OpenCores
URL https://opencores.org/ocsvn/aes_decrypt_fpga/aes_decrypt_fpga/trunk

Subversion Repositories aes_decrypt_fpga

[/] [aes_decrypt_fpga/] [trunk/] [rtl/] [verilog/] [KeyExpand256.sv] - Rev 4

Go to most recent revision | Compare with Previous | Blame | View Log

////////////////////////////////////////////////////////////////// ////
////                                                                                                                            ////
//// AES Decryption Core for FPGA                                                                       ////
////                                                                                                                            ////
//// This file is part of the AES Decryption Core for FPGA project      ////
//// http://www.opencores.org/cores/xxx/                                                        ////
////                                                                                                                            ////
//// Description                                                                                                        ////
//// Implementation of  AES Decryption Core for FPGA according to       ////
//// core specification document.                                                                       ////
////                                                                                                                            ////
//// To Do:                                                                                                             ////
//// -                                                                                                                          ////
////                                                                                                                            ////
//// Author(s):                                                                                                         ////
//// - scheng, schengopencores@opencores.org                                            ////
////                                                                                                                            ////
//////////////////////////////////////////////////////////////////////
////                                                                                                                            ////
//// Copyright (C) 2009 Authors and OPENCORES.ORG                                       ////
////                                                                                                                            ////
//// This source file may be used and distributed without                       ////
//// restriction provided that this copyright statement is not          ////
//// removed from the file and that any derivative work contains        ////
//// the original copyright notice and the associated disclaimer.       ////
////                                                                                                                            ////
//// This source file is free software; you can redistribute it         ////
//// and/or modify it under the terms of the GNU Lesser General         ////
//// Public License as published by the Free Software Foundation;       ////
//// either version 2.1 of the License, or (at your option) any         ////
//// later version.                                                                                             ////
////                                                                                                                            ////
//// This source is distributed in the hope that it will be             ////
//// useful, but WITHOUT ANY WARRANTY; without even the implied         ////
//// warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR            ////
//// PURPOSE. See the GNU Lesser General Public License for more        ////
//// details.                                                                                                           ////
////                                                                                                                            ////
//// You should have received a copy of the GNU Lesser General          ////
//// Public License along with this source; if not, download it         ////
//// from http://www.opencores.org/lgpl.shtml                                           ////
////                                                                                                                            //// ///
///////////////////////////////////////////////////////////////////
////                                                                                                                            ////
//// 256-bit key expander                                                                                       ////
////                                                                                                                            ////
//// The key expansion algorithm is described in section 5.2 of the     ////
//// FIPS-197 spec. This file implements the case for 256-bit key       ////
//// only.                                                                                                                      ////
////                                                                                                                            ////
////////////////////////////////////////////////////////////////////////

module KeyExpand256(
        // 256-bit key expander
        
        input   [0:255] kt,
        input   kt_vld,         // Active high input informing key expander that a valid new key is present at kt.
        output  kt_rdy,         // Active high output indicates key expander ready to accept new key
        
        output  [0:127] rkey,   // Note : rkey is always 128 bit regardless the crypto key length
        output  rkey_vld,       // Active high output indicates valid roundkey available at rkey[0:127]
        output  rkey_last,      // High for 1 clock cycle, indicates last roundkey available at rkey[0:127].
        
        input   clk,
        input   rst
        );
        
        // Registers holding the calculated roundkeys
        logic   [0:31]  w0;
        logic   [0:31]  w1;
        logic   [0:31]  w2;
        logic   [0:31]  w3;
        logic   [0:31]  w4;
        logic   [0:31]  w5;
        logic   [0:31]  w6;
        logic   [0:31]  w7;
        
        logic   [0:3]   keyexp_state;   // Key expansion state machine
        logic   [0:7]   Rcon;                   // Round constant. See FIPS-197 section 5.3.
        logic   [0:7]   Rcon_1;         // Shadow Rcon. For use to compute next Rcon value in key expansion state machine.
        
        wire    [0:31]  subword_out;
        wire    [0:31]  subword_in;
        wire    [0:31]  rotword_out;
        wire    [0:31]  rotword_in;
        
        wire    keyexp_state_0;         // '1' indicates key expansion state machine at state 0 (initial state)
        wire    keyexp_state_14;        // '1' indicates key expansion state machine at state 14 (last state)
        
