├── img └── VERILOGO.png ├── simu ├── input.vc ├── Makefile ├── aes_192_sed.v ├── round.v ├── simulation.cpp ├── aes_192.v ├── veriraptor.cpp └── table.v ├── attack.sh ├── Makefile ├── attack_hack_ches21.py ├── README.md ├── .gitignore └── LICENSE /img/VERILOGO.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kudelskisecurity/Verilaptor/HEAD/img/VERILOGO.png -------------------------------------------------------------------------------- /simu/input.vc: -------------------------------------------------------------------------------- 1 | // This file typically lists flags required by a large project, e.g. include directories 2 | table.v round.v -------------------------------------------------------------------------------- /attack.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Compute faults from simulation 4 | ./simu/build/veriraptor 5 | 6 | # DFA on AES 192 7 | ROUNDKEY=$(./attack_hack_ches21.py) 8 | 9 | echo Concatenated round keys: 10 | echo $ROUNDKEY 11 | echo 12 | 13 | # Result is the 1.5 last round key, still need to invert AES keyschedule with 14 | echo "[+] Inverse key schedule" 15 | ./Stark/aes_keyschedule $ROUNDKEY 11 -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | STARK_GIT = "https://github.com/SideChannelMarvels/Stark.git" 2 | SUBDIRS = simu Stark 3 | 4 | .PHONY: subdirs $(SUBDIRS) 5 | 6 | subdirs: $(SUBDIRS) 7 | 8 | simu: 9 | $(MAKE) -C $@ 10 | 11 | Stark: 12 | @if [ ! -d $@ ] ;\ 13 | then \ 14 | echo "Stark does not exist, fetching"; \ 15 | git clone $(STARK_GIT); \ 16 | fi 17 | $(MAKE) -C $@ 18 | 19 | clean: 20 | @rm -vf tracefile_r10 tracefile_r11 tracefile_r10_convert 21 | $(MAKE) clean -C simu 22 | @rm -rvf Stark 23 | -------------------------------------------------------------------------------- /attack_hack_ches21.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import phoenixAES 3 | from binascii import hexlify, unhexlify 4 | import sys 5 | 6 | # Redirect output. 7 | sys.stdout = sys.stderr 8 | 9 | print("[+] DFA on 13th round\n") 10 | subkey13 = phoenixAES.crack_file("tracefile_r11", verbose=0) 11 | 12 | print("[+] DFA on 12th round\n") 13 | subkey12 = phoenixAES.crack_file("tracefile_r10", lastroundkeys=[unhexlify(subkey13)], verbose=0) 14 | 15 | print() 16 | # Restore stdout 17 | sys.stdout = sys.__stdout__ 18 | print(subkey12 + subkey13[0:16]) 19 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 |

4 | 5 | For more information read our [blog post](https://research.kudelskisecurity.com/2021/09/21/verilaptor-software-fault-simultation-in-hardware-designs/). 6 | 7 | To run AES0 simulation: 8 | ```bash 9 | $ verilator -cc aes_192_sed.v -f input.vc --Mdir build -o simu --exe simulation.cpp 10 | $ make -C build/ -f Vaes_192_sed.mk simu 11 | $ ./build/simu 12 | ``` 13 | 14 | To run the full attack: 15 | ```bash 16 | $ make 17 | $ ./attack.sh 18 | ``` 19 | 20 | Make sure to use at least v0.0.4 of phoenixAES. 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Object files 5 | *.o 6 | *.ko 7 | *.obj 8 | *.elf 9 | 10 | # Linker output 11 | *.ilk 12 | *.map 13 | *.exp 14 | 15 | # Precompiled Headers 16 | *.gch 17 | *.pch 18 | 19 | # Libraries 20 | *.lib 21 | *.a 22 | *.la 23 | *.lo 24 | 25 | # Shared objects (inc. Windows DLLs) 26 | *.dll 27 | *.so 28 | *.so.* 29 | *.dylib 30 | 31 | # Executables 32 | *.exe 33 | *.out 34 | *.app 35 | *.i*86 36 | *.x86_64 37 | *.hex 38 | 39 | # Debug files 40 | *.dSYM/ 41 | *.su 42 | *.idb 43 | *.pdb 44 | 45 | # Kernel Module Compile Results 46 | *.mod* 47 | *.cmd 48 | .tmp_versions/ 49 | modules.order 50 | Module.symvers 51 | Mkfile.old 52 | dkms.conf 53 | -------------------------------------------------------------------------------- /simu/Makefile: -------------------------------------------------------------------------------- 1 | # ======= CONFIGURATION ======= 2 | 3 | # Output directory where the final executable will be produced 4 | # and where files generated by Verilator are stored 5 | BUILD_DIR=build 6 | 7 | # Name of the generated executable 8 | OUT=veriraptor 9 | 10 | # Top-level verilog module 11 | TOP=aes_192_sed.v 12 | 13 | # C++ files 14 | CPP=veriraptor.cpp 15 | 16 | # ======= BUILD RULES ======= 17 | 18 | # Name of .mk file generated by Verilator 19 | VERILATOR_MK=V$(basename $(TOP)).mk 20 | 21 | all: design $(OUT) 22 | 23 | design: $(TOP) 24 | verilator -cc $(TOP) -f input.vc --Mdir $(BUILD_DIR) -o $(OUT) --exe $(CPP) 25 | 26 | $(OUT): design 27 | $(MAKE) -C $(BUILD_DIR) -f $(VERILATOR_MK) $(OUT) 28 | 29 | sim: 30 | @$(BUILD_DIR)/$(OUT) 31 | 32 | clean: 33 | rm -rf $(BUILD_DIR) 34 | -------------------------------------------------------------------------------- /simu/aes_192_sed.v: -------------------------------------------------------------------------------- 1 | /* 2 | * Description: 3 | * AES is implemented in CTR mode. 4 | * Give 128 bit input to "p_c_text" (plain/cipher text). 5 | * Give 192 bit key to "key". 6 | * Give 128 initial vector to "state". 7 | * 8 | * Conditions: 9 | * Don't give new inputs and start until assertion of out_valid. 10 | * Start has to go from 0 to 1 for the correct starting. 11 | * "state" value should be same for both encryption and decryption. 