//======================================================================
//
// keywrap_core.v
// --------------
// Core that tries to implement AES KEY WRAP as specified in
// RFC 3394 and extended with padding in RFC 5649.
// Experimental core at the moment. Does Not Work.
// The maximum wrap object size is 64 kByte.
//
//
// Author: Joachim Strombergson
// Copyright (c) 2018, NORDUnet A/S
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
// - Redistributions of source code must retain the above copyright notice,
// this list of conditions and the following disclaimer.
//
// - Redistributions in binary form must reproduce the above copyright
// notice, this list of conditions and the following disclaimer in the
// documentation and/or other materials provided with the distribution.
//
// - Neither the name of the NORDUnet nor the names of its contributors may
// be used to endorse or promote products derived from this software
// without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
// IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
// TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
// PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
//======================================================================
module keywrap_core #(parameter MEM_BITS = 11)
(
input wire clk,
input wire reset_n,
output wire mkm_spi_sclk,
output wire mkm_spi_cs_n,
input wire mkm_spi_do,
output wire mkm_spi_di,
input wire init,
input wire next,
input wire read,
input wire write,
input wire mkey_mstatus,
input wire encdec,
output wire ready,
output wire valid,
input wire [(MEM_BITS - 2) : 0] rlen,
input wire [255 : 0] key,
input wire keylen,
input wire [31 : 0] status,
output wire [255 : 0] mkey,
output wire [31 : 0] mstatus,
input wire [63 : 0] a_init,
output wire [63 : 0] a_result,
input wire api_we,
input wire [(MEM_BITS - 1) : 0] api_addr,
input wire [31 : 0] api_wr_data,
output wire [31 : 0] api_rd_data
);
//----------------------------------------------------------------
// Paramenters and local defines.
//----------------------------------------------------------------
localparam MAX_ITERATIONS = 6 - 1;
localparam CTRL_IDLE = 6'h0;
localparam CTRL_INIT_WAIT = 6'h1;
localparam CTRL_NEXT_WSTART = 6'h2;
localparam CTRL_NEXT_USTART = 6'h3;
localparam CTRL_NEXT_LOOP0 = 6'h4;
localparam CTRL_NEXT_LOOP = 6'h5;
localparam CTRL_NEXT_WAIT = 6'h6;
localparam CTRL_NEXT_UPDATE = 6'h7;
localparam CTRL_NEXT_WCHECK = 6'h8;
localparam CTRL_NEXT_UCHECK = 6'h9;
localparam CTRL_NEXT_FINALIZE = 6'ha;
localparam CTRL_MKM_RD_START = 6'h10;
localparam CTRL_MKM_RD_WAIT0 = 6'h11;
localparam CTRL_MKM_RD_STATUS = 6'h12;
localparam CTRL_MKM_RD_END = 6'h13;
localparam CTRL_MKM_WR_START = 6'h18;
localparam CTRL_MKM_WR_WAIT0 = 6'h19;
localparam CTRL_MKM_WR_END = 6'h1a;
// API for mkm used by the core.
localparam MKM_ADDR_CTRL = 8'h08;
localparam MKM_CTRL_READ_BIT = 0;
localparam MKM_CTRL_WRITE_BIT = 1;
localparam MKM_ADDR_STATUS = 8'h09;
localparam MKM_STATUS_READY_BIT = 0;
localparam MKM_STATUS_VALID_BIT = 1;
localparam MKM_ADDR_SCLK_DIV = 8'h0a;
localparam MKM_ADDR_EMEM_ADDR = 8'h10;
localparam MKM_ADDR_EMEM_DATA = 8'h20;
// Addresses for storage in the mkm
localparam MKM_STATUS_WORD = 16'h00;
localparam MKM_KEY_BASE_WORD = 16'h04;
localparam DEFAULT_SCLK_DIV = 16'h0020;
//----------------------------------------------------------------
// Registers and memories including control signals.
