aboutsummaryrefslogtreecommitdiff
path: root/src/rtl
diff options
context:
space:
mode:
authorJoachim StroĢˆmbergson <joachim@secworks.se>2018-09-14 15:01:59 +0200
committerJoachim StroĢˆmbergson <joachim@secworks.se>2018-09-14 15:01:59 +0200
commitfa3ebe9f36310af061aba162713676b548555017 (patch)
tree9f0061951f9c0b8f3aface68c5129d432c647828 /src/rtl
parent6cfcc1ec5bc0e2c944ec66bd62d58740d2b8823d (diff)
Adding support for automatic A-value and RLEN calculation. Adding support for checking that unwrapped data is valid.auto_magic
Diffstat (limited to 'src/rtl')
-rw-r--r--src/rtl/keywrap.v39
-rw-r--r--src/rtl/keywrap_core.v42
2 files changed, 49 insertions, 32 deletions
diff --git a/src/rtl/keywrap.v b/src/rtl/keywrap.v
index f8fcbd7..2d241a9 100644
--- a/src/rtl/keywrap.v
+++ b/src/rtl/keywrap.v
@@ -4,17 +4,6 @@
// --------
// Top level wrapper for the KEY WRAP core.
//
-// Since $clog2() is not supported by all tools, and constant
-// functions are not supported by some other tools we need to
-// do the size to number of bits calculation by hand.
-// 8192 bytes = 2048 32 bit words. This requires 11 bits.
-// We need additional space for control and status words. But
-// since we have filled the address space, we need another MSB
-// in the address. Thus ADDR_BITS = 12 bits.
-//
-// 0x000 - 0x7ff are for control and status.
-// 0x800 - 0xfff are for data storage
-//
//
// Author: Joachim Strombergson
// Copyright (c) 2018, NORDUnet A/S
@@ -81,7 +70,7 @@ module keywrap #(parameter ADDR_BITS = 13)
localparam CTRL_ENCDEC_BIT = 0;
localparam CTRL_KEYLEN_BIT = 1;
- localparam ADDR_RLEN = 8'h0c;
+ localparam ADDR_LENGTH = 8'h0c;
localparam ADDR_A0 = 8'h0e;
localparam ADDR_A1 = 8'h0f;
@@ -96,10 +85,10 @@ module keywrap #(parameter ADDR_BITS = 13)
localparam CORE_NAME0 = 32'h6b657920; // "key "
localparam CORE_NAME1 = 32'h77726170; // "wrap"
- localparam CORE_VERSION = 32'h302e3830; // "0.80"
+ localparam CORE_VERSION = 32'h312e3031; // "1.01"
localparam MEM_BITS = ADDR_BITS - 1;
- localparam RLEN_BITS = ADDR_BITS - 2;
+ localparam LEN_BITS = MEM_BITS + 2;
localparam PAD = ADDR_BITS - 8;
@@ -116,8 +105,8 @@ module keywrap #(parameter ADDR_BITS = 13)
reg keylen_reg;
reg config_we;
- reg [(RLEN_BITS - 1) : 0] rlen_reg;
- reg rlen_we;
+ reg [(LEN_BITS - 1) : 0] length_reg;
+ reg length_we;
reg [31 : 0] a0_reg;
reg a0_we;
@@ -180,7 +169,7 @@ module keywrap #(parameter ADDR_BITS = 13)
.ready(core_ready),
.valid(core_valid),
- .rlen(rlen_reg),
+ .length(length_reg),
.key(core_key),
.keylen(keylen_reg),
@@ -211,7 +200,7 @@ module keywrap #(parameter ADDR_BITS = 13)
next_reg <= 1'h0;
encdec_reg <= 1'h0;
keylen_reg <= 1'h0;
- rlen_reg <= {RLEN_BITS{1'h0}};
+ length_reg <= {LEN_BITS{1'h0}};
valid_reg <= 1'h0;
ready_reg <= 1'h0;
a0_reg <= 32'h0;
@@ -232,8 +221,8 @@ module keywrap #(parameter ADDR_BITS = 13)
keylen_reg <= write_data[CTRL_KEYLEN_BIT];
end
- if (rlen_we)
- rlen_reg <= write_data[12 : 0];
+ if (length_we)
+ length_reg <= write_data[(LEN_BITS - 1) : 0];
if (a0_we)
a0_reg <= write_data;
