From 1c20bb9313d39ae3e955d2786cd57544baedc44f Mon Sep 17 00:00:00 2001 From: David Harris Date: Tue, 14 May 2024 11:32:21 -0700 Subject: [PATCH 01/14] Added riscv-isac for test vector generation --- bin/wally-tool-chain-install.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/wally-tool-chain-install.sh b/bin/wally-tool-chain-install.sh index 3b08aea54..44ff08aee 100755 --- a/bin/wally-tool-chain-install.sh +++ b/bin/wally-tool-chain-install.sh @@ -48,7 +48,8 @@ sudo apt update -y sudo apt upgrade -y sudo apt install -y git gawk make texinfo bison flex build-essential python3 libz-dev libexpat-dev autoconf device-tree-compiler ninja-build libpixman-1-dev ncurses-base ncurses-bin libncurses5-dev dialog curl wget ftp libgmp-dev libglib2.0-dev python3-pip pkg-config opam z3 zlib1g-dev automake autotools-dev libmpc-dev libmpfr-dev gperf libtool patchutils bc mutt ssmtp # Other python libraries used through the book. -sudo -H pip3 install sphinx sphinx_rtd_theme matplotlib scipy scikit-learn adjustText lief markdown pyyaml +sudo -H pip3 install sphinx sphinx_rtd_theme matplotlib scipy scikit-learn adjustText lief markdown pyyaml +sudo -H pip3 install riscv_isac # to generate new tests, such as quads with fp_dataset.py # needed for Ubuntu 22.04, gcc cross compiler expects python not python2 or python3. if ! command -v python &> /dev/null From 506973c27a9d8cfde3ea7a88bf2f03a3a12c2c83 Mon Sep 17 00:00:00 2001 From: David Harris Date: Wed, 15 May 2024 19:29:42 -0700 Subject: [PATCH 02/14] Added gfmul example --- .gitignore | 1 + examples/crypto/gfmul/Makefile | 16 ++++++++ examples/crypto/gfmul/gfmul.c | 72 ++++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+) create mode 100644 examples/crypto/gfmul/Makefile create mode 100644 examples/crypto/gfmul/gfmul.c diff --git a/.gitignore b/.gitignore index 3a7513d12..e085dcb33 100644 --- a/.gitignore +++ b/.gitignore @@ -231,6 +231,7 @@ examples/verilog/fulladder/simprofile_dir/ examples/verilog/fulladder/simv.daidir/ examples/verilog/fulladder/ucli.key examples/verilog/fulladder/verdi_config_file +examples/crypto/gfmul/gfmul tests/functcov tests/functcov/* tests/functcov/*/* diff --git a/examples/crypto/gfmul/Makefile b/examples/crypto/gfmul/Makefile new file mode 100644 index 000000000..a501c3775 --- /dev/null +++ b/examples/crypto/gfmul/Makefile @@ -0,0 +1,16 @@ +# Makefile + +CC = gcc +CFLAGS = -O3 +LIBS = +SRCS = $(wildcard *.c) + +PROGS = $(patsubst %.c,%,$(SRCS)) + +all: $(PROGS) + +%: %.c + $(CC) $(CFLAGS) $(IFLAGS) -o $@ $< $(LIBS) + +clean: + rm -f $(PROGS) diff --git a/examples/crypto/gfmul/gfmul.c b/examples/crypto/gfmul/gfmul.c new file mode 100644 index 000000000..3c4f585f1 --- /dev/null +++ b/examples/crypto/gfmul/gfmul.c @@ -0,0 +1,72 @@ +// gfmul.c - Galois Field multiplication +// James Stine and David Harris 16 May 2024 + +#include + +/* return ab mod m(x) - long multiplication in GF(2^n) with polynomial m */ +int gfmul(int a, int b, int n, int m) { + int result = 0; + while (b) { + if (b & 1) result = result ^ a; /* if bit of b is set add a */ + a = a << 1; /* multiply a by x */ + if (a & 1 << n) + a = a ^ m; /* reduce/sub modulo AES m(x) = 100011011 */ + //printf("a = %x, b = %x, result = %x\n", a, b, result); + b = b >> 1; /* get next bit of b */ + } + return result; +} + +void inverses(void) { + int i, j, k, num; + + printf("\nTable of inverses in GF(2^8) with polynomial m(x) = 100011011\n"); + for (i=0; i<16; i++) { + for (j=0; j<16; j++) { + num = i*16+j; + if (num ==0) printf ("00 "); + else for (k=1; k<256; k++) { + if (gfmul(num, k, 8, 0b100011011) == 1) { + printf("%02x ", k); + break; + } + } + } + printf("\n"); + } +} + +void inverses3(void) { + int k, num; + + printf("\nTable of inverses in GF(2^8) with polynomial m(x) = 100011011\n"); + for (num=0; num<8; num++) { + if (num == 0) printf ("0 "); + else for (k=1; k<8; k++) { + if (gfmul(num, k, 3, 0b1011) == 1) { + printf("%d ", k); + break; + } + } + } + printf("\n"); +} + + +int main() { + int a = 0xC5; + int b = 0xA1; + + printf("The GF(2^8) result is %x\n", gfmul(a,b, 8, 0b100011011)); + printf("The GF(2^8) result is %x\n", gfmul(0xC1, 0x28, 8, 0b100011011)); + inverses(); + + // tabulate inverses for GF(2^3) + inverses3(); + // check worked examples + printf("The GF(2^3) result is %d\n", gfmul(0b101,0b011, 3, 0b1011)); + printf("The GF(2^3) result is %d\n", gfmul(0b101,0b010, 3, 0b1011)); + printf("The GF(2^3) result is %d\n", gfmul(0b101,0b100, 3, 0b1011)); + printf("The GF(2^3) result is %d\n", gfmul(0b101,0b011, 3, 0b1011)); + +} From 88eb7bd04564ab49f29bf3653171e906b45def41 Mon Sep 17 00:00:00 2001 From: David Harris Date: Wed, 22 May 2024 00:22:53 -0700 Subject: [PATCH 03/14] Pulled brev8 out of byteop so redundant byteop logic is not needed in zbkb --- src/ieu/bmu/bitmanipalu.sv | 2 +- src/ieu/bmu/byteop.sv | 10 ++++------ src/ieu/bmu/zbb.sv | 2 +- src/ieu/kmu/zbkb.sv | 13 +++++++++---- 4 files changed, 15 insertions(+), 12 deletions(-) diff --git a/src/ieu/bmu/bitmanipalu.sv b/src/ieu/bmu/bitmanipalu.sv index fec96883e..7748b8627 100644 --- a/src/ieu/bmu/bitmanipalu.sv +++ b/src/ieu/bmu/bitmanipalu.sv @@ -103,7 +103,7 @@ module bitmanipalu import cvw::*; #(parameter cvw_t P) ( // ZBKB Unit if (P.ZBKB_SUPPORTED) begin: zbkb - zbkb #(P.XLEN) ZBKB(.A(ABMU), .B(BBMU), .RevA, .W64, .Funct3, .ZBKBSelect(ZBBSelect[2:0]), .ZBKBResult); + zbkb #(P.XLEN) ZBKB(.A(ABMU), .B(BBMU), .W64, .Funct3, .ZBKBSelect(ZBBSelect[2:0]), .ZBKBResult); end else assign ZBKBResult = '0; // ZBKX Unit diff --git a/src/ieu/bmu/byteop.sv b/src/ieu/bmu/byteop.sv index 