12 | * 13 | * sed: Serialized Encryption and Decryption 14 | */ 15 | 16 | module aes_192_sed(clk, start, state, p_c_text, key, out, out_valid); 17 | input clk; 18 | input start; 19 | input [127:0] state, p_c_text; 20 | input [191:0] key; 21 | output [127:0] out; 22 | output out_valid; 23 | 24 | wire [127:0] out_temp; 25 | wire out_valid; 26 | 27 | // Instantiate the Unit Under Test (UUT) 28 | aes_192 uut ( 29 | .clk(clk), 30 | .start(start), 31 | .state(state), 32 | .key(key), 33 | .out(out_temp), 34 | .out_valid(out_valid) 35 | ); 36 | 37 | // Muxing p_c_text with output of AES core. 38 | assign out = p_c_text ^ out_temp; 39 | 40 | endmodule 41 | 42 | -------------------------------------------------------------------------------- /simu/round.v: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012, Homer Hsing 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /* verilator lint_off UNOPTFLAT */ 18 | 19 | /* one AES round for every two clock cycles */ 20 | module one_round (clk, state_in, key, state_out); 21 | input clk; 22 | input [127:0] state_in, key; 23 | output reg [127:0] state_out; 24 | wire [31:0] s0, s1, s2, s3, 25 | z0, z1, z2, z3, 26 | p00, p01, p02, p03, 27 | p10, p11, p12, p13, 28 | p20, p21, p22, p23, 29 | p30, p31, p32, p33, 30 | k0, k1, k2, k3; 31 | 32 | assign {k0, k1, k2, k3} = key; 33 | 34 | assign {s0, s1, s2, s3} = state_in; 35 | 36 | table_lookup 37 | t0 (clk, s0, p00, p01, p02, p03), 38 | t1 (clk, s1, p10, p11, p12, p13), 39 | t2 (clk, s2, p20, p21, p22, p23), 40 | t3 (clk, s3, p30, p31, p32, p33); 41 | 42 | assign z0 = p00 ^ p11 ^ p22 ^ p33 ^ k0; 43 | assign z1 = p03 ^ p10 ^ p21 ^ p32 ^ k1; 44 | assign z2 = p02 ^ p13 ^ p20 ^ p31 ^ k2; 45 | assign z3 = p01 ^ p12 ^ p23 ^ p30 ^ k3; 46 | 47 | always @ (posedge clk) 48 | state_out <= {z0, z1, z2, z3}; 49 | endmodule 50 | 51 | /* AES final round for every two clock cycles */ 52 | module final_round (clk, state_in, key_in, state_out); 53 | input clk; 54 | input [127:0] state_in; 55 | input [127:0] key_in; 56 | output reg [127:0] state_out; 57 | wire [31:0] s0, s1, s2, s3, 58 | z0, z1, z2, z3, 59 | k0, k1, k2, k3; 60 | wire [7:0] p00, p01, p02, p03, 61 | p10, p11, p12, p13, 62 | p20, p21, p22, p23, 63 | p30, p31, p32, p33; 64 | 65 | assign {k0, k1, k2, k3} = key_in; 66 | 67 | assign {s0, s1, s2, s3} = state_in; 68 | 69 | S4 70 | S4_1 (clk, s0, {p00, p01, p02, p03}), 71 | S4_2 (clk, s1, {p10, p11, p12, p13}), 72 | S4_3 (clk, s2, {p20, p21, p22, p23}), 73 | S4_4 (clk, s3, {p30, p31, p32, p33}); 74 | 75 | assign z0 = {p00, p11, p22, p33} ^ k0; 76 | assign z1 = {p10, p21, p32, p03} ^ k1; 77 | assign z2 = {p20, p31, p02, p13} ^ k2; 78 | assign z3 = {p30, p01, p12, p23} ^ k3; 79 | 80 | always @ (posedge clk) 81 | state_out <= {z0, z1, z2, z3}; 82 | endmodule 83 | 84 | -------------------------------------------------------------------------------- /simu/simulation.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #include "Vaes_192_sed.h" 9 | 10 | template 11 | 12 | void userIn(const char * var_name, T & var) 13 | { 14 | unsigned tmp; 15 | std::cout << var_name << " = "; 16 | std::cin >> tmp; 17 | assert(tmp <= 0xffffffff); 18 | var = tmp; 19 | } 20 | 21 | void userOut(const char * var_name, unsigned value) 22 | { 23 | std::cout << var_name << " = " << std::hex << value << '\n'; 24 | } 25 | 26 | void write_result(std::unique_ptr& top, std::ofstream& file) { 27 | file << std::setw(8) << std::setfill('0') << std::hex << top->out[3]; 28 | file << std::setw(8) << std::setfill('0') << std::hex << top->out[2]; 29 | file << std::setw(8) << std::setfill('0') << std::hex << top->out[1]; 30 | file << std::setw(8) << std::setfill('0') << std::hex << top->out[0] << '\n';; 31 | } 32 | 33 | void tick(std::unique_ptr& top) { 34 | top->clk = 0; 35 | top->eval(); 36 | top->clk = 1; 37 | top->eval(); 38 | top->clk = 0; 39 | } 40 | 41 | void aes_encrypt(std::unique_ptr& top) { 42 | tick(top); 43 | top->start = 0x1; 44 | tick(top); 45 | top->start = 0x0; 46 | tick(top); 47 | 48 | while (top->out_valid == 0) { 49 | tick(top); 50 | } 51 | } 52 | 53 | int main(int argc, char ** argv) 54 | { 55 | int i; 56 | 57 | /* Initialize Verilator variables */ 58 | Verilated::commandArgs(argc, argv); 59 | 60 | /* Create top module instance */ 61 | auto top = std::make_unique(); 62 | 63 | std::cout << "[+] Simulation with Verilator\n"; 64 | /* Inputs 65 | key: 8e73b0f7 da0e6452 c810f32b 809079e5 62f8ead2 522c6b7b 66 | plaintext: 6bc1bee2 2e409f96 e93d7e11 7393172a 67 | ciphertext: bd334f1d 6e45f25f f712a214 571fa5cc*/ 68 | top->key[5] = 0x8e73b0f7; 69 | top->key[4] = 0xda0e6452; 70 | top->key[3] = 0xc810f32b; 71 | top->key[2] = 0x809079e5; 72 | top->key[1] = 0x62f8ead2; 73 | top->key[0] = 0x522c6b7b; 74 | 75 | top->state[3] = 0x6bc1bee2; 76 | top->state[2] = 0x2e409f96; 77 | top->state[1] = 0xe93d7e11; 78 | top->state[0] = 0x7393172a; 79 | 80 | std::cout << "Using key:\n"; 81 | for (i=5;i>=0;i--) { 82 | std::cout << std::setw(8) << std::setfill('0') << std::hex << top->key[i]; 83 | } 84 | 85 | std::cout << "\nUsing plaintext:\n"; 86 | for (i=3;i>=0;i--) { 87 | std::cout << std::setw(8) << std::setfill('0') << std::hex << top->state[i]; 88 | } 89 | 90 | aes_encrypt(top); 91 | 92 | std::cout << "\nResulting ciphertext:\n"; 