From 4b8d3a9da9a1d2639dd5d3adeaad55f338ead612 Mon Sep 17 00:00:00 2001 From: Paul Selkirk Date: Mon, 7 Jun 2021 14:13:23 -0400 Subject: Add mode bits for the various flavors of SHA-3, so that the software driver doesn't have to know that the internal block size is actually 1600 bits. This involves having the "init" state zero-extend the block data, and having "next" only absorb the block bits for that mode. --- src/rtl/sha3.v | 86 +++++++++++++++++++++++++++++++++++++++++++------- src/rtl/sha3_wrapper.v | 19 +++++++---- 2 files changed, 87 insertions(+), 18 deletions(-) (limited to 'src/rtl') diff --git a/src/rtl/sha3.v b/src/rtl/sha3.v index a8b41bc..31b6465 100644 --- a/src/rtl/sha3.v +++ b/src/rtl/sha3.v @@ -44,20 +44,23 @@ `define SHA3_NUM_ROUNDS 5'd24 module sha3( input wire clk, - input wire nreset, - input wire w, - input wire [ 8:2] addr, - input wire [32-1:0] din, + input wire nreset, + input wire w, + input wire [ 8:2] addr, + input wire [32-1:0] din, output wire [32-1:0] dout, - input wire init, - input wire next, - output wire ready); + input wire init, + input wire next, + input wire [ 1:0] mode, + output wire ready); - /* The SHA-3 algorithm really wants everything to be little-endian, + /* + * The SHA-3 algorithm really wants everything to be little-endian, * which is at odds with everything else in our system (including the * register interface to sha3_wrapper). Rather than trying to rewrite - * Bernd's beautiful code, we'll just byte-swap all I/O. + * Bernd's beautiful code, I'll isolate it in its own little-endian + * universe by byte-swapping all reads and writes. */ reg [31:0] dout_swap; @@ -193,10 +196,69 @@ module sha3( input wire clk, round <= round + 'd1; - end else if (init || next) begin + end else if (init) begin + + /* + * I'd like to have something concise like this, + * but the tools don't like it. + + for (i = 0; i < blksize[mode]; i = i + 1) + st[i] <= st[i]; + + for (i < blksize[mode]; i < 25; i = i + 1) + st[i] <= 64'h0; + + */ + + case (mode) + 0: begin + for (i = 0; i < 18; i = i + 1) + st[i] <= blk[i]; + for (i = 18; i < 25; i = i + 1) + st[i] <= 64'h0; + end + 1: begin + for (i = 0; i < 17; i = i + 1) + st[i] <= blk[i]; + for (i = 17; i < 25; i = i + 1) + st[i] <= 64'h0; + end + 2: begin + for (i = 0; i < 13; i = i + 1) + st[i] <= blk[i]; + for (i = 13; i < 25; i = i + 1) + st[i] <= 64'h0; + end + 3: begin + for (i = 0; i < 9; i = i + 1) + st[i] <= blk[i]; + for (i = 9; i < 25; i = i + 1) + st[i] <= 64'h0; + end + endcase - for (i=0; i<25; i=i+1) - st[i] <= init ? blk[i] : st[i] ^ blk[i]; // init has priority over next + round <= 'd0; + + end else if (next) begin + + case (mode) + 0: begin + for (i = 0; i < 18; i = i + 1) + st[i] <= st[i] ^ blk[i]; + end + 1: begin + for (i = 0; i < 17; i = i + 1) + st[i] <= st[i] ^ blk[i]; + end + 2: begin + for (i = 0; i < 13; i = i + 1) + st[i] <= st[i] ^ blk[i]; + end + 3: begin + for (i = 0; i < 9; i = i + 1) + st[i] <= st[i] ^ blk[i]; + end + endcase round <= 'd0; diff --git a/src/rtl/sha3_wrapper.v b/src/rtl/sha3_wrapper.v index f3dc554..91223f8 100644 --- a/src/rtl/sha3_wrapper.v +++ b/src/rtl/sha3_wrapper.v @@ -73,6 +73,8 @@ module sha3_wrapper localparam CONTROL_INIT_BIT = 0; localparam CONTROL_NEXT_BIT = 1; + localparam CONTROL_MODE_LOW_BIT = 2; + localparam CONTROL_MODE_HIGH_BIT = 3; // localparam STATUS_READY_BIT = 0; -- hardcoded to always read 1 localparam STATUS_VALID_BIT = 1; @@ -85,8 +87,8 @@ module sha3_wrapper // // Registers // - reg [ 1:0] reg_control; - reg [ 1:0] reg_control_prev; + reg [ 3:0] reg_control; + reg [ 3:0] reg_control_prev; // @@ -98,6 +100,10 @@ module sha3_wrapper wire reg_control_next_posedge = reg_control[CONTROL_NEXT_BIT] & ~reg_control_prev[CONTROL_NEXT_BIT]; + wire [1:0] reg_control_mode_posedge = + reg_control[CONTROL_MODE_HIGH_BIT:CONTROL_MODE_LOW_BIT] & + ~reg_control_prev[CONTROL_MODE_HIGH_BIT:CONTROL_MODE_LOW_BIT]; + // // Wires @@ -115,6 +121,7 @@ module sha3_wrapper .init (reg_control_init_posedge), .next (reg_control_next_posedge), + .mode (reg_control_mode_posedge), .ready (reg_status_valid), @@ -136,7 +143,7 @@ module sha3_wrapper // always @(posedge clk) // - if (!rst_n) reg_control_prev <= 2'b00; + if (!rst_n) reg_control_prev <= 4'b00; else reg_control_prev <= reg_control; @@ -147,7 +154,7 @@ module sha3_wrapper // if (!rst_n) begin // - reg_control <= 2'b00; + reg_control <= 4'b00; // end else if (cs && we && (addr_msb == ADDR_MSB_REGS)) begin // @@ -155,7 +162,7 @@ module sha3_wrapper // case (addr_lsb) // - ADDR_CONTROL: reg_control <= write_data[CONTROL_NEXT_BIT:CONTROL_INIT_BIT]; + ADDR_CONTROL: reg_control <= write_data[CONTROL_MODE_HIGH_BIT:CONTROL_INIT_BIT]; // endcase // @@ -171,7 +178,7 @@ module sha3_wrapper ADDR_NAME0: tmp_read_data = CORE_NAME0; ADDR_NAME1: tmp_read_data = CORE_NAME1; ADDR_VERSION: tmp_read_data = CORE_VERSION; - ADDR_CONTROL: tmp_read_data = {{30{1'b0}}, reg_control}; + ADDR_CONTROL: tmp_read_data = {{28{1'b0}}, reg_control}; ADDR_STATUS: tmp_read_data = {{30{1'b0}}, reg_status_valid, 1'b1}; // default: tmp_read_data = 32'h00000000; -- cgit v1.2.3