URL https://opencores.org/ocsvn/nfcc/nfcc/trunk

Subversion Repositories nfcc

[/] [nfcc/] [trunk/] [camellia/] [keyscheduler.vhdl] - Blame information for rev 2

Details | Compare with Previous | View Log


-- ------------------------------------------------------------------------
-- Copyright (C) 2010 Arif Endro Nugroho
-- All rights reserved.
-- 
-- Redistribution and use in source and binary forms, with or without
-- modification, are permitted provided that the following conditions
-- are met:
-- 
-- 1. Redistributions of source code must retain the above copyright
--    notice, this list of conditions and the following disclaimer.
-- 2. Redistributions in binary form must reproduce the above copyright
--    notice, this list of conditions and the following disclaimer in the
--    documentation and/or other materials provided with the distribution.
-- 
-- THIS SOFTWARE IS PROVIDED BY ARIF ENDRO NUGROHO "AS IS" AND ANY EXPRESS
-- OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-- WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-- DISCLAIMED. IN NO EVENT SHALL ARIF ENDRO NUGROHO BE LIABLE FOR ANY
-- DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-- ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-- POSSIBILITY OF SUCH DAMAGE.
-- 
-- End Of License.
-- ------------------------------------------------------------------------
 
-- 128-bit key K:
--     KL = K;    KR = 0;
 
-- 192-bit key K:
--     KL = K >> 64;
--     KR = ((K & MASK64) << 64) | (~(K & MASK64));
 
-- 256-bit key K:
--     KL = K >> 128;
--     KR = K & MASK128;
 
-- The 128-bit variables KA and KB are generated from KL and KR as
-- follows.  Note that KB is used only if the length of the secret key
-- is 192 or 256 bits.  D1 and D2 are 64-bit temporary variables.  F-
-- function is described in Section 2.4.
 
-- D1 = (KL ^ KR) >> 64;
-- D2 = (KL ^ KR) & MASK64;
-- D2 = D2 ^ F(D1, Sigma1);
-- D1 = D1 ^ F(D2, Sigma2);
-- D1 = D1 ^ (KL >> 64);
-- D2 = D2 ^ (KL & MASK64);
-- D2 = D2 ^ F(D1, Sigma3);
-- D1 = D1 ^ F(D2, Sigma4);
-- KA = (D1 << 64) | D2;
-- D1 = (KA ^ KR) >> 64;
-- D2 = (KA ^ KR) & MASK64;
-- D2 = D2 ^ F(D1, Sigma5);
-- D1 = D1 ^ F(D2, Sigma6);
-- KB = (D1 << 64) | D2;
 
-- The 64-bit constants Sigma1, Sigma2, ..., Sigma6 are used as "keys"
-- in the F-function.  These constant values are, in hexadecimal
-- notation, as follows.
 
-- Sigma1 = 0xA09E667F3BCC908B;
-- Sigma2 = 0xB67AE8584CAA73B2;
-- Sigma3 = 0xC6EF372FE94F82BE;
-- Sigma4 = 0x54FF53A5F1D36F1C;
-- Sigma5 = 0x10E527FADE682D1D;
-- Sigma6 = 0xB05688C2B3E6C1FD;
 
-- 64-bit subkeys are generated by rotating KL, KR, KA, and KB and
-- taking the left- or right-half of them.
 
-- For 128-bit keys, 64-bit subkeys kw1, ..., kw4, k1, ..., k18,
-- ke1, ..., ke4 are generated as follows.
 
-- kw1 = (KL <<<   0) >> 64;
-- kw2 = (KL <<<   0) & MASK64;
-- k1  = (KA <<<   0) >> 64;
-- k2  = (KA <<<   0) & MASK64;
-- k3  = (KL <<<  15) >> 64;
-- k4  = (KL <<<  15) & MASK64;
-- k5  = (KA <<<  15) >> 64;
-- k6  = (KA <<<  15) & MASK64;
-- ke1 = (KA <<<  30) >> 64;
-- ke2 = (KA <<<  30) & MASK64;
-- k7  = (KL <<<  45) >> 64;
-- k8  = (KL <<<  45) & MASK64;
-- k9  = (KA <<<  45) >> 64;
-- k10 = (KL <<<  60) & MASK64;
-- k11 = (KA <<<  60) >> 64;
-- k12 = (KA <<<  60) & MASK64;
-- ke3 = (KL <<<  77) >> 64;
-- ke4 = (KL <<<  77) & MASK64;
-- k13 = (KL <<<  94) >> 64;
-- k14 = (KL <<<  94) & MASK64;
-- k15 = (KA <<<  94) >> 64;
-- k16 = (KA <<<  94) & MASK64;
-- k17 = (KL <<< 111) >> 64;
-- k18 = (KL <<< 111) & MASK64;
-- kw3 = (KA <<< 111) >> 64;
-- kw4 = (KA <<< 111) & MASK64;
 
