cryptography ip-cores in vhdl / verilog
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

389 lines
17 KiB

11 years ago
11 years ago
  1. -- ======================================================================
  2. -- AES encryption/decryption
  3. -- Copyright (C) 2019 Torsten Meissner
  4. -------------------------------------------------------------------------
  5. -- This program is free software; you can redistribute it and/or modify
  6. -- it under the terms of the GNU General Public License as published by
  7. -- the Free Software Foundation; either version 2 of the License, or
  8. -- (at your option) any later version.
  9. -- This program is distributed in the hope that it will be useful,
  10. -- but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. -- GNU General Public License for more details.
  13. -- You should have received a copy of the GNU General Public License
  14. -- along with this program; if not, write to the Free Software
  15. -- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  16. -- ======================================================================
  17. -- aes implementation
  18. -- key length: 128 bit -> Nk = 4
  19. -- data width: 128 bit -> Nb = 4
  20. -- round number Nr = 10
  21. library ieee;
  22. use ieee.std_logic_1164.all;
  23. use ieee.numeric_std.all;
  24. package aes_pkg is
  25. -- components
  26. component aes_enc is
  27. generic (
  28. design_type : string := "ITER"
  29. );
  30. port (
  31. reset_i : in std_logic;
  32. clk_i : in std_logic;
  33. key_i : in std_logic_vector(0 to 127);
  34. data_i : in std_logic_vector(0 to 127);
  35. valid_i : in std_logic;
  36. accept_o : out std_logic;
  37. data_o : out std_logic_vector(0 to 127);
  38. valid_o : out std_logic;
  39. accept_i : in std_logic
  40. );
  41. end component aes_enc;
  42. component aes_dec is
  43. generic (
  44. design_type : string := "ITER"
  45. );
  46. port (
  47. reset_i : in std_logic;
  48. clk_i : in std_logic;
  49. key_i : in std_logic_vector(0 to 127);
  50. data_i : in std_logic_vector(0 to 127);
  51. valid_i : in std_logic;
  52. accept_o : out std_logic;
  53. data_o : out std_logic_vector(0 to 127);
  54. valid_o : out std_logic;
  55. accept_i : in std_logic
  56. );
  57. end component aes_dec;
  58. -- constants for AES128
  59. constant c_nk : natural := 4; -- key size
  60. constant c_nb : natural := 4; -- number of bytes
  61. constant c_nr : natural := 10; -- number of rounds
  62. subtype t_rounds is natural range 0 to c_nr + 1;
  63. subtype t_key_rounds is natural range c_nk to c_nb * (c_nr + 1);
  64. subtype t_enc_rounds is natural range t_rounds'low to t_rounds'high+1;
  65. subtype t_dec_rounds is natural range t_rounds'low to t_rounds'high+1;
  66. type t_datatable1d is array (0 to 3) of std_logic_vector(7 downto 0);
  67. type t_datatable2d is array (0 to 3) of t_datatable1d;
  68. type t_stable1d is array (0 to 15) of std_logic_vector(7 downto 0);
  69. type t_stable2d is array (0 to 15) of t_stable1d;
  70. type t_key is array (0 to 3) of std_logic_vector(31 downto 0);
  71. type t_rcon is array (0 to 9) of std_logic_vector(7 downto 0);
  72. constant c_sbox : t_stable2d := (
  73. -- 0 1 2 3 4 5 6 7 8 9 A B C D E F
  74. (x"63", x"7c", x"77", x"7b", x"f2", x"6b", x"6f", x"c5", x"30", x"01", x"67", x"2b", x"fe", x"d7", x"ab", x"76"), -- 0
  75. (x"ca", x"82", x"c9", x"7d", x"fa", x"59", x"47", x"f0", x"ad", x"d4", x"a2", x"af", x"9c", x"a4", x"72", x"c0"), -- 1
  76. (x"b7", x"fd", x"93", x"26", x"36", x"3f", x"f7", x"cc", x"34", x"a5", x"e5", x"f1", x"71", x"d8", x"31", x"15"), -- 2
