From 2e38d480fa2767b2501a477766149476b0d03537 Mon Sep 17 00:00:00 2001
From: Paul Selkirk <paul@psgd.org>
Date: Sun, 6 Jun 2021 22:04:55 -0400
Subject: The SHA-3 algorithm really wants everything to be little-endian,
 which is at odds with everything else in our system (including the register
 interface to sha3_wrapper). Rather than trying to rewrite sha3, I'll isolate
 it in its own little-endian universe by byte-swapping all reads and writes.

---
 src/rtl/sha3.v | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

(limited to 'src/rtl/sha3.v')

diff --git a/src/rtl/sha3.v b/src/rtl/sha3.v
index ee29ba6..a8b41bc 100644
--- a/src/rtl/sha3.v
+++ b/src/rtl/sha3.v
@@ -48,11 +48,25 @@ module sha3(    input wire          clk,
                 input wire          w,
                 input wire [ 8:2]   addr,
                 input wire [32-1:0] din,
-                output reg [32-1:0] dout,
+                output wire [32-1:0] dout,
                 input wire          init,
                 input wire          next,
                 output wire         ready);
 
+
+   /* The SHA-3 algorithm really wants everything to be little-endian,
+    * which is at odds with everything else in our system (including the
+    * register interface to sha3_wrapper). Rather than trying to rewrite
+    * Bernd's beautiful code, we'll just byte-swap all I/O.
+    */
+
+   reg [31:0]                       dout_swap;
+   assign dout = {dout_swap[7:0], dout_swap[15:8], dout_swap[23:16], dout_swap[31:24]};
+
+   wire [31:0]                      din_swap;
+   assign din_swap = {din[7:0], din[15:8], din[23:16], din[31:24]};
+
+
    integer                          i, j;
 
    reg [64-1:0]                     blk[0:24],  // input block
@@ -100,9 +114,9 @@ module sha3(    input wire          clk,
 
    always @*
      //
-     dout = addr[8] ?
-            (~addr[2] ? st [addr[7:3]][31:0] : st [addr[7:3]][63:32]) :
-            (~addr[2] ? blk[addr[7:3]][31:0] : blk[addr[7:3]][63:32]) ;
+     dout_swap = addr[8] ?
+                 (~addr[2] ? st [addr[7:3]][31:0] : st [addr[7:3]][63:32]) :
+                 (~addr[2] ? blk[addr[7:3]][31:0] : blk[addr[7:3]][63:32]) ;
 
 
    always @* begin
@@ -188,12 +202,12 @@ module sha3(    input wire          clk,
 
         end
 
-        if (w && !addr[8])      // only the first half of memory is writeable
+        if (w)
           //
           case (addr[2])
-            1: blk[addr[7:3]][63:32] <= din;
-            0: blk[addr[7:3]][31: 0] <= din;
-          endcase // case (addr[2])
+            1: blk[addr[7:3]][63:32] <= din_swap;
+            0: blk[addr[7:3]][31: 0] <= din_swap;
+          endcase
 
      end
 
-- 
cgit v1.2.3