rijndaelimplemetation.vhdl

rijndael算法的一个vhdl语言编写的程序,可供学习者参考交流

-- *************************************************************************
-- DISCLAIMER. THIS SOFTWARE WAS WRITTEN BY EMPLOYEES OF THE U.S.
-- GOVERNMENT AS A PART OF THEIR OFFICIAL DUTIES AND, THEREFORE, IS NOT
-- PROTECTED BY COPYRIGHT. HOWEVER, THIS SOFTWARE CODIFIES THE FINALIST
-- CANDIDATE ALGORITHMS (i.e., MARS, RC6tm, RIJNDAEL, SERPENT, AND
-- TWOFISH) IN THE ADVANCED ENCRYPTION STANDARD (AES) DEVELOPMENT EFFORT
-- SPONSORED BY THE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST)
-- AND MAY BE PROTECTED BY ONE OR MORE FORMS OF INTELLECTUAL PROPERTY. THE
-- U.S. GOVERNMENT MAKES NO WARRANTY, EITHER EXPRESSED OR IMPLIED,
-- INCLUDING BUT NO LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY
-- OR FITNESS FOR A PARTICULAR PURPOSE, REGARDING THIS SOFTWARE. THE U.S.
-- GOVERNMENT FURTHER MAKES NO WARRANTY THAT THIS SOFTWARE WILL NOT
-- INFRINGE ANY OTHER UNITED STATES OR FOREIGN PATENT OR OTHER
-- INTELLECTUAL PROPERTY RIGHT. IN NO EVENT SHALL THE U.S. GOVERNMENT BE
-- LIABLE TO ANYONE FOR COMPENSATORY, PUNITIVE, EXEMPLARY, SPECIAL,
-- COLLATERAL, INCIDENTAL, CONSEQUENTIAL, OR ANY OTHER TYPE OF DAMAGES IN
-- CONNECTION WITH OR ARISING OUT OF COPY OR USE OF THIS SOFTWARE.
-- *************************************************************************

-- ===========================================================================
-- File Name: rijndael_pkg.vhdl
-- Author   : NSA
-- Date     : December 1999
-- Project  : RIJNDAEL
-- Purpose  : This package defines common types, subtypes, constants,
--            and functions required to implement various VHDL models
--            for the creation of ASIC simulation of RIJNDAEL, an Advanced
--            Encryption Standard (AES) candidate algorithm.
--
-- ===========================================================================

library ieee;
use ieee.std_logic_1164.all;
use ieee.numeric_std.all;

package rijndael_pack is

-- ==========================================================================
-- ======= Type, sub-type and function declarations for general use =========
-- ==========================================================================

type CONTROL_STATES      is ( nop, wait4ks, ready, busy );

subtype ROUND_TYPE       is integer range 0 to 63;
subtype SBOX_INDEX_TYPE  is integer range 0 to 15;
subtype S_BOX_FIELD      is integer range 0 to 255;
subtype SLV_2            is std_logic_vector(1 downto 0);
subtype SLV_6            is std_logic_vector(5 downto 0);
subtype SLV_8            is std_logic_vector(7 downto 0);
subtype SLV_16           is std_logic_vector(15 downto 0);
subtype SLV_32           is std_logic_vector(31 downto 0);
subtype SLV_128          is std_logic_vector(127 downto 0);
subtype SLV_256          is std_logic_vector(255 downto 0);

constant FIRST_ROUND : ROUND_TYPE := 0;
constant LAST_ROUND  : ROUND_TYPE := 13;

constant NB          : INTEGER := 4;
constant NK          : INTEGER := 7;

constant CV128       : SLV_2 := "00";
constant CV192       : SLV_2 := "01";
constant CV256       : SLV_2 := "10";

constant NUM_RUNUP_ROUNDS : integer := 15;   -- used by testbench

type INDEX_TYPE is array (0 to 12) of integer;

constant FAR_INDEX_ENC : INDEX_TYPE := (0, 1, 3, 4, 6, 7, 9, 10, 0, 0, 0, 0, 0);
constant FAR_INDEX_DEC : INDEX_TYPE := (0, 2, 3, 5, 6, 8, 9, 11, 0, 0, 0, 0, 0);
constant SBOX_INDEX    : INDEX_TYPE := (0, 0, 1, 2, 0, 3, 4,  0, 5, 6, 0, 7, 0);
constant NEAR_INDEX    : INDEX_TYPE := (0, 2, 3, 5, 6, 8, 9, 11, 0, 0, 0, 0, 0);
constant SBOX_INDEX192 : INDEX_TYPE := (0, 1, 0, 2, 3, 0, 4,  5, 0, 6, 7, 0, 0);


