A HARDWARE IMPLEMENTATION OF VHASH, A UNIVERSAL HASHING
ALGORITHM USING SYSTEM VERILOG
A Project
Presented to the faculty of the Department of Computer Science
California State University, Sacramento
Submitted in partial satisfaction of
the requirements for the degree of
MASTER OF SCIENCE
in
Computer Science
by
Pooja Sharma
FALL
2012
© 2012
Pooja Sharma
ALL RIGHTS RESERVED
ii
A HARDWARE IMPLEMENTATION OF VHASH, A UNIVERSAL HASHING
ALGORITHM USING SYSTEM VERILOG
A Project
by
Pooja Sharma
Approved by:
__________________________________, Committee Chair
Dr. Behnam Arad
__________________________________, Second Reader
Dr. Ted Krovetz
____________________________
Date
iii
Student: Pooja Sharma
I certify that this student has met the requirements for format contained in the University format
manual, and that this project is suitable for shelving in the Library and credit is to be awarded for
the project.
__________________________, Graduate Coordinator
Dr. Nikrouz Faroughi
Department of Computer Science
iv
___________________
Date
Abstract
of
A HARDWARE IMPLEMENTATION OF VHASH, A UNIVERSAL HASHING
ALGORITHM USING SYSTEM VERILOG
by
Pooja Sharma
Hacking and Phishing are major threats in today’s informational world.
Information security is a major concern for Information Technology (IT) specialists.
Hackers and other untrusted parties try to access the confidential information using
different hacking schemes. The only stable and long-term solution to security threats is
enforcing a strong and complex method of identity assurance. To achieve this, IT
specialists incorporate different encryption techniques. In general, encryption refers to
transforming the information into ciphered text using ciphers (algorithms). The ciphered
text is readable, and only authenticated parties can decipher it. Hence, encryption is one
of the major security solutions. Encryption involves a number of algorithms, one of
which is cryptographic hashing.
To enhance the performance of software algorithms, the developers rely on
hardware accelerators. A hardware accelerator is a specific hardware unit apart from the
CPU that performs a dedicated software or algorithmic implementation. In this project, a
v
hardware implementation of a hashing algorithm known as VHASH is proposed. It was
designed for exceptional performance on the systems that support 64-bit multiplication
efficiently [5].
The hardware implementation of the VHASH algorithm involved modeling the
algorithm in System Verilog hardware description language, validating and synthesizing
it using a current hardware cell library. The testbench developed for verifying the design
used System Verilog Functional Coverage to make sure the design was thoroughly
verified. Verification was performed on Synopsys VCS® tool. The expected results used
in validating the implementation were generated based on an existing python code for
VMAC from [3].
The final phase of the project involved synthesizing the System Verilog model of
VHASH algorithm towards LSI_10k technology library.
_______________________, Committee Chair
Dr. Behnam Arad
_______________________
Date
vi
ACKNOWLEDGEMENTS
Every project is always a result of teamwork. Though an individual, researcher
contributes to the project to a large extent, its success depends on all the members’
support and their academic input for the purpose. The supervision and guidance I have
received from Dr. Behnam Arad, Dr. Ted Krovetz has indeed been immensely superior,
and therefore I would like to express my gratitude to both of them. In fact, Dr. Behnam
Arad acted like a guiding torch supporting me unconventionally when I was completely
lost. He was like a stalwart behind me without whose motivational push I would not have
completed this meaningful work.
In addition, Dr. Ted Krovetz who had helped encouraged and motivated me every
time whenever I met him for guidance. I am fortunate to have such mentors under whose
academic guidance my learning has definitely improved. In addition, after having
completed this project work, I now feel professionally better equipped with required
knowledge and skills.
I want to express my special thanks to one of my good friends Mr. Sri Gubearan
ASM Subramaniyam, who came to my rescue and helping me at a time when I needed
ideas with different perspective.
Finally, I would like to thank my parents who were with me in my bad and good
times during this project work. They supported, motivated and showed faith in me when I
vii
lost faith in myself. My achievements are incomplete without their blessings and
emotional support.
viii
TABLE OF CONTENTS
Page
Acknowledgements ..................................................................................................... vii
List of Tables .............................................................................................................. xi
List of Figures ............................................................................................................ xii
Chapter
1. INTRODUCTION ………………………………………………………………. 1
2. VHASH: ALMOST-DELTA-HASH FAMILY ..................................................... 5
2.1 Overview ..................................................................................................... 5
2.2 VHASH Process.......................................................................................... 6
2.2.1 VHASH PHASE 1: Acceleration……………………………….7
2.2.2 VHASH PHASE 2: Fixed Length………………………………8
2.2.3 VHASH PHASE 3: Distillation ....................................................9
2.3 Case Study .................................................................................................10
3. VHASH DESIGN ..................................................................................................11
3.1 Overview ....................................................................................................11
3.2 Design Hierarchy .......................................................................................11
3.3 Initial Design Assumptions ........................................................................12
3.3.1 VHASE Phase 1 ..........................................................................13
3.3.2 VHASH Phase 2 ..........................................................................15
3.3.3 VHASH Phase 3 ..........................................................................17
3.3.4 VHASH Output............................................................................18
4. MODELING OF VHASH IN SYSTEM VERILOG ............................................ 21
4.1 Overview ....................................................................................................21
4.1.1 Advance Features of System Verilog ........................................22
4.2 Implementation ..........................................................................................22
4.2.1 VHASH Phase 1 .......................................................................23
ix
4.2.2 VHASH Phase 2 .......................................................................27
4.2.3 VHASH Phase 3 .......................................................................29
5. VHASH VERIFICATION .................................................................................... 31
5.1 Overview ....................................................................................................31
5.2 Verification Infrastructure .........................................................................31
5.2.1 Testbench Development............................................................33
5.3 VHASH Verification Infrastructure ...........................................................34
5.3.1 VHASH Interface.......................................................................36
5.3.2 VHASH Program .......................................................................38
5.3.3 VHASH Validation ....................................................................41
6. VHASH SYNTHESIS .......................................................................................... 47
6.1 Overview ....................................................................................................47
6.2 Synthesis Methodology Adopted for Phase 1 ............................................49
6.3 Synthesis Results .......................................................................................50
7. CONCLUSIONS................................................................................................... 52
8. FUTURE ENHANCEMENTS ............................................................................. 54
Appendix A VHASH HARDWARE MODEL SOURCE FILES ..............................55
Appendix B VALIDATION AGAINST PYTHON CODE........................................ 90
Appendix C VHASH SIMULATION RESULTS .......................................................97
Appendix D SYNTHESIS .........................................................................................122
References ................................................................................................................. 127
x
LIST OF TABLES
Tables
Page
1 VHASH Inputs & Outputs…………………………………..…………………13
2 VHASH Phase 1 data packet distribution…………...………………………....15
3 Synthesis Results…..……………………………………………………....…..51
xi
LIST OF FIGURES
Figures
Page
1
Design Hierarchy ...................................................................................................... 12
2
VHASH Phase 1 Top ................................................................................................ 14
3
VHASH Phase 2 Modular Design ............................................................................ 17
4
VHASH Phase 3 Modular Design ............................................................................ 18
5
Pipelined Datapath for VHASH Design ................................................................... 20
6
VHASH Implementation .......................................................................................... 23
7
64-bit Adder Module ................................................................................................ 24
8
128-bit Multiplier Module ........................................................................................ 24
9
128-bit Adder Module .............................................................................................. 24
10
Modulus and Adder Calculation Module.................................................................. 24
11
VHASH Phase 2 Module .......................................................................................... 24
12
VHASH Phase 3 Module .......................................................................................... 24
13
Generic Verification Infrastructure Shown at einfochips.com ................................ 24
14
VHASH Test Infrastructure ...................................................................................... 24
15
VHASH Top Definition ............................................................................................ 24
16
VHASH Interface ..................................................................................................... 24
17
Class Definition of VHASH Program with rand and covergroup ............................ 24
18
VHASH Program Pseudo Code ................................................................................ 24
xii
19
Validation Infrastructure ........................................................................................... 24
20
VHASH Validation Code using System Verilog Function in package .................... 24
21
Program Block to validate VHASH Function with Inputs from Python Code ......... 24
22
Sample Simulation Results ....................................................................................... 24
23
Synthesis Process Explained in Synopsys® Galaxy Seminar Series 2003............... 24
24
Synthesizable Design Hierarchy of Phase 1 ............................................................. 24
xiii
1
Chapter 1
INTRODUCTION
Hacking and Phishing are major threats in today’s informational world. Information
security and assurance is a major concern for information technology (IT) specialists.
Hackers and other untrusted parties try to access the confidential information using
different hacking schemes. The only stable and long-term solution to security threats is
enforcing a strong and complex method of identity assurance. To achieve this, IT
specialists incorporate different encryption techniques. In general, encryption refers to
transforming the information into ciphered text using ciphers (algorithms). The ciphered
text is readable and can only be deciphered by the authenticated parties. Hence,
encryption is one of the major security solutions. Encryption involves a number of
algorithms, one of which is cryptographic hashing. Hashing algorithms form a class of
cryptographic primitives, which ensure authenticity and integrity of the information.
“A cryptographic hash function (used in cryptographic hashing )is a deterministic
procedure that takes an arbitrary block of data and returns a fixed-size bit string, the
(cryptographic) hash value, such that an accidental or intentional change to the data will
change the hash value”[6]. This implies that a malicious adversary cannot replace or
modify the input data without changing its hash value. Any modification in the hash
value indicates that the original information has been tampered with.
2
Cryptographic realizations in software are generally used for those applications that
involve low traffic and require lower levels of encryption. On the other hand, hardware
implementations, which are categorized as Field Programmable Gate Arrays, FPGA1 and
Application Specific Integrated Circuit, ASIC2, implementations are more efficient in
terms of area, time and power consumption [8]. A hardware implementation of an
algorithm also
generates higher throughput
in comparison to the software
implementation. Hence, to enhance the performance of cryptographic algorithms,
hardware accelerators are developed [7]. A hardware accelerator is a specific unit apart
from the CPU that performs a dedicated algorithmic implementation.
In this project, a hardware implementation of the VHASH algorithm is proposed.
VHASH is a member of almost – delta - universal hash family. The algorithm provides
exceptional performance on systems that support 64-bit multiplication efficiently. The
hardware implementation of VHASH algorithm involves modeling the algorithm in
System Verilog (hardware description language), validating and synthesizing it using a
current hardware cell library. Synthesis mainly deals with improving the timing and area
requirements of the design.
The hardware model is completely verified using a testbench, which takes
advantage of the System Verilog’s object oriented programming (OOP) features, by
constructing random test vectors and providing them to the model. The validation
1
FPGA is a reprogrammable Integrated Circuit.
2
ASIC is a unique and specific application Integrated Circuit
3
process continues until the model is verified for an acceptable Functional Coverage. The
hardware model is also validated against an existing Python code of the algorithm. The
verified model is synthesized using the Synopsys Design Compiler® tool to get an
estimate of the number of gates, area and timing of the hardware model.
The rest of the report is organized into seven Chapters.
Chapter 2 covers an
overview of the hashing algorithms with VHASH algorithm being the case study for this
project. In this Chapter, VMAC is discussed briefly at the beginning and later different
VHASH stages are discussed in detail.
Chapter 3 discusses the design and architectural view of the hardware
implementation of the VHASH algorithm. The Chapter enlists the modules used in the
design hierarchy and their interconnections for all the phases of VHASH.
Chapter 4 describes System Verilog model of the VHASH algorithm in more detail.
It provides some code snippets of the design model, which are essential in terms of their
usage in the entire modeling. In this Chapter, the design approach for modeling and the
use of advance features of System Verilog are discussed in detail.
Chapter 5 covers the verification section of this project. A test infrastructure is
developed which fully verifies and validates the design. The test infrastructure verifies
the model’s functionality until a certain Functional Coverage is met, preferably 100%.
4
The hardware code validation is also done against the output of python implementation of
VMAC. Validation code against python implementation is available in Appendix C.
Chapter 6 covers the synthesis of the hardware model using the Synopsys Design
Compiler® synthesis tool. In this Chapter, a script is developed to synthesize the design
into a gate-level netlist using the digital cells provided by a vendor. The synthesis results,
including the timing and area of the netlist are provided in the Appendix D.
Chapter 7 discusses the conclusion of the design model implemented for VHASH
and its significance. This Chapter also focuses on real world interpretation of the results
obtained from the validation and synthesis of the design implementation.
Finally, Chapter 8 highlights few possible enhancements and improvements in this
design implementation. This Chapter also suggests areas for future research related to
VHASH algorithm and its implementation in VMAC.
5
Chapter 2
VHASH: Almost-delta-hash family
2.1 Overview
This chapter introduces the concept of VMAC and then focuses on VHASH
algorithm. VMAC is a block cipher message authentication algorithm developed by
Krovetz in 2006 [4]. It was specifically designed for achieving higher performance on 64bit computer architecture. It belongs to the Wegman-Carter paradigm [1-2].
A basic Wegman-Carter MAC (Message Authentication Code) uses a common
hash function known only to the sender and receiver. The sender applies a cryptographic
function to the resulting hash value to generate a unique tag that is sent along with the
message to the receiver. The receiver then repeats the process and verifies that the tag and
message are from an authenticated sender. Similarly, VMAC uses a fast “universal” hash
function to hash the input message M into a shorter string. This hashed output is XOR’ed
with a pseudorandom pad generated from AES algorithm, which forms the VMAC tag.
The tag is generated using the following equation:
Tag = H_K1 (M) xor F_K2 (Nonce)
Equation 1- VMAC Tag generation
6
where, K1 and K2 are secret random keys shared by sender and receiver, and Nonce is a
value that changes with each generated tag. The nonce value can be visible to everybody,
but the two communicating parties need to ensure that over the lifetime of a VMAC key,
a different nonce should be used with each message.
The performance of VMAC algorithm largely depends on the hash function used.
Therefore, the designers of VMAC also developed a three-staged hashing strategy that
aimed at higher performance in 64-bit architectures. This hashing strategy called VHASH
is an almost-delta-hash family. The revised VHASH algorithm is proposed in a new draft
of VMAC algorithm [5]. This revised version of VHASH improves both security and
performance over the original 2006 version. “Speed is improved through a newly
analyzed hash construction which allows the use of lower-degree polynomials. Claimed
security is higher due primarily to improved analysis and a change in prime modulus
[5].”
2.2 VHASH Process
By definition, a Universal hash-function family H is a “collection of hash
functions, each h ∈ H having domain A and finite co domain B. A hash-function family H
is ε-almost universal (ε-AU) if the probability is no more than ε that any two distinct
inputs m, m′ hash to the same output when hashed by a randomly selected member of H.
A small value for ε indicates that an adversary is unlikely to be able to choose a pair of
7
inputs that hash to the same output, as long as the hash function is chosen randomly
[4,6]”.
In general, we know that information in a computer resides as bits of 0’s and 1’s.
VHASH can be taken as a three -phase information “bit” minimization process that
achieves a certain hash value, which is used in a message authentication code generation
algorithm. Each of the three phases of VHASH is interdependent on its predecessor.
As stated above VMAC uses AES pseudorandom pad and VHASH value to
generate a unique MAC value for encryption purposes, therefore, VHASH makes an
integral part of VMAC to provide higher level of information security.
2.2.1 VHASH Phase 1: Acceleration
The first stage, ‘Acceleration’, acts as an accelerant for later hash stages by
compressing long input strings into shorter ones at a very high speed and constant rate. In
this stage, VHASH uses a NH (universal) hash family to break the message into b-bit
blocks and hash the message into 128-bit hash output. The hash value is calculated as:
ai = NH[b/64, 64](Ki , Mi) mod 2126
Equation 2- Phase 1 modulus calculation
for each 1 ≤ i ≤ n, where Ki refers to key values and Mi refers to message blocks.
8
This phase can be interpreted as the first message (data) minimization phase of
VHASH. This phase takes chunks of message (strictly multiple of 1024-bits) and breaks
them into 64-bit blocks then hashes the data blocks using a key of 1024-bits and the
above-mentioned mathematical equation to 128-bit blocks of hashed value.
2.2.2 VHASH Phase 2: Fixed Length
Acceleration stage produces a 128-bit hash value, which is taken as an input by
the Fixed Length phase. In this phase, the output of Acceleration stage undergoes
polynomial hashing. The resulting hash value is calculated as:
p = kn + a1kn−1 + a2kn−2 + ・ ・ ・ + ank0 + ℓn264 mod (2127 − 1)
p1 = p div (264 − 232)
p2 = p mod (264 − 232)
Equation 3- Phase 2 modulus calculation
where, p, p1 and p2 are prime numbers, k is a key specific to second phase of hashing
and ai are the output blocks of Phase 1.
