aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/rtl/sha3.v310
-rw-r--r--src/rtl/sha3_wrapper.v40
2 files changed, 175 insertions, 175 deletions
diff --git a/src/rtl/sha3.v b/src/rtl/sha3.v
index ab18ca0..b01d50c 100644
--- a/src/rtl/sha3.v
+++ b/src/rtl/sha3.v
@@ -41,161 +41,161 @@
`define pilni(i) ((piln>>((23-i)*5)) & 5'h1f)
`define rndci(i) ((rndc>>((23-i)*64)) & 64'hffffffffffffffff)
-`define SHA3_NUM_ROUNDS 5'd24
-
-module sha3( input wire clk,
- nreset,
- w,
- input wire [ 8:2] addr,
- input wire [32-1:0] din,
- output reg [32-1:0] dout,
- input wire init,
- input wire next,
- output wire ready);
-
- integer i, j;
-
- reg [64-1:0] blk[0:24], // input block
- st [0:24], // current state
- stn[0:24], // new state
- bc [0: 4], // intermediate values
- t; // temporary variable
-
- reg [ 4:0] round; // counter value
-
-
- localparam [ 4: 0] roundlimit = `SHA3_NUM_ROUNDS - 'b1;
-
-
- localparam [24*6-1:0] rotc =
- { 6'h01, 6'h03, 6'h06, 6'h0A, 6'h0F, 6'h15,
- 6'h1C, 6'h24, 6'h2D, 6'h37, 6'h02, 6'h0E,
- 6'h1B, 6'h29, 6'h38, 6'h08, 6'h19, 6'h2B,
- 6'h3E, 6'h12, 6'h27, 6'h3D, 6'h14, 6'h2C};
-
- localparam [24*5-1:0] piln =
- { 5'h0A, 5'h07, 5'h0B, 5'h11, 5'h12, 5'h03,
- 5'h05, 5'h10, 5'h08, 5'h15, 5'h18, 5'h04,
- 5'h0F, 5'h17, 5'h13, 5'h0D, 5'h0C, 5'h02,
- 5'h14, 5'h0E, 5'h16, 5'h09, 5'h06, 5'h01};
-
- localparam [24*64-1:0] rndc =
- { 64'h0000000000000001, 64'h0000000000008082,
- 64'h800000000000808a, 64'h8000000080008000,
- 64'h000000000000808b, 64'h0000000080000001,
- 64'h8000000080008081, 64'h8000000000008009,
- 64'h000000000000008a, 64'h0000000000000088,
- 64'h0000000080008009, 64'h000000008000000a,
- 64'h000000008000808b, 64'h800000000000008b,
- 64'h8000000000008089, 64'h8000000000008003,
- 64'h8000000000008002, 64'h8000000000000080,
- 64'h000000000000800a, 64'h800000008000000a,
- 64'h8000000080008081, 64'h8000000000008080,
- 64'h0000000080000001, 64'h8000000080008008};
-
- /* input block buffer is mapped to the lower half of the
- address space, sponge state is mapped to the upper one */
-
- /* the lowest address bit determines what part of 64-bit word to return */
-
- always @(posedge clk)
- //
- dout <= addr[8] ?
- (~addr[2] ? st [addr[7:3]][31:0] : st [addr[7:3]][63:32]) :
- (~addr[2] ? blk[addr[7:3]][31:0] : blk[addr[7:3]][63:32]) ;
-
-
- always @* begin
-
- // theta1
- for (i=0; i<25; i=i+1)
- stn[i] = st[i];
-
- for (i=0; i<5; i=i+1)
- bc[i] = stn[i] ^ stn[i+5] ^ stn[i+10] ^ stn[i+15] ^ stn[i+20];
-
- // theta2
- for (i=0; i<5; i=i+1) begin
-
- t = bc[(i+4)%5] ^ `rotl64(bc[(i+1)%5], 1);
-
- for(j=i; j<25; j=j+5)
- stn[j] = t ^ stn[j];
- end
-
- // rophi
- t = stn[1];
- for(i=0; i<24; i=i+1) begin
- j = `pilni(i);
- { stn[j], t } = { `rotl64(t, `rotci(i)), stn[j] };
- end
-
- // chi
- for (j=0; j<25; j=j+5) begin
-
- for (i=0; i<5; i=i+1)
- bc[i] = stn[j + i];
-
- for (i=0; i<5; i=i+1)
