Implement key schedule for encryption, finally

aes/rtl/vhdl/aes_enc.vhd

@@ -48,30 +48,9 @@ end entity aes_enc;
 architecture rtl of aes_enc is
 
 
-  -- Fixed round keys for verification until key schedule is implemented
-  type t_key_array is array (1 to 11) of t_key;
-  constant c_round_keys : t_key_array := (
-    (x"2b7e1516", x"28aed2a6", x"abf71588", x"09cf4f3c"),
-    (x"a0fafe17", x"88542cb1", x"23a33939", x"2a6c7605"),
-    (x"f2c295f2", x"7a96b943", x"5935807a", x"7359f67f"),
-    (x"3d80477d", x"4716fe3e", x"1e237e44", x"6d7a883b"),
-    (x"ef44a541", x"a8525b7f", x"b671253b", x"db0bad00"),
-    (x"d4d1c6f8", x"7c839d87", x"caf2b8bc", x"11f915bc"),
-    (x"6d88a37a", x"110b3efd", x"dbf98641", x"ca0093fd"),
-    (x"4e54f70e", x"5f5fc9f3", x"84a64fb2", x"4ea6dc4f"),
-    (x"ead27321", x"b58dbad2", x"312bf560", x"7f8d292f"),
-    (x"ac7766f3", x"19fadc21", x"28d12941", x"575c006e"),
-    (x"d014f9a8", x"c9ee2589", x"e13f0cc8", x"b6630ca6")
-  );
-  signal s_round_key : t_key := (others => (others => '0'));
-
-
 begin
 
 
-  -- psl default clock is rising_edge(Clk_i);
-
-
   IterG : if design_type = "ITER" generate
   
   
@@ -81,14 +60,13 @@ begin
   begin
 
 
-    s_round_key <= c_round_keys(s_round) when s_round >= 1 and s_round <= 11 else
-                   (others => (others => '0'));
-
     CryptP : process (reset_i, clk_i) is
       variable v_state : t_datatable2d;
+      variable v_key   : t_key;
     begin
       if (reset_i = '0') then
         v_state  := (others => (others => (others => '0')));
+        v_key    := (others => (others => '0'));
         s_round  <= 0;
         accept_o <= '0';
         data_o   <= (others => '0');
@@ -101,17 +79,19 @@ begin
             if (accept_o = '1' and valid_i = '1') then
               accept_o <= '0';
               v_state  := set_state(data_i);
+              v_key    := (key_i(0 to 31), key_i(32 to 63), key_i(64 to 95), key_i(96 to 127));
               s_round  <= s_round + 1;
             end if;
 
           when 1 =>
-            v_state := addroundkey(v_state, s_round_key);
+            v_state := addroundkey(v_state, v_key);
+            v_key   := key_round(v_key, s_round-1);
             s_round <= s_round + 1;
 
           when t_enc_rounds'high-1 =>
             v_state := subbytes(v_state);
             v_state := shiftrow(v_state);
-            v_state := addroundkey(v_state, s_round_key);
+            v_state := addroundkey(v_state, v_key);
             s_round <= s_round + 1;
             -- set data & valid to save one cycle
             valid_o <= '1';
@@ -130,7 +110,8 @@ begin
             v_state := subbytes(v_state);
             v_state := shiftrow(v_state);
             v_state := mixcolumns(v_state);
-            v_state := addroundkey(v_state, s_round_key);
+            v_state := addroundkey(v_state, v_key);
+            v_key   := key_round(v_key, s_round-1);
             s_round <= s_round + 1;
 
         end case;
@@ -148,21 +129,23 @@ begin
       s_data <= data_o  when rising_edge(clk_i) else
                 128x"0" when reset_i = '0';
 
-      -- psl cover accept_o;
-      -- psl assert always (accept_o -> s_round = 0);
+      default clock is rising_edge(Clk_i);
+
+      cover {accept_o};
+      assert always (accept_o -> s_round = 0);
     
-      -- psl cover valid_i and accept_o;
-      -- psl assert always (valid_i and accept_o -> next not accept_o);
+      cover {valid_i and accept_o};
+      assert always (valid_i and accept_o -> next not accept_o);
 
-      -- psl cover valid_o;
-      -- psl assert always (valid_o -> s_round = t_enc_rounds'high);
+      cover {valid_o};
+      assert always (valid_o -> s_round = t_enc_rounds'high);
 
-      -- psl cover valid_o and accept_i;
-      -- psl assert always (valid_o and accept_i -> next not valid_o);
+      cover {valid_o and accept_i};
+      assert always (valid_o and accept_i -> next not valid_o);
 