The more we use unique hashing functions to evaluate a hash value for any
encryption code, the less its chances are to be hacked. In mathematics, it is rather easy to
generate large prime numbers, but more difficult to factor large numbers into primes.
Hence, VHASH uses two uniquely generated prime numbers that would not be easily
known by any hacker.
9
In general, this phase further minimizes the output of the Acceleration stage to
attain a higher level of information security using a polynomial mathematical hashing
function. The outputs of this phase are uniquely generated prime values for each block of
message, which is the input to this phase.
2.2.3 VHASH Phase 3: Distillation
The third phase is termed as Distillation. The prime modulus used in this final
hash phase is increased from 261−1 to 264−257. This change from the original draft [5]
increases the level of security by reducing the probability of hacking (unauthorized
access) the final hash value. The final output of VHASH is a 64-bit hash value, which
means that single application of VHASH gives VHASH-64 and two applications of
VHASH with different keys provides VHASH-128. The hash value is calculated as:
h = (p1 + k1) × (p2 + k2) mod (264 − 257)
Equation 4- Phase3 modulus calculation
where p1 and p2 are obtained from phase2 and k1 and k2 are keys specific to third phase
of hashing.
This phase provides an additional level of information security for MAC
generation. As discussed earlier, the prime numbers outputted from phase 2 are not easily
10
hacked. This phase takes those prime numbers and uses them to perform the final hash
value calculation.
In the actual VHASH algorithm and its usage to generate VMAC code, the
collision probability is 1/261 [6]. This probability is nearly negligible which means that in
real world it is improbable to hack the VMAC code.
2.3 Case Study
As suggested in the original paper on VHASH ([5]), this project does not
implement VHASH on memory residing data. This implementation is network based
where each data and key packet that are being hashed together are 1024-bits each.
This project proposed efficient network implementations of VHASH. For keeping
the project manageable, we have kept the data and key packet size fixed but in reality, the
data packet can be of variable size.
11
Chapter 3
VHASH DESIGN
3.1 Overview
In this Chapter, a hardware implementation of VHASH algorithm for the
networking domain is proposed. We cover the design issues of the VHASH algorithm
and propose a hierarchical hardware realization of it. The proposed design is functional
and synthesizable. This means that the design can be expressed as a gate-level netlist by
a logic synthesizer tool.
The design model in this project involves the inclusion of packet-level parallelism
and pipelining. The actual algorithm mainly works on memory-residing data that needs to
be hashed for 64-bit architecture. However, this project realizes the algorithm by
dynamically generating the data and key packets instead of hashing cache-residing data.
3.2 Design Hierarchy
The proposed VHASH hardware design is a 3-level hierarchical design as shown
in Figure 1. We refer to the top module in the design hierarchy as VHASH_design_top.
12
This module consists of sub modules namely dut_top which is a wrapper for the modules
Phase1_Acceleration, Phase2_FixedSize and Phase3_Distillation. All the three modules
in “dut_top” module form a pipelined structure. Phase1_Acceleration module consists of
four different tasks forming a four- staged pipeline datapath.
Figure 1- Design Hierarchy
3.3 Initial Design Assumptions
As introduced in Chapter 2, this project is a case study on VHASH. To keep the
scope of the project manageable, as Master of Science project, we assumed that each
13
incoming message has a fixed size of 1024-bits. If the message packet is of variable size,
then the design will have to implement FIFO logic to store the entire message before the
hashing process.
The inputs and outputs along with key lengths used in different VHASH phases
are tabularized as follows:
1 VHASH Inputs & Outputs
PHASE1
PHASE2
PHASE3
(No. of bits)
(No. of bits)
(No. of bits)
Data (input)
1024
128
128
Key/Keys (input)
1024
128
2 keys each of 64
Output
128
128
64
VHASH
3.3.1
VHASH Phase 1
The mathematical equation that represents this phase, (Eq.2, Chapter 2), is
implemented as individual tasks and simpler mathematical functions. VHASH Phase1
design consists of four tasks that are dependent on their predecessor tasks for their input.
Each task in this phase is designed as an individual hardware module with its
clock and reset signals. To take advantage of parallel processing and to improve
efficiency, the data and key sub packets are provided at the same clock cycle to the
14
“Endian converter and 64-bit adder” module respectively. Table 2 illustrates how, the
entire data packet of 1024-bits is divided into 4 sets of sub packets and each sub packet is
64-bit long. Similar arrangement is done for the key packet as well.
Phase1_top
data subphase1
Key subphase1
data subphase2
data subphase4
Key subphase2
Endian Conversion and
64-bit addion
Key subphase3
Key subphase4
64-bit multiplication
128-bit addition
Wait for eop to process L1NH
Modulus calculation
and L1NH generation
for one packet
L1NH
data subphase3
PHASE 2
Figure 2- VHASH Phase 1 Top
15
2 VHASH Phase 1 data packet distribution
Set1 (64*4)bits Set2 (64*4)bits
Set3 (64*4)bits
Set4 (64*4)bits
data subphase 1 data subphase 5
data subphase 9
data subphase 13
data subphase 2 data subphase 6 data subphase 10 data subphase 14
data subphase 3 data subphase 7 data subphase 11 data subphase 15
data subphase 4 data subphase 8 data subphase 12 data subphase 16
As shown in the table, each set is 256-bits and all the data subphases in a set are
processed at one clock. Similarly, the key subphases are processed before the data packet
transmission starts. We therefore, exploit parallelism through pipelining.
The final output of Phase1 is called as L1NH (level-1 NH). L1NH is calculated
after processing all the four sets of data and key packets in this phase.
3.3.2
VHASH Phase 2
Phase2 is not as complex as Phase1. As described in Chapter 2, this phase is
called “Fixed length” because the modulus used enforces the output to be strictly 128-bit.
It takes the input from Phase1 and performs the addition and modulus operations as per
16
Equation 5 that involves a new key value specific to this phase. The key for this phase is
128-bit long.
p = (k + a) mod (2127 − 1)
p1 = p div (264 − 232)
p2 = p mod (264 − 232)
Equation 5- Phase 2 modulus calculation as per the network model designed
where, k is the key and ‘a’ is the output of Phase1. This equation is different from Eq.2
in Chapter 2 for Fixed Length phase. The equation in Chapter 2 is defined for memoryresiding data. However, in this project, we have data packet size as 1024-bits, therefore
the equation is modified accordingly. VHASH Phase2 is realized as a single module as
shown in Figure 3. This module starts the processing after getting the output from Phase
1. The key value (k) is stored in an array before the data packet transmissions starts.
17
k
128 b
128b
L1NH
64 b
p1
64 b
p2
VHASH_phase2
reset
clock
Figure 3- VHASH Phase 2 Modular Design
3.3.3
VHASH Phase 3
Phase3 is called Distillation. It performs two basic operations, namely: division
and modulus on outputs from Phase2. This phase has its unique set of 64-bit keys
namely, k1 and k2. The equation that performs the overall hashing for this phase is
described below:
h = (p1 + k1) × (p2 + k2) mod (264 − 257)
Equation 6- Phase 3 modulus calculation
where, h is the final VHASH value for one packet (1024-bits) , and k1/k2 are keys for
Phase 3. Phase 2 provides p1 and p2 that generates a 64-bit hashed value called h. Hence,
18
the data packet whose length is 1024-bits is hashed to the length of 64-bits. Phase 3, as
shown in the following figure, is also implemented as a single module, which does the
final hashing on the input data packet processed, by Phase1 and Phase2.
k1
k2
64b
64b
64b
p1
64b
p2
VHASH_phase3
64 b
VHASH
reset
clock
hash_complete
Figure 4-VHASH Phase 3 Modular Design
3.3.4
VHASH Output
The final output generated at the end of Phase 3 is associated with a signal called
hash_complete that determines the end of the hashing process for one packet. The entire
hashing process is performed for each network packet received by the dut_top module as
shown in Figure1.
19
In this project, the top module gets one set of data and key packet (i.e. 4 dataphase
and keyphase) on every clock. Initially, just after the system comes out of reset state, the
keys for each phase are stored in their respective modules. The key packet for phase 1
takes 4 clock cycles to be stored. After all the keys are stored, the data transmission
starts. Figure 5 summarizes the VHASH pipelined design with parallel inputs.
This project considers an ideal network with no network noise and attacks,
however, in reality the network is quite dynamic and prone to a lot of noise and attacks,
which can result in disordered, delayed and sometimes lost data packets.
20
Figure 5- Pipelined Datapath for VHASH Design
21
Chapter 4
MODELING OF VHASH IN SYSTEM VERILOG
4.1 Overview
This chapter covers the modeling of VHASH algorithm in System Verilog
hardware descriptive language. Modeling refers to representing the functionality of the
VHASH algorithm using the syntax of System Verilog.
The proposed model is
synthesizable, meaning that it is convertible into a logical gate-level representation using
a synthesis tool.
All the blocks in the design hierarchy are modeled in behavioral style of System
Verilog. This style models the functionality of a digital circuit at highest level of
abstraction. It captures the functionality of a design at an algorithmic level. Its syntax is
similar to ‘C’ language.
The design methodology undertaken in this project is the bottom-up methodology
[12]. In this approach, the leaf components in the design hierarchy are developed first
and the higher-level components are constructed by instantiating and inter-connecting the
subcomponents.
22
4.1.1
Advance Features of System Verilog
The design implementation uses two advance features of System Verilog. Other
features that are related to verification are described in detail in Chapter 5.
1. Streaming Operator –
The streaming operators perform packing of bit-stream types into a sequence of
bits in a user-specified order. When used in the left-hand-side, the streaming
operators perform the reverse operation; unpack a stream of bits into one or more
variables [9]. Refer Equation 7 for usage.
2. Procedural Blocks –
The specialized always_comb and always_ff procedural blocks indicate the design
intent. The software tools do not need to infer the designer’s intend. If the content of a
specialized procedural block does not match the rules for that type of logic, software
tools can issue warning messages [10].
4.2 Implementation
The proposed VHASH hardware model is a 3-phased pipelined design. The
communication between the design and the verification environment is modeled using
System Verilog Interface, which is intended for capturing or monitoring communication
23
protocols. Figure 5 illustrates the top-level block diagram of the design. In the following
subsections, we describe how each block is modeled.
Figure 6-VHASH Implementation
4.2.1
VHASH Phase 1
The top level of VHASH phase 1 is shown in Figure 2. Each block in Phase1_top
is modeled as a System Verilog module, representing positive edge triggered sequential
logic. Each System Verilog component operates on new set of data (refer table 2) on
every clock.
24
4.2.1.1 Endian Converter and 64-bit Adder
This module converts the endianness of the data from big endian to little endian.
This is done with a special operator introduced in System Verilog. The operator is
defined as follows:
convdpi={<< byte {data subphase1}}
Equation 7-System Verilog endian conversion
statement using streaming operator
This operator converts the data subphasei from big Endian representation into
Little Endian and stores it in convdpi, where 1<i<5 . It also includes a simple adder. It
adds the output after endian conversion and the key received from the top module. On
every positive edge of the clock, after the key is stored, this module receives a new set of
data. The output for this module is one (4*64-bits data). Any carry-in is discarded to
make the output as a perfect 64-bit value.
add1
64 b
dp Set
256 b
Key Set
256b
reset
Endian conversion
& 64-bit Adder
64 b
64 b
64 b
clock
Figure 7- 64-bit Adder Module
add2
add3
add4
25
4.2.1.2 128-bit multiplier
This module multiplies the four 64-bit data values it receives from endian
converter and 64-bit adder module and generates two 128-bit output values.
mulphase1=add1*add2
mulphase2=add3*add4
Equation 8-Multiplier module statements
128 b
Added Data Set
256 b
mul1
128-bit Multiplier
reset
128 b
clock
mul2
Figure 8-128-bit Multiplier Module
4.2.1.3 128-bit Adder
This module is a 128-bit adder that adds mul1 and mul2 provided by the 128-bit
multiplier. This module generates a single 128-bit output. Any carry-out from the
addition is discarded.
26
mul1
mul2
128 b
128-bit Adder
128 b
128-bit Adder
Add_128
reset
clock
Figure 9-128-bit Adder Module
4.2.1.4 Modulus Calculator
This module is the most important component of this phase. It performs a
modulus operation of 2127 on its input from 128-bit adder. After every modulus operation
is performed, it stores the output in a variable. Once all of the four modulus-operated
values (for one data packet) are obtained, they are added together to make one single 128bit output, which is, called L1. Again, modulus of 2127 is applied on L1, which produces
L1NH.
To apply a mod of 2127 on the input, a simple mathematical solution is to make the
first 2 bits as zero and then concatenate the remaining 126 bits of the input with the zeros.
que1={1'b0,1'b0,add_128[3:128]}
Equation 9- Modulus (2127) statement
27
Figure 10 shows this module that performs the modulus function on the input
from the previous module. However, L1NH is calculated only after all the four sets of a
packet are processed.
Add_128
128 b
Modulus Calculator
128-bit Adder
& Adder
L1NH
reset
clock
Figure 10-Modulus and Adder Calculation Module
L1= que1+que2+que3+que4;
L1NH= L1 % 2127
Equation 10- L1NH calculation statement
4.2.2
VHASH Phase 2
This phase is called Fixed Length phase with a special modulus operation
associated with it. It applies a unique key on the output of VHASH phase1, i.e. L1NH.
28
L1NH
128 b
Phase2_key
128 b
64-bit p1
VHASH Phase 2
64-bit p2
reset
clock
Figure 11- VHASH Phase 2 Module
The modulus applied in this phase of VHASH algorithm is 2127-1.
Mathematically 2127-1 is represented as 7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF in
hexadecimal format. After receiving L1NH from Phase1, it is added with Phase2_key.
Next, a modulus of 2127-1 is applied on the added value. The output obtained after
applying the modulus is a unique prime number, p, which is used to generate two unique
prime numbers namely, p1 and p2. p1 and p2 are provided to Phase 3 as inputs.
p1=p/x;
p2=p mod x;
Equation 11- Phase 2 prime number calculations
where, x= 264 - 232 and it is represented as FFFFFFFF00000000 in hexadecimal format .
29
4.2.3
VHASH Phase 3
This phase is called Distillation because it generates a 64-bit output after distilling
the input to generate an output with reduced bits. Distilling is required when there is
disparity between the number of bits needed for the hash output and the universality
guarantee of (2−64)-A∆U. It involves one final hashing of the fixed length stage output
into fewer bits [3].
This phase has its own unique set of keys and a different modulus operation to be
performed. It applies the 64-bit keys k1 and k2 along with inputs p1 and p2 from the
Fixed Length phase. The mod in this phase is 264 -256. The operation of this phase is
formally represented as:
vhash=(p1+k1)*(p2+k2)mod 264 -256
Equation 12- Final VHASH calculation equation
where, vhash is the final hash value for one data packet of 1024-bits.
30
p1
64b
p2
64 b
64b
k1
k2
VHASH Phase 3
64b
VHASH
64b
reset
hash_complete
clock
Figure 12-VHASH Phase 3 Module
The final hashed value (VHASH) is 64-bit long and has a probability of 1/261 of
an external attack. This means that it is improbable to hack the final hashed value.
31
Chapter 5
VHASH Verification
5.1 Overview
In this chapter, the System Verilog test infrastructure (testbench) that was used to
verify the functionality of the VHASH model is presented. The simulation was done
using the Synopsys VCS® tool. The testbench fully validated the design by generating
cyclic random test vectors for the data subphases [see table 2] of the message and the
keys for all phases, passing them to the design model and finally comparing the actual
VHASH value with the expected VHASH value. A behavioral model of the VHASH
algorithm generated the expected value for each test vector. The correctness of this
behavioral model was also validated against a Python implementation [14] of the
algorithm
5.2 Verification Infrastructure
The verification infrastructure is closely tied to the hardware specification and
contains elements needed to validate the design under test (DUT). Figure 13 illustrates a
Generic Verification Infrastructure [13].
32
Figure 13- Generic Verification Infrastructure Shown at einfochips.com [13]
The verification phase of this project involved testbench development, test vector
generation, application of test cases to the design and termination of the test once a
desired functional coverage was reached. The verification methodologies adopted for this
project are referred to as “Constraint based and Non-constraint based Random
33
Verification”, where test cases are generated randomly using System Verilog randomizer
function.
5.2.1
Testbench Development
System Verilog supports several features that make the verification of a design
more reliable, structured and robust. These features include “Program block”, “Interface”
and “Clocking block”, constraint based randomization, object oriented programming
(OOP) and functional coverage. This subsection summarizes how these features were
used in validating the implementation of VHASH algorithm.