//----------------------------------------------------------------
reg [63 : 0] a_reg;
reg [63 : 0] a_new;
reg a_we;
reg init_a;
reg ready_reg;
reg ready_new;
reg ready_we;
reg valid_reg;
reg valid_new;
reg valid_we;
reg [(MEM_BITS - 2) : 0] block_ctr_reg;
reg [(MEM_BITS - 2) : 0] block_ctr_new;
reg block_ctr_we;
reg block_ctr_dec;
reg block_ctr_inc;
reg block_ctr_rst;
reg block_ctr_set;
reg [2 : 0] iteration_ctr_reg;
reg [2 : 0] iteration_ctr_new;
reg iteration_ctr_we;
reg iteration_ctr_inc;
reg iteration_ctr_dec;
reg iteration_ctr_set;
reg iteration_ctr_rst;
reg [31 : 0] mkm_key [0 : 7];
reg mkm_key_we;
reg [2 : 0] mkm_word_ctr_reg;
reg [2 : 0] mkm_word_ctr_new;
reg mkm_word_ctr_we;
reg [7 : 0] mkm_addr_reg;
reg [7 : 0] mkm_addr_new;
reg mkm_addr_we;
reg [31 : 0] mkm_status_reg;
reg [31 : 0] mkm_status_new;
reg mkm_status_we;
reg [5 : 0] keywrap_core_ctrl_reg;
reg [5 : 0] keywrap_core_ctrl_new;
reg keywrap_core_ctrl_we;
//----------------------------------------------------------------
// Wires.
//----------------------------------------------------------------
reg aes_init;
reg aes_next;
wire aes_ready;
wire aes_valid;
reg [127 : 0] aes_block;
wire [127 : 0] aes_result;
reg update_state;
reg core_we;
reg [(MEM_BITS - 2) : 0] core_addr;
reg [63 : 0] core_wr_data;
wire [63 : 0] core_rd_data;
reg mkm_init_op;
reg mkm_read_op;
reg mkm_write_op;
wire mkm_ready;
wire mkm_valid;
reg [15 : 0] mkm_sclk_div;
reg [15 : 0] mkm_addr;
reg [31 : 0] mkm_write_data;
wire [31 : 0] mkm_read_data;
//----------------------------------------------------------------
// Instantiations.
//----------------------------------------------------------------
keywrap_mem #(.API_ADDR_BITS(MEM_BITS))
mem(
.clk(clk),
.api_we(api_we),
.api_addr(api_addr),
.api_wr_data(api_wr_data),
.api_rd_data(api_rd_data),
.core_we(core_we),
.core_addr(core_addr),
.core_wr_data(core_wr_data),
.core_rd_data(core_rd_data)
);
aes_core aes(
.clk(clk),
.reset_n(reset_n),
.encdec(encdec),
.init(aes_init),
.next(aes_next),
.key(key),
.keylen(keylen),
.block(aes_block),
.ready(aes_ready),
.result(aes_result),
.result_valid(aes_valid)
);
mkmif_core mkm(
.clk(clk),
.reset_n(reset_n),
.spi_sclk(mkm_spi_sclk),
.spi_cs_n(mkm_spi_cs_n),
.spi_do(mkm_spi_do),
.spi_di(mkm_spi_di),
.init_op(mkm_init_op),
.read_op(mkm_read_op),
.write_op(mkm_write_op),
.ready(mkm_ready),
.valid(mkm_valid),
.sclk_div(mkm_sclk_div),
.addr(mkm_addr),
.write_data(mkm_write_data),
.read_data(mkm_read_data)
);
//----------------------------------------------------------------
// Assignments for ports.