980c6d586..913c852b1 100644 --- a/src/ieu/bmu/byteop.sv +++ b/src/ieu/bmu/byteop.sv @@ -30,24 +30,22 @@ module byteop #(parameter WIDTH=32) ( input logic [WIDTH-1:0] A, // Operands - input logic [WIDTH-1:0] RevA, // Reversed A input logic [1:0] ByteSelect, // LSB of Immediate output logic [WIDTH-1:0] ByteResult); // rev8, orcb result - logic [WIDTH-1:0] OrcBResult, Rev8Result, Brev8Result; + logic [WIDTH-1:0] OrcBResult, Rev8Result; genvar i; for (i=0;i Date: Wed, 22 May 2024 00:48:04 -0700 Subject: [PATCH 04/14] Continued bmu cleanup --- src/ieu/bmu/byteop.sv | 12 +++--------- src/ieu/bmu/zbb.sv | 2 +- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/src/ieu/bmu/byteop.sv b/src/ieu/bmu/byteop.sv index 913c852b1..263680aea 100644 --- a/src/ieu/bmu/byteop.sv +++ b/src/ieu/bmu/byteop.sv @@ -30,22 +30,16 @@ module byteop #(parameter WIDTH=32) ( input logic [WIDTH-1:0] A, // Operands - input logic [1:0] ByteSelect, // LSB of Immediate + input logic ByteSelect, // LSB of Immediate output logic [WIDTH-1:0] ByteResult); // rev8, orcb result logic [WIDTH-1:0] OrcBResult, Rev8Result; genvar i; - for (i=0;i Date: Wed, 22 May 2024 08:29:08 -0700 Subject: [PATCH 05/14] Reordered Zicond support in ALU --- src/ieu/alu.sv | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/src/ieu/alu.sv b/src/ieu/alu.sv index 783d39495..e1cae73a6 100644 --- a/src/ieu/alu.sv +++ b/src/ieu/alu.sv @@ -60,7 +60,22 @@ module alu import cvw::*; #(parameter cvw_t P) ( // CondShiftA is A for add/sub or a shifted version of A for shift-and-add BMU instructions assign CondMaskInvB = SubArith ? ~CondMaskB : CondMaskB; assign {Carry, Sum} = CondShiftA + CondMaskInvB + {{(P.XLEN-1){1'b0}}, SubArith}; - + + // Zicond block conditionally zeros B + if (P.ZICOND_SUPPORTED) begin: zicond + logic BZero; + + assign BZero = (B == 0); // check if rs2 = 0 + // Create a signal that is 0 when czero.* instruction should clear result + // If B = 0 for czero.eqz or if B != 0 for czero.nez + always_comb + case (CZero) + 2'b01: ZeroCondMaskInvB = {P.XLEN{~BZero}}; // czero.eqz: kill if B = 0 + 2'b10: ZeroCondMaskInvB = {P.XLEN{BZero}}; // czero.nez: kill if B != 0 + default: ZeroCondMaskInvB = CondMaskInvB; // otherwise normal behavior + endcase + end else assign ZeroCondMaskInvB = CondMaskInvB; // no masking if Zicond is not supported + // Shifts (configurable for rotation) shifter #(P) sh(.A, .Amt(B[P.LOG_XLEN-1:0]), .Right(Funct3[2]), .W64, .SubArith, .Y(Shift), .Rotate(BALUControl[2])); @@ -105,18 +120,4 @@ module alu import cvw::*; #(parameter cvw_t P) ( assign CondShiftA = A; end - // Zicond block - if (P.ZICOND_SUPPORTED) begin: zicond - logic BZero; - - assign BZero = (B == 0); // check if rs2 = 0 - // Create a signal that is 0 when czero.* instruction should clear result - // If B = 0 for czero.eqz or if B != 0 for czero.nez - always_comb - case (CZero) - 2'b01: ZeroCondMaskInvB = {P.XLEN{~BZero}}; // czero.eqz: kill if B = 0 - 2'b10: ZeroCondMaskInvB = {P.XLEN{BZero}}; // czero.nez: kill if B != 0 - default: ZeroCondMaskInvB = CondMaskInvB; // otherwise normal behavior - endcase - end else assign ZeroCondMaskInvB = CondMaskInvB; // no masking if Zicond is not supported endmodule From c160ced2d2257df95d3333bd48805f740501775a Mon Sep 17 00:00:00 2001 From: David Harris Date: Wed, 22 May 2024 15:01:20 -0700 Subject: [PATCH 06/14] Zk* cleanup --- src/ieu/bmu/bitmanipalu.sv | 4 ++-- src/ieu/kmu/zbkb.sv | 3 +-- src/ieu/kmu/zbkx.sv | 4 ++-- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/ieu/bmu/bitmanipalu.sv b/src/ieu/bmu/bitmanipalu.sv index 7748b8627..b0af3e347 100644 --- a/src/ieu/bmu/bitmanipalu.sv +++ b/src/ieu/bmu/bitmanipalu.sv @@ -103,12 +103,12 @@ module bitmanipalu import cvw::*; #(parameter cvw_t P) ( // ZBKB Unit if (P.ZBKB_SUPPORTED) begin: zbkb - zbkb #(P.XLEN) ZBKB(.A(ABMU), .B(BBMU), .W64, .Funct3, .ZBKBSelect(ZBBSelect[2:0]), .ZBKBResult); + zbkb #(P.XLEN) ZBKB(.A(ABMU), .B(BBMU), .Funct3, .ZBKBSelect(ZBBSelect[2:0]), .ZBKBResult); end else assign ZBKBResult = '0; // ZBKX Unit if (P.ZBKX_SUPPORTED) begin: zbkx - zbkx #(P.XLEN) ZBKX(.A(ABMU), .B(BBMU), .ZBKXSelect(ZBBSelect[2:0]), .ZBKXResult); + zbkx #(P.XLEN) ZBKX(.A(ABMU), .B(BBMU), .ZBKXSelect(ZBBSelect[0]), .ZBKXResult); end else assign ZBKXResult = '0; // ZKND and ZKNE AES decryption and encryption diff --git a/src/ieu/kmu/zbkb.sv b/src/ieu/kmu/zbkb.sv index 8d437f62f..61173e982 100644 --- a/src/ieu/kmu/zbkb.sv +++ b/src/ieu/kmu/zbkb.sv @@ -27,8 +27,7 @@ module zbkb #(parameter WIDTH=32) ( input logic [WIDTH-1:0] A, B, - input logic W64, - input logic [2:0] Funct3, + input logic [2:0] Funct3, input logic [2:0] ZBKBSelect, output logic [WIDTH-1:0] ZBKBResult ); diff --git a/src/ieu/kmu/zbkx.sv b/src/ieu/kmu/zbkx.sv index dbbaf3d2d..18fe9a657 100644 --- a/src/ieu/kmu/zbkx.sv +++ b/src/ieu/kmu/zbkx.sv @@ -27,7 +27,7 @@ module zbkx #(parameter WIDTH=32) ( input logic [WIDTH-1:0] A, B, - input logic [2:0] ZBKXSelect, + input logic ZBKXSelect, output logic [WIDTH-1:0] ZBKXResult ); @@ -46,5 +46,5 @@ module zbkx #(parameter WIDTH=32) ( end end - assign ZBKXResult = ZBKXSelect[0] ? xperm4 : xperm8; + assign ZBKXResult = ZBKXSelect ? xperm4 : xperm8; endmodule From d9a1691c8323f5ca0c8ec3a1e7086ad0f4f74efd Mon Sep 17 00:00:00 2001 From: David Harris Date: Thu, 23 May 2024 05:39:50 -0700 Subject: [PATCH 07/14] Simplified sha512_32 --- src/ieu/sha/sha512_32.sv | 65 ++++++++++++++-------------------------- 1 file changed, 22 insertions(+), 43 deletions(-) diff --git a/src/ieu/sha/sha512_32.sv b/src/ieu/sha/sha512_32.sv index 679d6d740..4ce8e31ef 100644 --- a/src/ieu/sha/sha512_32.sv +++ b/src/ieu/sha/sha512_32.sv @@ -31,67 +31,46 @@ module sha512_32 ( output logic [31:0] result ); - logic [31:0] x[6][6]; - logic [31:0] y[6]; + logic [31:0] x[6][3]; + logic [31:0] y[3]; // sha512{sig0h/sig0l/sig1h/sig1l/sum0r/sum1r} select shifted operands for 32-bit xor6 // sha512sig0h - assign x[0][0] = A >> 1; - assign x[0][1] = A >> 7; - assign x[0][2] = A >> 8; - assign x[0][3] = B << 31; - assign x[0][4] = B << 24; - assign x[0][5] = '0; + assign x[0][0] = {B[0], A[31:1]}; + assign x[0][1] = {B[7:0], A[31:8]}; + assign x[0][2] = {7'b0, A[31:7]}; // sha512sig0l - assign x[1][0] = A >> 1; - assign x[1][1] = A >> 7; - assign x[1][2] = A >> 8; - assign x[1][3] = B << 31; - assign x[1][4] = B << 25; - assign x[1][5] = B << 24; + assign x[1][0] = x[0][0]; + assign x[1][1] = x[0][1]; + assign x[1][2] = {B[6:0], A[31:7]}; // sha512sig1h - assign x[2][0] = A << 3; - assign x[2][1] = A >> 6; - assign x[2][2] = A >> 19; - assign x[2][3] = B >> 29; - assign x[2][4] = B << 13; - assign x[2][5] = '0; + assign x[2][0] = {A[28:0], B[31:29]}; + assign x[2][1] = {B[18:0], A[31:19]}; + assign x[2][2] = {6'b0, A[31:6]}; // sha512sig1l - assign x[3][0] = A << 3; - assign x[3][1] = A >> 6; - assign x[3][2] = A >> 19; - assign x[3][3] = B >> 29; - assign x[3][4] = B << 26; - assign x[3][5] = B << 13; + assign x[3][0] = x[2][0]; + assign x[3][1] = x[2][1]; + assign x[3][2] = {B[5:0], A[31:6]}; // sha512sum0r - assign x[4][0] = A << 25; - assign x[4][1] = A << 30; - assign x[4][2] = A >> 28; - assign x[4][3] = B >> 7; - assign x[4][4] = B >> 2; - assign x[4][5] = B << 4; + assign x[4][0] = {A[6:0], B[31:7]}; + assign x[4][1] = {A[1:0], B[31:2]}; + assign x[4][2] = {B[27:0], A[31:28]}; // sha512sum1r - assign x[5][0] = A << 23; - assign x[5][1] = A >> 14; - assign x[5][2] = A >> 18; - assign x[5][3] = B >> 9; - assign x[5][4] = B << 18; - assign x[5][5] = B << 14; + assign x[5][0] = {A[8:0], B[31:9]}; + assign x[5][1] = {B[13:0], A[31:14]}; + assign x[5][2] = {B[17:0], A[31:18]}; // 32-bit muxes to select inputs to xor6 for sha512 assign y[0] = x[ZKNHSelect[2:0]][0]; assign y[1] = x[ZKNHSelect[2:0]][1]; assign y[2] = x[ZKNHSelect[2:0]][2]; - assign y[3] = x[ZKNHSelect[2:0]][3]; - assign y[4] = x[ZKNHSelect[2:0]][4]; - assign y[5] = x[ZKNHSelect[2:0]][5]; - + // sha512 32-bit xor6 - assign result = y[0] ^ y[1] ^ y[2] ^ y[3] ^ y[4] ^ y[5]; + assign result = y[0] ^ y[1] ^ y[2]; endmodule From ac153bc4ed75c83983e5953fc763c6a09723e376 Mon Sep 17 00:00:00 2001 From: David Harris Date: Thu, 23 May 2024 05:46:56 -0700 Subject: [PATCH 08/14] More simplifying sha512_32 --- src/ieu/bmu/bmuctrl.sv | 2 +- src/ieu/sha/sha512_32.sv | 46 +++++++++++++++++----------------------- 2 files changed, 20 insertions(+), 28 deletions(-) diff --git a/src/ieu/bmu/bmuctrl.sv b/src/ieu/bmu/bmuctrl.sv index 62376865f..76e08aba8 100644 --- a/src/ieu/bmu/bmuctrl.sv +++ b/src/ieu/bmu/bmuctrl.sv @@ -264,7 +264,7 @@ module bmuctrl import cvw::*; #(parameter cvw_t P) ( 17'b0110011_0101111_000: BMUControlsD = `BMUCTRLW'b000_1000_1010_1_0_0_1_0_0_0_0_0; // sha512sig1h 17'b0110011_0101011_000: BMUControlsD = `BMUCTRLW'b000_1000_1011_1_0_0_1_0_0_0_0_0; // sha512sig1l 17'b0110011_0101000_000: BMUControlsD = `BMUCTRLW'b000_1000_1100_1_0_0_1_0_0_0_0_0; // sha512sum0r - 17'b0110011_0101001_000: BMUControlsD = `BMUCTRLW'b000_1000_1101_1_0_0_1_0_0_0_0_0; // sha512sum1r + 17'b0110011_0101001_000: BMUControlsD = `BMUCTRLW'b000_1000_1110_1_0_0_1_0_0_0_0_0; // sha512sum1r endcase else if (P.XLEN==64) diff --git a/src/ieu/sha/sha512_32.sv b/src/ieu/sha/sha512_32.sv index 4ce8e31ef..484ce3586 100644 --- a/src/ieu/sha/sha512_32.sv +++ b/src/ieu/sha/sha512_32.sv @@ -31,45 +31,37 @@ module sha512_32 ( output logic [31:0] result ); - logic [31:0] x[6][3]; + logic [31:0] x[4][3]; logic [31:0] y[3]; - // sha512{sig0h/sig0l/sig1h/sig1l/sum0r/sum1r} select shifted operands for 32-bit xor6 + // sha512{sig0h/sig0l/sig1h/sig1l/sum0r/sum1r} select shifted operands for 32-bit xor - // sha512sig0h + // The l flavors differ from h by using low bits of B instead of zeros in x[0/1][2] + + // sha512sig0h/l assign x[0][0] = {B[0], A[31:1]}; assign x[0][1] = {B[7:0], A[31:8]}; - assign x[0][2] = {7'b0, A[31:7]}; + assign x[0][2] = {B[6:0] & {7{ZKNHSelect[0]}}, A[31:7]}; - // sha512sig0l - assign x[1][0] = x[0][0]; - assign x[1][1] = x[0][1]; - assign x[1][2] = {B[6:0], A[31:7]}; - - // sha512sig1h - assign x[2][0] = {A[28:0], B[31:29]}; - assign x[2][1] = {B[18:0], A[31:19]}; - assign x[2][2] = {6'b0, A[31:6]}; - - // sha512sig1l - assign x[3][0] = x[2][0]; - assign x[3][1] = x[2][1]; - assign x[3][2] = {B[5:0], A[31:6]}; + // sha512sig1h/l + assign x[1][0] = {A[28:0], B[31:29]}; + assign x[1][1] = {B[18:0], A[31:19]}; + assign x[1][2] = {B[5:0] & {6{ZKNHSelect[0]}}, A[31:6]}; // sha512sum0r - assign x[4][0] = {A[6:0], B[31:7]}; - assign x[4][1] = {A[1:0], B[31:2]}; - assign x[4][2] = {B[27:0], A[31:28]}; + assign x[2][0] = {A[6:0], B[31:7]}; + assign x[2][1] = {A[1:0], B[31:2]}; + assign x[2][2] = {B[27:0], A[31:28]}; // sha512sum1r - assign x[5][0] = {A[8:0], B[31:9]}; - assign x[5][1] = {B[13:0], A[31:14]}; - assign x[5][2] = {B[17:0], A[31:18]}; + assign x[3][0] = {A[8:0], B[31:9]}; + assign x[3][1] = {B[13:0], A[31:14]}; + assign x[3][2] = {B[17:0], A[31:18]}; // 32-bit muxes to select inputs to xor6 for sha512 - assign y[0] = x[ZKNHSelect[2:0]][0]; - assign y[1] = x[ZKNHSelect[2:0]][1]; - assign y[2] = x[ZKNHSelect[2:0]][2]; + assign y[0] = x[ZKNHSelect[2:1]][0]; + assign y[1] = x[ZKNHSelect[2:1]][1]; + assign y[2] = x[ZKNHSelect[2:1]][2]; // sha512 