Testbench developed in this project utilizes Program Block 3. Program includes
tests and models used to validate a design. If properly used, it eliminates the potential
race condition between the testbench and the DUT4. Program block includes the
generation of test vectors, application of test vectors to the DUT, and verification of the
outputs of DUT.
OOP objects are used to represent test vectors applied to the DUT. Relying on
OOP objects provides us with a very efficient simulation infrastructure that effectively
utilizes available computing resources.
3
4
It is an entry point to the execution of test benches. It separates the testbench from the DUT.
The race condition refers to the issues in execution of testbench and design in proper timing regions.
34
Constraint based randomization (CRT) is used to generate and assign random
values to the test vectors that are applied to the DUT. “rand”5or “randc”6 data types are
used to declare test vectors. The test cases are generated using random number generator
system built-in task supported in System Verilog.
The Interface concept of System Verilog was used in the testbench. Interface is
commonly used for driving and sampling synchronous signals. The random test vectors
generated by CRT were applied to the DUT through interface ports. Similarly, the
outputs of DUT were sampled using interface ports.
The proposed testbench relies on functional coverage for a thorough verification
of the DUT. “Functional coverage is tied to the design intent and is sometimes called
specification coverage” [11]. It ensures that the design is verified thoroughly as per the
specifications. It samples the specified inputs for coverage. Once the coverage reaches a
desired level, the verification is considered complete.
5.3 VHASH Verification Infrastructure
Figure 14 shows the block diagram of the verification infrastructure used for the
proposed implementation of VHASH. Top is the verification wrapper that includes
“rand” modifier randomizes the variables every time a class is randomized. The variables are assigned a
value.
5
6
randc, which means random cyclic, modifier does not repeat a random value for variables until every
possible value has been assigned.
35
program, interface, DUT, and clock generation block needed for validation of the
proposed DUT.
Figure 14-VHASH Test Infrastructure
As shown in Figure 14, Program block communicates with the design block
through an Interface.
36
module top;
bit clock;
always #5 clock=~clock;
vhash_interface vintf(.*);
vhash_program prog(clock,vintf);
vhashtop dut(vintf);
endmodule
Figure 15-VHASH Top Definition
The interface and program are discussed in the next two sections. The clock
generator is defined in the top module to avoid the race conditions that exists in Verilog
[10].
5.3.1
VHASH Interface
A System Verilog interface encapsulates the connectivity between program and
design under test. It can also contain procedural code, tasks and functions along with the
synchronous signals between two entities. Once the common signals are determined and
defined, the interface block is used as a module port, replacing multiple discrete ports for
each communication signal. This is done by defining “modports” (module ports). The
modport construct of System Verilog indicates how a module or program instance uses
an interface. It specifies the direction of the interface signals, groups them based on their
37
corresponding clocks, and includes methods that monitor or specify the communication
protocols supported by the interface.
In this project, an interface was used to establish a communication between the
program representing the testbench and the VHASH design_top module. Two modports
were used in the interface, one for the program and one for the DUT. Figure 16 shows the
interface definition used in this project.
interface vhash_interface(input bit clock);
logic [63:0] dp1,dp2,dp3,dp4;
logic [63:0] kp1, kp2, kp3, kp4;
logic[63:0] phase2_key;
logic [63:0]VHASH;
logic [63:0]k1,k2;
logic [0:0]reset, hash_complete,eop, data, key;
logic [2:0]count;
clocking cb @(posedge clock);
output eop, data, key,count;
output dp1,dp2,dp3,dp4;
output kp1,kp2,kp3,kp4;
output k1,k2;
output phase2_key;
input VHASH, hash_complete;
endclocking
modport tb(input clock,hash_complete,VHASH,output
dp1,dp2,dp3,dp4,kp1,kp2,kp3,kp4,phase2_key,k1,k2,data,key,eop,reset,count);
modport vhtop(input
clock,reset,eop,data,key,count,dp1,dp2,dp3,dp4,kp1,kp2,kp3,kp4,k1,k2,phase2_key,output
hash_complete,VHASH);
endinterface
Figure 16- VHASH Interface
38
5.3.2
VHASH Program
In System Verilog, the test bench is not modeled as a System Verilog module.
Instead, it is developed as a program block, which supports multiple implicit timing
regions for sampling testbench results, scheduling the design events, observing System
Verilog assertions, taking reactive steps in the testbench. These timing regions, if used
effectively eliminate the race condition between the DUT and the testbench.
The testbench described in this chapter consists of a single program. It uses the
Object Oriented Programming feature of System Verilog to build random test vectors
dynamically. The random test vectors were generated using “rand” system built-in task
inside a “Class”7. The randomization method used in the testbench is “Constraint
Based8”, which programs the simulator to limit the selection of randomized value to a
specific value-set pool.
Another important and unique feature of System Verilog is Functional Coverage.
Functional coverage is a measure of how well the design meets the specifications. As
mentioned in Section 5.2.3, functional coverage in System Verilog is based on
“covergroup” and “coverpoint”. Covergroup encapsulates all the coverpoints required for
gathering coverage. Coverpoint is the variable or expression point where the simulator
7
A class encapsulates the data together with the functions and/or tasks that manipulate it.
Constraint based randomization automatically generates a large number of test cases, and can hit corner
cases faster which would normally not be easily reached with traditional methods.
8
39
samples its values. Figure 17 shows the randomized inputs, covergroup and coverpoint
definitions.
class Hash;
rand bit [15:0]dp1_r[4];
.
.
.
rand bit [15:0]dp16_r[4];
rand bit [15:0]kp1_r[4];
.
.
.
rand bit [15:0]kp16_r[4];
rand bit [15:0]phase2_key1_r[4];
rand bit [15:0]phase2_key2_r[4];
rand bit [15:0]k1_r[4];
rand bit [15:0]k2_r[4];
covergroup Coverage;
coverpoint this.dp1_r[0];
coverpoint this.dp1_r[1];
coverpoint this.dp1_r[2];
coverpoint this.dp1_r[3];
.
.
.
coverpoint this.dp16_r[0];
coverpoint this.dp16_r[1];
coverpoint this.dp16_r[2];
coverpoint this.dp16_r[3];
endgroup
function new;
CoverageDefinition
= new(); of VHASH Program with rand and covergroup
Figure 17-Class
endfunction
endclass
40
The covergroup illustrated in Figure 17 encapsulates all the coverpoints required
for verifying the VHASH design. These coverpoints are defined on the randomized
signals. Not all randomized signals need to be defined as coverpoint. It depends on the
design which inputs/ signals are necessary to gather appropriate coverage.
The pseudo code for the VHASH_program is shown in Figure 18. The test bench
(program) verifies the design until functional coverage reaches 100%. The verification
procedure involves generating stimuli randomly, passing them to the design through
VHASH Interface and verifying the correctness of the results obtained.
Class Hash
// see Figure 16
end class
initial begin
//reset the design
while (coverage < 100) begin
// randomize the cover points
// populate data phases and all the keys using the class object
// calculate the expected vhash value using the following function
vhash(data_in,phase1_key,phase2key,k1,k2,expected_vhash_value);
// pass the stimuli to the design and wait for the result
// compare the expected result with the VHASH value generated by the
//design to determine //correctness
// sample the Functional Coverage percentage
end
$finish;
end
Figure 18-VHASH Program Pseudo Code
41
5.3.3
VHASH Validation
To verify the correct functionality of the design, a System Verilog function was
developed, which took the stimuli as an input and calculated the expected vhash value.
Figure 19 illustrates the validation methodology used in this project. The input stimuli
generated in program block was provided to the System Verilog function, defined in a
package and to the DUT through interface, simultaneously. This package as shown in
Figure 20, has the VHASH function definition. This function defined in a System Verilog
package contains all the variables and phases involved in the VHASH algorithm as
shown in Figure 18.
Program
Testbench_package
interface
DUT
Vhash_function
outputs
Not matched
fail
matched
pass
Figure 19-Validation Infrastructure
42
package dut_validate;
logic [1:17][1:64]dp,kp,convdp,add64;
logic [1:9][127:0] mul;
logic [1:5][1:128] add128;
logic [127:0] L1NH, phase2_key, L3hash;
logic [63:0]p1, p2, k1, k2, expected_vhash_value;
logic [127:0]prime_p, out;
int i=1;
int a=1;
int j=1, k=1;
logic [127:0]p127=128'h 7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF; //(2^127 -1)
logic [63:0]mvalue=64'h FFFFFFFF00000000; // (2^64 - 2^32)
logic [63:0]p64=64'hFFFFFFFFFFFFFEFF; // (2^64 - 257)
logic [127:0]mod126=128'h 40000000000000000000000000000000;
function automatic vhash(input logic [1023:0]message,logic [1023:0]key,logic
[127:0]phase2_key,logic [63:0]k1,logic [63:0]k2,output logic [63:0]vhash_value);
dp[16]= message[63:0];
.
.
dp[1]=message[1023:960];
kp[16]=key[63:0];
.
.
kp[1]=key[1023:960];
endianconv(dp,convdp);
adder64(convdp,kp,add64);
mul128(add64,mul);
adder128(mul,add128);
modulus(add128,L1NH);
phase2(L1NH,phase2_key,p1,p2);
phase3(p1,p2,k1,k2,vhash_value);
endfunction
Figure 20-VHASH Validation Code using System Verilog Function in package
43
The System Verilog function was validated against an existing python code that
implements VMAC [14]. This python implementation of VMAC calls VHASH defined
in it for a particular message value. The message is given as a string to the VMAC python
code. To validate the System Verilog function against python following steps were
taken:
1. Select a message string in python code. The message chosen for this project was
m = 'abcd'*32
2. Execute the python code and trace the key values for phase 1, phase 2 and phase 3
of vhash algorithm in VMAC code.
3. Convert those values in hexadecimal format to provide to the System Verilog
function.
4. Once all the values required by the vhash function were gathered from the python
code, the vhash function using those values was executed as shown in Figure 21.
5. After the results were gathered from the vhash function, they were compared to
the final vhash output generated by the python code for that specific message
value.
Using these steps, we validated the correctness of the vhash function used in the
testbench. The code and verification results for this phase are provided in Appendix B.
The validation results from System Verilog testbench are available in the Appendix C.
44
`include "package_validate.sv"
program automatic test;
import dut_validate::*;
initial
begin
message=1024'h61626364616263646162636461626364616263646162636461626364616263
646162636461626364616263646162636461626364616263646162636461626364616263646
162636461626364616263646162636461626364616263646162636461626364616263646162
63646162636461626364616263646162636461626364;
key=1024'h015B9AAEFEC60D4D399F9F38B6B71F4CF15B09221DFE654A963E17B85AC734B95
61A7E3830635AA8453936347A91EACBD64828CC0BA193791256E6BBB32ABEBC6889F88174F
44CBB1519C70F640D7A78D987448D871EE431B6CF664DE495E51FE64968A06A1D1F02B68E2
68D1C6E415E2212945ED4F292D1B9BE829DA8A48425;
phase2_key=128'h53426b1061372c714587ada018cdb2e;
k1=64'hA6C298B04353ADC3;
k2=64'hDF25DE6543D0DD0A;
vhash(message,key,phase2_key,k1,k2,vhash_value);
$display("vhash_value=%h",vhash_value);
end
initial
begin
#100 $finish;
end
endprogram
Figure 21-Program Block to validate VHASH Function with Inputs from Python Code
45
After validating the behavioral model of the VHASH algorithm (function) against
the python code, it was used to validate the proposed pipelined design.
Figure 22 illustrates the simulation results for the first four test cases. Each test case starts
with randomizing the variable defined as “rand” (Figure17), to populate data and keys for
the design. Then, the expected vhash value was calculated using the “vhash” function.
Once the design had hashed the message packet, a “hash_complete” signal was asserted.
After reading this signal, program block executed an “if” statement that compared the
vhash value generated by the hardware with the expected results to catch any mismatch.
The last step in each test case generated was gathering the Functional Coverage and
continuing with the next test cases until all design features were tested.
The test cases generated were randomized but not constraint, which helped the
tool to reach functional coverage as 100%, but if constraints were added to the
randomized variables, the functional coverage achieved was 93%. The difference in the
coverage percentage is due to the limitation of system resources. After 93%, the tool’s
I/O bus was blocked and the tool terminated the execution in an inconsistent state.
46
Test#
0
Actual VHASH value=0000000000000000
*****Error*****
Functional Coverage= %1.562500
Test#
1
expected vhash value=3978a1b365efa1ea
Actual VHASH value=3978a1b365efa1ea
*****Match*****
Functional Coverage= %3.125000
Test#
2
expected vhash value=4daf7ae45a4be7d7
Actual VHASH value=4daf7ae45a4be7d7
*****Match*****
Functional Coverage= %4.663086
Test#
3
expected vhash value=517f8b54d639daa5
Actual VHASH value=517f8b54d639daa5
*****Match*****
Functional Coverage= %6.152344
Figure 22- Sample Simulation Results
47
Chapter 6
VHASH SYNTHESIS
6.1 Overview
One of the objectives of this project was to develop a synthesizable model of the
VHASH algorithm. Synthesis is the process of converting the register transfer level
(RTL) representation of a design into an optimized gate-level netlist. This is a major step
in ASIC design flow that takes an RTL model closer to a low-level hardware
implementation.
Synthesis consists of three main steps namely, “Translation”, “Optimization”
and “Mapping”. Translation is the process of converting the RTL description of a design
into a non-optimized intermediate representation. The second step, “logic optimization”,
optimizes the translated representation by removing redundant logic and performing
Boolean logic optimizations. Finally, “technology mapping & optimization” step maps
the optimized representation to an optimized gate level representation using the
technology library cells based on design constraints [12].
In general, there are two approaches to synthesize a hierarchical design, bottomup and top-down approach. These approaches are used for reading, analyzing and
elaborating the components in the Design Compiler® tool for synthesis process.
48
Following figure has been taken from Synopsys® Galaxy Webinar series that clearly
describes the synthesis process [16].
Figure 23-Synthesis Process Explained in Synopsys® Galaxy Seminar Series 2003 [16]
In this chapter, we describe how the Synopsys Design Compiler® tool was
utilized to synthesize the verified VHASH model. A “tickle script” was developed to
synthesize the model based on certain constraints. The script generated several synthesis
reports that including timing and area estimates for the design. Due to time limitations,
49
the documentation for only Phase 1 is included in this project. However, we confirmed
that all other phases were synthesizable as well.
6.2 Synthesis Methodology Adopted for Phase 1
This project utilized the bottom-up approach for synthesis. This means
that all the modules that are on the lowest level of hierarchy were read, analyzed and
elaborated first and then the higher level was processed. Figure 24 shows the
synthesizable hierarchical design for Phase1.
Figure 24- Synthesizable Design Hierarchy of Phase 1
Following the bottom-up approach, the endian converter & adder, 64-bit
multiplier, 128-bit adder and modulus calculator modules were read, analyzed and
50
elaborated first and then phase1 top. To perform all the synthesis steps, a tickle script was
written with all the synthesis commands for the design. The synthesis script is provided
in Appendix D.
After reading, analyzing and elaborating the modules, a 100 MHz clock signal
was applied to the clock port of the Phase 1 module. In addition to the clock, an input
delay of 1ns and output delay of 0.1 ns with respect to the clock port were applied. This
was done to set a safe margin by considering any unintended source of delay such as the
delay associated with driving module/modules.
The tool was programmed next to generate a unique design for each cell instance
by removing the multiple-instantiated hierarchy in the current design. Later, the tool was
constrained for “high effort” boundary optimization.
At the end, the tool generated reports for the optimized gate level netlist area, the
worst combinational path timing, and any violated design constraint.
6.3 Synthesis Results
Phase1 was successfully synthesized at 100MHz clock using LSI 10k
library. This library is provided with our synthesis tool. We expect the design to be able
to operate at a higher frequency if it is synthesized using a more recent technology.
51
The synthesis results for Phase 1 are tabulated in table 3. The table shows the
clock frequency, the input and output constraints, the timing slack, and the cell area
generated after synthesis. The detailed synthesis reports are provided in Appendix D.
3- Synthesis Results
Synthesis Constraints
Clock
Input delay
Output delay
100MHz
1ns
0.1ns
Timing Report
Slack met (3.37ns)
Area Report
73904.000000
(library unit)
52
Chapter 7
CONCLUSIONS
In this project, a hardware accelerator for the VHASH algorithm was designed,
modeled and verified using the System Verilog hardware description language. The
Synopsys VCS® tool was used for simulation and verification of the model. The hardware
model for Phase 1 was then synthesized using the Synopsys Design Compiler® tool. In
addition to validation in System Verilog, the model was also validated against a software
implementation of the VHASH algorithm.
