[Cryptech-Commits] [core/hash/sha256] branch master updated: (1) Locked down API to ignore read or write requests that could leak info or cause incorrect behaviour during processing. (2) Cleaned up API registers and the API.

git at cryptech.is git at cryptech.is
Thu Oct 18 11:37:14 UTC 2018


This is an automated email from the git hooks/post-receive script.

joachim at secworks.se pushed a commit to branch master
in repository core/hash/sha256.

The following commit(s) were added to refs/heads/master by this push:
     new 3fec126  (1) Locked down API to ignore read or write requests that could leak info or cause incorrect behaviour during processing. (2) Cleaned up API registers and the API.
3fec126 is described below

commit 3fec1265673b898cdf0e4e5877eec6f8ff336212
Author: Joachim Strömbergson <joachim at secworks.se>
AuthorDate: Thu Oct 18 13:37:03 2018 +0200

    (1) Locked down API to ignore read or write requests that could leak info or cause incorrect behaviour during processing. (2) Cleaned up API registers and the API.
---
 src/rtl/sha256.v   | 431 ++++++++---------------------------------------------
 src/tb/tb_sha256.v |   8 +-
 2 files changed, 68 insertions(+), 371 deletions(-)

diff --git a/src/rtl/sha256.v b/src/rtl/sha256.v
index 67c8a6b..2ef1a57 100644
--- a/src/rtl/sha256.v
+++ b/src/rtl/sha256.v
@@ -98,7 +98,7 @@ module sha256(
 
   localparam CORE_NAME0     = 32'h73686132; // "sha2"
   localparam CORE_NAME1     = 32'h2d323536; // "-256"
-  localparam CORE_VERSION   = 32'h312e3830; // "1.80"
+  localparam CORE_VERSION   = 32'h312e3832; // "1.82"
 
   localparam MODE_SHA_224   = 1'h0;
   localparam MODE_SHA_256   = 1'h1;
@@ -109,13 +109,9 @@ module sha256(
   //----------------------------------------------------------------
   reg init_reg;
   reg init_new;
-  reg init_we;
-  reg init_set;
 
   reg next_reg;
   reg next_new;
-  reg next_we;
-  reg next_set;
 
   reg mode_reg;
   reg mode_new;
@@ -123,38 +119,8 @@ module sha256(
 
   reg ready_reg;
 
-  reg [31 : 0] block0_reg;
-  reg          block0_we;
-  reg [31 : 0] block1_reg;
-  reg          block1_we;
-  reg [31 : 0] block2_reg;
-  reg          block2_we;
-  reg [31 : 0] block3_reg;
-  reg          block3_we;
-  reg [31 : 0] block4_reg;
-  reg          block4_we;
-  reg [31 : 0] block5_reg;
-  reg          block5_we;
-  reg [31 : 0] block6_reg;
-  reg          block6_we;
-  reg [31 : 0] block7_reg;
-  reg          block7_we;
-  reg [31 : 0] block8_reg;
-  reg          block8_we;
-  reg [31 : 0] block9_reg;
-  reg          block9_we;
-  reg [31 : 0] block10_reg;
-  reg          block10_we;
-  reg [31 : 0] block11_reg;
-  reg          block11_we;
-  reg [31 : 0] block12_reg;
-  reg          block12_we;
-  reg [31 : 0] block13_reg;
-  reg          block13_we;
-  reg [31 : 0] block14_reg;
-  reg          block14_we;
-  reg [31 : 0] block15_reg;
-  reg          block15_we;
+  reg [31 : 0] block_reg [0 : 15];
+  reg          block_we;
 
   reg [255 : 0] digest_reg;
 
@@ -164,8 +130,6 @@ module sha256(
   //----------------------------------------------------------------
   // Wires.
   //----------------------------------------------------------------
-  wire           core_init;
-  wire           core_next;
   wire           core_ready;
   wire [511 : 0] core_block;
   wire [255 : 0] core_digest;
@@ -187,14 +151,10 @@ module sha256(
   //----------------------------------------------------------------
   // Concurrent connectivity for ports etc.
   //----------------------------------------------------------------
-  assign core_init = init_reg;
-
-  assign core_next = next_reg;
-
-  assign core_block = {block0_reg, block1_reg, block2_reg, block3_reg,
-                       block4_reg, block5_reg, block6_reg, block7_reg,
-                       block8_reg, block9_reg, block10_reg, block11_reg,
-                       block12_reg, block13_reg, block14_reg, block15_reg};
+  assign core_block = {block_reg[00], block_reg[01], block_reg[02], block_reg[03],
+                       block_reg[04], block_reg[05], block_reg[06], block_reg[07],
+                       block_reg[08], block_reg[09], block_reg[10], block_reg[11],
+                       block_reg[12], block_reg[13], block_reg[14], block_reg[15]};
 
   assign read_data = tmp_read_data;
   assign error     = tmp_error;
@@ -207,8 +167,8 @@ module sha256(
                    .clk(clk),
                    .reset_n(reset_n),
 