@@ -257,7 +246,7 @@ module keywrap #(parameter ADDR_BITS = 13)
init_new = 1'h0;
next_new = 1'h0;
config_we = 1'h0;
- rlen_we = 1'h0;
+ length_we = 1'h0;
key_we = 1'h0;
core_api_we = 1'h0;
a0_we = 1'h0;
@@ -285,8 +274,8 @@ module keywrap #(parameter ADDR_BITS = 13)
if (address == {{PAD{1'h0}}, ADDR_CONFIG})
config_we = 1'h1;
- if (address == {{PAD{1'h0}}, ADDR_RLEN})
- rlen_we = 1'h1;
+ if (address == {{PAD{1'h0}}, ADDR_LENGTH})
+ length_we = 1'h1;
if (address == {{PAD{1'h0}}, ADDR_A0})
a0_we = 1'h1;
@@ -319,8 +308,8 @@ module keywrap #(parameter ADDR_BITS = 13)
if (address == {{PAD{1'h0}}, ADDR_STATUS})
api_rd_delay_new = {30'h0, valid_reg, ready_reg};
- if (address == {{PAD{1'h0}}, ADDR_RLEN})
- api_rd_delay_new = {19'h0, rlen_reg};
+ if (address == {{PAD{1'h0}}, ADDR_LENGTH})
+ api_rd_delay_new = {{(32 - LEN_BITS){1'h0}}, length_reg};
if (address == {{PAD{1'h0}}, ADDR_A0})
api_rd_delay_new = core_a_result[63 : 32];
diff --git a/src/rtl/keywrap_core.v b/src/rtl/keywrap_core.v
index d1e63b0..469a238 100644
--- a/src/rtl/keywrap_core.v
+++ b/src/rtl/keywrap_core.v
@@ -52,7 +52,7 @@ module keywrap_core #(parameter MEM_BITS = 11)
output wire ready,
output wire valid,
- input wire [(MEM_BITS - 2) : 0] rlen,
+ input wire [(LEN_BITS - 1) : 0] length,
input wire [255 : 0] key,
input wire keylen,
@@ -84,6 +84,10 @@ module keywrap_core #(parameter MEM_BITS = 11)
localparam CTRL_NEXT_UCHECK = 4'h9;
localparam CTRL_NEXT_FINALIZE = 4'ha;
+ localparam LEN_BITS = MEM_BITS + 2;
+
+ localparam AIV = 32'ha65959a6;
+
//----------------------------------------------------------------
// Registers and memories including control signals.
@@ -134,6 +138,8 @@ module keywrap_core #(parameter MEM_BITS = 11)
reg update_state;
+ reg [(MEM_BITS - 1) : 0] rlen;
+
reg core_we;
reg [(MEM_BITS - 2) : 0] core_addr;
reg [63 : 0] core_wr_data;
@@ -238,7 +244,13 @@ module keywrap_core #(parameter MEM_BITS = 11)
core_addr = block_ctr_reg;
core_we = 1'h0;
- xor_val = (rlen * iteration_ctr_reg) + {51'h0, (block_ctr_reg + 1'h1)};
+ // Calculate the correct number of blocks including padding.
+ if (length[1 : 0] === 2'h0)
+ rlen = length[(LEN_BITS - 1) : 3];
+ else
+ rlen = length[(LEN_BITS - 2) : 3] + 1'b1;
+
+ xor_val = (rlen * iteration_ctr_reg) + {52'h0, (block_ctr_reg + 1'h1)};
if (encdec)
aes_block = {a_reg, core_rd_data};
@@ -249,8 +261,11 @@ module keywrap_core #(parameter MEM_BITS = 11)
if (init_a)
begin
- a_new = a_init;
a_we = 1'h1;
+ if (encdec)
+ a_new = {AIV, {{(32 - (MEM_BITS + 2)){1'b0}}, length}};
+ else
+ a_new = a_init;
end
if (update_state)
@@ -510,10 +525,23 @@ module keywrap_core #(parameter MEM_BITS = 11)
CTRL_NEXT_FINALIZE:
begin
- ready_new = 1'h1;
- ready_we = 1'h1;
- valid_new = 1'h1;
- valid_we = 1'h1;
+ ready_new = 1'h1;
+ ready_we = 1'h1;
+
+ if (encdec)
+ begin
+ valid_new = 1'h1;
+ valid_we = 1'h1;
+ end
+ else
+ begin
+ if (a_reg[63 : 32] == AIV)
+ begin
+ valid_new = 1'h1;
+ valid_we = 1'h1;
+ end
+ end
+
keywrap_core_ctrl_new = CTRL_IDLE;
keywrap_core_ctrl_we = 1'h1;
end