Skip to content

Commit

Permalink
[aes] Integrate GHASH module into design and interface main controller
Browse files Browse the repository at this point in the history 
Signed-off-by: Pirmin Vogel <[email protected]>
  • Loading branch information
@vogelpi
vogelpi committed Nov 8, 2024
1 parent 0e1807f commit d144432
Show file tree
Hide file tree
Showing 9 changed files with 693 additions and 186 deletions.
6 changes: 3 additions & 3 deletions hw/ip/aes/dv/env/seq_lib/aes_control_fi_vseq.sv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,10 @@ class aes_control_fi_vseq extends aes_base_vseq;
`uvm_fatal(`gfn, $sformatf("Randomization failed"))
end
`DV_CHECK_STD_RANDOMIZE_FATAL(await_state)
if (await_state inside {aes_pkg::CTRL_PRNG_UPDATE, aes_pkg::CTRL_CLEAR_I,
if (await_state inside {aes_pkg::CTRL_GHASH_READY, aes_pkg::CTRL_CLEAR_I,
aes_pkg::CTRL_CLEAR_CO}) begin
// The PRNG Update state and the Clear states are difficult to hit with a random
// delay. This writes the clear register to bring the FSM to the PRNG Update and then
// The GHASH Ready state and the Clear states are difficult to hit with a random
// delay. This writes the clear register to bring the FSM to the GHASH Ready and then
// the Clear states, and it waits until the FSM has reached the required state.
clear_regs('{dataout: 1'b1, key_iv_data_in: 1'b1, default: 1'b0});
`DV_WAIT(cfg.aes_control_fi_vif[if_num].aes_ctrl_cs == await_state)
Expand Down
6 changes: 3 additions & 3 deletions hw/ip/aes/dv/env/seq_lib/aes_core_fi_vseq.sv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,10 @@ class aes_core_fi_vseq extends aes_base_vseq;
end

// Wait and apply force.
if (await_state inside {aes_pkg::CTRL_PRNG_UPDATE, aes_pkg::CTRL_CLEAR_I,
if (await_state inside {aes_pkg::CTRL_GHASH_READY, aes_pkg::CTRL_CLEAR_I,
aes_pkg::CTRL_CLEAR_CO}) begin
// The PRNG Update state and the Clear states are difficult to hit with a random
// delay. This writes the clear register to bring the FSM to the PRNG Update and then
// The GHASH Ready state and the Clear states are difficult to hit with a random
// delay. This writes the clear register to bring the FSM to the GHASH ready and then
// the Clear states, and it waits until the FSM has reached the required state.
clear_regs('{dataout: 1'b1, key_iv_data_in: 1'b1, default: 1'b0});
`DV_WAIT(cfg.aes_core_fi_vif.aes_ctrl_cs == await_state)
Expand Down
75 changes: 60 additions & 15 deletions hw/ip/aes/rtl/aes_control.sv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ module aes_control
import aes_pkg::*;
import aes_reg_pkg::*;
#(
parameter bit AESGCMEnable = 0,
parameter bit SecMasking = 0,
parameter int unsigned SecStartTriggerDelay = 0
) (
Expand Down Expand Up @@ -50,6 +51,7 @@ module aes_control
input logic [NumRegsData-1:0] data_in_qe_i,
input logic [NumRegsData-1:0] data_out_re_i,
output logic data_in_we_o,
output data_out_sel_e data_out_sel_o,
output sp2v_e data_out_we_o,

// Previous input data register
Expand Down Expand Up @@ -82,6 +84,13 @@ module aes_control
output logic cipher_data_out_clear_o,
input logic cipher_data_out_clear_i,

// GHASH control and sync
output sp2v_e ghash_in_valid_o,
input sp2v_e ghash_in_ready_i,
input sp2v_e ghash_out_valid_i,
output sp2v_e ghash_out_ready_o,
output sp2v_e ghash_load_hash_subkey_o,