The proposed implementation of the VHASH algorithm takes advantage of
pipelining to improve the efficiency of the hardware accelerator. It reduces the delay
associated with data and key arrival in the first phase of VHASH for processing them in
the later stages of the pipe. This allows the hardware to process multiple data and key
subphases in parallel. This increase in the message-hashing throughput enables the
hardware accelerator to complete the algorithm more efficiently compared to a nonpipelined implementation. This makes the proposed hardware model implementation
suitable for time critical encryption applications. In addition, the hardware
implementation of VHASH algorithm results in higher level of security as the keys
53
generated are random and can be changed any time when the sender and receiver agree
for it, which makes hacking improbable.
The pipelined design was thoroughly validated using several unique features of
System Verilog including interface and program. The test infrastructure utilized a System
Verilog interface and its clocking block to enforce synchronization between the design
and the testbench
The testbench included Functional Coverage to measure the verification. A
System Verilog behavioral model was used to validate the design model. This model
itself was validated against a software implementation of VHASH (in python).
Finally, we confirmed that the proposed design was synthesizable. We generated
the gate-level netlist for the main portion of the design, namely Phase 1. Our synthesis
results showed that the hardware for Phase 1 operates at 100 MHz if built using LSI 10 K
technology library. We expect the design to operate at a higher frequency when built
using a current technology library.
54
Chapter 8
FUTURE ENHANCEMENTS
Every project has some scope for future enhancement and new horizons of
research. This project also has few areas for future enhancements.
We have modified the algorithm to suit the networking dynamics, but there are
other areas where VHASH algorithm can utilized for future research work. Few
possibilities include; a network adaptation of VHASH algorithm with varied packet size
and message size, which would be an additional challenge in designing the accelerator.
In terms of more hardware-focused possibilities, one can implement VHASH as
FPGA accelerator and compare the results with the ASIC implementation.
Lastly, verification focused individuals can implement VHASH and then use
UMV or OVM
9
Verification methodologies to verify the design with variety of
verification environments and automation.
9
UVM is Universal Verification Methodology and OVM is Open Verification Methodology. These
methodology bring automation to System Verilog Verification infrastructure.
55
Appendix A: VHASH HARDWARE MODEL SOURCE FILES
Addphase1.sv
module addphase(input logic [63:0]dp1,logic [63:0]dp2,logic
[63:0]dp3,logic [63:0]dp4,logic [63:0]kp1,logic [63:0]kp2,logic
[63:0]kp3,logic [63:0]kp4, logic clk,logic reset,logic data,logic
key,logic [2:0]count, output logic [0:63]add1,logic [0:63]add2,logic
[0:63]add3,logic [0:63]add4);
logic [63:0] convdp1, convdp2, convdp3, convdp4;
logic [1:4][1:64]array1, array2, array3, array4;
typedef enum [1:0]{s0,s1,s2, s3}states_t;
parameter one=3'b001, two=3'b010, three=3'b011, four=3'b100;
parameter data_one=1'b1, data_zero=1'b0;
states_t state,next_state;
always_ff @(posedge clk, negedge reset)
begin
if(!reset)
begin
state<=s0;
end
else
begin
state<=next_state;
end
end
always_comb
begin
case(state)
s0: begin
56
add1='0;
add2='0;
add3='0;
add4='0;
array1='0;
array2='0;
array3='0;
array4='0;
next_state=s1;
end
s1: begin
if(key==1'b1)
begin
case(count)
one:
begin
array1[1]=kp1;
array1[2]=kp2;
array1[3]=kp3;
array1[4]=kp4;
end
two:
begin
array2[1]=kp1;
array2[2]=kp2;
array2[3]=kp3;
array2[4]=kp4;
end
three:
begin
array3[1]=kp1;
array3[2]=kp2;
array3[3]=kp3;
array3[4]=kp4;
end
four:
begin
57
array4[1]=kp1;
array4[2]=kp2;
array4[3]=kp3;
array4[4]=kp4;
end
default:
begin
array1='0;
array2='0;
array3='0;
array4='0;
end
endcase
next_state=s1;
end // if
else
if(data==1'b1 && key==1'b0)
next_state=s2;
else
next_state=s0;
end
s2:
begin
if(data==1'b1)
begin
case(count)
one:
begin
convdp1={<< byte {dp1}};
convdp2={<< byte {dp2}};
convdp3={<< byte {dp3}};
convdp4={<< byte {dp4}};
add1=convdp1+array1[1];
add2=convdp2+array1[2];
add3=convdp3+array1[3];
add4=convdp4+array1[4];
end
58
two:
begin
convdp1={<< byte {dp1}};
convdp2={<< byte {dp2}};
convdp3={<< byte {dp3}};
convdp4={<< byte {dp4}};
add1=convdp1+array2[1];
add2=convdp2+array2[2];
add3=convdp3+array2[3];
add4=convdp4+array2[4];
end
three:
begin
convdp1={<< byte {dp1}};
convdp2={<< byte {dp2}};
convdp3={<< byte {dp3}};
convdp4={<< byte {dp4}};
add1=convdp1+array3[1];
add2=convdp2+array3[2];
add3=convdp3+array3[3];
add4=convdp4+array3[4];
end
four:
begin
convdp1={<< byte {dp1}};
convdp2={<< byte {dp2}};
convdp3={<< byte {dp3}};
convdp4={<< byte {dp4}};
add1=convdp1+array4[1];
add2=convdp2+array4[2];
add3=convdp3+array4[3];
add4=convdp4+array4[4];
end
default: begin
convdp1=0;
convdp2=0;
convdp3=0;
convdp4=0;
add1=0;
59
add2=0;
add3=0;
add4=0;
end
endcase
next_state=s2;
end // if
else
if(key==1'b1 && data==1'b0)
next_state=s1;
else
next_state=s0;
end
default: next_state=s0;
endcase
end
endmodule
Mulphase.sv
module addphase2(input logic clk, logic reset,logic [1:128]mul1,
logic [1:128]mul2,output logic [3:128]add21);
logic [1:128]add128;
logic [1:128]m1,m2;
typedef enum [0:0]{s0,s1}states_t;
states_t state,next_state;
always_ff @(posedge clk, negedge reset)
begin
if(!reset)
begin
state<=s0;
end
else
begin
state<=next_state;
end
end
60
always_comb
begin
case(state)
s0: begin
add21='0;
next_state=s1;
end
s1: begin
m1=mul1;
m2=mul2;
add128=m1+m2;
add21=add128[3:128];
next_state=s1;
end
default:
begin
add128=0;
add21='0;
next_state=s0;
end
endcase
end
endmodule
Addphase2.sv
module addphase2(input logic clk, logic reset,logic [1:128]mul1, logic
[1:128]mul2,output logic [3:128]add21);
logic [1:128]add128;
logic [1:128]m1,m2;
61
typedef enum [0:0]{s0,s1}states_t;
states_t state,next_state;
always_ff @(posedge clk, negedge reset)
begin
if(!reset)
begin
state<=s0;
end
else
begin
state<=next_state;
end
end
always_comb
begin
case(state)
s0: begin
add21='0;
next_state=s1;
end
s1: begin
m1=mul1;
m2=mul2;
add128=m1+m2;
add21=add128[3:128];
next_state=s1;
end
default:
begin
add128=0;
add21='0;
next_state=s0;
end
endcase
62
end
endmodule
Modulus.sv
`define m127 128'h 40000000000000000000000000000000
module mod(input logic clk, logic reset,logic eop,logic
[2:0]count,logic [3:128]add21,output logic [1:128]L1NH);
logic [1:128]modulus;
logic [1:128]que1,que2,que3,que4;
logic [1:128] L1;
parameter one=3'b001, two=3'b010, three=3'b011, four=3'b100;
typedef enum [0:0]{s0,s1}states_t;
states_t state,next_state;
always_ff @(posedge clk, negedge reset)
begin
if(!reset)
begin
state<=s0;
end
else
begin
state<=next_state;
end
end
always_comb
begin
case(state)
s0: begin
L1NH='0;
modulus='0;
63
que1='0;
que2='0;
que3='0;
que4='0;
next_state=s1;
end
s1: begin
if(count<3'b101)
begin
case(count)
one:
begin
que1={1'b0,1'b0,add21};
end
two:
begin
que2={1'b0,1'b0,add21};
end
three:
begin
que3={1'b0,1'b0,add21};
end
four:
begin
que4={1'b0,1'b0,add21};
end
endcase
next_state=s1;
end
64
else
begin
que1='0;
que2='0;
que3='0;
que4='0;
next_state=s0;
end
if(eop==1)
begin
L1=que1+que2+que3+que4;
L1NH=L1 % `m127;
next_state=s1;
end
else
begin
L1='0;
end
end
endcase
end
endmodule
phase1_top.sv
// synopsys translate_off
`include "addphase1.sv"
`include "mulphase.sv"
`include "addphase2.sv"
`include "modulus.sv"
// synopsys translate_on
module phase1_top(input logic clk,logic reset,logic eop,logic
data,logic key,logic [2:0]count,logic [63:0]dp1,logic
[63:0]dp2,logic [63:0]dp3,logic [63:0]dp4,logic [63:0]kp1,logic
[63:0]kp2,logic [63:0]kp3,logic [63:0]kp4, output logic
[1:128]L1NH);
65
wire [0:63]add1, add2, add3, add4;
wire [1:128]mul1,mul2;
wire [3:128]add21;
addphase addph1(dp1,dp2,dp3,dp4,kp1, kp2, kp3, kp4,clk,
reset,data,key,count,add1, add2, add3, add4);
mulphase mulph(clk, reset,add1, add2, add3, add4,mul1, mul2);
addphase2 addph2(clk, reset,mul1, mul2,add21);
mod mod1(clk, reset, eop,count,add21, L1NH);
endmodule
Dut2.sv
`define p127 128'h 7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
`define x 64'h FFFFFFFF00000000
`define pp164 64'h 7FFFFFFFFFFFFFFF
`define pp264 64'h FFFFFFFFFFFFFFFF
module dut_phase2(input [1:128]L1NH, [63:0]phase2_key, [0:0]clk,
reset,key,[2:0]count, output logic [63:0]p1, logic [63:0]p2);
logic [127:0]prime_p;
logic [127:0]d,d1;
logic [63:0]intermediate_mod;
logic [127:0]L1output_phase2key; // stores addition of Level 1
output and phase2 dp value.
logic[1:0][63:0]L2key;
logic [2:0][63:0]ph2_key;
parameter one=3'b001, two=3'b010;
typedef enum[1:0]{s0,s1,s2}fsm;
fsm state,next_state;
always_ff@(posedge clk, negedge reset)
66
begin
if(!reset)
begin
state<=s0;
end
else
begin
state<=next_state;
end
end
always_comb
begin
case(state)
s0: begin
L2key=0;
d=0;
next_state=s1;
end
s1: begin
if(key==1'b1 && count<3'b100)
begin
case(count)
one:
begin
ph2_key[1]=phase2_key;
next_state=s1;
end
two:
begin
ph2_key[2]=phase2_key;
next_state=s1;
end
67
endcase
end
else
begin
L2key={ph2_key[1],ph2_key[2]};
next_state=s2;
end
end
s2: begin
if(L1NH && key==1'b0)
begin
L1output_phase2key=L2key+L1NH;
d1=L1output_phase2key/`pp264;
d=d1/`pp164;
prime_p= (L1output_phase2key)-(d*`p127);
p1=prime_p/`x;
p2=(prime_p)-(p1*`x);
next_state=s2;
end
if(key==1'b1)
next_state=s1;
else
next_state=s2;
end
endcase
end
endmodule
68
Dut3.sv
`define p64 64'hFFFFFFFFFFFFFEFF
module dut_phase3(input
[63:0]p1,p2,k1,k2,[0:0]clk,reset,key,[2:0]count,output logic
hash_complete,logic [63:0]VHASH);
logic [63:0]intermediate_mod,vhash;
logic [63:0]phase3_k1, phase3_k2;
logic [127:0]L3hash;
//p64=(2^64 - 257)
typedef enum [1:0]{s0,s1,s2}states_fsm;
states_fsm state,next_state;
always_ff@(posedge clk, negedge reset)
begin
if(!reset)
begin
state<=s0;
end
else
begin
state<=next_state;
end
end
always_comb
begin
case(state)
s0: begin
VHASH=0;
next_state=s1;
end
s1: begin
if(key==1'b1 && count==3'b001)
69
begin
phase3_k1=k1;
phase3_k2=k2;
next_state=s2;
end
else
next_state=s1;
end
s2: begin
if(p1 && p2 && key==1'b0)
begin
L3hash= (p1+phase3_k1)*(p2+phase3_k2);
intermediate_mod=L3hash/`p64;
VHASH=(L3hash)-(intermediate_mod*`p64);
hash_complete=1;
end
else
next_state=s2;
end
endcase
end
endmodule
Dut_top.sv
// synopsys translate_off
`include "addphase1.sv"
70
`include
`include
`include
`include
`include
"mulphase.sv"
"addphase2.sv"
"modulus.sv"
"dut2.sv"
"dut3.sv"
// synopsys translate_on
module dut_top(input logic clk,logic reset,logic eop,logic
data,logic key,logic [2:0]count,logic [63:0]dp1,logic
[63:0]dp2,logic [63:0]dp3,logic [63:0]dp4,logic [63:0]kp1,logic
[63:0]kp2,logic [63:0]kp3,logic [63:0]kp4, logic [63:0]phase2_key,
logic [63:0]k1,logic [63:0]k2, output logic [63:0]VHASH, logic
[0:0]hash_complete);
wire [1:128]L1NH;
wire [63:0]p1,p2;
phase1_top
ph1top(.clk(clk),.reset(reset),.eop(eop),.data(data),.key(key),
.count(count),.dp1(dp1),.dp2(dp2),.dp3(dp3),.dp4(dp4),.kp1(kp1),.kp2
(kp2),.kp3(kp3),.kp4(kp4),.L1NH(L1NH));
dut_phase2
phase2(.L1NH(L1NH),.phase2_key(phase2_key),.clk(clk),.reset(reset),.
key(key),.count(count),.p1(p1),.p2(p2));
dut_phase3
phase3(.p1(p1),.p2(p2),.k1(k1),.k2(k2),.clk(clk),.reset(reset),.key(
key),.count(count),.hash_complete(hash_complete),.VHASH(VHASH));
endmodule
vhash_top.sv
// synopsys translate_off
`include "dut_top.sv"
module vhashtop(vhash_interface.vhtop vintf);
logic
logic
logic
logic
[63:0]dp1;
[63:0]dp2;
[63:0]dp3;
[63:0]dp4;
71
logic
logic
logic
logic
logic
logic
logic
logic
logic
logic
[63:0]kp1;
[63:0]kp2;
[63:0]kp3;
[63:0]kp4;
[2:0]count;
eop, key, data, hash_complete;
[63:0]VHASH;
[63:0]phase2_key;
[63:0]k1;
[63:0]k2;
wire [1:128]L1NH;
wire [63:0]p1;
wire [63:0]p2;
dut_top
dut(.clk(vintf.clk),.reset(vintf.reset),.eop(vintf.eop),.data(vintf.
data),.key(vintf.key),.count(vintf.count),.dp1(vintf.dp1),.dp2(vintf
.dp2),.dp3(vintf.dp3),.dp4(vintf.dp4),.kp1(vintf.kp1),.kp2(vintf.kp2
),.kp3(vintf.kp3),.kp4(vintf.kp4),.phase2_key(vintf.phase2_key),.k1(
vintf.k1),.k2(vintf.k2),.hash_complete(vintf.hash_complete),.VHASH(v
intf.VHASH));
endmodule
interface.sv
// synopsys translate_off
interface vhash_interface(input bit clk);
logic [63:0]dp1,dp2,dp3,dp4;
logic [63:0]kp1, kp2, kp3, kp4;
logic [63:0]phase2_key;
logic [63:0]VHASH;
logic [63:0]k1,k2;
logic reset,key,hash_complete,eop,data;
72
logic [2:0]count;
clocking cb @(posedge clk);
output
output
output
output
output
output
output
output
output
output
output
output
output
output
output
eop;
data;
key;
count;
dp1;
dp2;
dp3;
dp4;
kp1;
kp2;
kp3;
kp4;
k1;
k2;
phase2_key;
input VHASH, hash_complete;
endclocking
modport tb(input clk,output reset,clocking cb);
modport vhtop(input
clk,reset,eop,data,key,count,dp1,dp2,dp3,dp4,kp1,kp2,kp3,kp4,k1,k2,p
hase2_key,output hash_complete,VHASH);
endinterface
prog.sv
// synopsys translate_off
program automatic vhash_program(input clk,vhash_interface.tb vintf);
import validate::*;
initial
$vcdpluson;
// declaring a class !!!