93 | for (i=3;i>=0;i--) { 94 | std::cout << std::setw(8) << std::setfill('0') << std::hex << top->out[i]; 95 | } 96 | std::cout << "\n\n"; 97 | top->final(); 98 | 99 | return 0; 100 | } 101 | -------------------------------------------------------------------------------- /simu/aes_192.v: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012, Homer Hsing 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module aes_192 (clk, start, state, key, out, out_valid); 18 | input clk; 19 | input start; 20 | input [127:0] state; 21 | input [191:0] key; 22 | output [127:0] out; 23 | output out_valid; 24 | reg [127:0] s0; 25 | reg [191:0] k0; 26 | wire [127:0] s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11; 27 | wire [191:0] k1, k2, k3, k4, k5, k6, k7, k8, k9, k10, k11; 28 | wire [127:0] k0b, k1b, k2b, k3b, k4b, k5b, k6b, k7b, k8b, k9b, k10b, k11b; 29 | 30 | reg start_r; 31 | always @(posedge clk) 32 | begin 33 | start_r <= start; 34 | end 35 | 36 | wire start_posedge = start & ~start_r; 37 | reg [4:0] validCounter; 38 | 39 | always @ (posedge clk) 40 | begin 41 | if(start_posedge) 42 | begin 43 | s0 <= state ^ key[191:64]; 44 | k0 <= key; 45 | validCounter <= 25; 46 | end 47 | else if(~out_valid) 48 | begin 49 | validCounter <= validCounter - 1; 50 | end 51 | end 52 | 53 | assign out_valid = (validCounter == 0); 54 | 55 | expand_key_type_D_192 a0 (clk, k0, 8'h1, k1, k0b); 56 | expand_key_type_B_192 a1 (clk, k1, k2, k1b); 57 | expand_key_type_A_192 a2 (clk, k2, 8'h2, k3, k2b); 58 | expand_key_type_C_192 a3 (clk, k3, 8'h4, k4, k3b); 59 | expand_key_type_B_192 a4 (clk, k4, k5, k4b); 60 | expand_key_type_A_192 a5 (clk, k5, 8'h8, k6, k5b); 61 | expand_key_type_C_192 a6 (clk, k6, 8'h10, k7, k6b); 62 | expand_key_type_B_192 a7 (clk, k7, k8, k7b); 63 | expand_key_type_A_192 a8 (clk, k8, 8'h20, k9, k8b); 64 | expand_key_type_C_192 a9 (clk, k9, 8'h40, k10, k9b); 65 | expand_key_type_B_192 a10 (clk,k10, k11, k10b); 66 | expand_key_type_A_192 a11 (clk,k11, 8'h80, , k11b); 67 | 68 | one_round 69 | r1 (clk, s0, k0b, s1), 70 | r2 (clk, s1, k1b, s2), 71 | r3 (clk, s2, k2b, s3), 72 | r4 (clk, s3, k3b, s4), 73 | r5 (clk, s4, k4b, s5), 74 | r6 (clk, s5, k5b, s6), 75 | r7 (clk, s6, k6b, s7), 76 | r8 (clk, s7, k7b, s8), 77 | r9 (clk, s8, k8b, s9), 78 | r10 (clk, s9, k9b, s10), 79 | r11 (clk, s10, k10b, s11); 80 | 81 | final_round 82 | rf (clk, s11, k11b, out); 83 | endmodule 84 | 85 | /* expand k0,k1,k2,k3 for every two clock cycles */ 86 | module expand_key_type_A_192 (clk, in, rcon, out_1, out_2); 87 | input clk; 88 | input [191:0] in; 89 | input [7:0] rcon; 90 | output reg [191:0] out_1; 91 | output [127:0] out_2; 92 | wire [31:0] k0, k1, k2, k3, k4, k5, 93 | v0, v1, v2, v3; 94 | reg [31:0] k0a, k1a, k2a, k3a, k4a, k5a; 95 | wire [31:0] k0b, k1b, k2b, k3b, k4b, k5b, k6a; 96 | 97 | assign {k0, k1, k2, k3, k4, k5} = in; 98 | 99 | assign v0 = {k0[31:24] ^ rcon, k0[23:0]}; 100 | assign v1 = v0 ^ k1; 101 | assign v2 = v1 ^ k2; 102 | assign v3 = v2 ^ k3; 103 | 104 | always @ (posedge clk) 105 | {k0a, k1a, k2a, k3a, k4a, k5a} <= {v0, v1, v2, v3, k4, k5}; 106 | 107 | S4 108 | S4_0 (clk, {k5[23:0], k5[31:24]}, k6a); 109 | 110 | assign k0b = k0a ^ k6a; 111 | assign k1b = k1a ^ k6a; 112 | assign k2b = k2a ^ k6a; 113 | assign k3b = k3a ^ k6a; 114 | assign {k4b, k5b} = {k4a, k5a}; 115 | 116 | always @ (posedge clk) 117 | out_1 <= {k0b, k1b, k2b, k3b, k4b, k5b}; 118 | 119 | assign out_2 = {k0b, k1b, k2b, k3b}; 120 | endmodule 121 | 122 | /* expand k2,k3,k4,k5 for every two clock cycles */ 123 | module expand_key_type_B_192 (clk, in, out_1, out_2); 124 | input clk; 125 | input [191:0] in; 126 | output reg [191:0] out_1; 127 | output [127:0] out_2; 128 | wire [31:0] k0, k1, k2, k3, k4, k5, 129 | v2, v3, v4, v5; 130 | reg [31:0] k0a, k1a, k2a, k3a, k4a, k5a; 131 | 132 | assign {k0, k1, k2, k3, k4, k5} = in; 133 | 134 | assign v2 = k1 ^ k2; 135 | assign v3 = v2 ^ k3; 136 | assign v4 = v3 ^ k4; 137 | assign v5 = v4 ^ k5; 138 | 139 | always @ (posedge clk) 140 | {k0a, k1a, k2a, k3a, k4a, k5a} <= {k0, k1, v2, v3, v4, v5}; 141 | 142 | always @ (posedge clk) 143 | out_1 <= {k0a, k1a, k2a, k3a, k4a, k5a}; 144 | 145 | assign out_2 = {k2a, k3a, k4a, k5a}; 146 | endmodule 147 | 148 | /* expand k0,k1,k4,k5 for every two clock cycles */ 149 | module expand_key_type_C_192 (clk, in, rcon, out_1, out_2); 150 | input clk; 151 | input [191:0] in; 152 | input [7:0] rcon; 153 | output reg [191:0] out_1; 154 | output [127:0] out_2; 155 | wire [31:0] k0, k1, k2, k3, k4, k5, 156 | v4, v5, v0, v1; 157 | reg [31:0] k0a, k1a, k2a, k3a, k4a, k5a; 158 | wire [31:0] k0b, k1b, k2b, k3b, k4b, k5b, k6a; 159 | 160 | assign {k0, k1, k2, k3, k4, k5} = in; 161 | 162 | assign v4 = k3 ^ k4; 163 | assign v5 = v4 ^ k5; 164 | assign v0 = {k0[31:24] ^ rcon, k0[23:0]}; 165 | assign v1 = v0 ^ k1; 166 | 167 | always @ (posedge clk) 168 | {k0a, k1a, k2a, k3a, k4a, k5a} <= {v0, v1, k2, k3, v4, v5}; 169 | 170 | S4 171 | S4_0 (clk, {v5[23:0], v5[31:24]}, k6a); 172 | 173 | assign k0b = k0a ^ k6a; 174 | assign k1b = k1a ^ k6a; 175 | assign {k2b, k3b, k4b, k5b} = {k2a, k3a, k4a, k5a}; 176 | 177 | always @ (posedge clk) 178 | out_1 <= {k0b, k1b, k2b, k3b, k4b, k5b}; 179 | 180 | assign