1 |
2 |
schengopen |
////////////////////////////////////////////////////////////////// ////
|
2 |
|
|
//// ////
|
3 |
|
|
//// AES Decryption Core for FPGA ////
|
4 |
|
|
//// ////
|
5 |
|
|
//// This file is part of the AES Decryption Core for FPGA project ////
|
6 |
|
|
//// http://www.opencores.org/cores/xxx/ ////
|
7 |
|
|
//// ////
|
8 |
|
|
//// Description ////
|
9 |
|
|
//// Implementation of AES Decryption Core for FPGA according to ////
|
10 |
|
|
//// core specification document. ////
|
11 |
|
|
//// ////
|
12 |
|
|
//// To Do: ////
|
13 |
|
|
//// - ////
|
14 |
|
|
//// ////
|
15 |
|
|
//// Author(s): ////
|
16 |
|
|
//// - scheng, schengopencores@opencores.org ////
|
17 |
|
|
//// ////
|
18 |
|
|
//////////////////////////////////////////////////////////////////////
|
19 |
|
|
//// ////
|
20 |
|
|
//// Copyright (C) 2009 Authors and OPENCORES.ORG ////
|
21 |
|
|
//// ////
|
22 |
|
|
//// This source file may be used and distributed without ////
|
23 |
|
|
//// restriction provided that this copyright statement is not ////
|
24 |
|
|
//// removed from the file and that any derivative work contains ////
|
25 |
|
|
//// the original copyright notice and the associated disclaimer. ////
|
26 |
|
|
//// ////
|
27 |
|
|
//// This source file is free software; you can redistribute it ////
|
28 |
|
|
//// and/or modify it under the terms of the GNU Lesser General ////
|
29 |
|
|
//// Public License as published by the Free Software Foundation; ////
|
30 |
|
|
//// either version 2.1 of the License, or (at your option) any ////
|
31 |
|
|
//// later version. ////
|
32 |
|
|
//// ////
|
33 |
|
|
//// This source is distributed in the hope that it will be ////
|
34 |
|
|
//// useful, but WITHOUT ANY WARRANTY; without even the implied ////
|
35 |
|
|
//// warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR ////
|
36 |
|
|
//// PURPOSE. See the GNU Lesser General Public License for more ////
|
37 |
|
|
//// details. ////
|
38 |
|
|
//// ////
|
39 |
|
|
//// You should have received a copy of the GNU Lesser General ////
|
40 |
|
|
//// Public License along with this source; if not, download it ////
|
41 |
|
|
//// from http://www.opencores.org/lgpl.shtml ////
|
42 |
|
|
//// //// ///
|
43 |
|
|
///////////////////////////////////////////////////////////////////
|
44 |
|
|
//// ////
|
45 |
|
|
//// Key Schedule buffer ////
|
46 |
|
|
//// ////
|
47 |
|
|
//// The key schedule buffer is required for decryption because ////
|
48 |
|
|
//// round keys are consumed in reversed order than they are ////
|
49 |
|
|
//// generated by the Key Expander. The KschBuffer sits between the ////
|
50 |
|
|
//// Key Expander and the decryptor. Round keys coming out from the ////
|
51 |
|
|
//// Key Expander is first stored in the KschBuffer, and later read ////
|
52 |
|
|
//// out in reversed order by the decryptor. ////
|
53 |
|
|
//// ////
|
54 |
|
|
////////////////////////////////////////////////////////////////////////
|
55 |
|
|
|
56 |
|
|
module KschBuffer(
|
57 |
|
|
// Key schedule buffer is required for decryption because round keys are consumed in
|
58 |
|
|
// reversed order than they are generated by the Key Expander. The KschBuffer sits
|
59 |
|
|
// between the Key Expander and the decryptor. Round keys coming out from the Key
|
60 |
|
|
// Expander is first stored in the KschBuffer, and later read out in reversed order
|
61 |
|
|
// by the decryptor.
|
62 |
|
|
input [0:127] rkey_in, // Round key from Key Expander
|
63 |
|
|
input rkey_vld_in, // High when rkey_in has a valid round key. This occurs when
|
64 |
|
|
// the Key Expander is updating the key schedule.