-                   .init(core_init),
-                   .next(core_next),
+                   .init(init_reg),
+                   .next(next_reg),
                    .mode(mode_reg),
 
                    .block(core_block),
@@ -239,46 +199,27 @@ module sha256(
   // asynchronous active low reset.
   //----------------------------------------------------------------
   always @ (posedge clk or negedge reset_n)
-    begin
+    begin : reg_update
+      integer i;
+
       if (!reset_n)
         begin
-          init_reg         <= 1'h0;
-          next_reg         <= 1'h0;
+          for (i = 0 ; i < 16 ; i = i + 1)
+            block_reg[i] <= 32'h0;
+
+          init_reg         <= 0;
+          next_reg         <= 0;
+          ready_reg        <= 0;
           mode_reg         <= MODE_SHA_256;
-          ready_reg        <= 1'h0;
           digest_reg       <= 256'h0;
-          digest_valid_reg <= 1'h0;
-          block0_reg       <= 32'h0;
-          block1_reg       <= 32'h0;
-          block2_reg       <= 32'h0;
-          block3_reg       <= 32'h0;
-          block4_reg       <= 32'h0;
-          block5_reg       <= 32'h0;
-          block6_reg       <= 32'h0;
-          block7_reg       <= 32'h0;
-          block8_reg       <= 32'h0;
-          block9_reg       <= 32'h0;
-          block10_reg      <= 32'h0;
-          block11_reg      <= 32'h0;
-          block12_reg      <= 32'h0;
-          block13_reg      <= 32'h0;
-          block14_reg      <= 32'h0;
-          block15_reg      <= 32'h0;
+          digest_valid_reg <= 0;
         end
       else
         begin
           ready_reg        <= core_ready;
           digest_valid_reg <= core_digest_valid;
-
-          if (init_we)
-            begin
-              init_reg <= init_new;
-            end
-
-          if (next_we)
-            begin
-              next_reg <= next_new;
-            end
+          init_reg         <= init_new;
+          next_reg         <= next_new;
 
           if (mode_we)
             mode_reg <= mode_new;
@@ -288,126 +229,12 @@ module sha256(
               digest_reg <= core_digest;
             end
 
-          if (block0_we)
-            begin
-              block0_reg <= write_data;
-            end
-
-          if (block1_we)
-            begin
-              block1_reg <= write_data;
-            end
-
-          if (block2_we)
-            begin
-              block2_reg <= write_data;
-            end
-
-          if (block3_we)
-            begin
-              block3_reg <= write_data;
-            end
-
-          if (block4_we)
-            begin
-              block4_reg <= write_data;
-            end
-
-          if (block5_we)
-            begin
-              block5_reg <= write_data;
-            end
-
-          if (block6_we)
-            begin
-              block6_reg <= write_data;
-            end
-
-          if (block7_we)
-            begin
-              block7_reg <= write_data;
-            end
-
-          if (block8_we)
-            begin
-              block8_reg <= write_data;
-            end
-
-          if (block9_we)
-            begin
-              block9_reg <= write_data;
-            end
-
-          if (block10_we)
-            begin
-              block10_reg <= write_data;
-            end
-
-          if (block11_we)
-            begin
-              block11_reg <= write_data;
-            end
-
-          if (block12_we)
-            begin
-              block12_reg <= write_data;
-            end
-
-          if (block13_we)
-            begin
-              block13_reg <= write_data;
-            end
-
-          if (block14_we)
-            begin
-              block14_reg <= write_data;
-            end
-
-          if (block15_we)
-            begin
-              block15_reg <= write_data;
-            end
-
+          if (block_we)
+            block_reg[address[3 : 0]] <= write_data;
         end
     end // reg_update
 
