{"id":13537071,"url":"https://github.com/secworks/aes","last_synced_at":"2026-02-01T18:04:28.447Z","repository":{"id":14346205,"uuid":"17055791","full_name":"secworks/aes","owner":"secworks","description":"Verilog implementation of the symmetric block cipher AES (Advanced Encryption Standard) as specified in NIST FIPS 197. This implementation supports 128 and 256 bit keys.","archived":false,"fork":false,"pushed_at":"2025-12-29T08:33:57.000Z","size":1105,"stargazers_count":403,"open_issues_count":0,"forks_count":138,"subscribers_count":23,"default_branch":"master","last_synced_at":"2026-01-01T06:34:35.865Z","etag":null,"topics":["aes","asic","block-cipher","encryption","fpga"],"latest_commit_sha":null,"homepage":"","language":"Verilog","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secworks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2014-02-21T12:36:46.000Z","updated_at":"2025-12-29T09:25:47.000Z","dependencies_parsed_at":"2024-01-07T01:18:10.219Z","dependency_job_id":"9467ca0a-fdcf-4195-a1a3-3a8c2ce73fa7","html_url":"https://github.com/secworks/aes","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/secworks/aes","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secworks%2Faes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secworks%2Faes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secworks%2Faes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secworks%2Faes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secworks","download_url":"https://codeload.github.com/secworks/aes/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secworks%2Faes/sbom","scorecard":{"id":809235,"data":{"date":"2025-08-11","repo":{"name":"github.com/secworks/aes","commit":"8149418c2820477d7a24bd29f6ea3bc1da7d551a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Code-Review","score":0,"reason":"Found 1/27 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/secworks/aes/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/secworks/aes/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/secworks/aes/ci.yml/master?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:17","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:32","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:47","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 2-Clause \"Simplified\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 6 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-23T12:39:44.732Z","repository_id":14346205,"created_at":"2025-08-23T12:39:44.732Z","updated_at":"2025-08-23T12:39:44.732Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28984860,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-01T17:52:09.146Z","status":"ssl_error","status_checked_at":"2026-02-01T17:49:53.529Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes","asic","block-cipher","encryption","fpga"],"created_at":"2024-08-01T09:00:54.507Z","updated_at":"2026-02-01T18:04:28.442Z","avatar_url":"https://github.com/secworks.png","language":"Verilog","funding_links":[],"categories":["Accelerators","Verilog"],"sub_categories":[],"readme":"[![build-openlane-sky130](https://github.com/secworks/aes/actions/workflows/ci.yml/badge.svg?branch=master\u0026event=push)](https://github.com/secworks/aes/actions/workflows/ci.yml)\n\naes\n===\n\nVerilog implementation of the [symmetric block cipher AES (NIST FIPS 197)](http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf).\n\n\n## Status ##\nThe core is completed, has been used in several FPGA and ASIC\ndesigns. The core is well tested and mature.\n\n\n## Introduction ##\n\nThis implementation supports 128 and 256 bit keys. The\nimplementation is iterative and process one 128 block at a time. Blocks\nare processed on a word level with 4 S-boxes in the data path. The\nS-boxes for encryption are shared with the key expansion and the core\ncan thus not do key update in parallel with block processing.\n\nThe encipher and decipher block processing datapaths are separated and\nbasically self contained given access to a set of round keys and a\nblock. This makes it possible to hard wire the core to only encipher or\ndecipher operation. This allows the synthesis/build tools to optimize\naway the other functionality which will reduce the size to about\n50%. This has been tested to verify that decryption is removed and the\ncore still works.\n\nFor cipher modes such as CTR, CCM, CMAC, GCM the decryption\nfunctionality in the AES core will never be used and thus the decipher\nblock processing can be removed.\n\nThis is a fairly compact implementation. Further reduction could be\nachived by just having a single S-box. Similarly the performane can be\nincreased by having 8 or even 16 S-boxes which would reduce the number\nof cycles to two cycles for each round.\n\n\n### Contact information ##\n\nAssured provides customer support including customization, integration\nand system development related to the core. For more information,\nplease contact [Assured Security\nConsultants](https://www.assured.se/contact).