diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/rtl/sha3.v | 310 | ||||
-rw-r--r-- | src/rtl/sha3_wrapper.v | 40 |
2 files changed, 175 insertions, 175 deletions
diff --git a/src/rtl/sha3.v b/src/rtl/sha3.v index ab18ca0..b01d50c 100644 --- a/src/rtl/sha3.v +++ b/src/rtl/sha3.v @@ -41,161 +41,161 @@ `define pilni(i) ((piln>>((23-i)*5)) & 5'h1f)
`define rndci(i) ((rndc>>((23-i)*64)) & 64'hffffffffffffffff)
-`define SHA3_NUM_ROUNDS 5'd24
-
-module sha3( input wire clk,
- nreset,
- w,
- input wire [ 8:2] addr,
- input wire [32-1:0] din,
- output reg [32-1:0] dout,
- input wire init,
- input wire next,
- output wire ready);
-
- integer i, j;
-
- reg [64-1:0] blk[0:24], // input block
- st [0:24], // current state
- stn[0:24], // new state
- bc [0: 4], // intermediate values
- t; // temporary variable
-
- reg [ 4:0] round; // counter value
-
-
- localparam [ 4: 0] roundlimit = `SHA3_NUM_ROUNDS - 'b1;
-
-
- localparam [24*6-1:0] rotc =
- { 6'h01, 6'h03, 6'h06, 6'h0A, 6'h0F, 6'h15,
- 6'h1C, 6'h24, 6'h2D, 6'h37, 6'h02, 6'h0E,
- 6'h1B, 6'h29, 6'h38, 6'h08, 6'h19, 6'h2B,
- 6'h3E, 6'h12, 6'h27, 6'h3D, 6'h14, 6'h2C};
-
- localparam [24*5-1:0] piln =
- { 5'h0A, 5'h07, 5'h0B, 5'h11, 5'h12, 5'h03,
- 5'h05, 5'h10, 5'h08, 5'h15, 5'h18, 5'h04,
- 5'h0F, 5'h17, 5'h13, 5'h0D, 5'h0C, 5'h02,
- 5'h14, 5'h0E, 5'h16, 5'h09, 5'h06, 5'h01};
-
- localparam [24*64-1:0] rndc =
- { 64'h0000000000000001, 64'h0000000000008082,
- 64'h800000000000808a, 64'h8000000080008000,
- 64'h000000000000808b, 64'h0000000080000001,
- 64'h8000000080008081, 64'h8000000000008009,
- 64'h000000000000008a, 64'h0000000000000088,
- 64'h0000000080008009, 64'h000000008000000a,
- 64'h000000008000808b, 64'h800000000000008b,
- 64'h8000000000008089, 64'h8000000000008003,
- 64'h8000000000008002, 64'h8000000000000080,
- 64'h000000000000800a, 64'h800000008000000a,
- 64'h8000000080008081, 64'h8000000000008080,
- 64'h0000000080000001, 64'h8000000080008008};
-
- /* input block buffer is mapped to the lower half of the
- address space, sponge state is mapped to the upper one */
-
- /* the lowest address bit determines what part of 64-bit word to return */
-
- always @(posedge clk)
- //
- dout <= addr[8] ?
- (~addr[2] ? st [addr[7:3]][31:0] : st [addr[7:3]][63:32]) :
- (~addr[2] ? blk[addr[7:3]][31:0] : blk[addr[7:3]][63:32]) ;
-
-
- always @* begin
-
- // theta1
- for (i=0; i<25; i=i+1)
- stn[i] = st[i];
-
- for (i=0; i<5; i=i+1)
- bc[i] = stn[i] ^ stn[i+5] ^ stn[i+10] ^ stn[i+15] ^ stn[i+20];
-
- // theta2
- for (i=0; i<5; i=i+1) begin
-
- t = bc[(i+4)%5] ^ `rotl64(bc[(i+1)%5], 1);
-
- for(j=i; j<25; j=j+5)
- stn[j] = t ^ stn[j];
- end
-
- // rophi
- t = stn[1];
- for(i=0; i<24; i=i+1) begin
- j = `pilni(i);
- { stn[j], t } = { `rotl64(t, `rotci(i)), stn[j] };
- end
-
- // chi
- for (j=0; j<25; j=j+5) begin
-
- for (i=0; i<5; i=i+1)
- bc[i] = stn[j + i];
-
- for (i=0; i<5; i=i+1)