out_2 = {k4b, k5b, k0b, k1b}; 181 | endmodule 182 | 183 | /* expand k0,k1 for every two clock cycles */ 184 | module expand_key_type_D_192 (clk, in, rcon, out_1, out_2); 185 | input clk; 186 | input [191:0] in; 187 | input [7:0] rcon; 188 | output reg [191:0] out_1; 189 | output [127:0] out_2; 190 | wire [31:0] k0, k1, k2, k3, k4, k5, 191 | v0, v1; 192 | reg [31:0] k0a, k1a, k2a, k3a, k4a, k5a; 193 | wire [31:0] k0b, k1b, k2b, k3b, k4b, k5b, k6a; 194 | 195 | assign {k0, k1, k2, k3, k4, k5} = in; 196 | 197 | assign v0 = {k0[31:24] ^ rcon, k0[23:0]}; 198 | assign v1 = v0 ^ k1; 199 | 200 | always @ (posedge clk) 201 | {k0a, k1a, k2a, k3a, k4a, k5a} <= {v0, v1, k2, k3, k4, k5}; 202 | 203 | S4 204 | S4_0 (clk, {k5[23:0], k5[31:24]}, k6a); 205 | 206 | assign k0b = k0a ^ k6a; 207 | assign k1b = k1a ^ k6a; 208 | assign {k2b, k3b, k4b, k5b} = {k2a, k3a, k4a, k5a}; 209 | 210 | always @ (posedge clk) 211 | out_1 <= {k0b, k1b, k2b, k3b, k4b, k5b}; 212 | 213 | assign out_2 = {k4b, k5b, k0b, k1b}; 214 | endmodule 215 | -------------------------------------------------------------------------------- /simu/veriraptor.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | #include "Vaes_192_sed.h" 11 | #include "Vaes_192_sed_aes_192_sed.h" 12 | #include "Vaes_192_sed_aes_192.h" 13 | #include "Vaes_192_sed_one_round.h" 14 | #include "Vaes_192_sed_table_lookup.h" 15 | #include "Vaes_192_sed_S.h" 16 | #include "Vaes_192_sed_T.h" 17 | 18 | 19 | template 20 | 21 | void userIn(const char * var_name, T & var) 22 | { 23 | unsigned tmp; 24 | std::cout << var_name << " = "; 25 | std::cin >> tmp; 26 | assert(tmp <= 0xffffffff); 27 | var = tmp; 28 | } 29 | 30 | void userOut(const char * var_name, unsigned value) 31 | { 32 | std::cout << var_name << " = " << std::hex << value << '\n'; 33 | } 34 | 35 | void tick_fault_r9(std::unique_ptr& top, int sbox_num, int value) { 36 | top->clk = 0; 37 | top->eval(); 38 | // Inject fault at output of sbox 39 | switch (sbox_num) { 40 | case 0: { 41 | auto sbox = top->aes_192_sed->uut->r9->t0; 42 | sbox->p3 = sbox->p3 ^ value; 43 | } 44 | break; 45 | case 1: { 46 | auto sbox = top->aes_192_sed->uut->r9->t1; 47 | sbox->p3 = sbox->p3 ^ value; 48 | } 49 | break; 50 | case 2: { 51 | auto sbox = top->aes_192_sed->uut->r9->t2; 52 | sbox->p3 = sbox->p3 ^ value; 53 | } 54 | break; 55 | case 3: { 56 | auto sbox = top->aes_192_sed->uut->r9->t3; 57 | sbox->p3 = sbox->p3 ^ value; 58 | } 59 | break; 60 | } 61 | top->clk = 1; 62 | top->eval(); 63 | top->clk = 0; 64 | } 65 | 66 | void tick_fault_r10(std::unique_ptr& top, int sbox_num, int value) { 67 | top->clk = 0; 68 | top->eval(); 69 | // Inject fault at output of sbox 70 | switch (sbox_num) { 71 | case 0: { 72 | auto sbox = top->aes_192_sed->uut->r10->t0; 73 | sbox->p3 = sbox->p3 ^ value; 74 | } 75 | break; 76 | case 1: { 77 | auto sbox = top->aes_192_sed->uut->r10->t1; 78 | sbox->p3 = sbox->p3 ^ value; 79 | } 80 | break; 81 | case 2: { 82 | auto sbox = top->aes_192_sed->uut->r10->t2; 83 | sbox->p3 = sbox->p3 ^ value; 84 | } 85 | break; 86 | case 3: { 87 | auto sbox = top->aes_192_sed->uut->r10->t3; 88 | sbox->p3 = sbox->p3 ^ value; 89 | } 90 | break; 91 | } 92 | top->clk = 1; 93 | top->eval(); 94 | top->clk = 0; 95 | } 96 | 97 | void write_result(std::unique_ptr& top, std::ofstream& file, bool verbose) { 98 | file << std::setw(8) << std::setfill('0') << std::hex << top->out[3]; 99 | file << std::setw(8) << std::setfill('0') << std::hex << top->out[2]; 100 | file << std::setw(8) << std::setfill('0') << std::hex << top->out[1]; 101 | file << std::setw(8) << std::setfill('0') << std::hex << top->out[0] << '\n'; 102 | 103 | if (verbose) { 104 | std::cout << std::setw(8) << std::setfill('0') << std::hex << top->out[3]; 105 | std::cout << std::setw(8) << std::setfill('0') << std::hex << top->out[2]; 106 | std::cout << std::setw(8) << std::setfill('0') << std::hex << top->out[1]; 107 | std::cout << std::setw(8) << std::setfill('0') << std::hex << top->out[0] << '\n'; 108 | } 109 | } 110 | 111 | void tick(std::unique_ptr& top) { 112 | top->clk = 0; 113 | top->eval(); 114 | top->clk = 1; 115 | top->eval(); 116 | top->clk = 0; 117 | } 118 | 119 | void aes_encrypt(std::unique_ptr& top) { 120 | tick(top); 121 | top->start = 0x1; 122 | tick(top); 123 | top->start = 0x0; 124 | tick(top); 125 | 126 | while (top->out_valid == 0) { 127 | tick(top); 128 | } 129 | } 130 | 131 | void aes_encrypt_fault_r9(std::unique_ptr& top, int value, int fault) { 132 | int i = 0; 133 | tick(top); 134 | top->start = 0x1; 135 | tick(top); 136 | top->start = 0x0; 137 | tick(top); 138 | 139 | while (top->out_valid == 0) { 140 | if (i < 9) { 141 | tick(top); 142 | } else { 143 | tick_fault_r9(top, value, fault); 144 | } 145 | i++; 146 | } 147 | } 148 | 149 | void aes_encrypt_fault_r10(std::unique_ptr& top, int value, int fault) { 150 | int i = 0; 151 | tick(top); 152 | top->start = 0x1; 153 | tick(top); 154 | top->start = 0x0; 155 | tick(top); 156 | 157 | while (top->out_valid == 0) { 158 | if (i < 10) { 159 | tick(top); 160 | } else { 161 | tick_fault_r10(top, value, fault); 162 | } 163 | i++; 164 | } 165 | } 166 | 167 | int main(int argc, char ** argv) 168 | { 169 | bool verbose = false; 170 | 171 | if (argc > 1) { 172 | if (std::string(argv[1]) == "-v") { 173 | verbose = true; 174 | } 175 | } 176 | 177 | /* Initialize Verilator variables */ 178 | Verilated::commandArgs(argc, argv); 179 | 180 | /* Create top module instance */ 181 | auto top = std::make_unique(); 182 | 183 | /* PRNG */ 184 | unsigned seed = std::chrono::system_clock::now().time_since_epoch().count(); 185 | std::mt19937 g1 (seed); 186 | int i=0; 187 | std::ofstream fault_file; 188 | 189 | std::cout << "[+] Fault simulation with Verilator\n"; 190 | 191 | std::cout << "Using key:\n"; 192 | for (i=5;i>=0;i--) { 193 | top->key[i] = g1(); 194 | std::cout << std::setw(8) << std::setfill('0') << std::hex << top->key[i]; 195 | } 196 | 197 | std::cout << "\nUsing plaintext:\n"; 198 | for (i=3;i>=0;i--) { 199 | top->state[i] = g1(); 200 | std::cout << std::setw(8) << std::setfill('0') << std::hex << top->state[i]; 201 | } 202 | 203 | fault_file.open("tracefile_r11"); 204 | 205 | // Golden sample 206 | aes_encrypt(top); 207 | std::cout << "\nGetting ciphertext:\n"; 208 | for (i=3;i>=0;i--) { 209 | std::cout << std::setw(8) << std::setfill('0') << std::hex << top->out[i]; 210 | } 211 | std::cout << "\n\n"; 212 | write_result(top, fault_file, verbose); 213 | 214 | // Getting the faults in round 11 215 | for (i=0;i<4;i++) { 216 | aes_encrypt_fault_r10(top, i, g1() % 256); 217 | write_result(top, fault_file, verbose); 218 | aes_encrypt_fault_r10(top, i, g1() % 256); 219 | write_result(top, fault_file, verbose); 220 | } 221 | 222 | fault_file.close(); 223 | fault_file.open("tracefile_r10"); 224 | 225 | // Golden sample 226 | aes_encrypt(top); 227 | write_result(top, fault_file, verbose); 228 | 229 | // Getting the faults in round 10 230 | for (i=0;i<4;i++) { 231 | aes_encrypt_fault_r9(top, i, g1() % 256); 232 | write_result(top, fault_file, verbose); 233 | 234 | aes_encrypt_fault_r9(top, i, g1() % 256); 235 | write_result(top, fault_file, verbose); 236 | } 237 | fault_file.close(); 238 | top->final(); 239 | 240 | return 0; 241 | } 242 | -------------------------------------------------------------------------------- /simu/table.v: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2012, Homer Hsing 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /* verilator lint_off UNOPTFLAT */ 18 | 19 | module table_lookup (clk, state, p0, p1, p2, p3); 20 | input clk; 21 | input [31:0] state; 22 | output [31:0] p0, p1, p2, p3/*verilator public*/; 23 | wire [7:0] b0, b1, b2, b3; 24 | 25 | assign {b0, b1, b2, b3} = state; 26 | T 27 | t0 (clk, b0, {p0[23:0], p0[31:24]}), 28 | t1 (clk, b1, {p1[15:0], p1[31:16]}), 29 | t2 (clk, b2, {p2[7:0], p2[31:8]} ), 30 | t3 (clk, b3, p3); 31 | endmodule 32 | 33 | /* substitue four bytes in a word */ 34 | module S4 (clk, in, out); 35 | input clk; 36 | input [31:0] in; 37 | output [31:0] out; 38 | 39 | S 40 | S_0 (clk, in[31:24], out[31:24]), 41 | S_1 (clk, in[23:16], out[23:16]), 42 | S_2 (clk, in[15:8], out[15:8] ), 43 | S_3 (clk, in[7:0], out[7:0] ); 44 | endmodule 45 | 46 | /* S_box, S_box, S_box*(x+1), S_box*x */ 47 | module T (clk, in, out); 48 | input clk; 49 | input [7:0] in; 50 | output [31:0] out; 51 | 52 | S 53 | s0 (clk, in, out[31:24]); 54 | assign out[23:16] = out[31:24]; 55 | xS 56 | s4 (clk, in, out[7:0]); 57 | assign out[15:8] = out[23:16] ^ out[7:0]; 58 | endmodule 59 | 60 | /* S box */ 61 | module S (clk, in, out); 62 | input clk; 63 | input [7:0] in; 64 | output reg [7:0] out; 65 | 66 | always @ (posedge clk) 67 | case (in) 68 | 8'h00: 69 | out <= 8'h63; 70 | 8'h01: 71 | out <= 8'h7c; 72 | 8'h02: 73 | out <= 8'h77; 74 | 8'h03: 75 | out <= 8'h7b; 76 | 8'h04: 77 | out <= 8'hf2; 78 | 8'h05: 79 | out <= 8'h6b; 80 | 8'h06: 81 | out <= 8'h6f; 82 | 8'h07: 83 | out <= 8'hc5; 84 | 8'h08: 85 | out <= 8'h30; 86 | 8'h09: 87 | out <= 8'h01; 88 | 8'h0a: 89 | out <= 8'h67; 90 | 8'h0b: 91 | out <= 8'h2b; 92 | 8'h0c: 93 | out <= 8'hfe; 94 | 8'h0d: 95 | out <= 8'hd7; 96 | 8'h0e: 97 | out <= 8'hab; 98 | 8'h0f: 99 | out <= 8'h76; 100 | 8'h10: 101 | out <= 8'hca; 102 | 8'h11: 103 | out <= 8'h82; 104 | 8'h12: 105 | out <= 8'hc9; 106 | 8'h13: 107 | out <= 8'h7d; 108 | 8'h14: 109 | out <= 8'hfa; 110 | 8'h15: 111 | out <= 8'h59; 112 | 8'h16: 113 | out <= 8'h47; 114 | 8'h17: 115 | out <= 8'hf0; 116 | 8'h18: 117 | out <= 8'had; 118 | 8'h19: 119 | out <= 8'hd4; 120 | 8'h1a: 121 | out <= 8'ha2; 122 | 8'h1b: 123 | out <= 8'haf; 124 | 8'h1c: 125 | out <= 8'h9c; 126 | 8'h1d: 127 | out <= 8'ha4; 128 | 8'h1e: 129 | out <= 8'h72; 130 | 8'h1f: 131 | out <= 8'hc0; 132 | 8'h20: 133 | out <= 8'hb7; 134 | 8'h21: 135 | out <= 8'hfd; 136 | 8'h22: 137 | out <= 8'h93; 138 | 8'h23: 139 | out <= 8'h26; 140 | 8'h24: 141 | out <= 8'h36; 142 | 8'h25: 143 | out <= 8'h3f; 144 | 8'h26: 145 | out <= 8'hf7; 146 | 8'h27: 147 | out <= 8'hcc; 148 | 8'h28: 149 | out <= 8'h34; 150 | 8'h29: 151 | out <= 8'ha5; 152 | 8'h2a: 153 | out <= 8'he5; 154 | 8'h2b: 155 | out <= 8'hf1; 156 | 8'h2c: 157 | out <= 8'h71; 158 | 8'h2d: 159 | out <= 8'hd8; 160 | 8'h2e: 161 | out <= 8'h31; 162 | 8'h2f: 163 | out <= 8'h15; 164 | 8'h30: 165 | out <= 8'h04; 166 | 8'h31: 167 | out <= 8'hc7; 168 | 8'h32: 169 | out <= 8'h23; 170 | 8'h33: 171 | out <= 8'hc3; 172 | 8'h34: 173 | out <= 8'h18; 174 | 