-- ==========================================================================
-- ============ Declarations for the Encrypt/Decrypt section ================
-- ==========================================================================

type SBOX_TYPE      is array (0 to 255) of S_BOX_FIELD;
type RCON_TYPE      is array (0 to 29) of SLV_8;
type SHIFT_ROW_TYPE is array (0 to 1) of integer range 0 to 3;
type SHIFT_TYPE     is array (0 to 3) of SHIFT_ROW_TYPE;
type STATE_ROW_TYPE is array (0 to NB-1) of SLV_8;
type STATE_TYPE     is array (0 to 3) of STATE_ROW_TYPE;
type TEMP_TYPE      is array (0 to 3) of SLV_8;
type KEY_ROW_TYPE   is array (0 to 3) of SLV_8;
type KEY_TYPE       is array (0 to 3) of KEY_ROW_TYPE;
type PIPE_DATA_TYPE is array (FIRST_ROUND to LAST_ROUND+1) of STATE_TYPE;

type MOD3_TABLE_TYPE is array (0 to 59) of integer range 0 to 3;
type MOD6_TABLE_TYPE is array (0 to 59) of integer range 0 to 5;
type DIV6_TABLE_TYPE is array (0 to 59) of integer range 0 to 10;
-- ==========================================================================
-- ================================ SBOX ====================================
-- ==========================================================================

constant SBOX : SBOX_TYPE := (

 99, 124, 119, 123, 242, 107, 111, 197,  48,   1, 103,  43, 254, 215, 171, 118, 
202, 130, 201, 125, 250,  89,  71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 
183, 253, 147,  38,  54,  63, 247, 204,  52, 165, 229, 241, 113, 216,  49,  21, 
  4, 199,  35, 195,  24, 150,   5, 154,   7,  18, 128, 226, 235,  39, 178, 117, 
  9, 131,  44,  26,  27, 110,  90, 160,  82,  59, 214, 179,  41, 227,  47, 132, 
 83, 209,   0, 237,  32, 252, 177,  91, 106, 203, 190,  57,  74,  76,  88, 207, 
208, 239, 170, 251,  67,  77,  51, 133,  69, 249,   2, 127,  80,  60, 159, 168, 
 81, 163,  64, 143, 146, 157,  56, 245, 188, 182, 218,  33,  16, 255, 243, 210, 
205,  12,  19, 236,  95, 151,  68,  23, 196, 167, 126,  61, 100,  93,  25, 115, 
 96, 129,  79, 220,  34,  42, 144, 136,  70, 238, 184,  20, 222,  94,  11, 219, 
224,  50,  58,  10,  73,   6,  36,  92, 194, 211, 172,  98, 145, 149, 228, 121, 
231, 200,  55, 109, 141, 213,  78, 169, 108,  86, 244, 234, 101, 122, 174,   8, 
186, 120,  37,  46,  28, 166, 180, 198, 232, 221, 116,  31,  75, 189, 139, 138, 
112,  62, 181, 102,  72,   3, 246,  14,  97,  53,  87, 185, 134, 193,  29, 158, 
225, 248, 152,  17, 105, 217, 142, 148, 155,  30, 135, 233, 206,  85,  40, 223, 
140, 161, 137,  13, 191, 230,  66, 104,  65, 153,  45,  15, 176,  84, 187,  22

);


-- ==========================================================================
-- ============================= INVERSE SBOX ===============================
--  Note: Inverse S-Box is specified in reverse order for ease of indexing
-- ==========================================================================