- stn[j+i] = stn[j+i] ^ (~bc[(i+1)%5] & bc[(i+2)%5]);
- end
-
- // iota
- stn[0] = stn[0] ^ `rndci(round);
- end
-
-
- /* ready flag logic */
-
- reg ready_reg = 'b1;
- assign ready = ready_reg;
-
- always @(posedge clk or negedge nreset)
- //
- if (!nreset) ready_reg <= 'b1;
- else begin
- if (ready) ready_reg <= !(init || next);
- else ready_reg <= !(round < roundlimit);
- end
-
- /* state update logic */
- always @(posedge clk or negedge nreset)
- //
- if (!nreset) begin
-
- for (i=0; i<25; i=i+1) begin
- st[i] <= 64'hX; // wipe state
- blk[i] <= 64'h0; // wipe block
- end
-
- round <= `SHA3_NUM_ROUNDS;
-
- end else begin
-
- if (!ready) begin
-
- for (i=0; i<25; i=i+1)
- st[i] <= stn[i];
-
- round <= round + 'd1;
-
- end else if (init || next) begin
-
- for (i=0; i<25; i=i+1)
- st[i] <= init ? blk[i] : st[i] ^ blk[i]; // init has priority over next
-
- round <= 'd0;
-
- end
-
- if (w && !addr[8]) // only the first half of memory is writeable
- //
- case (addr[2])
- 1: blk[addr[7:3]][63:32] <= din;
- 0: blk[addr[7:3]][31: 0] <= din;
- endcase // case (addr[2])
-
- end
+`define SHA3_NUM_ROUNDS 5'd24
+
+module sha3( input wire clk,
+ input wire nreset,
+ input wire w,
+ input wire [ 8:2] addr,
+ input wire [32-1:0] din,
+ output reg [32-1:0] dout,
+ input wire init,
+ input wire next,
+ output wire ready);
+
+ integer i, j;
+
+ reg [64-1:0] blk[0:24], // input block
+ st [0:24], // current state
+ stn[0:24], // new state
+ bc [0: 4], // intermediate values
+ t; // temporary variable
+
+ reg [ 4:0] round; // counter value
+
+
+ localparam [ 4: 0] roundlimit = `SHA3_NUM_ROUNDS - 'b1;
+
+
+ localparam [24*6-1:0] rotc =
+ { 6'h01, 6'h03, 6'h06, 6'h0A, 6'h0F, 6'h15,
+ 6'h1C, 6'h24, 6'h2D, 6'h37, 6'h02, 6'h0E,
+ 6'h1B, 6'h29, 6'h38, 6'h08, 6'h19, 6'h2B,
+ 6'h3E, 6'h12, 6'h27, 6'h3D, 6'h14, 6'h2C};
+
+ localparam [24*5-1:0] piln =
+ { 5'h0A, 5'h07, 5'h0B, 5'h11, 5'h12, 5'h03,
+ 5'h05, 5'h10, 5'h08, 5'h15, 5'h18, 5'h04,
+ 5'h0F, 5'h17, 5'h13, 5'h0D, 5'h0C, 5'h02,
+ 5'h14, 5'h0E, 5'h16, 5'h09, 5'h06, 5'h01};
+
+ localparam [24*64-1:0] rndc =
+ { 64'h0000000000000001, 64'h0000000000008082,
+ 64'h800000000000808a, 64'h8000000080008000,
+ 64'h000000000000808b, 64'h0000000080000001,
+ 64'h8000000080008081, 64'h8000000000008009,
+ 64'h000000000000008a, 64'h0000000000000088,
+ 64'h0000000080008009, 64'h000000008000000a,
+ 64'h000000008000808b, 64'h800000000000008b,
+ 64'h8000000000008089, 64'h8000000000008003,
+ 64'h8000000000008002, 64'h8000000000000080,
+ 64'h000000000000800a, 64'h800000008000000a,
+ 64'h8000000080008081, 64'h8000000000008080,
+ 64'h0000000080000001, 64'h8000000080008008};
+
+ /* input block buffer is mapped to the lower half of the
+ address space, sponge state is mapped to the upper one */
+
+ /* the lowest address bit determines what part of 64-bit word to return */
+
+ always @(posedge clk)
+ //
+ dout <= addr[8] ?