8'h35: 175 | out <= 8'h96; 176 | 8'h36: 177 | out <= 8'h05; 178 | 8'h37: 179 | out <= 8'h9a; 180 | 8'h38: 181 | out <= 8'h07; 182 | 8'h39: 183 | out <= 8'h12; 184 | 8'h3a: 185 | out <= 8'h80; 186 | 8'h3b: 187 | out <= 8'he2; 188 | 8'h3c: 189 | out <= 8'heb; 190 | 8'h3d: 191 | out <= 8'h27; 192 | 8'h3e: 193 | out <= 8'hb2; 194 | 8'h3f: 195 | out <= 8'h75; 196 | 8'h40: 197 | out <= 8'h09; 198 | 8'h41: 199 | out <= 8'h83; 200 | 8'h42: 201 | out <= 8'h2c; 202 | 8'h43: 203 | out <= 8'h1a; 204 | 8'h44: 205 | out <= 8'h1b; 206 | 8'h45: 207 | out <= 8'h6e; 208 | 8'h46: 209 | out <= 8'h5a; 210 | 8'h47: 211 | out <= 8'ha0; 212 | 8'h48: 213 | out <= 8'h52; 214 | 8'h49: 215 | out <= 8'h3b; 216 | 8'h4a: 217 | out <= 8'hd6; 218 | 8'h4b: 219 | out <= 8'hb3; 220 | 8'h4c: 221 | out <= 8'h29; 222 | 8'h4d: 223 | out <= 8'he3; 224 | 8'h4e: 225 | out <= 8'h2f; 226 | 8'h4f: 227 | out <= 8'h84; 228 | 8'h50: 229 | out <= 8'h53; 230 | 8'h51: 231 | out <= 8'hd1; 232 | 8'h52: 233 | out <= 8'h00; 234 | 8'h53: 235 | out <= 8'hed; 236 | 8'h54: 237 | out <= 8'h20; 238 | 8'h55: 239 | out <= 8'hfc; 240 | 8'h56: 241 | out <= 8'hb1; 242 | 8'h57: 243 | out <= 8'h5b; 244 | 8'h58: 245 | out <= 8'h6a; 246 | 8'h59: 247 | out <= 8'hcb; 248 | 8'h5a: 249 | out <= 8'hbe; 250 | 8'h5b: 251 | out <= 8'h39; 252 | 8'h5c: 253 | out <= 8'h4a; 254 | 8'h5d: 255 | out <= 8'h4c; 256 | 8'h5e: 257 | out <= 8'h58; 258 | 8'h5f: 259 | out <= 8'hcf; 260 | 8'h60: 261 | out <= 8'hd0; 262 | 8'h61: 263 | out <= 8'hef; 264 | 8'h62: 265 | out <= 8'haa; 266 | 8'h63: 267 | out <= 8'hfb; 268 | 8'h64: 269 | out <= 8'h43; 270 | 8'h65: 271 | out <= 8'h4d; 272 | 8'h66: 273 | out <= 8'h33; 274 | 8'h67: 275 | out <= 8'h85; 276 | 8'h68: 277 | out <= 8'h45; 278 | 8'h69: 279 | out <= 8'hf9; 280 | 8'h6a: 281 | out <= 8'h02; 282 | 8'h6b: 283 | out <= 8'h7f; 284 | 8'h6c: 285 | out <= 8'h50; 286 | 8'h6d: 287 | out <= 8'h3c; 288 | 8'h6e: 289 | out <= 8'h9f; 290 | 8'h6f: 291 | out <= 8'ha8; 292 | 8'h70: 293 | out <= 8'h51; 294 | 8'h71: 295 | out <= 8'ha3; 296 | 8'h72: 297 | out <= 8'h40; 298 | 8'h73: 299 | out <= 8'h8f; 300 | 8'h74: 301 | out <= 8'h92; 302 | 8'h75: 303 | out <= 8'h9d; 304 | 8'h76: 305 | out <= 8'h38; 306 | 8'h77: 307 | out <= 8'hf5; 308 | 8'h78: 309 | out <= 8'hbc; 310 | 8'h79: 311 | out <= 8'hb6; 312 | 8'h7a: 313 | out <= 8'hda; 314 | 8'h7b: 315 | out <= 8'h21; 316 | 8'h7c: 317 | out <= 8'h10; 318 | 8'h7d: 319 | out <= 8'hff; 320 | 8'h7e: 321 | out <= 8'hf3; 322 | 8'h7f: 323 | out <= 8'hd2; 324 | 8'h80: 325 | out <= 8'hcd; 326 | 8'h81: 327 | out <= 8'h0c; 328 | 8'h82: 329 | out <= 8'h13; 330 | 8'h83: 331 | out <= 8'hec; 332 | 8'h84: 333 | out <= 8'h5f; 334 | 8'h85: 335 | out <= 8'h97; 336 | 8'h86: 337 | out <= 8'h44; 338 | 8'h87: 339 | out <= 8'h17; 340 | 8'h88: 341 | out <= 8'hc4; 342 | 8'h89: 343 | out <= 8'ha7; 344 | 8'h8a: 345 | out <= 8'h7e; 346 | 8'h8b: 347 | out <= 8'h3d; 348 | 8'h8c: 349 | out <= 8'h64; 350 | 8'h8d: 351 | out <= 8'h5d; 352 | 8'h8e: 353 | out <= 8'h19; 354 | 8'h8f: 355 | out <= 8'h73; 356 | 8'h90: 357 | out <= 8'h60; 358 | 8'h91: 359 | out <= 8'h81; 360 | 8'h92: 361 | out <= 8'h4f; 362 | 8'h93: 363 | out <= 8'hdc; 364 | 8'h94: 365 | out <= 8'h22; 366 | 8'h95: 367 | out <= 8'h2a; 368 | 8'h96: 369 | out <= 8'h90; 370 | 8'h97: 371 | out <= 8'h88; 372 | 8'h98: 373 | out <= 8'h46; 374 | 8'h99: 375 | out <= 8'hee; 376 | 8'h9a: 377 | out <= 8'hb8; 378 | 8'h9b: 379 | out <= 8'h14; 380 | 8'h9c: 381 | out <= 8'hde; 382 | 8'h9d: 383 | out <= 8'h5e; 384 | 8'h9e: 385 | out <= 8'h0b; 386 | 8'h9f: 387 | out <= 8'hdb; 388 | 8'ha0: 389 | out <= 8'he0; 390 | 8'ha1: 391 | out <= 8'h32; 392 | 8'ha2: 393 | out <= 8'h3a; 394 | 8'ha3: 395 | out <= 8'h0a; 396 | 8'ha4: 397 | out <= 8'h49; 398 | 8'ha5: 399 | out <= 8'h06; 400 | 8'ha6: 401 | out <= 8'h24; 402 | 8'ha7: 403 | out <= 8'h5c; 404 | 8'ha8: 405 | out <= 8'hc2; 406 | 8'ha9: 407 | out <= 8'hd3; 408 | 8'haa: 409 | out <= 8'hac; 410 | 8'hab: 411 | out <= 8'h62; 412 | 8'hac: 413 | out <= 8'h91; 414 | 8'had: 415 | out <= 8'h95; 416 | 8'hae: 417 | out <= 8'he4; 418 | 8'haf: 419 | out <= 8'h79; 420 | 8'hb0: 421 | out <= 8'he7; 422 | 8'hb1: 423 | out <= 8'hc8; 424 | 8'hb2: 425 | out <= 8'h37; 426 | 8'hb3: 427 | out <= 8'h6d; 428 | 8'hb4: 429 | out <= 8'h8d; 430 | 8'hb5: 431 | out <= 8'hd5; 432 | 8'hb6: 433 | out <= 8'h4e; 434 | 8'hb7: 435 | out <= 8'ha9; 436 | 8'hb8: 437 | out <= 8'h6c; 438 | 8'hb9: 439 | out <= 8'h56; 440 | 8'hba: 441 | out <= 8'hf4; 442 | 8'hbb: 443 | out <= 8'hea; 444 | 8'hbc: 445 | out <= 8'h65; 446 | 8'hbd: 447 | out <= 8'h7a; 448 | 8'hbe: 449 | out <= 8'hae; 450 | 8'hbf: 451 | out <= 8'h08; 452 | 8'hc0: 453 | out <= 8'hba; 454 | 8'hc1: 455 | out <= 8'h78; 456 | 8'hc2: 457 | out <= 8'h25; 458 | 8'hc3: 459 | out <= 8'h2e; 460 | 8'hc4: 461 | out <= 8'h1c; 462 | 8'hc5: 463 | out <= 8'ha6; 464 | 8'hc6: 465 | out <= 8'hb4; 466 | 8'hc7: 467 | out <= 8'hc6; 468 | 8'hc8: 469 | out <= 8'he8; 470 | 8'hc9: 471 | out <= 8'hdd; 472 | 8'hca: 473 | out <= 8'h74; 474 | 8'hcb: 475 | out <= 8'h1f; 476 | 8'hcc: 477 | out <= 8'h4b; 478 | 8'hcd: 479 | out <= 8'hbd; 480 | 8'hce: 481 | out <= 8'h8b; 482 | 8'hcf: 483 | out <= 8'h8a; 484 | 8'hd0: 485 | out <= 8'h70; 486 | 8'hd1: 487 | out <= 8'h3e; 488 | 8'hd2: 489 | out <= 8'hb5; 