The core has been completed for a long time and been used in several designs in ASICs as well as in FPGAs. The core is considered mature and ready for use. Minor changes are non-functional cleanups of code.
Hardware implementation of the SHA-256 cryptographic hash function with support for both SHA-256 and SHA-224. The implementation is written in Verilog 2001 compliant code. The implementation includes the main core as well as wrappers that provides interfaces for simple integration.
This is a low area implementation that iterates over the rounds but there is no sharing of operations such as adders.
The hardware implementation is complemented by a functional model written in Python.
Note that the core does NOT implement padding of final block. The caller is expected to handle padding.
The sha256 design is divided into the following sections.
The actual core consists of the following files:
The top level entity is called sha256_core. This entity has wide interfaces (512 bit block input, 256 bit digest). In order to make it usable you probably want to wrap the core with a bus interface.
The provided top level wrapper, sha256.v provides a simple 32-bit memory like interface. The core (sha256_core) will sample all data inputs when given the init or next signal. the wrapper contains additional data registers. This allows you to load a new block while the core is processing the previous block.
The core supports both sha224 and sha256 modes. The default mode is sha256. The mode bit is located in the ADDR_CTRL API register and this means that when writing to this register to start processing a block, care must be taken to set the mode bit to the intended mode. This means that old code that for example simply wrote 0x01 to initiate SHA256 processing will now initiate SHA224 processing. Writing 0x05 will now initiate SHA256 processing.
Regarding SHA224, it is up to the user to only read seven, not eight words from the digest registers. The core will update the LSW too.
There is a streaming interface for the core contributed by Olof Kindgren.
NOTE This interface is currently being developed. Expect bugs as this interface is still under development.
There is now an AXI4 interface for the core contributed by Sanjay A Menon. The interface wraps sha256_core, replacing sha256.v
The interface provides an AXI4-Lite slave interface with added hash complete interrupt signal. Chip select is implemented via axi_awprot signal.
This core is supported by the FuseSoC core package manager and build system. Some quick FuseSoC instructions:
install FuseSoC
pip install fusesoc
Create and enter a new workspace
mkdir workspace && cd workspace
Register sha256 as a library in the workspace
fusesoc library add sha256 /path/to/sha256
...if repo is available locally or... ...to get the upstream repo
fusesoc library add sha256 https://github.com/secworks/sha256
To run lint
fusesoc run --target=lint secworks:crypto:sha256
Run tb_sha256 testbench
fusesoc run --target=tb_sha256 secworks:crypto:sha256
Run with modelsim instead of default tool (icarus)
fusesoc run --target=tb_sha256 --tool=modelsim secworks:crypto:sha256
List all targets
fusesoc core show secworks:crypto:sha256
Implementation in 40 nm low power standard cell process.
Implementation results using Altera Quartus-II 13.1.
Cyclone IV E
Cyclone IV GX
Cyclone V
IGLOO2
Implementation results using ISE 14.7.
Spartan-6
Artix-7
Implementation results using Vivado 2014.4.
Zynq-7030
Implementation results using Vivado v.2019.2
Results kindly provided by Sanjay-A-Menon. Implemented design includes the AXI4 wrapper.
Zynq-7020