-- For 192- and 256-bit keys, 64-bit subkeys kw1, ..., kw4, k1, ...,
-- k24, ke1, ..., ke6 are generated as follows.
 
-- kw1 = (KL <<<   0) >> 64;
-- kw2 = (KL <<<   0) & MASK64;
-- k1  = (KB <<<   0) >> 64;
-- k2  = (KB <<<   0) & MASK64;
-- k3  = (KR <<<  15) >> 64;
-- k4  = (KR <<<  15) & MASK64;
-- k5  = (KA <<<  15) >> 64;
-- k6  = (KA <<<  15) & MASK64;
-- ke1 = (KR <<<  30) >> 64;
-- ke2 = (KR <<<  30) & MASK64;
-- k7  = (KB <<<  30) >> 64;
-- k8  = (KB <<<  30) & MASK64;
-- k9  = (KL <<<  45) >> 64;
-- k10 = (KL <<<  45) & MASK64;
-- k11 = (KA <<<  45) >> 64;
-- k12 = (KA <<<  45) & MASK64;
-- ke3 = (KL <<<  60) >> 64;
-- ke4 = (KL <<<  60) & MASK64;
-- k13 = (KR <<<  60) >> 64;
-- k14 = (KR <<<  60) & MASK64;
-- k15 = (KB <<<  60) >> 64;
-- k16 = (KB <<<  60) & MASK64;
-- k17 = (KL <<<  77) >> 64;
-- k18 = (KL <<<  77) & MASK64;
-- ke5 = (KA <<<  77) >> 64;
-- ke6 = (KA <<<  77) & MASK64;
-- k19 = (KR <<<  94) >> 64;
-- k20 = (KR <<<  94) & MASK64;
-- k21 = (KA <<<  94) >> 64;
-- k22 = (KA <<<  94) & MASK64;
-- k23 = (KL <<< 111) >> 64;
-- k24 = (KL <<< 111) & MASK64;
-- kw3 = (KB <<< 111) >> 64;
-- kw4 = (KB <<< 111) & MASK64;
 
entity keyscheduler is
  port (
  key              : in  bit_vector ( 63 downto 0);
  Nk               : in  bit_vector (  3 downto 0);
  ldk              : in  bit;
  w                : out bit_vector ( 63 downto 0);
  v                : out bit;
  clk              : in  bit;
  rst              : in  bit
  );
end keyscheduler;
 
