blk[i];
+ for (i = 9; i < 25; i = i + 1)
+ st[i] <= 64'h0;
+ end
+ endcase
- for (i=0; i<25; i=i+1)
- st[i] <= init ? blk[i] : st[i] ^ blk[i]; // init has priority over next
+ round <= 'd0;
+
+ end else if (next) begin
+
+ case (mode)
+ 0: begin
+ for (i = 0; i < 18; i = i + 1)
+ st[i] <= st[i] ^ blk[i];
+ end
+ 1: begin
+ for (i = 0; i < 17; i = i + 1)
+ st[i] <= st[i] ^ blk[i];
+ end
+ 2: begin
+ for (i = 0; i < 13; i = i + 1)
+ st[i] <= st[i] ^ blk[i];
+ end
+ 3: begin
+ for (i = 0; i < 9; i = i + 1)
+ st[i] <= st[i] ^ blk[i];
+ end
+ endcase
round <= 'd0;
diff --git a/src/rtl/sha3_wrapper.v b/src/rtl/sha3_wrapper.v
index f3dc554..91223f8 100644
--- a/src/rtl/sha3_wrapper.v
+++ b/src/rtl/sha3_wrapper.v
@@ -73,6 +73,8 @@ module sha3_wrapper
localparam CONTROL_INIT_BIT = 0;
localparam CONTROL_NEXT_BIT = 1;
+ localparam CONTROL_MODE_LOW_BIT = 2;
+ localparam CONTROL_MODE_HIGH_BIT = 3;
// localparam STATUS_READY_BIT = 0; -- hardcoded to always read 1
localparam STATUS_VALID_BIT = 1;
@@ -85,8 +87,8 @@ module sha3_wrapper
//
// Registers
//
- reg [ 1:0] reg_control;
- reg [ 1:0] reg_control_prev;
+ reg [ 3:0] reg_control;
+ reg [ 3:0] reg_control_prev;
//
@@ -98,6 +100,10 @@ module sha3_wrapper
wire reg_control_next_posedge =
reg_control[CONTROL_NEXT_BIT] & ~reg_control_prev[CONTROL_NEXT_BIT];
+ wire [1:0] reg_control_mode_posedge =
+ reg_control[CONTROL_MODE_HIGH_BIT:CONTROL_MODE_LOW_BIT] &
+ ~reg_control_prev[CONTROL_MODE_HIGH_BIT:CONTROL_MODE_LOW_BIT];
+
//
// Wires
@@ -115,6 +121,7 @@ module sha3_wrapper
.init (reg_control_init_posedge),
.next (reg_control_next_posedge),
+ .mode (reg_control_mode_posedge),
.ready (reg_status_valid),
@@ -136,7 +143,7 @@ module sha3_wrapper
//
always @(posedge clk)
//
- if (!rst_n) reg_control_prev <= 2'b00;
+ if (!rst_n) reg_control_prev <= 4'b00;
else reg_control_prev <= reg_control;
@@ -147,7 +154,7 @@ module sha3_wrapper
//
if (!rst_n) begin
//
- reg_control <= 2'b00;
+ reg_control <= 4'b00;
//
end else if (cs && we && (addr_msb == ADDR_MSB_REGS)) begin
//
@@ -155,7 +162,7 @@ module sha3_wrapper
//
case (addr_lsb)
//
- ADDR_CONTROL: reg_control <= write_data[CONTROL_NEXT_BIT:CONTROL_INIT_BIT];
+ ADDR_CONTROL: reg_control <= write_data[CONTROL_MODE_HIGH_BIT:CONTROL_INIT_BIT];
//
endcase
//
@@ -171,7 +178,7 @@ module sha3_wrapper
ADDR_NAME0: tmp_read_data = CORE_NAME0;
ADDR_NAME1: tmp_read_data = CORE_NAME1;
ADDR_VERSION: tmp_read_data = CORE_VERSION;
- ADDR_CONTROL: tmp_read_data = {{30{1'b0}}, reg_control};
+ ADDR_CONTROL: tmp_read_data = {{28{1'b0}}, reg_control};
ADDR_STATUS: tmp_read_data = {{30{1'b0}}, reg_status_valid, 1'b1};
//
default: tmp_read_data = 32'h00000000;