  77. (x"04", x"c7", x"23", x"c3", x"18", x"96", x"05", x"9a", x"07", x"12", x"80", x"e2", x"eb", x"27", x"b2", x"75"), -- 3
  78. (x"09", x"83", x"2c", x"1a", x"1b", x"6e", x"5a", x"a0", x"52", x"3b", x"d6", x"b3", x"29", x"e3", x"2f", x"84"), -- 4
  79. (x"53", x"d1", x"00", x"ed", x"20", x"fc", x"b1", x"5b", x"6a", x"cb", x"be", x"39", x"4a", x"4c", x"58", x"cf"), -- 5
  80. (x"d0", x"ef", x"aa", x"fb", x"43", x"4d", x"33", x"85", x"45", x"f9", x"02", x"7f", x"50", x"3c", x"9f", x"a8"), -- 6
  81. (x"51", x"a3", x"40", x"8f", x"92", x"9d", x"38", x"f5", x"bc", x"b6", x"da", x"21", x"10", x"ff", x"f3", x"d2"), -- 7
  82. (x"cd", x"0c", x"13", x"ec", x"5f", x"97", x"44", x"17", x"c4", x"a7", x"7e", x"3d", x"64", x"5d", x"19", x"73"), -- 8
  83. (x"60", x"81", x"4f", x"dc", x"22", x"2a", x"90", x"88", x"46", x"ee", x"b8", x"14", x"de", x"5e", x"0b", x"db"), -- 9
  84. (x"e0", x"32", x"3a", x"0a", x"49", x"06", x"24", x"5c", x"c2", x"d3", x"ac", x"62", x"91", x"95", x"e4", x"79"), -- A
  85. (x"e7", x"c8", x"37", x"6d", x"8d", x"d5", x"4e", x"a9", x"6c", x"56", x"f4", x"ea", x"65", x"7a", x"ae", x"08"), -- B
  86. (x"ba", x"78", x"25", x"2e", x"1c", x"a6", x"b4", x"c6", x"e8", x"dd", x"74", x"1f", x"4b", x"bd", x"8b", x"8a"), -- C
  87. (x"70", x"3e", x"b5", x"66", x"48", x"03", x"f6", x"0e", x"61", x"35", x"57", x"b9", x"86", x"c1", x"1d", x"9e"), -- D
  88. (x"e1", x"f8", x"98", x"11", x"69", x"d9", x"8e", x"94", x"9b", x"1e", x"87", x"e9", x"ce", x"55", x"28", x"df"), -- E
  89. (x"8c", x"a1", x"89", x"0d", x"bf", x"e6", x"42", x"68", x"41", x"99", x"2d", x"0f", x"b0", x"54", x"bb", x"16")); -- F
  90. constant c_sbox_invers : t_stable2d := (
  91. -- 0 1 2 3 4 5 6 7 8 9 A B C D E F
  92. (x"52", x"09", x"6a", x"d5", x"30", x"36", x"a5", x"38", x"bf", x"40", x"a3", x"9e", x"81", x"f3", x"d7", x"fb"), -- 0
  93. (x"7c", x"e3", x"39", x"82", x"9b", x"2f", x"ff", x"87", x"34", x"8e", x"43", x"44", x"c4", x"de", x"e9", x"cb"), -- 1
  94. (x"54", x"7b", x"94", x"32", x"a6", x"c2", x"23", x"3d", x"ee", x"4c", x"95", x"0b", x"42", x"fa", x"c3", x"4e"), -- 2
  95. (x"08", x"2e", x"a1", x"66", x"28", x"d9", x"24", x"b2", x"76", x"5b", x"a2", x"49", x"6d", x"8b", x"d1", x"25"), -- 3
  96. (x"72", x"f8", x"f6", x"64", x"86", x"68", x"98", x"16", x"d4", x"a4", x"5c", x"cc", x"5d", x"65", x"b6", x"92"), -- 4
  97. (x"6c", x"70", x"48", x"50", x"fd", x"ed", x"b9", x"da", x"5e", x"15", x"46", x"57", x"a7", x"8d", x"9d", x"84"), -- 5
  98. (x"90", x"d8", x"ab", x"00", x"8c", x"bc", x"d3", x"0a", x"f7", x"e4", x"58", x"05", x"b8", x"b3", x"45", x"06"), -- 6
  99. (x"d0", x"2c", x"1e", x"8f", x"ca", x"3f", x"0f", x"02", x"c1", x"af", x"bd", x"03", x"01", x"13", x"8a", x"6b"), -- 7
  100. (x"3a", x"91", x"11", x"41", x"4f", x"67", x"dc", x"ea", x"97", x"f2", x"cf", x"ce", x"f0", x"b4", x"e6", x"73"), -- 8
  101. (x"96", x"ac", x"74", x"22", x"e7", x"ad", x"35", x"85", x"e2", x"f9", x"37", x"e8", x"1c", x"75", x"df", x"6e"), -- 9
  102. (x"47", x"f1", x"1a", x"71", x"1d", x"29", x"c5", x"89", x"6f", x"b7", x"62", x"0e", x"aa", x"18", x"be", x"1b"), -- A
  103. (x"fc", x"56", x"3e", x"4b", x"c6", x"d2", x"79", x"20", x"9a", x"db", x"c0", x"fe", x"78", x"cd", x"5a", x"f4"), -- B
  104. (x"1f", x"dd", x"a8", x"33", x"88", x"07", x"c7", x"31", x"b1", x"12", x"10", x"59", x"27", x"80", x"ec", x"5f"), -- C
  105. (x"60", x"51", x"7f", x"a9", x"19", x"b5", x"4a", x"0d", x"2d", x"e5", x"7a", x"9f", x"93", x"c9", x"9c", x"ef"), -- D
