• SHA-224/256 Hash

    Overview

    The SHA-224/256 Hash Engine is a hash calculation block which supports the 512bit block sized algorithms of the SHA-2 (fips180-3) specification:

    • SHA-224
    • SHA-256

    The deliverable is Verilog (2001) RTL.

    The hierarchy of the design is as illustrated within Fig 1:

    Fig 1: SHA-224/256 Hash Engine – RTL Hierarchy

    Port List

    The top level of the design has three key interfaces; Control & Status, Message Stream and Message Digest.  The full signal port list is as tabulated below:

    PORT WIDTH DIRECTION NOTE
    clk 1 Input Core clock
    resetn 1 Input Active low reset. Asynchronous assertion, syncronous de-assertion
    message_start 1 Input Calculation start request
    message_length 64 Input Message length (in bits) for processing
    digest_mode 1 InputDigest mode control. 1'b0: Sha-224,1'b1: Sha-256
    idle 1 Output Calculation processing status indication
    message_data 32 Output Data word (from message stream)
    message_valid 1 Output Message word valid indication
    message_enable 1 Input Message Word enable indication
    digest 256OutputDigest result
    digest_valid1OutputDigest result valid indication
    digest_enable 1 Input Digest result enable indication

    Signalling

    Fig 2 details a typical interface sequence for a hash calculation:

    • From the idle state (i.e. when the idle output is high), the digest_mode and message_length inputs are sampled when message_start is asserted.
    • Once in the active state (i.e. when the idle output is low), the state of the message_start input is ignored until the module has reached idle again.  Both digest_mode and message_length may be changed in value during this time.
    • With the module in the active state, the message_enable output is asserted to allow reception of message data over the Message Stream interface.
    • Message data may be presented within a single cycle via a valid /enable handshake protocol.  I.e. when valid data is presented, it is only accepted if the enable output is asserted too.  Fig 2 illustrates how there may be a delay after negation of the idle status before message_valid is asserted – however this is not an interface requirement.  Valid data may be presented earlier – message_enable will only become asserted once the module is active.
    • After the configured length of data for a given message has been received, the message_enable output will be negated and the hash calculation allowed to complete.  Upon completion the resultant Message Digest will be presented for output – again via a valid / enable protocol.
    • After the valid Message Digest has been enabled, the module will return to the idle state (i.e. idle is asserted again) and become ready to accept a new calculation request through a subsequent assertion of message_start.

    Fig 2: Interface Signal Sequencing (Typical)

    Data Alignment 

    The Message Length is presented as a 64 bit value, with the MSb in the bit[63] position and the LSb within bit[0].

    The Message Stream data is packed onto the message_data bus as per the SHA hash specification:

    • The bit stream (from first bit towards last) is split into a series of 32bit words with the earliest bit in the MSb position, the most recent bit in the LSb position.

    Message streams which complete on a non-aligned data word will be packed into the MSbits of the final 32 bit input word.

    The Message Digest result is ordered as per the SHA hash specification:

    • The H0 Word term will be presented in digest bits [255:224], followed by terms H1, H2, H3 etc through H7 (for SHA-256) within digest bits [31:0].