architecture phy of keyscheduler is
 
  constant sigma1  :     bit_vector ( 63 downto 0) := X"a09e667f3bcc908b";
  constant sigma2  :     bit_vector ( 63 downto 0) := X"b67ae8584caa73b2";
  constant sigma3  :     bit_vector ( 63 downto 0) := X"c6ef372fe94f82be";
  constant sigma4  :     bit_vector ( 63 downto 0) := X"54ff53a5f1d36f1c";
  constant sigma5  :     bit_vector ( 63 downto 0) := X"10e527fade682d1d";
  constant sigma6  :     bit_vector ( 63 downto 0) := X"b05688c2b3e6c1fd";
  signal lsfr      :     bit_vector (383 downto 0); -- constant sigma 1-6
  signal sigma     :     bit_vector ( 63 downto 0);
  signal ireg1     :     bit_vector (127 downto 0);
  signal ikey      :     bit_vector ( 63 downto 0);
  signal f         :     bit_vector ( 63 downto 0);
  signal l         :     bit_vector ( 63 downto 0);
  signal r         :     bit_vector ( 63 downto 0);
  signal fla       :     bit_vector ( 63 downto 0);
  signal s1i       :     bit_vector (  7 downto 0);
  signal s2i       :     bit_vector (  7 downto 0);
  signal s2t       :     bit_vector (  7 downto 0);
  signal s3i       :     bit_vector (  7 downto 0);
  signal s4i       :     bit_vector (  7 downto 0);
  signal s5i       :     bit_vector (  7 downto 0);
  signal s5t       :     bit_vector (  7 downto 0);
  signal s6i       :     bit_vector (  7 downto 0);
  signal s7i       :     bit_vector (  7 downto 0);
  signal s8i       :     bit_vector (  7 downto 0);
  signal s1o       :     bit_vector (  7 downto 0);
  signal s2o       :     bit_vector (  7 downto 0);
  signal s3o       :     bit_vector (  7 downto 0);
  signal s4o       :     bit_vector (  7 downto 0);
  signal s5o       :     bit_vector (  7 downto 0);
  signal s6o       :     bit_vector (  7 downto 0);
  signal s7o       :     bit_vector (  7 downto 0);
  signal s8o       :     bit_vector (  7 downto 0);
  signal z1        :     bit_vector (  7 downto 0);
  signal z2        :     bit_vector (  7 downto 0);
  signal z3        :     bit_vector (  7 downto 0);
  signal z4        :     bit_vector (  7 downto 0);
  signal z5        :     bit_vector (  7 downto 0);
  signal z6        :     bit_vector (  7 downto 0);
  signal z7        :     bit_vector (  7 downto 0);
  signal z8        :     bit_vector (  7 downto 0);
  signal ildk      :     bit;
  signal shift     :     bit;
 
  component sbox
    port (
    di             : in  bit_vector (  7 downto 0);
    do             : out bit_vector (  7 downto 0)
    );
  end component;
 
begin
 
  sb1 : sbox
  port map (
    di             => s1i,
    do             => s1o
    );
  sb2 : sbox
  port map (
    di             => s2i,
    do             => s2o
    );
  sb3 : sbox
  port map (
    di             => s3i,
    do             => s3o
    );
  sb4 : sbox
  port map (
    di             => s4i,
    do             => s4o
    );
  sb5 : sbox
  port map (
    di             => s5i,
    do             => s5o
    );
  sb6 : sbox
  port map (
    di             => s6i,
    do             => s6o
    );
  sb7 : sbox
  port map (
    di             => s7i,
    do             => s7o
    );
  sb8 : sbox
  port map (
    di             => s8i,
    do             => s8o
    );
 
--L_{r}            == R_{r-1} xor F(L_{r-1}, kr)
--R_{r}            == L_{r-1}
 
  l                <= ireg1(127 downto  64);
  r                <= ireg1( 63 downto   0);
  sigma            <= lsfr (383 downto 320);
 
  s1i              <=   l  (  7 downto   0) xor sigma( 7 downto  0);
  s2t              <=   l  ( 15 downto   8) xor sigma(15 downto  8);
  s2i              <= s2t(6 downto 0) & s2t(7);
  s3i              <=   l  ( 23 downto  16) xor sigma(23 downto 16);
  s4i              <=   l  ( 31 downto  24) xor sigma(31 downto 24);-- SBOX4(ROTL1x)
  s5t              <=   l  ( 39 downto  32) xor sigma(39 downto 32);
  s5i              <= s5t(6 downto 0) & s5t(7);
  s6i              <=   l  ( 47 downto  40) xor sigma(47 downto 40);
  s7i              <=   l  ( 55 downto  48) xor sigma(55 downto 48);-- SBOX4(ROTL1x)
  s8i              <=   l  ( 63 downto  56) xor sigma(63 downto 56);
 
--S-function
 
  z8               <= s1o;                                   -- SBOX1  
  z7               <= s2o;                                   -- SBOX4(ROTL1x)
  z6               <= s3o(0) & s3o(7 downto 1);              -- SBOX3 ROTR1
  z5               <= s4o(6 downto 0) & s4o(7);              -- SBOX2 ROTL1  
  z4               <= s5o;                                   -- SBOX4(ROTL1x)
  z3               <= s6o(0) & s6o(7 downto 1);              -- SBOX3 ROTR1
  z2               <= s7o(6 downto 0) & s7o(7);              -- SBOX2 ROTL1  
  z1               <= s8o;                                   -- SBOX1
 
