diff --git a/hw/ip/acc/README.md b/hw/ip/acc/README.md index 8fe1eee4d96..e2451c28fa5 100644 --- a/hw/ip/acc/README.md +++ b/hw/ip/acc/README.md @@ -277,6 +277,7 @@ All read-write (RW) CSRs are set to 0 when ACC starts an operation (when 1 is wr Write to this CSR to set the configuration for KMAC message requests. Bit [31] Cfg Done + Bit [20] Masked Mode Bits [19:8] Number of 64-bit words in message Bits [7:5] Number of bytes in final word Bits [4:2] Keccak Strength @@ -290,8 +291,6 @@ All read-write (RW) CSRs are set to 0 when ACC starts an operation (when 1 is wr KMAC_STATUS Contains status bits for KMAC operations and return digest - Bit [4] MSG Undersized Error - Bit [3] MSG Oversized Error Bit [2] Digest error Bit [1] KMAC Ready Bit [0] Digest Done @@ -418,14 +417,6 @@ All read-write (RW) WSRs are set to 0 when ACC starts an operation (when 1 is wr The accumulator register used by the {{#acc-insn-ref BN.MULQACC}} instruction. - - 0xB - RW - ACCH - - The high bits of the accumulator register used by the {{#acc-insn-ref BN.MULV}} instruction. - - 0x4 RO @@ -482,7 +473,7 @@ All read-write (RW) WSRs are set to 0 when ACC starts an operation (when 1 is wr RW KMAC_MSG - The kmac message data to send over the AppIntf. + The kmac message data share0 to send over the AppIntf. A byte mask is applied to the message from the kmac_partial_write WSR value before being written into the internal MSG FIFO. @@ -491,7 +482,32 @@ All read-write (RW) WSRs are set to 0 when ACC starts an operation (when 1 is wr RW KMAC_DIGEST - Return digest from AppIntf. + Return digest share 0 from AppIntf. In unmasked kmac_cfg this is the whole digest. + + + + 0xB + RW + ACCH + + The high 256-bits of the accumulator register used by the {{#acc-insn-ref BN.MULV}} instruction. + + + + 0xC + RW + KMAC_MSG1 + + The kmac message data share1 to send over the AppIntf. In unmasked kmac_cfg writing to this WSR is illegal. + A byte mask is applied to the message from the kmac_partial_write WSR value before being written into the internal MSG FIFO. + + + + 0xD + RW + KMAC_DIGEST1 + + Return digest share 1 from AppIntf. In unmasked kmac_cfg reading from this WSR is illegal. diff --git a/hw/ip/acc/acc.core b/hw/ip/acc/acc.core index 648880afff2..72fd181bee4 100644 --- a/hw/ip/acc/acc.core +++ b/hw/ip/acc/acc.core @@ -37,6 +37,7 @@ filesets: - rtl/acc_rf_bignum_fpga.sv - rtl/acc_lsu.sv - rtl/acc_alu_base.sv + - rtl/acc_digest_mux.sv - rtl/acc_alu_bignum.sv - rtl/acc_mac_bignum.sv - rtl/bn_vec_core/unified_mul.sv diff --git a/hw/ip/acc/data/acc.hjson b/hw/ip/acc/data/acc.hjson index 5712187b0c2..dac449de23d 100644 --- a/hw/ip/acc/data/acc.hjson +++ b/hw/ip/acc/data/acc.hjson @@ -595,6 +595,11 @@ resval: 0, desc: "An `RND_FIPS_CHK_FAIL` error was observed." } + { bits: "8", + name: "kmac_recov_error" + resval: 0, + desc: A "KMAC_RECOV_ERROR` recoverable error was observed." + } // Fatal errors. Keep in sync with list in FATAL_ALERT_CAUSE. { bits: "16", @@ -637,6 +642,11 @@ resval: 0, desc: "A `FATAL_SOFTWARE` error was observed." } + { bits: "24", + name: "kmac_fatal_error" + resval: 0, + desc: A `KMAC_FATAL_ERROR` error was observed." + } ] } { name: "FATAL_ALERT_CAUSE", @@ -694,6 +704,11 @@ resval: 0, desc: "A `FATAL_SOFTWARE` error was observed." } + { bits: "8", + name: "kmac_fatal_error" + resval: 0, + desc: "A `KMAC_FATAL_ERROR` error was observed." + } ] } { name: "INSN_CNT", diff --git a/hw/ip/acc/data/acc_testplan.hjson b/hw/ip/acc/data/acc_testplan.hjson index d75ff6d0b3b..d7e42285b55 100644 --- a/hw/ip/acc/data/acc_testplan.hjson +++ b/hw/ip/acc/data/acc_testplan.hjson @@ -98,6 +98,14 @@ "acc_mac_bignum_acc_err", "acc_urnd_err"] } + { + name: kmac_error + desc: ''' + Create bad transactions for the AppIntf that force ACC into a fatal error. + ''' + stage: V2S + tests: ["acc_kmac_err"] + } { name: back_to_back desc: ''' diff --git a/hw/ip/acc/data/csr.yml b/hw/ip/acc/data/csr.yml index 4a38369ac4d..8fc4d958143 100644 --- a/hw/ip/acc/data/csr.yml +++ b/hw/ip/acc/data/csr.yml @@ -102,6 +102,7 @@ doc: | Write to this CSR to set the configuration for KMAC message requests. Bit [31] Cfg Done + Bit [20] Masked Mode Bits [19:8] Number of 64-bit words in message Bits [7:5] Number of bytes in final word Bits [4:2] Keccak Strength @@ -113,8 +114,6 @@ read-only: true doc: | Contains status bits for KMAC operations and return digest - Bit [4] MSG Undersized Error - Bit [3] MSG Oversized Error Bit [2] Digest error Bit [1] KMAC Ready Bit [0] Digest Done diff --git a/hw/ip/acc/data/wsr.yml b/hw/ip/acc/data/wsr.yml index 6b24b07285c..f93db3dcee4 100644 --- a/hw/ip/acc/data/wsr.yml +++ b/hw/ip/acc/data/wsr.yml @@ -39,11 +39,6 @@ doc: | The accumulator register used by the {{#acc-insn-ref BN.MULQACC}} instruction. -- name: acch - address: 11 - doc: | - The high bits of the accumulator register used by the {{#acc-insn-ref BN.MULV}} instruction. - - name: key_s0_l address: 4 read-only: true @@ -87,10 +82,26 @@ - name: kmac_msg address: 9 doc: | - The kmac message data to send over the AppIntf. + The kmac message data share0 to send over the AppIntf. A byte mask is applied to the message from the kmac_partial_write WSR value before being written into the internal MSG FIFO. - name: kmac_digest address: 10 doc: | - Return digest from AppIntf. + Return digest share 0 from AppIntf. In unmasked kmac_cfg this is the whole digest. + +- name: acch + address: 11 + doc: | + The high 256-bits of the accumulator register used by the {{#acc-insn-ref BN.MULV}} instruction. + +- name: kmac_msg1 + address: 12 + doc: | + The kmac message data share1 to send over the AppIntf. In unmasked kmac_cfg writing to this WSR is illegal. + A byte mask is applied to the message from the kmac_partial_write WSR value before being written into the internal MSG FIFO. + +- name: kmac_digest1 + address: 13 + doc: | + Return digest share 1 from AppIntf. In unmasked kmac_cfg reading from this WSR is illegal. diff --git a/hw/ip/acc/doc/registers.md b/hw/ip/acc/doc/registers.md index 429e0d7896d..15afd882890 100644 --- a/hw/ip/acc/doc/registers.md +++ b/hw/ip/acc/doc/registers.md @@ -185,34 +185,36 @@ The host CPU can clear this register when ACC is not running, by writing any value. Write attempts while ACC is running are ignored. - Offset: `0x1c` - Reset default: `0x0` -- Reset mask: `0xff00ff` +- Reset mask: `0x1ff01ff` ### Fields ```wavejson -{"reg": [{"name": "bad_data_addr", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "bad_insn_addr", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "call_stack", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "illegal_insn", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "loop", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "key_invalid", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "rnd_rep_chk_fail", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "rnd_fips_chk_fail", "bits": 1, "attr": ["rw"], "rotate": -90}, {"bits": 8}, {"name": "imem_intg_violation", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "dmem_intg_violation", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "reg_intg_violation", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "bus_intg_violation", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "bad_internal_state", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "illegal_bus_access", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "lifecycle_escalation", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "fatal_software", "bits": 1, "attr": ["rw"], "rotate": -90}, {"bits": 8}], "config": {"lanes": 1, "fontsize": 10, "vspace": 220}} +{"reg": [{"name": "bad_data_addr", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "bad_insn_addr", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "call_stack", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "illegal_insn", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "loop", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "key_invalid", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "rnd_rep_chk_fail", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "rnd_fips_chk_fail", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "kmac_recov_error", "bits": 1, "attr": ["rw"], "rotate": -90}, {"bits": 7}, {"name": "imem_intg_violation", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "dmem_intg_violation", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "reg_intg_violation", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "bus_intg_violation", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "bad_internal_state", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "illegal_bus_access", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "lifecycle_escalation", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "fatal_software", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "kmac_fatal_error", "bits": 1, "attr": ["rw"], "rotate": -90}, {"bits": 7}], "config": {"lanes": 1, "fontsize": 10, "vspace": 220}} ``` -| Bits | Type | Reset | Name | Description | -|:------:|:------:|:-------:|:---------------------|:---------------------------------------------| -| 31:24 | | | | Reserved | -| 23 | rw | 0x0 | fatal_software | A `FATAL_SOFTWARE` error was observed. | -| 22 | rw | 0x0 | lifecycle_escalation | A `LIFECYCLE_ESCALATION` error was observed. | -| 21 | rw | 0x0 | illegal_bus_access | An `ILLEGAL_BUS_ACCESS` error was observed. | -| 20 | rw | 0x0 | bad_internal_state | A `BAD_INTERNAL_STATE` error was observed. | -| 19 | rw | 0x0 | bus_intg_violation | A `BUS_INTG_VIOLATION` error was observed. | -| 18 | rw | 0x0 | reg_intg_violation | A `REG_INTG_VIOLATION` error was observed. | -| 17 | rw | 0x0 | dmem_intg_violation | A `DMEM_INTG_VIOLATION` error was observed. | -| 16 | rw | 0x0 | imem_intg_violation | A `IMEM_INTG_VIOLATION` error was observed. | -| 15:8 | | | | Reserved | -| 7 | rw | 0x0 | rnd_fips_chk_fail | An `RND_FIPS_CHK_FAIL` error was observed. | -| 6 | rw | 0x0 | rnd_rep_chk_fail | An `RND_REP_CHK_FAIL` error was observed. | -| 5 | rw | 0x0 | key_invalid | A `KEY_INVALID` error was observed. | -| 4 | rw | 0x0 | loop | A `LOOP` error was observed. | -| 3 | rw | 0x0 | illegal_insn | An `ILLEGAL_INSN` error was observed. | -| 2 | rw | 0x0 | call_stack | A `CALL_STACK` error was observed. | -| 1 | rw | 0x0 | bad_insn_addr | A `BAD_INSN_ADDR` error was observed. | -| 0 | rw | 0x0 | bad_data_addr | A `BAD_DATA_ADDR` error was observed. | +| Bits | Type | Reset | Name | Description | +|:------:|:------:|:-------:|:---------------------|:------------------------------------------------------| +| 31:25 | | | | Reserved | +| 24 | rw | 0x0 | kmac_fatal_error | A `KMAC_FATAL_ERROR` error was observed." | +| 23 | rw | 0x0 | fatal_software | A `FATAL_SOFTWARE` error was observed. | +| 22 | rw | 0x0 | lifecycle_escalation | A `LIFECYCLE_ESCALATION` error was observed. | +| 21 | rw | 0x0 | illegal_bus_access | An `ILLEGAL_BUS_ACCESS` error was observed. | +| 20 | rw | 0x0 | bad_internal_state | A `BAD_INTERNAL_STATE` error was observed. | +| 19 | rw | 0x0 | bus_intg_violation | A `BUS_INTG_VIOLATION` error was observed. | +| 18 | rw | 0x0 | reg_intg_violation | A `REG_INTG_VIOLATION` error was observed. | +| 17 | rw | 0x0 | dmem_intg_violation | A `DMEM_INTG_VIOLATION` error was observed. | +| 16 | rw | 0x0 | imem_intg_violation | A `IMEM_INTG_VIOLATION` error was observed. | +| 15:9 | | | | Reserved | +| 8 | rw | 0x0 | kmac_recov_error | A "KMAC_RECOV_ERROR` recoverable error was observed." | +| 7 | rw | 0x0 | rnd_fips_chk_fail | An `RND_FIPS_CHK_FAIL` error was observed. | +| 6 | rw | 0x0 | rnd_rep_chk_fail | An `RND_REP_CHK_FAIL` error was observed. | +| 5 | rw | 0x0 | key_invalid | A `KEY_INVALID` error was observed. | +| 4 | rw | 0x0 | loop | A `LOOP` error was observed. | +| 3 | rw | 0x0 | illegal_insn | An `ILLEGAL_INSN` error was observed. | +| 2 | rw | 0x0 | call_stack | A `CALL_STACK` error was observed. | +| 1 | rw | 0x0 | bad_insn_addr | A `BAD_INSN_ADDR` error was observed. | +| 0 | rw | 0x0 | bad_data_addr | A `BAD_DATA_ADDR` error was observed. | ## FATAL_ALERT_CAUSE Fatal Alert Cause Register @@ -225,17 +227,18 @@ Refer to the "List of Errors" section for a detailed description of the errors. - Offset: `0x20` - Reset default: `0x0` -- Reset mask: `0xff` +- Reset mask: `0x1ff` ### Fields ```wavejson -{"reg": [{"name": "imem_intg_violation", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "dmem_intg_violation", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "reg_intg_violation", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "bus_intg_violation", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "bad_internal_state", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "illegal_bus_access", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "lifecycle_escalation", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "fatal_software", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 24}], "config": {"lanes": 1, "fontsize": 10, "vspace": 220}} +{"reg": [{"name": "imem_intg_violation", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "dmem_intg_violation", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "reg_intg_violation", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "bus_intg_violation", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "bad_internal_state", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "illegal_bus_access", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "lifecycle_escalation", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "fatal_software", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "kmac_fatal_error", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 23}], "config": {"lanes": 1, "fontsize": 10, "vspace": 220}} ``` | Bits | Type | Reset | Name | Description | |:------:|:------:|:-------:|:---------------------|:---------------------------------------------| -| 31:8 | | | | Reserved | +| 31:9 | | | | Reserved | +| 8 | ro | 0x0 | kmac_fatal_error | A `KMAC_FATAL_ERROR` error was observed. | | 7 | ro | 0x0 | fatal_software | A `FATAL_SOFTWARE` error was observed. | | 6 | ro | 0x0 | lifecycle_escalation | A `LIFECYCLE_ESCALATION` error was observed. | | 5 | ro | 0x0 | illegal_bus_access | A `ILLEGAL_BUS_ACCESS` error was observed. | diff --git a/hw/ip/acc/dv/accsim/sim/constants.py b/hw/ip/acc/dv/accsim/sim/constants.py index 4c3b2cefba8..717c6730901 100644 --- a/hw/ip/acc/dv/accsim/sim/constants.py +++ b/hw/ip/acc/dv/accsim/sim/constants.py @@ -32,6 +32,7 @@ class ErrBits(IntEnum): KEY_INVALID = 1 << 5 RND_REP_CHK_FAIL = 1 << 6 RND_FIPS_CHK_FAIL = 1 << 7 + KMAC_RECOV_ERROR = 1 << 8 IMEM_INTG_VIOLATION = 1 << 16 DMEM_INTG_VIOLATION = 1 << 17 REG_INTG_VIOLATION = 1 << 18 @@ -40,7 +41,8 @@ class ErrBits(IntEnum): ILLEGAL_BUS_ACCESS = 1 << 21 LIFECYCLE_ESCALATION = 1 << 22 FATAL_SOFTWARE = 1 << 23 - MASK = (1 << 24) - 1 + KMAC_FATAL_ERROR = 1 << 24 + MASK = (1 << 25) - 1 class LcTx(IntEnum): diff --git a/hw/ip/acc/dv/accsim/sim/insn.py b/hw/ip/acc/dv/accsim/sim/insn.py index f40394f70d1..177d7ac7078 100644 --- a/hw/ip/acc/dv/accsim/sim/insn.py +++ b/hw/ip/acc/dv/accsim/sim/insn.py @@ -591,9 +591,30 @@ def execute(self, state: ACCState) -> Optional[Iterator[None]]: # to the AppIntf FIFO inside ACC Bignum ALU if DEBUG_KMAC: eprint("\tBNWSRW FOR KMAC PARTIAL WRITE REGISTER") - while state.wsrs.KMAC_MSG.pending_write_pw(): + while ( + state.wsrs.KMAC_MSG0.pending_write_pw() or + state.wsrs.KMAC_MSG1.pending_write_pw() + ): if DEBUG_KMAC: eprint("\tBNWSRW to KMAC_PW stall") + + # The following conditions cause a deadlock in execution + if ( + state.wsrs.KMAC_MSG1._pending_write_to_app_intf and + not state.kmac.app_intf_fifo1_ready() and + state.kmac.app_intf_fifo0_ready() and + state.kmac._masked_mode + ): + state.stop_at_end_of_cycle(ErrBits.KMAC_FATAL_ERROR) + + if ( + state.wsrs.KMAC_MSG0._pending_write_to_app_intf and + not state.kmac.app_intf_fifo0_ready() and + state.kmac.app_intf_fifo1_ready() and + state.kmac._masked_mode + ): + state.stop_at_end_of_cycle(ErrBits.KMAC_FATAL_ERROR) + yield None # At this point, the CSR is either ready or unneeded. Read it if @@ -1764,10 +1785,22 @@ def execute(self, state: ACCState) -> Optional[Iterator[None]]: yield None if self.wsr == 0xA: - # A read from KMAC_DIGEST. If a digest value is not available, request_value() + # A read from KMAC_DIGEST0. If a digest value is not available, request_value() + # initiates or continues the request for the next digest word from KMAC and + # returns false. If a digest value is available, it returns True. + while not state.wsrs.KMAC_DIGEST0.request_value_share0(): + # There's a pending KMAC request. Stall for a cycle. + yield None + + if self.wsr == 0xD: + # A read from KMAC_DIGEST1. If a digest value is not available, request_value() # initiates or continues the request for the next digest word from KMAC and # returns false. If a digest value is available, it returns True. - while not state.wsrs.KMAC_DIGEST.request_value(): + if not state.kmac._masked_mode: + state.stop_at_end_of_cycle(ErrBits.KMAC_RECOV_ERROR) + return + + while not state.wsrs.KMAC_DIGEST1.request_value_share1(): # There's a pending KMAC request. Stall for a cycle. yield None @@ -1803,11 +1836,37 @@ def execute(self, state: ACCState) -> Optional[Iterator[None]]: return None if self.wsr == 0x9: - # A write to KMAC_MSG might stall, if the register has not yet pushed + # A write to KMAC_MSG0 might stall, if the register has not yet pushed + # all its contents to the FIFO connected to the KMAC app interface. + while not state.wsrs.KMAC_MSG0.request_write(): + if DEBUG_KMAC: + eprint("\tBNWSRW to KMAC_MSG0 stall") + # The following write will cause a deadlock by a full fifo + if ( + not state.wsrs.KMAC_MSG1._pending_write_to_app_intf and + state.kmac.app_intf_fifo1_ready() and + state.kmac._masked_mode + ): + state.stop_at_end_of_cycle(ErrBits.KMAC_FATAL_ERROR) + return None + yield None + + if self.wsr == 0xC: + # A write to KMAC_MSG1 might stall, if the register has not yet pushed # all its contents to the FIFO connected to the KMAC app interface. - while not state.wsrs.KMAC_MSG.request_write(): + if not state.kmac._masked_mode: + state.stop_at_end_of_cycle(ErrBits.KMAC_RECOV_ERROR) + return None + while not state.wsrs.KMAC_MSG1.request_write(): if DEBUG_KMAC: - eprint("\tBNWSRW to KMAC_MSG stall") + eprint("\tBNWSRW to KMAC_MSG1 stall") + # The following write will cause a deadlock by a full fifo + if ( + not state.wsrs.KMAC_MSG0._pending_write_to_app_intf and + state.kmac.app_intf_fifo0_ready() + ): + state.stop_at_end_of_cycle(ErrBits.KMAC_FATAL_ERROR) + return None yield None val = state.wdrs.get_reg(self.wrs).read_unsigned() diff --git a/hw/ip/acc/dv/accsim/sim/kmac.py b/hw/ip/acc/dv/accsim/sim/kmac.py index 831f99cd15a..b9b8bb7a32c 100644 --- a/hw/ip/acc/dv/accsim/sim/kmac.py +++ b/hw/ip/acc/dv/accsim/sim/kmac.py @@ -40,6 +40,8 @@ class KmacBlock: _STRENGTH_256 = 0x2 _STRENGTH_384 = 0x3 _STRENGTH_512 = 0x4 + # Random 256-bit fixed mask to apply to digest + _FIXED_MASK = 0x6AF4EEF3D009BFFEA30CAD5958E9B1ABCEDDC59CC16E7481E562B3B77E7ED45E # Message FIFO size in bytes. See: # https://github.com/lowRISC/opentitan/blob/1b56f197b49d5f597867561d0a153d2e7a985909/hw/ip/kmac/rtl/kmac_pkg.sv#L37 @@ -99,13 +101,16 @@ def __init__(self) -> None: self._core_cycles_remaining: Optional[int] = None self._mode = self._MODE_SHA3 self._strength = self._STRENGTH_128 + self._masked_mode = False self._read_offset = 0 self._padded = False self._padding_only = False self._app_intf_ready = False self._app_intf_ready_pending_ctr: Optional[int] = None - self._app_intf_fifo_ready = True - self._app_intf_fifo_ready_next = True + self._app_intf_fifo0_ready = True + self._app_intf_fifo1_ready = True + self._app_intf_fifo0_ready_next = True + self._app_intf_fifo1_ready_next = True self._app_intf_fifo_flush = False self._app_fifo_after_flush = False self._pending_app_intf_last = False @@ -118,9 +123,16 @@ def __init__(self) -> None: self._msg_fifo_packer_flush_ctr = 0 self._msg_fifo_packer_flushing = False self._automatically_write_digest = True - self._digest_ready = False - self._digest_ready_next = False - self._digest_read = False + self._digest0_ready = False + self._digest0_ready_next = False + self._digest1_ready = False + self._digest1_ready_next = False + self._digest0_read = False + self._digest1_read = False + self._unmasked_digest = bytes() + self._apply_mask = False + self._finished_digest0 = False + self._finished_digest1 = False self._leftover_digest_bytes = 0 self._shift_digest_reg = False self._new_permutation = False @@ -136,11 +148,13 @@ def _reset(self) -> None: self._rate_bytes = 0 self._read_offset = 0 self._strength = self._STRENGTH_128 + self._masked_mode = False self._padded = False self._padding_only = False self._mode = self._MODE_SHA3 self._msg_fifo = bytes() self._app_intf_fifo = bytes() + self._app_intf_fifo1 = bytes() self._app_intf_bytes_sent = 0 self._app_intf_sending = False self._app_intf_writing = False @@ -149,8 +163,10 @@ def _reset(self) -> None: self._pending_app_intf_last = False self._app_intf_last = False self._app_intf_last_latch = False - self._app_intf_fifo_ready = True - self._app_intf_fifo_ready_next = True + self._app_intf_fifo0_ready = True + self._app_intf_fifo1_ready = True + self._app_intf_fifo0_ready_next = True + self._app_intf_fifo1_ready_next = True self._app_intf_fifo_flush = False self._app_fifo_after_flush = False self._core_pending_bytes = 0 @@ -165,24 +181,31 @@ def _reset(self) -> None: self._msg_fifo_packer_flushing = False self._msg_fifo_packer_flush_ctr = 0 self._automatically_write_digest = True - self._digest_ready = False - self._digest_ready_next = False - self._digest_read = False + self._digest0_ready = False + self._digest0_ready_next = False + self._digest1_ready = False + self._digest1_ready_next = False + self._digest0_read = False + self._digest1_read = False + self._unmasked_digest = bytes() + self._apply_mask = False + self._finished_digest0 = False + self._finished_digest1 = False self._leftover_digest_bytes = 0 self._shift_digest_reg = False self._new_permutation = False self._digest_request_ctr = 0 self._skip_digest_shift_cycle = False self._kmac_undersized_err = False - self._kmac_oversized_err = False - def set_configuration(self, mode: int, strength: int, msg_len: int) -> None: + def set_configuration(self, mode: int, strength: int, msg_len: int, masked_mode: bool) -> None: kmac_debug_print(f"\tSetting KMAC config: mode = {mode}, \ - strength = {strength}, len = {msg_len}") + strength = {strength}, len = {msg_len}, masked_mode = {masked_mode}") self._mode = mode self._strength = strength self._msg_len = msg_len self._msg_size = msg_len + self._masked_mode = masked_mode self._app_intf_bytes_sent = 0 self._app_intf_ready_pending_ctr = 0 self._app_intf_last_latch = False @@ -199,13 +222,7 @@ def get_ready(self) -> int: return self._app_intf_ready def get_done(self) -> int: - return int(self.digest_ready()) - - def get_undersized(self) -> int: - return self._kmac_undersized_err - - def get_oversized(self) -> int: - return self._kmac_oversized_err + return int(self.digest0_ready()) def message_done(self) -> None: '''Indicate that the message input is done.''' @@ -236,12 +253,41 @@ def digest_req_err(self) -> bool: else: return False - def digest_ready(self) -> bool: + def kmac_undersized_req(self, digest_err: bool) -> None: + kmac_debug_print(f"Transaction Error: {digest_err}") + msg_fifo_write_ready = self.msg_fifo_bytes_available() >= self._APP_INTF_BYTES_PER_CYCLE + if msg_fifo_write_ready and not self._msg_fifo_packer_flushing: + nbytes = min(len(self._app_intf_fifo), self._APP_INTF_BYTES_PER_CYCLE) + last_byte_valid = self._msg_size % 8 + kmac_debug_print(f"MSG Size: {self._msg_size}") + if (last_byte_valid == 0): + last_byte_valid = 8 + + if len(self._app_intf_fifo) < last_byte_valid: + padding_size = last_byte_valid - nbytes + self._app_intf_fifo += bytes(padding_size) + + nbytes = last_byte_valid + + self._msg_fifo += self._app_intf_fifo[:nbytes] + self._app_intf_fifo = bytes() + self._app_intf_bytes_sent += nbytes + # Artificially change the msg size + self._msg_size = self._app_intf_bytes_sent + self._msg_len = 0 + self._app_intf_sending = True + + self._kmac_undersized_err = digest_err + kmac_debug_print(f"Inserting Artificial Last MSG {self._kmac_undersized_err}") + self.message_done() + self._app_intf_last = True + + def digest0_ready(self) -> bool: kmac_debug_print(f"\tKMAC Digest Ready Req: \ autowrite={self._automatically_write_digest} \ shift={self._shift_digest_reg} \ permute={self._new_permutation} \ - read={self._digest_read} ready={self._digest_ready} \ + read={self._digest0_read} ready={self._digest0_ready} \ read_offset={self._read_offset} \ leftover={self._leftover_digest_bytes}") @@ -252,47 +298,60 @@ def digest_ready(self) -> bool: # If there is an undersized error we inject a "last" to the message request # to prevent stalling and raise an error flag to the status reg if digest_err and not self._kmac_undersized_err: - kmac_debug_print(f"Transaction Error: {digest_err}") - msg_fifo_write_ready = self.msg_fifo_bytes_available() >= self._APP_INTF_BYTES_PER_CYCLE - if msg_fifo_write_ready and not self._msg_fifo_packer_flushing: - nbytes = min(len(self._app_intf_fifo), self._APP_INTF_BYTES_PER_CYCLE) - last_byte_valid = self._msg_size % 8 - kmac_debug_print(f"MSG Size: {self._msg_size}") - if (last_byte_valid == 0): - last_byte_valid = 8 - - if len(self._app_intf_fifo) < last_byte_valid: - padding_size = last_byte_valid - nbytes - self._app_intf_fifo += bytes(padding_size) - - nbytes = last_byte_valid - - self._msg_fifo += self._app_intf_fifo[:nbytes] - self._app_intf_fifo = bytes() - self._app_intf_bytes_sent += nbytes - # Artificially change the msg size - self._msg_size = self._app_intf_bytes_sent - self._msg_len = 0 - self._app_intf_sending = True - - self._kmac_undersized_err = digest_err - kmac_debug_print("Inserting Artificial Last MSG") - self.message_done() - self._app_intf_last = True + self.kmac_undersized_req(digest_err) if self._automatically_write_digest: - if self._digest_ready: - self._digest_read = True + if self._digest0_ready: + self._digest0_read = True self._automatically_write_digest = False return True else: return False elif self._shift_digest_reg or self._new_permutation: return False - elif self._digest_read: + elif self._digest0_read and self._digest1_ready and self._masked_mode: + # Digest has been read but Digest1 is still available + # Read will be redundant but is still legal + return True + elif self._digest0_ready: + self._digest0_read = True + return True + else: return False - elif self._digest_ready: - self._digest_read = True + + def digest1_ready(self) -> bool: + kmac_debug_print(f"\tKMAC Digest Ready Req: \ + autowrite={self._automatically_write_digest} \ + shift={self._shift_digest_reg} \ + permute={self._new_permutation} \ + read={self._digest1_read} ready={self._digest1_ready} \ + read_offset={self._read_offset} \ + leftover={self._leftover_digest_bytes}") + + # This helper function is executed during a digest wsrr insn + # Check if there is an undersized message at this point + digest_err = self.digest_req_err() + + # If there is an undersized error we inject a "last" to the message request + # to prevent stalling and raise an error flag to the status reg + if digest_err and not self._kmac_undersized_err: + self.kmac_undersized_req(digest_err) + + if self._automatically_write_digest: + if self._digest1_ready: + self._digest1_read = True + self._automatically_write_digest = False + return True + else: + return False + elif self._shift_digest_reg or self._new_permutation: + return False + elif self._digest1_read and self._digest0_ready and self._masked_mode: + # Digest has been read but Digest0 is still available + # Read will be redundant but is still legal + return True + elif self._digest1_ready: + self._digest1_read = True return True else: return False @@ -355,16 +414,22 @@ def msg_fifo_bytes_available(self) -> int: def app_intf_fifo_bytes_available(self) -> int: return self._APP_INTF_FIFO_SIZE_BYTES - len(self._app_intf_fifo) - def app_intf_fifo_ready(self) -> bool: + def app_intf_fifo0_ready(self) -> bool: # If the AppIntf FIFO is ready and the current size of the contents is less than or equal # to 8B we can absorb # FIFO size is 64B allowing for a full length word even if there is 8B or less return ( - self._app_intf_fifo_ready + self._app_intf_fifo0_ready and len(self._app_intf_fifo) <= self._APP_INTF_BYTES_PER_CYCLE ) - def write_to_app_intf_fifo(self, msg: bytes) -> bool: + def app_intf_fifo1_ready(self) -> bool: + return ( + self._app_intf_fifo1_ready + and len(self._app_intf_fifo1) <= self._APP_INTF_BYTES_PER_CYCLE + ) + + def write_to_app_intf_fifo0(self, msg: bytes) -> bool: '''Appends new message data to an ongoing hashing operation. Check `app_intf_fifo_bytes_available` to ensure there is enough space @@ -372,13 +437,13 @@ def write_to_app_intf_fifo(self, msg: bytes) -> bool: ''' if not self.is_absorbing(): raise ValueError(f'KMAC: Cannot write in {self._status} status.') - kmac_debug_print(f"\tAttempting write to App FIFO: \ - ready = {self.app_intf_fifo_ready()}, \ + kmac_debug_print(f"\tAttempting write to App Share0 FIFO: \ + ready = {self.app_intf_fifo0_ready()}, \ fifo len = {len(self._app_intf_fifo)}") # If there is more than 8B we can not yet write # When the FIFO is flushing it is illegal to write to if ( - not self.app_intf_fifo_ready() + not self.app_intf_fifo0_ready() or len(self._app_intf_fifo) > self._APP_INTF_BYTES_PER_CYCLE or self._app_intf_fifo_flush ): @@ -386,6 +451,28 @@ def write_to_app_intf_fifo(self, msg: bytes) -> bool: self._app_intf_fifo += msg return True + def write_to_app_intf_fifo1(self, msg: bytes) -> bool: + if not self.is_absorbing(): + raise ValueError(f'KMAC: Cannot write in {self._status} status.') + kmac_debug_print(f"\tAttempting write to App Share1 FIFO: \ + ready = {self.app_intf_fifo1_ready()}, \ + fifo len = {len(self._app_intf_fifo1)}") + # If there is more than 8B we can not yet write + # When the FIFO is flushing it is illegal to write to + if ( + not self.app_intf_fifo1_ready() + or len(self._app_intf_fifo1) > self._APP_INTF_BYTES_PER_CYCLE + # TODO: Check if this can be shared + or self._app_intf_fifo_flush + ): + return False + + # If masking we will write into the FIFO, otherwise just return True to not block WSR + if self._masked_mode: + self._app_intf_fifo1 += msg + + return True + def _start_keccak_core(self, absorbed: bool) -> None: kmac_debug_print("\tStarting round logic") if absorbed: @@ -469,8 +556,9 @@ def step(self) -> None: kmac_debug_print(f"Last Latch: {self._app_intf_last_latch} \ | Msg Len: {self._msg_len} \ - | AppIntf Size: {len(self._app_intf_fifo)} \ - | Ready Next: {self._app_intf_fifo_ready_next}") + | AppIntf Share0 Size: {len(self._app_intf_fifo)} \ + | AppIntf Share1 Size: {len(self._app_intf_fifo1)} \ + | Ready Next: {self._app_intf_fifo0_ready_next}") kmac_debug_print(f"Pending LAST Status: {self._pending_app_intf_last}") @@ -544,63 +632,172 @@ def step(self) -> None: # The fifo will be ready in the next clock cycle if there is 8B or less if len(self._app_intf_fifo) <= self._APP_INTF_BYTES_PER_CYCLE: kmac_debug_print("\tAPP INTF FIFO LESS THAN ONE WORD IN NEXT STEP") - self._app_intf_fifo_ready_next = True + self._app_intf_fifo0_ready_next = True + else: + self._app_intf_fifo0_ready_next = False + + if len(self._app_intf_fifo1) <= self._APP_INTF_BYTES_PER_CYCLE: + kmac_debug_print("\tAPP INTF SHARE1 FIFO LESS THAN ONE WORD IN NEXT STEP") + self._app_intf_fifo1_ready_next = True else: - self._app_intf_fifo_ready_next = False + self._app_intf_fifo1_ready_next = False # Set Latch for error detection if (self._app_intf_bytes_sent == self._msg_size): self._app_intf_last_latch = True + # KMAC is not ready but next word is last and oversized + if ( + self._msg_len != 0 and self._msg_len < self._APP_INTF_BYTES_PER_CYCLE and + (len(self._app_intf_fifo) > self._msg_len or + len(self._app_intf_fifo1) > self._msg_len) + ): + self._kmac_oversized_err = True + self._app_intf_sending = False if msg_fifo_write_ready and not self._msg_fifo_packer_flushing and self._app_intf_ready: # Pass data from the application interface FIFO to the message FIFO. nbytes = min(len(self._app_intf_fifo), self._APP_INTF_BYTES_PER_CYCLE, self._msg_len) - if nbytes >= self._APP_INTF_BYTES_PER_CYCLE: - kmac_debug_print(f"\tAPP FIFO -> MSG FIFO: Absorbing {nbytes} \ - bytes: \ - {hex(int.from_bytes(self._app_intf_fifo[:nbytes], 'little'))}, \ - size of contents in MSG FIFO before new data: {len(self._msg_fifo)}") - self._msg_fifo += self._app_intf_fifo[:nbytes] - self._app_intf_fifo = self._app_intf_fifo[nbytes:] - self._msg_len -= nbytes - self._app_intf_bytes_sent += nbytes - self._app_intf_sending = True - - elif (self._app_intf_fifo_flush and nbytes < self._APP_INTF_BYTES_PER_CYCLE): - kmac_debug_print(f"\tAPP FIFO -> MSG FIFO: Absorbing {nbytes} \ - bytes: \ - {hex(int.from_bytes(self._app_intf_fifo[:nbytes], 'little'))}, \ - size of contents in MSG FIFO before new data: {len(self._msg_fifo)}") - self._msg_fifo += self._app_intf_fifo[:nbytes] - self._app_intf_fifo = self._app_intf_fifo[nbytes:] - self._msg_len -= nbytes - self._app_intf_bytes_sent += nbytes - self._app_intf_fifo_flush = False - self._app_fifo_after_flush = True - self._app_intf_sending = True - - # Flushing the APP FIFO has an extra clock cycle to read - elif ( - self._msg_len < self._APP_INTF_BYTES_PER_CYCLE - and self._msg_len != 0 - and len(self._app_intf_fifo) >= self._msg_len - ): - if (len(self._app_intf_fifo) < 8): - # Flushing the APP FIFO has an extra clock cycle to read - self._app_intf_fifo_flush = True - kmac_debug_print("FLUSHING APP INTF") - else: - # This is an oversized message and has filled the next - # word therefore no etra flush cycle + nbytes_share1 = min(len(self._app_intf_fifo1), self._APP_INTF_BYTES_PER_CYCLE, + self._msg_len) + + # Masking has different requirements for pushing data to KMAC from the AppIntf + if self._masked_mode: + if ( + nbytes >= self._APP_INTF_BYTES_PER_CYCLE and + nbytes_share1 >= self._APP_INTF_BYTES_PER_CYCLE + ): + kmac_debug_print( + f"\tAPP FIFO -> MSG FIFO: Absorbing {nbytes} " + f"bytes: {hex(int.from_bytes(self._app_intf_fifo[:nbytes], 'little'))}, " + f"bytes_share1: " + f"{hex(int.from_bytes(self._app_intf_fifo1[:nbytes_share1], 'little'))}, " + f"size of contents in MSG FIFO before new data: " + f"{len(self._msg_fifo)}" + ) + + unmasked_data = bytes(a ^ b for a, b in zip(self._app_intf_fifo[:nbytes], + self._app_intf_fifo1 + [:nbytes_share1])) + self._msg_fifo += unmasked_data + self._app_intf_fifo = self._app_intf_fifo[nbytes:] + self._app_intf_fifo1 = self._app_intf_fifo1[nbytes_share1:] + self._msg_len -= nbytes + self._app_intf_bytes_sent += nbytes + self._app_intf_sending = True + + elif ( + self._app_intf_fifo_flush and + (nbytes < self._APP_INTF_BYTES_PER_CYCLE or + nbytes_share1 < self._APP_INTF_BYTES_PER_CYCLE) + ): + kmac_debug_print( + f"\tAPP FIFO -> MSG FIFO: Absorbing {nbytes} " + f"bytes: {hex(int.from_bytes(self._app_intf_fifo[:nbytes], 'little'))}, " + f"bytes_share1: " + f"{hex(int.from_bytes(self._app_intf_fifo1[:nbytes_share1], 'little'))}, " + f"size of contents in MSG FIFO before new data: " + f"{len(self._msg_fifo)}" + ) + + if (nbytes != nbytes_share1): + self._kmac_oversized_err = True + + unmasked_data = bytes(a ^ b for a, b in zip(self._app_intf_fifo[:nbytes], + self._app_intf_fifo1 + [:nbytes_share1])) + + self._msg_fifo += unmasked_data + self._app_intf_fifo = self._app_intf_fifo[nbytes:] + self._app_intf_fifo1 = self._app_intf_fifo1[nbytes_share1:] + self._msg_len -= nbytes + self._app_intf_bytes_sent += nbytes + self._app_intf_fifo_flush = False + self._app_fifo_after_flush = True + self._app_intf_sending = True + + # Flushing the APP FIFO has an extra clock cycle to read + elif ( + self._msg_len < self._APP_INTF_BYTES_PER_CYCLE + and self._msg_len != 0 + and (len(self._app_intf_fifo) >= self._msg_len and + len(self._app_intf_fifo1) >= self._msg_len) + ): + if (len(self._app_intf_fifo) < 8): + # Flushing the APP FIFO has an extra clock cycle to read + self._app_intf_fifo_flush = True + kmac_debug_print("FLUSHING APP INTF") + elif (len(self._app_intf_fifo1) < 8): + # Flushing the APP FIFO has an extra clock cycle to read + self._app_intf_fifo_flush = True + kmac_debug_print("FLUSHING APP INTF") + else: + # This is an oversized message and has filled the next + # word therefore no etra flush cycle + unmasked_data = bytes(a ^ b for a, b in zip(self._app_intf_fifo[:nbytes], + self._app_intf_fifo1 + [:nbytes])) + + self._msg_fifo += unmasked_data + self._app_intf_fifo = self._app_intf_fifo[8:] + self._app_intf_fifo1 = self._app_intf_fifo1[8:] + self._msg_len -= nbytes + self._app_intf_bytes_sent += nbytes + self._app_intf_sending = True + self._kmac_oversized_err = True + + # When unmasked we only use the share0 fifo + else: + if nbytes >= self._APP_INTF_BYTES_PER_CYCLE: + kmac_debug_print(f"\tAPP FIFO -> MSG FIFO: Absorbing {nbytes} \ + bytes: \ + {hex(int.from_bytes(self._app_intf_fifo[:nbytes], 'little'))}, \ + size of contents in MSG FIFO before new data: \ + {len(self._msg_fifo)}") + self._msg_fifo += self._app_intf_fifo[:nbytes] - self._app_intf_fifo = self._app_intf_fifo[8:] + self._app_intf_fifo = self._app_intf_fifo[nbytes:] self._msg_len -= nbytes self._app_intf_bytes_sent += nbytes self._app_intf_sending = True - self._kmac_oversized_err = True + + elif (self._app_intf_fifo_flush and nbytes < self._APP_INTF_BYTES_PER_CYCLE): + kmac_debug_print(f"\tAPP FIFO -> MSG FIFO: Absorbing {nbytes} \ + bytes: \ + {hex(int.from_bytes(self._app_intf_fifo[:nbytes], 'little'))}, \ + size of contents in MSG FIFO before new data: \ + {len(self._msg_fifo)}") + + self._msg_fifo += self._app_intf_fifo[:nbytes] + self._app_intf_fifo = self._app_intf_fifo[nbytes:] + self._msg_len -= nbytes + self._app_intf_bytes_sent += nbytes + self._app_intf_fifo_flush = False + self._app_fifo_after_flush = True + self._app_intf_sending = True + + # Flushing the APP FIFO has an extra clock cycle to read + elif ( + self._msg_len < self._APP_INTF_BYTES_PER_CYCLE + and self._msg_len != 0 + and len(self._app_intf_fifo) >= self._msg_len + ): + if (len(self._app_intf_fifo) < 8): + # Flushing the APP FIFO has an extra clock cycle to read + self._app_intf_fifo_flush = True + kmac_debug_print("FLUSHING APP INTF") + else: + # This is an oversized message and has filled the next + # word therefore no etra flush cycle + self._msg_fifo += self._app_intf_fifo[:nbytes] + self._app_intf_fifo = self._app_intf_fifo[8:] + self._msg_len -= nbytes + self._app_intf_bytes_sent += nbytes + self._app_intf_sending = True + self._kmac_oversized_err = True kmac_debug_print(f"\tMSG FIFO SIZE: {len(self._msg_fifo)}") + else: # Once the FIFO fills up completely, the packer must flush completely until it can # consume new data. @@ -612,23 +809,31 @@ def step(self) -> None: self._msg_fifo_packer_flushing = False self._msg_fifo_packer_flush_ctr = 0 kmac_debug_print(f"\tMSG FIFO FULL, flush ctr = {self._msg_fifo_packer_flush_ctr}") + + # Check for oversized in the current last word if self._msg_len == 0 and not self._app_intf_last: kmac_debug_print("\tAPP FIFO last") self.message_done() + if (len(self._app_intf_fifo) != 0 or len(self._app_intf_fifo1) != 0): + self._kmac_oversized_err = True self._app_intf_last = True - self._app_intf_fifo_ready = self._app_intf_fifo_ready_next + self._app_intf_fifo0_ready = self._app_intf_fifo0_ready_next + self._app_intf_fifo1_ready = self._app_intf_fifo1_ready_next # Digest Register - self._digest_ready = self._digest_ready_next + self._digest0_ready = self._digest0_ready_next + self._digest1_ready = self._digest1_ready_next if self._shift_digest_reg: if self._digest_request_ctr < self._SHIFT_DIGEST_LATENCY: self._digest_request_ctr += 1 - self._digest_ready_next = False + self._digest0_ready_next = False + self._digest0_ready_next = False else: self._shift_digest_reg = False self._digest_request_ctr = 0 - self._digest_ready_next = True + self._digest0_ready_next = True + self._digest1_ready_next = True elif self._new_permutation: if self._digest_request_ctr < self._NEW_PERMUTATION_LATENCY: if self._skip_digest_shift_cycle: @@ -638,21 +843,27 @@ def step(self) -> None: # the digest self._digest_request_ctr += 1 self._digest_request_ctr += 1 - self._digest_ready_next = False + self._digest0_ready_next = False + self._digest1_ready_next = False else: self._new_permutation = False self._digest_request_ctr = 0 - self._digest_ready_next = True + self._digest0_ready_next = True + self._digest0_ready_next = True else: - self._digest_ready_next = self.is_squeezing() and (self._core_cycles_remaining == 0) + self._digest0_ready_next = self.is_squeezing() and (self._core_cycles_remaining == 0) + self._digest1_ready_next = self.is_squeezing() and (self._core_cycles_remaining == 0) if ( - self._digest_read and self._digest_ready - and not self._shift_digest_reg and not self._new_permutation + (self._digest0_read and self._digest0_ready) and + ((self._digest1_read and self._digest1_ready) or not self._masked_mode) and not + self._shift_digest_reg and not self._new_permutation ): # If we have read the digest then set ready to False as well for proper status sampling - self._digest_read = False - self._digest_ready = False + self._digest0_read = False + self._digest0_ready = False + self._digest1_read = False + self._digest1_ready = False if self._rate_bytes > self._read_offset + 32: self._shift_digest_reg = True self._digest_request_ctr += 1 @@ -674,7 +885,8 @@ def step(self) -> None: self._digest_request_ctr += 1 self._leftover_digest_bytes += max(self._rate_bytes - self._read_offset, 0) self._read_offset = 0 - self._digest_ready_next = False + self._digest0_ready_next = False + self._digest1_ready_next = False # Either step the core or check if we can start it. if self._core_is_busy(): @@ -703,30 +915,47 @@ def step(self) -> None: if ( self._app_intf_last_latch and self._app_intf_bytes_sent >= self._msg_size - and len(self._app_intf_fifo) > 0 + and (len(self._app_intf_fifo) > 0 or + len(self._app_intf_fifo1) > 0) ): self._pending_app_intf_last = False nbytes = min(len(self._app_intf_fifo), self._APP_INTF_BYTES_PER_CYCLE) + nbytes_share1 = min(len(self._app_intf_fifo1), self._APP_INTF_BYTES_PER_CYCLE) self._app_intf_fifo = self._app_intf_fifo[nbytes:] + self._app_intf_fifo1 = self._app_intf_fifo1[nbytes_share1:] self._kmac_oversized_err = True kmac_debug_print("FLUSHING FIFO WITH OVERSIZED MSG") # The fifo will be ready in the next clock cycle if there is 8B or less if len(self._app_intf_fifo) <= self._APP_INTF_BYTES_PER_CYCLE: kmac_debug_print("\tAPP INTF FIFO LESS THAN ONE WORD IN NEXT STEP") - self._app_intf_fifo_ready_next = True + self._app_intf_fifo0_ready_next = True + else: + self._app_intf_fifo0_ready_next = False + + # The fifo will be ready in the next clock cycle if there is 8B or less + if len(self._app_intf_fifo1) <= self._APP_INTF_BYTES_PER_CYCLE: + kmac_debug_print("\tAPP INTF SHARE1 FIFO LESS THAN ONE WORD IN NEXT STEP") + self._app_intf_fifo1_ready_next = True else: - self._app_intf_fifo_ready_next = False + self._app_intf_fifo1_ready_next = False if self._pending_app_intf_last and len(self._app_intf_fifo) > self._msg_len: self._app_intf_fifo = self._app_intf_fifo[:self._msg_len] self._kmac_oversized_err = True kmac_debug_print("FLUSHING FIFO WITH OVERSIZED MSG") + if self._pending_app_intf_last and len(self._app_intf_fifo1) > self._msg_len: + self._app_intf_fifo1 = self._app_intf_fifo1[:self._msg_len] + self._kmac_oversized_err = True + kmac_debug_print("FLUSHING SHARE1 FIFO WITH OVERSIZED MSG") + if ( - self._msg_len <= len(self._app_intf_fifo) - and self._msg_len <= self._APP_INTF_BYTES_PER_CYCLE - and len(self._app_intf_fifo) <= self._APP_INTF_BYTES_PER_CYCLE + self._msg_len <= len(self._app_intf_fifo) and + self._msg_len <= len(self._app_intf_fifo1) and + self._msg_len <= self._APP_INTF_BYTES_PER_CYCLE and + len(self._app_intf_fifo) <= self._APP_INTF_BYTES_PER_CYCLE and + len(self._app_intf_fifo1) <= self._APP_INTF_BYTES_PER_CYCLE ): self._pending_app_intf_last = True else: @@ -743,20 +972,52 @@ def max_read_bytes(self) -> Optional[int]: # XOFs return None - def read(self, num_bytes: int) -> bytes: - if self._state is None: - raise ValueError("KMAC: Hash state not initialized") - max_bytes = self.max_read_bytes() - if max_bytes is not None and num_bytes > max_bytes: - raise ValueError('KMAC: Read request exceeds Keccak rate.') - if self._mode == self._MODE_SHAKE or self._mode == self._MODE_CSHAKE: - # XOFs SHAKE and CSHAKE - self._read_offset += num_bytes - if hasattr(self._state, "read"): - ret = self._state.read(num_bytes) + def read_shares(self, num_bytes: int, share0: bool) -> bytes: + # If we need a new digest compute the next unmasked value before applying a mask + if not self._finished_digest0: + if (self._masked_mode and not self._finished_digest1) or (not self._masked_mode): + if self._state is None: + raise ValueError("KMAC: Hash state not initialized") + max_bytes = self.max_read_bytes() + if max_bytes is not None and num_bytes > max_bytes: + raise ValueError('KMAC: Read request exceeds Keccak rate.') + if self._mode == self._MODE_SHAKE or self._mode == self._MODE_CSHAKE: + # XOFs SHAKE and CSHAKE + self._read_offset += num_bytes + if hasattr(self._state, "read"): + self._unmasked_digest = self._state.read(num_bytes) + else: + # SHA3 + if hasattr(self._state, "digest"): + self._unmasked_digest = self._state.digest()[self._read_offset: + self._read_offset + num_bytes] + self._read_offset += num_bytes + + mask_bytes = self._FIXED_MASK.to_bytes(32, byteorder='little') + + # Return the appropriate digest or fixed mask for testing + if share0: + if self._apply_mask: + digest = bytes(a ^ b for a, b in zip(self._unmasked_digest, mask_bytes)) + else: + digest = mask_bytes + self._finished_digest0 = True + if not self._masked_mode: + digest = self._unmasked_digest + self._finished_digest1 = True else: - # SHA3 - if hasattr(self._state, "digest"): - ret = self._state.digest()[self._read_offset: self._read_offset + num_bytes] - self._read_offset += num_bytes - return ret + if self._apply_mask: + digest = mask_bytes + else: + digest = bytes(a ^ b for a, b in zip(self._unmasked_digest, mask_bytes)) + self._finished_digest1 = True + + # If we have read from both shares reset to prepare for a new digest and mask order + if self._finished_digest0 and self._finished_digest1: + self._apply_mask = not self._apply_mask + self._finished_digest0 = False + self._finished_digest1 = False + + kmac_debug_print(f"DIGEST TO RETURN: {digest.hex()}") + + return digest diff --git a/hw/ip/acc/dv/accsim/sim/sim.py b/hw/ip/acc/dv/accsim/sim/sim.py index f9b94e7b103..b9e93d259df 100644 --- a/hw/ip/acc/dv/accsim/sim/sim.py +++ b/hw/ip/acc/dv/accsim/sim/sim.py @@ -309,7 +309,8 @@ def _step_exec(self, verbose: bool) -> StepRes: assert self.state.init_sec_wipe_is_done() self.state.wsrs.URND.step() - self.state.wsrs.KMAC_MSG.step() + self.state.wsrs.KMAC_MSG0.step(False) + self.state.wsrs.KMAC_MSG1.step(True) insn = self._next_insn if insn is None: @@ -366,6 +367,14 @@ def _step_exec(self, verbose: bool) -> StepRes: self.state.stop_at_end_of_cycle(ErrBits.RND_REP_CHK_FAIL) if (self.state.wsrs.RND.fips_err_escalate): self.state.stop_at_end_of_cycle(ErrBits.RND_FIPS_CHK_FAIL) + if (self.state.wsrs.KMAC_MSG0._oversized_error): + self.state.stop_at_end_of_cycle(ErrBits.KMAC_FATAL_ERROR) + if (self.state.wsrs.KMAC_MSG1._oversized_error): + self.state.stop_at_end_of_cycle(ErrBits.KMAC_FATAL_ERROR) + if (self.state.kmac._kmac_oversized_err): + self.state.stop_at_end_of_cycle(ErrBits.KMAC_FATAL_ERROR) + if (self.state.kmac._kmac_undersized_err): + self.state.stop_at_end_of_cycle(ErrBits.KMAC_FATAL_ERROR) # Handle any pending injected error. Note that this has to run after # we've executed any instruction, to ensure we get a trace entry for diff --git a/hw/ip/acc/dv/accsim/sim/state.py b/hw/ip/acc/dv/accsim/sim/state.py index 0e00aeb4cdd..97479effad6 100644 --- a/hw/ip/acc/dv/accsim/sim/state.py +++ b/hw/ip/acc/dv/accsim/sim/state.py @@ -410,7 +410,7 @@ def stop(self) -> None: self.ext_regs.set_bits('INTR_STATE', 1 << 0) should_lock = (((self._err_bits >> 16) != 0) or - ((self._err_bits >> 10) & 1 != 0) or + ((self._err_bits >> 11) & 1 != 0) or (self._err_bits != 0 and self.software_errs_fatal) or self.rma_req == LcTx.ON) # Make any error bits visible diff --git a/hw/ip/acc/dv/accsim/sim/wsr.py b/hw/ip/acc/dv/accsim/sim/wsr.py index 57247c27ab8..6817240e526 100644 --- a/hw/ip/acc/dv/accsim/sim/wsr.py +++ b/hw/ip/acc/dv/accsim/sim/wsr.py @@ -11,7 +11,7 @@ import sys -from typing import List, Optional, Sequence, Tuple +from typing import List, Optional, Sequence, Tuple, Union from .trace import Trace from .ext_regs import ACCExtRegs from .kmac import KmacBlock @@ -368,6 +368,8 @@ def __init__(self, name: str, kmac: KmacBlock): self._kmac = kmac self._value: Optional[int] = None self._next_value: Optional[int] = None + self._used_share0 = True + self._used_share1 = True def read_unsigned(self) -> int: assert self._value is not None @@ -387,6 +389,8 @@ def write_unsigned(self, value: int) -> None: def commit(self) -> None: if self._pending_write: self._value = self._next_value + self._used_share0 = False + self._used_share1 = False super().commit() def changes(self) -> Sequence[Trace]: @@ -418,6 +422,7 @@ def __init__(self, name: str, kmac: KmacBlock, partial_ispr: KmacPartialWriteISP self._next_value: Optional[int] = None self._value: Optional[int] = None self._partial_ispr = partial_ispr + self._oversized_error = False def read_unsigned(self) -> int: return 0 @@ -431,18 +436,28 @@ def write_invalid(self) -> None: self._next_value = None self._pending_write = True - def step(self) -> None: + def step(self, share: bool) -> None: self._kmac._app_intf_writing = False kmac_debug_print("\tFETCHING STARTING FIFO STATUS") self._pending_write_stall_pw = self._pending_write_to_app_intf - self._start_cycle_fifo_ready = self._kmac.app_intf_fifo_ready() + + if share: + self._start_cycle_fifo_ready = self._kmac.app_intf_fifo1_ready() + else: + self._start_cycle_fifo_ready = self._kmac.app_intf_fifo0_ready() + if self._kmac._app_fifo_after_flush: self._pending_write_stall_pw = False + # KMAC_MSG reg -> FIFO if self._pending_write_to_app_intf and self._value is not None: strb_len = self._partial_ispr.read_mask() value_bytes = int.to_bytes(self._value, byteorder='little', length=32)[:strb_len] - kmac_debug_print("\tPending write to App FIFO") + if share: + kmac_debug_print("\tPending write to App Share1 FIFO") + else: + kmac_debug_print("\tPending write to App Share0 FIFO") + if ( self._kmac._app_intf_last_latch or (self._kmac._pending_app_intf_last and not self.pending_write_pw()) @@ -450,15 +465,39 @@ def step(self) -> None: ): kmac_debug_print("DROPPING WRITE TO FIFO FROM OVERSIZED MSG") self._kmac._kmac_oversized_err = True + self._oversized_error = True self._pending_write_to_app_intf = False self._pending_write_stall_pw = False - elif not self._kmac._app_intf_last and self._kmac.write_to_app_intf_fifo(value_bytes): - kmac_debug_print(f"\tKMAC_MSG -> APP FIFO: Writing \ - {len(value_bytes)} bytes to App FIFO") - self._pending_write_to_app_intf = False - self._kmac._app_intf_writing = True - # Reset paritial write value after successful write - self._partial_ispr._value = 32 + + # MSG SHARE0 Write + elif not share: + if ( + not self._kmac._app_intf_last + and self._kmac.write_to_app_intf_fifo0(value_bytes) + ): + kmac_debug_print(f"\tKMAC_MSG0 -> APP FIFO0: Writing \ + {len(value_bytes)} bytes to App FIFO") + self._pending_write_to_app_intf = False + self._kmac._app_intf_writing = True + # Reset paritial write value after successful write + self._partial_ispr._used_share0 = True + if (self._partial_ispr._used_share1 is True) or not self._kmac._masked_mode: + self._partial_ispr._value = 32 + + # MSG SHARE1 Write + elif share: + if ( + not self._kmac._app_intf_last + and self._kmac.write_to_app_intf_fifo1(value_bytes) + ): + kmac_debug_print(f"\tKMAC_MSG1 -> APP FIFO1: Writing \ + {len(value_bytes)} bytes to App FIFO") + self._pending_write_to_app_intf = False + self._kmac._app_intf_writing = True + # Reset paritial write value after successful write + self._partial_ispr._used_share1 = True + if self._partial_ispr._used_share0 is True: + self._partial_ispr._value = 32 def pending_write_pw(self) -> bool: if self._kmac._app_intf_fifo_flush and not self._pending_write_to_app_intf: @@ -517,15 +556,16 @@ def commit(self) -> None: kmac_debug_print(f"\tREG -> KMAC_MSG reg: {hex(self._next_value)}") if self._value == (1 << 31): # config value to release KMAC app intf - # should be done once before ACC yiels + # should be done once before ACC yields # to Ibex self._kmac._reset() else: mode = self._value & 0b11 strength = (self._value >> 2) & 0b111 - msg_len = self._value >> 5 + msg_len = (self._value >> 5) & 0x7FFF + masked_mode = bool((self._value >> 20) & 0b1) self._kmac._reset() - self._kmac.set_configuration(mode, strength, msg_len) + self._kmac.set_configuration(mode, strength, msg_len, masked_mode) super().commit() def changes(self) -> Sequence[Trace]: @@ -543,9 +583,7 @@ def __init__(self, name: str, kmac: KmacBlock): self._next_value: Optional[int] = None def read_unsigned(self) -> int: - value = self._kmac.get_undersized() << 4 - value += self._kmac.get_oversized() << 3 - value += self._kmac.get_error() << 2 + value = self._kmac.get_error() << 2 value += self._kmac.get_ready() << 1 value += self._kmac.get_done() self._next_value = value @@ -588,17 +626,31 @@ def __init__(self, name: str, kmac: KmacBlock): def has_value(self) -> bool: return self._has_value - def request_value(self) -> bool: + def request_value_share0(self) -> bool: '''Returns true if the full register value is ready, - but only one cycle after digest_ready() is asserted, + but only one cycle after digest0_ready() is asserted, modeling the ACC app_req.next behavior''' - self._has_value = self._kmac.digest_ready() + self._has_value = self._kmac.digest0_ready() kmac_debug_print(f"\tKMAC_DIGEST - Request value: {self._has_value}") return self._has_value - def read_unsigned(self) -> int: - value = int.from_bytes(self._kmac.read(32), byteorder='little') + def request_value_share1(self) -> bool: + '''Returns true if the full register value is ready, + but only one cycle after digest1_ready() is asserted, + modeling the ACC app_req.next behavior''' + self._has_value = self._kmac.digest1_ready() + + kmac_debug_print(f"\tKMAC_DIGEST - Request value: {self._has_value}") + return self._has_value + + def read_unsigned_share0(self) -> int: + value = int.from_bytes(self._kmac.read_shares(32, True), byteorder='little') + kmac_debug_print(f"\tRead value: {hex(value)}") + return value + + def read_unsigned_share1(self) -> int: + value = int.from_bytes(self._kmac.read_shares(32, False), byteorder='little') kmac_debug_print(f"\tRead value: {hex(value)}") return value @@ -635,13 +687,15 @@ def __init__(self, ext_regs: ACCExtRegs, kmac: KmacBlock, pqc: bool) -> None: self.KeyS1L = KeyWSR('KeyS1L', 0, self.KeyS1) self.KeyS1H = KeyWSR('KeyS1H', 256, self.KeyS1) self.KMAC_STATUS = KmacStatusWSR('KMAC_STATUS', self.Kmac) - self.KMAC_DIGEST = KmacDigestWSR('KMAC_DIGEST', self.Kmac) + self.KMAC_DIGEST0 = KmacDigestWSR('KMAC_DIGEST0', self.Kmac) + self.KMAC_DIGEST1 = KmacDigestWSR('KMAC_DIGEST1', self.Kmac) self.KMAC_PARTIAL_WRITE = KmacPartialWriteISPR('KMAC_PARTIAL_WRITE', self.Kmac) self.KMAC_CFG = KmacCfgWSR('KMAC_CFG', self.Kmac, self.KMAC_PARTIAL_WRITE) - self.KMAC_MSG = KmacMsgWSR('KMAC_MSG', self.Kmac, self.KMAC_PARTIAL_WRITE) + self.KMAC_MSG0 = KmacMsgWSR('KMAC_MSG0', self.Kmac, self.KMAC_PARTIAL_WRITE) + self.KMAC_MSG1 = KmacMsgWSR('KMAC_MSG1', self.Kmac, self.KMAC_PARTIAL_WRITE) # These are the common index regardless of PQC enable or not - self._by_idx = { + self._by_idx: dict[int, Union[WSR, KmacDigestWSR]] = { 0: self.MOD, 1: self.RND, 2: self.URND, @@ -655,9 +709,11 @@ def __init__(self, ext_regs: ACCExtRegs, kmac: KmacBlock, pqc: bool) -> None: if self.EN_PQC: self._by_idx.update({ 8: self.KMAC_CFG, - 9: self.KMAC_MSG, - 10: self.KMAC_DIGEST, + 9: self.KMAC_MSG0, + 10: self.KMAC_DIGEST0, 11: self.ACCH, + 12: self.KMAC_MSG1, + 13: self.KMAC_DIGEST1, }) def on_start(self) -> None: @@ -685,9 +741,20 @@ def read_at_idx(self, idx: int) -> int: '''Read the WSR at idx as an unsigned 256-bit value Assumes that idx is a valid index (call check_idx to ensure this). + For KMAC Digest registers, read_unsigned_share0 and read_unsigned_share1 + are used to apply an appropriate mask to the unmasked digest before writing + to the WSR at idx. ''' - return self._by_idx[idx].read_unsigned() + wsr = self._by_idx[idx] + + if isinstance(wsr, KmacDigestWSR): + if wsr is self.KMAC_DIGEST0: + return wsr.read_unsigned_share0() + else: + return wsr.read_unsigned_share1() + else: + return wsr.read_unsigned() def write_at_idx(self, idx: int, value: int) -> None: '''Write the WSR at idx as an unsigned 256-bit value @@ -705,9 +772,11 @@ def commit(self) -> None: self.ACCH.commit() self.KeyS0.commit() self.KeyS1.commit() - self.KMAC_MSG.commit() + self.KMAC_MSG0.commit() + self.KMAC_MSG1.commit() self.KMAC_CFG.commit() - self.KMAC_DIGEST.commit() + self.KMAC_DIGEST0.commit() + self.KMAC_DIGEST1.commit() self.KMAC_PARTIAL_WRITE.commit() def abort(self) -> None: @@ -720,9 +789,11 @@ def abort(self) -> None: # instruction itself gets aborted. self.KeyS0.commit() self.KeyS1.commit() - self.KMAC_MSG.abort() + self.KMAC_MSG0.abort() + self.KMAC_MSG1.abort() self.KMAC_CFG.abort() - self.KMAC_DIGEST.abort() + self.KMAC_DIGEST0.abort() + self.KMAC_DIGEST1.abort() self.KMAC_PARTIAL_WRITE.abort() def changes(self) -> List[Trace]: @@ -735,10 +806,12 @@ def changes(self) -> List[Trace]: ret += self.KeyS0.changes() ret += self.KeyS1.changes() if self.EN_PQC: - ret += self.KMAC_MSG.changes() + ret += self.KMAC_MSG0.changes() + ret += self.KMAC_MSG1.changes() ret += self.KMAC_CFG.changes() ret += self.KMAC_STATUS.changes() - ret += self.KMAC_DIGEST.changes() + ret += self.KMAC_DIGEST0.changes() + ret += self.KMAC_DIGEST1.changes() ret += self.KMAC_PARTIAL_WRITE.changes() return ret @@ -752,5 +825,7 @@ def wipe(self) -> None: self.MOD.write_invalid() self.ACC.write_invalid() self.ACCH.write_invalid() - self.KMAC_MSG.write_invalid() - self.KMAC_DIGEST.write_invalid() + self.KMAC_MSG0.write_invalid() + self.KMAC_MSG1.write_invalid() + self.KMAC_DIGEST0.write_invalid() + self.KMAC_DIGEST1.write_invalid() diff --git a/hw/ip/acc/dv/rig/rig/configs/base.yml b/hw/ip/acc/dv/rig/rig/configs/base.yml index 0525d321459..d2404a418a1 100644 --- a/hw/ip/acc/dv/rig/rig/configs/base.yml +++ b/hw/ip/acc/dv/rig/rig/configs/base.yml @@ -33,3 +33,5 @@ gen-weights: BadZeroLoop: 1 MisalignedLoadStore: 1 BadIspr: 1 + # Disabled except for KMAC fatal error test + BadKmacAppReqInsn: 0 diff --git a/hw/ip/acc/dv/rig/rig/configs/kmac-err.yml b/hw/ip/acc/dv/rig/rig/configs/kmac-err.yml new file mode 100644 index 00000000000..7a0106183b2 --- /dev/null +++ b/hw/ip/acc/dv/rig/rig/configs/kmac-err.yml @@ -0,0 +1,37 @@ +# Copyright zeroRISC Inc. +# Licensed under the Apache License, Version 2.0, see LICENSE for details. +# SPDX-License-Identifier: Apache-2.0 + +# A custom configuration that doesn't generate any normal KMAC app requests. +# Generators that can end the program are also removed except for the KMAC +# error generator. + +gen-weights: + # Generator to start program + ClearWsr: 1 + # Disable other generators + Branch: 0 + CallStackRW: 0 + EdgeLoadStore: 0 + Jump: 0 + Loop: 0 + LoopDupEnd: 0 + SmallVal: 0 + StraightLineInsn: 0 + KmacAppReqInsn: 0 + KnownWDR: 0 + UntakenBranch: 0 + BadAtEnd: 0 + BadBNMovr: 0 + BadBranch: 0 + BadCallStackRW: 0 + BadDeepLoop: 0 + BadLoadStore: 0 + BadInsn: 0 + BadGiantLoop: 0 + BadZeroLoop: 0 + MisalignedLoadStore: 0 + BadIspr: 0 + # Only enable ECall and BadKmacAppReq + ECall: 1 + BadKmacAppReqInsn: 100 diff --git a/hw/ip/acc/dv/rig/rig/gens/app_req.py b/hw/ip/acc/dv/rig/rig/gens/app_req.py index f5b22b3d1f6..5293403b569 100644 --- a/hw/ip/acc/dv/rig/rig/gens/app_req.py +++ b/hw/ip/acc/dv/rig/rig/gens/app_req.py @@ -23,7 +23,7 @@ class KmacAppReqInsn(SnippetGen): transaction being too large for the remaining model fuel, the generator attempts to run again with half the message size. When the message size is <= 32B the generator produces the least number - of instructions and is guarenteed to fit. + of instructions and is guaranteed to fit. ''' pqc_program = True @@ -35,13 +35,19 @@ def __init__(self, cfg: Config, insns_file: InsnsFile) -> None: self.bn_wsrw = self._get_named_insn(insns_file, 'bn.wsrw') self.bn_wsrw_wsr_op_type = self.bn_wsrw.operands[0].op_type self.bn_wsrw_wrs_op_type = self.bn_wsrw.operands[1].op_type - self._wsrw_wrs = 0 # bn.wsrr insn self.bn_wsrr = self._get_named_insn(insns_file, 'bn.wsrr') self.bn_wsrr_wrd_op_type = self.bn_wsrr.operands[0].op_type self.bn_wsrr_wsr_op_type = self.bn_wsrr.operands[1].op_type + # bn.rshi insn + self.bn_rshi = self._get_named_insn(insns_file, 'bn.rshi') + self.bn_rshi_wrd_op_type = self.bn_rshi.operands[0].op_type + self.bn_rshi_wrs1_op_type = self.bn_rshi.operands[1].op_type + self.bn_rshi_wrs2_op_type = self.bn_rshi.operands[2].op_type + self.bn_rshi_imm_op_type = self.bn_rshi.operands[3].op_type + # csrrw insn self.csrrw = self._get_named_insn(insns_file, 'csrrw') self.csrrw_grd_op_type = self.csrrw.operands[0].op_type @@ -66,6 +72,8 @@ def __init__(self, cfg: Config, insns_file: InsnsFile) -> None: self.lui_imm_op_type = self.lui.operands[1].op_type self._target_mod_addr = 0 + self._share0_wrs = 0 + self._share1_wrs = 0 # kmac msg configurations self._msg_size = 0 @@ -73,6 +81,7 @@ def __init__(self, cfg: Config, insns_file: InsnsFile) -> None: self._sha3_mode = Sha3Mode.Sha3 self._keccak_strength = KeccakStrength.L128 self._cfg_done = 0 + self._masked_mode = 0 # li insn mode self._fill_li_mode = FillLiMode.CFG @@ -132,7 +141,8 @@ def gen(self, self._msg_size = random.randint(1, 512) else: self._msg_size = random.randint(2048, 8192) - print(f"[DEBUG] LARGE MESSAGE: {self._msg_size}") + + self._masked_mode = random.randint(0, 1) while True: insn_list = self._gen(model, program) @@ -167,24 +177,7 @@ def _gen(self, model: Model, program: Program) -> list[ProgInsn]: """ insn_list = [] - size_behavior = random.choices( - ["normal", "undersized", "oversized"], - weights=[80, 10, 10] - )[0] - - # Change message size based on behavior - if size_behavior == "undersized": - if self._msg_size > 2: - target_bytes = random.randint(1, self._msg_size - 1) - else: - target_bytes = self._msg_size - elif size_behavior == "oversized": - # Up to 64 bytes over - target_bytes = self._msg_size + random.randint(1, 64) - else: - target_bytes = self._msg_size - - remaining_bytes = target_bytes + remaining_bytes = self._msg_size self._cfg_done = 0 self._pw_size = 32 @@ -248,16 +241,24 @@ def _gen(self, model: Model, program: Program) -> list[ProgInsn]: # Do a kmac msg write self._fill_wsrw_mode = FillWsrwMode.MSG prog_wsrw_msg = self.fill_bn_wsrw(model) + insn_list.append(prog_wsrw_msg) + if self._masked_mode: + self._fill_wsrw_mode = FillWsrwMode.MSG1 + prog_wsrw_msg1 = self.fill_bn_wsrw(model) + insn_list.append(prog_wsrw_msg1) remaining_bytes -= self._pw_size self._pw_size = 32 current_write_count += 1 - insn_list.append(prog_wsrw_msg) # Digest reads for _ in range(num_digest_rd): self._fill_wsrr_mode = FillWsrrMode.DIGEST prog_wsrr_digest = self.fill_bn_wsrr(model) insn_list.append(prog_wsrr_digest) + if self._masked_mode: + self._fill_wsrr_mode = FillWsrrMode.DIGEST1 + prog_wsrr_digest = self.fill_bn_wsrr(model) + insn_list.append(prog_wsrr_digest) # Status read op_vals = [] @@ -304,9 +305,14 @@ def fill_msg_insns(self, model: Model) -> list[ProgInsn]: self._fill_wsrr_mode = FillWsrrMode.MSG prog_wsrr_msg = self.fill_bn_wsrr(model) - self._wsrw_wrs = prog_wsrr_msg.operands[0] + self._share0_wrs = prog_wsrr_msg.operands[0] insn_list.append(prog_wsrr_msg) + # Generate a second source for MSG data + if self._masked_mode: + prog_rshi_msg = self.fill_bn_rshi(model) + insn_list.append(prog_rshi_msg) + return insn_list def fill_cfg_insns(self, model: Model) -> list[ProgInsn]: @@ -450,7 +456,8 @@ def _fill_li_cfg(self) -> Tuple[int, int]: cfg_mask |= (self._sha3_mode.value & 0b11) << 0 # Sha3 Mode [1:0] cfg_mask |= (self._keccak_strength.value & 0b111) << 2 # Strength [4:2] cfg_mask |= (byte_remainder & 0b111) << 5 # Msg Bytes [7:5] - cfg_mask |= (whole_words & 0x7FFFFF) << 8 # Msg Words [30:8] + cfg_mask |= (whole_words & 0xFFF) << 8 # Msg Words [19:8] + cfg_mask |= (self._masked_mode & 0b1) << 20 # Masked Mode [20] cfg_mask |= (self._cfg_done & 0b1) << 31 # Cfg Done [31] lui_imm_op_val = cfg_mask >> 12 @@ -472,6 +479,44 @@ def _fill_li_msg(self, model: Model) -> Tuple[int, int]: raise ValueError("Unable to create immediate values") return lui_imm_op_val, addi_imm_op_val + def fill_bn_rshi(self, model: Model) -> ProgInsn: + ''' Function to generate bn.rshi insn opcode values ''' + op_vals = [] + bn_rshi_wrs2_val = self._share0_wrs + bn_rshi_wrd_val = bn_rshi_wrs2_val + bn_rshi_wrs1_val = bn_rshi_wrs2_val + + # Generate a new WRD value + while bn_rshi_wrd_val == bn_rshi_wrs2_val: + bn_rshi_wrd = model.pick_operand_value(self.bn_rshi_wrd_op_type) + if bn_rshi_wrd is None: + raise ValueError("Unable to generate bn.rshi destination reg") + else: + bn_rshi_wrd_val = bn_rshi_wrd + + # Generate a new WRS1 value + while bn_rshi_wrs1_val in [bn_rshi_wrs2_val, bn_rshi_wrd_val]: + bn_rshi_wrs1 = model.pick_operand_value(self.bn_rshi_wrs1_op_type) + if bn_rshi_wrs1 is None: + raise ValueError("Unable to generate bn.rshi wsr1 reg") + else: + bn_rshi_wrs1_val = bn_rshi_wrs1 + + # Generate the immediate + bn_rshi_imm_val = model.pick_operand_value(self.bn_rshi_imm_op_type) + if bn_rshi_imm_val is None: + raise ValueError("Unable to generate bn.rshi wsr1 reg") + + op_vals.append(bn_rshi_wrd_val) + op_vals.append(bn_rshi_wrs1_val) + op_vals.append(bn_rshi_wrs2_val) + op_vals.append(bn_rshi_imm_val) + + self._share1_wrs = bn_rshi_wrd_val + + assert len(op_vals) == len(self.bn_rshi.operands) + return ProgInsn(self.bn_rshi, op_vals, None) + def fill_bn_wsrr(self, model: Model) -> ProgInsn: ''' Function to generate wsrr insn opcode values ''' @@ -490,6 +535,8 @@ def fill_bn_wsrr(self, model: Model) -> ProgInsn: bn_wsrr_wsr_val = model._kmac_wsr_addr["MOD"] elif (self._fill_wsrr_mode == FillWsrrMode.DIGEST): bn_wsrr_wsr_val = model._kmac_wsr_addr["KMAC_DIGEST"] + elif (self._fill_wsrr_mode == FillWsrrMode.DIGEST1): + bn_wsrr_wsr_val = model._kmac_wsr_addr["KMAC_DIGEST1"] op_vals.append(bn_wsrr_wsr_val) addr = bn_wsrr_wsr_val @@ -507,12 +554,16 @@ def fill_bn_wsrw(self, model: Model) -> ProgInsn: # Pick destination register if (self._fill_wsrw_mode == FillWsrwMode.MSG): bn_wsrw_wsr_val = model._kmac_wsr_addr["KMAC_MSG"] + bn_wsrw_wrs_val = self._share0_wrs + # Pick destination register + if (self._fill_wsrw_mode == FillWsrwMode.MSG1): + bn_wsrw_wsr_val = model._kmac_wsr_addr["KMAC_MSG1"] + bn_wsrw_wrs_val = self._share1_wrs op_vals.append(bn_wsrw_wsr_val) addr = bn_wsrw_wsr_val - # Pick source WSR Addr - bn_wsrw_wrs_val = self._wsrw_wrs + # Get source WSR Addr op_vals.append(bn_wsrw_wrs_val) assert len(op_vals) == len(self.bn_wsrw.operands) @@ -542,7 +593,9 @@ class FillLiMode(Enum): class FillWsrrMode(Enum): MSG = auto() DIGEST = auto() + DIGEST1 = auto() class FillWsrwMode(Enum): MSG = auto() + MSG1 = auto() diff --git a/hw/ip/acc/dv/rig/rig/gens/bad_app_req.py b/hw/ip/acc/dv/rig/rig/gens/bad_app_req.py new file mode 100644 index 00000000000..07b782b01d2 --- /dev/null +++ b/hw/ip/acc/dv/rig/rig/gens/bad_app_req.py @@ -0,0 +1,285 @@ +# Copyright zeroRISC Inc. +# Licensed under the Apache License, Version 2.0, see LICENSE for details. +# SPDX-License-Identifier: Apache-2.0 + +import random +from enum import Enum, auto + +from shared.insn_yaml import InsnsFile + +from .app_req import KmacAppReqInsn, FillWsrwMode, FillWsrrMode +from ..config import Config +from ..program import ProgInsn, Program +from ..model import Model + + +class BadKmacAppReqInsn(KmacAppReqInsn): + '''A snippet generator that generates program ending kmac instructions. + This includes oversized/undersized messages, fifo overflows, invalid + share read/writes. + ''' + + pqc_program = True + ends_program = True + + def __init__(self, cfg: Config, insns_file: InsnsFile) -> None: + super().__init__(cfg, insns_file) + + self._error_mode = KmacErrorMode.MalformedSize + self._size_mode = SizeErrorMode.AltCFG + + def _gen(self, model: Model, program: Program) -> list[ProgInsn]: + """ Helper function to build and return a full instruction list for the given message size. + The list of instructions returned are illegal for KMAC operations. + """ + # Take a clean KMAC operation to inject errors into + insn_list = super()._gen(model, program) + + # Split the valid errors by masking mode + if self._masked_mode: + self._error_mode = random.choices([KmacErrorMode.MalformedSize, + KmacErrorMode.Overflow], + weights=[1, 0.5])[0] + else: + self._error_mode = random.choices([KmacErrorMode.MalformedSize, + KmacErrorMode.IllegalMsg, + KmacErrorMode.IllegalDigest], + weights=[0.5, 1, 1])[0] + + print(self._error_mode) + + # Inject based on error mode chosen + if self._error_mode == KmacErrorMode.MalformedSize: + err_insn_list = self._inject_size(model, insn_list) + elif self._error_mode == KmacErrorMode.IllegalMsg: + err_insn_list = self._inject_illegal_msg(model, insn_list) + elif self._error_mode == KmacErrorMode.IllegalDigest: + err_insn_list = self._inject_illegal_digest(model, insn_list) + elif self._error_mode == KmacErrorMode.Overflow: + err_insn_list = self._inject_fifo_overflow(model, insn_list) + + return err_insn_list + + def _inject_size(self, model: Model, insn_list: list[ProgInsn]) -> list[ProgInsn]: + ''' Makes a malformed sized message both oversized and undersized ''' + cfg_insn_idx = [] + pw_insn_idx = [] + msg0_insn_idx = [] + msg1_insn_idx = [] + insn_cnt = 0 + + err_insn_list = insn_list + + for insn in insn_list: + if ( + insn.insn.mnemonic == 'bn.wsrw' and + insn.operands[0] == model._kmac_wsr_addr["KMAC_MSG"] + ): + # This is a valid write to the KMAC MSG0 register + msg0_insn_idx.append(insn_cnt) + if ( + insn.insn.mnemonic == 'bn.wsrw' and + insn.operands[0] == model._kmac_wsr_addr["KMAC_MSG1"] + ): + # This is a valid write to the KMAC MSG0 register + msg1_insn_idx.append(insn_cnt) + if ( + insn.insn.mnemonic == 'csrrw' and + insn.operands[1] == model._kmac_csr_addr["KMAC_CFG"] + ): + # This is a valid write to the KMAC CFG register + cfg_insn_idx.append(insn_cnt) + if ( + insn.insn.mnemonic == 'csrrw' and + insn.operands[1] == model._kmac_csr_addr["KMAC_PW"] + ): + # This is a valid write to the KMAC PW register + pw_insn_idx.append(insn_cnt) + + insn_cnt += 1 + + assert msg0_insn_idx[0] is not None + assert cfg_insn_idx[0] is not None + if self._masked_mode: + assert msg1_insn_idx[0] is not None + + self._size_mode = random.choices([SizeErrorMode.AltCFG, + SizeErrorMode.AltPW, + SizeErrorMode.InsertPW, + SizeErrorMode.InsertMSG], + weights=[1, 1, 1, 1])[0] + + if self._size_mode == SizeErrorMode.AltCFG: + # Inject an error into the config to cause a mismatch in the size + # Use the first cfg instruction to modify the length + cfg_wrs = insn_list[cfg_insn_idx[0]].operands[2] + inject_idx = cfg_insn_idx[0] + + addi_op_vals = [] + addi_imm_op_val = model.pick_operand_value(self.addi_imm_op_type) + assert addi_imm_op_val is not None + addi_imm_op_val = addi_imm_op_val & 0x7E0 # Apply mask to not change the strength/mode + addi_op_vals.append(cfg_wrs) + addi_op_vals.append(cfg_wrs) + addi_op_vals.append(addi_imm_op_val) + + prog_insn = ProgInsn(self.addi, addi_op_vals, None) + err_insn_list.insert(inject_idx, prog_insn) + + if self._size_mode == SizeErrorMode.AltPW: + # Change an existing PW mask value + # It is possible to not have any partial write + if pw_insn_idx is not None: + addi_op_vals = [] + # Change the addi instruction before the csrrw into partial write + addi_idx = (random.choice(pw_insn_idx) - 1) + # Get the destination register + addi_grd_val = insn_list[addi_idx].operands[0] + addi_op_vals.append(addi_grd_val) + addi_grs1_val = 0x0 + addi_op_vals.append(addi_grs1_val) + # Set the range for PW value + addi_imm_val = random.randint(1, 31) + addi_op_vals.append(addi_imm_val) + assert len(addi_op_vals) == len(self.addi.operands) + prog_insn = ProgInsn(self.addi, addi_op_vals, None) + err_insn_list[addi_idx] = prog_insn + + else: + # If there is no partial words then we will add one to shorten the message + self._size_mode == SizeErrorMode.InsertPW + + if self._size_mode == SizeErrorMode.InsertPW: + inject_idx = random.choice(pw_insn_idx) + + if self._size_mode == SizeErrorMode.InsertMSG: + inject_idx = random.choice(msg0_insn_idx) + self._share0_wrs = insn_list[msg0_insn_idx[0]].operands[1] + if self._masked_mode: + assert msg1_insn_idx is not None + self._share1_wrs = insn_list[msg1_insn_idx[0]].operands[1] + + # If masked then add pairs of message writes + for _ in range(random.randint(1, 4)): + self._fill_wsrw_mode = FillWsrwMode.MSG + prog_insn = self.fill_bn_wsrw(model) + err_insn_list.insert(inject_idx, prog_insn) + if self._masked_mode: + self._fill_wsrw_mode = FillWsrwMode.MSG1 + prog_insn = self.fill_bn_wsrw(model) + err_insn_list.insert(inject_idx, prog_insn) + + return err_insn_list + + def _inject_illegal_msg(self, model: Model, insn_list: list[ProgInsn]) -> list[ProgInsn]: + ''' Adds an illegal MSG write in unmasked mode ''' + insn_idx = [] + insn_cnt = 0 + + err_insn_list = insn_list + + for insn in insn_list: + if ( + insn.insn.mnemonic == 'bn.wsrw' and + insn.operands[0] == model._kmac_wsr_addr["KMAC_MSG"] + ): + # This is a valid write to the KMAC MSG0 register + insn_idx.append(insn_cnt) + insn_cnt += 1 + + assert insn_idx[0] is not None + + self._fill_wsrw_mode = FillWsrwMode.MSG1 + self._share1_wrs = insn_list[insn_idx[0]].operands[1] + prog_insn = self.fill_bn_wsrw(model) + + inject_idx = random.choice(insn_idx) + err_insn_list.insert(inject_idx, prog_insn) + + return err_insn_list + + def _inject_illegal_digest(self, model: Model, insn_list: list[ProgInsn]) -> list[ProgInsn]: + ''' Adds an illegal DIGEST read in unmasked mode ''' + insn_idx = [] + insn_cnt = 0 + + err_insn_list = insn_list + + for insn in insn_list: + if ( + insn.insn.mnemonic == 'bn.wsrr' and + insn.operands[1] == model._kmac_wsr_addr["KMAC_DIGEST"] + ): + # This is a valid read from the KMAC DIGEST0 register + insn_idx.append(insn_cnt) + insn_cnt += 1 + + assert insn_idx[0] is not None + + self._fill_wsrr_mode = FillWsrrMode.DIGEST1 + prog_insn = self.fill_bn_wsrr(model) + + inject_idx = random.choice(insn_idx) + err_insn_list.insert(inject_idx, prog_insn) + + return err_insn_list + + def _inject_fifo_overflow(self, model: Model, insn_list: list[ProgInsn]) -> list[ProgInsn]: + ''' Makes a deadlock by filling a message FIFO in masked mode ''' + msg0_insn_idx = [] + msg1_insn_idx = [] + insn_cnt = 0 + msg0_fill = True + + err_insn_list = insn_list + + for insn in insn_list: + if ( + insn.insn.mnemonic == 'bn.wsrw' and + insn.operands[0] == model._kmac_wsr_addr["KMAC_MSG"] + ): + # This is a valid write to the KMAC MSG0 register + msg0_insn_idx.append(insn_cnt) + if ( + insn.insn.mnemonic == 'bn.wsrw' and + insn.operands[0] == model._kmac_wsr_addr["KMAC_MSG1"] + ): + # This is a valid write to the KMAC MSG1 register + msg1_insn_idx.append(insn_cnt) + insn_cnt += 1 + + assert msg0_insn_idx[0] is not None + if msg1_insn_idx is not None: + msg0_fill = random.choices([True, False], weights=[1, 1])[0] + + # Decide which FIFO to inject multiple writes too in order to overflow + if msg0_fill: + self._fill_wsrw_mode = FillWsrwMode.MSG + self._share1_wrs = insn_list[msg0_insn_idx[0]].operands[1] + msg0_prog_insn = self.fill_bn_wsrw(model) + inject_idx = random.choice(msg0_insn_idx) + for _ in range(random.randint(2, 4)): + err_insn_list.insert(inject_idx, msg0_prog_insn) + elif msg1_insn_idx is not None and not msg0_fill: + self._fill_wsrw_mode = FillWsrwMode.MSG1 + self._share1_wrs = insn_list[msg1_insn_idx[0]].operands[1] + msg1_prog_insn = self.fill_bn_wsrw(model) + inject_idx = random.choice(msg1_insn_idx) + for _ in range(random.randint(2, 4)): + err_insn_list.insert(inject_idx, msg1_prog_insn) + + return err_insn_list + + +class KmacErrorMode(Enum): + MalformedSize = auto() + IllegalMsg = auto() + IllegalDigest = auto() + Overflow = auto() + + +class SizeErrorMode(Enum): + AltCFG = auto() + AltPW = auto() + InsertPW = auto() + InsertMSG = auto() diff --git a/hw/ip/acc/dv/rig/rig/model.py b/hw/ip/acc/dv/rig/rig/model.py index e4df6de1ef1..90fae7440a1 100644 --- a/hw/ip/acc/dv/rig/rig/model.py +++ b/hw/ip/acc/dv/rig/rig/model.py @@ -259,8 +259,10 @@ def __init__(self, dmem_size: int, fuel: int, pqc: bool) -> None: if self.pqc: wsrs.touch_addr(0x8) # KMAC_CFG wsrs.touch_addr(0x9) # KMAC_MSG - wsrs.touch_addr(0xa) # KMAC_DIGEST - wsrs.touch_addr(0xb) # ACCH + wsrs.touch_addr(0xa) # KMAC_MSG SHARE1 + wsrs.touch_addr(0xb) # KMAC_DIGEST + wsrs.touch_addr(0xc) # KMAC_DIGEST SHARE1 + wsrs.touch_addr(0xd) # ACCH # Separate CSR list for KMAC as these should be off-limits from # non app_req generators, with the exception of MOD0 @@ -277,7 +279,9 @@ def __init__(self, dmem_size: int, fuel: int, pqc: bool) -> None: "MOD": 0x0, "KMAC_CFG": 0x8, "KMAC_MSG": 0x9, - "KMAC_DIGEST": 0xa + "KMAC_MSG1": 0xc, + "KMAC_DIGEST": 0xa, + "KMAC_DIGEST1": 0xd } # The current PC (the address of the next instruction that needs diff --git a/hw/ip/acc/dv/rig/rig/snippet_gens.py b/hw/ip/acc/dv/rig/rig/snippet_gens.py index edcaf798c09..648127459ee 100644 --- a/hw/ip/acc/dv/rig/rig/snippet_gens.py +++ b/hw/ip/acc/dv/rig/rig/snippet_gens.py @@ -27,6 +27,7 @@ from .gens.app_req import KmacAppReqInsn from .gens.clear_wsr import ClearWsr +from .gens.bad_app_req import BadKmacAppReqInsn from .gens.bad_at_end import BadAtEnd from .gens.bad_bnmovr import BadBNMovr from .gens.bad_branch import BadBranch @@ -57,6 +58,7 @@ class SnippetGens: UntakenBranch, ECall, + BadKmacAppReqInsn, BadAtEnd, BadBNMovr, BadBranch, diff --git a/hw/ip/acc/dv/smoke_pqc/smoke_test.s b/hw/ip/acc/dv/smoke_pqc/smoke_test.s index 911bc7cafdf..3703a10286a 100644 --- a/hw/ip/acc/dv/smoke_pqc/smoke_test.s +++ b/hw/ip/acc/dv/smoke_pqc/smoke_test.s @@ -123,21 +123,32 @@ csrrw x0, mod0, x23 csrrs x23, mod5, x0 bn.wsrr w1, 0x0 /* MOD 82a 4ea*/ -li x23, 0x000008ea +bn.not w2, w1 +li x23, 0x001008ea csrrw x0, kmac_cfg, x23 li x23, 0x0000001a csrrw x0, kmac_partial_write, x23 -bn.wsrw 0x9, w1 /* MSG */ +bn.wsrw 0x9, w1 /* MSG SHARE0 */ +bn.wsrw 0xc, w2 /* MSG SHARE1 */ li x23, 0x0000000d csrrw x0, kmac_partial_write, x23 -bn.wsrw 0x9, w1 /* MSG */ -bn.wsrw 0x9, w1 /* MSG */ -bn.wsrr w2, 0xa /* DIGEST */ -bn.wsrr w2, 0xa /* DIGEST */ -bn.wsrr w2, 0xa /* DIGEST */ -bn.wsrr w2, 0xa /* DIGEST */ -bn.wsrr w3, 0xa /* DIGEST */ -li x23, 0x800008ea /* STOP CFG 0x8000040a */ +bn.wsrw 0x9, w1 /* MSG SHARE0 */ +bn.wsrw 0xc, w2 /* MSG SHARE1 */ +bn.wsrw 0x9, w1 /* MSG SHARE0 */ +bn.wsrw 0xc, w2 /* MSG SHARE1 */ +bn.wsrr w2, 0xa /* DIGEST SHARE0 */ +bn.wsrr w3, 0xd /* DIGEST SHARE1 */ +bn.wsrr w2, 0xa /* DIGEST SHARE0 */ +bn.wsrr w3, 0xd /* DIGEST SHARE1 */ +bn.wsrr w2, 0xa /* DIGEST SHARE0 */ +bn.wsrr w2, 0xa /* DIGEST SHARE0 */ +bn.wsrr w3, 0xa /* DIGEST SHARE0 */ +bn.wsrr w3, 0xd /* DIGEST SHARE1 */ +bn.wsrr w3, 0xd /* DIGEST SHARE1 */ +bn.wsrr w3, 0xd /* DIGEST SHARE1 */ +bn.wsrr w2, 0xa +csrrs x24, kmac_status, x0 +li x23, 0x801008ea /* STOP CFG 0x8000040a */ csrrw x0, kmac_cfg, x23 li x23, 0x53769ada @@ -147,6 +158,24 @@ bn.wsrw 0x3, w3 /* ACC */ bn.wsrr w4, 0xb bn.wsrr w5, 0x3 +bn.wsrr w1, 0x0 /* MOD 82a 4ea*/ +bn.not w2, w1 +li x23, 0x000008ea +csrrw x0, kmac_cfg, x23 +li x23, 0x0000001a +csrrw x0, kmac_partial_write, x23 +bn.wsrw 0x9, w1 /* MSG SHARE0 */ +li x23, 0x0000000d +csrrw x0, kmac_partial_write, x23 +bn.wsrw 0x9, w1 /* MSG SHARE0 */ +bn.wsrw 0x9, w1 /* MSG SHARE0 */ +bn.wsrr w2, 0xa /* DIGEST SHARE0 */ +bn.wsrr w2, 0xa /* DIGEST SHARE0 */ +bn.wsrr w2, 0xa /* DIGEST SHARE0 */ +bn.wsrr w2, 0xa /* DIGEST SHARE0 */ +csrrs x24, kmac_status, x0 +li x23, 0x800008ea /* STOP CFG 0x8000040a */ +csrrw x0, kmac_cfg, x23 # Note that some instructions used the fixed inputs (from w1 and w2) others use # results from previous instructions. When debugging an failure it is recommended diff --git a/hw/ip/acc/dv/tracer/rtl/acc_trace_if.sv b/hw/ip/acc/dv/tracer/rtl/acc_trace_if.sv index 45a161397ef..92107f18eac 100644 --- a/hw/ip/acc/dv/tracer/rtl/acc_trace_if.sv +++ b/hw/ip/acc/dv/tracer/rtl/acc_trace_if.sv @@ -270,11 +270,20 @@ interface acc_trace_if u_acc_alu_bignum.mod_intg_q[i_word*39+:32]; assign ispr_read_data[IsprMod][i_word*32+:32] = u_acc_alu_bignum.mod_intg_q[i_word*39+:32]; assign ispr_write_data[IsprAcc][i_word*32+:32] = u_acc_mac_bignum.acc_intg_d[i_word*39+:32]; - assign ispr_write_data[IsprKmacMsg][i_word*32+:32] = - u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_wr_en[i_word] ? u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_intg_d[i_word*39+:32] : - u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_intg_q[i_word*39+:32]; - assign ispr_read_data[IsprKmacMsg][i_word*32+:32] = u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_intg_q[i_word*39+:32]; - assign ispr_write_data[IsprAccH][i_word*32+:32] = u_acc_mac_bignum.gen_acch_wr_en.acch_intg_d[i_word*39+:32]; + assign ispr_write_data[IsprKmacMsg0][i_word*32+:32] = + u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_wr_en[0][i_word] ? + u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_intg_d[0][i_word*39+:32] : + u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_intg_q[0][i_word*39+:32]; + assign ispr_read_data[IsprKmacMsg0][i_word*32+:32] = + u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_intg_q[0][i_word*39+:32]; + assign ispr_write_data[IsprKmacMsg1][i_word*32+:32] = + u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_wr_en[1][i_word] ? + u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_intg_d[1][i_word*39+:32] : + u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_intg_q[1][i_word*39+:32]; + assign ispr_read_data[IsprKmacMsg1][i_word*32+:32] = + u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_intg_q[1][i_word*39+:32]; + assign ispr_write_data[IsprAccH][i_word*32+:32] = + u_acc_mac_bignum.gen_acch_wr_en.acch_intg_d[i_word*39+:32]; end end else begin : gen_ispr_data for (genvar i_word = 0; i_word < BaseWordsPerWLEN; i_word++) begin : g_mod_and_acc_words @@ -283,8 +292,10 @@ interface acc_trace_if u_acc_alu_bignum.mod_intg_q[i_word*39+:32]; assign ispr_read_data[IsprMod][i_word*32+:32] = u_acc_alu_bignum.mod_intg_q[i_word*39+:32]; assign ispr_write_data[IsprAcc][i_word*32+:32] = u_acc_mac_bignum.acc_intg_d[i_word*39+:32]; - assign ispr_write_data[IsprKmacMsg][i_word*32+:32] = 32'b0; - assign ispr_read_data[IsprKmacMsg][i_word*32+:32] = 32'b0; + assign ispr_write_data[IsprKmacMsg0][i_word*32+:32] = 32'b0; + assign ispr_read_data[IsprKmacMsg0][i_word*32+:32] = 32'b0; + assign ispr_write_data[IsprKmacMsg1][i_word*32+:32] = 32'b0; + assign ispr_read_data[IsprKmacMsg1][i_word*32+:32] = 32'b0; assign ispr_write_data[IsprAccH][i_word*32+:32] = 32'b0; end end @@ -297,10 +308,14 @@ interface acc_trace_if generate if (AccPQCEn) begin : gen_ispr_read_write_pqc - // KMAC MSG - assign ispr_read[IsprKmacMsg] = - (any_ispr_read & (ispr_addr == IsprKmacMsg)); - assign ispr_write[IsprKmacMsg] = u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_wr_en & ~ispr_init; + // KMAC MSG SHARE 0 + assign ispr_read[IsprKmacMsg0] = + (any_ispr_read & (ispr_addr == IsprKmacMsg0)); + assign ispr_write[IsprKmacMsg0] = u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_wr_en[0] & ~ispr_init; + // KMAC MSG SHARE 1 + assign ispr_read[IsprKmacMsg1] = + (any_ispr_read & (ispr_addr == IsprKmacMsg1)); + assign ispr_write[IsprKmacMsg1] = u_acc_alu_bignum.gen_pqc_wsr.kmac_msg_wr_en[1] & ~ispr_init; // KMAC CFG assign ispr_read[IsprKmacCfg] = (any_ispr_read & (ispr_addr == IsprKmacCfg)); @@ -322,8 +337,11 @@ interface acc_trace_if end else begin : gen_ispr_read_write_blank // Need to drive unused signals for verilator linting // KMAC MSG - assign ispr_read[IsprKmacMsg] = 1'b0; - assign ispr_write[IsprKmacMsg] = 1'b0; + assign ispr_read[IsprKmacMsg0] = 1'b0; + assign ispr_write[IsprKmacMsg0] = 1'b0; + // KMAC MSG SHARE 0 + assign ispr_read[IsprKmacMsg1] = 1'b0; + assign ispr_write[IsprKmacMsg1] = 1'b0; // KMAC CFG assign ispr_read[IsprKmacCfg] = 1'b0; assign ispr_read_data[IsprKmacCfg] = 256'b0; @@ -339,11 +357,16 @@ interface acc_trace_if assign ispr_read_data[IsprKmacStatus] = 256'b0; assign ispr_write[IsprKmacStatus] = 1'b0; assign ispr_write_data[IsprKmacStatus] = 256'b0; - // KMAC DIGEST - assign ispr_read[IsprKmacDigest] = 1'b0; - assign ispr_read_data[IsprKmacDigest] = 256'b0; - assign ispr_write[IsprKmacDigest] = 1'b0; - assign ispr_write_data[IsprKmacDigest] = 256'b0; + // KMAC DIGEST SHARE 0 + assign ispr_read[IsprKmacDigest0] = 1'b0; + assign ispr_read_data[IsprKmacDigest0] = 256'b0; + assign ispr_write[IsprKmacDigest0] = 1'b0; + assign ispr_write_data[IsprKmacDigest0] = 256'b0; + // KMAC DIGEST SHARE 1 + assign ispr_read[IsprKmacDigest1] = 1'b0; + assign ispr_read_data[IsprKmacDigest1] = 256'b0; + assign ispr_write[IsprKmacDigest1] = 1'b0; + assign ispr_write_data[IsprKmacDigest1] = 256'b0; // ACCH assign ispr_write[IsprAccH] = 1'b0; assign ispr_read[IsprAccH] = 1'b0; diff --git a/hw/ip/acc/dv/tracer/rtl/acc_tracer.sv b/hw/ip/acc/dv/tracer/rtl/acc_tracer.sv index 4fcb3431e96..3425180c102 100644 --- a/hw/ip/acc/dv/tracer/rtl/acc_tracer.sv +++ b/hw/ip/acc/dv/tracer/rtl/acc_tracer.sv @@ -99,9 +99,14 @@ module acc_tracer #( return "ACCH"; end end - IsprKmacMsg: begin + IsprKmacMsg0: begin if (AccPQCEn) begin - return "KMAC_MSG"; + return "KMAC_MSG0"; + end + end + IsprKmacMsg1: begin + if (AccPQCEn) begin + return "KMAC_MSG1"; end end IsprKmacCfg: begin diff --git a/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_agent_pkg.sv b/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_agent_pkg.sv index ea55cd50cad..07b80e79a06 100644 --- a/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_agent_pkg.sv +++ b/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_agent_pkg.sv @@ -57,6 +57,10 @@ package acc_app_agent_pkg; parameter int KECCAK_ABSORBED_LATENCY = KECCAK_CYCLES_PER_ROUND * KECCAK_NUM_ROUNDS + KECCAK_LATENCY_DIGEST_EXPOSED; + // Fixed mask parameter to covert unmasked DPI model to two shares + parameter logic [255:0] FIXED_MASK = + 256'h6AF4EEF3D009BFFEA30CAD5958E9B1ABCEDDC59CC16E7481E562B3B77E7ED45E; + `define CONNECT_DATA_WIDTH .HostDataWidth(acc_app_agent_pkg::KMAC_RSP_DATA_WIDTH) // package sources diff --git a/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_base_seq.sv b/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_base_seq.sv index 43231ba88ab..8dd30f3ac25 100644 --- a/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_base_seq.sv +++ b/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_base_seq.sv @@ -20,7 +20,11 @@ class acc_app_base_seq extends dv_base_seq #( bit saw_first_rsp = 0; bit should_send_rsp = 0; + // Toggle bit to determine fixed mask share and prevent low toggle cov + bit apply_mask = 0; + // Response digest shares + bit [255:0] unmasked_digest = '0; bit [255:0] digest_lsb_share0 = 0; bit [255:0] digest_lsb_share1 = 0; @@ -397,16 +401,28 @@ class acc_app_base_seq extends dv_base_seq #( // Determine the start index and interate through digest to get the 256-bit msb // 256-bit msb always contains the most recent portion of rsp digest start_idx = dpi_digest.size() - 1; + unmasked_digest = '0; digest_lsb_share0 = '0; + digest_lsb_share1 = '0; for (int i = 0; i < 32; i++) begin - digest_lsb_share0 = (digest_lsb_share0 << 8) | dpi_digest[start_idx - i]; + unmasked_digest = (unmasked_digest << 8) | dpi_digest[start_idx - i]; end + if (apply_mask) begin + digest_lsb_share0 = unmasked_digest ^ FIXED_MASK; + digest_lsb_share1 = FIXED_MASK; + end else begin + digest_lsb_share0 = FIXED_MASK; + digest_lsb_share1 = unmasked_digest ^ FIXED_MASK; + end + + apply_mask = !apply_mask; + // Computed digest is unmasked therefore set share1 to all 0. // Inject error if appropriate from sequence config rsp.rsp_digest_share0 = {128'h0, digest_lsb_share0}; - rsp.rsp_digest_share1 = {128'h0, 256'h0}; + rsp.rsp_digest_share1 = {128'h0, digest_lsb_share1}; rsp.rsp_error = 0; rsp.rsp_done = 1; rsp.rsp_ready = 0; diff --git a/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_intf.sv b/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_intf.sv index a6e6c86aee4..3200ff944a8 100644 --- a/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_intf.sv +++ b/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_intf.sv @@ -14,7 +14,8 @@ interface acc_app_intf (input clk, input rst_n); wire req_next; wire req_hold; wire req_valid; - wire [kmac_pkg::MsgWidth-1:0] req_data; + wire [kmac_pkg::MsgWidth-1:0] req_data_share0; + wire [kmac_pkg::MsgWidth-1:0] req_data_share1; wire [kmac_pkg::MsgStrbW-1:0] req_strb; wire req_last; @@ -41,7 +42,8 @@ interface acc_app_intf (input clk, input rst_n); output req_next; output req_hold; output req_valid; - output req_data; + output req_data_share0; + output req_data_share1; output req_strb; output req_last; endclocking @@ -52,14 +54,16 @@ interface acc_app_intf (input clk, input rst_n); input req_next; input req_hold; input req_valid; - input req_data; + input req_data_share0; + input req_data_share1; input req_strb; input req_last; input rsp_ready; endclocking // Split kmac_data_req signals - assign {req_valid, req_hold, req_next, req_data, req_strb, req_last} = kmac_data_req; + assign {req_valid, req_hold, req_next, req_data_share0, req_data_share1, req_strb, req_last} = + kmac_data_req; // Assemble kmac_data_rsp signals assign kmac_data_rsp = {rsp_ready, rsp_done, rsp_digest_share0, rsp_digest_share1, rsp_error}; diff --git a/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_item.sv b/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_item.sv index d56c75b2c5e..bc01dfd6f34 100644 --- a/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_item.sv +++ b/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_item.sv @@ -8,7 +8,8 @@ class acc_app_item extends kmac_app_item; rand bit req_valid; rand bit req_hold; rand bit req_next; - rand bit [kmac_pkg::MsgWidth-1:0] req_data; + rand bit [kmac_pkg::MsgWidth-1:0] req_data_share0; + rand bit [kmac_pkg::MsgWidth-1:0] req_data_share1; rand bit [kmac_pkg::MsgStrbW-1:0] req_strb; rand bit req_last; rand bit rsp_done; @@ -20,7 +21,8 @@ class acc_app_item extends kmac_app_item; `uvm_field_int(req_valid, UVM_DEFAULT) `uvm_field_int(req_hold, UVM_DEFAULT) `uvm_field_int(req_next, UVM_DEFAULT) - `uvm_field_int(req_data, UVM_DEFAULT) + `uvm_field_int(req_data_share0, UVM_DEFAULT) + `uvm_field_int(req_data_share1, UVM_DEFAULT) `uvm_field_int(req_strb, UVM_DEFAULT) `uvm_field_int(req_last, UVM_DEFAULT) `uvm_field_int(rsp_done, UVM_DEFAULT) diff --git a/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_monitor.sv b/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_monitor.sv index c9855294d94..1785a515c1b 100644 --- a/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_monitor.sv +++ b/hw/ip/acc/dv/uvm/acc_app_agent/acc_app_monitor.sv @@ -53,7 +53,8 @@ class acc_app_monitor extends dv_base_monitor #( // Collect first req word without ready asserted base_item.req_valid = cfg.vif.mon_cb.req_valid; - base_item.req_data = cfg.vif.mon_cb.req_data; + base_item.req_data_share0 = cfg.vif.mon_cb.req_data_share0; + base_item.req_data_share1 = cfg.vif.mon_cb.req_data_share1; base_item.req_strb = cfg.vif.mon_cb.req_strb; base_item.rsp_ready = cfg.vif.mon_cb.rsp_ready; base_item.req_next = cfg.vif.mon_cb.req_next; @@ -71,14 +72,16 @@ class acc_app_monitor extends dv_base_monitor #( // Only capture if word is valid and KMAC is ready to accept if (cfg.vif.mon_cb.req_valid && cfg.vif.mon_cb.rsp_ready && cfg.vif.mon_cb.rst_n) begin base_item.req_strb = cfg.vif.mon_cb.req_strb; - base_item.req_data = cfg.vif.mon_cb.req_data; + base_item.req_data_share0 = cfg.vif.mon_cb.req_data_share0; + base_item.req_data_share1 = cfg.vif.mon_cb.req_data_share1; base_item.req_valid = cfg.vif.mon_cb.req_valid; base_item.drive_rsp_ready = 1; // Only add valid words using strb for (int i = 0; i < KmacDataIfWidth/8; i++) begin if (cfg.vif.mon_cb.req_strb[i]) begin - base_item.byte_data_q.push_back(cfg.vif.mon_cb.req_data[i*8+:8]); + base_item.byte_data_q.push_back(cfg.vif.mon_cb.req_data_share0[i*8+:8] ^ + cfg.vif.mon_cb.req_data_share1[i*8+:8]); end end diff --git a/hw/ip/acc/dv/uvm/acc_base_sim_cfg.hjson b/hw/ip/acc/dv/uvm/acc_base_sim_cfg.hjson index 3659af01f89..6270ea07fb9 100644 --- a/hw/ip/acc/dv/uvm/acc_base_sim_cfg.hjson +++ b/hw/ip/acc/dv/uvm/acc_base_sim_cfg.hjson @@ -139,6 +139,15 @@ name: "{gen_fixed} --src-dir {multi_err_dir} {acc_elf_dir}" ] } + + // Run the random instruction generator to create errors in the KMAC + // AppIntf code snippet. + { + name: build_acc_rig_kmac_err_binary_mode + pre_run_cmds: [ + "{gen_rnd} --count 1 {acc_elf_dir} --config kmac-err" + ] + } ] // List of test specifications. diff --git a/hw/ip/acc/dv/uvm/acc_pqc_sim_cfg.hjson b/hw/ip/acc/dv/uvm/acc_pqc_sim_cfg.hjson index bfab6b74d7f..9202f384b96 100644 --- a/hw/ip/acc/dv/uvm/acc_pqc_sim_cfg.hjson +++ b/hw/ip/acc/dv/uvm/acc_pqc_sim_cfg.hjson @@ -24,4 +24,18 @@ // exclusion files vcs_cov_excl_files: ["{proj_root}/hw/ip/acc/dv/uvm/cov/acc_pqc_cov_excl.el"] + + tests: [ + // This test runs single binaries that specifically contain errors + // related to the KMAC AppIntf. Errors tested are both fatal and + // recoverable. The reseed value is not high as most other coverpoints + // are reached using the regular acc_single test. + { + name: "acc_kmac_err" + uvm_test_seq: "acc_kmac_intf_err_vseq" + en_run_modes: ["build_acc_rig_kmac_err_binary_mode"] + reseed: 10 + } + ] + } diff --git a/hw/ip/acc/dv/uvm/cov/acc_pqc_cov_excl.el b/hw/ip/acc/dv/uvm/cov/acc_pqc_cov_excl.el index cdd6a255959..7104da21f6d 100644 --- a/hw/ip/acc/dv/uvm/cov/acc_pqc_cov_excl.el +++ b/hw/ip/acc/dv/uvm/cov/acc_pqc_cov_excl.el @@ -1,587 +1,913 @@ -// Copyright zeroRISC Inc. +// Copyright lowRISC contributors (OpenTitan project). // Licensed under the Apache License, Version 2.0, see LICENSE for details. // SPDX-License-Identifier: Apache-2.0 - +// //================================================== // This file contains the Excluded objects // Generated By User: unknown // Format Version: 2 -// Date: Fri Dec 19 21:39:44 2025 +// Date: Mon Apr 13 20:41:53 2026 // ExclMode: default //================================================== -CHECKSUM: "3838931634 1997345871" +CHECKSUM: "1489286524 2094048665" INSTANCE: tb.dut.u_acc_core.u_acc_mac_bignum.gen_mac_adder_pqc.adder16 -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 29 "1327461312" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 1 "1079911058" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 3 "1850836550" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 5 "2283016551" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 7 "844025838" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 9 "3557513423" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 11 "4194630683" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 13 "474049338" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 15 "2322619582" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 17 "1815464863" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 19 "1768416641" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 21 "3394618914" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 23 "734183280" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 25 "2297470163" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 27 "3962392675" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" ANNOTATION: "vcs_gen_start:i=1:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 0 "1079911058" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 8 "3587187684" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=2:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 2 "1850836550" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 14 "2634351077" "(word_mode == VecType_h16) 1 -1" +ANNOTATION: "vcs_gen_start:i=2:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Condition 20 "953847928" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=3:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 4 "2283016551" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 26 "1512104922" "(word_mode == VecType_h16) 1 -1" +ANNOTATION: "vcs_gen_start:i=3:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Condition 32 "4294931015" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=4:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 6 "844025838" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 38 "2356297864" "(word_mode == VecType_h16) 1 -1" +ANNOTATION: "vcs_gen_start:i=4:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Condition 44 "699257109" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=5:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 8 "3557513423" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 50 "1264034487" "(word_mode == VecType_h16) 1 -1" +ANNOTATION: "vcs_gen_start:i=5:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Condition 56 "4001903402" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=6:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 10 "4194630683" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 62 "2791117099" "(word_mode == VecType_h16) 1 -1" +ANNOTATION: "vcs_gen_start:i=6:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Condition 68 "58884278" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=7:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 12 "474049338" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 74 "1635316500" "(word_mode == VecType_h16) 1 -1" +ANNOTATION: "vcs_gen_start:i=7:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Condition 80 "3299304073" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=8:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 14 "2322619582" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 86 "3121513757" "(word_mode == VecType_h16) 1 -1" +ANNOTATION: "vcs_gen_start:i=8:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Condition 92 "533795968" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=9:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 16 "1815464863" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 98 "2099996450" "(word_mode == VecType_h16) 1 -1" +ANNOTATION: "vcs_gen_start:i=9:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Condition 104 "3639932607" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=10:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 18 "1768416641" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 110 "3898654722" "(word_mode == VecType_h16) 1 -1" +ANNOTATION: "vcs_gen_start:i=10:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Condition 116 "2055998026" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=11:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 20 "3394618914" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 122 "3228953418" "(word_mode == VecType_h16) 1 -1" +ANNOTATION: "vcs_gen_start:i=11:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Condition 128 "1385767170" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=12:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 22 "734183280" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 134 "3951486326" "(word_mode == VecType_h16) 1 -1" +ANNOTATION: "vcs_gen_start:i=12:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Condition 140 "2037002046" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=13:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 