bunnie
commented
3 years ago Wow! these are really cool. Do you have any rough guesses on how many extra LUTs each of the different execution engines introduces to the FPGA?
Also, I don't know if you saw this, but a bug was found in the curve25519 engine. You'll want to apply this patch:
@@ -1413,7 +1413,7 @@ carries that have already been propagated. If we fail to do this, then we re-pro
self.dsp_match3 &
self.dsp_match2 &
self.dsp_match1 &
- (self.dsp_p0 >= 0x1_ffed)
+ (self.dsp_p0[:17] >= 0x1_ffed)
)
]check out https://github.com/betrusted-io/xous-core/issues/76 for details and tracking
rdolbeau
Hello,
For my use case of the Engine (FPGA-based crypto accelerator device for an existing vintage host), EC25519 is nice but I figured I could also have the other useful algos for SSH/SCP in the same accelerator (rather than needing Yet Another Device). So I did a draft implementation of some instructions to support AES/GCM. It includes some pclmulqdq-like instructions (multi-cycle eng_clk unit), the required shifts and permutations to support reduction and data ordering (single-cycle eng_clk unit), AES round instruction (multi-cycle mul_clk unit) and a load-store unit for faster access to the streamed data (variable multi-cycle mul_clk unit). It's all very experimental and not very clean. Also it's not optimized for area (or speed), it's just a functional implementation, with room for improvements in every aspect, presumably. Endianness handling is a bit of a mess (host is BE, but the DMA engine through which the L/S goes is byte-reverting the 32-bits words to support the OHCI USB controller with an unpatched NetBSD driver...), but the current draft code currently works to implement a stand-alone version of Supercop's aes256gcmv1 test bed.
Not sure if this will be interesting to anyone but me, but I thought I'd mention it just in case. FYI, the current engine code is here, while the current programs for the Engine are here.
Cordially,