        // Do not remove the "keep" and "max_fanout" attribute. They are there to force the synthesizer
        // to infer independent logic for next_w*, instead of deriving next_w1 from next_w0, ...and
        // so on. See the definitions of next_w* below. This is to avoid getting a chain of LUTs, which reduces Fmax.
        wire    [0:31]  next_w0;
        wire    [0:31]  next_w1;
        wire    [0:31]  next_w2;
        wire    [0:31]  next_w3;
        (* keep = "true", max_fanout = 1 *) wire        [0:31]  next_w4;
        (* keep = "true", max_fanout = 1 *) wire        [0:31]  next_w5;
        (* keep = "true", max_fanout = 1 *) wire        [0:31]  next_w6;
        (* keep = "true", max_fanout = 1 *) wire        [0:31]  next_w7;


        assign rotword_in = (keyexp_state_0)? kt[224:255] : w7;
        RotWord RotWord_u(.din(rotword_in), .dout(rotword_out));
        
        // keyexp_state[3] = 1 corresponds to states 1,3,5,7,...(odd states), which in turn corresponds to
        // the condition ((Nk > 6) && (i mod Nk == 4)) in the key expansion algorithm. See section 5.2 fig.
        // 11 of FIPS-197.
        assign subword_in = (keyexp_state[3])? rotword_in : rotword_out;
        SubWord SubWord_u(.din(subword_in), .dout(subword_out));
        
        assign next_w0 = (keyexp_state_0)? kt[128+:32] : w4;
        assign next_w1 = (keyexp_state_0)? kt[160+:32] : w5;
        assign next_w2 = (keyexp_state_0)? kt[192+:32] : w6;
        assign next_w3 = (keyexp_state_0)? kt[224+:32] : w7;
        assign next_w4 = (keyexp_state_0)? (subword_out ^ {Rcon,24'h000000} ^ kt[0+:32]) : (subword_out ^ {Rcon,24'h000000} ^ w0); 
        assign next_w5 = (keyexp_state_0)? (subword_out ^ {Rcon,24'h000000} ^ kt[0+:32] ^ kt[32+:32]) : (subword_out ^ {Rcon,24'h000000} ^ w0 ^ w1);
        assign next_w6 = (keyexp_state_0)? (subword_out ^ {Rcon,24'h000000} ^ kt[0+:32] ^ kt[32+:32] ^ kt[64+:32]) : (subword_out ^ {Rcon,24'h000000} ^ w0 ^ w1 ^ w2);
        assign next_w7 = (keyexp_state_0)? (subword_out ^ {Rcon,24'h000000} ^ kt[0+:32] ^ kt[32+:32] ^ kt[64+:32] ^ kt[96+:32]) : (subword_out ^ {Rcon,24'h000000} ^ w0 ^ w1 ^ w2 ^ w3);

        assign rkey = (keyexp_state_0)? kt[0:127] : {w0,w1,w2,w3};
        assign kt_rdy = keyexp_state_0; // Only accept new key in initial state.
        assign rkey_vld = ~keyexp_state_0 | kt_vld;
        assign rkey_last = keyexp_state_14;
        assign keyexp_state_0 = (keyexp_state == 0);
        assign keyexp_state_14 = (keyexp_state == 14);

        // Key Expansion state machine  
        always_ff @(posedge clk)
        begin
                if (rst)
                begin
                        keyexp_state <= 0;      // Reset to initial state
                        Rcon <= 8'h01;
                        Rcon_1 <= 8'h01;
                end
                else
                        unique case (keyexp_state)
                                0 :     // If valid key present, load key into roundkey register and proceed to next state
                                        if (kt_vld)
                                        begin
                                                keyexp_state <= keyexp_state + 1;
                                                {w0,w1,w2,w3,w4,w5,w6,w7} <= {next_w0, next_w1, next_w2, next_w3, next_w4, next_w5, next_w6, next_w7};
                                                Rcon_1 <= Rcon;
                                                Rcon <= 0;
                                        end
                                2,4,6,8,10,12 :
                                        // Proceed to next state and update roundkey register
                                        begin
                                                keyexp_state <= keyexp_state + 1;
                                                {w0,w1,w2,w3,w4,w5,w6,w7} <= {next_w0, next_w1, next_w2, next_w3, next_w4, next_w5, next_w6, next_w7};
                                                Rcon_1 <= Rcon;
                                                Rcon <= 0;
                                        end
                                1,3,5,7,9,11,13 :
                                        // Proceed to next state and update to roundkey register, also
                                        // advance Rcon to next value.
                                        begin
                                                keyexp_state <= keyexp_state + 1;
                                                {w0,w1,w2,w3,w4,w5,w6,w7} <= {next_w0, next_w1, next_w2, next_w3, next_w4, next_w5, next_w6, next_w7};
                                                Rcon <= (Rcon_1[0])? (Rcon_1 << 1) ^ 8'h1b : (Rcon_1 << 1);
                                                
                                        end
                                14:     // Wrap back to initial state
                                        begin
                                                keyexp_state <= 0;
                                                Rcon <= 8'h01;
                                        end
                        endcase
        end

endmodule

Go to most recent revision | Compare with Previous | Blame | View Log

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.