--P-function
--z'1              == z1  xor z3  xor z4  xor z6  xor z7  xor z8
--z'2              == z1  xor z2  xor z4  xor z5  xor z7  xor z8
--z'3              == z1  xor z2  xor z3  xor z5  xor z6  xor z8
--z'4              == z2  xor z3  xor z4  xor z5  xor z6  xor z7
--z'5              == z1  xor z2  xor z6  xor z7  xor z8
--z'6              == z2  xor z3  xor z5  xor z7  xor z8
--z'7              == z3  xor z4  xor z5  xor z6  xor z8
--z'8              == z1  xor z4  xor z5  xor z6  xor z7
 
  f (63 downto 56) <= z1  xor z3  xor z4  xor z6  xor z7  xor z8 ;
  f (55 downto 48) <= z1  xor z2  xor z4  xor z5  xor z7  xor z8 ;
  f (47 downto 40) <= z1  xor z2  xor z3  xor z5  xor z6  xor z8 ;
  f (39 downto 32) <= z2  xor z3  xor z4  xor z5  xor z6  xor z7 ;
  f (31 downto 24) <= z1  xor z2  xor z6  xor z7  xor z8         ;
  f (23 downto 16) <= z2  xor z3  xor z5  xor z7  xor z8         ;
  f (15 downto  8) <= z3  xor z4  xor z5  xor z6  xor z8         ;
  f ( 7 downto  0) <= z1  xor z4  xor z5  xor z6  xor z7         ;
 
--F-function
 
  fla              <= r xor f;
 
  process (clk)
  begin
    if ((clk = '1') and clk'event) then
      if (rst = '1') then
        ikey       <= (others => '0');
        ildk       <= '0';
        shift      <= '0';
      else
        ikey       <= key;
        ildk       <= ldk;
        shift      <= '1';
      end if;
    end if;
  end process;
 
  process (clk)
  begin
    if ((clk = '1') and clk'event) then
      if (rst = '1') then
        lsfr(383 downto 320) <= sigma1;
        lsfr(319 downto 256) <= sigma2;
        lsfr(255 downto 192) <= sigma3;
        lsfr(191 downto 128) <= sigma4;
        lsfr(127 downto  64) <= sigma5;
        lsfr( 63 downto   0) <= sigma6;
      elsif (shift = '1') then
        lsfr       <= lsfr (319 downto   0) & lsfr ( 383 downto 320);
      end if;
    end if;
  end process;
 
  process (clk)
  begin
    if ((clk = '1') and clk'event) then
      if (rst = '1') then
        ireg1(127 downto  0) <= (others => '0') ;
      elsif (ildk = '1') then
        ireg1(127 downto  0) <= ireg1( 63 downto  0) & ikey;    -- initial round 2-4 clock
      else
        ireg1( 63 downto  0) <= r              ;
        ireg1(127 downto 64) <= l              ;
      end if;
    end if;
  end process;
 
  v                <= '0';
  w                <= fla when v = '0' else (others => '0');
 
end phy;

Browse

Tools

Subversion Repositories nfcc

[/] [nfcc/] [trunk/] [camellia/] [keyscheduler.vhdl] - Blame information for rev 2