//----------------------------------------------------------------
assign a_result = a_reg;
assign ready = ready_reg;
assign valid = valid_reg;
assign mstatus = mkm_status_reg;
//----------------------------------------------------------------
// reg_update
//----------------------------------------------------------------
always @ (posedge clk or negedge reset_n)
begin: reg_update
integer i;
if (!reset_n)
begin
for (i = 0 ; i < 8 ; i = i + 1)
mkm_key[i] <= 32'h0;
a_reg <= 64'h0;
ready_reg <= 1'h1;
valid_reg <= 1'h1;
block_ctr_reg <= {(MEM_BITS - 1){1'h0}};
iteration_ctr_reg <= 3'h0;
mkm_word_ctr_reg <= 3'h0;
mkm_addr_reg <= 8'h0;
mkm_status_reg <= 32'h0;
keywrap_core_ctrl_reg <= CTRL_IDLE;
end
else
begin
if (a_we)
a_reg <= a_new;
if (mkm_status_we)
mkm_status_reg <= mkm_read_data;
if (ready_we)
ready_reg <= ready_new;
if (valid_we)
valid_reg <= valid_new;
if (block_ctr_we)
block_ctr_reg <= block_ctr_new;
if (iteration_ctr_we)
iteration_ctr_reg <= iteration_ctr_new;
if (keywrap_core_ctrl_we)
keywrap_core_ctrl_reg <= keywrap_core_ctrl_new;
end
end // reg_update
//----------------------------------------------------------------
// keywrap_logic
//
// Main logic for the key wrap functionality.
//----------------------------------------------------------------
always @*
begin : keywrap_logic
reg [63 : 0] xor_val;
a_new = 64'h0;
a_we = 1'h0;
core_addr = block_ctr_reg;
core_we = 1'h0;
xor_val = (rlen * iteration_ctr_reg) + {51'h0, (block_ctr_reg + 1'h1)};
if (encdec)
aes_block = {a_reg, core_rd_data};
else
aes_block = {(a_reg ^ xor_val), core_rd_data};
core_wr_data = aes_result[63 : 0];
if (init_a)
begin
a_new = a_init;
a_we = 1'h1;
end
if (update_state)
begin
core_we = 1'h1;
if (encdec)
a_new = aes_result[127 : 64] ^ xor_val;
else
a_new = aes_result[127 : 64];
a_we = 1'h1;
end
end
//----------------------------------------------------------------
// block_ctr
//----------------------------------------------------------------
always @*
begin : block_ctr
block_ctr_new = {(MEM_BITS - 1){1'h0}};
block_ctr_we = 1'h0;
if (block_ctr_rst)
begin
block_ctr_new = {(MEM_BITS - 1){1'h0}};
block_ctr_we = 1'h1;
end
if (block_ctr_set)
begin
block_ctr_new = (rlen - 1'h1);
block_ctr_we = 1'h1;
end
if (block_ctr_dec)
begin
block_ctr_new = block_ctr_reg - 1'h1;
block_ctr_we = 1'h1;
end
if (block_ctr_inc)
begin
block_ctr_new = block_ctr_reg + 1'h1;
block_ctr_we = 1'h1;
end
end
//----------------------------------------------------------------
// iteration_ctr
//----------------------------------------------------------------
always @*
begin : iteration_ctr
iteration_ctr_new = 3'h0;
iteration_ctr_we = 1'h0;