  106. (x"a0", x"e0", x"3b", x"4d", x"ae", x"2a", x"f5", x"b0", x"c8", x"eb", x"bb", x"3c", x"83", x"53", x"99", x"61"), -- E
  107. (x"17", x"2b", x"04", x"7e", x"ba", x"77", x"d6", x"26", x"e1", x"69", x"14", x"63", x"55", x"21", x"0c", x"7d"));-- F
  108. constant c_rcon : t_rcon := (x"01", x"02", x"04", x"08", x"10", x"20", x"40", x"80", x"1B", x"36");
  109. function bytesub (input : std_logic_vector(7 downto 0)) return std_logic_vector;
  110. function invbytesub (input : std_logic_vector(7 downto 0)) return std_logic_vector;
  111. function subbytes (input : in t_datatable2d) return t_datatable2d;
  112. function invsubbytes (input : in t_datatable2d) return t_datatable2d;
  113. function shiftrow (input : t_datatable2d) return t_datatable2d;
  114. function invshiftrow (input : t_datatable2d) return t_datatable2d;
  115. function mixcolumns (input : t_datatable2d) return t_datatable2d;
  116. function invmixcolumns (input : t_datatable2d) return t_datatable2d;
  117. function gmul (a : std_logic_vector(7 downto 0); b : std_logic_vector(7 downto 0)) return std_logic_vector;
  118. function addroundkey (input : in t_datatable2d; key : in t_key) return t_datatable2d;
  119. function subword (input : in std_logic_vector(31 downto 0)) return std_logic_vector;
  120. function rotword (input : in std_logic_vector(31 downto 0)) return std_logic_vector;
  121. function key_round (key : t_key; round : t_enc_rounds) return t_key;
  122. function set_state (input : in std_logic_vector(0 to 127)) return t_datatable2d;
  123. function get_state (input : in t_datatable2d) return std_logic_vector;
  124. function set_key (input : in std_logic_vector(0 to 127)) return t_key;
  125. function to_string(input : t_datatable2d) return string;
  126. end package aes_pkg;
  127. package body aes_pkg is
  128. function bytesub (input : std_logic_vector(7 downto 0)) return std_logic_vector is
  129. begin
  130. return c_sbox(to_integer(unsigned(input(7 downto 4))))(to_integer(unsigned(input(3 downto 0))));
  131. end function bytesub;
  132. function invbytesub (input : std_logic_vector(7 downto 0)) return std_logic_vector is
  133. begin
  134. return c_sbox_invers(to_integer(unsigned(input(7 downto 4))))(to_integer(unsigned(input(3 downto 0))));
  135. end function invbytesub;
  136. function subbytes (input : in t_datatable2d) return t_datatable2d is
  137. variable v_data : t_datatable2d;
  138. begin
  139. for column in 0 to 3 loop
  140. for row in 0 to 3 loop
  141. v_data(row)(column) := c_sbox(to_integer(unsigned(input(row)(column)(7 downto 4))))(to_integer(unsigned(input(row)(column)(3 downto 0))));
  142. end loop;
  143. end loop;
  144. return v_data;
  145. end function subbytes;
  146. function invsubbytes (input : in t_datatable2d) return t_datatable2d is
  147. variable v_data : t_datatable2d;
  148. begin
  149. for column in 0 to 3 loop
  150. for row in 0 to 3 loop
  151. v_data(row)(column) := c_sbox_invers(to_integer(unsigned(input(row)(column)(7 downto 4))))(to_integer(unsigned(input(row)(column)(3 downto 0))));
  152. end loop;
  153. end loop;
  154. return v_data;
  155. end function invsubbytes;
  156. function shiftrow (input : t_datatable2d) return t_datatable2d is
  157. variable v_datamatrix : t_datatable2d;
  158. begin
  159. -- copy input in internal matrix
  160. v_datamatrix := input;
  161. -- 2nd row
  162. v_datamatrix(1)(0) := input(1)(1);
  163. v_datamatrix(1)(1) := input(1)(2);
  164. v_datamatrix(1)(2) := input(1)(3);
  165. v_datamatrix(1)(3) := input(1)(0);
  166. -- 3rd row
  167. v_datamatrix(2)(0) := input(2)(2);