490 | 8'hd3: 491 | out <= 8'h66; 492 | 8'hd4: 493 | out <= 8'h48; 494 | 8'hd5: 495 | out <= 8'h03; 496 | 8'hd6: 497 | out <= 8'hf6; 498 | 8'hd7: 499 | out <= 8'h0e; 500 | 8'hd8: 501 | out <= 8'h61; 502 | 8'hd9: 503 | out <= 8'h35; 504 | 8'hda: 505 | out <= 8'h57; 506 | 8'hdb: 507 | out <= 8'hb9; 508 | 8'hdc: 509 | out <= 8'h86; 510 | 8'hdd: 511 | out <= 8'hc1; 512 | 8'hde: 513 | out <= 8'h1d; 514 | 8'hdf: 515 | out <= 8'h9e; 516 | 8'he0: 517 | out <= 8'he1; 518 | 8'he1: 519 | out <= 8'hf8; 520 | 8'he2: 521 | out <= 8'h98; 522 | 8'he3: 523 | out <= 8'h11; 524 | 8'he4: 525 | out <= 8'h69; 526 | 8'he5: 527 | out <= 8'hd9; 528 | 8'he6: 529 | out <= 8'h8e; 530 | 8'he7: 531 | out <= 8'h94; 532 | 8'he8: 533 | out <= 8'h9b; 534 | 8'he9: 535 | out <= 8'h1e; 536 | 8'hea: 537 | out <= 8'h87; 538 | 8'heb: 539 | out <= 8'he9; 540 | 8'hec: 541 | out <= 8'hce; 542 | 8'hed: 543 | out <= 8'h55; 544 | 8'hee: 545 | out <= 8'h28; 546 | 8'hef: 547 | out <= 8'hdf; 548 | 8'hf0: 549 | out <= 8'h8c; 550 | 8'hf1: 551 | out <= 8'ha1; 552 | 8'hf2: 553 | out <= 8'h89; 554 | 8'hf3: 555 | out <= 8'h0d; 556 | 8'hf4: 557 | out <= 8'hbf; 558 | 8'hf5: 559 | out <= 8'he6; 560 | 8'hf6: 561 | out <= 8'h42; 562 | 8'hf7: 563 | out <= 8'h68; 564 | 8'hf8: 565 | out <= 8'h41; 566 | 8'hf9: 567 | out <= 8'h99; 568 | 8'hfa: 569 | out <= 8'h2d; 570 | 8'hfb: 571 | out <= 8'h0f; 572 | 8'hfc: 573 | out <= 8'hb0; 574 | 8'hfd: 575 | out <= 8'h54; 576 | 8'hfe: 577 | out <= 8'hbb; 578 | 8'hff: 579 | out <= 8'h16; 580 | endcase 581 | endmodule 582 | 583 | /* S box * x */ 584 | module xS (clk, in, out); 585 | input clk; 586 | input [7:0] in; 587 | output reg [7:0] out; 588 | 589 | always @ (posedge clk) 590 | case (in) 591 | 8'h00: 592 | out <= 8'hc6; 593 | 8'h01: 594 | out <= 8'hf8; 595 | 8'h02: 596 | out <= 8'hee; 597 | 8'h03: 598 | out <= 8'hf6; 599 | 8'h04: 600 | out <= 8'hff; 601 | 8'h05: 602 | out <= 8'hd6; 603 | 8'h06: 604 | out <= 8'hde; 605 | 8'h07: 606 | out <= 8'h91; 607 | 8'h08: 608 | out <= 8'h60; 609 | 8'h09: 610 | out <= 8'h02; 611 | 8'h0a: 612 | out <= 8'hce; 613 | 8'h0b: 614 | out <= 8'h56; 615 | 8'h0c: 616 | out <= 8'he7; 617 | 8'h0d: 618 | out <= 8'hb5; 619 | 8'h0e: 620 | out <= 8'h4d; 621 | 8'h0f: 622 | out <= 8'hec; 623 | 8'h10: 624 | out <= 8'h8f; 625 | 8'h11: 626 | out <= 8'h1f; 627 | 8'h12: 628 | out <= 8'h89; 629 | 8'h13: 630 | out <= 8'hfa; 631 | 8'h14: 632 | out <= 8'hef; 633 | 8'h15: 634 | out <= 8'hb2; 635 | 8'h16: 636 | out <= 8'h8e; 637 | 8'h17: 638 | out <= 8'hfb; 639 | 8'h18: 640 | out <= 8'h41; 641 | 8'h19: 642 | out <= 8'hb3; 643 | 8'h1a: 644 | out <= 8'h5f; 645 | 8'h1b: 646 | out <= 8'h45; 647 | 8'h1c: 648 | out <= 8'h23; 649 | 8'h1d: 650 | out <= 8'h53; 651 | 8'h1e: 652 | out <= 8'he4; 653 | 8'h1f: 654 | out <= 8'h9b; 655 | 8'h20: 656 | out <= 8'h75; 657 | 8'h21: 658 | out <= 8'he1; 659 | 8'h22: 660 | out <= 8'h3d; 661 | 8'h23: 662 | out <= 8'h4c; 663 | 8'h24: 664 | out <= 8'h6c; 665 | 8'h25: 666 | out <= 8'h7e; 667 | 8'h26: 668 | out <= 8'hf5; 669 | 8'h27: 670 | out <= 8'h83; 671 | 8'h28: 672 | out <= 8'h68; 673 | 8'h29: 674 | out <= 8'h51; 675 | 8'h2a: 676 | out <= 8'hd1; 677 | 8'h2b: 678 | out <= 8'hf9; 679 | 8'h2c: 680 | out <= 8'he2; 681 | 8'h2d: 682 | out <= 8'hab; 683 | 8'h2e: 684 | out <= 8'h62; 685 | 8'h2f: 686 | out <= 8'h2a; 687 | 8'h30: 688 | out <= 8'h08; 689 | 8'h31: 690 | out <= 8'h95; 691 | 8'h32: 692 | out <= 8'h46; 693 | 8'h33: 694 | out <= 8'h9d; 695 | 8'h34: 696 | out <= 8'h30; 697 | 8'h35: 698 | out <= 8'h37; 699 | 8'h36: 700 | out <= 8'h0a; 701 | 8'h37: 702 | out <= 8'h2f; 703 | 8'h38: 704 | out <= 8'h0e; 705 | 8'h39: 706 | out <= 8'h24; 707 | 8'h3a: 708 | out <= 8'h1b; 709 | 8'h3b: 710 | out <= 8'hdf; 711 | 8'h3c: 712 | out <= 8'hcd; 713 | 8'h3d: 714 | out <= 8'h4e; 715 | 8'h3e: 716 | out <= 8'h7f; 717 | 8'h3f: 718 | out <= 8'hea; 719 | 8'h40: 720 | out <= 8'h12; 721 | 8'h41: 722 | out <= 8'h1d; 723 | 8'h42: 724 | out <= 8'h58; 725 | 8'h43: 726 | out <= 8'h34; 727 | 8'h44: 728 | out <= 8'h36; 729 | 8'h45: 730 | out <= 8'hdc; 731 | 8'h46: 732 | out <= 8'hb4; 733 | 8'h47: 734 | out <= 8'h5b; 735 | 8'h48: 736 | out <= 8'ha4; 737 | 8'h49: 738 | out <= 8'h76; 739 | 8'h4a: 740 | out <= 8'hb7; 741 | 8'h4b: 742 | out <= 8'h7d; 743 | 8'h4c: 744 | out <= 8'h52; 745 | 8'h4d: 746 | out <= 8'hdd; 747 | 8'h4e: 748 | out <= 8'h5e; 749 | 8'h4f: 750 | out <= 8'h13; 751 | 8'h50: 752 | out <= 8'ha6; 753 | 8'h51: 754 | out <= 8'hb9; 755 | 8'h52: 756 | out <= 8'h00; 757 | 8'h53: 758 | out <= 8'hc1; 759 | 8'h54: 760 | out <= 8'h40; 761 | 8'h55: 762 | out <= 8'he3; 763 | 8'h56: 764 | out <= 8'h79; 765 | 8'h57: 766 | out <= 8'hb6; 767 | 8'h58: 768 | out <= 8'hd4; 769 | 8'h59: 770 | out <= 8'h8d; 771 | 8'h5a: 772 | out <= 8'h67; 773 | 8'h5b: 774 | out <= 8'h72; 775 | 8'h5c: 776 | out <= 8'h94; 777 | 8'h5d: 778 | out <= 8'h98; 779 | 8'h5e: 780 | out <= 8'hb0; 781 | 8'h5f: 782 | out <= 8'h85; 783 | 8'h60: 784 | out <= 8'hbb; 785 | 8'h61: 786 | out <= 8'hc5; 787 | 8'h62: 788 | out <= 8'h4f; 789 | 8'h63: 790 | out <= 8'hed; 791 | 8'h64: 792 | out <= 8'h86; 793 | 8'h65: 794 | out <= 8'h9a; 795 | 8'h66: 796 | out <= 8'h66; 797 | 8'h67: 798 | out <= 8'h11; 799 | 8'h68: 800 | out <= 8'h8a; 801 | 8'h69: 802 | out <= 8'he9; 803 | 8'h6a: 804 | out <= 8'h04; 805 | 8'h6b: 806 | out <= 8'hfe; 807 | 8'h6c: 808 | out <= 8'ha0; 809 | 8'h6d: 810 | out <= 8'h78; 811 | 8'h6e: 812 | out <= 8'h25; 813 | 8'h6f: 814 | out <= 8'h4b; 815 | 8'h70: 816 | out <= 8'ha2; 817 | 8'h71: 818 | out <= 8'h5d; 819 | 8'h72: 820 | out <= 8'h80; 821 | 8'h73: 822 | out <= 8'h05; 823 | 8'h74: 824 | out <= 8'h3f; 825 | 8'h75: 826 | out <= 8'h21; 827 | 8'h76: 828 | out <= 8'h70; 829 | 8'h77: 830 | out <= 8'hf1; 831 | 8'h78: 832 | out <= 8'h63; 833 | 8'h79: 834 | out <= 8'h77; 835 | 8'h7a: 836 | out <= 8'haf; 837 | 8'h7b: 838 | out <= 8'h42; 839 | 8'h7c: 840 | out <= 8'h20; 841 | 8'h7d: 842 | out <= 8'he5; 843 | 8'h7e: 844 | out <= 8'hfd; 845 | 8'h7f: 846 | out <= 8'hbf; 847 | 8'h80: 848 | out <= 8'h81; 849 | 8'h81: 850 | out <= 8'h18; 851 | 8'h82: 852 | out <= 8'h26; 853 | 8'h83: 854 | out <= 8'hc3; 855 | 8'h84: 856 | out <= 8'hbe; 857 | 8'h85: 858 | out <= 8'h35; 859 | 8'h86: 860 | out <= 8'h88; 861 | 8'h87: 862 | out <= 8'h2e; 863 | 8'h88: 864 | out <= 8'h93; 865 | 8'h89: 866 | out <= 8'h55; 867 | 8'h8a: 868 | out <= 8'hfc; 869 | 8'h8b: 870 | out <= 8'h7a; 871 | 8'h8c: 872 | out <= 8'hc8; 873 | 8'h8d: 874 | out <= 8'hba; 875 | 8'h8e: 876 | out <= 8'h32; 877 | 8'h8f: 878 | out <= 8'he6; 879 | 8'h90: 880 | out <= 8'hc0; 881 | 8'h91: 882 | out <= 8'h19; 883 | 8'h92: 884 | out <= 8'h9e; 885 | 8'h93: 886 | out <= 8'ha3; 887 | 8'h94: 888 | out <= 8'h44; 889 | 8'h95: 890 | out <= 8'h54; 891 | 8'h96: 892 | out <= 8'h3b; 893 | 8'h97: 894 | out <= 8'h0b; 895 | 8'h98: 896 | out <= 8'h8c; 897 | 8'h99: 898 | out <= 8'hc7; 899 | 8'h9a: 900 | out <= 8'h6b; 901 | 8'h9b: 902 | out <= 8'h28; 903 | 8'h9c: 904 | out <= 8'ha7; 905 | 8'h9d: 906 | out <= 8'hbc; 907 | 8'h9e: 908 | out <= 8'h16; 909 | 8'h9f: 910 | out <= 8'had; 911 | 8'ha0: 912 | out <= 8'hdb; 913 | 8'ha1: 914 | out <= 8'h64; 915 | 8'ha2: 916 | out <= 8'h74; 917 | 8'ha3: 918 | out <= 8'h14; 919 | 8'ha4: 920 | out <= 8'h92; 921 | 8'ha5: 922 | out <= 8'h0c; 923 | 8'ha6: 924 | out <= 8'h48; 925 | 8'ha7: 926 | out <= 8'hb8; 927 | 8'ha8: 928 | out <= 8'h9f; 929 | 8'ha9: 930 | out <= 8'hbd; 931 | 8'haa: 932 | out <= 8'h43; 933 | 8'hab: 934 | out <= 8'hc4; 935 | 8'hac: 936 | out <= 8'h39; 937 | 8'had: 938 | out <= 8'h31; 939 | 8'hae: 940 | out <= 8'hd3; 941 | 8'haf: 942 | out <= 8'hf2; 943 | 8'hb0: 944 | out <= 8'hd5; 945 | 8'hb1: 946 | out <= 8'h8b; 947 | 8'hb2: 948 | out <= 8'h6e; 949 | 8'hb3: 950 | out <= 8'hda; 951 | 8'hb4: 952 | out <= 8'h01; 953 | 8'hb5: 954 | out <= 8'hb1; 955 | 8'hb6: 956 | out <= 8'h9c; 957 | 8'hb7: 958 | out <= 8'h49; 959 | 8'hb8: 960 | out <= 8'hd8; 961 | 8'hb9: 962 | out <= 8'hac; 963 | 8'hba: 964 | out <= 8'hf3; 965 | 8'hbb: 966 | out <= 8'hcf; 967 | 8'hbc: 968 | out <= 8'hca; 969 | 8'hbd: 970 | out <= 8'hf4; 971 | 8'hbe: 972 | out <= 8'h47; 973 | 8'hbf: 974 | out <= 8'h10; 975 | 8'hc0: 976 | out <= 8'h6f; 977 | 8'hc1: 978 | out <= 8'hf0; 979 | 8'hc2: 980 | out <= 8'h4a; 981 | 8'hc3: 982 | out <= 8'h5c; 983 | 8'hc4: 984 | out <= 8'h38; 985 | 8'hc5: 986 | out <= 8'h57; 987 | 8'hc6: 988 | out <= 8'h73; 989 | 8'hc7: 990 | out <= 8'h97; 991 | 8'hc8: 992 | out <= 8'hcb; 993 | 8'hc9: 994 | out <= 8'ha1; 995 | 8'hca: 996 | out <= 8'he8; 997 | 8'hcb: 998 | out <= 8'h3e; 999 | 8'hcc: 1000 | out <= 8'h96; 1001 | 8'hcd: 1002 | out <= 8'h61; 1003 | 8'hce: 1004 | out <= 8'h0d; 1005 | 8'hcf: 1006 | out <= 8'h0f; 1007 | 8'hd0: 1008 | out <= 8'he0; 1009 | 8'hd1: 1010 | out <= 8'h7c; 1011 | 8'hd2: 1012 | out <= 8'h71; 1013 | 8'hd3: 1014 | out <= 8'hcc; 1015 | 8'hd4: 1016 | out <= 8'h90; 1017 | 8'hd5: 1018 | out <= 8'h06; 1019 | 8'hd6: 1020 | out <= 8'hf7; 1021 | 8'hd7: 1022 | out <= 8'h1c; 1023 | 8'hd8: 1024 | out <= 8'hc2; 1025 | 8'hd9: 1026 | out <= 8'h6a; 1027 | 8'hda: 1028 | out <= 8'hae; 1029 | 8'hdb: 1030 | out <= 8'h69; 1031 | 8'hdc: 1032 | out <= 8'h17; 1033 | 8'hdd: 1034 | out <= 8'h99; 1035 | 8'hde: 1036 | out <= 8'h3a; 1037 | 8'hdf: 1038 | out <= 8'h27; 1039 | 8'he0: 1040 | out <= 8'hd9; 1041 | 8'he1: 1042 | out <= 8'heb; 1043 | 8'he2: 1044 | out <= 8'h2b; 1045 | 8'he3: 1046 | out <= 8'h22; 1047 | 8'he4: 1048 | out <= 8'hd2; 1049 | 8'he5: 1050 | out <= 8'ha9; 1051 | 8'he6: 1052 | out <= 8'h07; 1053 | 8'he7: 1054 | out <= 8'h33; 1055 | 8'he8: 1056 | out <= 8'h2d; 1057 | 8'he9: 1058 | out <= 8'h3c; 1059 | 8'hea: 1060 | out <= 8'h15; 1061 | 8'heb: 1062 | out <= 8'hc9; 1063 | 8'hec: 1064 | out <= 8'h87; 1065 | 8'hed: 1066 | out <= 8'haa; 1067 | 8'hee: 1068 | out <= 8'h50; 1069 | 8'hef: 1070 | out <= 8'ha5; 1071 | 8'hf0: 1072 | out <= 8'h03; 1073 | 8'hf1: 1074 | out <= 8'h59; 1075 | 8'hf2: 1076 | out <= 8'h09; 1077 | 8'hf3: 1078 | out <= 8'h1a; 1079 | 8'hf4: 1080 | out <= 8'h65; 1081 | 8'hf5: 1082 | out <= 8'hd7; 1083 | 8'hf6: 1084 | out <= 8'h84; 1085 | 8'hf7: 1086 | out <= 8'hd0; 1087 | 8'hf8: 1088 | out <= 8'h82; 1089 | 8'hf9: 1090 | out <= 8'h29; 1091 | 8'hfa: 1092 | out <= 8'h5a; 1093 | 8'hfb: 1094 | out <= 8'h1e; 1095 | 8'hfc: 1096 | out <= 8'h7b; 1097 | 8'hfd: 1098 | out <= 8'ha8; 1099 | 8'hfe: 1100 | out <= 8'h6d; 1101 | 8'hff: 1102 | out <= 8'h2c; 1103 | endcase 1104 | endmodule 1105 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | --------------------------------------------------------------------------------