if (iteration_ctr_rst)
begin
iteration_ctr_new = 3'h0;
iteration_ctr_we = 1'h1;
end
if (iteration_ctr_set)
begin
iteration_ctr_new = MAX_ITERATIONS;
iteration_ctr_we = 1'h1;
end
if (iteration_ctr_dec)
begin
iteration_ctr_new = iteration_ctr_reg - 1'h1;
iteration_ctr_we = 1'h1;
end
if (iteration_ctr_inc)
begin
iteration_ctr_new = iteration_ctr_reg + 1'h1;
iteration_ctr_we = 1'h1;
end
end
//----------------------------------------------------------------
// keywrap_core_ctrl
//----------------------------------------------------------------
always @*
begin : keywrap_core_ctrl
ready_new = 1'h0;
ready_we = 1'h0;
valid_new = 1'h0;
valid_we = 1'h0;
init_a = 1'h0;
update_state = 1'h0;
aes_init = 1'h0;
aes_next = 1'h0;
block_ctr_dec = 1'h0;
block_ctr_inc = 1'h0;
block_ctr_rst = 1'h0;
block_ctr_set = 1'h0;
iteration_ctr_inc = 1'h0;
iteration_ctr_dec = 1'h0;
iteration_ctr_set = 1'h0;
iteration_ctr_rst = 1'h0;
mkm_init_op = 1'h0;
mkm_read_op = 1'h0;
mkm_write_op = 1'h0;
mkm_sclk_div = DEFAULT_SCLK_DIV;
mkm_addr = 16'h0;
mkm_write_data = 32'h0;
keywrap_core_ctrl_new = CTRL_IDLE;
keywrap_core_ctrl_we = 1'h0;
case (keywrap_core_ctrl_reg)
CTRL_IDLE:
begin
if (init)
begin
aes_init = 1'h1;
ready_new = 1'h0;
ready_we = 1'h1;
valid_new = 1'h0;
valid_we = 1'h1;
keywrap_core_ctrl_new = CTRL_INIT_WAIT;
keywrap_core_ctrl_we = 1'h1;
end
if (next)
begin
ready_new = 1'h0;
ready_we = 1'h1;
valid_new = 1'h0;
valid_we = 1'h1;
init_a = 1'h1;
if (encdec)
keywrap_core_ctrl_new = CTRL_NEXT_WSTART;
else
keywrap_core_ctrl_new = CTRL_NEXT_USTART;
keywrap_core_ctrl_we = 1'h1;
end
if (read)
begin
ready_new = 1'h0;
ready_we = 1'h1;
keywrap_core_ctrl_new = CTRL_MKM_RD_START;
keywrap_core_ctrl_we = 1'h1;
end
if (write)
begin
ready_new = 1'h0;
ready_we = 1'h1;
keywrap_core_ctrl_new = CTRL_MKM_WR_START;
keywrap_core_ctrl_we = 1'h1;
end
end
CTRL_INIT_WAIT:
begin
if (aes_ready)
begin
ready_new = 1'h1;
ready_we = 1'h1;
keywrap_core_ctrl_new = CTRL_IDLE;
keywrap_core_ctrl_we = 1'h1;
end
end
CTRL_NEXT_WSTART:
begin
block_ctr_rst = 1'h1;
iteration_ctr_rst = 1'h1;
keywrap_core_ctrl_new = CTRL_NEXT_LOOP0;
keywrap_core_ctrl_we = 1'h1;
end
CTRL_NEXT_USTART:
begin
block_ctr_set = 1'h1;
iteration_ctr_set = 1'h1;
keywrap_core_ctrl_new = CTRL_NEXT_LOOP0;
keywrap_core_ctrl_we = 1'h1;
end
CTRL_NEXT_LOOP0:
begin
keywrap_core_ctrl_new = CTRL_NEXT_LOOP;
keywrap_core_ctrl_we = 1'h1;
end
CTRL_NEXT_LOOP:
begin
aes_next = 1'h1;
keywrap_core_ctrl_new = CTRL_NEXT_WAIT;
keywrap_core_ctrl_we = 1'h1;
end
CTRL_NEXT_WAIT:
begin
if (aes_ready)
begin
keywrap_core_ctrl_new = CTRL_NEXT_UPDATE;
keywrap_core_ctrl_we = 1'h1;
end
end
