From c163069484a4df5f043963bacea18c863faf2b9a Mon Sep 17 00:00:00 2001 From: KelvinTr Date: Mon, 4 Mar 2024 15:23:11 -0600 Subject: [PATCH] Optimized mixcolumn --- src/ieu/aes_common/aes_inv_mixcols.sv | 51 ------------- src/ieu/aes_common/aes_inv_mixcolumns.sv | 4 +- src/ieu/aes_common/aes_inv_sbox.sv | 4 +- src/ieu/aes_common/aes_inv_sbox_128.sv | 40 ----------- src/ieu/aes_common/aes_inv_sbox_word.sv | 12 ++-- src/ieu/aes_common/aes_inv_shiftrow.sv | 45 +++--------- src/ieu/aes_common/aes_mixcolumns.sv | 61 ++++++---------- src/ieu/aes_common/aes_sbox.sv | 4 +- src/ieu/aes_common/aes_sbox_word.sv | 10 +-- src/ieu/aes_common/aes_shiftrow.sv | 45 ++---------- src/ieu/aes_common/aes_shiftword.sv | 59 --------------- .../{gm2.sv => galoismult_forward.sv} | 17 ++++- src/ieu/aes_common/mixword.sv | 72 ------------------- src/ieu/aes_common/rotateleft.sv | 34 --------- src/ieu/aes_instructions/aes32dsi.sv | 3 +- src/ieu/aes_instructions/aes32dsmi.sv | 5 +- src/ieu/aes_instructions/aes32esi.sv | 3 +- src/ieu/aes_instructions/aes32esmi.sv | 5 +- src/ieu/aes_instructions/aes64ds.sv | 6 +- src/ieu/aes_instructions/aes64dsm.sv | 10 +-- src/ieu/aes_instructions/aes64es.sv | 6 +- src/ieu/aes_instructions/aes64esm.sv | 10 +-- src/ieu/aes_instructions/aes64im.sv | 4 +- src/ieu/aes_instructions/aes64ks1i.sv | 14 ++-- src/ieu/aes_instructions/rcon_lut_128.sv | 2 +- src/ieu/aes_instructions/rrot8.sv | 63 ---------------- 26 files changed, 102 insertions(+), 487 deletions(-) delete mode 100644 src/ieu/aes_common/aes_inv_mixcols.sv delete mode 100644 src/ieu/aes_common/aes_inv_sbox_128.sv delete mode 100644 src/ieu/aes_common/aes_shiftword.sv rename src/ieu/aes_common/{gm2.sv => galoismult_forward.sv} (79%) delete mode 100644 src/ieu/aes_common/mixword.sv delete mode 100644 src/ieu/aes_common/rotateleft.sv delete mode 100644 src/ieu/aes_instructions/rrot8.sv diff --git a/src/ieu/aes_common/aes_inv_mixcols.sv b/src/ieu/aes_common/aes_inv_mixcols.sv deleted file mode 100644 index ad581748e..000000000 --- a/src/ieu/aes_common/aes_inv_mixcols.sv +++ /dev/null @@ -1,51 +0,0 @@ -/////////////////////////////////////////// -// aes_Inv_mixcols.sv -// -// Written: ryan.swann@okstate.edu, james.stine@okstate.edu -// Created: 20 February 2024 -// -// Purpose: AES Inverted Mix Column Function for use with AES -// -// A component of the CORE-V-WALLY configurable RISC-V project. -// https://github.com/openhwgroup/cvw -// -// Copyright (C) 2021-24 Harvey Mudd College & Oklahoma State University -// -// SPDX-License-Identifier: Apache-2.0 WITH SHL-2.1 -// -// Licensed under the Solderpad Hardware License v 2.1 (the “License”); you may not use this file -// except in compliance with the License, or, at your option, the Apache License version 2.0. You -// may obtain a copy of the License at -// -// https://solderpad.org/licenses/SHL-2.1/ -// -// Unless required by applicable law or agreed to in writing, any work distributed under the -// License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -// either express or implied. See the License for the specific language governing permissions -// and limitations under the License. -//////////////////////////////////////////////////////////////////////////////////////////////// - -module aes_Inv_mixcols (input logic [127:0] Data, output logic [127:0] Mixed_Col); - - // Declare Internal logic - logic [31:0] w0, w1, w2, w3; - logic [31:0] ws0, ws1, ws2, ws3; - - // Break up input Data into word components - assign w0 = Data[127:96]; - assign w1 = Data[95:64]; - assign w2 = Data[63:32]; - assign w3 = Data[31:0]; - - // Declare mixword components - inv_mixword mw_0(.word(w0), .mixed_word(ws0)); - inv_mixword mw_1(.word(w1), .mixed_word(ws1)); - inv_mixword mw_2(.word(w2), .mixed_word(ws2)); - inv_mixword mw_3(.word(w3), .mixed_word(ws3)); - - // Assign output to mixed word - assign Mixed_Col = {ws0, ws1, ws2, ws3}; - -endmodule // inv_mixcols - - diff --git a/src/ieu/aes_common/aes_inv_mixcolumns.sv b/src/ieu/aes_common/aes_inv_mixcolumns.sv index e9e910f9c..7588454aa 100644 --- a/src/ieu/aes_common/aes_inv_mixcolumns.sv +++ b/src/ieu/aes_common/aes_inv_mixcolumns.sv @@ -1,5 +1,5 @@ /////////////////////////////////////////// -// aes_Inv_mixcolumns.sv +// aes_inv_mixcolumns.sv // // Written: ryan.swann@okstate.edu, james.stine@okstate.edu // Created: 20 February 2024 @@ -25,7 +25,7 @@ // and limitations under the License. //////////////////////////////////////////////////////////////////////////////////////////////// -module inv_mixword (input logic [31:0] word, output logic [31:0] mixed_word); +module aes_Inv_Mixcolumns (input logic [31:0] word, output logic [31:0] mixed_word); // Instantiate Internal Logic logic [7:0] b0, b1, b2, b3; diff --git a/src/ieu/aes_common/aes_inv_sbox.sv b/src/ieu/aes_common/aes_inv_sbox.sv index 3608dac92..fd24a39c5 100644 --- a/src/ieu/aes_common/aes_inv_sbox.sv +++ b/src/ieu/aes_common/aes_inv_sbox.sv @@ -1,5 +1,5 @@ /////////////////////////////////////////// -// aes_Inv_sbox.sv +// aes_inv_sbox.sv // // Written: ryan.swann@okstate.edu, james.stine@okstate.edu // Created: 20 February 2024 @@ -25,7 +25,7 @@ // and limitations under the License. //////////////////////////////////////////////////////////////////////////////////////////////// -module aes_Inv_sbox(input logic [7:0] in, +module aes_Inv_Sbox(input logic [7:0] in, output logic [7:0] out); always_comb diff --git a/src/ieu/aes_common/aes_inv_sbox_128.sv b/src/ieu/aes_common/aes_inv_sbox_128.sv deleted file mode 100644 index 577f37ef7..000000000 --- a/src/ieu/aes_common/aes_inv_sbox_128.sv +++ /dev/null @@ -1,40 +0,0 @@ -/////////////////////////////////////////// -// aes_Inv_sbox_128.sv -// -// Written: ryan.swann@okstate.edu, james.stine@okstate.edu -// Created: 20 February 2024 -// -// Purpose: 128-bit Inverse Substitution box comprised of 4x32-bit inverse s-boxes -// -// A component of the CORE-V-WALLY configurable RISC-V project. -// https://github.com/openhwgroup/cvw -// -// Copyright (C) 2021-24 Harvey Mudd College & Oklahoma State University -// -// SPDX-License-Identifier: Apache-2.0 WITH SHL-2.1 -// -// Licensed under the Solderpad Hardware License v 2.1 (the “License”); you may not use this file -// except in compliance with the License, or, at your option, the Apache License version 2.0. You -// may obtain a copy of the License at -// -// https://solderpad.org/licenses/SHL-2.1/ -// -// Unless required by applicable law or agreed to in writing, any work distributed under the -// License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -// either express or implied. See the License for the specific language governing permissions -// and limitations under the License. -//////////////////////////////////////////////////////////////////////////////////////////////// - -module aes_Inv_sbox_128(input logic [127:0] in, - output logic [127:0] out); - - // Declare the SBOX for (least significant) word 0 of the input - aes_Inv_sbox_word sbox_w0(.in(in[31:0]), .out(out[31:0])); - // Declare the SBOX for word 1 of the input - aes_Inv_sbox_word sbox_w1(.in(in[63:32]), .out(out[63:32])); - // Declare the SBOX for word 2 of the input - aes_Inv_sbox_word sbox_w2(.in(in[95:64]), .out(out[95:64])); - // Declare the SBOX for word 3 of the input - aes_Inv_sbox_word sbox_w3(.in(in[127:96]), .out(out[127:96])); - -endmodule diff --git a/src/ieu/aes_common/aes_inv_sbox_word.sv b/src/ieu/aes_common/aes_inv_sbox_word.sv index 42a91c7b6..a96771a07 100644 --- a/src/ieu/aes_common/aes_inv_sbox_word.sv +++ b/src/ieu/aes_common/aes_inv_sbox_word.sv @@ -1,5 +1,5 @@ /////////////////////////////////////////// -// aes_Inv_sbox_word.sv +// aes_inv_sbox_word.sv // // Written: ryan.swann@okstate.edu, james.stine@okstate.edu // Created: 20 February 2024 @@ -25,16 +25,16 @@ // and limitations under the License. //////////////////////////////////////////////////////////////////////////////////////////////// -module aes_Inv_sbox_word(input logic [31:0] in, +module aes_Inv_Sbox_Word(input logic [31:0] in, output logic [31:0] out); // Declare the SBOX for (least significant) byte 0 of the input - aes_Inv_sbox sbox_b0(.in(in[7:0]), .out(out[7:0])); + aes_Inv_Sbox sbox_b0(.in(in[7:0]), .out(out[7:0])); // Declare the SBOX for byte 1 of the input - aes_Inv_sbox sbox_b1(.in(in[15:8]), .out(out[15:8])); + aes_Inv_Sbox sbox_b1(.in(in[15:8]), .out(out[15:8])); // Declare the SBOX for byte 2 of the input - aes_Inv_sbox sbox_b2(.in(in[23:16]), .out(out[23:16])); + aes_Inv_Sbox sbox_b2(.in(in[23:16]), .out(out[23:16])); // Declare the SBOX for byte 3 of the input - aes_Inv_sbox sbox_b3(.in(in[31:24]), .out(out[31:24])); + aes_Inv_Sbox sbox_b3(.in(in[31:24]), .out(out[31:24])); endmodule diff --git a/src/ieu/aes_common/aes_inv_shiftrow.sv b/src/ieu/aes_common/aes_inv_shiftrow.sv index be7f106b6..1ca9390d1 100644 --- a/src/ieu/aes_common/aes_inv_shiftrow.sv +++ b/src/ieu/aes_common/aes_inv_shiftrow.sv @@ -1,5 +1,5 @@ /////////////////////////////////////////// -// aes_Inv_shiftrow.sv +// aes_inv_shiftrow.sv // // Written: ryan.swann@okstate.edu, james.stine@okstate.edu // Created: 20 February 2024 @@ -25,42 +25,13 @@ // and limitations under the License. //////////////////////////////////////////////////////////////////////////////////////////////// -module aes_Inv_shiftrow(input