[Cryptech-Commits] [core/hash/sha256] branch master updated: (1) Locked down API to ignore read or write requests that could leak info or cause incorrect behaviour during processing. (2) Cleaned up API registers and the API.
git at cryptech.is
git at cryptech.is
Thu Oct 18 11:37:14 UTC 2018
This is an automated email from the git hooks/post-receive script.
joachim at secworks.se pushed a commit to branch master
in repository core/hash/sha256.
The following commit(s) were added to refs/heads/master by this push:
new 3fec126 (1) Locked down API to ignore read or write requests that could leak info or cause incorrect behaviour during processing. (2) Cleaned up API registers and the API.
3fec126 is described below
commit 3fec1265673b898cdf0e4e5877eec6f8ff336212
Author: Joachim Strömbergson <joachim at secworks.se>
AuthorDate: Thu Oct 18 13:37:03 2018 +0200
(1) Locked down API to ignore read or write requests that could leak info or cause incorrect behaviour during processing. (2) Cleaned up API registers and the API.
---
src/rtl/sha256.v | 431 ++++++++---------------------------------------------
src/tb/tb_sha256.v | 8 +-
2 files changed, 68 insertions(+), 371 deletions(-)
diff --git a/src/rtl/sha256.v b/src/rtl/sha256.v
index 67c8a6b..2ef1a57 100644
--- a/src/rtl/sha256.v
+++ b/src/rtl/sha256.v
@@ -98,7 +98,7 @@ module sha256(
localparam CORE_NAME0 = 32'h73686132; // "sha2"
localparam CORE_NAME1 = 32'h2d323536; // "-256"
- localparam CORE_VERSION = 32'h312e3830; // "1.80"
+ localparam CORE_VERSION = 32'h312e3832; // "1.82"
localparam MODE_SHA_224 = 1'h0;
localparam MODE_SHA_256 = 1'h1;
@@ -109,13 +109,9 @@ module sha256(
//----------------------------------------------------------------
reg init_reg;
reg init_new;
- reg init_we;
- reg init_set;
reg next_reg;
reg next_new;
- reg next_we;
- reg next_set;
reg mode_reg;
reg mode_new;
@@ -123,38 +119,8 @@ module sha256(
reg ready_reg;
- reg [31 : 0] block0_reg;
- reg block0_we;
- reg [31 : 0] block1_reg;
- reg block1_we;
- reg [31 : 0] block2_reg;
- reg block2_we;
- reg [31 : 0] block3_reg;
- reg block3_we;
- reg [31 : 0] block4_reg;
- reg block4_we;
- reg [31 : 0] block5_reg;
- reg block5_we;
- reg [31 : 0] block6_reg;
- reg block6_we;
- reg [31 : 0] block7_reg;
- reg block7_we;
- reg [31 : 0] block8_reg;
- reg block8_we;
- reg [31 : 0] block9_reg;
- reg block9_we;
- reg [31 : 0] block10_reg;
- reg block10_we;
- reg [31 : 0] block11_reg;
- reg block11_we;
- reg [31 : 0] block12_reg;
- reg block12_we;
- reg [31 : 0] block13_reg;
- reg block13_we;
- reg [31 : 0] block14_reg;
- reg block14_we;
- reg [31 : 0] block15_reg;
- reg block15_we;
+ reg [31 : 0] block_reg [0 : 15];
+ reg block_we;
reg [255 : 0] digest_reg;
@@ -164,8 +130,6 @@ module sha256(
//----------------------------------------------------------------
// Wires.
//----------------------------------------------------------------
- wire core_init;
- wire core_next;
wire core_ready;
wire [511 : 0] core_block;
wire [255 : 0] core_digest;
@@ -187,14 +151,10 @@ module sha256(
//----------------------------------------------------------------
// Concurrent connectivity for ports etc.
