diff options
Diffstat (limited to 'bench')
-rw-r--r-- | bench/ecdsa384_test_vector_nsa.vh | 31 | ||||
-rw-r--r-- | bench/ecdsa_test_vector_randomized.vh | 29 | ||||
-rw-r--r-- | bench/tb_curve_adder_384.v | 426 | ||||
-rw-r--r-- | bench/tb_curve_doubler_384.v | 413 | ||||
-rw-r--r-- | bench/tb_curve_multiplier_384.v | 440 | ||||
-rw-r--r-- | bench/tb_modular_multiplier_384.v | 366 |
6 files changed, 287 insertions, 1418 deletions
diff --git a/bench/ecdsa384_test_vector_nsa.vh b/bench/ecdsa384_test_vector_nsa.vh new file mode 100644 index 0000000..048c5a5 --- /dev/null +++ b/bench/ecdsa384_test_vector_nsa.vh @@ -0,0 +1,31 @@ +/* Values from "Suite B Implementer's Guide to FIPS 186-3 (ECDSA)" */ + +localparam [383:0] ECDSA_P384_D_NSA = + {32'hc838b852, 32'h53ef8dc7, 32'h394fa580, 32'h8a518398, + 32'h1c7deef5, 32'ha69ba8f4, 32'hf2117ffe, 32'ha39cfcd9, + 32'h0e95f6cb, 32'hc854abac, 32'hab701d50, 32'hc1f3cf24}; + +localparam [383:0] ECDSA_P384_QX_NSA = + {32'h1fbac8ee, 32'hbd0cbf35, 32'h640b39ef, 32'he0808dd7, + 32'h74debff2, 32'h0a2a329e, 32'h91713baf, 32'h7d7f3c3e, + 32'h81546d88, 32'h3730bee7, 32'he48678f8, 32'h57b02ca0}; + +localparam [383:0] ECDSA_P384_QY_NSA = + {32'heb213103, 32'hbd68ce34, 32'h3365a8a4, 32'hc3d4555f, + 32'ha385f533, 32'h0203bdd7, 32'h6ffad1f3, 32'haffb9575, + 32'h1c132007, 32'he1b24035, 32'h3cb0a4cf, 32'h1693bdf9}; + +localparam [383:0] ECDSA_P384_K_NSA = + {32'hdc6b4403, 32'h6989a196, 32'he39d1cda, 32'hc000812f, + 32'h4bdd8b2d, 32'hb41bb33a, 32'hf5137258, 32'h5ebd1db6, + 32'h3f0ce827, 32'h5aa1fd45, 32'he2d2a735, 32'hf8749359}; + +localparam [383:0] ECDSA_P384_RX_NSA = + {32'ha0c27ec8, 32'h93092dea, 32'h1e1bd2cc, 32'hfed3cf94, + 32'h5c8134ed, 32'h0c9f8131, 32'h1a0f4a05, 32'h942db8db, + 32'hed8dd59f, 32'h267471d5, 32'h462aa14f, 32'he72de856}; + +localparam [383:0] ECDSA_P384_RY_NSA = + {32'h85564940, 32'h9815bb91, 32'h424eaca5, 32'hfd76c973, + 32'h75d575d1, 32'h422ec53d, 32'h343bd33b, 32'h847fdf0c, + 32'h11569685, 32'hb528ab25, 32'h49301542, 32'h8d7cf72b}; diff --git a/bench/ecdsa_test_vector_randomized.vh b/bench/ecdsa_test_vector_randomized.vh new file mode 100644 index 0000000..6c5cf80 --- /dev/null +++ b/bench/ecdsa_test_vector_randomized.vh @@ -0,0 +1,29 @@ +/* Generated automatically, do not edit. */ + +localparam [255:0] ECDSA_P256_D_RANDOM = + {32'h503e58af, 32'hcf3af333, 32'h7bf53409, 32'h445012b8, + 32'h1fb4548c, 32'h4d2b1302, 32'ha617f9b1, 32'hd00d7de0}; + +localparam [255:0] ECDSA_P256_QX_RANDOM = + {32'hd9349b48, 32'hb0ee8c36, 32'h139b1d78, 32'hedc1911b, + 32'h250877fb, 32'h7ad44ae1, 32'h8bb2f8a6, 32'hf4dccae5}; + +localparam [255:0] ECDSA_P256_QY_RANDOM = + {32'he0a056e8, 32'hb5092a6c, 32'h728f4bc8, 32'h9043fbe2, + 32'h7c262744, 32'hdfbdaf17, 32'h83fc2e01, 32'hb060771b}; + +localparam [383:0] ECDSA_P384_D_RANDOM = + {32'hbb4a09d8, 32'he527f062, 32'h665eb4d0, 32'hb39a1dce, + 32'h94daa2c5, 32'h935b3163, 32'hb090f079, 32'h3ee36a5a, + 32'h62a7055d, 32'h5d850d1b, 32'h15dc656d, 32'h65d8b3a2}; + +localparam [383:0] ECDSA_P384_QX_RANDOM = + {32'hb8023e60, 32'hae42ea14, 32'h6330f2c3, 32'h883096ca, + 32'h961b11f5, 32'hdfea4a1d, 32'h65e98e64, 32'hb33527fb, + 32'h57226db4, 32'h8a514325, 32'h1ef06bde, 32'hf78eb57a}; + +localparam [383:0] ECDSA_P384_QY_RANDOM = + {32'hd3c66469, 32'h625aaaad, 32'ha347e103, 32'h3c1474b6, + 32'h343a9368, 32'hff294501, 32'hbbd53b1c, 32'hc49fd972, + 32'hda439c9d, 32'ha827e230, 32'h2720e2b7, 32'h8dd14f9e}; + diff --git a/bench/tb_curve_adder_384.v b/bench/tb_curve_adder_384.v deleted file mode 100644 index 4fee4e1..0000000 --- a/bench/tb_curve_adder_384.v +++ /dev/null @@ -1,426 +0,0 @@ -//------------------------------------------------------------------------------ -// -// tb_curve_adder_384.v -// ----------------------------------------------------------------------------- -// Testbench for 384-bit curve point adder. -// -// Authors: Pavel Shatov -// -// Copyright (c) 2016, NORDUnet A/S -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are met: -// -// - Redistributions of source code must retain the above copyright notice, -// this list of conditions and the following disclaimer. -// -// - Redistributions in binary form must reproduce the above copyright notice, -// this list of conditions and the following disclaimer in the documentation -// and/or other materials provided with the distribution. -// -// - Neither the name of the NORDUnet nor the names of its contributors may be -// used to endorse or promote products derived from this software without -// specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -// -//------------------------------------------------------------------------------ - -//------------------------------------------------------------------------------ -`timescale 1ns / 1ps -//------------------------------------------------------------------------------ - -module tb_curve_adder_384; - - - // - // Test Vectors - // - localparam [383:0] PX_1 = 384'h7d51764067faaac686ee307807af5544a93e13c540cac538c7853a590102fa5fe6cdcc7791e44b76ef21c57e21df37e5; - localparam [383:0] PY_1 = 384'h046ed01f219649209a4cfd43572d7bdd1f10f74d5be895a6c8da8e8edfc2601aaf7651e497b8688cf02ba5e1c7e77773; - localparam [383:0] PZ_1 = 384'h27c452f26af1ece2924446b574969fd102556bd28712ff4b3eb1044c5ec23e59f958793e10a510f0aef98c3b724df1d5; - - localparam [383:0] RX_1 = 384'h238faca9e58d1fe1b59a24ba94ec6d9836fc360cb84e103715f1761554ff6a09b6d605a34f63ae0f995f59c162e7ff24; - localparam [383:0] RY_1 = 384'h63b7c7672a310f779a2047315523788d69b823d4e97e26c3b45201b0345a95de977024e97e8648215a637727d0f17747; - localparam [383:0] RZ_1 = 384'h394b5d916df6f9120c7771c750df3bc910998eb0a08daac1ca6e15ef70780fd48bf794d06f9cbe9568a2dbf4362dda86; - - - localparam [383:0] PX_2 = 384'h8418363a2fe99e888abba4df9e4a0e55452b9e968454ffadc96b4fb8072174109755c564a7be3c2f860652315d635f56; - localparam [383:0] PY_2 = 