32-bit xor6 assign result = y[0] ^ y[1] ^ y[2]; From b0d13441217c50ae744b03f9162ec5a46d599e92 Mon Sep 17 00:00:00 2001 From: David Harris Date: Thu, 23 May 2024 22:06:37 -0700 Subject: [PATCH 09/14] Commented sha instructions --- src/ieu/sha/sha256.sv | 30 +++++++++++++++--------------- src/ieu/sha/sha512_32.sv | 29 +++++++++++++++-------------- src/ieu/sha/sha512_64.sv | 34 +++++++++++++++++----------------- 3 files changed, 47 insertions(+), 46 deletions(-) diff --git a/src/ieu/sha/sha256.sv b/src/ieu/sha/sha256.sv index 118f9e24b..12d08f2ce 100644 --- a/src/ieu/sha/sha256.sv +++ b/src/ieu/sha/sha256.sv @@ -37,29 +37,29 @@ module sha256 ( // sha256{sig0/sig1/sum0/sum1} select shifted operands for 32-bit xor3 and then sign-extend // sha256sig0 - assign x[0][0] = {A[6:0], A[31:7]}; - assign x[0][1] = {A[17:0], A[31:18]}; - assign x[0][2] = {3'b0, A[31:3]}; + assign x[0][0] = {A[6:0], A[31:7]}; // ror 7 + assign x[0][1] = {A[17:0], A[31:18]}; // ror 18 + assign x[0][2] = {3'b0, A[31:3]}; // >> 3 // sha256sig1 - assign x[1][0] = {A[16:0], A[31:17]}; - assign x[1][1] = {A[18:0], A[31:19]}; - assign x[1][2] = {10'b0, A[31:10]}; + assign x[1][0] = {A[16:0], A[31:17]}; // ror 17 + assign x[1][1] = {A[18:0], A[31:19]}; // ror 19 + assign x[1][2] = {10'b0, A[31:10]}; // >> 10 // sha256sum0 - assign x[2][0] = {A[1:0], A[31:2]}; - assign x[2][1] = {A[12:0], A[31:13]}; - assign x[2][2] = {A[21:0], A[31:22]}; + assign x[2][0] = {A[1:0], A[31:2]}; // ror 2 + assign x[2][1] = {A[12:0], A[31:13]}; // ror 13 + assign x[2][2] = {A[21:0], A[31:22]}; // ror 22 // sha256sum1 - assign x[3][0] = {A[5:0], A[31:6]}; - assign x[3][1] ={A[10:0], A[31:11]}; - assign x[3][2] = {A[24:0], A[31:25]}; + assign x[3][0] = {A[5:0], A[31:6]}; // ror 6 + assign x[3][1] ={ A[10:0], A[31:11]}; // ror 11 + assign x[3][2] = {A[24:0], A[31:25]}; // ror 25 // 32-bit muxes to select inputs to xor3 for sha256 - assign y[0] = x[ZKNHSelect[1:0]][0]; - assign y[1] = x[ZKNHSelect[1:0]][1]; - assign y[2] = x[ZKNHSelect[1:0]][2]; + assign y[0] = x[ZKNHSelect[1:0]][0]; + assign y[1] = x[ZKNHSelect[1:0]][1]; + assign y[2] = x[ZKNHSelect[1:0]][2]; // sha256 32-bit xor3 assign result = y[0] ^ y[1] ^ y[2]; diff --git a/src/ieu/sha/sha512_32.sv b/src/ieu/sha/sha512_32.sv index 484ce3586..ce205172c 100644 --- a/src/ieu/sha/sha512_32.sv +++ b/src/ieu/sha/sha512_32.sv @@ -34,33 +34,34 @@ module sha512_32 ( logic [31:0] x[4][3]; logic [31:0] y[3]; + // rotate/shift a 64-bit value contained in {B, A} and select 32 bits // sha512{sig0h/sig0l/sig1h/sig1l/sum0r/sum1r} select shifted operands for 32-bit xor // The l flavors differ from h by using low bits of B instead of zeros in x[0/1][2] // sha512sig0h/l - assign x[0][0] = {B[0], A[31:1]}; - assign x[0][1] = {B[7:0], A[31:8]}; - assign x[0][2] = {B[6:0] & {7{ZKNHSelect[0]}}, A[31:7]}; + assign x[0][0] = {B[0], A[31:1]}; // ror 1 + assign x[0][1] = {B[7:0], A[31:8]}; // ror 8 + assign x[0][2] = {B[6:0] & {7{ZKNHSelect[0]}}, A[31:7]}; // ror/srl 7 // sha512sig1h/l - assign x[1][0] = {A[28:0], B[31:29]}; - assign x[1][1] = {B[18:0], A[31:19]}; - assign x[1][2] = {B[5:0] & {6{ZKNHSelect[0]}}, A[31:6]}; + assign x[1][0] = {A[28:0], B[31:29]}; // ror 61 + assign x[1][1] = {B[18:0], A[31:19]}; // ror 19 + assign x[1][2] = {B[5:0] & {6{ZKNHSelect[0]}}, A[31:6]}; // ror/srl 6 // sha512sum0r - assign x[2][0] = {A[6:0], B[31:7]}; - assign x[2][1] = {A[1:0], B[31:2]}; - assign x[2][2] = {B[27:0], A[31:28]}; + assign x[2][0] = {A[6:0], B[31:7]}; // ror 39 + assign x[2][1] = {A[1:0], B[31:2]}; // ror 34 + assign x[2][2] = {B[27:0], A[31:28]}; // ror 28 // sha512sum1r - assign x[3][0] = {A[8:0], B[31:9]}; - assign x[3][1] = {B[13:0], A[31:14]}; - assign x[3][2] = {B[17:0], A[31:18]}; + assign x[3][0] = {A[8:0], B[31:9]}; // ror 41 + assign x[3][1] = {B[13:0], A[31:14]}; // ror 14 + assign x[3][2] = {B[17:0], A[31:18]}; // ror 18 // 32-bit muxes to select inputs to xor6 for sha512 - assign y[0] = x[ZKNHSelect[2:1]][0]; - assign y[1] = x[ZKNHSelect[2:1]][1]; + assign y[0] = x[ZKNHSelect[2:1]][0]; + assign y[1] = x[ZKNHSelect[2:1]][1]; assign y[2] = x[ZKNHSelect[2:1]][2]; // sha512 32-bit xor6 diff --git a/src/ieu/sha/sha512_64.sv b/src/ieu/sha/sha512_64.sv index 8707311e8..47fefce04 100644 --- a/src/ieu/sha/sha512_64.sv +++ b/src/ieu/sha/sha512_64.sv @@ -33,33 +33,33 @@ module sha512_64 ( logic [63:0] x[4][3]; logic [63:0] y[3]; - - // sha512{sig0/sig1/sum0/sum1} select shifted operands for 64-bit xor3 + + // sha512{sig0/sig1/sum0/sum1} select rotated/shifted operands for 64-bit xor3 // sha512sig0 - assign x[0][0] = {A[0], A[63:1]}; - assign x[0][1] = {A[7:0], A[63:8]}; - assign x[0][2] = A >> 7; + assign x[0][0] = {A[0], A[63:1]}; // ror 1 + assign x[0][1] = {A[7:0], A[63:8]}; // ror 8 + assign x[0][2] = {7'b0, A[63:7]}; // >> 7 // sha512sig1 - assign x[1][0] = {A[18:0], A[63:19]}; - assign x[1][1] = {A[60:0], A[63:61]}; - assign x[1][2] = A >> 6; + assign x[1][0] = {A[18:0], A[63:19]}; // ror 19 + assign x[1][1] = {A[60:0], A[63:61]}; // ror 61 + assign x[1][2] = {6'b0, A[63:6]}; // >> 6 // sha512sum0 - assign x[2][0] = {A[27:0], A[63:28]}; - assign x[2][1] = {A[33:0], A[63:34]}; - assign x[2][2] = {A[38:0], A[63:39]}; + assign x[2][0] = {A[27:0], A[63:28]}; // ror 28 + assign x[2][1] = {A[33:0], A[63:34]}; // ror 34 + assign x[2][2] = {A[38:0], A[63:39]}; // ror 39 // sha512sum1 - assign x[3][0] = {A[13:0], A[63:14]}; - assign x[3][1] = {A[17:0], A[63:18]}; - assign x[3][2] = {A[40:0], A[63:41]}; + assign x[3][0] = {A[13:0], A[63:14]}; // ror 14 + assign x[3][1] = {A[17:0], A[63:18]}; // ror 