URL
https://opencores.org/ocsvn/nfcc/nfcc/trunk
Subversion Repositories nfcc
[/] [nfcc/] [trunk/] [camellia/] [keyscheduler.vhdl] - Rev 2
Compare with Previous | Blame | View Log
-- ------------------------------------------------------------------------ -- Copyright (C) 2010 Arif Endro Nugroho -- All rights reserved. -- -- Redistribution and use in source and binary forms, with or without -- modification, are permitted provided that the following conditions -- are met: -- -- 1. Redistributions of source code must retain the above copyright -- notice, this list of conditions and the following disclaimer. -- 2. Redistributions in binary form must reproduce the above copyright -- notice, this list of conditions and the following disclaimer in the -- documentation and/or other materials provided with the distribution. -- -- THIS SOFTWARE IS PROVIDED BY ARIF ENDRO NUGROHO "AS IS" AND ANY EXPRESS -- OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -- WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -- DISCLAIMED. IN NO EVENT SHALL ARIF ENDRO NUGROHO BE LIABLE FOR ANY -- DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN -- ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -- POSSIBILITY OF SUCH DAMAGE. -- -- End Of License. -- ------------------------------------------------------------------------ -- 128-bit key K: -- KL = K; KR = 0; -- 192-bit key K: -- KL = K >> 64; -- KR = ((K & MASK64) << 64) | (~(K & MASK64)); -- 256-bit key K: -- KL = K >> 128; -- KR = K & MASK128; -- The 128-bit variables KA and KB are generated from KL and KR as -- follows. Note that KB is used only if the length of the secret key -- is 192 or 256 bits. D1 and D2 are 64-bit temporary variables. F- -- function is described in Section 2.4. -- D1 = (KL ^ KR) >> 64; -- D2 = (KL ^ KR) & MASK64; -- D2 = D2 ^ F(D1, Sigma1); -- D1 = D1 ^ F(D2, Sigma2); -- D1 = D1 ^ (KL >> 64); -- D2 = D2 ^ (KL & MASK64); -- D2 = D2 ^ F(D1, Sigma3); -- D1 = D1 ^ F(D2, Sigma4); -- KA = (D1 << 64) | D2; -- D1 = (KA ^ KR) >> 64; -- D2 = (KA ^ KR) & MASK64; -- D2 = D2 ^ F(D1, Sigma5); -- D1 = D1 ^ F(D2, Sigma6); -- KB = (D1 << 64) | D2; -- The 64-bit constants Sigma1, Sigma2, ..., Sigma6 are used as "keys" -- in the F-function. These constant values are, in hexadecimal -- notation, as follows. -- Sigma1 = 0xA09E667F3BCC908B; -- Sigma2 = 0xB67AE8584CAA73B2; -- Sigma3 = 0xC6EF372FE94F82BE; -- Sigma4 = 0x54FF53A5F1D36F1C; -- Sigma5 = 0x10E527FADE682D1D; -- Sigma6 = 0xB05688C2B3E6C1FD; -- 64-bit subkeys are generated by rotating KL, KR, KA, and KB and -- taking the left- or right-half of them. -- For 128-bit keys, 64-bit subkeys kw1, ..., kw4, k1, ..., k18, -- ke1, ..., ke4 are generated as follows. -- kw1 = (KL <<< 0) >> 64; -- kw2 = (KL <<< 0) & MASK64; -- k1 = (KA <<< 0) >> 64; -- k2 = (KA <<< 0) & MASK64; -- k3 = (KL <<< 15) >> 64; -- k4 = (KL <<< 15) & MASK64; -- k5 = (KA <<< 15) >> 64; -- k6 = (KA <<< 15) & MASK64; -- ke1 = (KA <<< 30) >> 64; -- ke2 = (KA <<< 30) & MASK64; -- k7 = (KL <<< 45) >> 64; -- k8 = (KL <<< 45) & MASK64; -- k9 = (KA <<< 45) >> 64; -- k10 = (KL <<< 60) & MASK64; -- k11 = (KA <<< 60) >> 64; -- k12 = (KA <<< 60) & MASK64; -- ke3 = (KL <<< 77) >> 64; -- ke4 = (KL <<< 77) & MASK64; -- k13 = (KL <<< 94) >> 64; -- k14 = (KL <<< 