| Pirmin Vogel | ffb02b2 | 2021-11-25 14:00:30 +0100 | [diff] [blame] | 1 | // Copyright lowRISC contributors. |
| 2 | // Licensed under the Apache License, Version 2.0, see LICENSE for details. |
| 3 | // SPDX-License-Identifier: Apache-2.0 |
| 4 | |
| 5 | // AES reduced round data path |
| 6 | // This module is useful for formal masking verification using e.g. Alma. |
| 7 | // For details, see hw/ip/aes/pre_sca/alma/README.md . |
| 8 | |
| 9 | module aes_reduced_round import aes_pkg::*; |
| 10 | #( |
| Pirmin Vogel | c8b6231 | 2022-02-15 11:55:23 +0100 | [diff] [blame] | 11 | parameter sbox_impl_e SecSBoxImpl = SBoxImplDom |
| Pirmin Vogel | ffb02b2 | 2021-11-25 14:00:30 +0100 | [diff] [blame] | 12 | ) ( |
| 13 | input logic clk_i, |
| 14 | input logic rst_ni, |
| 15 | input sp2v_e en_i, |
| 16 | output sp2v_e out_req_o, |
| 17 | input sp2v_e out_ack_i, |
| 18 | input ciph_op_e op_i, |
| 19 | input logic [3:0][3:0][7:0] data_i, |
| 20 | input logic [3:0][3:0][7:0] mask_i, |
| 21 | input logic [3:0][3:0][WidthPRDSBox-1:0] prd_i, |
| 22 | output logic [3:0][3:0][7:0] data_o, |
| 23 | output logic [3:0][3:0][7:0] mask_o, |
| 24 | output logic err_o |
| 25 | ); |
| 26 | |
| 27 | localparam int NumShares = 2; |
| 28 | |
| 29 | // Signals |
| 30 | logic [3:0][3:0][7:0] sub_bytes_out; |
| 31 | logic [3:0][3:0][7:0] sb_out_mask; |
| 32 | logic [3:0][3:0][7:0] shift_rows_in [NumShares]; |
| 33 | logic [3:0][3:0][7:0] shift_rows_out [NumShares]; |
| 34 | logic [3:0][3:0][7:0] mix_columns_out [NumShares]; |
| 35 | |
| 36 | // A single reduced (no AddKey) round of the cipher data path |
| 37 | aes_sub_bytes #( |
| Pirmin Vogel | c8b6231 | 2022-02-15 11:55:23 +0100 | [diff] [blame] | 38 | .SecSBoxImpl ( SecSBoxImpl ) |
| Pirmin Vogel | ffb02b2 | 2021-11-25 14:00:30 +0100 | [diff] [blame] | 39 | ) u_aes_sub_bytes ( |
| 40 | .clk_i ( clk_i ), |
| 41 | .rst_ni ( rst_ni ), |
| 42 | .en_i ( en_i ), |
| 43 | .out_req_o ( out_req_o ), |
| 44 | .out_ack_i ( out_ack_i ), |
| 45 | .op_i ( op_i ), |
| 46 | .data_i ( data_i ), |
| 47 | .mask_i ( mask_i ), |
| 48 | .prd_i ( prd_i ), |
| 49 | .data_o ( sub_bytes_out ), |
| 50 | .mask_o ( sb_out_mask ), |
| 51 | .err_o ( err_o ) |
| 52 | ); |
| 53 | |
| 54 | for (genvar s = 0; s < NumShares; s++) begin : gen_shares_shift_mix |
| 55 | if (s == 0) begin : gen_shift_in_data |
| 56 | // The (masked) data share |
| 57 | assign shift_rows_in[s] = sub_bytes_out; |
| 58 | end else begin : gen_shift_in_mask |
| 59 | // The mask share |
| 60 | assign shift_rows_in[s] = sb_out_mask; |
| 61 | end |
| 62 | |
| 63 | aes_shift_rows u_aes_shift_rows ( |
| 64 | .op_i ( op_i ), |
| 65 | .data_i ( shift_rows_in[s] ), |
| 66 | .data_o ( shift_rows_out[s] ) |
| 67 | ); |
| 68 | |
| 69 | aes_mix_columns u_aes_mix_columns ( |
| 70 | .op_i ( op_i ), |
| 71 | .data_i ( shift_rows_out[s] ), |
| 72 | .data_o ( mix_columns_out[s] ) |
| 73 | ); |
| 74 | end |
| 75 | |
| 76 | // Outputs |
| 77 | assign data_o = mix_columns_out[0]; |
| 78 | assign mask_o = mix_columns_out[1]; |
| 79 | |
| 80 | endmodule |