18 + assign x[3][2] = {A[40:0], A[63:41]}; // ror 41 // 64-bit muxes to select inputs to xor3 for sha512 - assign y[0] = x[ZKNHSelect[1:0]][0]; - assign y[1] = x[ZKNHSelect[1:0]][1]; - assign y[2] = x[ZKNHSelect[1:0]][2]; + assign y[0] = x[ZKNHSelect[1:0]][0]; + assign y[1] = x[ZKNHSelect[1:0]][1]; + assign y[2] = x[ZKNHSelect[1:0]][2]; // sha512 64-bit xor3 assign result = y[0] ^ y[1] ^ y[2]; From e626052ec93c5a402d7109ce01538556b304cf53 Mon Sep 17 00:00:00 2001 From: David Harris Date: Thu, 23 May 2024 22:30:25 -0700 Subject: [PATCH 10/14] simplified AES32de mixcolumns because input is only one byte --- src/ieu/aes/aes32d.sv | 6 ++-- src/ieu/aes/aes32e.sv | 8 +++--- src/ieu/aes/aes64d.sv | 2 +- src/ieu/aes/aes64e.sv | 2 +- src/ieu/aes/aesinvmixcolumns8.sv | 47 ++++++++++++++++++++++++++++++++ src/ieu/aes/aesmixcolumns8.sv | 39 ++++++++++++++++++++++++++ 6 files changed, 95 insertions(+), 9 deletions(-) create mode 100644 src/ieu/aes/aesinvmixcolumns8.sv create mode 100644 src/ieu/aes/aesmixcolumns8.sv diff --git a/src/ieu/aes/aes32d.sv b/src/ieu/aes/aes32d.sv index e3eb61cec..f761b5060 100644 --- a/src/ieu/aes/aes32d.sv +++ b/src/ieu/aes/aes32d.sv @@ -34,8 +34,8 @@ module aes32d( logic [7:0] SboxOut; logic [31:0] so, mixed; - aesinvsbox8 inv_sbox(SboxIn, SboxOut); // Apply inverse sbox to si - assign so = {24'h0, SboxOut}; // Pad output of inverse substitution box - aesinvmixcolumns32 mix(so, mixed); // Run so through the mixword AES function + aesinvsbox8 inv_sbox(SboxIn, SboxOut); // Apply inverse sbox to si + aesinvmixcolumns8 mix(SboxOut, mixed); // Run so through the InvMixColumns AES function + assign so = {24'h0, SboxOut}; // Pad output of inverse substitution box mux2 #(32) rmux(mixed, so, finalround, result); // on final round, skip mixcolumns endmodule diff --git a/src/ieu/aes/aes32e.sv b/src/ieu/aes/aes32e.sv index ca00afdd3..ab28db196 100644 --- a/src/ieu/aes/aes32e.sv +++ b/src/ieu/aes/aes32e.sv @@ -34,8 +34,8 @@ module aes32e( logic [7:0] SboxOut; logic [31:0] so, mixed; - aessbox8 sbox(SboxIn, SboxOut); // Substitute - assign so = {24'h0, SboxOut}; // Pad sbox output - aesmixcolumns32 mwd(so, mixed); // Mix Word using aesmixword component - mux2 #(32) rmux(mixed, so, finalround, result); // on final round, skip mixcolumns + aessbox8 sbox(SboxIn, SboxOut); // Substitute + assign so = {24'h0, SboxOut}; // Pad sbox output + aesmixcolumns32 mb(so, mixed); // Mix using MixColumns component + mux2 #(32) rmux(mixed, so, finalround, result); // on final round, skip MixColumns endmodule diff --git a/src/ieu/aes/aes64d.sv b/src/ieu/aes/aes64d.sv index 96355a566..a9e6feb75 100644 --- a/src/ieu/aes/aes64d.sv +++ b/src/ieu/aes/aes64d.sv @@ -42,7 +42,7 @@ module aes64d( mux2 #(64) mixcolmux(SboxOut, rs1, aes64im, MixcolIn); - // Apply inverse mixword to sbox outputs + // Apply inverse MixColumns to sbox outputs aesinvmixcolumns32 invmw0(MixcolIn[31:0], MixcolOut[31:0]); aesinvmixcolumns32 invmw1(MixcolIn[63:32], MixcolOut[63:32]); diff --git a/src/ieu/aes/aes64e.sv b/src/ieu/aes/aes64e.sv index b37d8787c..7435f4327 100644 --- a/src/ieu/aes/aes64e.sv +++ b/src/ieu/aes/aes64e.sv @@ -46,7 +46,7 @@ module aes64e( aessbox32 sbox1(ShiftRowOut[63:32], SboxOut[63:32]); // instantiate second sbox - // Apply mix columns operations + // Apply MixColumns operations aesmixcolumns32 mw0(SboxOut[31:0], MixcolOut[31:0]); aesmixcolumns32 mw1(SboxOut[63:32], MixcolOut[63:32]); diff --git a/src/ieu/aes/aesinvmixcolumns8.sv b/src/ieu/aes/aesinvmixcolumns8.sv new file mode 100644 index 000000000..134ceeb11 --- /dev/null +++ b/src/ieu/aes/aesinvmixcolumns8.sv @@ -0,0 +1,47 @@ +/////////////////////////////////////////// +// aesinvmixcolumns8.sv +// +// Written: kelvin.tran@okstate.edu, james.stine@okstate.edu +// Created: 05 March 2024 +// +// Purpose: AES Inverted Mix Column Function for use with AES +// +// A component of the CORE-V-WALLY configurable RISC-V project. +// https://github.com/openhwgroup/cvw +// +// Copyright (C) 2021-24 Harvey Mudd College & Oklahoma State University +// +// SPDX-License-Identifier: Apache-2.0 WITH SHL-2.1 +// +// Licensed under the Solderpad Hardware License v 2.1 (the “License”); you may not use this file +// except in compliance with the License, or, at your option, the Apache License version 2.0. You +// may obtain a copy of the License at +// +// https://solderpad.org/licenses/SHL-2.1/ +// +// Unless required by applicable law or agreed to in writing, any work distributed under the +// License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +// either express or implied. See the License for the specific language governing permissions +// and limitations under the License. +//////////////////////////////////////////////////////////////////////////////////////////////// + +module aesinvmixcolumns8( + input logic [7:0] a, + output logic [31:0] y +); + + logic [10:0] t, x0, x1, x2, x3; + + // aes32d operates on shifted versions of the input + assign t = {a, 3'b0} ^ {3'b0, a}; + assign x0 = {a, 3'b0} ^ {1'b0, a, 2'b0} ^ {2'b0, a, 1'b0}; + assign x1 = t; + assign x2 = t ^ {1'b0, a, 2'b0}; + assign x3 = t ^ {2'b0, a, 1'b0}; + + galoismultinverse8 gm0 (x0, y[7:0]); + galoismultinverse8 gm1 (x1, y[15:8]); + galoismultinverse8 gm2 (x2, y[23:16]); + galoismultinverse8 gm3 (x3, y[31:24]); + + endmodule diff --git a/src/ieu/aes/aesmixcolumns8.sv b/src/ieu/aes/aesmixcolumns8.sv new file mode 100644 index 000000000..66ab6534f --- /dev/null +++ b/src/ieu/aes/aesmixcolumns8.sv @@ -0,0 +1,39 @@ +/////////////////////////////////////////// +// aesmixcolumns8.sv +// +// Written: ryan.swann@okstate.edu, james.stine@okstate.edu, David_Harris@hmc.edu +// Created: 20 February 2024 +// +// Purpose: Galois field operation to byte in an individual 32-bit word +// +// A component of the CORE-V-WALLY configurable RISC-V project. +// https://github.com/openhwgroup/cvw +// +// Copyright (C) 2021-24 Harvey Mudd College & Oklahoma State University +// +// SPDX-License-Identifier: Apache-2.0 WITH SHL-2.1 +// +// Licensed under the Solderpad Hardware License v 2.1 (the “License”); you may not use this file +// except in compliance with the License, or, at your option, the Apache License version 2.0. You +// may obtain a copy of the License at +// +// https://solderpad.org/licenses/SHL-2.1/ +// +// Unless required by applicable law or agreed to in writing, any work distributed under the +// License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +// either express or implied. See the License for the specific language governing permissions +// and limitations under the License. +//////////////////////////////////////////////////////////////////////////////////////////////// + + +module aesmixcolumns8( + input logic [7:0] a, + output logic [31:0] y +); + + logic [7:0] xa, xapa; + + galoismultforward8 gm(a, xa); // xa + assign xapa = a ^ xa; // a ^ xa + assign y = {xapa, a, a, xa}; +endmodule From ec5c67a5c12b52435686c2c7df03fe42d467ec3b Mon Sep 17 00:00:00 2001 From: David Harris Date: Fri, 24 May 2024 13:48:53 -0700 Subject: [PATCH 11/14] AES cleanup --- src/ieu/aes/aes64e.sv | 2 +- src/ieu/aes/aesmixcolumns8.sv | 2 +- src/ieu/bmu/bitmanipalu.sv | 4 ++-- src/ieu/kmu/zknde32.sv | 7 ++++--- src/ieu/kmu/zknde64.sv | 7 ++++--- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/src/ieu/aes/aes64e.sv b/src/ieu/aes/aes64e.sv index 7435f4327..c1ca9013e 100644 --- a/src/ieu/aes/aes64e.sv +++ b/src/ieu/aes/aes64e.sv @@ -48,7 +48,7 @@ module aes64e( // Apply MixColumns operations aesmixcolumns32 mw0(SboxOut[31:0], MixcolOut[31:0]); - aesmixcolumns32 mw1(SboxOut[63:32], MixcolOut[63:32]); + aesmixcolumns32 mw1(SboxOut[63:32], MixcolOut[63:32]); // Skip mixcolumns on last round mux2 #(64) resultmux(MixcolOut, SboxOut, finalround, result); diff --git a/src/ieu/aes/aesmixcolumns8.sv b/src/ieu/aes/aesmixcolumns8.sv index 66ab6534f..256f728d0 100644 --- a/src/ieu/aes/aesmixcolumns8.sv +++ b/src/ieu/aes/aesmixcolumns8.sv @@ -27,7 +27,7 @@ module aesmixcolumns8( - input logic [7:0] a, + input logic [7:0] a, output logic [31:0] y ); diff --git a/src/ieu/bmu/bitmanipalu.sv b/src/ieu/bmu/bitmanipalu.sv index b0af3e347..36feff63e 100644 --- a/src/ieu/bmu/bitmanipalu.sv +++ b/src/ieu/bmu/bitmanipalu.sv @@ -113,8 +113,8 @@ module bitmanipalu import cvw::*; #(parameter cvw_t P) ( // ZKND and ZKNE AES decryption and encryption if (P.ZKND_SUPPORTED | P.ZKNE_SUPPORTED) begin: zknde - if (P.XLEN == 32) zknde32 #(P) ZKN32(.A(ABMU), .B(BBMU), .Funct7, .round(Rs2E[3:0]), .ZKNSelect(ZBBSelect[3:0]), .ZKNDEResult); - else zknde64 #(P) ZKN64(.A(ABMU), .B(BBMU), .Funct7, .round(Rs2E[3:0]), .ZKNSelect(ZBBSelect[3:0]), .ZKNDEResult); + if (P.XLEN == 32) zknde32 #(P) ZKN32(.A(ABMU), .B(BBMU), .bs(Funct7[6:5]), .round(Rs2E[3:0]), .ZKNSelect(ZBBSelect[3:0]), .ZKNDEResult); + else zknde64 #(P) ZKN64(.A(ABMU), .B(BBMU), .round(Rs2E[3:0]), .ZKNSelect(ZBBSelect[3:0]), .ZKNDEResult); end else assign ZKNDEResult = '0; // ZKNH Unit diff --git a/src/ieu/kmu/zknde32.sv b/src/ieu/kmu/zknde32.sv index 4c845599c..7e482d757 100644 --- a/src/ieu/kmu/zknde32.sv +++ b/src/ieu/kmu/zknde32.sv @@ -28,7 +28,7 @@ module zknde32 import cvw::*; #(parameter cvw_t P) ( input logic [31:0] A, B, - input logic [6:0] Funct7, + input logic [1:0] bs, input logic [3:0] round, input logic [3:0] ZKNSelect, output logic [31:0] ZKNDEResult @@ -39,7 +39,7 @@ module zknde32 import cvw::*; #(parameter cvw_t P) ( logic [31:0] ZKNEResult, ZKNDResult, rotin, rotout; // Initial shamt and Sbox input selection steps shared between encrypt and decrypt - assign shamt = {Funct7[6:5], 3'b0}; // shamt = bs * 8 (convert bytes to bits) + assign shamt = {bs, 3'b0}; // shamt = bs * 8 (convert bytes to bits) assign SboxIn = B[shamt +: 8]; // select byte bs of rs2 // Handle logic specific to encrypt or decrypt @@ -55,6 +55,7 @@ module zknde32 import cvw::*; #(parameter cvw_t P) ( assign rotin = ZKNEResult; // final rotate and XOR steps shared between encrypt and decrypt - rotate #(32) mrot(rotin, shamt, rotout); // Rotate the mixcolumns output left by shamt (bs * 8) + mux4 #(32) mrotmux(rotin, {rotin[23:0], rotin[31:24]}, + {rotin[15:0], rotin[31:16]}, {rotin[7:0], rotin[31:8]}, bs, rotout); // Rotate the mixcolumns output left by shamt (bs * 8) assign ZKNDEResult = A ^ rotout; // xor with running value (A = rs1) endmodule diff --git a/src/ieu/kmu/zknde64.sv b/src/ieu/kmu/zknde64.sv index 2a2b6cc10..9c2566718 100644 --- a/src/ieu/kmu/zknde64.sv +++ b/src/ieu/kmu/zknde64.sv @@ -28,7 +28,6 @@ module zknde64 import cvw::*; #(parameter cvw_t P) ( input logic [63:0] A, B, - input logic [6:0] Funct7, input logic [3:0] round, input logic [3:0] ZKNSelect, output logic [63:0] ZKNDEResult @@ -39,11 +38,13 @@ module zknde64 import cvw::*; #(parameter cvw_t P) ( if (P.ZKND_SUPPORTED) // ZKND supports aes64ds, aes64dsm, aes64im aes64d aes64d(.rs1(A), .rs2(B), .finalround(ZKNSelect[2]), .aes64im(ZKNSelect[3]), .result(aes64dRes)); // decode AES - if (P.ZKNE_SUPPORTED) // ZKNE supports aes64es, aes64esm + if (P.ZKNE_SUPPORTED) begin // ZKNE supports aes64es, aes64esm aes64e aes64e(.rs1(A), .rs2(B), .finalround(ZKNSelect[2]), .Sbox0Out, .SboxEIn, .result(aes64eRes)); + mux2 #(32) sboxmux(SboxEIn, SboxKIn, ZKNSelect[1], Sbox0In); + end else + assign Sbox0In = SboxKIn; // One S Box is always needed for aes64ks1i and is also needed for aes64e if that is supported. Put it at the top level to allow sharing - mux2 #(32) sboxmux(SboxEIn, SboxKIn, ZKNSelect[1], Sbox0In); aessbox32 sbox(Sbox0In, Sbox0Out); // Substitute bytes of value obtained for tmp2 using Rijndael sbox // Both ZKND and ZKNE support aes64ks1i and aes64ks2 instructions From b2689b4f01620e8f4dfb22a2e9ae085a5cbfec26 Mon Sep 17 00:00:00 2001 From: David Harris Date: Fri, 24 May 2024 14:13:57 -0700 Subject: [PATCH 12/14] AES cleanup --- src/ieu/aes/aes64d.sv | 6 ++-- src/ieu/aes/aes64e.sv | 8 ++--- ...sinvshiftrow64.sv => aesinvshiftrows64.sv} | 6 ++-- .../{aesshiftrow64.sv => aesshiftrows64.sv} | 4 +-- src/ieu/aes/aesshiftrows64.xv | 35 +++++++++++++++++++ 5 files changed, 47 insertions(+), 12 deletions(-) rename src/ieu/aes/{aesinvshiftrow64.sv => aesinvshiftrows64.sv} (94%) rename src/ieu/aes/{aesshiftrow64.sv => aesshiftrows64.sv} (96%) create mode 100644 src/ieu/aes/aesshiftrows64.xv diff --git a/src/ieu/aes/aes64d.sv b/src/ieu/aes/aes64d.sv index a9e6feb75..8934f74c3 100644 --- a/src/ieu/aes/aes64d.sv +++ b/src/ieu/aes/aes64d.sv @@ -32,13 +32,13 @@ module aes64d( output logic [63:0] result ); - logic [63:0] ShiftRowOut, SboxOut, MixcolIn, MixcolOut; + logic [63:0] ShiftRowsOut, SboxOut, MixcolIn, MixcolOut; // Apply inverse shiftrows to rs2 and rs1 - aesinvshiftrow64 srow({rs2, rs1}, ShiftRowOut); + aesinvshiftrows64 srow({rs2, rs1}, ShiftRowsOut); // Apply full word inverse substitution to lower doubleord of shiftrow out - aesinvsbox64 invsbox(ShiftRowOut, SboxOut); + aesinvsbox64 invsbox(ShiftRowsOut, SboxOut); mux2 #(64) mixcolmux(SboxOut, rs1, aes64im, MixcolIn); diff --git a/src/ieu/aes/aes64e.sv b/src/ieu/aes/aes64e.sv index c1ca9013e..f40535d8d 100644 --- a/src/ieu/aes/aes64e.sv +++ b/src/ieu/aes/aes64e.sv @@ -34,17 +34,17 @@ module aes64e( output logic [63:0] result ); - logic [63:0] ShiftRowOut, SboxOut, MixcolOut; + logic [63:0] ShiftRowsOut, SboxOut, MixcolOut; // AES shiftrow unit - aesshiftrow64 srow({rs2,rs1}, ShiftRowOut); + aesshiftrows64 srow({rs2,rs1}, ShiftRowsOut); // Apply substitution box to 2 lower words // Use the shared sbox in zknde64.sv for the first sbox - assign SboxEIn = ShiftRowOut[31:0]; + assign SboxEIn = ShiftRowsOut[31:0]; assign SboxOut[31:0] = Sbox0Out; - aessbox32 sbox1(ShiftRowOut[63:32], SboxOut[63:32]); // instantiate second sbox + aessbox32 sbox1(ShiftRowsOut[63:32], SboxOut[63:32]); // instantiate second sbox // Apply MixColumns operations aesmixcolumns32 mw0(SboxOut[31:0], MixcolOut[31:0]); diff --git a/src/ieu/aes/aesinvshiftrow64.sv b/src/ieu/aes/aesinvshiftrows64.sv similarity index 94% rename from src/ieu/aes/aesinvshiftrow64.sv rename to src/ieu/aes/aesinvshiftrows64.sv index c6d355b63..c934116ac 100644 --- a/src/ieu/aes/aesinvshiftrow64.sv +++ b/src/ieu/aes/aesinvshiftrows64.sv @@ -1,5 +1,5 @@ /////////////////////////////////////////// -// aesinvshiftrow.sv +// aesinvshiftrows64.sv // // Written: ryan.swann@okstate.edu, james.stine@okstate.edu // Created: 20 February 2024 @@ -25,9 +25,9 @@ // and limitations under the License. //////////////////////////////////////////////////////////////////////////////////////////////// -module aesinvshiftrow64( +module aesinvshiftrows64( input logic [127:0] a, - output logic [63:0] y + output logic [63:0] y ); assign y = {a[95:88], a[119:112], a[15:8], a[39:32], diff --git a/src/ieu/aes/aesshiftrow64.sv b/src/ieu/aes/aesshiftrows64.sv similarity index 96% rename from src/ieu/aes/aesshiftrow64.sv rename to src/ieu/aes/aesshiftrows64.sv index 8691a9946..7c8a68120 100644 --- a/src/ieu/aes/aesshiftrow64.sv +++ b/src/ieu/aes/aesshiftrows64.sv @@ -1,5 +1,5 @@ /////////////////////////////////////////// -// aesshiftrow.sv +// aesshiftrows64.sv // // Written: ryan.swann@okstate.edu, james.stine@okstate.edu // Created: 20 February 2024 @@ -25,7 +25,7 @@ // and limitations under the License. //////////////////////////////////////////////////////////////////////////////////////////////// -module aesshiftrow64( +module aesshiftrows64( input logic [127:0] a, output logic [63:0] y ); diff --git a/src/ieu/aes/aesshiftrows64.xv b/src/ieu/aes/aesshiftrows64.xv new file mode 100644 index 000000000..58638cea5 --- /dev/null +++ b/src/ieu/aes/aesshiftrows64.xv @@ -0,0 +1,35 @@ +/////////////////////////////////////////// +// aesshiftrows64.sv +// +// Written: ryan.swann@okstate.edu, james.stine@okstate.edu +// Created: 20 February 2024 +// +// Purpose: aesshiftrow for taking in first Data line +// +// A component of the CORE-V-WALLY configurable RISC-V project. +// https://github.com/openhwgroup/cvw +// +// Copyright (C) 2021-24 Harvey Mudd College & Oklahoma State University +// +// SPDX-License-Identifier: Apache-2.0 WITH SHL-2.1 +// +// Licensed under the Solderpad Hardware License v 2.1 (the “License”); you may not use this file +// except in compliance with the License, or, at your option, the Apache License version 2.0. You +// may obtain a copy of the License at +// +// https://solderpad.org/licenses/SHL-2.1/ +// +// Unless required by applicable law or agreed to in writing, any work distributed under the +// License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +// either express or implied. See the License for the specific language governing permissions +// and limitations under the License. +//////////////////////////////////////////////////////////////////////////////////////////////// + +module