94) & MASK64; -- k15 = (KA <<< 94) >> 64; -- k16 = (KA <<< 94) & MASK64; -- k17 = (KL <<< 111) >> 64; -- k18 = (KL <<< 111) & MASK64; -- kw3 = (KA <<< 111) >> 64; -- kw4 = (KA <<< 111) & MASK64; -- For 192- and 256-bit keys, 64-bit subkeys kw1, ..., kw4, k1, ..., -- k24, ke1, ..., ke6 are generated as follows. -- kw1 = (KL <<< 0) >> 64; -- kw2 = (KL <<< 0) & MASK64; -- k1 = (KB <<< 0) >> 64; -- k2 = (KB <<< 0) & MASK64; -- k3 = (KR <<< 15) >> 64; -- k4 = (KR <<< 15) & MASK64; -- k5 = (KA <<< 15) >> 64; -- k6 = (KA <<< 15) & MASK64; -- ke1 = (KR <<< 30) >> 64; -- ke2 = (KR <<< 30) & MASK64; -- k7 = (KB <<< 30) >> 64; -- k8 = (KB <<< 30) & MASK64; -- k9 = (KL <<< 45) >> 64; -- k10 = (KL <<< 45) & MASK64; -- k11 = (KA <<< 45) >> 64; -- k12 = (KA <<< 45) & MASK64; -- ke3 = (KL <<< 60) >> 64; -- ke4 = (KL <<< 60) & MASK64; -- k13 = (KR <<< 60) >> 64; -- k14 = (KR <<< 60) & MASK64; -- k15 = (KB <<< 60) >> 64; -- k16 = (KB <<< 60) & MASK64; -- k17 = (KL <<< 77) >> 64; -- k18 = (KL <<< 77) & MASK64; -- ke5 = (KA <<< 77) >> 64; -- ke6 = (KA <<< 77) & MASK64; -- k19 = (KR <<< 94) >> 64; -- k20 = (KR <<< 94) & MASK64; -- k21 = (KA <<< 94) >> 64; -- k22 = (KA <<< 94) & MASK64; -- k23 = (KL <<< 111) >> 64; -- k24 = (KL <<< 111) & MASK64; -- kw3 = (KB <<< 111) >> 64; -- kw4 = (KB <<< 111) & MASK64; entity keyscheduler is port ( key : in bit_vector ( 63 downto 0); Nk : in bit_vector ( 3 downto 0); ldk : in bit; w : out bit_vector ( 63 downto 0); v : out bit; clk : in bit; rst : in bit ); end keyscheduler; architecture phy of keyscheduler is constant sigma1 : bit_vector ( 63 downto 0) := X"a09e667f3bcc908b"; constant sigma2 : bit_vector ( 63 downto 0) := X"b67ae8584caa73b2"; constant sigma3 : bit_vector ( 63 downto 0) := X"c6ef372fe94f82be"; constant sigma4 : bit_vector ( 63 downto 0) := X"54ff53a5f1d36f1c"; constant sigma5 : bit_vector ( 63 downto 0) := X"10e527fade682d1d"; constant sigma6 : bit_vector ( 63 downto 0) := X"b05688c2b3e6c1fd"; signal lsfr : bit_vector (383 downto 0); -- constant sigma 1-6 signal sigma : bit_vector ( 63 downto 0); signal ireg1 : bit_vector (127 downto 0); signal ikey : bit_vector ( 63 downto 0); signal f : bit_vector ( 63 downto 0); signal l : bit_vector ( 63 downto 0); signal r : bit_vector ( 63 downto 0); signal fla : bit_vector ( 63 downto 0); signal s1i : bit_vector ( 7 downto 0); signal s2i : bit_vector ( 7 downto 0); signal s2t : bit_vector ( 7 downto 0); signal s3i : bit_vector ( 7 downto 0); signal s4i : bit_vector ( 7 downto 0); signal s5i : bit_vector ( 7 downto 0); signal s5t : bit_vector ( 7 downto 0); signal s6i : bit_vector ( 7 downto 0); signal s7i : bit_vector ( 7 downto 0); signal s8i : bit_vector ( 7 downto 0); signal s1o : bit_vector ( 7 downto 0); signal s2o : bit_vector ( 7 downto 0); signal s3o : bit_vector ( 7 downto 0); signal s4o : bit_vector ( 7 downto 0); signal s5o : bit_vector ( 7 downto 0); signal s6o : bit_vector ( 7 downto 0); signal s7o : bit_vector ( 7 downto 0); signal s8o : bit_vector ( 7 downto 0); signal z1 : bit_vector ( 7 downto 0); signal z2 : bit_vector ( 7 downto 0); signal z3 : bit_vector ( 7 downto 0); signal z4 : bit_vector ( 7 downto 0); signal z5 : bit_vector ( 7 downto 0); signal z6 : bit_vector ( 7 downto 0); signal z7 : bit_vector ( 7 downto 0); signal