constant InvSBOX : SBOX_TYPE := (

 82,   9, 106, 213,  48,  54, 165,  56, 191,  64, 163, 158, 129, 243, 215, 251, 
124, 227,  57, 130, 155,  47, 255, 135,  52, 142,  67,  68, 196, 222, 233, 203, 
 84, 123, 148,  50, 166, 194,  35,  61, 238,  76, 149,  11,  66, 250, 195,  78, 
  8,  46, 161, 102,  40, 217,  36, 178, 118,  91, 162,  73, 109, 139, 209,  37, 
114, 248, 246, 100, 134, 104, 152,  22, 212, 164,  92, 204,  93, 101, 182, 146, 
108, 112,  72,  80, 253, 237, 185, 218,  94,  21,  70,  87, 167, 141, 157, 132, 
144, 216, 171,   0, 140, 188, 211,  10, 247, 228,  88,   5, 184, 179,  69,   6, 
208,  44,  30, 143, 202,  63,  15,   2, 193, 175, 189,   3,   1,  19, 138, 107, 
 58, 145,  17,  65,  79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, 
150, 172, 116,  34, 231, 173,  53, 133, 226, 249,  55, 232,  28, 117, 223, 110, 
 71, 241,  26, 113,  29,  41, 197, 137, 111, 183,  98,  14, 170,  24, 190,  27, 
252,  86,  62,  75, 198, 210, 121,  32, 154, 219, 192, 254, 120, 205,  90, 244, 
 31, 221, 168,  51, 136,   7, 199,  49, 177,  18,  16,  89,  39, 128, 236,  95, 
 96,  81, 127, 169,  25, 181,  74,  13,  45, 229, 122, 159, 147, 201, 156, 239, 
160, 224,  59,  77, 174,  42, 245, 176, 200, 235, 187,  60, 131,  83, 153,  97, 
 23,  43,   4, 126, 186, 119, 214,  38, 225, 105,  20,  99,  85,  33,  12, 125

);


-- ==========================================================================
-- Modulo 3 lookup table
-- ==========================================================================

constant mod3_table : MOD3_TABLE_TYPE := ( 
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2,
   0, 1, 2 );

-- ==========================================================================
-- Modulo 6 lookup table
-- ==========================================================================

constant mod6_table : MOD6_TABLE_TYPE := ( 
   0, 1, 2, 3, 4, 5,
   0, 1, 2, 3, 4, 5,
   0, 1, 2, 3, 4, 5,
   0, 1, 2, 3, 4, 5,
   0, 1, 2, 3, 4, 5,
   0, 1, 2, 3, 4, 5,
   0, 1, 2, 3, 4, 5,
   0, 1, 2, 3, 4, 5,
   0, 1, 2, 3, 4, 5,
   0, 1, 2, 3, 4, 5 );

-- ==========================================================================
-- Divide by 6 lookup table
-- ==========================================================================

constant div6_table : DIV6_TABLE_TYPE := ( 
   0,  0,  0,  0,  0,  0,
   1,  1,  1,  1,  1,  1, 
   2,  2,  2,  2,  2,  2,
   3,  3,  3,  3,  3,  3,
   4,  4,  4,  4,  4,  4,
   5,  5,  5,  5,  5,  5,
   6,  6,  6,  6,  6,  6, 
   7,  7,  7,  7,  7,  7, 
   8,  8,  8,  8,  8,  8, 
   9,  9,  9,  9,  9,  9 );

-- ==========================================================================
-- ============================= ROUND CONSTANTS ============================
-- ==========================================================================

constant Rcon : RCON_TYPE := (

X"01", X"02", X"04", X"08", X"10", X"20", X"40", X"80", X"1b", X"36",
X"6c", X"d8", X"ab", X"4d", X"9a", X"2f", X"5e", X"bc", X"63", X"c6",
X"97", X"35", X"6a", X"d4", X"b3", X"7d", X"fa", X"ef", X"c5", X"91"

);

-- ==========================================================================
-- ============================= SHIFT CONSTANTS ============================
-- ==========================================================================

constant SHIFTS : SHIFT_TYPE := (
   (0, 0),
   (1, 3),
   (2, 2),
   (3, 1)
);

-- ==========================================================================

function SBOX_LOOKUP ( a : SLV_8 )
                       return SLV_8;

function SBOX32_FUNCT ( w : SLV_32 )
                        return SLV_32;

function INV_SBOX_LOOKUP ( a : SLV_8 )
                           return SLV_8;

function BYTE_SUB_FUNCT ( state : STATE_TYPE )
                          return STATE_TYPE;

function INV_BYTE_SUB_FUNCT ( state : STATE_TYPE )
                              return STATE_TYPE;

function SHIFT_ROW_FUNCT ( state : STATE_TYPE )
                           return STATE_TYPE;

function INV_SHIFT_ROW_FUNCT ( state : STATE_TYPE )
                               return STATE_TYPE;

function MIX_COLUMN_FUNCT ( state : STATE_TYPE )
                            return STATE_TYPE;

function INV_MIX_COLUMN_FUNCT ( state : STATE_TYPE )
                                return STATE_TYPE;

function POLY_MULTE_FUNCT ( a : SLV_8;
                           b : SLV_8 )
                           return SLV_8;
function POLY_MULTD_FUNCT ( a : SLV_8;
                           b : SLV_8 )
                           return SLV_8;

function ADD_ROUNDKEY_FUNCT ( roundkey : KEY_TYPE;
                              state    : STATE_TYPE )
                              return STATE_TYPE;