384'h2bef570ce39347040330df4ac581fcc7d9dd9deb286bd80f05257d90d6560f1b5381009a3a6f0acc1ea30a5e7cc7d8b8; - localparam [383:0] PZ_2 = 384'h86a8b840bd52d4dc58e9e4323fd4b40ea9b262a8cb45f7e95f5407b7e5eacc16fe4ce70125f20b76b37900af12cbf909; - - localparam [383:0] RX_2 = 384'h7de41f9c2d48cd65d2cd1288c4fcdcd5bfe37575b23b8784e6091917a1c92c264a1105ce3c4ab88ca53947f35610f671; - localparam [383:0] RY_2 = 384'h419decfcef28d06a824595bbcb86ff56aebe48a33ceb80f0a256b90aee8214d0d879454842457d49e00a2330cc0ccb57; - localparam [383:0] RZ_2 = 384'h63843f81a3427e4dea2e3e150c16d26a4aa2af4d8037a1012e0490babdfa55606e5cea5e183cc147f2c1b377748ae58b; - - - localparam [383:0] PX_3 = 384'hd95cd4004f9417b3bea71ac087da4849841c4fbb41b500736773f41f241414024d0025e1a4337e5b24b1fe2ba2e51a83; - localparam [383:0] PY_3 = 384'h53650c78f3347a07248d6f6452dd80f5e373c7eddc810c6123c912b55da1a297e147e834547d1af4938fc139e71958f7; - localparam [383:0] PZ_3 = 384'hfbcfa387106d61d1e1e5f660206189f13e0861b3eb2e880b200cae1878b8b47bd5b727b2825a5f395025bf42a571093b; - - localparam [383:0] RX_3 = 384'hf94e9fb67d6bac22276bb4fb4f965419f1907078236dd8520ff416e8525933055795c496d344a2e1cce480557dde88f4; - localparam [383:0] RY_3 = 384'h3feb5bc25c380ead1a149ab2f5e3ac4cfeaa5d91bd66dda0f29d6e02520ea8583bb3ab744fb826c18981f7bac03a0886; - localparam [383:0] RZ_3 = 384'hbc364ce11866cdeb1abdbc34b633e54fbb000090134600cb6dbff71f69e3d24843e40af30c07444530b53acb89eef49b; - - - localparam [383:0] PX_4 = 384'hxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; - localparam [383:0] PY_4 = 384'hxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; - localparam [383:0] PZ_4 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; - - localparam [383:0] RX_4 = 384'haa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7; // G.x - localparam [383:0] RY_4 = 384'h3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f; // G.y - localparam [383:0] RZ_4 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001; - - - localparam [383:0] PX_5 = 384'haa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7; // G.x - localparam [383:0] PY_5 = 384'h3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f; // G.y - localparam [383:0] PZ_5 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001; - - localparam [383:0] RX_5 = 384'haaf06bba82e9f590e29c71c219bea51723c5893ae8b0c8cf4c117c3efb57ab8d55fa1b428155ad278b5743911b13ea8a; // H.x - localparam [383:0] RY_5 = 384'hc9e821b569d9d390a26167406d6d23d6070be242d765eb831625ceec4a0f473ef59f4e30e2817e6285bce2846f15f19d; // H.y - localparam [383:0] RZ_5 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001; - - - localparam [383:0] PX_6 = 384'haa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7; // G.x - localparam [383:0] PY_6 = 384'h3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f; // G.y - localparam [383:0] PZ_6 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001; - - localparam [383:0] RX_6 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001; // - localparam [383:0] RY_6 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001; // O - localparam [383:0] RZ_6 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; // - - - localparam [383:0] Q = 384'hfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff; - - - // - // Core Parameters - // - localparam WORD_COUNTER_WIDTH = 4; - localparam OPERAND_NUM_WORDS = 12; - - - // - // Clock (100 MHz) - // - reg clk = 1'b0; - always #5 clk = ~clk; - - - // - // Inputs, Outputs - // - reg rst_n; - reg ena; - wire rdy; - - - // - // Buffers (PX, PY, PZ, RX, RY, RZ, Q) - // - wire [WORD_COUNTER_WIDTH-1:0] core_px_addr; - wire [WORD_COUNTER_WIDTH-1:0] core_py_addr; - wire [WORD_COUNTER_WIDTH-1:0] core_pz_addr; - - wire [WORD_COUNTER_WIDTH-1:0] core_rx_addr; - wire [WORD_COUNTER_WIDTH-1:0] core_ry_addr; - wire [WORD_COUNTER_WIDTH-1:0] core_rz_addr; - - wire [WORD_COUNTER_WIDTH-1:0] core_q_addr; - - wire core_rx_wren; - wire core_ry_wren; - wire core_rz_wren; - - wire [ 32-1:0] core_px_data; - wire [ 32-1:0] core_py_data; - wire [ 32-1:0] core_pz_data; - - wire [ 32-1:0] core_rx_data_wr; - wire [ 32-1:0] core_ry_data_wr; - wire [ 32-1:0] core_rz_data_wr; - - wire [ 32-1:0] core_rx_data_rd; - wire [ 32-1:0] core_ry_data_rd; - wire [ 32-1:0] core_rz_data_rd; - - wire [ 32-1:0] core_q_data; - - reg [WORD_COUNTER_WIDTH-1:0] tb_xyzq_addr; - reg tb_xyzq_wren; - - reg [ 31:0] tb_px_data; - reg [ 31:0] tb_py_data; - reg [ 31:0] tb_pz_data; - wire [ 31:0] tb_rx_data; - wire [ 31:0] tb_ry_data; - wire [ 31:0] tb_rz_data; - reg [ 31:0] tb_q_data; - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_px - ( .clk(clk), - .a_addr(tb_xyzq_addr), .a_wr(tb_xyzq_wren), .a_in(tb_px_data), .a_out(), - .b_addr(core_px_addr), .b_out(core_px_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_py - ( .clk(clk), - .a_addr(tb_xyzq_addr), .a_wr(tb_xyzq_wren), .a_in(tb_py_data), .a_out(), - .b_addr(core_py_addr), .b_out(core_py_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_pz - ( .clk(clk), - .a_addr(tb_xyzq_addr), .a_wr(tb_xyzq_wren), .a_in(tb_pz_data), .a_out(), - .b_addr(core_pz_addr), .b_out(core_pz_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_q - ( .clk(clk), - .a_addr(tb_xyzq_addr), .a_wr(tb_xyzq_wren), .a_in(tb_q_data), .a_out(), - .b_addr(core_q_addr), .b_out(core_q_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_rx - ( .clk(clk), - .a_addr(core_rx_addr), .a_wr(core_rx_wren), .a_in(core_rx_data_wr), .a_out(core_rx_data_rd), - .b_addr(tb_xyzq_addr), .b_out(tb_rx_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_ry - ( .clk(clk), - .a_addr(core_ry_addr), .a_wr(core_ry_wren), .a_in(core_ry_data_wr), .a_out(core_ry_data_rd), - .b_addr(tb_xyzq_addr), .b_out(tb_ry_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_rz - ( .clk(clk), - .a_addr(core_rz_addr), .a_wr(core_rz_wren), .a_in(core_rz_data_wr), .a_out(core_rz_data_rd), - .b_addr(tb_xyzq_addr), .b_out(tb_rz_data) - ); - - - // - // Opcode - // - wire [ 5: 0] add_uop_addr; - wire [19: 0] add_uop; - - uop_add_rom add_rom - ( - .clk (clk), - .addr (add_uop_addr), - .data (add_uop) - ); - - // - // UUT - // - curve_dbl_add_384 uut - ( - .clk (clk), - .rst_n (rst_n), - - .ena (ena), - .rdy (rdy), - - .uop_addr (add_uop_addr), - .uop (add_uop), - - .px_addr (core_px_addr), - .py_addr (core_py_addr), - .pz_addr (core_pz_addr), - .rx_addr (core_rx_addr), - .ry_addr (core_ry_addr), - .rz_addr (core_rz_addr), - .q_addr (core_q_addr), - - .rx_wren (core_rx_wren), - .ry_wren (core_ry_wren), - .rz_wren (core_rz_wren), - - .px_din (core_px_data), - .py_din (core_py_data), - .pz_din (core_pz_data), - .rx_din (core_rx_data_rd), - .ry_din (core_ry_data_rd), - .rz_din (core_rz_data_rd), - .rx_dout (core_rx_data_wr), - .ry_dout (core_ry_data_wr), - .rz_dout (core_rz_data_wr), - .q_din (core_q_data) - ); - - - // - // Testbench Routine - // - reg ok = 1; - initial begin - - /* initialize control inputs */ - rst_n = 0; - ena = 0; - - /* wait for some time */ - #200; - - /* de-assert reset */ - rst_n = 1; - - /* wait for some time */ - #100; - - /* run tests */ - test_curve_adder(PX_1, PY_1, PZ_1, RX_1, RY_1, RZ_1); - test_curve_adder(PX_2, PY_2, PZ_2, RX_2, RY_2, RZ_2); - test_curve_adder(PX_3, PY_3, PZ_3, RX_3, RY_3, RZ_3); - test_curve_adder(PX_4, PY_4, PZ_4, RX_4, RY_4, RZ_4); - test_curve_adder(PX_5, PY_5, PZ_5, RX_5, RY_5, RZ_5); - test_curve_adder(PX_6, Q - PY_6, PZ_6, RX_6, RY_6, RZ_6); - - /* print result */ - if (ok) $display("tb_curve_adder_384: SUCCESS"); - else $display("tb_curve_adder_384: FAILURE"); - // - $finish; - // - end - - - // - // Test Task - // - reg t_ok; - - integer w; - - task test_curve_adder; - - input [383:0] px; - input [383:0] py; - input [383:0] pz; - - input [383:0] rx; - input [383:0] ry; - input [383:0] rz; - - reg [383:0] px_shreg; - reg [383:0] py_shreg; - reg [383:0] pz_shreg; - - reg [383:0] rx_shreg; - reg [383:0] ry_shreg; - reg [383:0] rz_shreg; - - reg [383:0] q_shreg; - - begin - - /* start filling memories */ - tb_xyzq_wren = 1; - - /* initialize shift registers */ - px_shreg = px; - py_shreg = py; - pz_shreg = pz; - q_shreg = Q; - - /* write all the words */ - for (w=0; w<OPERAND_NUM_WORDS; w=w+1) begin - - /* set addresses */ - tb_xyzq_addr = w[WORD_COUNTER_WIDTH-1:0]; - - /* set data words */ - tb_px_data = px_shreg[31:0]; - tb_py_data = py_shreg[31:0]; - tb_pz_data = pz_shreg[31:0]; - tb_q_data = q_shreg[31:0]; - - /* shift inputs */ - px_shreg = {{32{1'bX}}, px_shreg[383:32]}; - py_shreg = {{32{1'bX}}, py_shreg[383:32]}; - pz_shreg = {{32{1'bX}}, pz_shreg[383:32]}; - q_shreg = {{32{1'bX}}, q_shreg[383:32]}; - - /* wait for 1 clock tick */ - #10; - - end - - /* wipe addresses */ - tb_xyzq_addr = {WORD_COUNTER_WIDTH{1'bX}}; - - /* wipe data words */ - tb_px_data = {32{1'bX}}; - tb_py_data = {32{1'bX}}; - tb_pz_data = {32{1'bX}}; - tb_q_data = {32{1'bX}}; - - /* stop filling memories */ - tb_xyzq_wren = 0; - - /* start operation */ - ena = 1; - - /* clear flag */ - #10 ena = 0; - - /* wait for operation to complete */ - while (!rdy) #10; - - /* read result */ - for (w=0; w<OPERAND_NUM_WORDS; w=w+1) begin - - /* set address */ - tb_xyzq_addr = w[WORD_COUNTER_WIDTH-1:0]; - - /* wait for 1 clock tick */ - #10; - - /* store data word */ - rx_shreg = {tb_rx_data, rx_shreg[383:32]}; - ry_shreg = {tb_ry_data, ry_shreg[383:32]}; - rz_shreg = {tb_rz_data, rz_shreg[383:32]}; - - end - - /* compare */ - t_ok = (rx_shreg == rx) && - (ry_shreg == ry) && - (rz_shreg == rz); - - /* display results */ - $display("test_curve_adder(): %s", t_ok ? "OK" : "ERROR"); - - /* update global flag */ - ok = ok && t_ok; - - end - - endtask - -endmodule - - -//------------------------------------------------------------------------------ -// End-of-File -//------------------------------------------------------------------------------ diff --git a/bench/tb_curve_doubler_384.v b/bench/tb_curve_doubler_384.v deleted file mode 100644 index 54a9914..0000000 --- a/bench/tb_curve_doubler_384.v +++ /dev/null @@ -1,413 +0,0 @@ -//------------------------------------------------------------------------------ -// -// tb_curve_doubler_384.v -// ----------------------------------------------------------------------------- -// Testbench for 384-bit curve point doubler. -// -// Authors: Pavel Shatov -// -// Copyright (c) 2016, NORDUnet A/S -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are met: -// -// - Redistributions of source code must retain the above copyright notice, -// this list of conditions and the following disclaimer. -// -// - Redistributions in binary form must reproduce the above copyright notice, -// this list of conditions and the following disclaimer in the documentation -// and/or other materials provided with the distribution. -// -// - Neither the name of the NORDUnet nor the names of its contributors may be -// used to endorse or promote products derived from this software without -// specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -// -//------------------------------------------------------------------------------ - -//------------------------------------------------------------------------------ -`timescale 1ns / 1ps -//------------------------------------------------------------------------------ - -module tb_curve_doubler_384; - - - // - // Test Vectors - // - localparam [383:0] PX_1 = 384'haa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7; - localparam [383:0] PY_1 = 384'h3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f; - localparam [383:0] PZ_1 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001; - - localparam [383:0] RX_1 = 384'he50dbe0981ef5f4f52eebd29e34e6d18d279318fe6b5d5616c54c93ea906c671b223d61ab7ba23cd59ab4f6ec5e40b94; - localparam [383:0] RY_1 = 384'h5b939b5a52ac7ebed90b8c1a809fb3a5c068b421b9e0a16208c2e53b1fe41e8373333e360ad2205e9dd63d29f1e0757a; - localparam [383:0] RZ_1 = 384'h6c2fbc952c4c58debb3d317f2525b853f1e83b7a513428f9d3b462276be1718014c1639c3afd033af4863af921d41cbe; - - - localparam [383:0] PX_2 = 384'heea14dc6c53e682b16c979fcbf2b39c0f5c43efa5b412f3e9bec8251a5ff9e243f46c6ba91a1604abdd5028b56e60334; - localparam [383:0] PY_2 = 384'h7ff6e6e9ed8da4aea5baa06d3a9583b6a3f206e935566659cd2025202a9e2a62e0c44e603f3a4304bfa974470f53f646; - localparam [383:0] PZ_2 = 384'hcb16156bf82550274e39900f2ed4359794160a166257ae2c71c6503c129b6ce92f31277387aa1c538e7702e3658a883d; - - localparam [383:0] RX_2 = 384'h9455050d6d00285ae2cd25c95372b30d321fb31899f7b0e6f3b4dd557d3465edbc500cc403b076c7534a07a48d87824d; - localparam [383:0] RY_2 = 384'hd0cc7a7eb6fbe9cd962efa82f89b701fbd1f8a3579066feda96c9124ee3ef2764d923a2c0039e06865442dbf3ed460ae; - localparam [383:0] RZ_2 = 384'h473d297a1e5ed8b7afd51a27d5d933ab4555414ef75e1104c1fb56ba9b110f5d0d63a79e8e12edc4432c37663cc828f2; - - - localparam [383:0] PX_3 = 384'h4af343df7a804f6b345562a471c4cea419f5e87086eaba95b7a7fa43aeb24a357d22047eea55c529fcdfb44ea80d3aab; - localparam [383:0] PY_3 = 384'hfa3e2ceb637c90fde564039da3e256456a8d0995c2f69846bf3e22f2f0760a2df00f2df2f79ce2484ed5b26124d733f1; - localparam [383:0] PZ_3 = 384'hdf144e3659137591d09ba17e7045f74c477e4f27e0f6c602f11306def2abeae08aee53fa40e3ca3b3ca52f9eaae47720; - - localparam [383:0] RX_3 = 384'h9e2aad0ad19c585e03af779d1205a3a98bf7d367c0c829f741161983dc0d24d222d5d9c2ae39399ff40d4974df22ce4d; - localparam [383:0] RY_3 = 384'he0e40da86ae320396c813bb891f31f3d59be8c4957c602b56b5aa976e47d128127625b1ce7470fa33ed9e57eca5a268d; - localparam [383:0] RZ_3 = 384'h836e9d9117ba665abbee7063599a8631cd42f685a8bc29b05895c2928c19f640a065cfd2cc5b0d607ea52e388be513cf; - - - localparam [383:0] PX_4 = 384'hxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; - localparam [383:0] PY_4 = 384'hxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; - localparam [383:0] PZ_4 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; - - localparam [383:0] RX_4 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001; - localparam [383:0] RY_4 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001; - localparam [383:0] RZ_4 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; - - - localparam [383:0] Q = 384'hfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff; - - - - // - // TODO: Test special cases! - // - - - // - // Core Parameters - // - localparam WORD_COUNTER_WIDTH = 4; - localparam OPERAND_NUM_WORDS = 12; - - - // - // Clock (100 MHz) - // - reg clk = 1'b0; - always #5 clk = ~clk; - - - // - // Inputs, Outputs - // - reg rst_n; - reg ena; - wire rdy; - - - // - // Buffers (PX, PY, PZ, RX, RY, RZ, Q) - // - wire [WORD_COUNTER_WIDTH-1:0] core_px_addr; - wire [WORD_COUNTER_WIDTH-1:0] core_py_addr; - wire [WORD_COUNTER_WIDTH-1:0] core_pz_addr; - - wire [WORD_COUNTER_WIDTH-1:0] core_rx_addr; - wire [WORD_COUNTER_WIDTH-1:0] core_ry_addr; - wire [WORD_COUNTER_WIDTH-1:0] core_rz_addr; - - wire [WORD_COUNTER_WIDTH-1:0] core_q_addr; - - wire core_rx_wren; - wire core_ry_wren; - wire core_rz_wren; - - wire [ 32-1:0] core_px_data; - wire [ 32-1:0] core_py_data; - wire [ 32-1:0] core_pz_data; - - wire [ 32-1:0] core_rx_data_wr; - wire [ 32-1:0] core_ry_data_wr; - wire [ 32-1:0] core_rz_data_wr; - - wire [ 32-1:0] core_rx_data_rd; - wire [ 32-1:0] core_ry_data_rd; - wire [ 32-1:0] core_rz_data_rd; - - wire [ 32-1:0] core_q_data; - - reg [WORD_COUNTER_WIDTH-1:0] tb_xyzq_addr; - reg tb_xyzq_wren; - - reg [ 31:0] tb_px_data; - reg [ 31:0] tb_py_data; - reg [ 31:0] tb_pz_data; - wire [ 31:0] tb_rx_data; - wire [ 31:0] tb_ry_data; - wire [ 31:0] tb_rz_data; - reg [ 31:0] tb_q_data; - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_px - ( .clk(clk), - .a_addr(tb_xyzq_addr), .a_wr(tb_xyzq_wren), .a_in(tb_px_data), .a_out(), - .b_addr(core_px_addr), .b_out(core_px_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_py - ( .clk(clk), - .a_addr(tb_xyzq_addr), .a_wr(tb_xyzq_wren), .a_in(tb_py_data), .a_out(), - .b_addr(core_py_addr), .b_out(core_py_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_pz - ( .clk(clk), - .a_addr(tb_xyzq_addr), .a_wr(tb_xyzq_wren), .a_in(tb_pz_data), .a_out(), - .b_addr(core_pz_addr), .b_out(core_pz_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_q - ( .clk(clk), - .a_addr(tb_xyzq_addr), .a_wr(tb_xyzq_wren), .a_in(tb_q_data), .a_out(), - .b_addr(core_q_addr), .b_out(core_q_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_rx - ( .clk(clk), - .a_addr(core_rx_addr), .a_wr(core_rx_wren), .a_in(core_rx_data_wr), .a_out(core_rx_data_rd), - .b_addr(tb_xyzq_addr), .b_out(tb_rx_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_ry - ( .clk(clk), - .a_addr(core_ry_addr), .a_wr(core_ry_wren), .a_in(core_ry_data_wr), .a_out(core_ry_data_rd), - .b_addr(tb_xyzq_addr), .b_out(tb_ry_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_rz - ( .clk(clk), - .a_addr(core_rz_addr), .a_wr(core_rz_wren), .a_in(core_rz_data_wr), .a_out(core_rz_data_rd), - .b_addr(tb_xyzq_addr), .b_out(tb_rz_data) - ); - - - // - // Opcode - // - wire [ 5: 0] dbl_uop_addr; - wire [19: 0] dbl_uop; - - uop_dbl_rom dbl_rom - ( - .clk (clk), - .addr (dbl_uop_addr), - .data (dbl_uop) - ); - - - // - // UUT - // - curve_dbl_add_384 uut - ( - .clk (clk), - .rst_n (rst_n), - - .ena (ena), - .rdy (rdy), - - .uop_addr (dbl_uop_addr), - .uop (dbl_uop), - - .px_addr (core_px_addr), - .py_addr (core_py_addr), - .pz_addr (core_pz_addr), - .rx_addr (core_rx_addr), - .ry_addr (core_ry_addr), - .rz_addr (core_rz_addr), - .q_addr (core_q_addr), - - .rx_wren (core_rx_wren), - .ry_wren (core_ry_wren), - .rz_wren (core_rz_wren), - - .px_din (core_px_data), - .py_din (core_py_data), - .pz_din (core_pz_data), - .rx_din (core_rx_data_rd), - .ry_din (core_ry_data_rd), - .rz_din (core_rz_data_rd), - .rx_dout (core_rx_data_wr), - .ry_dout (core_ry_data_wr), - .rz_dout (core_rz_data_wr), - .q_din (core_q_data) - ); - - - // - // Testbench Routine - // - reg ok = 1; - initial begin - - /* initialize control inputs */ - rst_n = 0; - ena = 0; - - /* wait for some time */ - #200; - - /* de-assert reset */ - rst_n = 1; - - /* wait for some time */ - #100; - - /* run tests */ - test_curve_doubler(PX_1, PY_1, PZ_1, RX_1, RY_1, RZ_1); - test_curve_doubler(PX_2, PY_2, PZ_2, RX_2, RY_2, RZ_2); - test_curve_doubler(PX_3, PY_3, PZ_3, RX_3, RY_3, RZ_3); - test_curve_doubler(PX_4, PY_4, PZ_4, RX_4, RY_4, RZ_4); - - /* print result */ - if (ok) $display("tb_curve_doubler_384: SUCCESS"); - else $display("tb_curve_doubler_384: FAILURE"); - // - // $finish; - // - end - - - // - // Test Task - // - reg t_ok; - - integer w; - - task test_curve_doubler; - - input [383:0] px; - input [383:0] py; - input [383:0] pz; - - input [383:0] rx; - input [383:0] ry; - input [383:0] rz; - - reg [383:0] px_shreg; - reg [383:0] py_shreg; - reg [383:0] pz_shreg; - - reg [383:0] rx_shreg; - reg [383:0] ry_shreg; - reg [383:0] rz_shreg; - - reg [383:0] q_shreg; - - begin - - /* start filling memories */ - tb_xyzq_wren = 1; - - /* initialize shift registers */ - px_shreg = px; - py_shreg = py; - pz_shreg = pz; - q_shreg = Q; - - /* write all the words */ - for (w=0; w<OPERAND_NUM_WORDS; w=w+1) begin - - /* set addresses */ - tb_xyzq_addr = w[WORD_COUNTER_WIDTH-1:0]; - - /* set data words */ - tb_px_data = px_shreg[31:0]; - tb_py_data = py_shreg[31:0]; - tb_pz_data = pz_shreg[31:0]; - tb_q_data = q_shreg[31:0]; - - /* shift inputs */ - px_shreg = {{32{1'bX}}, px_shreg[383:32]}; - py_shreg = {{32{1'bX}}, py_shreg[383:32]}; - pz_shreg = {{32{1'bX}}, pz_shreg[383:32]}; - q_shreg = {{32{1'bX}}, q_shreg[383:32]}; - - /* wait for 1 clock tick */ - #10; - - end - - /* wipe addresses */ - tb_xyzq_addr = {WORD_COUNTER_WIDTH{1'bX}}; - - /* wipe data words */ - tb_px_data = {32{1'bX}}; - tb_py_data = {32{1'bX}}; - tb_pz_data = {32{1'bX}}; - tb_q_data = {32{1'bX}}; - - /* stop filling memories */ - tb_xyzq_wren = 0; - - /* start operation */ - ena = 1; - - /* clear flag */ - #10 ena = 0; - - /* wait for operation to complete */ - while (!rdy) #10; - - /* read result */ - for (w=0; w<OPERAND_NUM_WORDS; w=w+1) begin - - /* set address */ - tb_xyzq_addr = w[WORD_COUNTER_WIDTH-1:0]; - - /* wait for 1 clock tick */ - #10; - - /* store data word */ - rx_shreg = {tb_rx_data, rx_shreg[383:32]}; - ry_shreg = {tb_ry_data, ry_shreg[383:32]}; - rz_shreg = {tb_rz_data, rz_shreg[383:32]}; - - end - - /* compare */ - t_ok = (rx_shreg == rx) && - (ry_shreg == ry) && - (rz_shreg == rz); - - /* display results */ - $display("test_curve_doubler(): %s", t_ok ? "OK" : "ERROR"); - - /* update global flag */ - ok = ok && t_ok; - - end - - endtask - - -endmodule - -//------------------------------------------------------------------------------ -// End-of-File -//------------------------------------------------------------------------------ diff --git a/bench/tb_curve_multiplier_384.v b/bench/tb_curve_multiplier_384.v index 163f39f..ad78677 100644 --- a/bench/tb_curve_multiplier_384.v +++ b/bench/tb_curve_multiplier_384.v @@ -2,11 +2,11 @@ // // tb_curve_multiplier_384.v // ----------------------------------------------------------------------------- -// Testbench for 384-bit curve point scalar multiplier. +// Testbench for 384-bit curve base point scalar multiplier. // // Authors: Pavel Shatov // -// Copyright (c) 2016, NORDUnet A/S +// Copyright (c) 2016, 2018 NORDUnet A/S // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are met: @@ -36,264 +36,278 @@ // //------------------------------------------------------------------------------ -//------------------------------------------------------------------------------ -`timescale 1ns / 1ps -//------------------------------------------------------------------------------ - module tb_curve_multiplier_384; - // - // Test Vectors - // - - /* Q = d * G */ - localparam [383:0] K_1 = 384'hc838b85253ef8dc7394fa5808a5183981c7deef5a69ba8f4f2117ffea39cfcd90e95f6cbc854abacab701d50c1f3cf24; - localparam [383:0] PX_1 = 384'h1fbac8eebd0cbf35640b39efe0808dd774debff20a2a329e91713baf7d7f3c3e81546d883730bee7e48678f857b02ca0; - localparam [383:0] PY_1 = 384'heb213103bd68ce343365a8a4c3d4555fa385f5330203bdd76ffad1f3affb95751c132007e1b240353cb0a4cf1693bdf9; - - /* R = k * G */ - localparam [383:0] K_2 = 384'hdc6b44036989a196e39d1cdac000812f4bdd8b2db41bb33af51372585ebd1db63f0ce8275aa1fd45e2d2a735f8749359; - localparam [383:0] PX_2 = 384'ha0c27ec893092dea1e1bd2ccfed3cf945c8134ed0c9f81311a0f4a05942db8dbed8dd59f267471d5462aa14fe72de856; - localparam [383:0] PY_2 = 384'h855649409815bb91424eaca5fd76c97375d575d1422ec53d343bd33b847fdf0c11569685b528ab25493015428d7cf72b; - - /* O = n * G */ - localparam [383:0] K_3 = 384'hffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973; - localparam [383:0] PX_3 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; - localparam [383:0] PY_3 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; - - /* H = 2 * G */ - localparam [383:0] K_4 = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002; - localparam [383:0] PX_4 = 384'h08d999057ba3d2d969260045c55b97f089025959a6f434d651d207d19fb96e9e4fe0e86ebe0e64f85b96a9c75295df61; - localparam [383:0] PY_4 = 384'h8e80f1fa5b1b3cedb7bfe8dffd6dba74b275d875bc6cc43e904e505f256ab4255ffd43e94d39e22d61501e700a940e80; - - /* G = (n + 1) * G */ - localparam [383:0] K_5 = 384'hffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973 + 'd1; - localparam [383:0] PX_5 = 384'haa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7; - localparam [383:0] PY_5 = 384'h3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f; - - /* H = (n + 2) * G */ - localparam [383:0] K_6 = 384'hffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973 + 'd2; - localparam [383:0] PX_6 = 