Line No.	Rev	Author	Line
1	2	arif_endro	`-- ------------------------------------------------------------------------`
2			`-- Copyright (C) 2010 Arif Endro Nugroho`
3			`-- All rights reserved.`
4			`--`
5			`-- Redistribution and use in source and binary forms, with or without`
6			`-- modification, are permitted provided that the following conditions`
7			`-- are met:`
8			`--`
9			`-- 1. Redistributions of source code must retain the above copyright`
10			`-- notice, this list of conditions and the following disclaimer.`
11			`-- 2. Redistributions in binary form must reproduce the above copyright`
12			`-- notice, this list of conditions and the following disclaimer in the`
13			`-- documentation and/or other materials provided with the distribution.`
14			`--`
15			`-- THIS SOFTWARE IS PROVIDED BY ARIF ENDRO NUGROHO "AS IS" AND ANY EXPRESS`
16			`-- OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED`
17			`-- WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE`
18			`-- DISCLAIMED. IN NO EVENT SHALL ARIF ENDRO NUGROHO BE LIABLE FOR ANY`
19			`-- DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL`
20			`-- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS`
21			`-- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)`
22			`-- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,`
23			`-- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN`
24			`-- ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE`
25			`-- POSSIBILITY OF SUCH DAMAGE.`
26			`--`
27			`-- End Of License.`
28			`-- ------------------------------------------------------------------------`
29
30			`-- 128-bit key K:`
31			`-- KL = K; KR = 0;`
32
33			`-- 192-bit key K:`
34			`-- KL = K >> 64;`
35			`-- KR = ((K & MASK64) << 64) \| (~(K & MASK64));`
36
37			`-- 256-bit key K:`
38			`-- KL = K >> 128;`
39			`-- KR = K & MASK128;`
40
41			`-- The 128-bit variables KA and KB are generated from KL and KR as`
42			`-- follows. Note that KB is used only if the length of the secret key`
43			`-- is 192 or 256 bits. D1 and D2 are 64-bit temporary variables. F-`
44			`-- function is described in Section 2.4.`
45
46			`-- D1 = (KL ^ KR) >> 64;`
47			`-- D2 = (KL ^ KR) & MASK64;`
48			`-- D2 = D2 ^ F(D1, Sigma1);`
49			`-- D1 = D1 ^ F(D2, Sigma2);`
50			`-- D1 = D1 ^ (KL >> 64);`
51			`-- D2 = D2 ^ (KL & MASK64);`
52			`-- D2 = D2 ^ F(D1, Sigma3);`
53			`-- D1 = D1 ^ F(D2, Sigma4);`
54			`-- KA = (D1 << 64) \| D2;`
55			`-- D1 = (KA ^ KR) >> 64;`
56			`-- D2 = (KA ^ KR) & MASK64;`
57			`-- D2 = D2 ^ F(D1, Sigma5);`
58			`-- D1 = D1 ^ F(D2, Sigma6);`
59			`-- KB = (D1 << 64) \| D2;`
60
61			`-- The 64-bit constants Sigma1, Sigma2, ..., Sigma6 are used as "keys"`
62			`-- in the F-function. These constant values are, in hexadecimal`
63			`-- notation, as follows.`
64
65			`-- Sigma1 = 0xA09E667F3BCC908B;`
66			`-- Sigma2 = 0xB67AE8584CAA73B2;`
67			`-- Sigma3 = 0xC6EF372FE94F82BE;`
68			`-- Sigma4 = 0x54FF53A5F1D36F1C;`
69			`-- Sigma5 = 0x10E527FADE682D1D;`
70			`-- Sigma6 = 0xB05688C2B3E6C1FD;`
71
72			`-- 64-bit subkeys are generated by rotating KL, KR, KA, and KB and`