logic [127:0] DataIn, - output logic [127:0] DataOut); - - logic [7:0] w0_b0, w0_b1, w0_b2, w0_b3; - logic [7:0] w1_b0, w1_b1, w1_b2, w1_b3; - logic [7:0] w2_b0, w2_b1, w2_b2, w2_b3; - logic [7:0] w3_b0, w3_b1, w3_b2, w3_b3; - logic [31:0] out_w0, out_w1, out_w2, out_w3; +module aes_Inv_Shiftrow ( + input logic [127:0] DataIn, + output logic [127:0] DataOut); - // Separate the first (Least Significant) word into bytes - assign w0_b0 = DataIn[7:0]; - assign w0_b1 = DataIn[15:8]; - assign w0_b2 = DataIn[23:16]; - assign w0_b3 = DataIn[31:24]; - // Separate the second word into bytes - assign w1_b0 = DataIn[39:32]; - assign w1_b1 = DataIn[47:40]; - assign w1_b2 = DataIn[55:48]; - assign w1_b3 = DataIn[63:56]; - // Separate the third word into bytes - assign w2_b0 = DataIn[71:64]; - assign w2_b1 = DataIn[79:72]; - assign w2_b2 = DataIn[87:80]; - assign w2_b3 = DataIn[95:88]; - // Separate the fourth (Most significant) word into bytes - assign w3_b0 = DataIn[103:96]; - assign w3_b1 = DataIn[111:104]; - assign w3_b2 = DataIn[119:112]; - assign w3_b3 = DataIn[127:120]; - // The output words are composed of sets of the input bytes. - assign out_w0 = {w0_b3, w1_b2, w2_b1, w3_b0}; - assign out_w1 = {w3_b3, w0_b2, w1_b1, w2_b0}; - assign out_w2 = {w2_b3, w3_b2, w0_b1, w1_b0}; - assign out_w3 = {w1_b3, w2_b2, w3_b1, w0_b0}; - - assign DataOut = {out_w0, out_w1, out_w2, out_w3}; - + assign DataOut = {DataIn[31:24], DataIn[55:48], DataIn[79:72], DataIn[103:96], + DataIn[127:120], DataIn[23:16], DataIn[47:40], DataIn[71:64], + DataIn[95:88], DataIn[119:112], DataIn[15:8], DataIn[39:32], + DataIn[63:56], DataIn[87:80], DataIn[111:104], DataIn[7:0]}; endmodule diff --git a/src/ieu/aes_common/aes_mixcolumns.sv b/src/ieu/aes_common/aes_mixcolumns.sv index 07ba6cd1b..f1206a7a9 100644 --- a/src/ieu/aes_common/aes_mixcolumns.sv +++ b/src/ieu/aes_common/aes_mixcolumns.sv @@ -1,10 +1,10 @@ /////////////////////////////////////////// // aes_mixcolumns.sv // -// Written: ryan.swann@okstate.edu, james.stine@okstate.edu +// Written: ryan.swann@okstate.edu, james.stine@okstate.edu, David_Harris@hmc.edu // Created: 20 February 2024 // -// Purpose: AES "Mix Columns" Operation +// Purpose: Galois field operation to an individual 32-bit word // // A component of the CORE-V-WALLY configurable RISC-V project. // https://github.com/openhwgroup/cvw @@ -25,42 +25,27 @@ // and limitations under the License. //////////////////////////////////////////////////////////////////////////////////////////////// -/* - * Purpose : The "mix columns" operation is essentially composed of a - * nice little Galois field multiplication (of 1, 2 or 3) in the field - * x^8 + x^4 + x^3 + x + 1. - * The actual matrix you multiply by is - * [2 3 1 1][a_0,j] - * [1 2 3 1][a_1,j] - * [1 1 2 3][a_2,j] - * [3 1 1 2][a_3,j] - * - * Reference: secworks repo - */ -module aes_mixcolumns(Data, mixedcols); +module aes_Mixcolumns ( + input logic [31:0] in, + output logic [31:0] out); - // Declare Inputs/Outputs - input logic [127:0] Data; - output logic [127:0] mixedcols; + logic [7:0] in0, in1, in2, in3, out0, out1, out2, out3, t0, t1, t2, t3, temp; + logic [15:0] rrot8_1, rrot8_2; + + assign {in0, in1, in2, in3} = in; + assign temp = in0 ^ in1 ^ in2 ^ in3; + + galoismult_forward gm0 (in0^in1, t0); + galoismult_forward gm1 (in1^in2, t1); + galoismult_forward gm2 (in2^in3, t2); + galoismult_forward gm3 (in3^in0, t3); + + assign out0 = in0 ^ temp ^ t3; + assign out1 = in1 ^ temp ^ t0; + assign out2 = in2 ^ temp ^ t1; + assign out3 = in3 ^ temp ^ t2; - // Declare internal Logic - logic [31:0] w0, w1, w2, w3; - logic [31:0] ws0, ws1, ws2, ws3; - - // Break up Data into individual words - assign w0 = Data[127:96]; - assign w1 = Data[95:64]; - assign w2 = Data[63:32]; - assign w3 = Data[31:0]; - - // Instantiate The mix words components for the words - mixword mw0(.word(w0), .mixed_word(ws0)); - mixword mw1(.word(w1), .mixed_word(ws1)); - mixword mw2(.word(w2), .mixed_word(ws2)); - mixword mw3(.word(w3), .mixed_word(ws3)); - - // Assign Output - assign mixedcols = {ws0, ws1, ws2, ws3}; - -endmodule // mixcolumns + assign out = {out0, out1, out2, out3}; + +endmodule diff --git a/src/ieu/aes_common/aes_sbox.sv b/src/ieu/aes_common/aes_sbox.sv index 2b4491986..12e32dfd6 100644 --- a/src/ieu/aes_common/aes_sbox.sv +++ b/src/ieu/aes_common/aes_sbox.sv @@ -1,5 +1,5 @@ /////////////////////////////////////////// -// aes_mixcolumns.sv +// aes_sbox.sv // // Written: ryan.swann@okstate.edu, james.stine@okstate.edu // Created: 20 February 2024 @@ -25,7 +25,7 @@ // and limitations under the License. //////////////////////////////////////////////////////////////////////////////////////////////// -module