mirror of
https://github.com/openhwgroup/cvw
synced 2025-02-11 06:05:49 +00:00
Optimized out aes64im hardware; sharing with aes64d
This commit is contained in:
David Harris
parent
5257d3d8fd
commit
ef896797fd
@ -28,12 +28,12 @@
|
||||
module aes64d(
|
||||
input logic [63:0] rs1,
|
||||
input logic [63:0] rs2,
|
||||
input logic finalround,
|
||||
input logic finalround, aes64im,
|
||||
output logic [63:0] result
|
||||
);
|
||||
|
||||
logic [127:0] ShiftRowOut;
|
||||
logic [63:0] SboxOut, MixcolOut;
|
||||
logic [63:0] SboxOut, MixcolIn, MixcolOut;
|
||||
|
||||
// Apply inverse shiftrows to rs2 and rs1
|
||||
aesinvshiftrow srow({rs2, rs1}, ShiftRowOut);
|
||||
@ -42,9 +42,11 @@ module aes64d(
|
||||
aesinvsboxword invsbox0(ShiftRowOut[31:0], SboxOut[31:0]);
|
||||
aesinvsboxword invsbox1(ShiftRowOut[63:32], SboxOut[63:32]);
|
||||
|
||||
mux2 #(64) mixcolmux(SboxOut, rs1, aes64im, MixcolIn);
|
||||
|
||||
// Apply inverse mixword to sbox outputs
|
||||
aesinvmixcolumns invmw0(SboxOut[31:0], MixcolOut[31:0]);
|
||||
aesinvmixcolumns invmw1(SboxOut[63:32], MixcolOut[63:32]);
|
||||
aesinvmixcolumns invmw0(MixcolIn[31:0], MixcolOut[31:0]);
|
||||
aesinvmixcolumns invmw1(MixcolIn[63:32], MixcolOut[63:32]);
|
||||
|
||||
// Final round skips mixcolumns.
|
||||
mux2 #(64) resultmux(MixcolOut, SboxOut, finalround, result);
|
||||
|
||||
@ -28,7 +28,7 @@
|
||||
module aes64e(
|
||||
input logic [63:0] rs1,
|
||||
input logic [63:0] rs2,
|
||||
input logic finalround,
|
||||
input logic finalround,
|
||||
output logic [63:0] result
|
||||
);
|
||||
|
||||
@ -41,9 +41,9 @@ module aes64e(
|
||||
// Apply substitution box to 2 lower words
|
||||
aessboxword sbox0(ShiftRowOut[31:0], SboxOut[31:0]);
|
||||
aessboxword sbox1(ShiftRowOut[63:32], SboxOut[63:32]);
|
||||
|
||||
|
||||
// Apply mix columns operations
|
||||
aesmixcolumns mw0(SboxOut[31:0], MixcolOut[31:0]);
|
||||
aesmixcolumns mw0(SboxOut[31:0], MixcolOut[31:0]);
|
||||
aesmixcolumns mw1(SboxOut[63:32], MixcolOut[63:32]);
|
||||
|
||||
// Skip mixcolumns on last round
|
||||
|
||||
@ -27,9 +27,9 @@
|
||||
|
||||
module aes64im(
|
||||
input logic [63:0] rs1,
|
||||
output logic [63:0] DataOut
|
||||
output logic [63:0] result
|
||||
);
|
||||
|
||||
aesinvmixcolumns inv_mw_0(rs1[31:0], DataOut[31:0]);
|
||||
aesinvmixcolumns inv_mw_1(rs1[63:32], DataOut[63:32]);
|
||||
aesinvmixcolumns inv_mw_0(rs1[31:0], result[31:0]);
|
||||
aesinvmixcolumns inv_mw_1(rs1[63:32], result[63:32]);
|
||||
endmodule
|
||||
|
||||
@ -26,7 +26,7 @@
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
module aes64ks1i(
|
||||
input logic [3:0] roundnum,
|
||||
input logic [3:0] round,
|
||||
input logic [63:0] rs1,
|
||||
output logic [63:0] result
|
||||
);
|
||||
@ -35,11 +35,10 @@ module aes64ks1i(
|
||||
logic [7:0] rcon8;
|
||||
logic [31:0] rcon, rs1Rotate, tmp2, SboxOut;
|
||||
|
||||
|
||||
rconlut128 rc(roundnum, rcon8); // Get rcon value from lookup table
|
||||
rconlut128 rc(round, rcon8); // Get rcon value from lookup table
|
||||
assign rcon = {24'b0, rcon8}; // Zero-pad RCON
|
||||
assign rs1Rotate = {rs1[39:32], rs1[63:40]}; // Get rotated value fo ruse in tmp2
|
||||
assign finalround = (roundnum == 4'b1010); // round 10 is the last one
|
||||
assign finalround = (round == 4'b1010); // round 10 is the last one
|
||||
assign tmp2 = finalround ? rs1[63:32] : rs1Rotate; // Don't rotate on the last round
|
||||
aessboxword sbox(tmp2, SboxOut); // Substitute bytes of value obtained for tmp2 using Rijndael sbox
|
||||
assign result[31:0] = SboxOut ^ rcon;
|
||||
|
||||
@ -115,13 +115,13 @@ module bitmanipalu import cvw::*; #(parameter cvw_t P) (