73			`-- taking the left- or right-half of them.`
74
75			`-- For 128-bit keys, 64-bit subkeys kw1, ..., kw4, k1, ..., k18,`
76			`-- ke1, ..., ke4 are generated as follows.`
77
78			`-- kw1 = (KL <<< 0) >> 64;`
79			`-- kw2 = (KL <<< 0) & MASK64;`
80			`-- k1 = (KA <<< 0) >> 64;`
81			`-- k2 = (KA <<< 0) & MASK64;`
82			`-- k3 = (KL <<< 15) >> 64;`
83			`-- k4 = (KL <<< 15) & MASK64;`
84			`-- k5 = (KA <<< 15) >> 64;`
85			`-- k6 = (KA <<< 15) & MASK64;`
86			`-- ke1 = (KA <<< 30) >> 64;`
87			`-- ke2 = (KA <<< 30) & MASK64;`
88			`-- k7 = (KL <<< 45) >> 64;`
89			`-- k8 = (KL <<< 45) & MASK64;`
90			`-- k9 = (KA <<< 45) >> 64;`
91			`-- k10 = (KL <<< 60) & MASK64;`
92			`-- k11 = (KA <<< 60) >> 64;`
93			`-- k12 = (KA <<< 60) & MASK64;`
94			`-- ke3 = (KL <<< 77) >> 64;`
95			`-- ke4 = (KL <<< 77) & MASK64;`
96			`-- k13 = (KL <<< 94) >> 64;`
97			`-- k14 = (KL <<< 94) & MASK64;`
98			`-- k15 = (KA <<< 94) >> 64;`
99			`-- k16 = (KA <<< 94) & MASK64;`
100			`-- k17 = (KL <<< 111) >> 64;`
101			`-- k18 = (KL <<< 111) & MASK64;`
102			`-- kw3 = (KA <<< 111) >> 64;`
103			`-- kw4 = (KA <<< 111) & MASK64;`
104
105			`-- For 192- and 256-bit keys, 64-bit subkeys kw1, ..., kw4, k1, ...,`
106			`-- k24, ke1, ..., ke6 are generated as follows.`
107
108			`-- kw1 = (KL <<< 0) >> 64;`
109			`-- kw2 = (KL <<< 0) & MASK64;`
110			`-- k1 = (KB <<< 0) >> 64;`
111			`-- k2 = (KB <<< 0) & MASK64;`
112			`-- k3 = (KR <<< 15) >> 64;`
113			`-- k4 = (KR <<< 15) & MASK64;`
114			`-- k5 = (KA <<< 15) >> 64;`
115			`-- k6 = (KA <<< 15) & MASK64;`
116			`-- ke1 = (KR <<< 30) >> 64;`
117			`-- ke2 = (KR <<< 30) & MASK64;`
118			`-- k7 = (KB <<< 30) >> 64;`
119			`-- k8 = (KB <<< 30) & MASK64;`
120			`-- k9 = (KL <<< 45) >> 64;`
121			`-- k10 = (KL <<< 45) & MASK64;`
122			`-- k11 = (KA <<< 45) >> 64;`
123			`-- k12 = (KA <<< 45) & MASK64;`
124			`-- ke3 = (KL <<< 60) >> 64;`
125			`-- ke4 = (KL <<< 60) & MASK64;`
126			`-- k13 = (KR <<< 60) >> 64;`
127			`-- k14 = (KR <<< 60) & MASK64;`
128			`-- k15 = (KB <<< 60) >> 64;`
129			`-- k16 = (KB <<< 60) & MASK64;`
130			`-- k17 = (KL <<< 77) >> 64;`
131			`-- k18 = (KL <<< 77) & MASK64;`
132			`-- ke5 = (KA <<< 77) >> 64;`
133			`-- ke6 = (KA <<< 77) & MASK64;`
134			`-- k19 = (KR <<< 94) >> 64;`
135			`-- k20 = (KR <<< 94) & MASK64;`
136			`-- k21 = (KA <<< 94) >> 64;`
137			`-- k22 = (KA <<< 94) & MASK64;`
138			`-- k23 = (KL <<< 111) >> 64;`
139			`-- k24 = (KL <<< 111) & MASK64;`
140			`-- kw3 = (KB <<< 111) >> 64;`
141			`-- kw4 = (KB <<< 111) & MASK64;`
142
143			`entity keyscheduler is`
144			`port (`
145			`key : in bit_vector ( 63 downto 0);`
146			`Nk : in bit_vector ( 3 downto 0);`
147			`ldk : in bit;`
148			`w : out bit_vector ( 63 downto 0);`
149			`v : out bit;`
150			`clk : in bit;`
151			`rst : in bit`
152			`);`
153			`end keyscheduler;`
154
155			`architecture phy of keyscheduler is`
156
157			`constant sigma1 : bit_vector ( 63 downto 0) := X"a09e667f3bcc908b";`
158			`constant sigma2 : bit_vector ( 63 downto 0) := X"b67ae8584caa73b2";`
159			`constant sigma3 : bit_vector ( 63 downto 0) := X"c6ef372fe94f82be";`