aes_sbox(input logic [7:0] in, +module aes_Sbox(input logic [7:0] in, output logic [7:0] out); // case statement to lookup the value in the rijndael table diff --git a/src/ieu/aes_common/aes_sbox_word.sv b/src/ieu/aes_common/aes_sbox_word.sv index 17312585b..2111e4eb1 100644 --- a/src/ieu/aes_common/aes_sbox_word.sv +++ b/src/ieu/aes_common/aes_sbox_word.sv @@ -25,16 +25,16 @@ // and limitations under the License. //////////////////////////////////////////////////////////////////////////////////////////////// -module aes_sbox_word(input logic [31:0] in, +module aes_Sbox_Word(input logic [31:0] in, output logic [31:0] out); // Declare the SBOX for (least significant) byte 0 of the input - aes_sbox sbox_b0(.in(in[7:0]), .out(out[7:0])); + aes_Sbox sbox_b0(.in(in[7:0]), .out(out[7:0])); // Declare the SBOX for byte 1 of the input - aes_sbox sbox_b1(.in(in[15:8]), .out(out[15:8])); + aes_Sbox sbox_b1(.in(in[15:8]), .out(out[15:8])); // Declare the SBOX for byte 2 of the input - aes_sbox sbox_b2(.in(in[23:16]), .out(out[23:16])); + aes_Sbox sbox_b2(.in(in[23:16]), .out(out[23:16])); // Declare the SBOX for byte 3 of the input - aes_sbox sbox_b3(.in(in[31:24]), .out(out[31:24])); + aes_Sbox sbox_b3(.in(in[31:24]), .out(out[31:24])); endmodule diff --git a/src/ieu/aes_common/aes_shiftrow.sv b/src/ieu/aes_common/aes_shiftrow.sv index 0344d7e21..0de15f2ac 100644 --- a/src/ieu/aes_common/aes_shiftrow.sv +++ b/src/ieu/aes_common/aes_shiftrow.sv @@ -25,44 +25,13 @@ // and limitations under the License. //////////////////////////////////////////////////////////////////////////////////////////////// -module aes_shiftrow(input logic [127:0] DataIn, - output logic [127:0] DataOut); +module aes_Shiftrow ( + input logic [127:0] DataIn, + output logic [127:0] DataOut); - // (This form of writing it may seem like more effort but I feel - // like it is more self-explanatory this way without losing efficiency) - - logic [7:0] w0_b0, w0_b1, w0_b2, w0_b3; - logic [7:0] w1_b0, w1_b1, w1_b2, w1_b3; - logic [7:0] w2_b0, w2_b1, w2_b2, w2_b3; - logic [7:0] w3_b0, w3_b1, w3_b2, w3_b3; - logic [31:0] out_w0, out_w1, out_w2, out_w3; - - // Seperate the first (Least Significant) word into bytes - assign w0_b0 = DataIn[7:0]; - assign w0_b1 = DataIn[79:72]; - assign w0_b2 = DataIn[23:16]; - assign w0_b3 = DataIn[95:88]; - // Seperate the second word into bytes - assign w1_b0 = DataIn[39:32]; - assign w1_b1 = DataIn[111:104]; - assign w1_b2 = DataIn[55:48]; - assign w1_b3 = DataIn[127:120]; - // Seperate the third word into bytes - assign w2_b0 = DataIn[71:64]; - assign w2_b1 = DataIn[15:8]; - assign w2_b2 = DataIn[87:80]; - assign w2_b3 = DataIn[31:24]; - // Seperate the fourth (Most significant) word into bytes - assign w3_b0 = DataIn[103:96]; - assign w3_b1 = DataIn[47:40]; - assign w3_b2 = DataIn[119:112]; - assign w3_b3 = DataIn[63:56]; - // The output words are composed of sets of the input bytes. - assign out_w0 = {w0_b3, w1_b2, w2_b1, w3_b0}; - assign out_w1 = {w3_b3, w0_b2, w1_b1, w2_b0}; - assign out_w2 = {w2_b3, w3_b2, w0_b1, w1_b0}; - assign out_w3 = {w1_b3, w2_b2, w3_b1, w0_b0}; - - assign DataOut = {out_w0, out_w1, out_w2, out_w3}; + assign DataOut = {DataIn[95:88], DataIn[55:48], DataIn[15:8], DataIn[103:96], + DataIn[63:56], DataIn[23:16], DataIn[111:104], DataIn[71:64], + DataIn[31:24], DataIn[119:112], DataIn[79:72], DataIn[39:32], + DataIn[127:120], DataIn[87:80], DataIn[47:40], DataIn[7:0]}; endmodule diff --git a/src/ieu/aes_common/aes_shiftword.sv b/src/ieu/aes_common/aes_shiftword.sv deleted file mode 100644 index c76e69d1f..000000000 --- a/src/ieu/aes_common/aes_shiftword.sv +++ /dev/null @@ -1,59 +0,0 @@ -/////////////////////////////////////////// -// aes_shiftword.sv -// -// Written: ryan.swann@okstate.edu, james.stine@okstate.edu -// Created: 20 February 2024 -// -// Purpose: AES Shiftrow shifting values -// -// A component of the CORE-V-WALLY configurable RISC-V project. -// https://github.com/openhwgroup/cvw -// -// Copyright (C) 2021-24 Harvey Mudd College & Oklahoma State University -// -// SPDX-License-Identifier: Apache-2.0 WITH SHL-2.1 -// -// Licensed under the Solderpad Hardware License v 2.1 (the “License”); you may not use this file -// except in compliance with the License, or, at your option, the Apache License version 2.0. You -// may obtain a copy of the License at -// -// https://solderpad.org/licenses/SHL-2.1/ -// -// Unless required by applicable law or agreed to in writing, any work distributed under the -// License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -// either express or implied. See