- stn[j+i] = stn[j+i] ^ (~bc[(i+1)%5] & bc[(i+2)%5]);
- end
-
- // iota
- stn[0] = stn[0] ^ `rndci(round);
- end
-
-
- /* ready flag logic */
-
- reg ready_reg = 'b1;
- assign ready = ready_reg;
-
- always @(posedge clk or negedge nreset)
- //
- if (!nreset) ready_reg <= 'b1;
- else begin
- if (ready) ready_reg <= !(init || next);
- else ready_reg <= !(round < roundlimit);
- end
-
- /* state update logic */
- always @(posedge clk or negedge nreset)
- //
- if (!nreset) begin
-
- for (i=0; i<25; i=i+1) begin
- st[i] <= 64'hX; // wipe state
- blk[i] <= 64'h0; // wipe block
- end
-
- round <= `SHA3_NUM_ROUNDS;
-
- end else begin
-
- if (!ready) begin
-
- for (i=0; i<25; i=i+1)
- st[i] <= stn[i];
-
- round <= round + 'd1;
-
- end else if (init || next) begin
-
- for (i=0; i<25; i=i+1)
- st[i] <= init ? blk[i] : st[i] ^ blk[i]; // init has priority over next
-
- round <= 'd0;
-
- end
-
- if (w && !addr[8]) // only the first half of memory is writeable
- //
- case (addr[2])
- 1: blk[addr[7:3]][63:32] <= din;
- 0: blk[addr[7:3]][31: 0] <= din;
- endcase // case (addr[2])
-
- end
+`define SHA3_NUM_ROUNDS 5'd24
+
+module sha3( input wire clk,
+ input wire nreset,
+ input wire w,
+ input wire [ 8:2] addr,
+ input wire [32-1:0] din,
+ output reg [32-1:0] dout,
+ input wire init,
+ input wire next,
+ output wire ready);
+
+ integer i, j;
+
+ reg [64-1:0] blk[0:24], // input block
+ st [0:24], // current state
+ stn[0:24], // new state
+ bc [0: 4], // intermediate values
+ t; // temporary variable
+
+ reg [ 4:0] round; // counter value
+
+
+ localparam [ 4: 0] roundlimit = `SHA3_NUM_ROUNDS - 'b1;
+
+
+ localparam [24*6-1:0] rotc =
+ { 6'h01, 6'h03, 6'h06, 6'h0A, 6'h0F, 6'h15,
+ 6'h1C, 6'h24, 6'h2D, 6'h37, 6'h02, 6'h0E,
+ 6'h1B, 6'h29, 6'h38, 6'h08, 6'h19, 6'h2B,
+ 6'h3E, 6'h12, 6'h27, 6'h3D, 6'h14, 6'h2C};
+
+ localparam [24*5-1:0] piln =
+ { 5'h0A, 5'h07, 5'h0B, 5'h11, 5'h12, 5'h03,
+ 5'h05, 5'h10, 5'h08, 5'h15, 5'h18, 5'h04,
+ 5'h0F, 5'h17, 5'h13, 5'h0D, 5'h0C, 5'h02,
+ 5'h14, 5'h0E, 5'h16, 5'h09, 5'h06, 5'h01};
+
+ localparam [24*64-1:0] rndc =
+ { 64'h0000000000000001, 64'h0000000000008082,
+ 64'h800000000000808a, 64'h8000000080008000,
+ 64'h000000000000808b, 64'h0000000080000001,
+ 64'h8000000080008081, 64'h8000000000008009,
+ 64'h000000000000008a, 64'h0000000000000088,
+ 64'h0000000080008009, 64'h000000008000000a,
+ 64'h000000008000808b, 64'h800000000000008b,
+ 64'h8000000000008089, 64'h8000000000008003,
+ 64'h8000000000008002, 64'h8000000000000080,
+ 64'h000000000000800a, 64'h800000008000000a,
+ 64'h8000000080008081, 64'h8000000000008080,
+ 64'h0000000080000001, 64'h8000000080008008};
+
+ /* input block buffer is mapped to the lower half of the
+ address space, sponge state is mapped to the upper one */
+
+ /* the lowest address bit determines what part of 64-bit word to return */
+
+ always @(posedge clk)
+ //
+ dout <= addr[8] ?