73
class Hash;
rand bit [15:0]dp1_r[4];
rand bit [15:0]dp2_r[4];
rand bit [15:0]dp3_r[4];
rand bit [15:0]dp4_r[4];
rand bit [15:0]dp5_r[4];
rand bit [15:0]dp6_r[4];
rand bit [15:0]dp7_r[4];
rand bit [15:0]dp8_r[4];
rand bit [15:0]dp9_r[4];
rand bit [15:0]dp10_r[4];
rand bit [15:0]dp11_r[4];
rand bit [15:0]dp12_r[4];
rand bit [15:0]dp13_r[4];
rand bit [15:0]dp14_r[4];
rand bit [15:0]dp15_r[4];
rand bit [15:0]dp16_r[4];
rand
rand
rand
rand
rand
rand
rand
rand
rand
rand
rand
rand
rand
rand
rand
rand
bit
bit
bit
bit
bit
bit
bit
bit
bit
bit
bit
bit
bit
bit
bit
bit
[15:0]kp1_r[4];
[15:0]kp2_r[4];
[15:0]kp3_r[4];
[15:0]kp4_r[4];
[15:0]kp5_r[4];
[15:0]kp6_r[4];
[15:0]kp7_r[4];
[15:0]kp8_r[4];
[15:0]kp9_r[4];
[15:0]kp10_r[4];
[15:0]kp11_r[4];
[15:0]kp12_r[4];
[15:0]kp13_r[4];
[15:0]kp14_r[4];
[15:0]kp15_r[4];
[15:0]kp16_r[4];
rand
rand
rand
rand
bit
bit
bit
bit
[15:0]phase2_key1_r[4];
[15:0]phase2_key2_r[4];
[15:0]k1_r[4];
[15:0]k2_r[4];
covergroup
coverpoint
coverpoint
coverpoint
coverpoint
Coverage;
this.dp1_r[0];
this.dp1_r[1];
this.dp1_r[2];
this.dp1_r[3];
74
coverpoint
coverpoint
coverpoint
coverpoint
this.dp2_r[0];
this.dp2_r[1];
this.dp2_r[2];
this.dp2_r[3];
coverpoint
coverpoint
coverpoint
coverpoint
this.dp3_r[0];
this.dp3_r[1];
this.dp3_r[2];
this.dp3_r[3];
coverpoint
coverpoint
coverpoint
coverpoint
this.dp4_r[0];
this.dp4_r[1];
this.dp4_r[2];
this.dp4_r[3];
coverpoint
coverpoint
coverpoint
coverpoint
this.dp5_r[0];
this.dp5_r[1];
this.dp5_r[2];
this.dp5_r[3];
coverpoint
coverpoint
coverpoint
coverpoint
this.dp6_r[0];
this.dp6_r[1];
this.dp6_r[2];
this.dp6_r[3];
coverpoint
coverpoint
coverpoint
coverpoint
this.dp7_r[0];
this.dp7_r[1];
this.dp7_r[2];
this.dp7_r[3];
coverpoint
coverpoint
coverpoint
coverpoint
this.dp8_r[0];
this.dp8_r[1];
this.dp8_r[2];
this.dp8_r[3];
coverpoint
coverpoint
coverpoint
coverpoint
this.dp9_r[0];
this.dp9_r[1];
this.dp9_r[2];
this.dp9_r[3];
coverpoint
coverpoint
coverpoint
coverpoint
this.dp10_r[0];
this.dp10_r[1];
this.dp10_r[2];
this.dp10_r[3];
coverpoint this.dp11_r[0];
coverpoint this.dp11_r[1];
75
coverpoint this.dp11_r[2];
coverpoint this.dp11_r[3];
coverpoint
coverpoint
coverpoint
coverpoint
this.dp12_r[0];
this.dp12_r[1];
this.dp12_r[2];
this.dp12_r[3];
coverpoint
coverpoint
coverpoint
coverpoint
this.dp13_r[0];
this.dp13_r[1];
this.dp13_r[2];
this.dp13_r[3];
coverpoint
coverpoint
coverpoint
coverpoint
this.dp14_r[0];
this.dp14_r[1];
this.dp14_r[2];
this.dp14_r[3];
coverpoint
coverpoint
coverpoint
coverpoint
this.dp15_r[0];
this.dp15_r[1];
this.dp15_r[2];
this.dp15_r[3];
coverpoint
coverpoint
coverpoint
coverpoint
this.dp16_r[0];
this.dp16_r[1];
this.dp16_r[2];
this.dp16_r[3];
endgroup
function new;
Coverage = new();
endfunction
constraint c_data{
dp1_r[0]
dp1_r[1]
dp1_r[2]
dp1_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
dp2_r[0]
dp2_r[1]
dp2_r[2]
dp2_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
dp3_r[0] inside {[16'h1111:16'hffff]};
dp3_r[1] inside {[16'h1111:16'hffff]};
76
dp3_r[2] inside {[16'h1111:16'hffff]};
dp3_r[3] inside {[16'h1111:16'hffff]};
dp4_r[0]
dp4_r[1]
dp4_r[2]
dp4_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
dp5_r[0]
dp5_r[1]
dp5_r[2]
dp5_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
dp6_r[0]
dp6_r[1]
dp6_r[2]
dp6_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
dp7_r[0]
dp7_r[1]
dp7_r[2]
dp7_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
dp8_r[0]
dp8_r[1]
dp8_r[2]
dp8_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
dp9_r[0]
dp9_r[1]
dp9_r[2]
dp9_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
dp10_r[0]
dp10_r[1]
dp10_r[2]
dp10_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
dp11_r[0]
dp11_r[1]
dp11_r[2]
dp11_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
dp12_r[0]
dp12_r[1]
dp12_r[2]
dp12_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
dp13_r[0] inside {[16'h1111:16'hffff]};
77
dp13_r[1] inside {[16'h1111:16'hffff]};
dp13_r[2] inside {[16'h1111:16'hffff]};
dp13_r[3] inside {[16'h1111:16'hffff]};
dp14_r[0]
dp14_r[1]
dp14_r[2]
dp14_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
dp15_r[0]
dp15_r[1]
dp15_r[2]
dp15_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
dp16_r[0]
dp16_r[1]
dp16_r[2]
dp16_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
}
constraint c_key{
kp1_r[0]
kp1_r[1]
kp1_r[2]
kp1_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
kp2_r[0] inside {[16'h1111:16'hffff]};
kp2_r[1] inside {[16'h1111:16'hffff]};
kp2_r[2] inside {[16'h1111:16'hffff]};
kp2_r[3] inside {[16'h1111:16'hffff]};
kp3_r[0]
kp3_r[1]
kp3_r[2]
kp3_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
kp4_r[0]
kp4_r[1]
kp4_r[2]
kp4_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
kp5_r[0]
kp5_r[1]
kp5_r[2]
kp5_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
78
kp6_r[0]
kp6_r[1]
kp6_r[2]
kp6_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
kp7_r[0]
kp7_r[1]
kp7_r[2]
kp7_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
kp8_r[0]
kp8_r[1]
kp8_r[2]
kp8_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
kp9_r[0]
kp9_r[1]
kp9_r[2]
kp9_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
kp10_r[0]
kp10_r[1]
kp10_r[2]
kp10_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
kp11_r[0]
kp11_r[1]
kp11_r[2]
kp11_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
kp12_r[0]
kp12_r[1]
kp12_r[2]
kp12_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
kp13_r[0]
kp13_r[1]
kp13_r[2]
kp13_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
kp14_r[0]
kp14_r[1]
kp14_r[2]
kp14_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
kp15_r[0]
kp15_r[1]
kp15_r[2]
kp15_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
79
kp16_r[0]
kp16_r[1]
kp16_r[2]
kp16_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
}
constraint c_keys{
phase2_key1_r[0]
phase2_key1_r[1]
phase2_key1_r[2]
phase2_key1_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
phase2_key2_r[0]
phase2_key2_r[1]
phase2_key2_r[2]
phase2_key2_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
k1_r[0]
k1_r[1]
k1_r[2]
k1_r[3]
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
k2_r[0]
k2_r[1]
k2_r[2]
k2_r[3]
}
inside
inside
inside
inside
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
{[16'h1111:16'hffff]};
endclass
initial begin
Hash tr;
real coverage=0;
logic [15:0][63:0]phase1_key;
logic [15:0][63:0]data_in;
logic [1:0][63:0]phase2key;
logic [63:0]expected_vhash_value;
logic [3:0][15:0]k1;
logic [3:0][15:0]k2;
logic
[3:0][15:0]kp1,kp2,kp3,kp4,kp5,kp6,kp7,kp8,kp9,kp10,kp11,kp12,kp13,k
p14,kp15,kp16;
80
logic
[3:0][15:0]dp1,dp2,dp3,dp4,dp5,dp6,dp7,dp8,dp9,dp10,dp11,dp12,dp13,d
p14,dp15,dp16;
logic [3:0][15:0]phase2_key1, phase2_key11;
int i;
int num=0;
tr = new();
vintf.reset=1'b0;
#2 vintf.reset=1'b1;
assert(tr.randomize);
kp1={tr.kp1_r[0],tr.kp1_r[1],tr.kp1_r[2],tr.kp1_r[3]};
kp2={tr.kp2_r[0],tr.kp2_r[1],tr.kp2_r[2],tr.kp2_r[3]};
kp3={tr.kp3_r[0],tr.kp3_r[1],tr.kp3_r[2],tr.kp3_r[3]};
kp4={tr.kp4_r[0],tr.kp4_r[1],tr.kp4_r[2],tr.kp4_r[3]};
kp5={tr.kp5_r[0],tr.kp5_r[1],tr.kp5_r[2],tr.kp5_r[3]};
kp6={tr.kp6_r[0],tr.kp6_r[1],tr.kp6_r[2],tr.kp6_r[3]};
kp7={tr.kp7_r[0],tr.kp7_r[1],tr.kp7_r[2],tr.kp7_r[3]};
kp8={tr.kp8_r[0],tr.kp8_r[1],tr.kp8_r[2],tr.kp8_r[3]};
kp9={tr.kp9_r[0],tr.kp9_r[1],tr.kp9_r[2],tr.kp9_r[3]};
kp10={tr.kp10_r[0],tr.kp10_r[1],tr.kp10_r[2],tr.kp10_r[3]};
kp11={tr.kp11_r[0],tr.kp11_r[1],tr.kp11_r[2],tr.kp11_r[3]};
kp12={tr.kp12_r[0],tr.kp12_r[1],tr.kp12_r[2],tr.kp12_r[3]};
kp13={tr.kp13_r[0],tr.kp13_r[1],tr.kp13_r[2],tr.kp13_r[3]};
kp14={tr.kp14_r[0],tr.kp14_r[1],tr.kp14_r[2],tr.kp14_r[3]};
kp15={tr.kp15_r[0],tr.kp15_r[1],tr.kp15_r[2],tr.kp15_r[3]};
kp16={tr.kp16_r[0],tr.kp16_r[1],tr.kp16_r[2],tr.kp16_r[3]};
phase1_key={kp1,kp2,kp3,kp4,kp5,kp6,kp7,kp8,kp9,kp10,kp11,kp12,kp13,
kp14,kp15,kp16};
phase2_key1={tr.phase2_key1_r[0],tr.phase2_key1_r[1],tr.phase2_key1_
r[2],tr.phase2_key1_r[3]};
phase2_key11={tr.phase2_key2_r[0],tr.phase2_key2_r[1],tr.phase2_key2
_r[2],tr.phase2_key2_r[3]};
phase2key={phase2_key1,phase2_key11};
k1={tr.k1_r[0],tr.k1_r[1],tr.k1_r[2],tr.k1_r[3]};
k2={tr.k2_r[0],tr.k2_r[1],tr.k2_r[2],tr.k2_r[3]};
@(vintf.cb)
begin
vintf.cb.key<=1'b1;
vintf.cb.data<=1'b0;
vintf.cb.count<=3'b001;
vintf.cb.kp1<=kp1;
vintf.cb.kp2<=kp2;
81
vintf.cb.kp3<=kp3;
vintf.cb.kp4<=kp4;
vintf.cb.phase2_key<=phase2_key1;
vintf.cb.k1<=k1;
vintf.cb.k2<=k2;
vintf.cb.dp1<=64'h0;
vintf.cb.dp2<=64'h0;
vintf.cb.dp3<=64'h0;
vintf.cb.dp4<=64'h0;
end
@(vintf.cb)
begin
vintf.cb.count<=3'b010;
vintf.cb.kp1<=kp5;
vintf.cb.kp2<=kp6;
vintf.cb.kp3<=kp7;
vintf.cb.kp4<=kp8;
vintf.cb.phase2_key<=phase2_key11;
vintf.cb.dp1<=64'h0;
vintf.cb.dp2<=64'h0;
vintf.cb.dp3<=64'h0;
vintf.cb.dp4<=64'h0;
end
@(vintf.cb)
begin
vintf.cb.count<=3'b011;
vintf.cb.kp1<=kp9;
vintf.cb.kp2<=kp10;
vintf.cb.kp3<=kp11;
vintf.cb.kp4<=kp12;
vintf.cb.dp1<=64'h0;
vintf.cb.dp2<=64'h0;
vintf.cb.dp3<=64'h0;
vintf.cb.dp4<=64'h0;
end
@(vintf.cb)
begin
82
vintf.cb.count<=3'b100;
vintf.cb.kp1<=kp13;
vintf.cb.kp2<=kp14;
vintf.cb.kp3<=kp15;
vintf.cb.kp4<=kp16;
vintf.cb.dp1<=64'h0;
vintf.cb.dp2<=64'h0;
vintf.cb.dp3<=64'h0;
vintf.cb.dp4<=64'h0;
end
//********************data values****************
// use while loop when non-constraint based randomization is used
while(coverage<100)
// use “for” loop when key and data constraints are used for
//randomization
for(coverage=0.0;coverage<94.4;coverage++)
begin
assert(tr.randomize);
dp1={tr.dp1_r[0],tr.dp1_r[1],tr.dp1_r[2],tr.dp1_r[3]};
dp2={tr.dp2_r[0],tr.dp2_r[1],tr.dp2_r[2],tr.dp2_r[3]};
dp3={tr.dp3_r[0],tr.dp3_r[1],tr.dp3_r[2],tr.dp3_r[3]};
dp4={tr.dp4_r[0],tr.dp4_r[1],tr.dp4_r[2],tr.dp4_r[3]};
dp5={tr.dp5_r[0],tr.dp5_r[1],tr.dp5_r[2],tr.dp5_r[3]};
dp6={tr.dp6_r[0],tr.dp6_r[1],tr.dp6_r[2],tr.dp6_r[3]};
dp7={tr.dp7_r[0],tr.dp7_r[1],tr.dp7_r[2],tr.dp7_r[3]};
dp8={tr.dp8_r[0],tr.dp8_r[1],tr.dp8_r[2],tr.dp8_r[3]};
dp9={tr.dp9_r[0],tr.dp9_r[1],tr.dp9_r[2],tr.dp9_r[3]};
dp10={tr.dp10_r[0],tr.dp10_r[1],tr.dp10_r[2],tr.dp10_r[3]};
dp11={tr.dp11_r[0],tr.dp11_r[1],tr.dp11_r[2],tr.dp11_r[3]};
dp12={tr.dp12_r[0],tr.dp12_r[1],tr.dp12_r[2],tr.dp12_r[3]};
dp13={tr.dp13_r[0],tr.dp13_r[1],tr.dp13_r[2],tr.dp13_r[3]};
dp14={tr.dp14_r[0],tr.dp14_r[1],tr.dp14_r[2],tr.dp14_r[3]};
dp15={tr.dp15_r[0],tr.dp15_r[1],tr.dp15_r[2],tr.dp15_r[3]};
dp16={tr.dp16_r[0],tr.dp16_r[1],tr.dp16_r[2],tr.dp16_r[3]};
data_in={dp1,dp2,dp3,dp4,dp5,dp6,dp7,dp8,dp9,dp10,dp11,dp12,dp13,dp1
4,dp15,dp16};
@(vintf.cb)
begin
vintf.cb.data<=1'b1;
vintf.cb.key<=1'b0;
vintf.cb.count<=3'b001;
83
vintf.cb.dp1<=dp1;
vintf.cb.dp2<=dp2;
vintf.cb.dp3<=dp3;
vintf.cb.dp4<=dp4;
end
@(vintf.cb)
begin
vintf.cb.count<=3'b010;
vintf.cb.dp1<=dp5;
vintf.cb.dp2<=dp6;
vintf.cb.dp3<=dp7;
vintf.cb.dp4<=dp8;
end
@(vintf.cb)
begin
vintf.cb.count<=3'b011;
vintf.cb.dp1<=dp9;
vintf.cb.dp2<=dp10;
vintf.cb.dp3<=dp11;
vintf.cb.dp4<=dp12;
end
@(vintf.cb)
begin
vintf.cb.count<=3'b100;
vintf.cb.dp1<=dp13;
vintf.cb.dp2<=dp14;
vintf.cb.dp3<=dp15;
vintf.cb.dp4<=dp16;
end
@(vintf.cb)vintf.cb.eop<=1;
$display("\n Test# %5d",num);
vhash(data_in,phase1_key,phase2key,k1,k2,expected_vhash_value);
if(vintf.cb.hash_complete==1'b1)
$display("\n expected vhash value=%h",expected_vhash_value);
$display("\n Actual VHASH value=%h",vintf.cb.VHASH);
if(expected_vhash_value != vintf.cb.VHASH)
84
$display("*****Error*****");
else
$display("*****Match*****");
tr.Coverage.sample();
coverage = $get_coverage;
$display("Functional Coverage= %%%f",coverage);
num++;
tr = new();
end // loop
$finish;
end
endprogram
tb_validate.sv (System Verilog validation code using System Verilog functions)
package validate;
logic [1:17][1:64]dp,kp,convdp,add64;
logic [1:9][127:0] mul;
logic [1:5][1:128] add128;