// Initial key registers
output key_init_sel_e key_init_sel_o,
output sp2v_e [NumRegsKey-1:0] key_init_we_o [NumSharesKey],
Expand Down Expand Up @@ -155,6 +164,8 @@ module aes_control
sp2v_e cipher_out_valid;
sp2v_e cipher_crypt;
sp2v_e cipher_dec_key_gen;
sp2v_e ghash_in_ready;
sp2v_e ghash_out_valid;
logic mux_sel_err;
logic mr_err;
logic sp_enc_err;
Expand All @@ -173,12 +184,18 @@ module aes_control
logic [Sp2VWidth-1:0] sp_out_cipher_crypt;
logic [Sp2VWidth-1:0] sp_in_cipher_dec_key_gen;
logic [Sp2VWidth-1:0] sp_out_cipher_dec_key_gen;
logic [Sp2VWidth-1:0] sp_ghash_in_valid;
logic [Sp2VWidth-1:0] sp_ghash_in_ready;
logic [Sp2VWidth-1:0] sp_ghash_out_valid;
logic [Sp2VWidth-1:0] sp_ghash_out_ready;
logic [Sp2VWidth-1:0] sp_ghash_load_hash_subkey;

// Multi-rail signals. These are outputs of the single-rail FSMs and need combining.
logic [Sp2VWidth-1:0] mr_ctrl_we;
logic [Sp2VWidth-1:0] mr_ctrl_gcm_we;
logic [Sp2VWidth-1:0] mr_alert;
logic [Sp2VWidth-1:0] mr_data_in_we;
data_out_sel_e [Sp2VWidth-1:0] mr_data_out_sel;
dip_sel_e [Sp2VWidth-1:0] mr_data_in_prev_sel;
si_sel_e [Sp2VWidth-1:0] mr_state_in_sel;
add_si_sel_e [Sp2VWidth-1:0] mr_add_state_in_sel;
Expand Down Expand Up @@ -243,14 +260,17 @@ module aes_control
assign sp_cipher_out_valid = {cipher_out_valid};
assign sp_in_cipher_crypt = {cipher_crypt};
assign sp_in_cipher_dec_key_gen = {cipher_dec_key_gen};
assign sp_ghash_in_ready = {ghash_in_ready};
assign sp_ghash_out_valid = {ghash_out_valid};

// SEC_CM: MAIN.FSM.REDUN
// For every bit in the Sp2V signals, one separate rail is instantiated. The inputs and outputs
// of every rail are buffered to prevent aggressive synthesis optimizations.
for (genvar i = 0; i < Sp2VWidth; i++) begin : gen_fsm
if (SP2V_LOGIC_HIGH[i] == 1'b1) begin : gen_fsm_p
aes_control_fsm_p #(
.SecMasking ( SecMasking )
.AESGCMEnable ( AESGCMEnable ),
.SecMasking ( SecMasking )
) u_aes_control_fsm_i (
.clk_i ( clk_i ),
.rst_ni ( rst_ni ),
Expand Down Expand Up @@ -285,6 +305,7 @@ module aes_control
.data_in_qe_i ( data_in_qe_i ),
.data_out_re_i ( data_out_re_i ),
.data_in_we_o ( mr_data_in_we[i] ), // AND-combine
.data_out_sel_o ( mr_data_out_sel[i] ), // OR-combine
.data_out_we_o ( sp_data_out_we[i] ), // Sparsified

.data_in_prev_sel_o ( mr_data_in_prev_sel[i] ), // OR-combine
Expand Down Expand Up @@ -313,6 +334,12 @@ module aes_control
.cipher_data_out_clear_o ( mr_cipher_data_out_clear[i] ), // OR-combine
.cipher_data_out_clear_i ( cipher_data_out_clear_i ),

.ghash_in_valid_o ( sp_ghash_in_valid[i] ), // Sparsified
.ghash_in_ready_i ( sp_ghash_in_ready[i] ), // Sparsified
.ghash_out_valid_i ( sp_ghash_out_valid[i] ), // Sparsified
.ghash_out_ready_o ( sp_ghash_out_ready[i] ), // Sparsified
.ghash_load_hash_subkey_o ( sp_ghash_load_hash_subkey[i] ), // Sparsified