|
65 |
|
|
|
66 |
|
|
output [0:127] rkey_out, // Round key to decryptor.
|
67 |
|
|
input next_rkey, // Assert high by decryptor to request for next round key.
|
68 |
|
|
output rkey_vld_out, // High indicates to decryptor that a valid round key is
|
69 |
|
|
// present at rkey_out.
|
70 |
|
|
|
71 |
|
|
input [0:1] klen_sel, // Key length select. 00->128-bit, 01->192-bit, 10->256-bit, 11->invalid
|
72 |
|
|
input clk, rst
|
73 |
|
|
);
|
74 |
|
|
|
75 |
|
|
(* RAM_STYLE="distributed" *) reg [127:0] lutram [15:0];
|
76 |
|
|
|
77 |
|
|
reg [3:0] rd_addr_cnt;
|
78 |
|
|
reg [3:0] wr_addr_cnt;
|
79 |
|
|
reg first_rkey_vld_in;
|
80 |
|
|
reg [3:0] nr;
|
81 |
|
|
|
82 |
|
|
// Do not change to always_ff. This is the coding template for inferring RAM by
|
83 |
|
|
// Vivado synthesizer.
|
84 |
|
|
always @(posedge clk)
|
85 |
|
|
if (rkey_vld_in) lutram[wr_addr_cnt] <= rkey_in;
|
86 |
|
|
|
87 |
|
|
assign rkey_out = lutram[rd_addr_cnt];
|
88 |
|
|
|
89 |
|
|
// No. of rounds for various key lengths. nr is used in the read and write address
|
90 |
|
|
// counter of the key schedule RAM buffer.
|
91 |
|
|
always_comb
|
92 |
|
|
unique case (klen_sel)
|
93 |
|
|
2'b00 : nr <= 10; // 128-bit
|
94 |
|
|
2'b01 : nr <= 12; // 192-bit
|
95 |
|
|
2'b10 : nr <= 14; // 256-bit
|
96 |
|
|
endcase
|
97 |
|
|
|
98 |
|
|
// Address counter used by the decryptor (reads from RAM). Counts down
|
99 |
|
|
// from nr to 0.
|
100 |
|
|
always_ff @(posedge clk)
|
101 |
|
|
begin
|
102 |
|
|
if (rst) rd_addr_cnt <= nr;
|
103 |
|
|
else
|
104 |
|
|
begin
|
105 |
|
|
if (next_rkey)
|
106 |
|
|
begin
|
107 |
|
|
if (rd_addr_cnt == 0) rd_addr_cnt <= nr;
|
108 |
|
|
else rd_addr_cnt--;
|
109 |
|
|
end
|
110 |
|
|
end
|
111 |
|
|
end
|
112 |
|
|
|
113 |
|
|
// Address counter for Key Expander (writes to RAM). Counts up from 0 to nr.
|
114 |
|
|
always_ff @(posedge clk)
|
115 |
|
|
begin
|
116 |
|
|
if (rst) wr_addr_cnt <= 0;
|
117 |
|
|
else
|
118 |
|
|
begin
|
119 |
|
|
if (rkey_vld_in)
|
120 |
|
|
begin
|
121 |
|
|
if (wr_addr_cnt == nr) wr_addr_cnt <= 0;
|
122 |
|
|
else wr_addr_cnt++;
|
123 |
|
|
end
|
124 |
|
|
end
|
125 |
|
|
end
|
126 |
|
|
|
127 |
|
|
// Key Expander always has the priority to update key schedule in RAM. rkey_vld_out
|
128 |
|
|
// is held low during key schedule update, stopping the decryptor to start decrypting
|
129 |
|
|
// a new block.
|
130 |
|
|
//
|
131 |
|
|
// Also rkey_vld_out is held low upon reset until the first valid rkey is present.
|
132 |
|
|
always_ff @(posedge clk)
|
133 |
|
|
begin
|
134 |
|
|
if (rst) first_rkey_vld_in <= 0;
|
135 |
|
|
else if (rkey_vld_in) first_rkey_vld_in <= 1;
|
136 |
|
|
end
|
137 |
|
|
|
138 |
|
|
assign rkey_vld_out = ~rkey_vld_in & first_rkey_vld_in;
|
139 |
|
|
endmodule
|