\n\n\n## Branches ##\n\nThere are several branches available that provides different versions of\nthe core. The branches are not planned to be merged into master. The\nbranches available that provides versions of the core are:\n\n\n### on-the-fly-keygen ###\n\nThis version of AES implements the key expansion using an on-the-fly\nmechanism. This allows the initial key expansion to be removed. This\nsaves a number of cycles and also remove almost 1800 registers needed to\nstore the round keys. Note that this version of AES only supports\nencryption. On-the-fly key generation does not work with\ndecryption. Decryption must be handled by the block cipher mode - for\nexample CTR.\n\n\n### dual-keys ###\n\nThis version of AES supports two separate banks of expanded keys to\nallow fast key switching between two keys. This is useful for example in\nan AEAD mode with CBC + CMAC implemented using a single AES core.\n\n\n### cmt-sbox ###\n\nAn experimental version of the core in which the S-box is implemented\nusing circuit minimized logic functions of a ROM table. The specific\ntable used is\n[the 113 gate circuit](http://cs-www.cs.yale.edu/homes/peralta/CircuitStuff/SLP_AES_113.txt) by the [CMT team at Yale](http://cs-www.cs.yale.edu/homes/peralta/CircuitStuff/CMT.html).\n\nSome area and performance results using the cmt_sbox compared to\nmaster:\n\n#### Altera\n- Tool: Quartus Prime 19.1.0\n- Device: Cyclone V (5CGXFC7C7F23C8)\n- master (S-box implemented with a table)\n  - ALMs: 2599\n  - Regs: 3184\n  - Fmax: 93 MHz\n  - aes_sbox: 160 ALUTs\n\n- cmt_sbox\n  - ALMs: 2759\n  - Regs: 3147\n  - Fmax: 69 MHz\n  - aes_sbox: 363 ALUTs\n\n\n#### Xilinx\n- Tool: Vivado 2019.2\n- Device: Kintex-7 (7k70tfbv676-1)\n- master:\n  - LUTs: 3020\n  - FFs: 2992\n  - Fmax: 125 MHz\n\n- cmt_sbox:\n  - LUTs: 2955\n  - FFs: 2992\n  - Fmax: 105 MHz\n\n\n## Core Usage\n\n### Usage sequence:\n1. Load the key to be used by writing to the key register words.\n2. Set the key length by writing to the config register.\n3. Initialize key expansion by writing a one to the init bit in the control register.\n4. Wait for the ready bit in the status register to be cleared and then to be set again. This means that the key expansion has been completed.\n5. Write the cleartext block to the block registers.\n6. Start block processing by writing a one to the next bit in the control register.\n7. Wait for the ready bit in the status register to be cleared and then to be set again. This means that the data block has been processed.\n8. Read out the ciphertext block from the result registers.\n\n\n## FuseSoC\nThis core is supported by the\n[FuseSoC](https://github.com/olofk/fusesoc) core package manager and\nbuild system. Some quick  FuseSoC instructions:\n\ninstall FuseSoC\n~~~\npip install fusesoc\n~~~\n\nCreate and enter a new workspace\n~~~\nmkdir workspace \u0026\u0026 cd workspace\n~~~\n\nRegister aes as a library in the workspace\n~~~\nfusesoc library add aes /path/to/aes\n~~~\n\n...if repo is available locally or...\n...to get the upstream repo\n~~~\nfusesoc library add aes https://github.com/secworks/aes\n~~~\n\nTo run lint\n~~~\nfusesoc run --target=lint secworks:crypto:aes\n~~~\n\nRun tb_aes testbench\n~~~\nfusesoc run --target=tb_aes secworks:crypto:aes\n~~~\n\nRun with modelsim instead of default tool (icarus)\n~~~\nfusesoc run --target=tb_aes --tool=modelsim secworks:crypto:aes\n~~~\n\nList all targets\n~~~\nfusesoc core show secworks:crypto:aes\n~~~\n\n\n## Implementation results - ASIC ##\n\nThe core has been implemented in standard cell ASIC processes.\n\n### TSMC 180 nm ###\nTarget frequency: 20 MHz\nComplete flow from RTL to placed gates. Automatic clock gating and scan\ninsertion.\n\n- 8 kCells\n- Aera: 520 x 520 um\n- Good timing margin with no big cells and buffers.\n\n\n## Implementation results - FPGA ##\n\nThe core has been implemented in Altera and Xilinx FPGA devices.\n\n### Altera Cyclone V GX ###\n- 2624 ALMs\n- 3123 Regs\n- 96 MHz\n- 46 cycles/block\n\n\n### Altera Cyclone IV GX ###\n- 7426 LEs\n- 2994 Regs\n- 96 MHz fmax\n- 46 cycles/block\n\nThis means that we can do more than 2 Mblocks/s or 256 Mbps\nperformance.\n\nRemoving the decipher module yields:\n- 5497 LEs\n- 2855 Regs\n- 106 MHz fmax\n- 46 cycles/block\n\n\n### Microchip IGLOO 2 ###\n- Tool: Libero v 12.4\n- Device: M2GL090TS-1FG484I\n- LUTs: 6335\n- SLEs: 1376\n- BRAMs: 8\n- Fmax: 98.5 MHz\n\n\n### Xilinx Spartan6LX-3 ###\n- 2576 slices\n- 3000 regs\n- 100 MHz\n- 46 cycles/block\n\n\n### Xilinx Artix 7 200T-3 ###\n- 2298 slices\n- 2989 regs\n- 97 MHz\n- 46 cycles/block\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecworks%2Faes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecworks%2Faes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecworks%2Faes/lists"}