|
||||
// ZKND Unit
|
||||
if (P.ZKND_SUPPORTED) begin: zknd
|
||||
if (P.XLEN == 32) aes32d aes32d(.bs(Funct7[6:5]), .rs1(ABMU), .rs2(BBMU), .finalround(ZBBSelect[2]), .result(ZKNDResult));
|
||||
else zknd64 #(P.XLEN) ZKND64(.A(ABMU), .B(BBMU), .Funct7, .RNUM(Rs2E[3:0]), .ZKNDSelect(ZBBSelect[2:0]), .ZKNDResult);
|
||||
else zknd64 #(P.XLEN) ZKND64(.A(ABMU), .B(BBMU), .Funct7, .round(Rs2E[3:0]), .ZKNDSelect(ZBBSelect[3:0]), .ZKNDResult);
|
||||
end else assign ZKNDResult = 0;
|
||||
|
||||
// ZKNE Unit
|
||||
if (P.ZKNE_SUPPORTED) begin: zkne
|
||||
if (P.XLEN == 32) aes32e aes32e(.bs(Funct7[6:5]), .rs1(ABMU), .rs2(BBMU), .finalround(ZBBSelect[2]), .result(ZKNEResult));
|
||||
else zkne64 #(P.XLEN) ZKNE64(.A(ABMU), .B(BBMU), .Funct7, .RNUM(Rs2E[3:0]), .ZKNESelect(ZBBSelect[2:0]), .ZKNEResult);
|
||||
else zkne64 #(P.XLEN) ZKNE64(.A(ABMU), .B(BBMU), .Funct7, .round(Rs2E[3:0]), .ZKNESelect(ZBBSelect[2:0]), .ZKNEResult);
|
||||
end else assign ZKNEResult = 0;
|
||||
|
||||
// ZKNH Unit
|
||||
|
||||
@ -223,7 +223,7 @@ module bmuctrl import cvw::*; #(parameter cvw_t P) (
|
||||
17'b0110011_0011101_000: BMUControlsD = `BMUCTRLW'b000_0111_0100_1_0_0_1_0_0_0_0_0; // aes64ds - decrypt final round
|
||||
17'b0110011_0011111_000: BMUControlsD = `BMUCTRLW'b000_0111_0000_1_0_0_1_0_0_0_0_0; // aes64dsm - decrypt mid round
|
||||
17'b0010011_0011000_001: if (Rs2D == 5'b00000)
|
||||
BMUControlsD = `BMUCTRLW'b000_0111_0011_1_1_0_1_0_0_0_0_0; // aes64im - decrypt keyschdule mixcolumns
|
||||
BMUControlsD = `BMUCTRLW'b000_0111_1000_1_1_0_1_0_0_0_0_0; // aes64im - decrypt keyschdule mixcolumns
|
||||
endcase
|
||||
end
|
||||
|
||||
|
||||
@ -29,18 +29,17 @@
|
||||
module zknd64 #(parameter WIDTH=32) (
|
||||
input logic [WIDTH-1:0] A, B,
|
||||
input logic [6:0] Funct7,
|
||||
input logic [3:0] RNUM,
|
||||
input logic [2:0] ZKNDSelect,
|
||||
input logic [3:0] round,
|
||||
input logic [3:0] ZKNDSelect,
|
||||
output logic [WIDTH-1:0] ZKNDResult
|
||||
);
|
||||
|
||||
logic [63:0] aes64dRes, aes64imRes, aes64ks1iRes, aes64ks2Res;
|
||||
|
||||
// RV64
|
||||
aes64d aes64d(.rs1(A), .rs2(B), .finalround(ZKNDSelect[2]), .result(aes64dRes)); // decode AES
|
||||
aes64im aes64im(.rs1(A), .DataOut(aes64imRes));
|
||||
aes64ks1i aes64ks1i(.roundnum(RNUM), .rs1(A), .result(aes64ks1iRes));
|
||||
aes64d aes64d(.rs1(A), .rs2(B), .finalround(ZKNDSelect[2]), .aes64im(ZKNDSelect[3]), .result(aes64dRes)); // decode AES
|
||||
aes64ks1i aes64ks1i(.round, .rs1(A), .result(aes64ks1iRes));
|
||||
aes64ks2 aes64ks2(.rs2(B), .rs1(A), .result(aes64ks2Res));
|
||||
|
||||
mux4 #(WIDTH) zkndmux(aes64dRes, aes64ks1iRes, aes64ks2Res, aes64imRes, ZKNDSelect[1:0], ZKNDResult);
|
||||
mux3 #(WIDTH) zkndmux(aes64dRes, aes64ks1iRes, aes64ks2Res, ZKNDSelect[1:0], ZKNDResult);
|
||||
endmodule
|
||||
|
||||
@ -29,7 +29,7 @@
|
||||
module zkne64 #(parameter WIDTH=32) (
|
||||
input logic [WIDTH-1:0] A, B,
|
||||
input logic [6:0] Funct7,
|
||||
input logic [3:0] RNUM,
|
||||
input logic [3:0] round,
|
||||
input logic [2:0] ZKNESelect,
|
||||
output logic [WIDTH-1:0] ZKNEResult
|
||||
);
|
||||
@ -38,7 +38,7 @@ module zkne64 #(parameter WIDTH=32) (
|
||||
|
||||
// RV64
|
||||
aes64e aes64e(.rs1(A), .rs2(B), .finalround(ZKNESelect[2]), .result(aes64eRes));
|
||||
aes64ks1i aes64ks1i(.roundnum(RNUM), .rs1(A), .result(aes64ks1iRes));
|
||||
aes64ks1i aes64ks1i(.round, .rs1(A), .result(aes64ks1iRes));
|
||||
aes64ks2 aes64ks2(.rs2(B), .rs1(A), .result(aes64ks2Res));
|
||||
|
||||
// 010 is a placeholder to match the select of ZKND's AES64KS1I since they share some instruction
|
||||
|
||||
Loading…
Reference in New Issue
Block a user