.key_init_sel_o ( mr_key_init_sel[i] ), // OR-combine
.key_init_we_o ( int_key_init_we[i] ), // Sparsified

Expand Down Expand Up @@ -343,7 +370,8 @@ module aes_control
);
end else begin : gen_fsm_n
aes_control_fsm_n #(
.SecMasking ( SecMasking )
.AESGCMEnable ( AESGCMEnable ),
.SecMasking ( SecMasking )
) u_aes_control_fsm_i (
.clk_i ( clk_i ),
.rst_ni ( rst_ni ),
Expand Down Expand Up @@ -378,6 +406,7 @@ module aes_control
.data_in_qe_i ( data_in_qe_i ),
.data_out_re_i ( data_out_re_i ),
.data_in_we_o ( mr_data_in_we[i] ), // AND-combine
.data_out_sel_o ( mr_data_out_sel[i] ), // OR-combine
.data_out_we_no ( sp_data_out_we[i] ), // Sparsified

.data_in_prev_sel_o ( mr_data_in_prev_sel[i] ), // OR-combine
Expand Down Expand Up @@ -406,6 +435,12 @@ module aes_control
.cipher_data_out_clear_o ( mr_cipher_data_out_clear[i] ), // OR-combine
.cipher_data_out_clear_i ( cipher_data_out_clear_i ),

.ghash_in_valid_no ( sp_ghash_in_valid[i] ), // Sparsified
.ghash_in_ready_ni ( sp_ghash_in_ready[i] ), // Sparsified
.ghash_out_valid_ni ( sp_ghash_out_valid[i] ), // Sparsified
.ghash_out_ready_no ( sp_ghash_out_ready[i] ), // Sparsified
.ghash_load_hash_subkey_no ( sp_ghash_load_hash_subkey[i] ), // Sparsified

.key_init_sel_o ( mr_key_init_sel[i] ), // OR-combine
.key_init_we_no ( int_key_init_we[i] ), // Sparsified

Expand Down Expand Up @@ -438,13 +473,16 @@ module aes_control
end

// Convert sparsified outputs to sp2v_e type.
assign data_out_we_o = sp2v_e'(sp_data_out_we);
assign data_in_prev_we_o = sp2v_e'(sp_data_in_prev_we);
assign ctr_incr_o = sp2v_e'(sp_ctr_incr);
assign cipher_in_valid_o = sp2v_e'(sp_cipher_in_valid);
assign cipher_out_ready_o = sp2v_e'(sp_cipher_out_ready);
assign cipher_crypt_o = sp2v_e'(sp_out_cipher_crypt);
assign cipher_dec_key_gen_o = sp2v_e'(sp_out_cipher_dec_key_gen);
assign data_out_we_o = sp2v_e'(sp_data_out_we);
assign data_in_prev_we_o = sp2v_e'(sp_data_in_prev_we);
assign ctr_incr_o = sp2v_e'(sp_ctr_incr);
assign cipher_in_valid_o = sp2v_e'(sp_cipher_in_valid);
assign cipher_out_ready_o = sp2v_e'(sp_cipher_out_ready);
assign cipher_crypt_o = sp2v_e'(sp_out_cipher_crypt);
assign cipher_dec_key_gen_o = sp2v_e'(sp_out_cipher_dec_key_gen);
assign ghash_in_valid_o = sp2v_e'(sp_ghash_in_valid);
assign ghash_out_ready_o = sp2v_e'(sp_ghash_out_ready);
assign ghash_load_hash_subkey_o = sp2v_e'(sp_ghash_load_hash_subkey);