+ (~addr[2] ? st [addr[7:3]][31:0] : st [addr[7:3]][63:32]) :
+ (~addr[2] ? blk[addr[7:3]][31:0] : blk[addr[7:3]][63:32]) ;
+
+
+ always @* begin
+
+ // theta1
+ for (i=0; i<25; i=i+1)
+ stn[i] = st[i];
+
+ for (i=0; i<5; i=i+1)
+ bc[i] = stn[i] ^ stn[i+5] ^ stn[i+10] ^ stn[i+15] ^ stn[i+20];
+
+ // theta2
+ for (i=0; i<5; i=i+1) begin
+
+ t = bc[(i+4)%5] ^ `rotl64(bc[(i+1)%5], 1);
+
+ for(j=i; j<25; j=j+5)
+ stn[j] = t ^ stn[j];
+ end
+
+ // rophi
+ t = stn[1];
+ for(i=0; i<24; i=i+1) begin
+ j = `pilni(i);
+ { stn[j], t } = { `rotl64(t, `rotci(i)), stn[j] };
+ end
+
+ // chi
+ for (j=0; j<25; j=j+5) begin
+
+ for (i=0; i<5; i=i+1)
+ bc[i] = stn[j + i];
+
+ for (i=0; i<5; i=i+1)
+ stn[j+i] = stn[j+i] ^ (~bc[(i+1)%5] & bc[(i+2)%5]);
+ end
+
+ // iota
+ stn[0] = stn[0] ^ `rndci(round);
+ end
+
+
+ /* ready flag logic */
+
+ reg ready_reg = 'b1;
+ assign ready = ready_reg;
+
+ always @(posedge clk or negedge nreset)
+ //
+ if (!nreset) ready_reg <= 'b1;
+ else begin
+ if (ready) ready_reg <= !(init || next);
+ else ready_reg <= !(round < roundlimit);
+ end
+
+ /* state update logic */
+ always @(posedge clk or negedge nreset)
+ //
+ if (!nreset) begin
+
+ for (i=0; i<25; i=i+1) begin
+ st[i] <= 64'hX; // wipe state
+ blk[i] <= 64'h0; // wipe block
+ end
+
+ round <= `SHA3_NUM_ROUNDS;
+
+ end else begin
+
+ if (!ready) begin
+
+ for (i=0; i<25; i=i+1)
+ st[i] <= stn[i];
+
+ round <= round + 'd1;
+
+ end else if (init || next) begin
+
+ for (i=0; i<25; i=i+1)
+ st[i] <= init ? blk[i] : st[i] ^ blk[i]; // init has priority over next
+
+ round <= 'd0;
+
+ end
+
+ if (w && !addr[8]) // only the first half of memory is writeable
+ //
+ case (addr[2])
+ 1: blk[addr[7:3]][63:32] <= din;
+ 0: blk[addr[7:3]][31: 0] <= din;
+ endcase // case (addr[2])
+
+ end
endmodule // sha3
diff --git a/src/rtl/sha3_wrapper.v b/src/rtl/sha3_wrapper.v index 9140b08..c19f64f 100644 --- a/src/rtl/sha3_wrapper.v +++ b/src/rtl/sha3_wrapper.v @@ -48,8 +48,8 @@ module sha3_wrapper // Address Decoder // localparam ADDR_MSB_REGS = 1'b0; - localparam ADDR_MSB_CORE = 1'b1; - + localparam ADDR_MSB_CORE = 1'b1; + wire [0:0] addr_msb = address[7]; wire [6:0] addr_lsb = address[6:0]; @@ -71,7 +71,7 @@ module sha3_wrapper localparam ADDR_CONTROL = 5'h08; // {next, init} localparam ADDR_STATUS = 5'h09; // {valid, ready} - localparam CONTROL_INIT_BIT = 0; + localparam CONTROL_INIT_BIT = 0; localparam CONTROL_NEXT_BIT = 1; // localparam STATUS_READY_BIT = 0; -- hardcoded to always read 1 @@ -86,17 +86,17 @@ module sha3_wrapper // Registers // reg [ 1:0] reg_control; - reg [ 1:0] reg_control_prev; - - - // - // Flags - // - wire reg_control_init_posedge = - reg_control[CONTROL_INIT_BIT] & ~reg_control_prev[CONTROL_INIT_BIT]; + reg [ 1:0] reg_control_prev; + + + // + // Flags + // + wire reg_control_init_posedge = + reg_control[CONTROL_INIT_BIT] & ~reg_control_prev[CONTROL_INIT_BIT]; - wire reg_control_next_posedge = - reg_control[CONTROL_NEXT_BIT] & ~reg_control_prev[CONTROL_NEXT_BIT]; + wire reg_control_next_posedge = + reg_control[CONTROL_NEXT_BIT] & ~reg_control_prev[CONTROL_NEXT_BIT]; // @@ -109,11 +109,11 @@ module sha3_wrapper // SHA-3 // sha3 sha3_inst - ( + ( .clk (clk), - .nreset (rst_n), + .nreset (rst_n), - .init (reg_control_init_posedge), + .init (reg_control_init_posedge), .next (reg_control_next_posedge), .ready (reg_status_valid), @@ -122,7 +122,7 @@ module sha3_wrapper .addr (addr_lsb), .din (write_data), .dout (read_data_core) - ); + ); // @@ -136,8 +136,8 @@ module sha3_wrapper // always @(posedge clk) // - if (!rst_n) reg_control_prev <= 2'b00; - else reg_control_prev <= reg_control; + if (!rst_n) reg_control_prev <= 2'b00; + else reg_control_prev <= reg_control; // @@ -188,7 +188,7 @@ module sha3_wrapper reg addr_msb_last; always @(posedge clk) addr_msb_last <= addr_msb; - assign read_data = (addr_msb_last == ADDR_MSB_REGS) ? tmp_read_data : read_data_core; + assign read_data = (addr_msb_last == ADDR_MSB_REGS) ? tmp_read_data : read_data_core; endmodule |