160			`constant sigma4 : bit_vector ( 63 downto 0) := X"54ff53a5f1d36f1c";`
161			`constant sigma5 : bit_vector ( 63 downto 0) := X"10e527fade682d1d";`
162			`constant sigma6 : bit_vector ( 63 downto 0) := X"b05688c2b3e6c1fd";`
163			`signal lsfr : bit_vector (383 downto 0); -- constant sigma 1-6`
164			`signal sigma : bit_vector ( 63 downto 0);`
165			`signal ireg1 : bit_vector (127 downto 0);`
166			`signal ikey : bit_vector ( 63 downto 0);`
167			`signal f : bit_vector ( 63 downto 0);`
168			`signal l : bit_vector ( 63 downto 0);`
169			`signal r : bit_vector ( 63 downto 0);`
170			`signal fla : bit_vector ( 63 downto 0);`
171			`signal s1i : bit_vector ( 7 downto 0);`
172			`signal s2i : bit_vector ( 7 downto 0);`
173			`signal s2t : bit_vector ( 7 downto 0);`
174			`signal s3i : bit_vector ( 7 downto 0);`
175			`signal s4i : bit_vector ( 7 downto 0);`
176			`signal s5i : bit_vector ( 7 downto 0);`
177			`signal s5t : bit_vector ( 7 downto 0);`
178			`signal s6i : bit_vector ( 7 downto 0);`
179			`signal s7i : bit_vector ( 7 downto 0);`
180			`signal s8i : bit_vector ( 7 downto 0);`
181			`signal s1o : bit_vector ( 7 downto 0);`
182			`signal s2o : bit_vector ( 7 downto 0);`
183			`signal s3o : bit_vector ( 7 downto 0);`
184			`signal s4o : bit_vector ( 7 downto 0);`
185			`signal s5o : bit_vector ( 7 downto 0);`
186			`signal s6o : bit_vector ( 7 downto 0);`
187			`signal s7o : bit_vector ( 7 downto 0);`
188			`signal s8o : bit_vector ( 7 downto 0);`
189			`signal z1 : bit_vector ( 7 downto 0);`
190			`signal z2 : bit_vector ( 7 downto 0);`
191			`signal z3 : bit_vector ( 7 downto 0);`
192			`signal z4 : bit_vector ( 7 downto 0);`
193			`signal z5 : bit_vector ( 7 downto 0);`
194			`signal z6 : bit_vector ( 7 downto 0);`
195			`signal z7 : bit_vector ( 7 downto 0);`
196			`signal z8 : bit_vector ( 7 downto 0);`
197			`signal ildk : bit;`
198			`signal shift : bit;`
199
200			`component sbox`
201			`port (`
202			`di : in bit_vector ( 7 downto 0);`
203			`do : out bit_vector ( 7 downto 0)`
204			`);`
205			`end component;`
206
207			`begin`
208
209			`sb1 : sbox`
210			`port map (`
211			`di => s1i,`
212			`do => s1o`
213			`);`
214			`sb2 : sbox`
215			`port map (`
216			`di => s2i,`
217			`do => s2o`
218			`);`
219			`sb3 : sbox`
220			`port map (`
221			`di => s3i,`
222			`do => s3o`
223			`);`
224			`sb4 : sbox`
225			`port map (`
226			`di => s4i,`
227			`do => s4o`
228			`);`
229			`sb5 : sbox`
230			`port map (`
231			`di => s5i,`
232			`do => s5o`
233			`);`
234			`sb6 : sbox`
235			`port map (`
236			`di => s6i,`
237			`do => s6o`
238			`);`
239			`sb7 : sbox`
240			`port map (`
241			`di => s7i,`
242			`do => s7o`
243			`);`
244			`sb8 : sbox`
245			`port map (`
246			`di => s8i,`
247			`do => s8o`
248			`);`
249
250			`--L_{r} == R_{r-1} xor F(L_{r-1}, kr)`
251			`--R_{r} == L_{r-1}`
252
253			`l <= ireg1(127 downto 64);`
254			`r <= ireg1( 63 downto 0);`
255			`sigma <= lsfr (383 downto 320);`
256
257			`s1i <= l ( 7 downto 0) xor sigma( 7 downto 0);`
258			`s2t <= l ( 15 downto 8) xor sigma(15 downto 8);`
259			`s2i <= s2t(6 downto 0) & s2t(7);`