 
-  //----------------------------------------------------------------
-  // flag_reset
-  //
-  // Logic to reset init and next flags that has been set.
-  //----------------------------------------------------------------
-  always @*
-    begin : flag_reset
-      init_new = 0;
-      init_we  = 0;
-      next_new = 0;
-      next_we  = 0;
-
-      if (init_set)
-        begin
-          init_new = 1;
-          init_we  = 1;
-        end
-      else if (init_reg)
-        begin
-          init_new = 0;
-          init_we  = 1;
-        end
-
-      if (next_set)
-        begin
-          next_new = 1;
-          next_we  = 1;
-        end
-      else if (next_reg)
-        begin
-          next_new = 0;
-          next_we  = 1;
-        end
-    end
-
-
   //----------------------------------------------------------------
   // api_logic
   //
@@ -416,26 +243,11 @@ module sha256(
   //----------------------------------------------------------------
   always @*
     begin : api_logic
-      init_set      = 0;
-      next_set      = 0;
+      init_new      = 0;
+      next_new      = 0;
       mode_new      = 0;
       mode_we       = 0;
-      block0_we     = 0;
-      block1_we     = 0;
-      block2_we     = 0;
-      block3_we     = 0;
-      block4_we     = 0;
-      block5_we     = 0;
-      block6_we     = 0;
-      block7_we     = 0;
-      block8_we     = 0;
-      block9_we     = 0;
-      block10_we    = 0;
-      block11_we    = 0;
-      block12_we    = 0;
-      block13_we    = 0;
-      block14_we    = 0;
-      block15_we    = 0;
+      block_we      = 0;
       state0_we     = 0;
       state1_we     = 0;
       state2_we     = 0;
@@ -444,105 +256,65 @@ module sha256(
       state5_we     = 0;
       state6_we     = 0;
       state7_we     = 0;
-
-      tmp_read_data = 32'h00000000;
+      tmp_read_data = 32'h0;
       tmp_error     = 0;
 
       if (cs)
         begin
           if (we)
             begin
-              case (address)
-                // Write operations.
-                ADDR_CTRL:
-                  begin
-                    init_set = write_data[CTRL_INIT_BIT];
-                    next_set = write_data[CTRL_NEXT_BIT];
-                    mode_new = write_data[CTRL_MODE_BIT];
-                    mode_we  = 1;
-                  end
+              if (core_ready)
+                begin
 
-                ADDR_BLOCK0:
-                  block0_we = 1;
+                  if ((address >= ADDR_BLOCK0) && (address <= ADDR_BLOCK15))
+                    block_we = 1;
 
-                ADDR_BLOCK1:
-                  block1_we = 1;
+                  case (address)
+                    ADDR_CTRL:
+                      begin
+                        init_new = write_data[CTRL_INIT_BIT];
+                        next_new = write_data[CTRL_NEXT_BIT];
+                        mode_new = write_data[CTRL_MODE_BIT];
+                        mode_we  = 1;
+                      end
 
-                ADDR_BLOCK2:
-                  block2_we = 1;
+                    ADDR_DIGEST0:
+                      state0_we = 1;
 
-                ADDR_BLOCK3:
-                  block3_we = 1;
+                    ADDR_DIGEST1:
+                      state1_we = 1;
 
-                ADDR_BLOCK4:
-                  block4_we = 1;
+                    ADDR_DIGEST2:
+                      state2_we = 1;
 
-                ADDR_BLOCK5:
-                  block5_we = 1;
+                    ADDR_DIGEST3:
+                      state3_we = 1;
 
-                ADDR_BLOCK6:
-                  block6_we = 1;
+                    ADDR_DIGEST4:
+                      state4_we = 1;
 
-                ADDR_BLOCK7:
-                  block7_we = 1;
+                    ADDR_DIGEST5:
+                      state5_we = 1;
 
-                ADDR_BLOCK8:
-                  block8_we = 1;
+                    ADDR_DIGEST6:
+                      state6_we = 1;
 
-                ADDR_BLOCK9:
-                  block9_we = 1;
+                    ADDR_DIGEST7:
+                      state7_we = 1;
 
-                ADDR_BLOCK10:
-                  block10_we = 1;
-
-                ADDR_BLOCK11:
-                  block11_we = 1;
-
-                ADDR_BLOCK12:
-                  block12_we = 1;
-
-                ADDR_BLOCK13:
-                  block13_we = 1;
-
-                ADDR_BLOCK14:
-                  block14_we = 1;
-
-                ADDR_BLOCK15:
-                  block15_we = 1;
-
-                ADDR_DIGEST0:
-                  state0_we = 1;
-
-                ADDR_DIGEST1:
-                  state1_we = 1;
-
-                ADDR_DIGEST2:
-                  state2_we = 1;
-
-                ADDR_DIGEST3:
-                  state3_we = 1;
-
-                ADDR_DIGEST4:
-                  state4_we = 1;
-
-                ADDR_DIGEST5:
-                  state5_we = 1;
-
-                ADDR_DIGEST6:
-                  state6_we = 1;
-
-                ADDR_DIGEST7:
-                  state7_we = 1;
-
-                default:
-                  begin
-                    tmp_error = 1;
-                  end
-              endcase // case (address)
+                    default:
+                      begin
+                        tmp_error = 1;
+                      end
+                  endcase // case (address)
+                end // if (core_ready)
             end // if (we)
 
           else
             begin
+              if ((address >= ADDR_DIGEST0) && (address <= ADDR_DIGEST7))
+                tmp_read_data = digest_reg[(7 - (address - ADDR_DIGEST0)) * 32 +: 32];
+
               case (address)
                 // Read operations.
                 ADDR_NAME0:
@@ -554,84 +326,9 @@ module sha256(
                 ADDR_VERSION:
                   tmp_read_data = CORE_VERSION;
 