//----------------------------------------------------------------
- assign core_init = init_reg;
-
- assign core_next = next_reg;
-
- assign core_block = {block0_reg, block1_reg, block2_reg, block3_reg,
- block4_reg, block5_reg, block6_reg, block7_reg,
- block8_reg, block9_reg, block10_reg, block11_reg,
- block12_reg, block13_reg, block14_reg, block15_reg};
+ assign core_block = {block_reg[00], block_reg[01], block_reg[02], block_reg[03],
+ block_reg[04], block_reg[05], block_reg[06], block_reg[07],
+ block_reg[08], block_reg[09], block_reg[10], block_reg[11],
+ block_reg[12], block_reg[13], block_reg[14], block_reg[15]};
assign read_data = tmp_read_data;
assign error = tmp_error;
@@ -207,8 +167,8 @@ module sha256(
.clk(clk),
.reset_n(reset_n),
- .init(core_init),
- .next(core_next),
+ .init(init_reg),
+ .next(next_reg),
.mode(mode_reg),
.block(core_block),
@@ -239,46 +199,27 @@ module sha256(
// asynchronous active low reset.
//----------------------------------------------------------------
always @ (posedge clk or negedge reset_n)
- begin
+ begin : reg_update
+ integer i;
+
if (!reset_n)
begin
- init_reg <= 1'h0;
- next_reg <= 1'h0;
+ for (i = 0 ; i < 16 ; i = i + 1)
+ block_reg[i] <= 32'h0;
+
+ init_reg <= 0;
+ next_reg <= 0;
+ ready_reg <= 0;
mode_reg <= MODE_SHA_256;
- ready_reg <= 1'h0;
digest_reg <= 256'h0;
- digest_valid_reg <= 1'h0;
- block0_reg <= 32'h0;
- block1_reg <= 32'h0;
- block2_reg <= 32'h0;
- block3_reg <= 32'h0;
- block4_reg <= 32'h0;
- block5_reg <= 32'h0;
- block6_reg <= 32'h0;
- block7_reg <= 32'h0;
- block8_reg <= 32'h0;
- block9_reg <= 32'h0;
- block10_reg <= 32'h0;
- block11_reg <= 32'h0;
- block12_reg <= 32'h0;
- block13_reg <= 32'h0;
- block14_reg <= 32'h0;
- block15_reg <= 32'h0;
+ digest_valid_reg <= 0;
end
else
begin
ready_reg <= core_ready;
digest_valid_reg <= core_digest_valid;
-
- if (init_we)
- begin
- init_reg <= init_new;
- end
-
- if (next_we)
- begin
- next_reg <= next_new;
- end
+ init_reg <= init_new;
+ next_reg <= next_new;
if (mode_we)
mode_reg <= mode_new;
@@ -288,126 +229,12 @@ module sha256(
digest_reg <= core_digest;
end
- if (block0_we)
- begin
- block0_reg <= write_data;
- end
-
- if (block1_we)
- begin
- block1_reg <= write_data;
- end
-
- if (block2_we)
- begin
- block2_reg <= write_data;
- end
-
- if (block3_we)
- begin
- block3_reg <= write_data;
- end
-
- if (block4_we)
- begin
- block4_reg <= write_data;
- end
-
- if (block5_we)
- begin
- block5_reg <= write_data;
- end
-
- if (block6_we)
- begin
- block6_reg <= write_data;
- end
-
- if (block7_we)
- begin
- block7_reg <= write_data;
- end
-
- if (block8_we)
- begin
- block8_reg <= write_data;
- end
-
- if (block9_we)
- begin
- block9_reg <= write_data;
- end
-
- if (block10_we)
- begin
- block10_reg <= write_data;
- end
-
- if (block11_we)
- begin
- block11_reg <= write_data;
- end
-
- if (block12_we)
- begin
- block12_reg <= write_data;
- end
-
- if (block13_we)
- begin
- block13_reg <= write_data;
- end
-
- if (block14_we)
- begin
- block14_reg <= write_data;
- end
-
- if (block15_we)
- begin
- block15_reg <= write_data;
- end
-
+ if (block_we)
+ block_reg[address[3 : 0]] <= write_data;
end
end // reg_update
- //----------------------------------------------------------------
- // flag_reset
- //
- // Logic to reset init and next flags that has been set.