aesshiftrows64( + input logic [127:0] a, + output logic [63:0] y +); + + assign y = {a[31:24], a[119:112], a[79:72], a[39:32], + a[127:120], a[87:80], a[47:40], a[7:0]}; +endmodule From a95977590dceb76120dc2240b6810f421664f998 Mon Sep 17 00:00:00 2001 From: David Harris Date: Fri, 24 May 2024 14:28:30 -0700 Subject: [PATCH 13/14] AES cleanup --- src/ieu/aes/aes64d.sv | 10 +++++----- src/ieu/aes/aes64e.sv | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/ieu/aes/aes64d.sv b/src/ieu/aes/aes64d.sv index 8934f74c3..517dd4bf0 100644 --- a/src/ieu/aes/aes64d.sv +++ b/src/ieu/aes/aes64d.sv @@ -32,7 +32,7 @@ module aes64d( output logic [63:0] result ); - logic [63:0] ShiftRowsOut, SboxOut, MixcolIn, MixcolOut; + logic [63:0] ShiftRowsOut, SboxOut, MixcolsIn, MixcolsOut; // Apply inverse shiftrows to rs2 and rs1 aesinvshiftrows64 srow({rs2, rs1}, ShiftRowsOut); @@ -40,12 +40,12 @@ module aes64d( // Apply full word inverse substitution to lower doubleord of shiftrow out aesinvsbox64 invsbox(ShiftRowsOut, SboxOut); - mux2 #(64) mixcolmux(SboxOut, rs1, aes64im, MixcolIn); + mux2 #(64) mixcolmux(SboxOut, rs1, aes64im, MixcolsIn); // Apply inverse MixColumns to sbox outputs - aesinvmixcolumns32 invmw0(MixcolIn[31:0], MixcolOut[31:0]); - aesinvmixcolumns32 invmw1(MixcolIn[63:32], MixcolOut[63:32]); + aesinvmixcolumns32 invmw0(MixcolsIn[31:0], MixcolsOut[31:0]); + aesinvmixcolumns32 invmw1(MixcolsIn[63:32], MixcolsOut[63:32]); // Final round skips mixcolumns. - mux2 #(64) resultmux(MixcolOut, SboxOut, finalround, result); + mux2 #(64) resultmux(MixcolsOut, SboxOut, finalround, result); endmodule diff --git a/src/ieu/aes/aes64e.sv b/src/ieu/aes/aes64e.sv index f40535d8d..f4b59178a 100644 --- a/src/ieu/aes/aes64e.sv +++ b/src/ieu/aes/aes64e.sv @@ -34,7 +34,7 @@ module aes64e( output logic [63:0] result ); - logic [63:0] ShiftRowsOut, SboxOut, MixcolOut; + logic [63:0] ShiftRowsOut, SboxOut, MixcolsOut; // AES shiftrow unit aesshiftrows64 srow({rs2,rs1}, ShiftRowsOut); @@ -47,9 +47,9 @@ module aes64e( aessbox32 sbox1(ShiftRowsOut[63:32], SboxOut[63:32]); // instantiate second sbox // Apply MixColumns operations - aesmixcolumns32 mw0(SboxOut[31:0], MixcolOut[31:0]); - aesmixcolumns32 mw1(SboxOut[63:32], MixcolOut[63:32]); + aesmixcolumns32 mw0(SboxOut[31:0], MixcolsOut[31:0]); + aesmixcolumns32 mw1(SboxOut[63:32], MixcolsOut[63:32]); // Skip mixcolumns on last round - mux2 #(64) resultmux(MixcolOut, SboxOut, finalround, result); + mux2 #(64) resultmux(MixcolsOut, SboxOut, finalround, result); endmodule From cfe83f5b498667c669c29d1218010fb4813a3e27 Mon Sep 17 00:00:00 2001 From: David Harris Date: Fri, 24 May 2024 15:18:36 -0700 Subject: [PATCH 14/14] Added derived configs to test Zb* and Zk* individually --- config/derivlist.txt | 240 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 240 insertions(+) diff --git a/config/derivlist.txt b/config/derivlist.txt index 1ed046a6a..174ca5191 100644 --- a/config/derivlist.txt +++ b/config/derivlist.txt @@ -530,6 +530,246 @@ ZALRSC_SUPPORTED 0 deriv zalrsc_rv64gc rv64gc ZAAMO_SUPPORTED 0 +deriv zba_rv32gc rv32gc +ZBA_SUPPORTED 1 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zbb_rv32gc rv32gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 1 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zbc_rv32gc rv32gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 1 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zbs_rv32gc rv32gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 1 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zbkb_rv32gc rv32gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 1 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zbkc_rv32gc rv32gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 1 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zbkx_rv32gc rv32gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 1 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zknd_rv32gc rv32gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 1 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zkne_rv32gc rv32gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 1 +ZKNH_SUPPORTED 0 + +deriv zknh_rv32gc rv32gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 1 + +deriv zba_rv64gc rv64gc +ZBA_SUPPORTED 1 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zbb_rv64gc rv64gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 1 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zbc_rv64gc rv64gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 1 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zbs_rv64gc rv64gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 1 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zbkb_rv64gc rv64gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 1 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zbkc_rv64gc rv64gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 1 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zbkx_rv64gc rv64gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 1 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zknd_rv64gc rv64gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 1 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 0 + +deriv zkne_rv64gc rv64gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 1 +ZKNH_SUPPORTED 0 + +deriv zknh_rv64gc rv64gc +ZBA_SUPPORTED 0 +ZBB_SUPPORTED 0 +ZBS_SUPPORTED 0 +ZBC_SUPPORTED 0 +ZBKB_SUPPORTED 0 +ZBKC_SUPPORTED 0 +ZBKX_SUPPORTED 0 +ZKND_SUPPORTED 0 +ZKNE_SUPPORTED 0 +ZKNH_SUPPORTED 1 + # Floating-point modes supported deriv f_rv32gc rv32gc