260			`s3i <= l ( 23 downto 16) xor sigma(23 downto 16);`
261			`s4i <= l ( 31 downto 24) xor sigma(31 downto 24);-- SBOX4(ROTL1x)`
262			`s5t <= l ( 39 downto 32) xor sigma(39 downto 32);`
263			`s5i <= s5t(6 downto 0) & s5t(7);`
264			`s6i <= l ( 47 downto 40) xor sigma(47 downto 40);`
265			`s7i <= l ( 55 downto 48) xor sigma(55 downto 48);-- SBOX4(ROTL1x)`
266			`s8i <= l ( 63 downto 56) xor sigma(63 downto 56);`
267
268			`--S-function`
269
270			`z8 <= s1o; -- SBOX1`
271			`z7 <= s2o; -- SBOX4(ROTL1x)`
272			`z6 <= s3o(0) & s3o(7 downto 1); -- SBOX3 ROTR1`
273			`z5 <= s4o(6 downto 0) & s4o(7); -- SBOX2 ROTL1`
274			`z4 <= s5o; -- SBOX4(ROTL1x)`
275			`z3 <= s6o(0) & s6o(7 downto 1); -- SBOX3 ROTR1`
276			`z2 <= s7o(6 downto 0) & s7o(7); -- SBOX2 ROTL1`
277			`z1 <= s8o; -- SBOX1`
278
279			`--P-function`
280			`--z'1 == z1 xor z3 xor z4 xor z6 xor z7 xor z8`
281			`--z'2 == z1 xor z2 xor z4 xor z5 xor z7 xor z8`
282			`--z'3 == z1 xor z2 xor z3 xor z5 xor z6 xor z8`
283			`--z'4 == z2 xor z3 xor z4 xor z5 xor z6 xor z7`
284			`--z'5 == z1 xor z2 xor z6 xor z7 xor z8`
285			`--z'6 == z2 xor z3 xor z5 xor z7 xor z8`
286			`--z'7 == z3 xor z4 xor z5 xor z6 xor z8`
287			`--z'8 == z1 xor z4 xor z5 xor z6 xor z7`
288
289			`f (63 downto 56) <= z1 xor z3 xor z4 xor z6 xor z7 xor z8 ;`
290			`f (55 downto 48) <= z1 xor z2 xor z4 xor z5 xor z7 xor z8 ;`
291			`f (47 downto 40) <= z1 xor z2 xor z3 xor z5 xor z6 xor z8 ;`
292			`f (39 downto 32) <= z2 xor z3 xor z4 xor z5 xor z6 xor z7 ;`
293			`f (31 downto 24) <= z1 xor z2 xor z6 xor z7 xor z8 ;`
294			`f (23 downto 16) <= z2 xor z3 xor z5 xor z7 xor z8 ;`
295			`f (15 downto 8) <= z3 xor z4 xor z5 xor z6 xor z8 ;`
296			`f ( 7 downto 0) <= z1 xor z4 xor z5 xor z6 xor z7 ;`
297
298			`--F-function`
299
300			`fla <= r xor f;`
301
302			`process (clk)`
303			`begin`
304			`if ((clk = '1') and clk'event) then`
305			`if (rst = '1') then`
306			`ikey <= (others => '0');`
307			`ildk <= '0';`
308			`shift <= '0';`
309			`else`
310			`ikey <= key;`
311			`ildk <= ldk;`
312			`shift <= '1';`
313			`end if;`
314			`end if;`
315			`end process;`
316
317			`process (clk)`
318			`begin`
319			`if ((clk = '1') and clk'event) then`
320			`if (rst = '1') then`
321			`lsfr(383 downto 320) <= sigma1;`
322			`lsfr(319 downto 256) <= sigma2;`
323			`lsfr(255 downto 192) <= sigma3;`
324			`lsfr(191 downto 128) <= sigma4;`
325			`lsfr(127 downto 64) <= sigma5;`
326			`lsfr( 63 downto 0) <= sigma6;`
327			`elsif (shift = '1') then`
328			`lsfr <= lsfr (319 downto 0) & lsfr ( 383 downto 320);`
329			`end if;`
330			`end if;`
331			`end process;`
332
333			`process (clk)`
334			`begin`
335			`if ((clk = '1') and clk'event) then`
336			`if (rst = '1') then`
337			`ireg1(127 downto 0) <= (others => '0') ;`
338			`elsif (ildk = '1') then`
339			`ireg1(127 downto 0) <= ireg1( 63 downto 0) & ikey; -- initial round 2-4 clock`
340			`else`
341			`ireg1( 63 downto 0) <= r ;`
342			`ireg1(127 downto 64) <= l ;`
343			`end if;`
344			`end if;`
345			`end process;`
346
347			`v <= '0';`
348			`w <= fla when v = '0' else (others => '0');`
349
350			`end phy;`