-      -- psl cover valid_o and not accept_i;
-      -- psl assert always (valid_o and not accept_i -> next valid_o);
-      -- psl assert always (valid_o and not accept_i -> next data_o = s_data);
+      cover {valid_o and not accept_i};
+      assert always (valid_o and not accept_i -> next valid_o);
+      assert always (valid_o and not accept_i -> next data_o = s_data);
 
     end block verification;
     -- synthesis on

aes/rtl/vhdl/aes_pkg.vhd

@@ -88,7 +88,7 @@ package aes_pkg is
 
   type t_key is array (0 to 3) of std_logic_vector(31 downto 0);
 
-  type t_rcon is array (0 to 9) of t_datatable1d;
+  type t_rcon is array (0 to 9) of std_logic_vector(7 downto 0);
 
   constant c_sbox : t_stable2d := (
     -- 0     1      2      3      4      5      6      7      8      9      A      B      C      D      E      F
@@ -128,17 +128,7 @@ package aes_pkg is
     (x"a0", x"e0", x"3b", x"4d", x"ae", x"2a", x"f5", x"b0", x"c8", x"eb", x"bb", x"3c", x"83", x"53", x"99", x"61"), -- E
     (x"17", x"2b", x"04", x"7e", x"ba", x"77", x"d6", x"26", x"e1", x"69", x"14", x"63", x"55", x"21", x"0c", x"7d"));-- F
 
-  constant c_rcon : t_rcon := (
-    (x"01", x"00", x"00", x"00"),
-    (x"02", x"00", x"00", x"00"),
-    (x"04", x"00", x"00", x"00"),
-    (x"08", x"00", x"00", x"00"),
-    (x"10", x"00", x"00", x"00"),
-    (x"20", x"00", x"00", x"00"),
-    (x"40", x"00", x"00", x"00"),
-    (x"80", x"00", x"00", x"00"),
-    (x"1B", x"00", x"00", x"00"),
-    (x"36", x"00", x"00", x"00"));
+  constant c_rcon : t_rcon := (x"01", x"02", x"04", x"08", x"10", x"20", x"40", x"80", x"1B", x"36");
 
   type t_mode is (ENCRYPT, DECRYPT);
 
@@ -161,9 +151,11 @@ package aes_pkg is
 
   function addroundkey (input : in t_datatable2d; key : in t_key) return t_datatable2d;
 
-  function subword (input : in t_datatable1d) return t_datatable1d;
+  function subword (input : in std_logic_vector(31 downto 0)) return std_logic_vector;
 
-  function rotword (input : in t_datatable1d) return t_datatable1d;
+  function rotword (input : in std_logic_vector(31 downto 0)) return std_logic_vector;
+
+  function key_round (key : t_key; round : t_enc_rounds) return t_key;
 
   function set_state (input : in std_logic_vector(0 to 127)) return t_datatable2d;
 
@@ -345,22 +337,32 @@ package body aes_pkg is
   end function addroundkey;
 
 
-  function subword (input : in t_datatable1d) return t_datatable1d is
-    variable v_data : t_datatable1d;
+  function subword (input : in std_logic_vector(31 downto 0)) return std_logic_vector is
+    variable v_data : std_logic_vector(31 downto 0);
   begin
-    for i in 0 to 3 loop
-      v_data(i) := c_sbox(to_integer(unsigned(input(i)(7 downto 4))))(to_integer(unsigned(input(i)(3 downto 0))));
-    end loop;
+    v_data := bytesub(input(31 downto 24)) & bytesub(input(23 downto 16)) & bytesub(input(15 downto 8)) & bytesub(input(7 downto 0));
     return v_data;
   end function subword;
 
 
-  function rotword (input : in t_datatable1d) return t_datatable1d is
+  function rotword (input : in std_logic_vector(31 downto 0)) return std_logic_vector is
   begin
-    return(input(1), input(2), input(3), input(0));
+    return (input(23 downto 16), input(15 downto 8), input(7 downto 0), input(31 downto 24));
   end function rotword;
 
 
+  function key_round (key : t_key; round : t_enc_rounds) return t_key is
+    variable v_key : t_key;
+  begin
+    v_key(3) := subword(rotword(key(3))) xor (c_rcon(round) & x"000000");
+    v_key(0) := key(0) xor v_key(3);
+    v_key(1) := v_key(0) xor key(1);
+    v_key(2) := v_key(1) xor key(2);
+    v_key(3) := v_key(2) xor key(3);
+    return v_key;
+  end function key_round;
+
+
   function set_state (input : in std_logic_vector(0 to 127)) return t_datatable2d is
     variable v_data : t_datatable2d;
   begin

aes/sim/vhdl/tb_aes.vhd

@@ -95,6 +95,7 @@ begin
     report "Test encryption";
     wait until rising_edge(s_clk);
     s_validin_enc <= '1';
+    s_key <= x"2b7e151628aed2a6abf7158809cf4f3c";
     s_datain <= x"3243f6a8885a308d313198a2e0370734";
     wait until s_acceptout_enc = '1' and rising_edge(s_clk);
     s_validin_enc <= '0';