-                ADDR_CTRL:
-                  tmp_read_data = {29'h0, mode_reg, next_reg, init_reg};
-
                 ADDR_STATUS:
                   tmp_read_data = {30'h0, digest_valid_reg, ready_reg};
 
-                ADDR_BLOCK0:
-                  tmp_read_data = block0_reg;
-
-                ADDR_BLOCK1:
-                  tmp_read_data = block1_reg;
-
-                ADDR_BLOCK2:
-                  tmp_read_data = block2_reg;
-
-                ADDR_BLOCK3:
-                  tmp_read_data = block3_reg;
-
-                ADDR_BLOCK4:
-                  tmp_read_data = block4_reg;
-
-                ADDR_BLOCK5:
-                  tmp_read_data = block5_reg;
-
-                ADDR_BLOCK6:
-                  tmp_read_data = block6_reg;
-
-                ADDR_BLOCK7:
-                  tmp_read_data = block7_reg;
-
-                ADDR_BLOCK8:
-                  tmp_read_data = block8_reg;
-
-                ADDR_BLOCK9:
-                  tmp_read_data = block9_reg;
-
-                ADDR_BLOCK10:
-                  tmp_read_data = block10_reg;
-
-                ADDR_BLOCK11:
-                  tmp_read_data = block11_reg;
-
-                ADDR_BLOCK12:
-                  tmp_read_data = block12_reg;
-
-                ADDR_BLOCK13:
-                  tmp_read_data = block13_reg;
-
-                ADDR_BLOCK14:
-                  tmp_read_data = block14_reg;
-
-                ADDR_BLOCK15:
-                  tmp_read_data = block15_reg;
-
-                ADDR_DIGEST0:
-                  tmp_read_data = digest_reg[255 : 224];
-
-                ADDR_DIGEST1:
-                  tmp_read_data = digest_reg[223 : 192];
-
-                ADDR_DIGEST2:
-                  tmp_read_data = digest_reg[191 : 160];
-
-                ADDR_DIGEST3:
-                  tmp_read_data = digest_reg[159 : 128];
-
-                ADDR_DIGEST4:
-                  tmp_read_data = digest_reg[127 :  96];
-
-                ADDR_DIGEST5:
-                  tmp_read_data = digest_reg[95  :  64];
-
-                ADDR_DIGEST6:
-                  tmp_read_data = digest_reg[63  :  32];
-
-                ADDR_DIGEST7:
-                  tmp_read_data = digest_reg[31  :   0];
-
                 default:
                   begin
                     tmp_error = 1;
diff --git a/src/tb/tb_sha256.v b/src/tb/tb_sha256.v
index 01aa66e..99bdcfd 100644
--- a/src/tb/tb_sha256.v
+++ b/src/tb/tb_sha256.v
@@ -182,14 +182,14 @@ module tb_sha256();
 
       $display("Message block:");
       $display("block0  = 0x%08x, block1  = 0x%08x, block2  = 0x%08x,  block3  = 0x%08x",
-               dut.block0_reg, dut.block1_reg, dut.block2_reg, dut.block3_reg);
+               dut.block_reg[0], dut.block_reg[1], dut.block_reg[2], dut.block_reg[3]);
       $display("block4  = 0x%08x, block5  = 0x%08x, block6  = 0x%08x,  block7  = 0x%08x",
-               dut.block4_reg, dut.block5_reg, dut.block6_reg, dut.block7_reg);
+               dut.block_reg[4], dut.block_reg[5], dut.block_reg[6], dut.block_reg[7]);
 
       $display("block8  = 0x%08x, block9  = 0x%08x, block10 = 0x%08x,  block11 = 0x%08x",
-               dut.block8_reg, dut.block9_reg, dut.block10_reg, dut.block11_reg);
+               dut.block_reg[8], dut.block_reg[9], dut.block_reg[10], dut.block_reg[11]);
      $display("block12 = 0x%08x, block13 = 0x%08x, block14 = 0x%08x,  block15 = 0x%08x",
-               dut.block12_reg, dut.block13_reg, dut.block14_reg, dut.block15_reg);
+               dut.block_reg[12], dut.block_reg[13], dut.block_reg[14], dut.block_reg[15]);
       $display("");
 
       $display("Digest:");

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the Commits mailing list