// Combine single-bit FSM outputs.
// OR: One bit is sufficient to drive the corresponding output bit high.
Expand Down Expand Up @@ -480,6 +518,7 @@ module aes_control
// - An invalid encoding results: A downstream checker will fire, see mux_sel_err_i.
// - A valid encoding results: The outputs are compared below to cover this case, see mr_err;
always_comb begin : combine_sparse_signals
data_out_sel_o = data_out_sel_e'({DataOutSelWidth{1'b0}});
data_in_prev_sel_o = dip_sel_e'({DIPSelWidth{1'b0}});
state_in_sel_o = si_sel_e'({SISelWidth{1'b0}});
add_state_in_sel_o = add_si_sel_e'({AddSISelWidth{1'b0}});
Expand All @@ -489,6 +528,7 @@ module aes_control
mr_err = 1'b0;

for (int i = 0; i < Sp2VWidth; i++) begin
data_out_sel_o = data_out_sel_e'({data_out_sel_o} | {mr_data_out_sel[i]});
data_in_prev_sel_o = dip_sel_e'({data_in_prev_sel_o} | {mr_data_in_prev_sel[i]});
state_in_sel_o = si_sel_e'({state_in_sel_o} | {mr_state_in_sel[i]});
add_state_in_sel_o = add_si_sel_e'({add_state_in_sel_o} | {mr_add_state_in_sel[i]});
Expand All @@ -498,7 +538,8 @@ module aes_control
end

for (int i = 0; i < Sp2VWidth; i++) begin
if (data_in_prev_sel_o != mr_data_in_prev_sel[i] ||
if (data_out_sel_o != mr_data_out_sel[i] ||
data_in_prev_sel_o != mr_data_in_prev_sel[i] ||
state_in_sel_o != mr_state_in_sel[i] ||
add_state_in_sel_o != mr_add_state_in_sel[i] ||
add_state_out_sel_o != mr_add_state_out_sel[i] ||
Expand Down Expand Up @@ -529,7 +570,7 @@ module aes_control
// data_out_we_o and other write-enable signals to prevent any data from being released.

// We use vectors of sparsely encoded signals to reduce code duplication.
localparam int unsigned NumSp2VSig = 5 + NumSlicesCtr;
localparam int unsigned NumSp2VSig = 7 + NumSlicesCtr;
sp2v_e [NumSp2VSig-1:0] sp2v_sig;
sp2v_e [NumSp2VSig-1:0] sp2v_sig_chk;
logic [NumSp2VSig-1:0][Sp2VWidth-1:0] sp2v_sig_chk_raw;
Expand All @@ -539,9 +580,11 @@ module aes_control
assign sp2v_sig[1] = cipher_out_valid_i;
assign sp2v_sig[2] = cipher_crypt_i;
assign sp2v_sig[3] = cipher_dec_key_gen_i;
assign sp2v_sig[4] = ctr_ready_i;
assign sp2v_sig[4] = ghash_in_ready_i;
assign sp2v_sig[5] = ghash_out_valid_i;
assign sp2v_sig[6] = ctr_ready_i;
for (genvar i = 0; i < NumSlicesCtr; i++) begin : gen_use_ctr_we_i
assign sp2v_sig[5+i] = ctr_we_i[i];
assign sp2v_sig[7+i] = ctr_we_i[i];
end

// All signals inside sp2v_sig are driven and consumed by multi-rail FSMs.
Expand All @@ -567,9 +610,11 @@ module aes_control
assign cipher_out_valid = sp2v_sig_chk[1];
assign cipher_crypt = sp2v_sig_chk[2];
assign cipher_dec_key_gen = sp2v_sig_chk[3];
assign ctr_ready = sp2v_sig_chk[4];
assign ghash_in_ready = sp2v_sig_chk[4];
assign ghash_out_valid = sp2v_sig_chk[5];
assign ctr_ready = sp2v_sig_chk[6];
for (genvar i = 0; i < NumSlicesCtr; i++) begin : gen_ctr_we
assign ctr_we[i] = sp2v_sig_chk[5+i];
assign ctr_we[i] = sp2v_sig_chk[7+i];
end

// Collect encoding errors.
Expand Down
Loading

0 comments on commit d144432

Please sign in to comment.