  168. v_datamatrix(2)(1) := input(2)(3);
  169. v_datamatrix(2)(2) := input(2)(0);
  170. v_datamatrix(2)(3) := input(2)(1);
  171. -- 4rd row
  172. v_datamatrix(3)(0) := input(3)(3);
  173. v_datamatrix(3)(1) := input(3)(0);
  174. v_datamatrix(3)(2) := input(3)(1);
  175. v_datamatrix(3)(3) := input(3)(2);
  176. -- return manipulated internal matrix
  177. return v_datamatrix;
  178. end function shiftrow;
  179. function invshiftrow (input : t_datatable2d) return t_datatable2d is
  180. variable v_datamatrix : t_datatable2d;
  181. begin
  182. -- copy input in internal matrix
  183. v_datamatrix := input;
  184. -- 2nd row
  185. v_datamatrix(1)(0) := input(1)(3);
  186. v_datamatrix(1)(1) := input(1)(0);
  187. v_datamatrix(1)(2) := input(1)(1);
  188. v_datamatrix(1)(3) := input(1)(2);
  189. -- 3rd row
  190. v_datamatrix(2)(0) := input(2)(2);
  191. v_datamatrix(2)(1) := input(2)(3);
  192. v_datamatrix(2)(2) := input(2)(0);
  193. v_datamatrix(2)(3) := input(2)(1);
  194. -- 4rd row
  195. v_datamatrix(3)(0) := input(3)(1);
  196. v_datamatrix(3)(1) := input(3)(2);
  197. v_datamatrix(3)(2) := input(3)(3);
  198. v_datamatrix(3)(3) := input(3)(0);
  199. -- return manipulated internal matrix
  200. return v_datamatrix;
  201. end function invshiftrow;
  202. -- trivial algorithmus to multiply two bytes in the GF(2^8) finite field defined
  203. -- by the polynomial x^8 + x^4 + x^3 + x + 1
  204. -- taken from http://www.codeplanet.eu/tutorials/cpp/51-advanced-encryption-standard.html
  205. -- and ported to vhdl
  206. function gmul (a : std_logic_vector(7 downto 0); b : std_logic_vector(7 downto 0)) return std_logic_vector is
  207. variable v_a, v_b : std_logic_vector(7 downto 0);
  208. variable v_data : std_logic_vector(7 downto 0) := (others => '0');
  209. variable v_hi_bit_set : boolean;
  210. begin
  211. v_a := a;
  212. v_b := b;
  213. for index in 0 to 7 loop
  214. if(v_b(0) = '1') then
  215. v_data := v_data xor v_a;
  216. end if;
  217. v_hi_bit_set := v_a(7) = '1';
  218. v_a := v_a(6 downto 0) & '0';
  219. if (v_hi_bit_set) then
  220. v_a := v_a xor x"1B";
  221. end if;
  222. v_b := '0' & v_b(7 downto 1);
  223. end loop;
  224. return v_data;
  225. end function gmul;
  226. -- matrix columns manipulation
  227. function mixcolumns (input : t_datatable2d) return t_datatable2d is
  228. variable v_data : t_datatable2d;
  229. begin
  230. for column in 0 to 3 loop
  231. v_data(0)(column) := gmul(x"02", input(0)(column)) xor gmul(x"03", input(1)(column)) xor input(2)(column) xor input(3)(column);
  232. v_data(1)(column) := input(0)(column) xor gmul(x"02", input(1)(column)) xor gmul(x"03",input(2)(column)) xor input(3)(column);
  233. v_data(2)(column) := input(0)(column) xor input(1)(column) xor gmul(x"02",input(2)(column)) xor gmul(x"03",input(3)(column));
  234. v_data(3)(column) := gmul(x"03", input(0)(column)) xor input(1)(column) xor input(2)(column) xor gmul(x"02",input(3)(column));
  235. end loop;
  236. return v_data;
  237. end function mixcolumns;
  238. -- matrix columns manipulation
  239. function invmixcolumns (input : t_datatable2d) return t_datatable2d is
  240. variable v_data : t_datatable2d;
  241. begin
  242. for column in 0 to 3 loop
  243. v_data(0)(column) := gmul(x"0E", input(0)(column)) xor gmul(x"0B", input(1)(column)) xor gmul(x"0D", input(2)(column)) xor gmul(x"09", input(3)(column));
  244. v_data(1)(column) := gmul(x"09", input(0)(column)) xor gmul(x"0E", input(1)(column)) xor gmul(x"0B", input(2)(column)) xor gmul(x"0D", input(3)(column));