procedure ADD_ROUNDKEY ( state     : in STATE_TYPE;
                         roundkey  : in KEY_TYPE;
                  signal state_out : out STATE_TYPE );


procedure PRE_ADD ( state     : in STATE_TYPE;
                    encrypt   : in std_logic;
                    roundkey  : in KEY_TYPE;
             signal state_out : out STATE_TYPE );


procedure POST_ADD ( state     : in STATE_TYPE;
                     encrypt   : in std_logic;
                     roundkey  : in KEY_TYPE;
              signal state_out : out STATE_TYPE );


function RIJNDAEL_ROUND_FUNCT ( encrypt  : std_logic;
                                roundkey : KEY_TYPE;
                                state    : STATE_TYPE )
                                return STATE_TYPE;


procedure RIJNDAEL_ROUND ( state     :  in STATE_TYPE;
                           encrypt   :  in std_logic;
                           roundkey  :  in KEY_TYPE;
                    signal state_out :  out STATE_TYPE );


function INITIAL_ROUND_FUNCT ( encrypt  : std_logic;
                               roundkey : KEY_TYPE;
                               state    : STATE_TYPE )
                               return STATE_TYPE;


procedure INITIAL_ROUND ( state     : in STATE_TYPE;
                          encrypt   : in std_logic;
                          roundkey  : in KEY_TYPE;
                   signal state_out : out STATE_TYPE ); 



function FINAL_ROUND_FUNCT ( encrypt  : std_logic;
                             roundkey : KEY_TYPE;
                             state    : STATE_TYPE )
                             return STATE_TYPE;


procedure FINAL_ROUND ( state     : in STATE_TYPE;
                        encrypt   : in std_logic;
                        roundkey  : in KEY_TYPE;
                 signal state_out : out STATE_TYPE ); 



-- ==========================================================================
-- ============== Declarations for the Key Schedule section =================
-- ==========================================================================

constant HOLD               : integer := 0;
constant LAST_ECVRUNUP_STEP : integer := 1;   -- # of steps for cv runup
constant LAST_DCVRUNUP_128  : integer := 9;   -- # of steps for cv runup
constant LAST_DCVRUNUP_192  : integer := 11;  -- # of steps for cv runup
constant LAST_DCVRUNUP_256  : integer := 13;  -- # of steps for cv runup

type PIPE_KEY_TYPE is array (FIRST_ROUND to LAST_ROUND+2) of KEY_TYPE;
type W_TYPE        is array (-8 to -1) of SLV_32;
type W_HALF_TYPE   is array (-4 to -1) of SLV_32;
type W_FAR_TYPE    is array ( 0 to  9) of SLV_32;
type W_NEAR_TYPE   is array ( 0 to  9) of SLV_32;
type W_BOX_TYPE    is array ( 0 to 11) of SLV_32;
type W_NOBOX_TYPE  is array ( 0 to 13) of W_HALF_TYPE;
type W_INPUT_TYPE  is array ( 0 to 18) of W_TYPE;
type W_PIPE_TYPE   is array ( 0 to 18) of W_TYPE;
type W_ARRAY_TYPE  is array ( 0 to 59) of SLV_32;

-- ==========================================================================

function EXPANSION_FUNCT ( cv_in   : SLV_256;
                            cv_size : SLV_2;
                            round   : SLV_6;
                            w_in    : W_TYPE )
                                 return W_TYPE;

function KS_SBOX_FUNCT ( cv_size : SLV_2;
                         encrypt : std_logic;
                         i       : SLV_16;
                         w_far   : SLV_32;
                         w_near  : SLV_32 )
                         return SLV_32;


procedure KS_SBOX( encrypt : std_logic;
                   cv_size : SLV_2;
                   i       : in  SLV_16;
                   w_far   : in  SLV_32;
                   w_near  : in  SLV_32;
            signal w_box   : out SLV_32 );


function KS_ROUND_FUNCT ( cv_size : SLV_2;
                          encrypt : std_logic;
                          i       : SLV_16;
                          w       : W_TYPE )
                          return W_TYPE;


end rijndael_pack;

-- ==========================================================================

package body rijndael_pack is

-- ==========================================================================
-- ============= Definitions for the Encrypt/Decrypt section ================
-- ==========================================================================

-- ==========================================================================
--
--  function SBOX_LOOKUP
--
--  Performs the sbox function implemented as a lookup table. There
--  are 4 copies of the 8-bit sbox to cover 32 bits of input/output.
--
-- ==========================================================================

function SBOX_LOOKUP ( a : SLV_8 )
                       return SLV_8 is