24 "2297470163" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 146 "3281243710" "(word_mode == VecType_h16) 1 -1" +ANNOTATION: "vcs_gen_start:i=13:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Condition 152 "1367278710" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=14:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 26 "3962392675" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +Condition 158 "754746860" "(word_mode == VecType_h16) 1 -1" +ANNOTATION: "vcs_gen_start:i=14:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Condition 164 "3188740004" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=15:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Branch 28 "1327461312" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" -CHECKSUM: "994428267 3945285972" -INSTANCE: tb.dut.u_acc_core.u_acc_alu_bignum.gen_pqc_wsr.u_kmac_cfg_secded_dec -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_o [29] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_o [28] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_o [27] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_o [26] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_o [25] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_o [24] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_o [23] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_o [22] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_o [21] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_o [20] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_o [30] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_i [29] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_i [28] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_i [27] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_i [26] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_i [25] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_i [24] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_i [23] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_i [22] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_i [21] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_i [20] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [30:20] are unused in KMAC Cfg CSR" -Toggle data_i [30] "net data_i[38:0]" -CHECKSUM: "994428267 3945285972" -INSTANCE: tb.dut.u_acc_core.u_acc_alu_bignum.gen_pqc_wsr.u_kmac_status_secded_dec -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [30] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [29] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [28] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [27] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [26] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [25] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [24] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [23] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [22] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [21] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [20] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [19] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [18] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [17] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [16] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [15] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [14] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [13] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [12] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [11] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [10] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [9] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [8] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [7] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [6] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [5] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_o [31] "logic data_o[31:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [30] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [29] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [28] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [27] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [26] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [25] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [24] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [23] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [22] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [21] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [20] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [19] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [18] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [17] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [16] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [15] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [14] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [13] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [12] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [11] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [10] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [9] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [8] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [7] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [6] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [5] "net data_i[38:0]" -ANNOTATION: "[UNSUPPORTED]: Bits [31:5] of KMAC status CSR/WSR are unused" -Toggle data_i [31] "net data_i[38:0]" -CHECKSUM: "3838931634 2094048665" -INSTANCE: tb.dut.u_acc_core.u_acc_mac_bignum.gen_mac_adder_pqc.adder16 -ANNOTATION: "vcs_gen_start:i=1:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 2 "1880076921" "(word_mode == VecType_h16) 1 -1" +Condition 170 "82423460" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=15:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" Condition 176 "2516935916" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=15:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 170 "82423460" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=14:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 164 "3188740004" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=14:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 158 "754746860" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=13:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 152 "1367278710" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=13:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 146 "3281243710" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=12:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 140 "2037002046" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=12:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 134 "3951486326" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=11:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 128 "1385767170" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=11:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 122 "3228953418" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=10:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 116 "2055998026" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=10:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 110 "3898654722" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=9:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 104 "3639932607" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=9:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 98 "2099996450" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=8:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 92 "533795968" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=8:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 86 "3121513757" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=7:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 80 "3299304073" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=7:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 74 "1635316500" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=6:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 68 "58884278" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=6:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 62 "2791117099" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=5:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 56 "4001903402" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=5:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 50 "1264034487" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=4:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 44 "699257109" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=4:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 38 "2356297864" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=3:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 32 "4294931015" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=3:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 26 "1512104922" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=2:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 20 "953847928" "(word_mode == VecType_h16) 1 -1" -ANNOTATION: "vcs_gen_start:i=2:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 14 "2634351077" "(word_mode == VecType_h16) 1 -1" ANNOTATION: "vcs_gen_start:i=1:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" -Condition 8 "3587187684" "(word_mode == VecType_h16) 1 -1" -CHECKSUM: "127070474 927371340" -INSTANCE: tb.dut.u_acc_core.u_acc_decoder -ANNOTATION: "[UNR]: Decoder else conditions not reachable for vector insntructions when static AccPQCEn is 1" -Branch 4 "2344605462" "opcode_alu" (35) "opcode_alu InsnOpcodeBignumArith ,-,-,-,-,-,-,3'b101 ,-,1,1,0,-,-,-,-,-,-,-,-,-,-" -ANNOTATION: "[UNR]: Decoder else conditions not reachable for vector insntructions when static AccPQCEn is 1" -Branch 4 "2344605462" "opcode_alu" (59) "opcode_alu InsnOpcodeBignumTrn ,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,0" -ANNOTATION: "[UNR]: Decoder else conditions not reachable for vector insntructions when static AccPQCEn is 1" -Branch 4 "2344605462" "opcode_alu" (57) "opcode_alu InsnOpcodeBignumShiftv ,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,0,-" -ANNOTATION: "[UNR]: Decoder else conditions not reachable for vector insntructions when static AccPQCEn is 1" -Branch 4 "2344605462" "opcode_alu" (39) "opcode_alu InsnOpcodeBignumArith ,-,-,-,-,-,-,3'b101 ,-,0,-,-,-,1,0,-,-,-,-,-,-,-" -CHECKSUM: "737333266 3782559018" +Condition 2 "1880076921" "(word_mode == VecType_h16) 1 -1" +CHECKSUM: "2871781100 2232190594" INSTANCE: tb.dut.u_acc_core.u_acc_instruction_fetch.u_acc_predecode ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" -Branch 0 "3102685083" "imem_rvalid_i" (20) "imem_rvalid_i 1,InsnOpcodeBignumArith ,-,-,-,-,-,-,-,3'b101 ,1,0,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-" -ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" -Branch 0 "3102685083" "imem_rvalid_i" (21) "imem_rvalid_i 1,InsnOpcodeBignumArith ,-,-,-,-,-,-,-,3'b101 ,0,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-" -ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" -Branch 0 "3102685083" "imem_rvalid_i" (54) "imem_rvalid_i 1,InsnOpcodeBignumTrn ,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,0" -ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" -Branch 0 "3102685083" "imem_rvalid_i" (52) "imem_rvalid_i 1,InsnOpcodeBignumShiftv ,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,0,-" +Branch 1 "1937538066" "csr_addr_sel" (4) "csr_addr_sel 1,CsrKmacPartialW ,-,0,-,-,-,-,-,-,-,-" ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" -Branch 0 "3102685083" "imem_rvalid_i" (50) "imem_rvalid_i 1,InsnOpcodeBignumMulv ,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,0,-,-,-,-,-" +Branch 1 "1937538066" "csr_addr_sel" (6) "csr_addr_sel 1,CsrKmacStatus ,-,-,0,-,-,-,-,-,-,-" ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" -Branch 1 "2606768895" "csr_addr_sel" (2) "csr_addr_sel 1,CsrKmacCfg ,0,-,-,-,-,-,-,-" +Branch 1 "1937538066" "csr_addr_sel" (16) "csr_addr_sel 0,-,-,-,-,WsrKmacCfg ,0,-,-,-,-,-" ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" -Branch 1 "2606768895" "csr_addr_sel" (22) "csr_addr_sel 0,-,-,-,-,WsrAccH ,-,-,-,0" +Branch 1 "1937538066" "csr_addr_sel" (18) "csr_addr_sel 0,-,-,-,-,WsrKmacMsg0 ,-,0,-,-,-,-" ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" -Branch 1 "2606768895" "csr_addr_sel" (20) "csr_addr_sel 0,-,-,-,-,WsrKmacDigest ,-,-,0,-" +Branch 1 "1937538066" "csr_addr_sel" (20) "csr_addr_sel 0,-,-,-,-,WsrKmacMsg1 ,-,-,0,-,-,-" ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" -Branch 1 "2606768895" "csr_addr_sel" (18) "csr_addr_sel 0,-,-,-,-,WsrKmacMsg ,-,0,-,-" +Branch 1 "1937538066" "csr_addr_sel" (22) "csr_addr_sel 0,-,-,-,-,WsrKmacDigest0 ,-,-,-,0,-,-" ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" -Branch 1 "2606768895" "csr_addr_sel" (16) "csr_addr_sel 0,-,-,-,-,WsrKmacCfg ,0,-,-,-" +Branch 1 "1937538066" "csr_addr_sel" (2) "csr_addr_sel 1,CsrKmacCfg ,0,-,-,-,-,-,-,-,-,-" ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" -Branch 1 "2606768895" "csr_addr_sel" (6) "csr_addr_sel 1,CsrKmacStatus ,-,-,0,-,-,-,-,-" +Branch 1 "1937538066" "csr_addr_sel" (24) "csr_addr_sel 0,-,-,-,-,WsrKmacDigest1 ,-,-,-,-,0,-" ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" -Branch 1 "2606768895" "csr_addr_sel" (4) "csr_addr_sel 1,CsrKmacPartialW ,-,0,-,-,-,-,-,-" -CHECKSUM: "3569791575 3453920680" +Branch 1 "1937538066" "csr_addr_sel" (26) "csr_addr_sel 0,-,-,-,-,WsrAccH ,-,-,-,-,-,0" +CHECKSUM: "839184256 3260023796" INSTANCE: tb.dut ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [382] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [383] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [381] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [256] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [380] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [257] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [379] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [258] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [378] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [259] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [377] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [260] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [376] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [261] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [375] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [262] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [374] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [263] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [373] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [264] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [372] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [265] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [371] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [266] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [370] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [267] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [369] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [268] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [368] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [269] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [367] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [270] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [366] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [271] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [365] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [272] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [364] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [273] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [363] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [274] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [362] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [275] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [361] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [276] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [360] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [277] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [359] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [278] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [358] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [279] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [357] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [280] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [356] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [281] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [355] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [282] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [354] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [283] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [353] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [284] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [352] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [285] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [351] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [286] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [350] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [287] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [349] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [288] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [348] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [289] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [347] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [290] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [346] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [291] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [345] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [292] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [344] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [293] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [343] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [294] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [342] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [295] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [341] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [296] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [340] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [297] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [339] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [298] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [338] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [299] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [337] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [300] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [336] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [301] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [335] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [302] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [334] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [303] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [333] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [304] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [332] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [305] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [331] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [306] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [330] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [307] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [329] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [308] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [328] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [309] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [327] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [310] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [326] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [311] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [325] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [312] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [324] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [313] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [323] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [314] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [322] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [315] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [321] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [316] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [320] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [317] "logic kmac_data_i.digest_share0[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share0 [318] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" Toggle kmac_data_i.digest_share0 [319] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [318] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [320] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [317] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [321] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [316] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [322] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [315] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [323] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [314] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [324] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [313] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [325] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [312] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [326] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [311] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [327] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [310] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [328] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [309] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [329] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [308] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [330] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [307] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [331] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [306] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [332] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [305] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [333] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [304] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [334] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [303] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [335] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [302] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [336] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [301] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [337] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [300] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [338] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [299] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [339] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [298] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [340] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [297] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [341] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [296] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [342] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [295] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [343] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [294] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [344] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [293] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [345] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [292] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [346] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [291] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [347] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [290] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [348] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [289] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [349] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [288] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [350] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [287] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [351] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [286] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [352] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [285] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [353] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [284] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [354] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [283] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [355] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [282] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [356] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [281] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [357] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [280] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [358] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [279] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [359] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [278] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [360] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [277] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [361] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [276] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [362] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [275] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [363] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [274] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [364] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [273] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [365] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [272] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [366] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [271] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [367] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [270] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [368] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [269] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [369] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [268] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [370] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [267] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [371] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [266] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [372] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [265] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [373] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [264] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [374] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [263] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [375] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [262] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [376] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [261] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [377] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [260] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [378] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [259] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [379] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [258] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [380] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [257] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [381] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [256] "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_i.digest_share0 [382] "logic kmac_data_i.digest_share0[383:0]" ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" -Toggle kmac_data_i.digest_share0 [383] "logic kmac_data_i.digest_share0[383:0]" -ANNOTATION: "[UNSUPPORTED]: PQC does not support masked digest share from KMAC" -Toggle kmac_data_i.digest_share1 "logic kmac_data_i.digest_share1[383:0]" +Toggle kmac_data_i.digest_share1 [383] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [256] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [257] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [258] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [259] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [260] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [261] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [262] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [263] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [264] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [265] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [266] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [267] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [268] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [269] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [270] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [271] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [272] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [273] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [274] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [275] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [276] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [277] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [278] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [279] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [280] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [281] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [282] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [283] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [284] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [285] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [286] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [287] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [288] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [289] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [290] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [291] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [292] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [293] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [294] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [295] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [296] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [297] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [298] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [299] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [300] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [301] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [302] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [303] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [304] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [305] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [306] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [307] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [308] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [309] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [310] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [311] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [312] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [313] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [314] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [315] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [316] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [317] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [318] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [319] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [320] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [321] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [322] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [323] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [324] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [325] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [326] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [327] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [328] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [329] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [330] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [331] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [332] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [333] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [334] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [335] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [336] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [337] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [338] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [339] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [340] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [341] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [342] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [343] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [344] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [345] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [346] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [347] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [348] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [349] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [350] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [351] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [352] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [353] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [354] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [355] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [356] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [357] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [358] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [359] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [360] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [361] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [362] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [363] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [364] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [365] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [366] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [367] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [368] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [369] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [370] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [371] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [372] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [373] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [374] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [375] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [376] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [377] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [378] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [379] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [380] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [381] "logic kmac_data_i.digest_share1[383:0]" +ANNOTATION: "[UNSUPPORTED]: Only the 256 LSB are used in KMAC digest" +Toggle kmac_data_i.digest_share1 [382] "logic kmac_data_i.digest_share1[383:0]" +CHECKSUM: "994428267 3945285972" +INSTANCE: tb.dut.u_acc_core.u_acc_alu_bignum.gen_pqc_wsr.u_kmac_cfg_secded_dec +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_i [30] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_i [21] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_i [22] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_i [23] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_i [24] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_i [25] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_i [26] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_i [27] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_i [28] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_i [29] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_o [30] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_o [20] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_o [21] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_o [22] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_o [23] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_o [24] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_o [25] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_o [26] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_o [27] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_o [28] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [30:21] are unused in KMAC Cfg CSR" +Toggle data_o [29] "logic data_o[31:0]" +CHECKSUM: "994428267 3945285972" +INSTANCE: tb.dut.u_acc_core.u_acc_alu_bignum.gen_pqc_wsr.u_kmac_status_secded_dec +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [31] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [5] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [6] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [7] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [8] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [9] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [10] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [11] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [12] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [13] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [14] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [15] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [16] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [17] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [18] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [19] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [20] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [21] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [22] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [23] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [24] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [25] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [26] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [27] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [28] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [29] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [30] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [31] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [5] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [6] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [7] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [8] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [9] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [10] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [11] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [12] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [13] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [14] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [15] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [16] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [17] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [18] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [19] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [20] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [21] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [22] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [23] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [24] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [25] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [26] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [27] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [28] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [29] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [30] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [4] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_i [3] "net data_i[38:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [4] "logic data_o[31:0]" +ANNOTATION: "[UNSUPPORTED]: Bits [31:3] of KMAC status CSR/WSR are unused" +Toggle data_o [3] "logic data_o[31:0]" +CHECKSUM: "737333266 3782559018" +INSTANCE: tb.dut.u_acc_core.u_acc_instruction_fetch.u_acc_predecode +ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" +Branch 0 "3102685083" "imem_rvalid_i" (50) "imem_rvalid_i 1,InsnOpcodeBignumMulv ,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,0,-,-,-,-,-" +ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" +Branch 0 "3102685083" "imem_rvalid_i" (52) "imem_rvalid_i 1,InsnOpcodeBignumShiftv ,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,0,-" +ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" +Branch 0 "3102685083" "imem_rvalid_i" (54) "imem_rvalid_i 1,InsnOpcodeBignumTrn ,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,0" +ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" +Branch 0 "3102685083" "imem_rvalid_i" (21) "imem_rvalid_i 1,InsnOpcodeBignumArith ,-,-,-,-,-,-,-,3'b101 ,0,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-" +ANNOTATION: "[UNR]: Predecode else conditions not reachable when static AccPQCEn is 1" +Branch 0 "3102685083" "imem_rvalid_i" (20) "imem_rvalid_i 1,InsnOpcodeBignumArith ,-,-,-,-,-,-,-,3'b101 ,1,0,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-" +CHECKSUM: "3838931634 1997345871" +INSTANCE: tb.dut.u_acc_core.u_acc_mac_bignum.gen_mac_adder_pqc.adder16 +ANNOTATION: "vcs_gen_start:i=15:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 28 "1327461312" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 29 "1327461312" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=15:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 28 "1327461312" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 29 "1327461312" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=14:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 26 "3962392675" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 27 "3962392675" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=14:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 26 "3962392675" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 27 "3962392675" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=13:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 24 "2297470163" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 25 "2297470163" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=13:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 24 "2297470163" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 25 "2297470163" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=12:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 22 "734183280" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 23 "734183280" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=12:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 22 "734183280" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 23 "734183280" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=11:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 20 "3394618914" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 21 "3394618914" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=11:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 20 "3394618914" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 21 "3394618914" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=10:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 18 "1768416641" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 19 "1768416641" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=10:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 18 "1768416641" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 19 "1768416641" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=9:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 16 "1815464863" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 17 "1815464863" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=9:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 16 "1815464863" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 17 "1815464863" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=8:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 14 "2322619582" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 15 "2322619582" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=8:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 14 "2322619582" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 15 "2322619582" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=7:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 12 "474049338" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 13 "474049338" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=7:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 12 "474049338" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 13 "474049338" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=6:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 10 "4194630683" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 11 "4194630683" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=6:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 10 "4194630683" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 11 "4194630683" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=5:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 8 "3557513423" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 9 "3557513423" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=5:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 8 "3557513423" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 9 "3557513423" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=4:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 6 "844025838" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 7 "844025838" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=4:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 6 "844025838" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 7 "844025838" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=3:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 4 "2283016551" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 5 "2283016551" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=3:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 4 "2283016551" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 5 "2283016551" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=2:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 2 "1850836550" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 3 "1850836550" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=2:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 2 "1850836550" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 3 "1850836550" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=1:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 0 "1079911058" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 1 "1079911058" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:i=1:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 0 "1079911058" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +ANNOTATION: "vcs_gen_start:ALL:vcs_gen_end:[UNR]: Adder 16 can never have VecType_h16 mode as an input" +Branch 1 "1079911058" "(word_mode == VecType_h16)" (0) "(word_mode == VecType_h16) 1,-,-" +CHECKSUM: "127070474 927371340" +INSTANCE: tb.dut.u_acc_core.u_acc_decoder +ANNOTATION: "[UNR]: Decoder else conditions not reachable for vector insntructions when static AccPQCEn is 1" +Branch 4 "2344605462" "opcode_alu" (39) "opcode_alu InsnOpcodeBignumArith ,-,-,-,-,-,-,3'b101 ,-,0,-,-,-,1,0,-,-,-,-,-,-,-" +ANNOTATION: "[UNR]: Decoder else conditions not reachable for vector insntructions when static AccPQCEn is 1" +Branch 4 "2344605462" "opcode_alu" (57) "opcode_alu InsnOpcodeBignumShiftv ,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,0,-" +ANNOTATION: "[UNR]: Decoder else conditions not reachable for vector insntructions when static AccPQCEn is 1" +Branch 4 "2344605462" "opcode_alu" (59) "opcode_alu InsnOpcodeBignumTrn ,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,0" +ANNOTATION: "[UNR]: Decoder else conditions not reachable for vector insntructions when static AccPQCEn is 1" +Branch 4 "2344605462" "opcode_alu" (35) "opcode_alu InsnOpcodeBignumArith ,-,-,-,-,-,-,3'b101 ,-,1,1,0,-,-,-,-,-,-,-,-,-,-" diff --git a/hw/ip/acc/dv/uvm/cov/acc_standard_cov_excl.el b/hw/ip/acc/dv/uvm/cov/acc_standard_cov_excl.el index 748f7c4c69b..0f29cdb52bf 100644 --- a/hw/ip/acc/dv/uvm/cov/acc_standard_cov_excl.el +++ b/hw/ip/acc/dv/uvm/cov/acc_standard_cov_excl.el @@ -1,35 +1,37 @@ -// Copyright zeroRISC Inc. +// Copyright lowRISC contributors (OpenTitan project). // Licensed under the Apache License, Version 2.0, see LICENSE for details. // SPDX-License-Identifier: Apache-2.0 - +// //================================================== // This file contains the Excluded objects // Generated By User: unknown // Format Version: 2 -// Date: Thu Dec 18 20:45:41 2025 +// Date: Mon Apr 13 21:07:29 2026 // ExclMode: default //================================================== -CHECKSUM: "3569791575 3453920680" +CHECKSUM: "839184256 3260023796" INSTANCE: tb.dut ANNOTATION: "[UNSUPPORTED]: standard ACC does not use kmac interface" +Toggle kmac_data_i.digest_share0 "logic kmac_data_i.digest_share0[383:0]" +ANNOTATION: "[UNSUPPORTED]: standard ACC does not use kmac interface" Toggle kmac_data_o.valid "logic kmac_data_o.valid" ANNOTATION: "[UNSUPPORTED]: standard ACC does not use kmac interface" -Toggle kmac_data_i.digest_share0 "logic kmac_data_i.digest_share0[383:0]" +Toggle kmac_data_o.strb "logic kmac_data_o.strb[7:0]" ANNOTATION: "[UNSUPPORTED]: standard ACC does not use kmac interface" -Toggle kmac_data_i.digest_share1 "logic kmac_data_i.digest_share1[383:0]" +Toggle kmac_data_o.next "logic kmac_data_o.next" ANNOTATION: "[UNSUPPORTED]: standard ACC does not use kmac interface" -Toggle kmac_data_i.done "logic kmac_data_i.done" +Toggle kmac_data_o.last "logic kmac_data_o.last" ANNOTATION: "[UNSUPPORTED]: standard ACC does not use kmac interface" -Toggle kmac_data_i.error "logic kmac_data_i.error" +Toggle kmac_data_o.hold "logic kmac_data_o.hold" ANNOTATION: "[UNSUPPORTED]: standard ACC does not use kmac interface" -Toggle kmac_data_i.ready "logic kmac_data_i.ready" +Toggle kmac_data_o.data_share1 "logic kmac_data_o.data_share1[63:0]" ANNOTATION: "[UNSUPPORTED]: standard ACC does not use kmac interface" -Toggle kmac_data_o.data "logic kmac_data_o.data[63:0]" +Toggle kmac_data_o.data_share0 "logic kmac_data_o.data_share0[63:0]" ANNOTATION: "[UNSUPPORTED]: standard ACC does not use kmac interface" -Toggle kmac_data_o.hold "logic kmac_data_o.hold" +Toggle kmac_data_i.ready "logic kmac_data_i.ready" ANNOTATION: "[UNSUPPORTED]: standard ACC does not use kmac interface" -Toggle kmac_data_o.next "logic kmac_data_o.next" +Toggle kmac_data_i.error "logic kmac_data_i.error" ANNOTATION: "[UNSUPPORTED]: standard ACC does not use kmac interface" -Toggle kmac_data_o.last "logic kmac_data_o.last" +Toggle kmac_data_i.done "logic kmac_data_i.done" ANNOTATION: "[UNSUPPORTED]: standard ACC does not use kmac interface" -Toggle kmac_data_o.strb "logic kmac_data_o.strb[7:0]" +Toggle kmac_data_i.digest_share1 "logic kmac_data_i.digest_share1[383:0]" diff --git a/hw/ip/acc/dv/uvm/env/acc_env.core b/hw/ip/acc/dv/uvm/env/acc_env.core index d94fd4f4046..03cc86874ea 100644 --- a/hw/ip/acc/dv/uvm/env/acc_env.core +++ b/hw/ip/acc/dv/uvm/env/acc_env.core @@ -68,6 +68,7 @@ filesets: - seq_lib/acc_mem_gnt_acc_err_vseq.sv: {is_include_file: true} - seq_lib/acc_stack_addr_integ_chk_vseq.sv: {is_include_file: true} - seq_lib/acc_partial_wipe_vseq.sv: {is_include_file: true} + - seq_lib/acc_kmac_intf_err_vseq.sv: {is_include_file: true} file_type: systemVerilogSource generate: diff --git a/hw/ip/acc/dv/uvm/env/acc_env_cov.sv b/hw/ip/acc/dv/uvm/env/acc_env_cov.sv index 273c427b468..5d6c1577984 100644 --- a/hw/ip/acc/dv/uvm/env/acc_env_cov.sv +++ b/hw/ip/acc/dv/uvm/env/acc_env_cov.sv @@ -347,30 +347,34 @@ class acc_env_cov extends cip_base_env_cov #(.CFG_T(acc_env_cfg)); 8'h06: return 6; // KEY_S1_L 8'h07: return 7; // KEY_S1_H 8'h08: return 8; // KMAC_CFG - 8'h09: return 9; // KMAC_MSG - 8'h0a: return 10; // KMAC_DIGEST + 8'h09: return 9; // KMAC_MSG_SHARE0 + 8'h0a: return 10; // KMAC_DIGEST_SHARE0 8'h0b: return 11; // ACCH + 8'h0c: return 12; // KMAC_MSG_SHARE1 + 8'h0d: return 13; // KMAC_DIGEST_SHARE1 default: return -1; // (invalid) endcase endfunction -`define DEF_WSR_CP(NAME, EXPR) \ - NAME: coverpoint (remap_wsr(EXPR)) { \ - bins mod = {0}; \ - bins rnd = {1}; \ - bins urnd = {2}; \ - bins acc = {3}; \ - bins key_s0_l = {4}; \ - bins key_s0_h = {5}; \ - bins key_s1_l = {6}; \ - bins key_s1_h = {7}; \ - bins kmac_cfg = {8}; \ - bins kmac_msg = {9}; \ - bins kmac_digest = {10}; \ - bins acch = {11}; \ - bins invalid = {-1}; \ - ignore_bins no_pqc = {8, 9, 10, 11} iff (!AccPQCEn); \ - illegal_bins bad = default; \ +`define DEF_WSR_CP(NAME, EXPR) \ + NAME: coverpoint (remap_wsr(EXPR)) { \ + bins mod = {0}; \ + bins rnd = {1}; \ + bins urnd = {2}; \ + bins acc = {3}; \ + bins key_s0_l = {4}; \ + bins key_s0_h = {5}; \ + bins key_s1_l = {6}; \ + bins key_s1_h = {7}; \ + bins kmac_cfg = {8}; \ + bins kmac_msg = {9}; \ + bins kmac_digest = {10}; \ + bins acch = {11}; \ + bins kmac_msg1 = {12}; \ + bins kmac_digest1 = {13}; \ + bins invalid = {-1}; \ + ignore_bins no_pqc = {8, 9, 10, 11, 12, 13} iff (!AccPQCEn); \ + illegal_bins bad = default; \ } // State tracking diff --git a/hw/ip/acc/dv/uvm/env/seq_lib/acc_kmac_intf_err_vseq.sv b/hw/ip/acc/dv/uvm/env/seq_lib/acc_kmac_intf_err_vseq.sv new file mode 100644 index 00000000000..9602bd29eeb --- /dev/null +++ b/hw/ip/acc/dv/uvm/env/seq_lib/acc_kmac_intf_err_vseq.sv @@ -0,0 +1,20 @@ +// Copyright zeroRISC Inc. +// Licensed under the Apache License, Version 2.0, see LICENSE for details. +// SPDX-License-Identifier: Apache-2.0 + +class acc_kmac_intf_err_vseq extends acc_single_vseq; + `uvm_object_utils(acc_kmac_intf_err_vseq) + `uvm_object_new + + task body(); + do_end_addr_check = 0; // Disable due to errors in middle of assembly + + // Wait for ACC to complete its secure wipe after reset and become Idle. + // Otherwise reset_if_locked() will not fire. + wait(cfg.model_agent_cfg.vif.status == acc_pkg::StatusIdle); + + super.body(); + reset_if_locked(); + endtask : body + +endclass : acc_kmac_intf_err_vseq diff --git a/hw/ip/acc/dv/uvm/env/seq_lib/acc_vseq_list.sv b/hw/ip/acc/dv/uvm/env/seq_lib/acc_vseq_list.sv index e4aa313c441..e2ccb0d7d90 100644 --- a/hw/ip/acc/dv/uvm/env/seq_lib/acc_vseq_list.sv +++ b/hw/ip/acc/dv/uvm/env/seq_lib/acc_vseq_list.sv @@ -31,3 +31,4 @@ `include "acc_mem_gnt_acc_err_vseq.sv" `include "acc_stack_addr_integ_chk_vseq.sv" `include "acc_partial_wipe_vseq.sv" +`include "acc_kmac_intf_err_vseq.sv" diff --git a/hw/ip/acc/dv/verilator/acc_top_sim.sv b/hw/ip/acc/dv/verilator/acc_top_sim.sv index bb493ec53fb..7627a2aa1ff 100644 --- a/hw/ip/acc/dv/verilator/acc_top_sim.sv +++ b/hw/ip/acc/dv/verilator/acc_top_sim.sv @@ -186,6 +186,7 @@ module acc_top_sim ( // Convert from core_err_bits_t to err_bits_t assign acc_err_bits = '{ + kmac_fatal_error: core_err_bits.kmac_fatal_error, fatal_software: core_err_bits.fatal_software, lifecycle_escalation: 0, illegal_bus_access: 0, @@ -194,6 +195,7 @@ module acc_top_sim ( reg_intg_violation: core_err_bits.reg_intg_violation, dmem_intg_violation: core_err_bits.dmem_intg_violation, imem_intg_violation: core_err_bits.imem_intg_violation, + kmac_recov_error: core_err_bits.kmac_recov_error, rnd_fips_chk_fail: core_err_bits.rnd_fips_chk_fail, rnd_rep_chk_fail: core_err_bits.rnd_rep_chk_fail, key_invalid: core_err_bits.key_invalid, diff --git a/hw/ip/acc/rtl/acc.sv b/hw/ip/acc/rtl/acc.sv index 0c025e5c8bb..c04a24411a5 100644 --- a/hw/ip/acc/rtl/acc.sv +++ b/hw/ip/acc/rtl/acc.sv @@ -945,6 +945,7 @@ module acc assign hw2reg.err_bits.key_invalid.d = err_bits_q.key_invalid; assign hw2reg.err_bits.rnd_rep_chk_fail.d = err_bits_q.rnd_rep_chk_fail; assign hw2reg.err_bits.rnd_fips_chk_fail.d = err_bits_q.rnd_fips_chk_fail; + assign hw2reg.err_bits.kmac_recov_error.d = err_bits_q.kmac_recov_error; assign hw2reg.err_bits.imem_intg_violation.d = err_bits_q.imem_intg_violation; assign hw2reg.err_bits.dmem_intg_violation.d = err_bits_q.dmem_intg_violation; assign hw2reg.err_bits.reg_intg_violation.d = err_bits_q.reg_intg_violation; @@ -953,6 +954,7 @@ module acc assign hw2reg.err_bits.illegal_bus_access.d = err_bits_q.illegal_bus_access; assign hw2reg.err_bits.lifecycle_escalation.d = err_bits_q.lifecycle_escalation; assign hw2reg.err_bits.fatal_software.d = err_bits_q.fatal_software; + assign hw2reg.err_bits.kmac_fatal_error.d = err_bits_q.kmac_fatal_error; assign err_bits_clear = reg2hw.err_bits.bad_data_addr.qe & is_not_running_q; assign err_bits_d = err_bits_clear ? '0 : err_bits; @@ -970,6 +972,7 @@ module acc reg2hw.err_bits.key_invalid, reg2hw.err_bits.rnd_rep_chk_fail, reg2hw.err_bits.rnd_fips_chk_fail, + reg2hw.err_bits.kmac_recov_error, reg2hw.err_bits.imem_intg_violation, reg2hw.err_bits.dmem_intg_violation, reg2hw.err_bits.reg_intg_violation, @@ -977,7 +980,8 @@ module acc reg2hw.err_bits.bad_internal_state, reg2hw.err_bits.illegal_bus_access, reg2hw.err_bits.lifecycle_escalation, - reg2hw.err_bits.fatal_software}; + reg2hw.err_bits.fatal_software, + reg2hw.err_bits.kmac_fatal_error}; always_ff @(posedge clk_i or negedge rst_ni) begin if (!rst_ni) begin @@ -1005,6 +1009,7 @@ module acc assign hw2reg.fatal_alert_cause.``NAME``.d = 1'b1; \ assign hw2reg.fatal_alert_cause.``NAME``.de = err_bits.``NAME; + `DEF_FAC_BIT(kmac_fatal_error) `DEF_FAC_BIT(fatal_software) `DEF_FAC_BIT(lifecycle_escalation) `DEF_FAC_BIT(illegal_bus_access) @@ -1032,7 +1037,8 @@ module acc assign alert_test[AlertRecov] = reg2hw.alert_test.recov.q & reg2hw.alert_test.recov.qe; logic [NumAlerts-1:0] alerts; - assign alerts[AlertFatal] = |{err_bits.fatal_software, + assign alerts[AlertFatal] = |{err_bits.kmac_fatal_error, + err_bits.fatal_software, err_bits.lifecycle_escalation, err_bits.illegal_bus_access, err_bits.bad_internal_state, @@ -1219,6 +1225,7 @@ module acc // Construct a full set of error bits from the core output assign err_bits = '{ + kmac_fatal_error: core_err_bits.kmac_fatal_error, fatal_software: core_err_bits.fatal_software, lifecycle_escalation: non_core_err_bits_d.lifecycle_escalation, illegal_bus_access: non_core_err_bits_d.illegal_bus_access, @@ -1228,6 +1235,7 @@ module acc reg_intg_violation: core_err_bits.reg_intg_violation, dmem_intg_violation: core_err_bits.dmem_intg_violation, imem_intg_violation: core_err_bits.imem_intg_violation, + kmac_recov_error: core_err_bits.kmac_recov_error, rnd_fips_chk_fail: core_err_bits.rnd_fips_chk_fail, rnd_rep_chk_fail: core_err_bits.rnd_rep_chk_fail, key_invalid: core_err_bits.key_invalid, diff --git a/hw/ip/acc/rtl/acc_alu_bignum.sv b/hw/ip/acc/rtl/acc_alu_bignum.sv index 5b1be1855ba..679df396845 100644 --- a/hw/ip/acc/rtl/acc_alu_bignum.sv +++ b/hw/ip/acc/rtl/acc_alu_bignum.sv @@ -79,7 +79,8 @@ module acc_alu_bignum import acc_pkg::*; #( // Enabling PQC hardware support with vector ISA extension - parameter bit AccPQCEn = 1'b1 + parameter bit AccPQCEn = 1'b1, + localparam int Share = 2 ) ( input logic clk_i, input logic rst_ni, @@ -130,9 +131,11 @@ module acc_alu_bignum output logic alu_predec_error_o, output logic ispr_predec_error_o, + output logic kmac_intf_fatal_error_o, + output logic kmac_intf_recov_error_o, - output logic kmac_msg_write_ready_o, - output logic kmac_msg_pending_write_o, + output logic kmac_msg_write_ready_o [Share], + output logic kmac_msg_pending_write_o [Share], output logic kmac_digest_valid_o, output kmac_pkg::app_req_t kmac_app_req_o, @@ -154,12 +157,16 @@ module acc_alu_bignum sec_wipe_kmac_regs_urnd_i, kmac_app_rsp_i}; // Drive outputs to 0 - assign ispr_acch_wr_data_intg_o = '0; - assign ispr_acch_wr_en_o = '0; - assign kmac_msg_write_ready_o = '0; - assign kmac_msg_pending_write_o = '0; - assign kmac_digest_valid_o = '0; - assign kmac_app_req_o = '0; + assign ispr_acch_wr_data_intg_o = '0; + assign ispr_acch_wr_en_o = '0; + assign kmac_intf_fatal_error_o = '0; + assign kmac_intf_recov_error_o = '0; + assign kmac_msg_write_ready_o[0] = '0; + assign kmac_msg_write_ready_o[1] = '0; + assign kmac_msg_pending_write_o[0] = '0; + assign kmac_msg_pending_write_o[1] = '0; + assign kmac_digest_valid_o = '0; + assign kmac_app_req_o = '0; end else begin : gen_unused_pqc_bits logic unused_pqc_bits; end @@ -482,6 +489,7 @@ generate logic kmac_cfg_wr_en; logic [1:0] kmac_cfg_intg_err; logic kmac_new_cfg_q; + logic kmac_cfg_mask_mode; logic [ExtWLEN-1:0] ispr_kmac_cfg_bignum_wdata_intg_blanked; @@ -546,10 +554,12 @@ generate logic kmac_pw_wr_en; logic [1:0] kmac_pw_intg_err; logic [5:0] kmac_pw_mask; + logic kmac_pending_writes; + logic kmac_pw_rst; // Nets from other blocks needed to reset the partial write - logic kmac_msg_fifo_wvalid; - logic kmac_msg_valid_q; + logic kmac_msg_fifo_wvalid [Share]; + logic kmac_msg_valid_q [Share]; logic kmac_sent_last; logic [ExtWLEN-1:0] ispr_kmac_pw_bignum_wdata_intg_blanked; @@ -577,21 +587,76 @@ generate (ispr_base_wr_en_i[0] | ispr_bignum_wr_en_i) & ispr_wr_commit_i; - assign kmac_pw_wr_en = (ispr_init_i | kmac_pw_ispr_wr_en) & (~kmac_msg_valid_q | kmac_sent_last); + always_comb begin + if (kmac_cfg_mask_mode) begin + kmac_pw_wr_en = (ispr_init_i | kmac_pw_ispr_wr_en) & + ((~kmac_msg_valid_q[0] & ~kmac_msg_valid_q[1]) | kmac_sent_last); + kmac_pending_writes = kmac_msg_pending_write_o[0] | kmac_msg_pending_write_o[1]; + end else begin + kmac_pw_wr_en = (ispr_init_i | kmac_pw_ispr_wr_en) & + (~kmac_msg_valid_q[0] | kmac_sent_last); + kmac_pending_writes = kmac_msg_pending_write_o[0]; + end + end always_ff @(posedge clk_i) begin - if (kmac_pw_wr_en | kmac_new_cfg_q | kmac_msg_fifo_wvalid) begin + if (kmac_pw_wr_en | kmac_new_cfg_q | kmac_pw_rst) begin kmac_pw_intg_q <= kmac_pw_intg_d; end end + // Make an FSM to control partial word reset. Need to have written to both share WSR + // This waits until the pending write has been written into the packer to reset the partial word + kmac_write_state_e write_state_d, write_state_q; + + always_comb begin + // Default assignments + write_state_d = write_state_q; + kmac_pw_rst = 1'b0; + + unique case (write_state_q) + StMsgWait: begin + if (kmac_msg_fifo_wvalid[0]) begin + if (kmac_cfg_mask_mode) begin + write_state_d = StMsgShare0; + end else begin + kmac_pw_rst = 1'b1; + end + end else if (kmac_msg_fifo_wvalid[1]) begin + write_state_d = StMsgShare1; + end + end + StMsgShare0: begin + if (kmac_msg_fifo_wvalid[1]) begin + write_state_d = StMsgWait; + kmac_pw_rst = 1'b1; + end + end + StMsgShare1: begin + if (kmac_msg_fifo_wvalid[0]) begin + write_state_d = StMsgWait; + kmac_pw_rst = 1'b1; + end + end + default: ; // Consider triggering an error or alert in this case. + endcase + end + + always_ff @(posedge clk_i or negedge rst_ni) begin + if (!rst_ni) begin + write_state_q <= StMsgWait; + end else begin + write_state_q <= write_state_d; + end + end + always_comb begin unique case(1'b1) ispr_init_i: begin kmac_pw_no_intg_d = 32'b0; kmac_pw_intg_d = kmac_pw_intg_calc; end - ispr_base_wr_en_i[0] & !kmac_msg_pending_write_o: begin + ispr_base_wr_en_i[0] & !kmac_pending_writes: begin kmac_pw_no_intg_d = ispr_base_wdata_i; kmac_pw_intg_d = kmac_pw_intg_calc; end @@ -599,7 +664,7 @@ generate kmac_pw_no_intg_d = 32'h20; // Set to full length at the start of cfg kmac_pw_intg_d = kmac_pw_intg_calc; end - kmac_msg_fifo_wvalid: begin // Reset the partial word at each write + kmac_pw_rst: begin // Reset the partial word at each write kmac_pw_no_intg_d = 32'h20; kmac_pw_intg_d = kmac_pw_intg_calc; end @@ -614,71 +679,142 @@ generate `ASSERT(KmacPWWrSelOneHot, $onehot0({ispr_init_i, ispr_base_wr_en_i[0]})) - // MSG - logic [ExtWLEN-1:0] kmac_msg_intg_q; - logic [ExtWLEN-1:0] kmac_msg_intg_d; - logic [BaseWordsPerWLEN-1:0] kmac_msg_ispr_wr_en; - logic [BaseWordsPerWLEN-1:0] kmac_msg_wr_en; - logic [WLEN-1:0] kmac_msg_no_intg_d; - logic [WLEN-1:0] kmac_msg_no_intg_q; - logic [ExtWLEN-1:0] kmac_msg_intg_calc; - logic [2*BaseWordsPerWLEN-1:0] kmac_msg_intg_err; + // MSG SHARE Nets + logic [ExtWLEN-1:0] kmac_msg_intg_q [Share]; + logic [ExtWLEN-1:0] kmac_msg_intg_d [Share]; + logic [BaseWordsPerWLEN-1:0] kmac_msg_ispr_wr_en [Share]; + logic [BaseWordsPerWLEN-1:0] kmac_msg_ispr_base_wr [Share]; + logic [BaseWordsPerWLEN-1:0] kmac_msg_wr_en [Share]; + logic [WLEN-1:0] kmac_msg_no_intg_d [Share]; + logic [WLEN-1:0] kmac_msg_no_intg_q [Share]; + logic [ExtWLEN-1:0] kmac_msg_intg_calc [Share]; + logic [2*BaseWordsPerWLEN-1:0] kmac_msg_intg_err [Share]; + logic kmac_msg_wr_stall [Share]; + logic kmac_msg_write [Share]; - logic kmac_msg_wr_stall; - logic kmac_msg_write; + logic [ExtWLEN-1:0] ispr_kmac_msg_bignum_wdata_intg_blanked [Share]; - logic [ExtWLEN-1:0] ispr_kmac_msg_bignum_wdata_intg_blanked; + // MSG SHARE 0 - prim_blanker #(.Width(ExtWLEN)) u_ispr_kmac_msg_bignum_wdata_blanker ( + prim_blanker #(.Width(ExtWLEN)) u_ispr_kmac_msg0_bignum_wdata_blanker ( .in_i (ispr_bignum_wdata_intg_i), - .en_i (ispr_predec_bignum_i.ispr_wr_en[IsprKmacMsg]), - .out_o(ispr_kmac_msg_bignum_wdata_intg_blanked) + .en_i (ispr_predec_bignum_i.ispr_wr_en[IsprKmacMsg0]), + .out_o(ispr_kmac_msg_bignum_wdata_intg_blanked[0]) ); - for (genvar i_word = 0; i_word < BaseWordsPerWLEN; i_word++) begin : g_kmac_msg_words - prim_secded_inv_39_32_enc i_kmac_msg_secded_enc ( - .data_i (kmac_msg_no_intg_d[i_word*32+:32]), - .data_o (kmac_msg_intg_calc[i_word*39+:39]) + for (genvar i_word = 0; i_word < BaseWordsPerWLEN; i_word++) begin : g_kmac_msg0_words + prim_secded_inv_39_32_enc i_kmac_msg0_secded_enc ( + .data_i (kmac_msg_no_intg_d[0][i_word*32+:32]), + .data_o (kmac_msg_intg_calc[0][i_word*39+:39]) ); - prim_secded_inv_39_32_dec i_kmac_msg_secded_dec ( - .data_i (kmac_msg_intg_q[i_word*39+:39]), + prim_secded_inv_39_32_dec i_kmac_msg0_secded_dec ( + .data_i (kmac_msg_intg_q[0][i_word*39+:39]), .data_o (/* unused because we abort on any integrity error */), .syndrome_o (/* unused */), - .err_o (kmac_msg_intg_err[i_word*2+:2]) + .err_o (kmac_msg_intg_err[0][i_word*2+:2]) ); - assign kmac_msg_ispr_wr_en[i_word] = (ispr_addr_i == IsprKmacMsg) & - (ispr_base_wr_en_i[i_word] | ispr_bignum_wr_en_i) & - ispr_wr_commit_i; + // This write signal is independent of an error in the controller that + // starts from this module. ispr_wr_commit_i is pulled to 0 when fatal erorr ocurrs + // which leads to a combinational loop. + assign kmac_msg_ispr_base_wr[0][i_word] = (ispr_addr_i == IsprKmacMsg0) & + (ispr_base_wr_en_i[i_word] | ispr_bignum_wr_en_i); - assign kmac_msg_wr_en[i_word] = (ispr_init_i | - (kmac_msg_ispr_wr_en[i_word] & kmac_msg_write_ready_o) | - sec_wipe_kmac_regs_urnd_i) & ~kmac_msg_wr_stall; + assign kmac_msg_ispr_wr_en[0][i_word] = kmac_msg_ispr_base_wr[0][i_word] & ispr_wr_commit_i; + + assign kmac_msg_wr_en[0][i_word] = (ispr_init_i | + (kmac_msg_ispr_wr_en[0][i_word] & kmac_msg_write_ready_o[0]) | + sec_wipe_kmac_regs_urnd_i) & ~kmac_msg_wr_stall[0]; always_ff @(posedge clk_i) begin - if (kmac_msg_wr_en[i_word]) begin - kmac_msg_intg_q[i_word*39+:39] <= kmac_msg_intg_d[i_word*39+:39]; + if (kmac_msg_wr_en[0][i_word]) begin + kmac_msg_intg_q[0][i_word*39+:39] <= kmac_msg_intg_d[0][i_word*39+:39]; end end - assign kmac_msg_no_intg_q[i_word*32+:32] = kmac_msg_intg_q[i_word*39+:32]; + assign kmac_msg_no_intg_q[0][i_word*32+:32] = kmac_msg_intg_q[0][i_word*39+:32]; always_comb begin - kmac_msg_no_intg_d[i_word*32+:32] = '0; - kmac_msg_intg_d[i_word*39+:39] = '0; + kmac_msg_no_intg_d[0][i_word*32+:32] = '0; + kmac_msg_intg_d[0][i_word*39+:39] = '0; if (sec_wipe_kmac_regs_urnd_i) begin // Non-encoded inputs have to be encoded before writing to the register. - kmac_msg_no_intg_d[i_word*32+:32] = urnd_data_i[i_word*32+:32]; - kmac_msg_intg_d[i_word*39+:39] = kmac_msg_intg_calc[i_word*39+:39]; + kmac_msg_no_intg_d[0][i_word*32+:32] = urnd_data_i[i_word*32+:32]; + kmac_msg_intg_d[0][i_word*39+:39] = kmac_msg_intg_calc[0][i_word*39+:39]; end else begin // Pre-encoded inputs can directly be written to the register. - kmac_msg_intg_d[i_word*39+:39] = ispr_kmac_msg_bignum_wdata_intg_blanked[i_word*39+:39]; + kmac_msg_intg_d[0][i_word*39+:39] = + ispr_kmac_msg_bignum_wdata_intg_blanked[0][i_word*39+:39]; end end - `ASSERT(KmacMsgWrSelOneHot, $onehot0({ispr_init_i, ispr_base_wr_en_i[i_word]})) + `ASSERT(KmacMsg0WrSelOneHot, $onehot0({ispr_init_i, ispr_base_wr_en_i[i_word]})) end - assign kmac_msg_write = (ispr_addr_i == IsprKmacMsg) & ispr_wr_commit_i; + assign kmac_msg_write[0] = (ispr_addr_i == IsprKmacMsg0) & ispr_wr_commit_i; + + // MSG SHARE 1 + logic kmac_msg1_illegal_wr; // Flag to detect illegal write in unmasked mode + + prim_blanker #(.Width(ExtWLEN)) u_ispr_kmac_msg1_bignum_wdata_blanker ( + .in_i (ispr_bignum_wdata_intg_i), + .en_i (ispr_predec_bignum_i.ispr_wr_en[IsprKmacMsg1]), + .out_o(ispr_kmac_msg_bignum_wdata_intg_blanked[1]) + ); + + for (genvar i_word = 0; i_word < BaseWordsPerWLEN; i_word++) begin : g_kmac_msg1_words + prim_secded_inv_39_32_enc i_kmac_msg1_secded_enc ( + .data_i (kmac_msg_no_intg_d[1][i_word*32+:32]), + .data_o (kmac_msg_intg_calc[1][i_word*39+:39]) + ); + prim_secded_inv_39_32_dec i_kmac_msg1_secded_dec ( + .data_i (kmac_msg_intg_q[1][i_word*39+:39]), + .data_o (/* unused because we abort on any integrity error */), + .syndrome_o (/* unused */), + .err_o (kmac_msg_intg_err[1][i_word*2+:2]) + ); + + assign kmac_msg_ispr_base_wr[1][i_word] = (ispr_addr_i == IsprKmacMsg1) & + (ispr_base_wr_en_i[i_word] | ispr_bignum_wr_en_i); + + assign kmac_msg_ispr_wr_en[1][i_word] = kmac_msg_ispr_base_wr[1][i_word] & ispr_wr_commit_i; + + assign kmac_msg_wr_en[1][i_word] = (ispr_init_i | + (kmac_msg_ispr_wr_en[1][i_word] & kmac_msg_write_ready_o[1]) | + sec_wipe_kmac_regs_urnd_i) & ~kmac_msg_wr_stall[1]; + + always_ff @(posedge clk_i) begin + if (kmac_msg_wr_en[1][i_word]) begin + kmac_msg_intg_q[1][i_word*39+:39] <= kmac_msg_intg_d[1][i_word*39+:39]; + end + end + assign kmac_msg_no_intg_q[1][i_word*32+:32] = kmac_msg_intg_q[1][i_word*39+:32]; + + always_comb begin + kmac_msg_no_intg_d[1][i_word*32+:32] = '0; + kmac_msg_intg_d[1][i_word*39+:39] = '0; + if (sec_wipe_kmac_regs_urnd_i) begin + // Non-encoded inputs have to be encoded before writing to the register. + kmac_msg_no_intg_d[1][i_word*32+:32] = urnd_data_i[i_word*32+:32]; + kmac_msg_intg_d[1][i_word*39+:39] = kmac_msg_intg_calc[1][i_word*39+:39]; + end else begin + // Pre-encoded inputs can directly be written to the register. + kmac_msg_intg_d[1][i_word*39+:39] = + ispr_kmac_msg_bignum_wdata_intg_blanked[1][i_word*39+:39]; + end + end + + `ASSERT(KmacMsg1WrSelOneHot, $onehot0({ispr_init_i, ispr_base_wr_en_i[i_word]})) + end + + assign kmac_msg_write[1] = (ispr_addr_i == IsprKmacMsg1) & ispr_wr_commit_i; + + // If we have a write to share1 during unmasked mode report an error + always_comb begin + kmac_msg1_illegal_wr = 1'b0; + if (~kmac_cfg_mask_mode && |(kmac_msg_ispr_base_wr[1])) begin + kmac_msg1_illegal_wr = 1'b1; + end + end // STATUS logic [BaseIntgWidth-1:0] kmac_status_intg_q; @@ -688,11 +824,9 @@ generate // Error handling status for undersized message logic kmac_undersized_req_err; - logic kmac_undersized_req_err_latch; // Error handling status for oversized message logic kmac_oversized_req_err; - logic kmac_oversized_req_err_latch; prim_secded_inv_39_32_enc u_kmac_status_secded_enc ( .data_i (kmac_status_no_intg_d), @@ -707,84 +841,156 @@ generate ); assign kmac_status_no_intg_d = kmac_new_cfg_q ? 