  245. v_data(2)(column) := gmul(x"0D", input(0)(column)) xor gmul(x"09", input(1)(column)) xor gmul(x"0E", input(2)(column)) xor gmul(x"0B", input(3)(column));
  246. v_data(3)(column) := gmul(x"0B", input(0)(column)) xor gmul(x"0D", input(1)(column)) xor gmul(x"09", input(2)(column)) xor gmul(x"0E", input(3)(column));
  247. end loop;
  248. return v_data;
  249. end function invmixcolumns;
  250. function addroundkey (input : in t_datatable2d; key : in t_key) return t_datatable2d is
  251. variable v_data : t_datatable2d;
  252. variable v_key : t_datatable1d;
  253. begin
  254. for column in 0 to 3 loop
  255. v_key := (key(column)(31 downto 24), key(column)(23 downto 16), key(column)(15 downto 8), key(column)(7 downto 0));
  256. for row in 0 to 3 loop
  257. v_data(row)(column) := input(row)(column) xor v_key(row);
  258. end loop;
  259. end loop;
  260. return v_data;
  261. end function addroundkey;
  262. function subword (input : in std_logic_vector(31 downto 0)) return std_logic_vector is
  263. variable v_data : std_logic_vector(31 downto 0);
  264. begin
  265. v_data := bytesub(input(31 downto 24)) & bytesub(input(23 downto 16)) & bytesub(input(15 downto 8)) & bytesub(input(7 downto 0));
  266. return v_data;
  267. end function subword;
  268. function rotword (input : in std_logic_vector(31 downto 0)) return std_logic_vector is
  269. begin
  270. return (input(23 downto 16), input(15 downto 8), input(7 downto 0), input(31 downto 24));
  271. end function rotword;
  272. function key_round (key : t_key; round : t_enc_rounds) return t_key is
  273. variable v_key : t_key;
  274. begin
  275. v_key(3) := subword(rotword(key(3))) xor (c_rcon(round) & x"000000");
  276. v_key(0) := key(0) xor v_key(3);
  277. v_key(1) := v_key(0) xor key(1);
  278. v_key(2) := v_key(1) xor key(2);
  279. v_key(3) := v_key(2) xor key(3);
  280. return v_key;
  281. end function key_round;
  282. function set_state (input : in std_logic_vector(0 to 127)) return t_datatable2d is
  283. variable v_data : t_datatable2d;
  284. begin
  285. for column in 0 to 3 loop
  286. for row in 0 to 3 loop
  287. v_data(row)(column) := input(row*8+column*32 to row*8+column*32+7);
  288. end loop;
  289. end loop;
  290. return v_data;
  291. end function set_state;
  292. function get_state (input : in t_datatable2d) return std_logic_vector is
  293. begin
  294. return input(0)(0) & input(1)(0) & input(2)(0) & input(3)(0) &
  295. input(0)(1) & input(1)(1) & input(2)(1) & input(3)(1) &
  296. input(0)(2) & input(1)(2) & input(2)(2) & input(3)(2) &
  297. input(0)(3) & input(1)(3) & input(2)(3) & input(3)(3);
  298. end function get_state;
  299. function set_key (input : in std_logic_vector(0 to 127)) return t_key is
  300. begin
  301. return (input(0 to 31), input(32 to 63), input(64 to 95), input(96 to 127));
  302. end function set_key;
  303. function to_string(input : t_datatable2d) return string is
  304. begin
  305. return '(' & to_hstring(input(0)(0)) & ',' & to_hstring(input(0)(1)) & ',' & to_hstring(input(0)(2)) & ',' & to_hstring(input(0)(3)) & ')' & LF &
  306. '(' & to_hstring(input(1)(0)) & ',' & to_hstring(input(1)(1)) & ',' & to_hstring(input(1)(2)) & ',' & to_hstring(input(1)(3)) & ')' & LF &
  307. '(' & to_hstring(input(2)(0)) & ',' & to_hstring(input(2)(1)) & ',' & to_hstring(input(2)(2)) & ',' & to_hstring(input(2)(3)) & ')' & LF &
  308. '(' & to_hstring(input(3)(0)) & ',' & to_hstring(input(3)(1)) & ',' & to_hstring(input(3)(2)) & ',' & to_hstring(input(3)(3)) & ')';
  309. end function to_string;
  310. end package body aes_pkg;