- //----------------------------------------------------------------
- always @*
- begin : flag_reset
- init_new = 0;
- init_we = 0;
- next_new = 0;
- next_we = 0;
-
- if (init_set)
- begin
- init_new = 1;
- init_we = 1;
- end
- else if (init_reg)
- begin
- init_new = 0;
- init_we = 1;
- end
-
- if (next_set)
- begin
- next_new = 1;
- next_we = 1;
- end
- else if (next_reg)
- begin
- next_new = 0;
- next_we = 1;
- end
- end
-
-
//----------------------------------------------------------------
// api_logic
//
@@ -416,26 +243,11 @@ module sha256(
//----------------------------------------------------------------
always @*
begin : api_logic
- init_set = 0;
- next_set = 0;
+ init_new = 0;
+ next_new = 0;
mode_new = 0;
mode_we = 0;
- block0_we = 0;
- block1_we = 0;
- block2_we = 0;
- block3_we = 0;
- block4_we = 0;
- block5_we = 0;
- block6_we = 0;
- block7_we = 0;
- block8_we = 0;
- block9_we = 0;
- block10_we = 0;
- block11_we = 0;
- block12_we = 0;
- block13_we = 0;
- block14_we = 0;
- block15_we = 0;
+ block_we = 0;
state0_we = 0;
state1_we = 0;
state2_we = 0;
@@ -444,105 +256,65 @@ module sha256(
state5_we = 0;
state6_we = 0;
state7_we = 0;
-
- tmp_read_data = 32'h00000000;
+ tmp_read_data = 32'h0;
tmp_error = 0;
if (cs)
begin
if (we)
begin
- case (address)
- // Write operations.
- ADDR_CTRL:
- begin
- init_set = write_data[CTRL_INIT_BIT];
- next_set = write_data[CTRL_NEXT_BIT];
- mode_new = write_data[CTRL_MODE_BIT];
- mode_we = 1;
- end
+ if (core_ready)
+ begin
- ADDR_BLOCK0:
- block0_we = 1;
+ if ((address >= ADDR_BLOCK0) && (address <= ADDR_BLOCK15))
+ block_we = 1;
- ADDR_BLOCK1:
- block1_we = 1;
+ case (address)
+ ADDR_CTRL:
+ begin
+ init_new = write_data[CTRL_INIT_BIT];
+ next_new = write_data[CTRL_NEXT_BIT];
+ mode_new = write_data[CTRL_MODE_BIT];
+ mode_we = 1;
+ end
- ADDR_BLOCK2:
- block2_we = 1;
+ ADDR_DIGEST0:
+ state0_we = 1;
- ADDR_BLOCK3:
- block3_we = 1;
+ ADDR_DIGEST1:
+ state1_we = 1;
- ADDR_BLOCK4:
- block4_we = 1;
+ ADDR_DIGEST2:
+ state2_we = 1;
- ADDR_BLOCK5:
- block5_we = 1;
+ ADDR_DIGEST3:
+ state3_we = 1;
- ADDR_BLOCK6:
- block6_we = 1;
+ ADDR_DIGEST4:
+ state4_we = 1;
- ADDR_BLOCK7:
- block7_we = 1;
+ ADDR_DIGEST5:
+ state5_we = 1;
- ADDR_BLOCK8:
- block8_we = 1;
+ ADDR_DIGEST6:
+ state6_we = 1;
- ADDR_BLOCK9:
- block9_we = 1;
+ ADDR_DIGEST7:
+ state7_we = 1;
- ADDR_BLOCK10:
- block10_we = 1;
-
- ADDR_BLOCK11:
- block11_we = 1;
-
- ADDR_BLOCK12:
- block12_we = 1;
-
- ADDR_BLOCK13:
- block13_we = 1;
-
- ADDR_BLOCK14:
- block14_we = 1;
-
- ADDR_BLOCK15:
- block15_we = 1;
-
- ADDR_DIGEST0:
- state0_we = 1;
-
- ADDR_DIGEST1:
- state1_we = 1;
-
- ADDR_DIGEST2:
- state2_we = 1;
-
- ADDR_DIGEST3:
- state3_we = 1;
-
- ADDR_DIGEST4:
- state4_we = 1;
-
- ADDR_DIGEST5:
- state5_we = 1;
-
- ADDR_DIGEST6:
- state6_we = 1;
-
- ADDR_DIGEST7:
- state7_we = 1;
-
- default:
- begin
- tmp_error = 1;
- end
- endcase // case (address)
+ default:
+ begin
+ tmp_error = 1;
+ end
+ endcase // case (address)
+ end // if (core_ready)
end // if (we)
else
begin
+ if ((address >= ADDR_DIGEST0) && (address <= ADDR_DIGEST7))
+ tmp_read_data = digest_reg[(7 - (address - ADDR_DIGEST0)) * 32 +: 32];
+
case (address)
// Read operations.
