[Cryptech-Commits] [core/hash/sha3] 01/02: The SHA-3 algorithm really wants everything to be little-endian, which is at odds with everything else in our system (including the register interface to sha3_wrapper). Rather than trying to rewrite sha3, I'll isolate it in its own little-endian universe by byte-swapping all reads and writes.

git at cryptech.is git at cryptech.is
Mon Jun 7 19:09:29 UTC 2021


This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch sha3_mode
in repository core/hash/sha3.

commit 2e38d480fa2767b2501a477766149476b0d03537
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Sun Jun 6 22:04:55 2021 -0400

    The SHA-3 algorithm really wants everything to be little-endian, which is
    at odds with everything else in our system (including the register
    interface to sha3_wrapper). Rather than trying to rewrite sha3, I'll
    isolate it in its own little-endian universe by byte-swapping all reads
    and writes.
---
 src/rtl/sha3.v   | 30 ++++++++++++++++++++++--------
 src/tb/tb_sha3.v | 24 +++++++++---------------
 2 files changed, 31 insertions(+), 23 deletions(-)

diff --git a/src/rtl/sha3.v b/src/rtl/sha3.v
index ee29ba6..a8b41bc 100644
--- a/src/rtl/sha3.v
+++ b/src/rtl/sha3.v
@@ -48,11 +48,25 @@ module sha3(    input wire          clk,
                 input wire          w,
                 input wire [ 8:2]   addr,
                 input wire [32-1:0] din,
-                output reg [32-1:0] dout,
+                output wire [32-1:0] dout,
                 input wire          init,
                 input wire          next,
                 output wire         ready);
 
+
+   /* The SHA-3 algorithm really wants everything to be little-endian,
+    * which is at odds with everything else in our system (including the
+    * register interface to sha3_wrapper). Rather than trying to rewrite
+    * Bernd's beautiful code, we'll just byte-swap all I/O.
+    */
+
+   reg [31:0]                       dout_swap;
+   assign dout = {dout_swap[7:0], dout_swap[15:8], dout_swap[23:16], dout_swap[31:24]};
+
+   wire [31:0]                      din_swap;
+   assign din_swap = {din[7:0], din[15:8], din[23:16], din[31:24]};
+
+
    integer                          i, j;
 
    reg [64-1:0]                     blk[0:24],  // input block
@@ -100,9 +114,9 @@ module sha3(    input wire          clk,
 
    always @*
      //
-     dout = addr[8] ?
-            (~addr[2] ? st [addr[7:3]][31:0] : st [addr[7:3]][63:32]) :
-            (~addr[2] ? blk[addr[7:3]][31:0] : blk[addr[7:3]][63:32]) ;
+     dout_swap = addr[8] ?
+                 (~addr[2] ? st [addr[7:3]][31:0] : st [addr[7:3]][63:32]) :
+                 (~addr[2] ? blk[addr[7:3]][31:0] : blk[addr[7:3]][63:32]) ;
 
 
    always @* begin
@@ -188,12 +202,12 @@ module sha3(    input wire          clk,
 
         end
 
-        if (w && !addr[8])      // only the first half of memory is writeable
+        if (w)
           //
           case (addr[2])
-            1: blk[addr[7:3]][63:32] <= din;
-            0: blk[addr[7:3]][31: 0] <= din;
-          endcase // case (addr[2])
+            1: blk[addr[7:3]][63:32] <= din_swap;
+            0: blk[addr[7:3]][31: 0] <= din_swap;
+          endcase
 
      end
 
diff --git a/src/tb/tb_sha3.v b/src/tb/tb_sha3.v
index 28d06a3..5dd93c4 100644
--- a/src/tb/tb_sha3.v
+++ b/src/tb/tb_sha3.v
@@ -239,8 +239,8 @@ module tb_sha3();
 				 
 			for (i=0; i<50; i=i+1) begin
 				case (i)
-					0:					tb_wr_data = 32'h00000006;		// ...0001 | 10
-					block_words-1:	tb_wr_data = 32'h80000000;		//	1000...
+					0:					tb_wr_data = 32'h06000000;		// ...0001 | 10
+					block_words-1:	tb_wr_data = 32'h00000080;		//	1000...
 					default:			tb_wr_data = 32'h00000000;		
 				endcase
 				tb_addr = {1'b0, i[5:0]};	// increment address
@@ -266,9 +266,7 @@ module tb_sha3();
 				tb_addr = {1'b1, i[5:0]};
 				#(CLK_PERIOD);
 				
-					// swap bytes in the read value
-				for (j=31; j>0; j=j-8)
-					hash_word[j-:8] = tb_rd_data[31-j+:8];
+				hash_word = tb_rd_data;
 				
 				$display("    *** hash_word[%0d]: reference = %08x, calculated = %08x",
 					i, hash_shreg[511-:32], hash_word);
@@ -323,8 +321,8 @@ module tb_sha3();
 				 
 			for (i=0; i<50; i=i+1) begin
 				case (i)
-					0:					tb_wr_data = 32'h06636261;		// ...0001 | 10 | 'cba'
-					block_words-1:	tb_wr_data = 32'h80000000;		//	1000...
+					0:					tb_wr_data = 32'h61626306;		// ...0001 | 10 | 'cba'
+					block_words-1:	tb_wr_data = 32'h00000080;		//	1000...
 					default:			tb_wr_data = 32'h00000000;							
 				endcase
 				tb_addr = {1'b0, i[5:0]};	// increment address
@@ -350,9 +348,7 @@ module tb_sha3();
 				tb_addr = {1'b1, i[5:0]};
 				#(CLK_PERIOD);
 				
-					// swap bytes in the read value
-				for (j=31; j>0; j=j-8)
-					hash_word[j-:8] = tb_rd_data[31-j+:8];
+				hash_word = tb_rd_data;
 				
 				$display("    *** hash_word[%0d]: reference = %08x, calculated = %08x",
 					i, hash_shreg[511-:32], hash_word);
@@ -440,14 +436,14 @@ module tb_sha3();
 						total_bits = total_bits - 32;
 					end else if (total_bits == 0) begin
 							// padding
-						tb_wr_data = 32'h00000006;
+						tb_wr_data = 32'h06000000;
 						tb_addr = {1'b0, i[5:0]};
 						tb_we = 1;
 						#(CLK_PERIOD);
 						total_bits = total_bits - 32;
 					end else if (i == (block_words-1)) begin
 							// more padding
-						tb_wr_data = 32'h80000000;
+						tb_wr_data = 32'h00000080;
 						tb_addr = {1'b0, i[5:0]};
 						tb_we = 1;
 						#(CLK_PERIOD);
@@ -482,9 +478,7 @@ module tb_sha3();
 				tb_addr = {1'b1, i[5:0]};
 				#(CLK_PERIOD);
 				
-					// swap bytes in the read value
-				for (j=31; j>0; j=j-8)
-					hash_word[j-:8] = tb_rd_data[31-j+:8];
+				hash_word = tb_rd_data;
 				
 				$display("    *** hash_word[%0d]: reference = %08x, calculated = %08x",
 					i, hash_shreg[511-:32], hash_word);



More information about the Commits mailing list