CTRL_NEXT_UPDATE:
begin
update_state = 1'h1;
if (encdec)
keywrap_core_ctrl_new = CTRL_NEXT_WCHECK;
else
keywrap_core_ctrl_new = CTRL_NEXT_UCHECK;
keywrap_core_ctrl_we = 1'h1;
end
CTRL_NEXT_WCHECK:
begin
if (block_ctr_reg < (rlen - 1'h1))
begin
block_ctr_inc = 1'h1;
keywrap_core_ctrl_new = CTRL_NEXT_LOOP0;
keywrap_core_ctrl_we = 1'h1;
end
else if (iteration_ctr_reg < MAX_ITERATIONS)
begin
block_ctr_rst = 1'h1;
iteration_ctr_inc = 1'h1;
keywrap_core_ctrl_new = CTRL_NEXT_LOOP0;
keywrap_core_ctrl_we = 1'h1;
end
else
begin
keywrap_core_ctrl_new = CTRL_NEXT_FINALIZE;
keywrap_core_ctrl_we = 1'h1;
end
end
CTRL_NEXT_UCHECK:
begin
if (block_ctr_reg > 0)
begin
block_ctr_dec = 1'h1;
keywrap_core_ctrl_new = CTRL_NEXT_LOOP0;
keywrap_core_ctrl_we = 1'h1;
end
else if (iteration_ctr_reg > 0)
begin
block_ctr_set = 1'h1;
iteration_ctr_dec = 1'h1;
keywrap_core_ctrl_new = CTRL_NEXT_LOOP0;
keywrap_core_ctrl_we = 1'h1;
end
else
begin
keywrap_core_ctrl_new = CTRL_NEXT_FINALIZE;
keywrap_core_ctrl_we = 1'h1;
end
end
CTRL_NEXT_FINALIZE:
begin
ready_new = 1'h1;
ready_we = 1'h1;
valid_new = 1'h1;
valid_we = 1'h1;
keywrap_core_ctrl_new = CTRL_IDLE;
keywrap_core_ctrl_we = 1'h1;
end
CTRL_MKM_RD_START:
begin
mkm_init_op = 1'h1;
keywrap_core_ctrl_new = CTRL_MKM_RD_WAIT0;
keywrap_core_ctrl_we = 1'h1;
end
CTRL_MKM_RD_WAIT0:
begin
if (mkm_ready)
// MKM should have been initialized.
if (mkey_mstatus)
begin
// Read master key from mkm.
keywrap_core_ctrl_new = CTRL_MKM_RD_END;
keywrap_core_ctrl_we = 1'h1;
end
else
begin
// Read master key status from mkm.
mkm_read_op = 1'h1;
mkm_addr = MKM_STATUS_WORD;
keywrap_core_ctrl_new = CTRL_MKM_RD_STATUS;
keywrap_core_ctrl_we = 1'h1;
end
end
CTRL_MKM_RD_STATUS:
begin
if (mkm_ready)
begin
// status should have been read.
mkm_status_we = 1'h1;
keywrap_core_ctrl_new = CTRL_MKM_RD_END;
keywrap_core_ctrl_we = 1'h1;
end
end
CTRL_MKM_RD_END:
begin
ready_new = 1'h1;
ready_we = 1'h1;
keywrap_core_ctrl_new = CTRL_IDLE;
keywrap_core_ctrl_we = 1'h1;
end
CTRL_MKM_WR_START:
begin
mkm_init_op = 1'h1;
keywrap_core_ctrl_new = CTRL_MKM_WR_WAIT0;
keywrap_core_ctrl_we = 1'h1;
end
CTRL_MKM_WR_WAIT0:
begin
if (mkm_ready)
begin
keywrap_core_ctrl_new = CTRL_MKM_WR_END;
keywrap_core_ctrl_we = 1'h1;
end
end
CTRL_MKM_WR_END:
begin
ready_new = 1'h1;
ready_we = 1'h1;
keywrap_core_ctrl_new = CTRL_IDLE;
keywrap_core_ctrl_we = 1'h1;
end
default:
begin
end
endcase // case (keywrap_core_ctrl_reg)
end // keywrap_core_ctrl
endmodule // keywrap_core
//======================================================================
// EOF keywrap_core.v
//======================================================================