ADDR_NAME0:
@@ -554,84 +326,9 @@ module sha256(
ADDR_VERSION:
tmp_read_data = CORE_VERSION;
- ADDR_CTRL:
- tmp_read_data = {29'h0, mode_reg, next_reg, init_reg};
-
ADDR_STATUS:
tmp_read_data = {30'h0, digest_valid_reg, ready_reg};
- ADDR_BLOCK0:
- tmp_read_data = block0_reg;
-
- ADDR_BLOCK1:
- tmp_read_data = block1_reg;
-
- ADDR_BLOCK2:
- tmp_read_data = block2_reg;
-
- ADDR_BLOCK3:
- tmp_read_data = block3_reg;
-
- ADDR_BLOCK4:
- tmp_read_data = block4_reg;
-
- ADDR_BLOCK5:
- tmp_read_data = block5_reg;
-
- ADDR_BLOCK6:
- tmp_read_data = block6_reg;
-
- ADDR_BLOCK7:
- tmp_read_data = block7_reg;
-
- ADDR_BLOCK8:
- tmp_read_data = block8_reg;
-
- ADDR_BLOCK9:
- tmp_read_data = block9_reg;
-
- ADDR_BLOCK10:
- tmp_read_data = block10_reg;
-
- ADDR_BLOCK11:
- tmp_read_data = block11_reg;
-
- ADDR_BLOCK12:
- tmp_read_data = block12_reg;
-
- ADDR_BLOCK13:
- tmp_read_data = block13_reg;
-
- ADDR_BLOCK14:
- tmp_read_data = block14_reg;
-
- ADDR_BLOCK15:
- tmp_read_data = block15_reg;
-
- ADDR_DIGEST0:
- tmp_read_data = digest_reg[255 : 224];
-
- ADDR_DIGEST1:
- tmp_read_data = digest_reg[223 : 192];
-
- ADDR_DIGEST2:
- tmp_read_data = digest_reg[191 : 160];
-
- ADDR_DIGEST3:
- tmp_read_data = digest_reg[159 : 128];
-
- ADDR_DIGEST4:
- tmp_read_data = digest_reg[127 : 96];
-
- ADDR_DIGEST5:
- tmp_read_data = digest_reg[95 : 64];
-
- ADDR_DIGEST6:
- tmp_read_data = digest_reg[63 : 32];
-
- ADDR_DIGEST7:
- tmp_read_data = digest_reg[31 : 0];
-
default:
begin
tmp_error = 1;
diff --git a/src/tb/tb_sha256.v b/src/tb/tb_sha256.v
index 01aa66e..99bdcfd 100644
--- a/src/tb/tb_sha256.v
+++ b/src/tb/tb_sha256.v
@@ -182,14 +182,14 @@ module tb_sha256();
$display("Message block:");
$display("block0 = 0x%08x, block1 = 0x%08x, block2 = 0x%08x, block3 = 0x%08x",
- dut.block0_reg, dut.block1_reg, dut.block2_reg, dut.block3_reg);
+ dut.block_reg[0], dut.block_reg[1], dut.block_reg[2], dut.block_reg[3]);
$display("block4 = 0x%08x, block5 = 0x%08x, block6 = 0x%08x, block7 = 0x%08x",
- dut.block4_reg, dut.block5_reg, dut.block6_reg, dut.block7_reg);
+ dut.block_reg[4], dut.block_reg[5], dut.block_reg[6], dut.block_reg[7]);
$display("block8 = 0x%08x, block9 = 0x%08x, block10 = 0x%08x, block11 = 0x%08x",
- dut.block8_reg, dut.block9_reg, dut.block10_reg, dut.block11_reg);
+ dut.block_reg[8], dut.block_reg[9], dut.block_reg[10], dut.block_reg[11]);
$display("block12 = 0x%08x, block13 = 0x%08x, block14 = 0x%08x, block15 = 0x%08x",
- dut.block12_reg, dut.block13_reg, dut.block14_reg, dut.block15_reg);
+ dut.block_reg[12], dut.block_reg[13], dut.block_reg[14], dut.block_reg[15]);
$display("");
$display("Digest:");
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Commits
mailing list