logic [127:0] L1NH, phase2_key, L3hash;
logic [63:0]p1, p2, k1, k2, expected_vhash_value;
logic [127:0]prime_p, out, add1, add2, add3, add4;
int i=1;
int a=1;
int j=1, k=1;
logic [127:0]p127=128'h 7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF; //(2^127 1)
logic [63:0]mvalue=64'h FFFFFFFF00000000; // (2^64 - 2^32)
logic [63:0]p64=64'hFFFFFFFFFFFFFEFF;
// (2^64 - 257)
logic [127:0]mod126=128'h 40000000000000000000000000000000;
function automatic vhash(input logic [1023:0]message,logic
[1023:0]key,logic [127:0]phase2_key,logic [63:0]k1,logic
[63:0]k2,output logic [63:0]vhash_value);
85
dp[16]= message[63:0];
dp[15]=message[127:64];
dp[14]=message[191:128];
dp[13]=message[255:192];
dp[12]=message[319:256];
dp[11]=message[383:320];
dp[10]=message[447:384];
dp[9]=message[511:448];
dp[8]=message[575:512];
dp[7]=message[639:576];
dp[6]=message[703:640];
dp[5]=message[767:704];
dp[4]=message[831:768];
dp[3]=message[895:832];
dp[2]=message[959:896];
dp[1]=message[1023:960];
kp[16]=key[63:0];
kp[15]=key[127:64];
kp[14]=key[191:128];
kp[13]=key[255:192];
kp[12]=key[319:256];
kp[11]=key[383:320];
kp[10]=key[447:384];
kp[9]=key[511:448];
kp[8]=key[575:512];
kp[7]=key[639:576];
kp[6]=key[703:640];
kp[5]=key[767:704];
kp[4]=key[831:768];
kp[3]=key[895:832];
kp[2]=key[959:896];
kp[1]=key[1023:960];
endianconv(dp,convdp);
adder64(convdp,kp,add64);
mul128(add64,mul);
adder128(mul,add128);
modulus(add128,L1NH);
phase2(L1NH,phase2_key,p1,p2);
phase3(p1,p2,k1,k2,vhash_value);
endfunction
86
function endianconv (input logic [1:17][63:0]dp, output
logic[1:17][63:0]convdp);
convdp[1]={<< byte {dp[1]}};
convdp[2]={<< byte {dp[2]}};
convdp[3]={<< byte {dp[3]}};
convdp[4]={<< byte {dp[4]}};
convdp[5]={<< byte {dp[5]}};
convdp[6]={<< byte {dp[6]}};
convdp[7]={<< byte {dp[7]}};
convdp[8]={<< byte {dp[8]}};
convdp[9]={<< byte {dp[9]}};
convdp[10]={<< byte {dp[10]}};
convdp[11]={<< byte {dp[11]}};
convdp[12]={<< byte {dp[12]}};
convdp[13]={<< byte {dp[13]}};
convdp[14]={<< byte {dp[14]}};
convdp[15]={<< byte {dp[15]}};
convdp[16]={<< byte {dp[16]}};
endfunction
function adder64(input logic
[1:17][63:0]convdp,[1:17][63:0]kp,output logic [16:0][63:0]add64);
add64[1]=convdp[1]+kp[1];
add64[2]=convdp[2]+kp[2];
add64[3]=convdp[3]+kp[3];
add64[4]=convdp[4]+kp[4];
add64[5]=convdp[5]+kp[5];
add64[6]=convdp[6]+kp[6];
add64[7]=convdp[7]+kp[7];
add64[8]=convdp[8]+kp[8];
add64[9]=convdp[9]+kp[9];
add64[10]=convdp[10]+kp[10];
add64[11]=convdp[11]+kp[11];
add64[12]=convdp[12]+kp[12];
add64[13]=convdp[13]+kp[13];
87
add64[14]=convdp[14]+kp[14];
add64[15]=convdp[15]+kp[15];
add64[16]=convdp[16]+kp[16];
endfunction
function mul128(input logic [1:17][63:0]add64, output logic
[1:9][127:0] mul);
mul[1]=add64[1]*add64[2];
mul[2]=add64[3]*add64[4];
mul[3]=add64[5]*add64[6];
mul[4]=add64[7]*add64[8];
mul[5]=add64[9]*add64[10];
mul[6]=add64[11]*add64[12];
mul[7]=add64[13]*add64[14];
mul[8]=add64[15]*add64[16];
endfunction
function adder128(input logic [1:9][127:0] mul, output logic
[1:5][1:128]add128);
add128[1]=mul[1]+mul[2];
add128[2]=mul[3]+mul[4];
add128[3]=mul[5]+mul[6];
add128[4]=mul[7]+mul[8];
endfunction
function modulus(input logic [1:5][1:128]add128, output logic
[127:0]L1NH);
add1=add128[1]%
add2=add128[2]%
add3=add128[3]%
add4=add128[4]%
mod126;
mod126;
mod126;
mod126;
L1NH=(add1+add2+add3+add4) % mod126;
endfunction
88
function phase2(input logic [127:0] L1NH,[127:0]phase2_key,output
[63:0] p1, p2);
out=phase2_key+L1NH;
//$display("out=%h",out);
prime_p=(out)% p127;
p1=prime_p/mvalue;
p2=(prime_p)%(mvalue);
endfunction
function phase3(input logic [63:0]p1, p2, k1, k2, output
[63:0]vhash_value);
L3hash= (p1+k1)*(p2+k2);
vhash_value=(L3hash)%p64;
endfunction
endpackage
top.sv
// synopsys translate_off
`include "interface.sv"
`include "prog.sv"
`include "vhtop.sv"
// synopsys translate_off
module top;
bit clk;
always #10 clk=~clk;
vhash_interface vintf(.*);
89
vhash_program prog(clk,vintf);
vhashtop dut(vintf);
endmodule
90
Appendix B: VALIDATION AGAINST PYTHON CODE
Python VMAC code: Written by Dr. Ted Krovetz [14]
Print statements added by me to track the keys and message values
generated in vhash function definition in VMAC python code.
import rijndael
import struct
"""
An unoptimized, straightforward reference implementation of VMAC
By Ted Krovetz ([email protected]) -- Modified 22 April 2007
Code assumes (and may break otherwise):
- All bitlengths are a multiple of 8 (ie, bytestrings)
- BLOCKLEN/taglen = 2^i for some integer i.
- L1KEYLEN/64 is an even integer
"""
# All lengths are bitlengths
BLOCKLEN = 128
# block-length of block cipher in use
KEYLEN
= 128
# block-cipher key-length
L1KEYLEN = 1024 # bits used for l1_hash (compression)
M64
M126
MP
key
P64
PP
P127
= 0xFFFFFFFFFFFFFFFFL
= 0x3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL
= 0x1FFFFFFF1FFFFFFF1FFFFFFF1FFFFFFFL
# Mask for creating poly
= 0xFFFFFFFFFFFFFEFFL
= 0xFFFFFFFF00000000L
= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL
# 2^64 - 257
# 2^64 - 2^32
# 2^127 - 1
def kdf(cipher, index, numbits): # Allows upto 4KB output only
l = []
# We will build list of blocks, then
join
n = (numbits+BLOCKLEN-1)//BLOCKLEN # ceil(numbits/BLOCKLEN)
prefix = chr(index)+(chr(0) * 14)
for i in range(n):
l.append(cipher.encrypt(prefix+chr(i)))
return (''.join(l))[:(numbits//8)]
def pdf(cipher, nonce, taglen):
tagsperblock = BLOCKLEN//taglen
91
mask = tagsperblock-1 # Assumes tagsperblock in
{1,2,4,8,16,...}
index = ord(nonce[-1]) & mask
tmpnonce = (chr(0)*(BLOCKLEN//8-len(nonce)))+nonce[:1]+chr(ord(nonce[-1])-index)
tmpblock = cipher.encrypt(tmpnonce)
return tmpblock[index*(taglen//8):(index+1)*(taglen//8)]
def nh(k, m):
y = 0;
for i in range(0,len(m),2):
y += ( ((m[i]+k[i])&M64) * ((m[i+1]+k[i+1])&M64) )
return y & M126 # Return y mod 2**126
def l1_hash(cipher, m, iter):
bytesperl1block = L1KEYLEN//8
# Max number of bytes per
NH hash
tmpk = kdf(cipher, 128, L1KEYLEN+128*iter)
# Generate nh
key
fmt = '>%sQ' % str(L1KEYLEN//64)
# Will unpack key block
into 64-bit BE words
k = struct.unpack(fmt,tmpk[-bytesperl1block:])
print 'L1 Key
= \'%s\' ' % tohex(tmpk)
# Key for nh hash
t = (len(m)*8+L1KEYLEN-1)//L1KEYLEN # t =
ceil(bitlen(m)/L1KEYLEN)
y = []
# Build up result as list
of NH hashes
for i in range(t):
# Hash each block
curpos = i * bytesperl1block
# points to next hash block
slen = min(bytesperl1block, len(m)-curpos)
# max len, except last block
padbytesneeded = (16-((slen)%16))%16
# pad to neaest 16-bytes boundary
tmpstr = m[curpos:curpos+slen]+chr(0)*padbytesneeded
# Extract/pad next block
fmt = '<%sQ' % str(len(tmpstr)//8)
# Unpack into 64-bit LE words
hstr = struct.unpack(fmt,tmpstr)
y.append(nh(k,hstr))
return y
== 0
def l2_hash(cipher, m, bitlen, iter):
# Returns empty list if t
92
t = kdf(cipher, 192, 128 * (iter+1))
t = struct.unpack('>2Q',t[-16:]) # Generate key for poly hash
k = (long(t[0] & MP) << 64) | (t[1] & MP)
# Construct
128 bits key
print 'L2 Key
= \'%x\' ' % k
if len(m) == 0:
y = k
else:
y = 1
# Initialize y for poly
eval
for x in m:
# Compute polynomial using
Horner's rule
y = (y * k + x) % P127
return (y + ((bitlen % L1KEYLEN) << 64)) % P127
def l3_hash(cipher, m, iter):
# Generate key. 1/2^55 chance that it fails the first time
(and so loop)
i = 1
need = iter + 1
while need > 0:
t = kdf(cipher, 224, 128 * i)
print 'L3 Key
= \'%s\' ' % tohex(t)
k = struct.unpack('>2Q',t[-16:]) # Generate key for ip
hash
k0 = k[0]
k1 = k[1]
i += 1
if (k0 < P64) and (k1 < P64):
need -= 1
m0 = m // PP
m1 = m % PP
return ((k0 + m0) * (k1 + m1)) % P64
def vhash(cipher, m, taglen):
print 'message = \'%s\'' % tohex(m)
y = []
for i in range(taglen//64):
a = l1_hash(cipher,m,i)
b = l2_hash(cipher,a,len(m)*8,i)
y.append(l3_hash(cipher,b,i))
print 'vhash value = \'%s\' ' % y
93
return y
def vmac(k, m, nonce, taglen):
if isinstance(k,str):cipher = rijndael.rijndael(k) # if
string passed, treat as key
else: cipher = k
# otherwise,
treat as cipher
hashedmessage = vhash(cipher,m,taglen)
pad = pdf(cipher,nonce,taglen)
fmt = '>%sQ' % str(taglen//64)
padnum = struct.unpack(fmt,pad)
# Covert string to number
tag = []
for i in range(taglen//64):
tag.append((padnum[i] + hashedmessage[i]) & M64)
return tag
# VMAC Test Vectors
def tohex(s):
res = []
for c in s:
res.append('%02X' % ord(c))
return ''.join(res)
def tags(tag):
s = []
for x in tag:
s.append('%016X' % x)
return ''.join(s)
vectorkeys = [('abcdefghijklqrst','bcdefghi')]
for k,n in vectorkeys:
print 'Key
= \'%s\' (%s)' % (k,tohex(k))
print 'Nonce = \'%s\' %s(%s)' % (n,' '*(len(k)len(n)),tohex(n))
print '<<<<<<<<<<<<<<<<<<<<<<<< VMAC Test Vectors
>>>>>>>>>>>>>>>>>>>>>>>>'
print 'Message
64-bit Tag
128-bit
Tag'
print '-------------------------'
#sample message given as input to validate VHASH hardware model
m = 'abcd'*32
print ' %s' % (tags(vmac(k,m,n,64)))
94
prog_validate_vhash_using_pythoninputs.sv
`include "tb_validate.sv"
program automatic test;
import validate::*;
logic [1023:0]message,key;
logic [127:0]phase2_key;
logic [63:0]k1,k2, vhash_value;
// message and keys values used are outputted from the vmac.py code
initial
begin
message=1024'h616263646162636461626364616263646162636461626364616263
64616263646162636461626364616263646162636461626364616263646162636461
62636461626364616263646162636461626364616263646162636461626364616263
646162636461626364616263646162636461626364616263646162636461626364;
key=1024'h015B9AAEFEC60D4D399F9F38B6B71F4CF15B09221DFE654A963E17B85A
C734B9561A7E3830635AA8453936347A91EACBD64828CC0BA193791256E6BBB32ABE
BC6889F88174F44CBB1519C70F640D7A78D987448D871EE431B6CF664DE495E51FE6
4968A06A1D1F02B68E268D1C6E415E2212945ED4F292D1B9BE829DA8A48425;
phase2_key=128'h53426b1061372c714587ada018cdb2e;
k1=64'hA6C298B04353ADC3;
k2=64'hDF25DE6543D0DD0A;
vhash(message,key,phase2_key,k1,k2,vhash_value);
$display("vhash_value from python=%h",vhash_value);
end
initial
begin
#100 $finish;
end
endprogram
95
Output from VMAC.py
Key
= 'abcdefghijklqrst' (6162636465666768696A6B6C71727374)
Nonce = 'bcdefghi'
(6263646566676869)
<<<<<<<<<<<<<<<<<<<<<<<< VMAC Test Vectors >>>>>>>>>>>>>>>>>>>>>>>>
Message
64-bit Tag
128-bit Tag
-------------------------message =
'6162636461626364616263646162636461626364616263646162636461626364616
26364616263646162636461626364616263646162636461626364616263646162636
46162636461626364616263646162636461626364616263646162636461626364616
26364616263646162636461626364616263646162636461626364'
L1 Key
=
'015B9AAEFEC60D4D399F9F38B6B71F4CF15B09221DFE654A963E17B85AC734B9561
A7E3830635AA8453936347A91EACBD64828CC0BA193791256E6BBB32ABEBC6889F88
174F44CBB1519C70F640D7A78D987448D871EE431B6CF664DE495E51FE64968A06A1
D1F02B68E268D1C6E415E2212945ED4F292D1B9BE829DA8A48425'
L2 Key
= '53426b1061372c714587ada018cdb2e'
L3 Key
= 'A6C298B04353ADC3DF25DE6543D0DD0A'
vhash value = '[11817523521974606171L]' = a4004708041e995b
Vhash_value generated from prog_validate_vhash_using_pythoninputs.sv
Chronologic VCS simulator copyright 1991-2009
Contains Synopsys proprietary information.
Compiler version D-2009.12; Runtime version D-2009.12;
2012
Nov 10 14:54
vhash_value from dut validating against python=a4004708041e995b
$finish called from file "convadder.sv", line 32.
$finish at simulation time
100
V C S
S i m u l a t i o n
R e p o r t
Time: 100
CPU Time:
0.310 seconds;
Data structure size:
Sat Nov 10 14:54:55 2012
0.0Mb
It is clearly shown in the above simulation results that the inputs from VMAC.py
used in the System Verilog validation code also generate the same VHASH value as that
96
of VMAC.py code. Hence, it was concluded that the System Verilog Function written to
validate the design is accurate and tested against the software code.