384'h08d999057ba3d2d969260045c55b97f089025959a6f434d651d207d19fb96e9e4fe0e86ebe0e64f85b96a9c75295df61; - localparam [383:0] PY_6 = 384'h8e80f1fa5b1b3cedb7bfe8dffd6dba74b275d875bc6cc43e904e505f256ab4255ffd43e94d39e22d61501e700a940e80; - - - // - // Core Parameters - // - localparam WORD_COUNTER_WIDTH = 4; - localparam OPERAND_NUM_WORDS = 12; - - - // - // Clock (100 MHz) - // - reg clk = 1'b0; - always #5 clk = ~clk; - - - // - // Inputs, Outputs - // - reg rst_n; - reg ena; - wire rdy; - - - // - // Buffers (K, PX, PY) - // - wire [WORD_COUNTER_WIDTH-1:0] core_k_addr; - wire [WORD_COUNTER_WIDTH-1:0] core_px_addr; - wire [WORD_COUNTER_WIDTH-1:0] core_py_addr; - - wire core_px_wren; - wire core_py_wren; - - wire [ 32-1:0] core_k_data; - wire [ 32-1:0] core_px_data; - wire [ 32-1:0] core_py_data; - - reg [WORD_COUNTER_WIDTH-1:0] tb_k_addr; - reg [WORD_COUNTER_WIDTH-1:0] tb_pxy_addr; - - reg tb_k_wren; - - reg [ 31:0] tb_k_data; - wire [ 31:0] tb_px_data; - wire [ 31:0] tb_py_data; - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_k - ( .clk(clk), - .a_addr(tb_k_addr), .a_wr(tb_k_wren), .a_in(tb_k_data), .a_out(), - .b_addr(core_k_addr), .b_out(core_k_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_px - ( .clk(clk), - .a_addr(core_px_addr), .a_wr(core_px_wren), .a_in(core_px_data), .a_out(), - .b_addr(tb_pxy_addr), .b_out(tb_px_data) - ); - - bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) - bram_py - ( .clk(clk), - .a_addr(core_py_addr), .a_wr(core_py_wren), .a_in(core_py_data), .a_out(), - .b_addr(tb_pxy_addr), .b_out(tb_py_data) - ); - - - // - // UUT - // - curve_mul_384 uut - ( - .clk (clk), - .rst_n (rst_n), + // + // Test Vectors + // + `include "ecdsa384_test_vector_nsa.vh" + `include "ecdsa_test_vector_randomized.vh" + + + // + // Core Parameters + // + localparam WORD_COUNTER_WIDTH = 4; + localparam OPERAND_NUM_WORDS = 12; - .ena (ena), - .rdy (rdy), - .k_addr (core_k_addr), - .rx_addr (core_px_addr), - .ry_addr (core_py_addr), + // + // P-384 Domain Parameters + // + localparam ECDSA_P384_N = + {32'hffffffff, 32'hffffffff, 32'hffffffff, 32'hffffffff, + 32'hffffffff, 32'hffffffff, 32'hc7634d81, 32'hf4372ddf, + 32'h581a0db2, 32'h48b0a77a, 32'hecec196a, 32'hccc52973}; + + localparam ECDSA_P384_GX = + {32'haa87ca22, 32'hbe8b0537, 32'h8eb1c71e, 32'hf320ad74, + 32'h6e1d3b62, 32'h8ba79b98, 32'h59f741e0, 32'h82542a38, + 32'h5502f25d, 32'hbf55296c, 32'h3a545e38, 32'h72760ab7}; - .rx_wren (core_px_wren), - .ry_wren (core_py_wren), + localparam ECDSA_P384_GY = + {32'h3617de4a, 32'h96262c6f, 32'h5d9e98bf, 32'h9292dc29, + 32'hf8f41dbd, 32'h289a147c, 32'he9da3113, 32'hb5f0b8c0, + 32'h0a60b1ce, 32'h1d7e819d, 32'h7a431d7c, 32'h90ea0e5f}; - .k_din (core_k_data), + localparam ECDSA_P384_HX = + {32'h08d99905, 32'h7ba3d2d9, 32'h69260045, 32'hc55b97f0, + 32'h89025959, 32'ha6f434d6, 32'h51d207d1, 32'h9fb96e9e, + 32'h4fe0e86e, 32'hbe0e64f8, 32'h5b96a9c7, 32'h5295df61}; - .rx_dout (core_px_data), - .ry_dout (core_py_data) - ); + localparam ECDSA_P384_HY = + {32'h8e80f1fa, 32'h5b1b3ced, 32'hb7bfe8df, 32'hfd6dba74, + 32'hb275d875, 32'hbc6cc43e, 32'h904e505f, 32'h256ab425, + 32'h5ffd43e9, 32'h4d39e22d, 32'h61501e70, 32'h0a940e80}; + + + // + // Clock (100 MHz) + // + reg clk = 1'b0; + always #5 clk = ~clk; + + + // + // Inputs, Outputs + // + reg rst_n; + reg ena; + wire rdy; + + + // + // Buffers (K, PX, PY) + // + wire [WORD_COUNTER_WIDTH-1:0] core_k_addr; + wire [WORD_COUNTER_WIDTH-1:0] core_pxy_addr; + + wire core_px_wren; + wire core_py_wren; + + wire [ 32-1:0] core_k_data; + wire [ 32-1:0] core_pxy_data; + + reg [WORD_COUNTER_WIDTH-1:0] tb_k_addr; + reg [WORD_COUNTER_WIDTH-1:0] tb_pxy_addr; + + reg tb_k_wren; + + reg [ 31:0] tb_k_data; + wire [ 31:0] tb_px_data; + wire [ 31:0] tb_py_data; + + bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) + bram_k + ( .clk(clk), + .a_addr(tb_k_addr), .a_wr(tb_k_wren), .a_in(tb_k_data), .a_out(), + .b_addr(core_k_addr), .b_out(core_k_data) + ); + + bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) + bram_px + ( .clk(clk), + .a_addr(core_pxy_addr), .a_wr(core_px_wren), .a_in(core_pxy_data), .a_out(), + .b_addr(tb_pxy_addr), .b_out(tb_px_data) + ); + + bram_1rw_1ro_readfirst # (.MEM_WIDTH(32), .MEM_ADDR_BITS(WORD_COUNTER_WIDTH)) + bram_py + ( .clk(clk), + .a_addr(core_pxy_addr), .a_wr(core_py_wren), .a_in(core_pxy_data), .a_out(), + .b_addr(tb_pxy_addr), .b_out(tb_py_data) + ); + + + // + // UUT + // + ecdsa384_base_point_multiplier uut + ( + .clk (clk), + .rst_n (rst_n), + + .ena (ena), + .rdy (rdy), + + .k_addr (core_k_addr), + .rxy_addr (core_pxy_addr), + + .rx_wren (core_px_wren), + .ry_wren (core_py_wren), + + .k_din (core_k_data), + .rxy_dout (core_pxy_data) + ); - // - // Testbench Routine - // - reg ok = 1; - initial begin - /* initialize control inputs */ - rst_n = 0; - ena = 0; + // + // Testbench Routine + // + reg ok = 1; + initial begin - /* wait for some time */ - #200; + /* initialize control inputs */ + rst_n = 0; + ena = 0; + + /* wait for some time */ + #200; + + /* de-assert reset */ + rst_n = 1; + + /* wait for some time */ + #100; + + /* run tests */ + $display("1. Q1 = d1 * G..."); + test_curve_multiplier(ECDSA_P384_D_NSA, ECDSA_P384_QX_NSA, ECDSA_P384_QY_NSA); + + $display("2. R = k * G..."); + test_curve_multiplier(ECDSA_P384_K_NSA, ECDSA_P384_RX_NSA, ECDSA_P384_RY_NSA); + + $display("3. Q2 = d2 * G..."); + test_curve_multiplier(ECDSA_P384_D_RANDOM, ECDSA_P384_QX_RANDOM, ECDSA_P384_QY_RANDOM); - /* de-assert reset */ - rst_n = 1; + $display("4. O = n * G..."); + test_curve_multiplier(ECDSA_P384_N, 384'd0, 384'd0); - /* wait for some time */ - #100; + $display("5. G = (n + 1) * G..."); + test_curve_multiplier(ECDSA_P384_N + 384'd1, ECDSA_P384_GX, ECDSA_P384_GY); - /* run tests */ - //test_curve_multiplier(K_1, PX_1, PY_1); - //test_curve_multiplier(K_2, PX_2, PY_2); - //test_curve_multiplier(K_3, PX_3, PY_3); - //test_curve_multiplier(K_4, PX_4, PY_4); - //test_curve_multiplier(K_5, PX_5, PY_5); - test_curve_multiplier(K_6, PX_6, PY_6); + $display("6. H = 2 * G..."); + test_curve_multiplier(384'd2, ECDSA_P384_HX, ECDSA_P384_HY); - /* print result */ - if (ok) $display("tb_curve_multiplier_384: SUCCESS"); - else $display("tb_curve_multiplier_384: FAILURE"); - // - //$finish; - // - end + $display("7. H = (n + 2) * G..."); + test_curve_multiplier(ECDSA_P384_N + 384'd2, ECDSA_P384_HX, ECDSA_P384_HY); + /* print result */ + if (ok) $display("tb_curve_multiplier_384: SUCCESS"); + else $display("tb_curve_multiplier_384: FAILURE"); - // - // Test Task - // - reg p_ok; + //$finish; - integer w; + end - task test_curve_multiplier; - input [383:0] k; - input [383:0] px; - input [383:0] py; + // + // Test Task + // + reg p_ok; - reg [383:0] k_shreg; - reg [383:0] px_shreg; - reg [383:0] py_shreg; + integer w; - begin + task test_curve_multiplier; + + input [383:0] k; + input [383:0] px; + input [383:0] py; - /* start filling memories */ - tb_k_wren = 1; + reg [383:0] k_shreg; + reg [383:0] px_shreg; + reg [383:0] py_shreg; - /* initialize shift registers */ - k_shreg = k; + begin + + /* start filling memories */ + tb_k_wren = 1; - /* write all the words */ - for (w=0; w<OPERAND_NUM_WORDS; w=w+1) begin + /* initialize shift registers */ + k_shreg = k; - /* set addresses */ - tb_k_addr = w[WORD_COUNTER_WIDTH-1:0]; + /* write all the words */ + for (w=0; w<OPERAND_NUM_WORDS; w=w+1) begin - /* set data words */ - tb_k_data = k_shreg[31:0]; + /* set addresses */ + tb_k_addr = w[WORD_COUNTER_WIDTH-1:0]; - /* shift inputs */ - k_shreg = {{32{1'bX}}, k_shreg[383:32]}; + /* set data words */ + tb_k_data = k_shreg[31:0]; - /* wait for 1 clock tick */ - #10; + /* shift inputs */ + k_shreg = {{32{1'bX}}, k_shreg[383:32]}; - end + /* wait for 1 clock tick */ + #10; - /* wipe addresses */ - tb_k_addr = {WORD_COUNTER_WIDTH{1'bX}}; + end - /* wipe data words */ - tb_k_data = {32{1'bX}}; + /* wipe addresses */ + tb_k_addr = {WORD_COUNTER_WIDTH{1'bX}}; - /* stop filling memories */ - tb_k_wren = 0; + /* wipe data words */ + tb_k_data = {32{1'bX}}; - /* start operation */ - ena = 1; + /* stop filling memories */ + tb_k_wren = 0; - /* clear flag */ - #10 ena = 0; + /* start operation */ + ena = 1; - /* wait for operation to complete */ - while (!rdy) #10; + /* clear flag */ + #10 ena = 0; - /* read result */ - for (w=0; w<OPERAND_NUM_WORDS; w=w+1) begin + /* wait for operation to complete */ + while (!rdy) #10; - /* set address */ - tb_pxy_addr = w[WORD_COUNTER_WIDTH-1:0]; + /* read result */ + for (w=0; w<OPERAND_NUM_WORDS; w=w+1) begin - /* wait for 1 clock tick */ - #10; + /* set address */ + tb_pxy_addr = w[WORD_COUNTER_WIDTH-1:0]; - /* store data word */ - px_shreg = {tb_px_data, px_shreg[383:32]}; - py_shreg = {tb_py_data, py_shreg[383:32]}; + /* wait for 1 clock tick */ + #10; - end + /* store data word */ + px_shreg = {tb_px_data, px_shreg[383:32]}; + py_shreg = {tb_py_data, py_shreg[383:32]}; - /* compare */ - p_ok = (px_shreg == px) && - (py_shreg == py); + end - /* display results */ - $display("test_curve_multiplier(): %s", p_ok ? "OK" : "ERROR"); + /* compare */ + p_ok = (px_shreg === px) && + (py_shreg === py); - /* update global flag */ - ok = ok && p_ok; + /* display results */ + if (p_ok) $display("test_curve_multiplier(): OK"); + else begin + $display("test_curve_multiplier(): ERROR"); + $display("ref_px == %x", px); + $display("calc_px == %x", px_shreg); + $display("ref_py == %x", py); + $display("calc_py == %x", py_shreg); + end - end + /* update global flag */ + ok = ok && p_ok; + + end - endtask + endtask endmodule diff --git a/bench/tb_modular_multiplier_384.v b/bench/tb_modular_multiplier_384.v deleted file mode 100644 index a5825d8..0000000 --- a/bench/tb_modular_multiplier_384.v +++ /dev/null @@ -1,366 +0,0 @@ -//------------------------------------------------------------------------------ -// -// tb_modular_multiplier_384.v -// ----------------------------------------------------------------------------- -// Testbench for modular multi-word multiplier. -// -// Authors: Pavel Shatov -// -// Copyright (c) 2015-2016, NORDUnet A/S -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are met: -// -// - Redistributions of source code must retain the above copyright notice, -// this list of conditions and the following disclaimer. -// -// - Redistributions in binary form must reproduce the above copyright notice, -// this list of conditions and the following disclaimer in the documentation -// and/or other materials provided with the distribution. -// -// - Neither the name of the NORDUnet nor the names of its contributors may be -// used to endorse or promote products derived from this software without -// specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -// -//------------------------------------------------------------------------------ - -//------------------------------------------------------------------------------ -`timescale 1ns / 1ps -//------------------------------------------------------------------------------ - -module tb_modular_multiplier_384; - - - // - // Test Vectors - // - localparam [383:0] N = 384'hfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff; - - localparam [383:0] X_1 = 384'haa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7; - localparam [383:0] Y_1 = 384'h3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f; - localparam [383:0] P_1 = 384'h332e559389c970313cb29c4b55af5783821971a99c250daf84dc5d3cc441cb0a482e90de9d3ccd96b3c8c48b2ad3f025; - - localparam [383:0] X_2 = 384'haaf06bba82e9f590e29c71c219bea51723c5893ae8b0c8cf4c117c3efb57ab8d55fa1b428155ad278b5743911b13ea8a; - localparam [383:0] Y_2 = 384'hc9e821b569d9d390a26167406d6d23d6070be242d765eb831625ceec4a0f473ef59f4e30e2817e6285bce2846f15f19d; - localparam [383:0] P_2 = 