the License for the specific language governing permissions -// and limitations under the License. -//////////////////////////////////////////////////////////////////////////////////////////////// - -/* - Purpose : This next module provides an alternative way to shift the values. - in which it takes the shift number (essentially row number) as - an input and shifts cyclically to the left by that number of bits. - the complexity here is removed from the module and is more complex in - input selection. - */ - -module aes_shiftword(input logic[1:0] shiftAmt, input logic [31:0] DataIn, - output logic [31:0] DataOut); - - - logic [7:0] b0 = DataIn[7:0]; - logic [7:0] b1 = DataIn[15:8]; - logic [7:0] b2 = DataIn[23:16]; - logic [7:0] b3 = DataIn[31:24]; - - always_comb - begin - case(shiftAmt) - // 00 : Barrel Shift no bytes - 2'b00 : DataOut = {b3, b2, b1, b0}; - // 01 : Barrel Shift one byte - 2'b01 : DataOut = {b0, b3, b2, b1}; - // 10 : Barrel Shift two bytes - 2'b10 : DataOut = {b1, b0, b3, b2}; - // 11 : Barrel Shift three bytes - default : DataOut = {b2, b1, b0, b3}; - endcase - end - -endmodule diff --git a/src/ieu/aes_common/gm2.sv b/src/ieu/aes_common/galoismult_forward.sv similarity index 79% rename from src/ieu/aes_common/gm2.sv rename to src/ieu/aes_common/galoismult_forward.sv index a9e675be5..3594aaedd 100644 --- a/src/ieu/aes_common/gm2.sv +++ b/src/ieu/aes_common/galoismult_forward.sv @@ -1,7 +1,7 @@ /////////////////////////////////////////// -// gm2.sv +// galoismult_forward.sv // -// Written: ryan.swann@okstate.edu, james.stine@okstate.edu +// Written: ryan.swann@okstate.edu, james.stine@okstate.edu, David_Harris@hmc.edu // Created: 20 February 2024 // // Purpose: Galois field operations for mix columns operation @@ -25,6 +25,17 @@ // and limitations under the License. //////////////////////////////////////////////////////////////////////////////////////////////// +module galoismult_forward ( + input logic [7:0] in, + output logic [7:0] out); + + logic [7:0] leftshift; + + assign leftshift = {in[6:0], 1'b0}; + assign out = in[7] ? (leftshift ^ 8'b00011011) : leftshift; + +endmodule + module gm2 (gm2_In, gm2_Out); input logic [7:0] gm2_In; @@ -33,4 +44,4 @@ module gm2 (gm2_In, gm2_Out); // Set output to Galois Mult 2 assign gm2_Out = {gm2_In[6:0], 1'b0} ^ (8'h1b & {8{gm2_In[7]}}); -endmodule +endmodule \ No newline at end of file diff --git a/src/ieu/aes_common/mixword.sv b/src/ieu/aes_common/mixword.sv deleted file mode 100644 index fdad29577..000000000 --- a/src/ieu/aes_common/mixword.sv +++ /dev/null @@ -1,72 +0,0 @@ -/////////////////////////////////////////// -// mixword.sv -// -// Written: ryan.swann@okstate.edu, james.stine@okstate.edu -// Created: 20 February 2024 -// -// Purpose: Galois field operation to an individual 32-bit word -// -// A component of the CORE-V-WALLY configurable RISC-V project. -// https://github.com/openhwgroup/cvw -// -// Copyright (C) 2021-24 Harvey Mudd College & Oklahoma State University -// -// SPDX-License-Identifier: Apache-2.0 WITH SHL-2.1 -// -// Licensed under the Solderpad Hardware License v 2.1 (the “License”); you may not use this file -// except in compliance with the License, or, at your option, the Apache License version 2.0. You -// may obtain a copy of the License at -// -// https://solderpad.org/licenses/SHL-2.1/ -// -// Unless required by applicable law or agreed to in writing, any work distributed under the -// License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -// either express or implied. See the License for the specific language governing permissions -// and limitations under the License. -//////////////////////////////////////////////////////////////////////////////////////////////// - -module mixword (word, mixed_word); - - // Declare Inputs/Outputs - input logic [31:0] word; - output logic [31:0] mixed_word; - - // Declare Internal Signals - logic [7:0] b0, b1, b2, b3; - logic [7:0] mb0, mb1, mb2, mb3; - logic [7:0] gm2_0_Out; - logic [7:0] gm3_0_Out; - logic [7:0] gm2_1_Out; - logic [7:0] gm3_1_Out; - logic [7:0] gm2_2_Out; - logic [7:0] gm3_2_Out; - logic [7:0] gm2_3_Out; - logic [7:0] gm3_3_Out; - - // Break word into bytes - assign b0 = word[31:24]; - assign b1 = word[23:16]; - assign b2 = word[15:8]; - assign b3 = word[7:0]; - - // mb0 Galois components - gm2 gm2_0(.gm2_In(b0), .gm2_Out(gm2_0_Out)); - gm3 gm3_0(.gm3_In(b3), .gm3_Out(gm3_0_Out)); - // mb1 Galois components - gm2 gm2_1(.gm2_In(b1), .gm2_Out(gm2_1_Out)); - gm3 gm3_1(.gm3_In(b0), .gm3_Out(gm3_1_Out)); - // mb2 Galois components - gm2 gm2_2(.gm2_In(b2), .gm2_Out(gm2_2_Out)); - gm3 gm3_2(.gm3_In(b1), .gm3_Out(gm3_2_Out)); - // mb3 