z8 : bit_vector ( 7 downto 0); signal ildk : bit; signal shift : bit; component sbox port ( di : in bit_vector ( 7 downto 0); do : out bit_vector ( 7 downto 0) ); end component; begin sb1 : sbox port map ( di => s1i, do => s1o ); sb2 : sbox port map ( di => s2i, do => s2o ); sb3 : sbox port map ( di => s3i, do => s3o ); sb4 : sbox port map ( di => s4i, do => s4o ); sb5 : sbox port map ( di => s5i, do => s5o ); sb6 : sbox port map ( di => s6i, do => s6o ); sb7 : sbox port map ( di => s7i, do => s7o ); sb8 : sbox port map ( di => s8i, do => s8o ); --L_{r} == R_{r-1} xor F(L_{r-1}, kr) --R_{r} == L_{r-1} l <= ireg1(127 downto 64); r <= ireg1( 63 downto 0); sigma <= lsfr (383 downto 320); s1i <= l ( 7 downto 0) xor sigma( 7 downto 0); s2t <= l ( 15 downto 8) xor sigma(15 downto 8); s2i <= s2t(6 downto 0) & s2t(7); s3i <= l ( 23 downto 16) xor sigma(23 downto 16); s4i <= l ( 31 downto 24) xor sigma(31 downto 24);-- SBOX4(ROTL1x) s5t <= l ( 39 downto 32) xor sigma(39 downto 32); s5i <= s5t(6 downto 0) & s5t(7); s6i <= l ( 47 downto 40) xor sigma(47 downto 40); s7i <= l ( 55 downto 48) xor sigma(55 downto 48);-- SBOX4(ROTL1x) s8i <= l ( 63 downto 56) xor sigma(63 downto 56); --S-function z8 <= s1o; -- SBOX1 z7 <= s2o; -- SBOX4(ROTL1x) z6 <= s3o(0) & s3o(7 downto 1); -- SBOX3 ROTR1 z5 <= s4o(6 downto 0) & s4o(7); -- SBOX2 ROTL1 z4 <= s5o; -- SBOX4(ROTL1x) z3 <= s6o(0) & s6o(7 downto 1); -- SBOX3 ROTR1 z2 <= s7o(6 downto 0) & s7o(7); -- SBOX2 ROTL1 z1 <= s8o; -- SBOX1 --P-function --z'1 == z1 xor z3 xor z4 xor z6 xor z7 xor z8 --z'2 == z1 xor z2 xor z4 xor z5 xor z7 xor z8 --z'3 == z1 xor z2 xor z3 xor z5 xor z6 xor z8 --z'4 == z2 xor z3 xor z4 xor z5 xor z6 xor z7 --z'5 == z1 xor z2 xor z6 xor z7 xor z8 --z'6 == z2 xor z3 xor z5 xor z7 xor z8 --z'7 == z3 xor z4 xor z5 xor z6 xor z8 --z'8 == z1 xor z4 xor z5 xor z6 xor z7 f (63 downto 56) <= z1 xor z3 xor z4 xor z6 xor z7 xor z8 ; f (55 downto 48) <= z1 xor z2 xor z4 xor z5 xor z7 xor z8 ; f (47 downto 40) <= z1 xor z2 xor z3 xor z5 xor z6 xor z8 ; f (39 downto 32) <= z2 xor z3 xor z4 xor z5 xor z6 xor z7 ; f (31 downto 24) <= z1 xor z2 xor z6 xor z7 xor z8 ; f (23 downto 16) <= z2 xor z3 xor z5 xor z7 xor z8 ; f (15 downto 8) <= z3 xor z4 xor z5 xor z6 xor z8 ; f ( 7 downto 0) <= z1 xor z4 xor z5 xor z6 xor z7 ; --F-function fla <= r xor f; process (clk) begin if ((clk = '1') and clk'event) then if (rst = '1') then ikey <= (others => '0'); ildk <= '0'; shift <= '0'; else ikey <= key; ildk <= ldk; shift <= '1'; end if; end if; end process; process (clk) begin if ((clk = '1') and clk'event) then if (rst = '1') then lsfr(383 downto 320) <= sigma1; lsfr(319 downto 256) <= sigma2; lsfr(255 downto 192) <= sigma3; lsfr(191 downto 128) <= sigma4; lsfr(127 downto 64) <= sigma5; lsfr( 63 downto 0) <= sigma6; elsif (shift = '1') then lsfr <= lsfr (319 downto 0) & lsfr ( 383 downto 320); end if; end if; end process; process (clk) begin if ((clk = '1') and clk'event) then if (rst = '1') then ireg1(127 downto 0) <= (others => '0') ; elsif (ildk = '1') then ireg1(127 downto 0) <= ireg1( 63 downto 0) & ikey; -- initial round 2-4 clock else ireg1( 63 downto 0) <= r ; ireg1(127 downto 64) <= l ; end if; end if; end process; v <= '0'; w <= fla when v = '0' else (others => '0'); end phy;