384'haa1a9db70fba0a4c034777cdcd93e8bd6e9afa1171d43bdea0a16c32da20e7ebccb2fac9676f9d67a31e6f4f69e876e5; - - localparam [383:0] X_3 = 384'h1fbac8eebd0cbf35640b39efe0808dd774debff20a2a329e91713baf7d7f3c3e81546d883730bee7e48678f857b02ca0; - localparam [383:0] Y_3 = 384'heb213103bd68ce343365a8a4c3d4555fa385f5330203bdd76ffad1f3affb95751c132007e1b240353cb0a4cf1693bdf9; - localparam [383:0] P_3 = 384'h80f70000040a44b05f3752b7d5338f87e409b868f032911bda888451c13097039d66d9e7b0e3e799b9dd613d2524b7af; - - localparam [383:0] X_4 = 384'ha0c27ec893092dea1e1bd2ccfed3cf945c8134ed0c9f81311a0f4a05942db8dbed8dd59f267471d5462aa14fe72de856; - localparam [383:0] Y_4 = 384'h855649409815bb91424eaca5fd76c97375d575d1422ec53d343bd33b847fdf0c11569685b528ab25493015428d7cf72b; - localparam [383:0] P_4 = 384'h548e8456d5b3c36557a59914af514739a92908e59ddde731b8746891ad26199de955789e7cc34bfe966e3471c2684969; - - - // - // Core Parameters - // - localparam WORD_COUNTER_WIDTH = 4; - localparam OPERAND_NUM_WORDS = 12; - - - // - // Clock (100 MHz) - // - reg clk = 1'b0; - always #5 clk = ~clk; - - - // - // Inputs, Outputs - // - reg rst_n; - reg ena; - wire rdy; - - - // - // Buffers (X, Y, N, P) - // - wire [WORD_COUNTER_WIDTH-1:0] core_x_addr; - wire [WORD_COUNTER_WIDTH-1:0] core_y_addr; - wire [WORD_COUNTER_WIDTH-1:0] core_n_addr; - wire [WORD_COUNTER_WIDTH-1:0] core_p_addr; - - wire core_p_wren; - - wire [ 31:0] core_x_data; - wire [ 31:0] core_y_data; - wire [ 31:0] core_n_data; - wire [ 31:0] core_p_data; - - reg [WORD_COUNTER_WIDTH-1:0] tb_xyn_addr; - reg [WORD_COUNTER_WIDTH-1:0] tb_p_addr; - - reg tb_xyn_wren; - - reg [ 31:0] tb_x_data; - reg [ 31:0] tb_y_data; - reg [ 31:0] tb_n_data; - wire [ 31:0] tb_p_data; - - bram_1rw_1ro_readfirst # - ( - .MEM_WIDTH (32), - .MEM_ADDR_BITS (WORD_COUNTER_WIDTH) - ) - bram_x - ( - .clk (clk), - - .a_addr (tb_xyn_addr), - .a_wr (tb_xyn_wren), - .a_in (tb_x_data), - .a_out (), - - .b_addr (core_x_addr), - .b_out (core_x_data) - ); - - bram_1rw_1ro_readfirst # - ( - .MEM_WIDTH (32), - .MEM_ADDR_BITS (WORD_COUNTER_WIDTH) - ) - bram_y - ( - .clk (clk), - - .a_addr (tb_xyn_addr), - .a_wr (tb_xyn_wren), - .a_in (tb_y_data), - .a_out (), - - .b_addr (core_y_addr), - .b_out (core_y_data) - ); - - bram_1rw_1ro_readfirst # - ( - .MEM_WIDTH (32), - .MEM_ADDR_BITS (WORD_COUNTER_WIDTH) - ) - bram_n - ( - .clk (clk), - - .a_addr (tb_xyn_addr), - .a_wr (tb_xyn_wren), - .a_in (tb_n_data), - .a_out (), - - .b_addr (core_n_addr), - .b_out (core_n_data) - ); - - bram_1rw_1ro_readfirst # - ( - .MEM_WIDTH (32), - .MEM_ADDR_BITS (WORD_COUNTER_WIDTH) - ) - bram_s - ( - .clk (clk), - - .a_addr (core_p_addr), - .a_wr (core_p_wren), - .a_in (core_p_data), - .a_out (), - - .b_addr (tb_p_addr), - .b_out (tb_p_data) - ); - - - // - // UUT - // - modular_multiplier_384 uut - ( - .clk (clk), - .rst_n (rst_n), - - .ena (ena), - .rdy (rdy), - - .a_addr (core_x_addr), - .b_addr (core_y_addr), - .n_addr (core_n_addr), - .p_addr (core_p_addr), - .p_wren (core_p_wren), - - .a_din (core_x_data), - .b_din (core_y_data), - .n_din (core_n_data), - .p_dout (core_p_data) - ); - - - // - // Testbench Routine - // - reg ok = 1; - initial begin - - /* initialize control inputs */ - rst_n = 0; - ena = 0; - - tb_xyn_wren = 0; - - /* wait for some time */ - #200; - - /* de-assert reset */ - rst_n = 1; - - /* wait for some time */ - #100; - - /* run tests */ - test_modular_multiplier_384(X_1, Y_1, N, P_1); - test_modular_multiplier_384(X_2, Y_2, N, P_2); - test_modular_multiplier_384(X_3, Y_3, N, P_3); - test_modular_multiplier_384(X_4, Y_4, N, P_4); - - /* print result */ - if (ok) $display("tb_modular_multiplier_384: SUCCESS"); - else $display("tb_modular_multiplier_384: FAILURE"); - // - //$finish; - // - end - - - // - // Test Task - // - reg [383:0] p; - reg p_ok; - - integer w; - - reg [767:0] pp_full; - reg [383:0] pp_ref; - - task test_modular_multiplier_384; - - input [383:0] x; - input [383:0] y; - input [383:0] n; - input [383:0] pp; - - reg [383:0] x_shreg; - reg [383:0] y_shreg; - reg [383:0] n_shreg; - reg [383:0] p_shreg; - - begin - - /* start filling memories */ - tb_xyn_wren = 1; - - /* initialize shift registers */ - x_shreg = x; - y_shreg = y; - n_shreg = n; - - /* write all the words */ - for (w=0; w<OPERAND_NUM_WORDS; w=w+1) begin - - /* set addresses */ - tb_xyn_addr = w[WORD_COUNTER_WIDTH-1:0]; - - /* set data words */ - tb_x_data = x_shreg[31:0]; - tb_y_data = y_shreg[31:0]; - tb_n_data = n_shreg[31:0]; - - /* shift inputs */ - x_shreg = {{32{1'bX}}, x_shreg[383:32]}; - y_shreg = {{32{1'bX}}, y_shreg[383:32]}; - n_shreg = {{32{1'bX}}, n_shreg[383:32]}; - - /* wait for 1 clock tick */ - #10; - - end - - /* wipe addresses */ - tb_xyn_addr = {WORD_COUNTER_WIDTH{1'bX}}; - - /* wipe data words */ - tb_x_data = {32{1'bX}}; - tb_y_data = {32{1'bX}}; - tb_n_data = {32{1'bX}}; - - /* stop filling memories */ - tb_xyn_wren = 0; - - /* calculate reference value */ - pp_full = {{384{1'b0}}, x} * {{384{1'b0}}, y}; - pp_ref = pp_full % {{384{1'b0}}, n}; - - /* compare reference value against hard-coded one */ - if (pp_ref != pp) begin - $display("ERROR: pp_ref != pp"); - $finish; - end - - /* start operation */ - ena = 1; - - /* clear flag */ - #10 ena = 0; - - /* wait for operation to complete */ - while (!rdy) #10; - - /* read result */ - for (w=0; w<OPERAND_NUM_WORDS; w=w+1) begin - - /* set address */ - tb_p_addr = w[WORD_COUNTER_WIDTH-1:0]; - - /* wait for 1 clock tick */ - #10; - - /* store data word */ - p_shreg = {tb_p_data, p_shreg[383:32]}; - - end - - /* compare */ - p_ok = (p_shreg == pp); - - /* display results */ - $display("test_modular_multiplier_384(): %s", p_ok ? "OK" : "ERROR"); - - /* update flag */ - ok = ok && p_ok; - - end - - endtask - - - - -endmodule - -//------------------------------------------------------------------------------ -// End-of-File -//------------------------------------------------------------------------------ |