Galois components - gm2 gm2_3(.gm2_In(b3), .gm2_Out(gm2_3_Out)); - gm3 gm3_3(.gm3_In(b2), .gm3_Out(gm3_3_Out)); - - // Combine Componenets into mixed word - assign mb0 = gm2_0_Out ^ gm3_0_Out ^ b1 ^ b2; - assign mb1 = gm2_1_Out ^ gm3_1_Out ^ b2 ^ b3; - assign mb2 = gm2_2_Out ^ gm3_2_Out ^ b0 ^ b3; - assign mb3 = gm2_3_Out ^ gm3_3_Out ^ b0 ^ b1; - assign mixed_word = {mb0, mb1, mb2, mb3}; - -endmodule diff --git a/src/ieu/aes_common/rotateleft.sv b/src/ieu/aes_common/rotateleft.sv deleted file mode 100644 index 74862b47d..000000000 --- a/src/ieu/aes_common/rotateleft.sv +++ /dev/null @@ -1,34 +0,0 @@ -/////////////////////////////////////////// -// rotateleft.sv -// -// Written: ryan.swann@okstate.edu, james.stine@okstate.edu -// Created: 20 February 2024 -// -// Purpose: 32-bit left rotate for AES -// -// A component of the CORE-V-WALLY configurable RISC-V project. -// https://github.com/openhwgroup/cvw -// -// Copyright (C) 2021-24 Harvey Mudd College & Oklahoma State University -// -// SPDX-License-Identifier: Apache-2.0 WITH SHL-2.1 -// -// Licensed under the Solderpad Hardware License v 2.1 (the “License”); you may not use this file -// except in compliance with the License, or, at your option, the Apache License version 2.0. You -// may obtain a copy of the License at -// -// https://solderpad.org/licenses/SHL-2.1/ -// -// Unless required by applicable law or agreed to in writing, any work distributed under the -// License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -// either express or implied. See the License for the specific language governing permissions -// and limitations under the License. -//////////////////////////////////////////////////////////////////////////////////////////////// - -module rotate_left(input logic [31:0] Input_Data, - input logic [4:0] shamt, - output logic [31:0] Rot_Data); - - assign Rot_Data = (Input_Data << shamt) | (Input_Data >> (32 - shamt)); - -endmodule diff --git a/src/ieu/aes_instructions/aes32dsi.sv b/src/ieu/aes_instructions/aes32dsi.sv index 58fc88c51..ab52d1d96 100644 --- a/src/ieu/aes_instructions/aes32dsi.sv +++ b/src/ieu/aes_instructions/aes32dsi.sv @@ -46,13 +46,12 @@ module aes32dsi(input logic [1:0] bs, assign Sbox_In = Sbox_In_32[7:0]; // Apply inverse sbox to si - aes_Inv_sbox inv_sbox(.in(Sbox_In), .out(Sbox_Out)); + aes_Inv_Sbox inv_sbox(.in(Sbox_In), .out(Sbox_Out)); // Pad output of inverse substitution box assign so = {24'h0, Sbox_Out}; // Rotate the substitution box output left by shamt (bs * 8) - // rotate_left rol32(.input_data(so), .shamt(shamt), .rot_data(so_rotate)); assign so_rotate = (so << shamt) | (so >> (32 - shamt)); // Set result to "X(rs1)[31..0] ^ rol32(so, unsigned(shamt));" diff --git a/src/ieu/aes_instructions/aes32dsmi.sv b/src/ieu/aes_instructions/aes32dsmi.sv index df2bad83e..6374cab8c 100644 --- a/src/ieu/aes_instructions/aes32dsmi.sv +++ b/src/ieu/aes_instructions/aes32dsmi.sv @@ -47,16 +47,15 @@ module aes32dsmi(input logic [1:0] bs, assign Sbox_In = Sbox_In_32[7:0]; // Apply inverse sbox to si - aes_Inv_sbox inv_sbox(.in(Sbox_In), .out(Sbox_Out)); + aes_Inv_Sbox inv_sbox(.in(Sbox_In), .out(Sbox_Out)); // Pad output of inverse substitution box assign so = {24'h0, Sbox_Out}; // Run so through the mixword AES function - inv_mixword mix(.word(so), .mixed_word(mixed)); + aes_Inv_Mixcolumns mix(.word(so), .mixed_word(mixed)); // Rotate the substitution box output left by shamt (bs * 8) - // rotate_left rol32(.input_data(mixed), .shamt(shamt), .rot_data(mixed_rotate)); assign mixed_rotate = (mixed << shamt) | (mixed >> (32 - shamt)); // Set result to "X(rs1)[31..0] ^ rol32(so, unsigned(shamt));" diff --git a/src/ieu/aes_instructions/aes32esi.sv b/src/ieu/aes_instructions/aes32esi.sv index ed47e1d9d..c1adb4e93 100644 --- a/src/ieu/aes_instructions/aes32esi.sv +++ b/src/ieu/aes_instructions/aes32esi.sv @@ -48,13 +48,12 @@ module aes32esi(input logic [1:0] bs, assign Sbox_In = Sbox_In_32[7:0]; // Substitute - aes_sbox subbox(.in(Sbox_In), .out(Sbox_Out)); + aes_Sbox subbox(.in(Sbox_In), .out(Sbox_Out)); // Pad sbox output assign so = {24'h0, Sbox_Out}; // Rotate so left by shamt - // rotate_left rol32(.input_data(so), .shamt(shamt), .rot_data(so_rotate)); assign so_rotate = (so << shamt) | (so >> (32 - shamt)); // Set result X(rs1)[31..0] ^ rol32(so, unsigned(shamt)); diff --git a/src/ieu/aes_instructions/aes32esmi.sv b/src/ieu/aes_instructions/aes32esmi.sv index 52d45c4de..53550c921 100644 --- a/src/ieu/aes_instructions/aes32esmi.sv +++ b/src/ieu/aes_instructions/aes32esmi.sv @@ -49,16 +49,15 @@ module aes32esmi(input logic [1:0] bs, assign Sbox_In = Sbox_In_32[7:0]; // Substitute - aes_sbox sbox(.in(Sbox_In), .out(Sbox_Out)); + aes_Sbox sbox(.in(Sbox_In), .out(Sbox_Out)); // Pad sbox output assign so = {24'h0, Sbox_Out}; // Mix Word using aes_mixword component - mixword mwd(.word(so), .mixed_word(mixed)); + aes_Mixcolumns mwd(.in(so), .out(mixed)); // Rotate so left by shamt - // rotate_left rol32(.input_data(mixed), .shamt(shamt), .rot_data(mixed_rotate)); assign mixed_rotate = (mixed << shamt) | (mixed >> (32 - shamt)); // Set result X(rs1)[31..0] ^ rol32(mixed, unsigned(shamt)); diff --git a/src/ieu/aes_instructions/aes64ds.sv b/src/ieu/aes_instructions/aes64ds.sv index d1892675c..44f6717b8 100644 --- a/src/ieu/aes_instructions/aes64ds.sv +++ b/src/ieu/aes_instructions/aes64ds.sv @@ -35,11 +35,11 @@ module aes64ds(input logic [63:0] rs1, logic [31:0] Sbox_Out_1; // Apply inverse shiftrows to rs2 and rs1 - aes_Inv_shiftrow srow(.DataIn({rs2,rs1}), .DataOut(ShiftRow_Out)); + aes_Inv_Shiftrow srow(.DataIn({rs2,rs1}), .DataOut(ShiftRow_Out)); // Apply full word inverse substitution to lower 2 words of shiftrow out - aes_Inv_sbox_word inv_sbox_0(.in(ShiftRow_Out[31:0]), .out(Sbox_Out_0)); - aes_Inv_sbox_word inv_sbox_1(.in(ShiftRow_Out[63:32]), .out(Sbox_Out_1)); + aes_Inv_Sbox_Word inv_sbox_0(.in(ShiftRow_Out[31:0]), .out(Sbox_Out_0)); + aes_Inv_Sbox_Word inv_sbox_1(.in(ShiftRow_Out[63:32]), .out(Sbox_Out_1)); // Concatenate the two substitution outputs to get result assign Data_Out = {Sbox_Out_1, Sbox_Out_0}; diff --git a/src/ieu/aes_instructions/aes64dsm.sv b/src/ieu/aes_instructions/aes64dsm.sv index 241d718e2..c9f538358 100644 --- a/src/ieu/aes_instructions/aes64dsm.sv +++ b/src/ieu/aes_instructions/aes64dsm.sv @@ -37,15 +37,15 @@ module aes64dsm(input logic [63:0] rs1, logic [31:0] Mixcol_Out_1; // Apply inverse shiftrows to rs2 and rs1 - aes_Inv_shiftrow srow(.DataIn({rs2, rs1}), .DataOut(ShiftRow_Out)); + aes_Inv_Shiftrow srow(.DataIn({rs2, rs1}), .DataOut(ShiftRow_Out)); // Apply full word inverse substitution to lower 2 words of shiftrow out - aes_Inv_sbox_word inv_sbox_0(.in(ShiftRow_Out[31:0]), .out(Sbox_Out_0)); - aes_Inv_sbox_word inv_sbox_1(.in(ShiftRow_Out[63:32]), .out(Sbox_Out_1)); + aes_Inv_Sbox_Word inv_sbox_0(.in(ShiftRow_Out[31:0]), .out(Sbox_Out_0)); + aes_Inv_Sbox_Word inv_sbox_1(.in(ShiftRow_Out[63:32]), .out(Sbox_Out_1)); // Apply inverse mixword to sbox outputs - inv_mixword inv_mw_0(.word(Sbox_Out_0), .mixed_word(Mixcol_Out_0)); - inv_mixword inv_mw_1(.word(Sbox_Out_1), .mixed_word(Mixcol_Out_1)); + aes_Inv_Mixcolumns inv_mw_0(.word(Sbox_Out_0), .mixed_word(Mixcol_Out_0)); + aes_Inv_Mixcolumns inv_mw_1(.word(Sbox_Out_1), .mixed_word(Mixcol_Out_1)); // Concatenate mixed words for output assign Data_Out = {Mixcol_Out_1, Mixcol_Out_0}; diff --git a/src/ieu/aes_instructions/aes64es.sv b/src/ieu/aes_instructions/aes64es.sv index 58e6dfdc0..363a1ab2c 100644 --- a/src/ieu/aes_instructions/aes64es.sv +++ b/src/ieu/aes_instructions/aes64es.sv @@ -33,9 +33,9 @@ module aes64es(input logic [63:0] rs1, logic [127:0] ShiftRow_Out; // AES shiftrow unit - aes_shiftrow srow(.DataIn({rs2,rs1}), .DataOut(ShiftRow_Out)); + aes_Shiftrow srow(.DataIn({rs2,rs1}), .DataOut(ShiftRow_Out)); // Apply substitution box to 2 lower words - aes_sbox_word sbox_0(.in(ShiftRow_Out[31:0]), .out(Data_Out[31:0])); - aes_sbox_word sbox_1(.in(ShiftRow_Out[63:32]), .out(Data_Out[63:32])); + aes_Sbox_Word sbox_0(.in(ShiftRow_Out[31:0]), .out(Data_Out[31:0])); + aes_Sbox_Word sbox_1(.in(ShiftRow_Out[63:32]), .out(Data_Out[63:32])); endmodule diff --git a/src/ieu/aes_instructions/aes64esm.sv b/src/ieu/aes_instructions/aes64esm.sv index 80c8f34d6..3b10df582 100644 --- a/src/ieu/aes_instructions/aes64esm.sv +++ b/src/ieu/aes_instructions/aes64esm.sv @@ -34,13 +34,13 @@ module aes64esm(input logic [63:0] rs1, logic [63:0] Sbox_Out; // AES shiftrow unit - aes_shiftrow srow(.DataIn({rs2,rs1}), .DataOut(ShiftRow_Out)); + aes_Shiftrow srow(.DataIn({rs2,rs1}), .DataOut(ShiftRow_Out)); // Apply substitution box to 2 lower words - aes_sbox_word sbox_0(.in(ShiftRow_Out[31:0]), .out(Sbox_Out[31:0])); - aes_sbox_word sbox_1(.in(ShiftRow_Out[63:32]), .out(Sbox_Out[63:32])); + aes_Sbox_Word sbox_0(.in(ShiftRow_Out[31:0]), .out(Sbox_Out[31:0])); + aes_Sbox_Word sbox_1(.in(ShiftRow_Out[63:32]), .out(Sbox_Out[63:32])); // Apply mix columns operations - mixword mw0(.word(Sbox_Out[31:0]), .mixed_word(Data_Out[31:0])); - mixword mw1(.word(Sbox_Out[63:32]), .mixed_word(Data_Out[63:32])); + aes_Mixcolumns mw0(.in(Sbox_Out[31:0]), .out(Data_Out[31:0])); + aes_Mixcolumns mw1(.in(Sbox_Out[63:32]), .out(Data_Out[63:32])); endmodule diff --git a/src/ieu/aes_instructions/aes64im.sv