97
Appendix C: VHASH SIMULATION RESULTS
The testbench developed in Chapter 5 thoroughly verifies the design using Synopsys
VCS tool. In this appendix, only a subset of simulation results are shown due to large
number of test cases were generated to verify the design to achieve 100% coverage.
Chronologic VCS simulator copyright 1991-2009
Contains Synopsys proprietary information.
Compiler version D-2009.12; Runtime version D-2009.12;
2012
VCD+ Writer D-2009.12 Copyright 2009 Synopsys Inc.
Test#
0
Actual VHASH value=0000000000000000
*****Error*****
Functional Coverage= %1.562500
Test#
1
expected vhash value=c7c288b4145f9d27
Actual VHASH value=c7c288b4145f9d27
*****Match*****
Functional Coverage= %3.125000
Test#
2
expected vhash value=75c9e97b6cb7e561
Actual VHASH value=75c9e97b6cb7e561
*****Match*****
Functional Coverage= %4.663086
Test#
3
expected vhash value=2d627081356786af
Actual VHASH value=2d627081356786af
*****Match*****
Functional Coverage= %6.152344
Nov 10 14:19
98
Test#
4
expected vhash value=ff2c9b6c7a59e0c8
Actual VHASH value=ff2c9b6c7a59e0c8
*****Match*****
Functional Coverage= %7.543945
Test#
5
expected vhash value=345fe23f5c4fc5f0
Actual VHASH value=345fe23f5c4fc5f0
*****Match*****
Functional Coverage= %9.033203
Test#
6
expected vhash value=5a60d0c0184bac45
Actual VHASH value=5a60d0c0184bac45
*****Match*****
Functional Coverage= %10.449219
Test#
7
expected vhash value=62531697c060fd39
Actual VHASH value=62531697c060fd39
*****Match*****
Functional Coverage= %11.791992
Test#
8
expected vhash value=b7f9363ba2522bd4
Actual VHASH value=b7f9363ba2522bd4
*****Match*****
Functional Coverage= %13.208008
Test#
9
expected vhash value=b640f6036faf1dbb
Actual VHASH value=b640f6036faf1dbb
*****Match*****
Functional Coverage= %14.599609
99
Test#
10
expected vhash value=53c76c350e53559d
Actual VHASH value=53c76c350e53559d
*****Match*****
Functional Coverage= %15.844727
Test#
11
expected vhash value=2e8537e44d1a0fc2
Actual VHASH value=2e8537e44d1a0fc2
*****Match*****
Functional Coverage= %17.309570
Test#
12
expected vhash value=2b9309bd4cf1af3d
Actual VHASH value=2b9309bd4cf1af3d
*****Match*****
Functional Coverage= %18.701172
Test#
13
expected vhash value=dc3fa88aed181452
Actual VHASH value=dc3fa88aed181452
*****Match*****
Functional Coverage= %19.848633
Test#
14
expected vhash value=c81ed8d0f7b31607
Actual VHASH value=c81ed8d0f7b31607
*****Match*****
Functional Coverage= %20.947266
Test#
15
expected vhash value=daa44657cff4374d
Actual VHASH value=daa44657cff4374d
*****Match*****
Functional Coverage= %22.265625
Test#
16
100
expected vhash value=b94a45629184a2b1
Actual VHASH value=b94a45629184a2b1
*****Match*****
Functional Coverage= %23.559570
Test#
17
expected vhash value=07cabc070cde56d2
Actual VHASH value=07cabc070cde56d2
*****Match*****
Functional Coverage= %24.755859
Test#
18
expected vhash value=dcf6efe68d0364cb
Actual VHASH value=dcf6efe68d0364cb
*****Match*****
Functional Coverage= %25.805664
Test#
19
expected vhash value=93802f8aad3308d9
Actual VHASH value=93802f8aad3308d9
*****Match*****
Functional Coverage= %26.953125
Test#
20
expected vhash value=8000432682a3b756
Actual VHASH value=8000432682a3b756
*****Match*****
Functional Coverage= %27.929688
Test#
21
expected vhash value=c2aec9bb0b8c8789
Actual VHASH value=c2aec9bb0b8c8789
*****Match*****
Functional Coverage= %29.077148
Test#
22
101
expected vhash value=2fa4b6c8cb299e3d
Actual VHASH value=2fa4b6c8cb299e3d
*****Match*****
Functional Coverage= %30.175781
Test#
23
expected vhash value=62176925e282bd97
Actual VHASH value=62176925e282bd97
*****Match*****
Functional Coverage= %31.152344
Test#
24
expected vhash value=a027bd941f30df0f
Actual VHASH value=a027bd941f30df0f
*****Match*****
Functional Coverage= %32.324219
Test#
25
expected vhash value=7124aa05839ed6ec
Actual VHASH value=7124aa05839ed6ec
*****Match*****
Functional Coverage= %33.325195
Test#
26
expected vhash value=cf2274d77506e95f
Actual VHASH value=cf2274d77506e95f
*****Match*****
Functional Coverage= %34.375000
Test#
27
expected vhash value=a5a229936b72bbc3
Actual VHASH value=a5a229936b72bbc3
*****Match*****
Functional Coverage= %35.424805
Test#
28
expected vhash value=df9651bd799dfc05
102
Actual VHASH value=df9651bd799dfc05
*****Match*****
Functional Coverage= %36.425781
Test#
29
expected vhash value=abc2a5fbe5c25363
Actual VHASH value=abc2a5fbe5c25363
*****Match*****
Functional Coverage= %37.377930
Test#
30
expected vhash value=a6b4bdbe41a383f8
Actual VHASH value=a6b4bdbe41a383f8
*****Match*****
Functional Coverage= %38.354492
Test#
31
expected vhash value=908c5fd43ef3137a
Actual VHASH value=908c5fd43ef3137a
*****Match*****
Functional Coverage= %39.331055
Test#
32
expected vhash value=7f515cb7dfa89319
Actual VHASH value=7f515cb7dfa89319
*****Match*****
Functional Coverage= %40.405273
Test#
33
expected vhash value=fbefa8ed1641fb63
Actual VHASH value=fbefa8ed1641fb63
*****Match*****
Functional Coverage= %41.430664
Test#
34
expected vhash value=5ec6c25f7a3606ca
103
Actual VHASH value=5ec6c25f7a3606ca
*****Match*****
Functional Coverage= %42.382812
Test#
35
expected vhash value=54ce8250b63a702d
Actual VHASH value=54ce8250b63a702d
*****Match*****
Functional Coverage= %43.286133
Test#
36
expected vhash value=3d3a428a683adb2e
Actual VHASH value=3d3a428a683adb2e
*****Match*****
Functional Coverage= %44.360352
Test#
37
expected vhash value=3687aa79cb05fcbe
Actual VHASH value=3687aa79cb05fcbe
*****Match*****
Functional Coverage= %45.312500
Test#
38
expected vhash value=82f3cba9dd89f7dd
Actual VHASH value=82f3cba9dd89f7dd
*****Match*****
Functional Coverage= %46.191406
Test#
39
expected vhash value=265e2d0dc7127991
Actual VHASH value=265e2d0dc7127991
*****Match*****
Functional Coverage= %47.021484
Test#
40
expected vhash value=c9c0edc35f41bdb1
Actual VHASH value=c9c0edc35f41bdb1
104
*****Match*****
Functional Coverage= %47.949219
Test#
41
expected vhash value=68330bb561e71901
Actual VHASH value=68330bb561e71901
*****Match*****
Functional Coverage= %48.803711
Test#
42
expected vhash value=dce9e31b0bed9b5e
Actual VHASH value=dce9e31b0bed9b5e
*****Match*****
Functional Coverage= %49.707031
Test#
43
expected vhash value=0a0854258ebec8fc
Actual VHASH value=0a0854258ebec8fc
*****Match*****
Functional Coverage= %50.512695
Test#
44
expected vhash value=58fbac3d8154c2c8
Actual VHASH value=58fbac3d8154c2c8
*****Match*****
Functional Coverage= %51.098633
Test#
45
expected vhash value=340a192bc1cd1b85
Actual VHASH value=340a192bc1cd1b85
*****Match*****
Functional Coverage= %51.928711
Test#
46
expected vhash value=b12561f339791dc3
Actual VHASH value=b12561f339791dc3
*****Match*****
105
Functional Coverage= %52.734375
Test#
47
expected vhash value=625030a5036f1799
Actual VHASH value=625030a5036f1799
*****Match*****
Functional Coverage= %53.442383
Test#
48
expected vhash value=54cd734fa10b5524
Actual VHASH value=54cd734fa10b5524
*****Match*****
Functional Coverage= %54.125977
Test#
49
expected vhash value=565187f05283a448
Actual VHASH value=565187f05283a448
*****Match*****
Functional Coverage= %54.614258
Test#
50
expected vhash value=958ff2f621cb0909
Actual VHASH value=958ff2f621cb0909
*****Match*****
Functional Coverage= %55.322266
Test#
51
expected vhash value=0aa66e6c022d6c98
Actual VHASH value=0aa66e6c022d6c98
*****Match*****
Functional Coverage= %56.127930
Test#
52
expected vhash value=d68787987de4b5a6
Actual VHASH value=d68787987de4b5a6
*****Match*****
Functional Coverage= %56.787109
106
Test#
53
expected vhash value=233c180652e5a0c0
Actual VHASH value=233c180652e5a0c0
*****Match*****
Functional Coverage= %57.543945
Test#
54
expected vhash value=b30aeb8bc4505fa3
Actual VHASH value=b30aeb8bc4505fa3
*****Match*****
Functional Coverage= %58.300781
Test#
55
expected vhash value=8491da57814d7da8
Actual VHASH value=8491da57814d7da8
*****Match*****
Functional Coverage= %58.935547
Test#
56
expected vhash value=ff199f103ed69913
Actual VHASH value=ff199f103ed69913
*****Match*****
Functional Coverage= %59.814453
Test#
57
expected vhash value=a5b2300c2071fb1f
Actual VHASH value=a5b2300c2071fb1f
*****Match*****
Functional Coverage= %60.595703
Test#
58
expected vhash value=d21f384a123f7427
Actual VHASH value=d21f384a123f7427
*****Match*****
Functional Coverage= %61.181641
107
Test#
59
expected vhash value=677d9fa0801bf91b
Actual VHASH value=677d9fa0801bf91b
*****Match*****
Functional Coverage= %61.791992
Test#
60
expected vhash value=3bb9dd4fff6cb1af
Actual VHASH value=3bb9dd4fff6cb1af
*****Match*****
Functional Coverage= %62.451172
Test#
61
expected vhash value=097c99015dfea825
Actual VHASH value=097c99015dfea825
*****Match*****
Functional Coverage= %63.061523
Test#
62
expected vhash value=7c97ce546dfba21a
Actual VHASH value=7c97ce546dfba21a
*****Match*****
Functional Coverage= %63.647461
Test#
63
expected vhash value=a2466670daedb771
Actual VHASH value=a2466670daedb771
*****Match*****
Functional Coverage= %64.111328
Test#
64
expected vhash value=c54be68dd8886f6b
Actual VHASH value=c54be68dd8886f6b
*****Match*****
Functional Coverage= %64.697266
Test#
65
108
expected vhash value=58481639507c738c
Actual VHASH value=58481639507c738c
*****Match*****
Functional Coverage= %65.283203
Test#
66
expected vhash value=5af13d2ec4f92d01
Actual VHASH value=5af13d2ec4f92d01
*****Match*****
Functional Coverage= %65.893555
Test#
67
expected vhash value=1181aca846fc85a6
Actual VHASH value=1181aca846fc85a6
*****Match*****
Functional Coverage= %66.455078
Test#
68
expected vhash value=914ef37ad62498da
Actual VHASH value=914ef37ad62498da
*****Match*****
Functional Coverage= %67.114258
Test#
69
expected vhash value=9ce2fa45b81bb5c2
Actual VHASH value=9ce2fa45b81bb5c2
*****Match*****
Functional Coverage= %67.675781
Test#
70
expected vhash value=b669bd2860a0cea9
Actual VHASH value=b669bd2860a0cea9
*****Match*****
Functional Coverage= %68.139648
Test#
71
109
expected vhash value=4b8b5bf7ef64450c
Actual VHASH value=4b8b5bf7ef64450c
*****Match*****
Functional Coverage= %68.627930
Test#
72
expected vhash value=ad3e2ab7d8503cad
Actual VHASH value=ad3e2ab7d8503cad
*****Match*****
Functional Coverage= %69.189453
Test#
73
expected vhash value=216ee4bc7a7b4422
Actual VHASH value=216ee4bc7a7b4422
*****Match*****
Functional Coverage= %69.653320
Test#
74
expected vhash value=bbf8e3c8d525b7ff
Actual VHASH value=bbf8e3c8d525b7ff
*****Match*****
Functional Coverage= %70.190430
Test#
75
expected vhash value=ad8e62bfdb64ba8b
Actual VHASH value=ad8e62bfdb64ba8b
*****Match*****
Functional Coverage= %70.605469
Test#
76
expected vhash value=5a0dcb1748f643c3
Actual VHASH value=5a0dcb1748f643c3
*****Match*****
Functional Coverage= %71.044922
Test#
77
expected vhash value=6e5aa22ec40f7c4f
110
Actual VHASH value=6e5aa22ec40f7c4f
*****Match*****
Functional Coverage= %71.386719
Test#
78
expected vhash value=31f89979f557be7c
Actual VHASH value=31f89979f557be7c
*****Match*****
Functional Coverage= %71.728516
Test#
79
expected vhash value=a6d261c630c0848c
Actual VHASH value=a6d261c630c0848c
*****Match*****
Functional Coverage= %72.094727
Test#
80
expected vhash value=e78a558e6a3325e3
Actual VHASH value=e78a558e6a3325e3
*****Match*****
Functional Coverage= %72.412109
Test#
81
expected vhash value=53786115814b417b
Actual VHASH value=53786115814b417b
*****Match*****
Functional Coverage= %72.753906
Test#
82
expected vhash value=ea63151ac4d2210d
Actual VHASH value=ea63151ac4d2210d
*****Match*****
Functional Coverage= %73.193359
Test#
83
expected vhash value=6f2faf0cf5407810
111
Actual VHASH value=6f2faf0cf5407810
*****Match*****
Functional Coverage= %73.730469
Test#
84
expected vhash value=e1bf94dd4a801e05
Actual VHASH value=e1bf94dd4a801e05
*****Match*****
Functional Coverage= %74.243164
Test#
85
expected vhash value=b45c91194044cede
Actual VHASH value=b45c91194044cede
*****Match*****
Functional Coverage= %74.658203
Test#
86
expected vhash value=af68e95aa7516386
Actual VHASH value=af68e95aa7516386
*****Match*****
Functional Coverage= %75.024414
Test#
87
expected vhash value=9c1ce19b78b98576
Actual VHASH value=9c1ce19b78b98576
*****Match*****
Functional Coverage= %75.439453
Test#
88
expected vhash value=b7390fb8d7c73eda
Actual VHASH value=b7390fb8d7c73eda
*****Match*****
Functional Coverage= %75.830078
Test#
89
expected vhash value=5d9bb30fe5c7b550
Actual VHASH value=5d9bb30fe5c7b550
112
*****Match*****
Functional Coverage= %76.049805
Test#
90
expected vhash value=29f6ebdde346f94b
Actual VHASH value=29f6ebdde346f94b
*****Match*****
Functional Coverage= %76.464844
Test#
91
expected vhash value=83c7c2360a45563b
Actual VHASH value=83c7c2360a45563b
*****Match*****
Functional Coverage= %76.928711
Test#
92
expected vhash value=4a40f03cbc6c47ba
Actual VHASH value=4a40f03cbc6c47ba
*****Match*****
Functional Coverage= %77.197266
Test#
93
expected vhash value=d9c38fc5335b1ab3
Actual VHASH value=d9c38fc5335b1ab3
*****Match*****
Functional Coverage= %77.563477
Test#
94
expected vhash value=c0dc5c52f83506b5
Actual VHASH value=c0dc5c52f83506b5
*****Match*****
Functional Coverage= %77.856445
Test#
95
expected vhash value=f529ce47ba7713f8
Actual VHASH value=f529ce47ba7713f8
*****Match*****
113
Functional Coverage= %78.247070
Test#
96
expected vhash value=994637690a441501
Actual VHASH value=994637690a441501
*****Match*****
Functional Coverage= %78.540039
Test#
97
expected vhash value=5ea974a95ef89718
Actual VHASH value=5ea974a95ef89718
*****Match*****
Functional Coverage= %78.833008
Test#
98
expected vhash value=58ad9e25487326ec
Actual VHASH value=58ad9e25487326ec
*****Match*****
Functional Coverage= %79.101562
Test#
99
expected vhash value=957fdfec9f9297df
Actual VHASH value=957fdfec9f9297df
*****Match*****
Functional Coverage= %79.345703
Test#
100
expected vhash value=d2b05da162cfdde9
Actual VHASH value=d2b05da162cfdde9