+ (~addr[2] ? st [addr[7:3]][31:0] : st [addr[7:3]][63:32]) :
+ (~addr[2] ? blk[addr[7:3]][31:0] : blk[addr[7:3]][63:32]) ;
+
+
+ always @* begin
+
+ // theta1
+ for (i=0; i<25; i=i+1)
+ stn[i] = st[i];
+
+ for (i=0; i<5; i=i+1)
+ bc[i] = stn[i] ^ stn[i+5] ^ stn[i+10] ^ stn[i+15] ^ stn[i+20];
+
+ // theta2
+ for (i=0; i<5; i=i+1) begin
+
+ t = bc[(i+4)%5] ^ `rotl64(bc[(i+1)%5], 1);
+
+ for(j=i; j<25; j=j+5)
+ stn[j] = t ^ stn[j];
+ end
+
+ // rophi
+ t = stn[1];
+ for(i=0; i<24; i=i+1) begin
+ j = `pilni(i);
+ { stn[j], t } = { `rotl64(t, `rotci(i)), stn[j] };
+ end
+
+ // chi
+ for (j=0; j<25; j=j+5) begin
+
+ for (i=0; i<5; i=i+1)
+ bc[i] = stn[j + i];
+
+ for (i=0; i<5; i=i+1)
+ stn[j+i] = stn[j+i] ^ (~bc[(i+1)%5] & bc[(i+2)%5]);
+ end
+
+ // iota
+ stn[0] = stn[0] ^ `rndci(round);
+ end
+
+
+ /* ready flag logic */
+
+ reg ready_reg = 'b1;
+ assign ready = ready_reg;
+
+ always @(posedge clk or negedge nreset)
+ //
+ if (!nreset) ready_reg <= 'b1;
+ else begin
+ if (ready) ready_reg <= !(init || next);
+ else ready_reg <= !(round < roundlimit);
+ end
+
+ /* state update logic */
+ always @(posedge clk or negedge nreset)
+ //
+ if (!nreset) begin
+
+ for (i=0; i<25; i=i+1) begin
+ st[i] <= 64'hX; // wipe state
+ blk[i] <= 64'h0; // wipe block
+ end
+
+ round <= `SHA3_NUM_ROUNDS;
+
+ end else begin
+
+ if (!ready) begin
+
+ for (i=0; i<25; i=i+1)
+ st[i] <= stn[i];
+
+ round <= round + 'd1;
+
+ end else if (init || next) begin
+
+ for (i=0; i<25; i=i+1)
+ st[i] <= init ? blk[i] : st[i] ^ blk[i]; // init has priority over next
+
+ round <= 'd0;
+
+ end
+
+ if (w && !addr[8]) // only the first half of memory is writeable
+ //
+ case (addr[2])
+ 1: blk[addr[7:3]][63:32] <= din;
+ 0: blk[addr[7:3]][31: 0] <= din;
+ endcase // case (addr[2])
+
+ end
endmodule // sha3
diff --git a/src/rtl/sha3_wrapper.v b/src/rtl/sha3_wrapper.v
index 9140b08..c19f64f 100644
--- a/src/rtl/sha3_wrapper.v
+++ b/src/rtl/sha3_wrapper.v
@@ -48,8 +48,8 @@ module sha3_wrapper
// Address Decoder
//
localparam ADDR_MSB_REGS = 1'b0;
- localparam ADDR_MSB_CORE = 1'b1;
-
+ localparam ADDR_MSB_CORE = 1'b1;
+
wire [0:0] addr_msb = address[7];
wire [6:0] addr_lsb = address[6:0];
@@ -71,7 +71,7 @@ module sha3_wrapper
localparam ADDR_CONTROL = 5'h08; // {next, init}
localparam ADDR_STATUS = 5'h09; // {valid, ready}
- localparam CONTROL_INIT_BIT = 0;
+ localparam CONTROL_INIT_BIT = 0;
localparam CONTROL_NEXT_BIT = 1;
// localparam STATUS_READY_BIT = 0; -- hardcoded to always read 1
@@ -86,17 +86,17 @@ module sha3_wrapper
// Registers
//
reg [ 1:0] reg_control;
- reg [ 1:0] reg_control_prev;
-
-
- //
- // Flags
- //
- wire reg_control_init_posedge =
- reg_control[CONTROL_INIT_BIT] & ~reg_control_prev[CONTROL_INIT_BIT];
+ reg [ 1:0] reg_control_prev;
+
+
+ //
+ // Flags
+ //
+ wire reg_control_init_posedge =
+ reg_control[CONTROL_INIT_BIT] & ~reg_control_prev[CONTROL_INIT_BIT];
- wire reg_control_next_posedge =
- reg_control[CONTROL_NEXT_BIT] & ~reg_control_prev[CONTROL_NEXT_BIT];
+ wire reg_control_next_posedge =
+ reg_control[CONTROL_NEXT_BIT] & ~reg_control_prev[CONTROL_NEXT_BIT];
//
@@ -109,11 +109,11 @@ module sha3_wrapper
// SHA-3
//
sha3 sha3_inst
- (
+ (
.clk (clk),
- .nreset (rst_n),
+ .nreset (rst_n),
- .init (reg_control_init_posedge),
+ .init (reg_control_init_posedge),
.next (reg_control_next_posedge),
.ready (reg_status_valid),
@@ -122,7 +122,7 @@ module sha3_wrapper
.addr (addr_lsb),
.din (write_data),
.dout (read_data_core)
- );
+ );
//
@@ -136,8 +136,8 @@ module sha3_wrapper
//
always @(posedge clk)
//
- if (!rst_n) reg_control_prev <= 2'b00;
- else reg_control_prev <= reg_control;
+ if (!rst_n) reg_control_prev <= 2'b00;
+ else reg_control_prev <= reg_control;
//
@@ -188,7 +188,7 @@ module sha3_wrapper
reg addr_msb_last;
always @(posedge clk) addr_msb_last <= addr_msb;
- assign read_data = (addr_msb_last == ADDR_MSB_REGS) ? tmp_read_data : read_data_core;
+ assign read_data = (addr_msb_last == ADDR_MSB_REGS) ? tmp_read_data : read_data_core;
endmodule