b/src/ieu/aes_instructions/aes64im.sv index 28aef331c..06c8c8ebf 100644 --- a/src/ieu/aes_instructions/aes64im.sv +++ b/src/ieu/aes_instructions/aes64im.sv @@ -28,6 +28,6 @@ module aes64im(input logic [63:0] rs1, output logic [63:0] Data_Out); - inv_mixword inv_mw_0(.word(rs1[31:0]), .mixed_word(Data_Out[31:0])); - inv_mixword inv_mw_1(.word(rs1[63:32]), .mixed_word(Data_Out[63:32])); + aes_Inv_Mixcolumns inv_mw_0(.word(rs1[31:0]), .mixed_word(Data_Out[31:0])); + aes_Inv_Mixcolumns inv_mw_1(.word(rs1[63:32]), .mixed_word(Data_Out[63:32])); endmodule diff --git a/src/ieu/aes_instructions/aes64ks1i.sv b/src/ieu/aes_instructions/aes64ks1i.sv index 5ef76516c..0e5a08df6 100644 --- a/src/ieu/aes_instructions/aes64ks1i.sv +++ b/src/ieu/aes_instructions/aes64ks1i.sv @@ -38,23 +38,25 @@ module aes64ks1i(input logic [3:0] roundnum, logic [31:0] Sbox_Out; // Get rcon value from table - rcon_lut_128 rc(.RD(roundnum), .rcon_out(rcon_preshift)); + rcon_Lut_128 rc(.RD(roundnum), .rcon_out(rcon_preshift)); + // Shift RCON value assign rcon = {24'b0, rcon_preshift}; + // Flag will be set if roundnum = 0xA = 0b1010 assign lastRoundFlag = roundnum[3] & ~roundnum[2] & roundnum[1] & ~roundnum[0]; + // Get rotated value fo ruse in tmp2 - rrot8 rr(.x(rs1[63:32]), .result(rs1_rotate)); + assign rs1_rotate = {rs1[39:32], rs1[63:40]}; + // Assign tmp2 to a mux based on lastRoundFlag assign tmp2 = lastRoundFlag ? rs1[63:32] : rs1_rotate; + // Substitute bytes of value obtained for tmp2 using Rijndael sbox - aes_sbox_word sbox(.in(tmp2),.out(Sbox_Out)); + aes_Sbox_Word sbox(.in(tmp2),.out(Sbox_Out)); assign rd[31:0] = Sbox_Out ^ rcon; assign rd[63:32] = Sbox_Out ^ rcon; - // There may be some errors with this instruction. - // Regression tests are passed successfully, but - // the algorithm seems wrong. Check later. endmodule diff --git a/src/ieu/aes_instructions/rcon_lut_128.sv b/src/ieu/aes_instructions/rcon_lut_128.sv index 89368408d..6103ea374 100644 --- a/src/ieu/aes_instructions/rcon_lut_128.sv +++ b/src/ieu/aes_instructions/rcon_lut_128.sv @@ -25,7 +25,7 @@ // and limitations under the License. //////////////////////////////////////////////////////////////////////////////////////////////// -module rcon_lut_128(input logic [3:0] RD, +module rcon_Lut_128(input logic [3:0] RD, output logic [7:0] rcon_out); always_comb diff --git a/src/ieu/aes_instructions/rrot8.sv b/src/ieu/aes_instructions/rrot8.sv deleted file mode 100644 index 8f36f4317..000000000 --- a/src/ieu/aes_instructions/rrot8.sv +++ /dev/null @@ -1,63 +0,0 @@ -/////////////////////////////////////////// -// rrot8.sv -// -// Written: ryan.swann@okstate.edu, james.stine@okstate.edu -// Created: 20 February 2024 -// -// Purpose: aes64ks1i instruction -// -// A component of the CORE-V-WALLY configurable RISC-V project. -// https://github.com/openhwgroup/cvw -// -// Copyright (C) 2021-24 Harvey Mudd College & Oklahoma State University -// -// SPDX-License-Identifier: Apache-2.0 WITH SHL-2.1 -// -// Licensed under the Solderpad Hardware License v 2.1 (the “License”); you may not use this file -// except in compliance with the License, or, at your option, the Apache License version 2.0. You -// may obtain a copy of the License at -// -// https://solderpad.org/licenses/SHL-2.1/ -// -// Unless required by applicable law or agreed to in writing, any work distributed under the -// License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -// either express or implied. See the License for the specific language governing permissions -// and limitations under the License. -//////////////////////////////////////////////////////////////////////////////////////////////// - -module rrot8(input logic[31:0] x, - output logic [31:0] result); - - assign result[0] = x[8]; - assign result[1] = x[9]; - assign result[2] = x[10]; - assign result[3] = x[11]; - assign result[4] = x[12]; - assign result[5] = x[13]; - assign result[6] = x[14]; - assign result[7] = x[15]; - assign result[8] = x[16]; - assign result[9] = x[17]; - assign result[10] = x[18]; - assign result[11] = x[19]; - assign result[12] = x[20]; - assign result[13] = x[21]; - assign result[14] = x[22]; - assign result[15] = x[23]; - assign result[16] = x[24]; - assign result[17] = x[25]; - assign result[18] = x[26]; - assign result[19] = x[27]; - assign result[20] = x[28]; - assign result[21] = x[29]; - assign result[22] = x[30]; - assign result[23] = x[31]; - assign result[24] = x[0]; - assign result[25] = x[1]; - assign result[26] = x[2]; - assign result[27] = x[3]; - assign result[28] = x[4]; - assign result[29] = x[5]; - assign result[30] = x[6]; - assign result[31] = x[7]; -endmodule