*****Match*****
Functional Coverage= %79.638672
Test#
101
expected vhash value=58d06120826b804d
Actual VHASH value=58d06120826b804d
*****Match*****
Functional Coverage= %79.907227
114
Test#
102
expected vhash value=16b9898eae8ebf48
Actual VHASH value=16b9898eae8ebf48
*****Match*****
Functional Coverage= %80.224609
Test#
103
expected vhash value=a18e32b925cd2673
Actual VHASH value=a18e32b925cd2673
*****Match*****
Functional Coverage= %80.590820
Test#
104
expected vhash value=73cd1f0a1ecd63d3
Actual VHASH value=73cd1f0a1ecd63d3
*****Match*****
Functional Coverage= %80.981445
Test#
105
expected vhash value=4806a3f84067e5ef
Actual VHASH value=4806a3f84067e5ef
*****Match*****
Functional Coverage= %81.347656
Test#
106
expected vhash value=68b8e2483ba185da
Actual VHASH value=68b8e2483ba185da
*****Match*****
Functional Coverage= %81.640625
Test#
107
expected vhash value=575c64f38514a635
Actual VHASH value=575c64f38514a635
*****Match*****
Functional Coverage= %81.909180
115
Test#
108
expected vhash value=e81de8d441827897
Actual VHASH value=e81de8d441827897
*****Match*****
Functional Coverage= %82.128906
Test#
109
expected vhash value=93b2567d5888418b
Actual VHASH value=93b2567d5888418b
*****Match*****
Functional Coverage= %82.373047
Test#
110
expected vhash value=6baf722df5a4ab6c
Actual VHASH value=6baf722df5a4ab6c
*****Match*****
Functional Coverage= %82.690430
Test#
111
expected vhash value=2c809b64244652c4
Actual VHASH value=2c809b64244652c4
*****Match*****
Functional Coverage= %83.007812
Test#
112
expected vhash value=ba6ff2fb51cbff6f
Actual VHASH value=ba6ff2fb51cbff6f
*****Match*****
Functional Coverage= %83.203125
Test#
113
expected vhash value=61418df3502fd4c3
Actual VHASH value=61418df3502fd4c3
*****Match*****
Functional Coverage= %83.544922
Test#
114
116
expected vhash value=b4203d41ecacefdf
Actual VHASH value=b4203d41ecacefdf
*****Match*****
Functional Coverage= %83.789062
Test#
115
expected vhash value=11b8079c56c90667
Actual VHASH value=11b8079c56c90667
*****Match*****
Functional Coverage= %84.130859
Test#
116
expected vhash value=dbe997095ce02986
Actual VHASH value=dbe997095ce02986
*****Match*****
Functional Coverage= %84.375000
Test#
117
expected vhash value=f46b37546d1747a7
Actual VHASH value=f46b37546d1747a7
*****Match*****
Functional Coverage= %84.765625
Test#
118
expected vhash value=988acdfe17507e38
Actual VHASH value=988acdfe17507e38
*****Match*****
Functional Coverage= %85.009766
Test#
119
expected vhash value=62d9ce75bae7c2ab
Actual VHASH value=62d9ce75bae7c2ab
*****Match*****
Functional Coverage= %85.253906
Test#
120
117
expected vhash value=eb29cc5b0a6d39b0
Actual VHASH value=eb29cc5b0a6d39b0
*****Match*****
Functional Coverage= %85.546875
Test#
121
expected vhash value=879d85ef68485b52
Actual VHASH value=879d85ef68485b52
*****Match*****
Functional Coverage= %85.742188
Test#
122
expected vhash value=e4109f23da063ba5
Actual VHASH value=e4109f23da063ba5
*****Match*****
Functional Coverage= %85.986328
Test#
123
expected vhash value=48e3b5b73c60cbe8
Actual VHASH value=48e3b5b73c60cbe8
*****Match*****
Functional Coverage= %86.157227
Test#
124
expected vhash value=cf9af5afad1691b8
Actual VHASH value=cf9af5afad1691b8
*****Match*****
Functional Coverage= %86.499023
Test#
125
expected vhash value=31ec5098baec82c9
Actual VHASH value=31ec5098baec82c9
*****Match*****
Functional Coverage= %86.694336
Test#
126
expected vhash value=e6eb4494faa46091
118
Actual VHASH value=e6eb4494faa46091
*****Match*****
Functional Coverage= %86.816406
Test#
127
expected vhash value=58f8dd9b53bb9302
Actual VHASH value=58f8dd9b53bb9302
*****Match*****
Functional Coverage= %86.987305
Test#
128
expected vhash value=83b27301106130fe
Actual VHASH value=83b27301106130fe
*****Match*****
Functional Coverage= %87.207031
Test#
129
expected vhash value=0f4a86c15d7a9334
Actual VHASH value=0f4a86c15d7a9334
*****Match*****
Functional Coverage= %87.451172
Test#
130
expected vhash value=80e3c63b672ff756
Actual VHASH value=80e3c63b672ff756
*****Match*****
Functional Coverage= %87.646484
Test#
131
expected vhash value=174fc9bc5122fe24
Actual VHASH value=174fc9bc5122fe24
*****Match*****
Functional Coverage= %87.890625
Test#
132
expected vhash value=406c8bf9f2ab5b2e
119
Actual VHASH value=406c8bf9f2ab5b2e
*****Match*****
Functional Coverage= %88.085938
Test#
133
expected vhash value=8c8e8ea4540b7a80
Actual VHASH value=8c8e8ea4540b7a80
*****Match*****
Functional Coverage= %88.354492
Test#
134
expected vhash value=5838b275eaed27b9
Actual VHASH value=5838b275eaed27b9
*****Match*****
Functional Coverage= %88.500977
Test#
135
expected vhash value=c8d5b3b27a504426
Actual VHASH value=c8d5b3b27a504426
*****Match*****
Functional Coverage= %88.745117
Test#
136
expected vhash value=0492a34ba5ae4900
Actual VHASH value=0492a34ba5ae4900
*****Match*****
Functional Coverage= %88.867188
Test#
137
expected vhash value=4bdd6eca56628538
Actual VHASH value=4bdd6eca56628538
*****Match*****
Functional Coverage= %89.111328
Test#
138
expected vhash value=6a2026a586f1c1fd
Actual VHASH value=6a2026a586f1c1fd
120
*****Match*****
Functional Coverage= %89.208984
Test#
139
expected vhash value=e044d12d6cac9fc4
Actual VHASH value=e044d12d6cac9fc4
*****Match*****
Functional Coverage= %89.331055
Test#
140
expected vhash value=a5cbaba3e1bf6491
Actual VHASH value=a5cbaba3e1bf6491
*****Match*****
Functional Coverage= %89.526367
Test#
141
expected vhash value=a881c4f238103ac0
Actual VHASH value=a881c4f238103ac0
*****Match*****
Functional Coverage= %89.672852
Test#
142
expected vhash value=aed5793da6e10e53
Actual VHASH value=aed5793da6e10e53
*****Match*****
Functional Coverage= %89.916992
Test#
143
expected vhash value=397487a4e052eab8
Actual VHASH value=397487a4e052eab8
*****Match*****
Functional Coverage= %90.039062
Test#
144
expected vhash value=7c100ebd5ae3f7b6
Actual VHASH value=7c100ebd5ae3f7b6
*****Match*****
121
Functional Coverage= %90.209961
Test#
145
expected vhash value=455acf9257b01c1b
Actual VHASH value=455acf9257b01c1b
*****Match*****
Functional Coverage= %90.454102
Test#
146
expected vhash value=e7e5c8abfa3d83bf
Actual VHASH value=e7e5c8abfa3d83bf
*****Match*****
Functional Coverage= %90.625000
Test#
147
expected vhash value=4916617552d06f19
Actual VHASH value=4916617552d06f19
*****Match*****
Functional Coverage= %90.795898
Test#
148
expected vhash value=a7095fd25c64f84c
Actual VHASH value=a7095fd25c64f84c
*****Match*****
Functional Coverage= %91.162109
Test#
149
expected vhash value=a09b01fbcece203b
Actual VHASH value=a09b01fbcece203b
*****Match*****
Functional Coverage= %91.284180
Test#
150
expected vhash value=385d40af4cabb409
Actual VHASH value=385d40af4cabb409
*****Match*****
Functional Coverage= %91.381836
122
Appendix D: SYNTHESIS
synthesis.scr
set hdlin_auto_save_templates "true"
set hdlin_sv_packages "enable"
set hdlin_infer_function_local_latches "true"
read_file -format sverilog {./addphase1.sv}
read_file -format sverilog {./mulphase.sv}
read_file -format sverilog {./addphase2.sv}
read_file -format sverilog {./modulus.sv}
read_file -format sverilog {./ph1top.sv}
#read_file -format sverilog {./top.sv}
analyze
analyze
analyze
analyze
analyze
-library
-library
-library
-library
-library
elaborate
elaborate
elaborate
elaborate
elaborate
link
WORK
WORK
WORK
WORK
WORK
-format
-format
-format
-format
-format
sverilog
sverilog
sverilog
sverilog
sverilog
{./addphase1.sv}
{./mulphase.sv}
{./addphase2.sv}
{./modulus.sv}
{./ph1top.sv}
addphase -architecture verilog -library WORK
mulphase -architecture verilog -library WORK
addphase2 -architecture verilog -library WORK
mod -architecture verilog -library WORK
phase1_top -architecture verilog -library WORK
create_clock -name clk -period 10 "clk"
set_dont_touch_network "clk"
set_input_delay 1 -clock clk [all_input]
set_output_delay 0.1 -clock clk [all_output]
set_max_area 0
uniquify
ungroup -all -flatten -all_instances
set_operating_conditions -library "lsi_10k"
compile -map_effort high -boundary_optimization
123
report_attribute > ./phase1_top_Attribute.txt
report_area > ./phase1_top_Area.txt
report_constraints -all_violators >
./phase1_top_Constraint_Violaters.txt
report_timing -path full -delay max -max_paths 1 -nworst 1 >
./phase1_top_Timing.txt
Synthesis Timing Report
****************************************
Report : timing
-path full
-delay max
-max_paths 1
Design : phase1_top
Version: G-2012.06-SP3
Date
: Sun Nov 11 19:35:16 2012
****************************************
Operating Conditions: nom_pvt
Wire Load Model Mode: top
Library: lsi_10k
Startpoint: addph1/state_reg[0]
(rising edge-triggered flip-flop clocked by clk)
Endpoint: addph1/state_reg[1]
(rising edge-triggered flip-flop clocked by clk)
Path Group: clk
Path Type: max
Point
Incr
Path
----------------------------------------------------------clock clk (rise edge)
0.00
0.00
clock network delay (ideal)
0.00
0.00
addph1/state_reg[0]/CP (FD2)
0.00
0.00 r
addph1/state_reg[0]/QN (FD2)
1.83
1.83 f
U5178/Z (NR2)
2.36
4.19 r
U5184/Z (IVP)
0.19
4.38 f
U5183/Z (AO7)
0.78
5.16 r
U1036/Z (AN2P)
0.61
5.78 r
addph1/state_reg[1]/D (FD2)
0.00
5.78 r
data arrival time
5.78
clock clk (rise edge)
10.00
10.00
124
clock network delay (ideal)
0.00
10.00
addph1/state_reg[1]/CP (FD2)
0.00
10.00 r
library setup time
-0.85
9.15
data required time
9.15
----------------------------------------------------------data required time
9.15
data arrival time
-5.78
----------------------------------------------------------slack (MET)
3.37
1
Synthesis Area Report
****************************************
Report : area
Design : phase1_top
Version: G-2012.06-SP3
Date
: Sun Nov 11 19:35:14 2012
****************************************
Information: Updating design information... (UID-85)
Library(s) Used:
lsi_10k (File:
/titan/software/synopsys12/syn/libraries/syn/lsi_10k.db)
Number
Number
Number
Number
Number
Number
Number
Number
of
of
of
of
of
of
of
of
ports:
nets:
cells:
combinational cells:
sequential cells:
macros:
buf/inv:
references:
648
7348
5044
3107
1915
0
392
37
Combinational area:
Buf/Inv area:
Noncombinational area:
Net Interconnect area:
64309.000000
876.000000
9595.000000
undefined (No wire load specified)
Total cell area:
Total area:
73904.000000
undefined
125
1
Synthesis Constraint Report
****************************************
Report : constraint
-all_violators
Design : phase1_top
Version: G-2012.06-SP3
Date
: Sun Nov 11 19:35:16 2012
****************************************
max_area
Required
Actual
Design
Area
Area
Slack
-------------------------------------------------------phase1_top
0.00
73904.00
-73904.00
(VIOLATED)
1
Synthesis Attribute Report
Due to the size of the report only few lines are shown.
****************************************
Report : Attribute
Design : phase1_top
Version: G-2012.06-SP3
Date
: Sun Nov 11 19:35:13 2012
****************************************
Design
Object
Type
Attribute Name
Value
-------------------------------------------------------------------------------
126
phase1_top
phase1_top
design
compile_tot_wall_time
66.934769
phase1_top
phase1_top
design
olympia
phase1_top
phase1_top
design
testdb_meth_sig_usage_option
98307
phase1_top
phase1_top
design
testdb_meth_sig_usage
106499
phase1_top
phase1_top
design
multiplexed_flip_flop
phase1_top
phase1_top
design
17731.000000
phase1_top
phase1_top
design
20.000000
phase1_top
phase1_top
design
false
phase1_top
phase1_top
design
false
phase1_top
phase1_top
design
3
phase1_top
phase1_top
design
phase1_top
phase1_top
design
compile_tdrs_cpu_time
16.792450
phase1_top
phase1_top
design
0.357946
phase1_top
phase1_top
design
65.981972
phase1_top
phase1_top
design
28.733627
phase1_top
phase1_top
design
34.398773
compile_cpu_hostname
testdb_meth_name
pass1_area
bs_mux_cost
pads_thru_hier
pads_respect_hier
map_effort_option
instance_name_suffix
compile_lib_cpu_time
compile_tot_cpu_time
compile_rbo_cpu_time
compile_abo_cpu_time
127
REFERENCES
[1]
L. Carter and M. Wegman, "Universal classes of hash functions", Journal of
Computer and System Sciences, 18 (1979), pp.143-154.
[2]
M. Wegman and L. Carter, "New hash functions and their use in authentication
and set equality", Journal of Computer and System Sciences, 22 (1981), pp. 265279.
[3]
T. Krovetz and W. Dai (2007). "VMAC: Message Authentication Code using
Universal Hashing". CFRG Working Group. IETF. Retrieved 2010-08-12.
[4]
T. Krovetz, "Message auhentication on 64-bit architectures", Selected Areas in
Cryptography - SAC 2006, Springer-Verlag,2006
[5]
Dai Wei, Krovetz Ted, Department of Computer Science, California State
University, Sacramento, CA, USA. “VHASH Security”, IACR ePrint Archive,
2007.
[6]
Stinson D. Universal hashing and authentication codes. Designs, Codes and Cryptography 1994; 4:369–380.
[7]
Ganesh, T.S.; Sudarshan, T.S.B. “ASIC Implementation of a Unified Hardware
Architecture for Non-Key Based Cryptographic Hash Primitives,” Information
Technology: Coding and Computing, International Conference, 2005.
128
[8]
Francisco Rodriguez-Henriquez, N.A. Saqib, A. Diaz-Perez, Cetin Kaya Koc.
Cryptographic Algorithms on Reconfigurable Hardware.US: Springer, 2006,pp
26-27
[9]
http://www.asic-world.com/systemverilog/
[10]
Stuart Sutherland, “SystenVerilog for Design”, Springer, 2006
[11]
Chris Spear, “SystemVerilog for Verification”, Springer, 2008
[12]
Samir Palnitkar, “Verilog HDL, A Guide to Digital Design and Synthesis”,
Prentice Hall, 2003
[13]
http://www.einfochips.com/semiconductor-services/asic-soc-fpga-verification.php
[14]
http://fastcrypto.org/vmac/
[15]
Synopsys Inc, “Synthesis Quick Reference”, 2002
[16]
Synopsys Galaxy Seminar Series, “Introduction to Synopsys Galaxy Design
Platform”, Synopsys.
[17]
http://cseweb.ucsd.edu/~tweng/cse143/VHDLReference/12.pdf