32'b0 : { - 27'b0, - kmac_undersized_req_err_latch, - kmac_oversized_req_err_latch, + 29'b0, kmac_app_rsp_i.error, kmac_app_rsp_i.ready, kmac_app_rsp_i.done }; - // If oversized err flag goes high at any point during transaction latch value into status reg - always_ff @(posedge clk_i or negedge rst_ni) begin - if (!rst_ni) begin - kmac_oversized_req_err_latch <= 1'b0; - end else begin - if (kmac_new_cfg_q) begin - kmac_oversized_req_err_latch <= 1'b0; - end else if (kmac_oversized_req_err) begin - kmac_oversized_req_err_latch <= 1'b1; - end - end + always_ff @(posedge clk_i) begin + kmac_status_intg_q <= kmac_status_intg_d; end - // If undersized err flag goes high at any point during transaction latch value into status reg - always_ff @(posedge clk_i or negedge rst_ni) begin - if (!rst_ni) begin - kmac_undersized_req_err_latch <= 1'b0; - end else begin - if (kmac_new_cfg_q) begin - kmac_undersized_req_err_latch <= 1'b0; - end else if (kmac_undersized_req_err) begin - kmac_undersized_req_err_latch <= 1'b1; + // DIGEST SHARE 0 + + // Common digest share nets + logic [DigestRegLen-1:0] kmac_digest_no_intg_d [Share]; + logic [ExtDigestLen-1:0] kmac_digest_intg_q [Share]; + logic [ExtDigestLen-1:0] kmac_digest_intg_d [Share]; + logic [2*BaseWordsPerDigestLen-1:0] kmac_digest_intg_err [Share]; + logic kmac_digest_valid_q; + logic [BaseWordsPerDigestLen-1:0] kmac_digest_wr_en; + + // Unique share 0 net + logic [DigestRegLen-1:0] kmac_digest0_mux_val; + + for (genvar i_word = 0; i_word < BaseWordsPerDigestLen; i_word++) begin : g_kmac_digest0_words + prim_secded_inv_39_32_enc i_kmac_digest0_secded_enc ( + .data_i (kmac_digest_no_intg_d[0][i_word*32+:32]), + .data_o (kmac_digest_intg_d[0][i_word*39+:39]) + ); + prim_secded_inv_39_32_dec i_kmac_digest0_secded_dec ( + .data_i (kmac_digest_intg_q[0][i_word*39+:39]), + .data_o (/* unused because we abort on any integrity error */), + .syndrome_o (/* unused */), + .err_o (kmac_digest_intg_err[0][i_word*2+:2]) + ); + + always_ff @(posedge clk_i) begin + if (kmac_digest_wr_en[i_word]) begin + kmac_digest_intg_q[0][i_word*39+:39] <= kmac_digest_intg_d[0][i_word*39+:39]; end end - end - always_ff @(posedge clk_i) begin - kmac_status_intg_q <= kmac_status_intg_d; + assign kmac_digest_no_intg_d[0][i_word*32+:32] = sec_wipe_kmac_regs_urnd_i ? + urnd_data_i[(i_word % BaseWordsPerDigestLen)*32+:32] : kmac_digest0_mux_val[i_word*32+:32]; end - // DIGEST - logic [kmac_pkg::AppDigestW-1:0] unmasked_digest_share; - logic [DigestRegLen-1:0] kmac_digest_no_intg_d; - logic [ExtDigestLen-1:0] kmac_digest_intg_q; - logic [ExtDigestLen-1:0] kmac_digest_intg_d; - logic [BaseWordsPerDigestLen-1:0] kmac_digest_wr_en; - logic [2*BaseWordsPerDigestLen-1:0] kmac_digest_intg_err; - logic kmac_digest_rd_next; - logic kmac_digest_valid_q; - logic [1:0] sha_digest_rsp_cnt; + // This module carefully combines the digest shares and should not be optimized in synthesis + acc_digest_mux u_digest0_mux ( + .digest_share0_i (kmac_app_rsp_i.digest_share0[255:0]), + .digest_share1_i (kmac_app_rsp_i.digest_share1[255:0]), + .mask_digest_en_i (kmac_cfg_mask_mode), + .digest_share0_wsr_o(kmac_digest0_mux_val) + ); - for (genvar i_word = 0; i_word < BaseWordsPerDigestLen; i_word++) begin : g_kmac_digest_words - prim_secded_inv_39_32_enc i_kmac_digest_secded_enc ( - .data_i (kmac_digest_no_intg_d[i_word*32+:32]), - .data_o (kmac_digest_intg_d[i_word*39+:39]) + // DIGEST SHARE 1 + logic kmac_digest1_illegal_rd; // Flag to detect illegal digest read in unmasked mode + + for (genvar i_word = 0; i_word < BaseWordsPerDigestLen; i_word++) begin : g_kmac_digest1_words + prim_secded_inv_39_32_enc i_kmac_digest1_secded_enc ( + .data_i (kmac_digest_no_intg_d[1][i_word*32+:32]), + .data_o (kmac_digest_intg_d[1][i_word*39+:39]) ); - prim_secded_inv_39_32_dec i_kmac_digest_secded_dec ( - .data_i (kmac_digest_intg_q[i_word*39+:39]), + prim_secded_inv_39_32_dec i_kmac_digest1_secded_dec ( + .data_i (kmac_digest_intg_q[1][i_word*39+:39]), .data_o (/* unused because we abort on any integrity error */), .syndrome_o (/* unused */), - .err_o (kmac_digest_intg_err[i_word*2+:2]) + .err_o (kmac_digest_intg_err[1][i_word*2+:2]) ); always_ff @(posedge clk_i) begin if (kmac_digest_wr_en[i_word]) begin - kmac_digest_intg_q[i_word*39+:39] <= kmac_digest_intg_d[i_word*39+:39]; + kmac_digest_intg_q[1][i_word*39+:39] <= kmac_digest_intg_d[1][i_word*39+:39]; end end - assign kmac_digest_no_intg_d[i_word*32+:32] = sec_wipe_kmac_regs_urnd_i ? + assign kmac_digest_no_intg_d[1][i_word*32+:32] = sec_wipe_kmac_regs_urnd_i ? urnd_data_i[(i_word % BaseWordsPerDigestLen)*32+:32] : - unmasked_digest_share[i_word*32+:32]; + kmac_app_rsp_i.digest_share1[i_word*32+:32]; assign kmac_digest_wr_en[i_word] = kmac_app_rsp_i.done | sec_wipe_kmac_regs_urnd_i; end + // Check if there is a read from DIGEST SHARE 1 outside of masked mode + always_comb begin + kmac_digest1_illegal_rd = 1'b0; + if (~kmac_cfg_mask_mode && ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest1]) begin + kmac_digest1_illegal_rd = 1'b1; + end + end + + // KMAC EAGER DIGEST REFRESH + // Common digest share interface to cotrol valids and app_o.next + logic kmac_digest_rd_next; + logic [1:0] sha_digest_rsp_cnt; + assign kmac_digest_valid_o = kmac_digest_valid_q; - assign kmac_digest_rd_next = kmac_digest_valid_q && - ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest]; + + // Make an FSM to control eager KMAC refresh + // Need to have read from both WSR in order to fetch the next digests + // Consecutive reads from the same digest share are legal but will not trigger a + // new digest to be shifted from KMAC. + + kmac_eager_state_e eager_state_d, eager_state_q; + + always_comb begin : kmac_eager_next_fsm + // Default assignments + eager_state_d = eager_state_q; + kmac_digest_rd_next = 1'b0; + + unique case (eager_state_q) + StDigestWait: begin + // Determine if there is a read from digest 0 or digest 1 + if (kmac_digest_valid_q && ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest0]) begin + if (~kmac_cfg_mask_mode) begin + // When in unmasked mode we can immediately refresh + kmac_digest_rd_next = 1'b1; + eager_state_d = StDigestWait; + end else begin + eager_state_d = StDigestShare0; + end + end else if (kmac_digest_valid_q && ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest1]) begin + eager_state_d = StDigestShare1; + end + end + StDigestShare0: begin + if (kmac_digest_valid_q && ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest1]) begin + eager_state_d = StDigestWait; + kmac_digest_rd_next = 1'b1; + end + end + StDigestShare1: begin + if (kmac_digest_valid_q && ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest0]) begin + eager_state_d = StDigestWait; + kmac_digest_rd_next = 1'b1; + end + end + default: eager_state_d = StDigestWait; + endcase + end + always_ff @(posedge clk_i or negedge rst_ni) begin + if (!rst_ni) begin + eager_state_q <= StDigestWait; + end else if (kmac_new_cfg_q) begin + eager_state_q <= StDigestWait; + end else begin + eager_state_q <= eager_state_d; + end + end + + // Set when the received digest is valid/new always_ff @(posedge clk_i or negedge rst_ni) begin if (!rst_ni) begin kmac_digest_valid_q <= 1'b0; @@ -802,16 +1008,12 @@ generate end else if (kmac_new_cfg_q) begin sha_digest_rsp_cnt <= 2'b0; end else if (sha3_pkg::sha3_mode_e'(kmac_cfg_intg_q[1:0]) == sha3_pkg::Sha3) begin - if (ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest] && kmac_digest_valid_q) begin + if (kmac_digest_rd_next) begin sha_digest_rsp_cnt <= sha_digest_rsp_cnt + 1'b1; end end end - // Digest shares are xor'ed to get the unmasked share value - // If KMAC is operating in unmasked mode then share1 is '0 and xor remains the unmasked val - assign unmasked_digest_share = kmac_app_rsp_i.digest_share0 ^ kmac_app_rsp_i.digest_share1; - // MSG INTERFACE sha3_pkg::sha3_mode_e kmac_cfg_sha3_mode; sha3_pkg::keccak_strength_e kmac_cfg_keccak_strength; @@ -819,39 +1021,49 @@ generate logic [14:0] kmac_cfg_msg_len; logic [11:0] kmac_cfg_msg_len_words; logic [2:0] kmac_cfg_msg_len_bytes; - logic [11:0] kmac_msg_ctr; logic kmac_msg_err_clr; logic kmac_msg_err_clr_q; - logic kmac_msg_fifo_wready; - logic [WLEN-1:0] kmac_msg_fifo_wdata; - logic [WLEN-1:0] kmac_msg_fifo_wdata_mask; - logic kmac_msg_fifo_rvalid; - logic kmac_msg_fifo_rready; - logic [kmac_pkg::MsgWidth-1:0] kmac_msg_fifo_rdata; - logic [kmac_pkg::MsgWidth-1:0] kmac_msg_fifo_rdata_mask; - logic kmac_msg_fifo_flush; - logic kmac_msg_fifo_clr; + + // FIFO packer and counter shares + logic [11:0] kmac_msg_ctr [Share]; + logic kmac_msg_ctr_err [Share]; + logic [WLEN-1:0] kmac_msg_fifo_wdata_mask ; + logic kmac_msg_fifo_wready [Share]; + logic [WLEN-1:0] kmac_msg_fifo_wdata [Share]; + logic kmac_msg_fifo_rvalid [Share]; + logic kmac_msg_fifo_rready [Share]; + logic [kmac_pkg::MsgWidth-1:0] kmac_msg_fifo_rdata [Share]; + logic [kmac_pkg::MsgWidth-1:0] kmac_msg_fifo_rdata_mask [Share]; + logic kmac_msg_fifo_flush ; + logic kmac_msg_fifo_clr ; + + logic packer_ctr_last [Share]; + logic [7:0] packer_rdata_mask [Share]; + logic [3:0] packer_rdata_mask_cnt [Share]; + + // Signals for last from packer logic kmac_last_msg_all_bytes_valid; logic [kmac_pkg::MsgStrbW-1:0] kmac_last_msg_strb; + logic msg_last_words [Share]; + logic msg_last_bytes [Share]; - logic packer_ctr_last; - logic [7:0] packer_rdata_mask; - logic [3:0] packer_rdata_mask_cnt; - + // Config and status signals logic kmac_app_active; logic kmac_app_last; logic kmac_msg_active_q; logic kmac_cfg_active_q; logic kmac_write_cfg_to_app; - logic kmac_msg_ctr_err; logic kmac_msg_last; logic kmac_idle_q; logic kmac_cfg_done; logic kmac_app_cfg_sent; + logic kmac_ispr; - // Oversized and undersized msg handling + // AppIntf error handling signals logic kmac_msg_req_err; + logic kmac_msg_mask_err; + logic kmac_fifo_deadlock; logic kmac_pending_last; logic kmac_inject_last_err; logic kmac_undersized_req_err_q; @@ -866,15 +1078,21 @@ generate logic not_full_word; logic packer_oversized_last; + // Combined FIFO ready + logic kmac_msg_fifos_valid; + assign kmac_cfg_sha3_mode = sha3_pkg::sha3_mode_e'(kmac_cfg_intg_q[1:0]); assign kmac_cfg_keccak_strength = sha3_pkg::keccak_strength_e'(kmac_cfg_intg_q[4:2]); assign kmac_cfg_done = kmac_cfg_intg_q[31]; + assign kmac_cfg_mask_mode = kmac_cfg_intg_q[20]; assign kmac_cfg_msg_len = kmac_cfg_intg_q[19:5]; assign kmac_cfg_msg_len_words = kmac_cfg_msg_len[14:3]; assign kmac_cfg_msg_len_bytes = kmac_cfg_msg_len[2:0]; assign kmac_msg_err_clr = kmac_app_rsp_i.error | sec_wipe_kmac_regs_urnd_i - | kmac_msg_ctr_err; + | kmac_msg_ctr_err[0]; + + assign kmac_ispr = sec_wipe_kmac_regs_urnd_i | ispr_init_i; // We speculatively fetch the next digest but this is illegal for non XOF // modes. As such SHA will need to limit the speculative fetch based on strength. @@ -917,7 +1135,7 @@ generate always_ff @(posedge clk_i or negedge rst_ni) begin if (!rst_ni) begin kmac_new_cfg_q <= 1'b0; - end else if (kmac_cfg_wr_en & !sec_wipe_kmac_regs_urnd_i & !ispr_init_i) begin + end else if (kmac_cfg_wr_en & !kmac_ispr) begin kmac_new_cfg_q <= 1'b1; end else begin kmac_new_cfg_q <= 1'b0; @@ -950,7 +1168,7 @@ generate end else if (kmac_msg_err_clr || kmac_idle_q) begin kmac_msg_active_q <= 1'b0; kmac_cfg_active_q <= 1'b0; - end else if (kmac_msg_fifo_wready) begin //kmac_app_cfg_sent + end else if (kmac_msg_fifo_wready[0]) begin //kmac_app_cfg_sent kmac_msg_active_q <= kmac_cfg_active_q; end end @@ -959,11 +1177,21 @@ generate // Value is held until it is written into the fifo at the first wready signal always_ff @(posedge clk_i or negedge rst_ni) begin if (!rst_ni) begin - kmac_msg_valid_q <= 1'b0; - end else if (|(kmac_msg_wr_en) & !sec_wipe_kmac_regs_urnd_i & !ispr_init_i) begin - kmac_msg_valid_q <= 1'b1; - end else if (kmac_msg_fifo_wready) begin - kmac_msg_valid_q <= 1'b0; + kmac_msg_valid_q[0] <= 1'b0; + end else if (|(kmac_msg_wr_en[0]) & !kmac_ispr) begin + kmac_msg_valid_q[0] <= 1'b1; + end else if (kmac_msg_fifo_wready[0]) begin + kmac_msg_valid_q[0] <= 1'b0; + end + end + + always_ff @(posedge clk_i or negedge rst_ni) begin + if (!rst_ni) begin + kmac_msg_valid_q[1] <= 1'b0; + end else if (|(kmac_msg_wr_en[1]) & !kmac_ispr & kmac_cfg_mask_mode) begin + kmac_msg_valid_q[1] <= 1'b1; + end else if (kmac_msg_fifo_wready[1]) begin + kmac_msg_valid_q[1] <= 1'b0; end end @@ -1004,23 +1232,29 @@ generate // Convert the number of 1's in byte mask to decimal value for comparison // with CFG WSR partial word byte field always_comb begin - packer_rdata_mask_cnt = '0; + packer_rdata_mask_cnt[0] = '0; + packer_rdata_mask_cnt[1] = '0; for (int i = 0; i < kmac_pkg::MsgStrbW; i++) begin // collapse each 8-bit chunk into one strb bit - packer_rdata_mask[i] = |kmac_msg_fifo_rdata_mask[i*8 +: 8]; + packer_rdata_mask[0][i] = |kmac_msg_fifo_rdata_mask[0][i*8 +: 8]; + packer_rdata_mask[1][i] = |kmac_msg_fifo_rdata_mask[1][i*8 +: 8]; end - foreach (packer_rdata_mask[i]) begin - packer_rdata_mask_cnt += {3'b0, packer_rdata_mask[i]}; + for (int i = 0; i < 8; i++) begin + packer_rdata_mask_cnt[0] += {3'b0, packer_rdata_mask[0][i]}; + packer_rdata_mask_cnt[1] += {3'b0, packer_rdata_mask[1][i]}; end end // Internal copy of acc_controller stall signal to determine pending msg writes - assign kmac_msg_wr_stall = (kmac_msg_write & (~kmac_msg_fifo_wready)); + assign kmac_msg_wr_stall[0] = (kmac_msg_write[0] & (~kmac_msg_fifo_wready[0])); + assign kmac_msg_wr_stall[1] = (kmac_msg_write[1] & (~kmac_msg_fifo_wready[1])); // When reading the return digest the message has already been sent and any remainder is cleared - assign kmac_msg_fifo_clr = kmac_sent_last && (ispr_addr_i == IsprKmacDigest) && - !kmac_msg_pending_write_o; + assign kmac_msg_fifo_clr = kmac_sent_last && + ((ispr_addr_i == IsprKmacDigest0) | (ispr_addr_i == IsprKmacDigest1)) + && !kmac_msg_pending_write_o[0] && !kmac_msg_pending_write_o[1]; + // MSG SHARE 0 Packer and Ctr // Prim packer is used to send full words until the final word in msg request prim_packer #( .InW (WLEN), @@ -1029,15 +1263,15 @@ generate .clk_i, .rst_ni, - .valid_i (kmac_msg_fifo_wvalid), - .data_i (kmac_msg_fifo_wdata), + .valid_i (kmac_msg_fifo_wvalid[0]), + .data_i (kmac_msg_fifo_wdata[0]), .mask_i (kmac_msg_fifo_wdata_mask), - .ready_o (kmac_msg_fifo_wready), + .ready_o (kmac_msg_fifo_wready[0]), - .valid_o (kmac_msg_fifo_rvalid), - .data_o (kmac_msg_fifo_rdata), - .mask_o (kmac_msg_fifo_rdata_mask), - .ready_i (kmac_msg_fifo_rready), + .valid_o (kmac_msg_fifo_rvalid[0]), + .data_o (kmac_msg_fifo_rdata[0]), + .mask_o (kmac_msg_fifo_rdata_mask[0]), + .ready_i (kmac_msg_fifo_rready[0]), // kmac_msg_err_clr is for internal ACC error to empty the FIFO // kmac_msg_fifo_flush reads a partial word at the end of the msg @@ -1052,63 +1286,176 @@ generate prim_count #( .Width (12), .EnableAlertTriggerSVA('0) - ) u_kmac_msg_ctr ( + ) u_kmac_msg0_ctr ( .clk_i, .rst_ni, .clr_i (kmac_msg_err_clr || kmac_new_cfg_q || kmac_sent_last), .set_i (1'b0), .set_cnt_i ({(12){1'b0}}), - .incr_en_i (kmac_msg_fifo_rvalid & kmac_app_rsp_i.ready & kmac_msg_fifo_rready), + .incr_en_i (kmac_msg_fifo_rvalid[0] & kmac_app_rsp_i.ready & kmac_msg_fifo_rready[0]), .decr_en_i (1'b0), .step_i ({{(11){1'b0}}, {1'b1}}), .commit_i (1'b1), - .cnt_o (kmac_msg_ctr), + .cnt_o (kmac_msg_ctr[0]), .cnt_after_commit_o (/* unused */), - .err_o (kmac_msg_ctr_err) + .err_o (kmac_msg_ctr_err[0]) ); + // MSG SHARE 1 Packer and Ctr + prim_packer #( + .InW (WLEN), + .OutW (kmac_pkg::MsgWidth) + ) u_kmac_msg1_fifo ( + .clk_i, + .rst_ni, + + .valid_i (kmac_msg_fifo_wvalid[1]), + .data_i (kmac_msg_fifo_wdata[1]), + .mask_i (kmac_msg_fifo_wdata_mask), + .ready_o (kmac_msg_fifo_wready[1]), + + .valid_o (kmac_msg_fifo_rvalid[1]), + .data_o (kmac_msg_fifo_rdata[1]), + .mask_o (kmac_msg_fifo_rdata_mask[1]), + .ready_i (kmac_msg_fifo_rready[1]), + + // kmac_msg_err_clr is for internal ACC error to empty the FIFO + // kmac_msg_fifo_flush reads a partial word at the end of the msg + // kmac_msg_fifo_clr ensures the fifo is empty outside of an active msg + .flush_i (kmac_msg_err_clr || kmac_msg_fifo_flush || kmac_msg_fifo_clr), + .flush_done_o (), + + .err_o () + ); + + prim_count #( + .Width (12), + .EnableAlertTriggerSVA('0) + ) u_kmac_msg1_ctr ( + .clk_i, + .rst_ni, + + .clr_i (kmac_msg_err_clr || kmac_new_cfg_q || kmac_sent_last), + .set_i (1'b0), + .set_cnt_i ({(12){1'b0}}), + .incr_en_i (kmac_msg_fifo_rvalid[1] & kmac_app_rsp_i.ready & kmac_msg_fifo_rready[1]), + .decr_en_i (1'b0), + .step_i ({{(11){1'b0}}, {1'b1}}), + .commit_i (1'b1), + .cnt_o (kmac_msg_ctr[1]), + .cnt_after_commit_o (/* unused */), + .err_o (kmac_msg_ctr_err[1]) + ); + + // Check if we have a FIFO deadlock + always_comb begin + kmac_fifo_deadlock = 1'b0; + if (kmac_cfg_mask_mode) begin + if ( + (|kmac_msg_ispr_base_wr[0] & ~kmac_msg_fifo_wready[0]) & + ~kmac_msg_fifo_rvalid[1] & ~kmac_msg_valid_q[1] + ) begin + kmac_fifo_deadlock = 1'b1; + end + if ( + (|kmac_msg_ispr_base_wr[1] & ~kmac_msg_fifo_wready[1]) & + ~kmac_msg_fifo_rvalid[0] & ~kmac_msg_valid_q[0] + ) begin + kmac_fifo_deadlock = 1'b1; + end + if ((ispr_addr_i == IsprKmacPartialW) & ispr_base_wr_en_i[0]) begin + if (kmac_msg_valid_q[1] & ~kmac_msg_fifo_rready[1] & ~kmac_msg_fifo_rvalid[0]) begin + kmac_fifo_deadlock = 1'b1; + end + if (kmac_msg_valid_q[0] & ~kmac_msg_fifo_rready[0] & ~kmac_msg_fifo_rvalid[1]) begin + kmac_fifo_deadlock = 1'b1; + end + end + end + end + + // All fifos for masked mode are rvalid + assign kmac_msg_fifos_valid = kmac_cfg_mask_mode ? + kmac_msg_fifo_rvalid[0] && kmac_msg_fifo_rvalid[1] : + kmac_msg_fifo_rvalid[0]; + // Ensure that the read mask is at least the size of the cfg before asserting last - assign packer_ctr_last = (packer_rdata_mask_cnt >= {1'b0, kmac_cfg_msg_len_bytes}); + assign packer_ctr_last[0] = (packer_rdata_mask_cnt[0] >= {1'b0, kmac_cfg_msg_len_bytes}); + assign packer_ctr_last[1] = (packer_rdata_mask_cnt[1] >= {1'b0, kmac_cfg_msg_len_bytes}); // If it is time for the final word and there is a partial word we need to flush it out assign kmac_msg_fifo_flush = (kmac_msg_last && (kmac_cfg_msg_len_bytes != 3'h0) && - ~kmac_msg_fifo_rvalid); + (~kmac_msg_fifo_rvalid[0] && ~kmac_msg_fifo_rvalid[1])); assign kmac_write_cfg_to_app = kmac_cfg_active_q && (~kmac_msg_active_q | ~kmac_app_cfg_sent) && ~kmac_idle_q; - // fifo write iface - assign kmac_msg_fifo_wdata = kmac_msg_no_intg_q; - assign kmac_msg_fifo_wvalid = kmac_cfg_active_q && kmac_msg_valid_q && kmac_msg_fifo_wready && - ~kmac_msg_fifo_flush && ~kmac_sent_last && (~kmac_msg_last); + // fifo share 0 write iface + assign kmac_msg_fifo_wdata[0] = kmac_msg_no_intg_q[0]; + assign kmac_msg_fifo_wvalid[0] = + kmac_cfg_active_q && kmac_msg_valid_q[0] && kmac_msg_fifo_wready[0] && + ~kmac_msg_fifo_flush && ~kmac_sent_last && ~kmac_msg_last; - assign kmac_msg_write_ready_o = kmac_msg_fifo_wready; - assign kmac_msg_pending_write_o = kmac_msg_valid_q && ~kmac_sent_last; + assign kmac_msg_write_ready_o[0] = kmac_msg_fifo_wready[0]; - // fifo read iface - assign kmac_msg_fifo_rready = (kmac_app_rsp_i.ready & ~kmac_write_cfg_to_app) | - (kmac_sent_last | kmac_msg_err_clr_q); + // fifo share 0 read iface + // KMAC must be ready to receive data and we should only fetch the next word if both shares + // are asserted valid on the AppIntf. The FIFO may have to wait during writes to the other share. + assign kmac_msg_fifo_rready[0] = (kmac_app_rsp_i.ready & ~kmac_write_cfg_to_app & + kmac_msg_fifo_rvalid[0] & kmac_app_req_o.valid) | + (kmac_sent_last | kmac_msg_err_clr_q); - assign kmac_msg_last = (kmac_cfg_msg_len_bytes == 3'h0) ? - (kmac_msg_ctr >= kmac_cfg_msg_len_words - 1) && kmac_msg_fifo_rvalid : - ((kmac_msg_ctr >= kmac_cfg_msg_len_words) && packer_ctr_last); + // fifo share 1 write iface + assign kmac_msg_fifo_wdata[1] = kmac_msg_no_intg_q[1]; + assign kmac_msg_fifo_wvalid[1] = + kmac_cfg_active_q && kmac_msg_valid_q[1] && kmac_msg_fifo_wready[1] && + ~kmac_msg_fifo_flush && ~kmac_sent_last && ~kmac_msg_last; + + assign kmac_msg_write_ready_o[1] = kmac_msg_fifo_wready[1]; + + // fifo share 1 read iface + assign kmac_msg_fifo_rready[1] = (kmac_app_rsp_i.ready & ~kmac_write_cfg_to_app & + kmac_msg_fifo_rvalid[1] & kmac_app_req_o.valid) | + (kmac_sent_last | kmac_msg_err_clr_q); + + assign kmac_msg_pending_write_o[0] = kmac_msg_valid_q[0] && ~kmac_sent_last; + assign kmac_msg_pending_write_o[1] = kmac_msg_valid_q[1] && ~kmac_sent_last; + + assign msg_last_words[0] = (kmac_msg_ctr[0] >= kmac_cfg_msg_len_words - 1) && + kmac_msg_fifo_rvalid[0]; + assign msg_last_bytes[0] = ((kmac_msg_ctr[0] >= kmac_cfg_msg_len_words) && packer_ctr_last[0]); + assign msg_last_words[1] = (kmac_msg_ctr[1] >= kmac_cfg_msg_len_words - 1) && + kmac_msg_fifo_rvalid[1]; + assign msg_last_bytes[1] = ((kmac_msg_ctr[1] >= kmac_cfg_msg_len_words) && packer_ctr_last[1]); + + always_comb begin + if (kmac_cfg_msg_len_bytes == 3'h0) begin + if (kmac_cfg_mask_mode) kmac_msg_last = msg_last_words[0] & msg_last_words[1]; + else kmac_msg_last = msg_last_words[0]; + end else begin + if (kmac_cfg_mask_mode) kmac_msg_last = msg_last_bytes[0] & msg_last_bytes[1]; + else kmac_msg_last = msg_last_bytes[0]; + end + end // Compute the assignment for kmac_app_req_o.hold assign kmac_app_active = kmac_cfg_active_q & ~kmac_new_cfg_q & ~kmac_cfg_done; // Compute the assignment for kmac_app_req_o.last - assign kmac_app_last = kmac_inject_last_err | (kmac_msg_fifo_rvalid & kmac_msg_last); + assign kmac_app_last = kmac_inject_last_err | (kmac_msg_fifos_valid & kmac_msg_last); // When there is an undersized message we artificially inject a last valid to finish the message assign kmac_app_req_o.valid = (kmac_write_cfg_to_app || kmac_inject_last_err) ? - 1'b1 : kmac_msg_fifo_rvalid && ~kmac_new_cfg_q && - ~kmac_sent_last && ~kmac_msg_err_clr_q; + 1'b1 : kmac_msg_fifos_valid && ~kmac_new_cfg_q && + ~kmac_sent_last && ~kmac_msg_err_clr_q; // The first word contains the cfg otherwise send the body - assign kmac_app_req_o.data = kmac_write_cfg_to_app ? - {59'b0, kmac_cfg_keccak_strength, kmac_cfg_sha3_mode} : - kmac_msg_fifo_rdata; + assign kmac_app_req_o.data_share0 = kmac_write_cfg_to_app ? + {59'b0, kmac_cfg_keccak_strength, kmac_cfg_sha3_mode} : + kmac_msg_fifo_rdata[0]; + assign kmac_app_req_o.data_share1 = (kmac_write_cfg_to_app | ~kmac_cfg_mask_mode) ? + 64'b0 : kmac_msg_fifo_rdata[1]; // The strb will always be 8'hFF except for the CFG and last word assign kmac_app_req_o.strb = kmac_write_cfg_to_app ? @@ -1119,9 +1466,7 @@ generate assign kmac_app_req_o.last = kmac_app_last; // If we request an additional digest send a next to KMAC - assign kmac_app_req_o.next = kmac_digest_valid_o - & ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest] - & kmac_next_sha; + assign kmac_app_req_o.next = kmac_digest_valid_o & kmac_digest_rd_next & kmac_next_sha; // Hold will remain active for duration of transaction unless an internal error occurs assign kmac_app_req_o.hold = kmac_app_active; @@ -1134,7 +1479,7 @@ generate kmac_sent_last <= 1'b0; end else begin // Either we observed a valid last or we artificially created a last - if ((kmac_msg_fifo_rvalid & kmac_msg_last) | kmac_inject_last_err) begin + if ((kmac_msg_fifo_rvalid[0] & kmac_msg_last) | kmac_inject_last_err) begin kmac_pending_last <= 1'b1; // Prepared to send the final word if (kmac_app_rsp_i.ready) begin kmac_sent_last <= 1'b1; @@ -1153,9 +1498,11 @@ generate // The FIFO should not be in a flush cycle always_comb begin kmac_msg_req_err = 1'b0; - if (ispr_addr_i == IsprKmacDigest && kmac_app_active) begin - kmac_msg_req_err = (!kmac_msg_pending_write_o && !kmac_msg_fifo_rvalid - && !kmac_msg_fifo_flush && !kmac_msg_fifo_wvalid); + if ((ispr_addr_i == IsprKmacDigest0 | ispr_addr_i == IsprKmacDigest1) && kmac_app_active) begin + kmac_msg_req_err = !(kmac_msg_pending_write_o[0] | kmac_msg_pending_write_o[1]) && + !(kmac_msg_fifos_valid) && + !kmac_msg_fifo_flush && + !(kmac_msg_fifo_wvalid[0] | kmac_msg_fifo_wvalid[1]); end end @@ -1212,21 +1559,47 @@ generate end end + always_comb begin + kmac_msg_mask_err = 1'b0; + if (kmac_cfg_mask_mode) begin + if (kmac_app_req_o.last & kmac_app_req_o.valid) begin + if (packer_rdata_mask_cnt[0] != packer_rdata_mask_cnt[1]) begin + kmac_msg_mask_err = 1'b1; + end else begin + kmac_msg_mask_err = 1'b0; + end + end + end + end + // The cfg reads 0 when it is a full word which means the mask is 8 so we must skip evaluation // at these sizes, otherwise check if mask is greater than the cfg - assign not_full_word = ~(packer_rdata_mask_cnt == 4'h8 & kmac_cfg_msg_len_bytes == 3'h0); + always_comb begin + not_full_word = 1'b0; + if (kmac_cfg_mask_mode) begin + not_full_word = ~(packer_rdata_mask_cnt[0] == 4'h8 & kmac_cfg_msg_len_bytes == 3'h0) & + ~(packer_rdata_mask_cnt[1] == 4'h8 & kmac_cfg_msg_len_bytes == 3'h0); + end else begin + not_full_word = ~(packer_rdata_mask_cnt[0] == 4'h8 & kmac_cfg_msg_len_bytes == 3'h0); + end + end assign packer_oversized_last = - not_full_word & (packer_rdata_mask_cnt > {1'b0, kmac_cfg_msg_len_bytes}); + not_full_word & ((packer_rdata_mask_cnt[0] > {1'b0, kmac_cfg_msg_len_bytes}) | + (packer_rdata_mask_cnt[1] > {1'b0, kmac_cfg_msg_len_bytes})); assign last_word_oversized = kmac_msg_last & packer_oversized_last; // Read or write to/from FIFO that occurs after last - assign rw_after_last = kmac_sent_last & (kmac_msg_fifo_rvalid | kmac_msg_valid_q); + assign rw_after_last = kmac_sent_last & ((kmac_msg_fifo_rvalid[0] | kmac_msg_valid_q[0]) | + (kmac_msg_fifo_rvalid[1] | kmac_msg_valid_q[1])); // There is still a pending write to the FIFO while last is being asserted after flush - assign write_during_last = kmac_app_last & kmac_msg_valid_q; + assign write_during_last = kmac_app_last & (kmac_msg_valid_q[0] | kmac_msg_valid_q[1]); // Injecting an artificial last may impact the write_during_last flag so we check that the // message isn't undersized before raising this flag - assign kmac_oversized_req_err = (rw_after_last | write_during_last) - & ~kmac_undersized_req_err_latch | last_word_oversized; + assign kmac_oversized_req_err = (rw_after_last | write_during_last) | last_word_oversized; + + assign kmac_intf_fatal_error_o = kmac_app_rsp_i.error | kmac_undersized_req_err | + kmac_oversized_req_err | kmac_fifo_deadlock | kmac_msg_mask_err; + assign kmac_intf_recov_error_o = kmac_digest1_illegal_rd | kmac_msg1_illegal_wr; end endgenerate @@ -1288,16 +1661,18 @@ endgenerate localparam int IsprAccIntg = 1; generate if (AccPQCEn) begin : gen_ispr_ids_pqc - localparam int IsprKmacMsgIntg = 2; - localparam int IsprKmacDigestIntg = 3; - localparam int IsprAccHIntg = 4; + localparam int IsprKmacMsg0Intg = 2; + localparam int IsprKmacMsg1Intg = 3; + localparam int IsprKmacDigest0Intg = 4; + localparam int IsprKmacDigest1Intg = 5; + localparam int IsprAccHIntg = 6; end endgenerate // ID representing all ISPRs with no integrity - localparam int IsprNoIntg = AccPQCEn ? 5 : 2; + localparam int IsprNoIntg = AccPQCEn ? 7 : 2; // Number of ISPRs that have integrity protection - localparam int NIntgIspr = AccPQCEn ? 5 : 2; + localparam int NIntgIspr = AccPQCEn ? 7 : 2; logic [NIntgIspr:0] ispr_rdata_intg_mux_sel; logic [ExtWLEN-1:0] ispr_rdata_intg_mux_in [NIntgIspr+1]; @@ -1309,7 +1684,8 @@ endgenerate assign ispr_rdata_no_intg_mux_in[IsprAcc] = 0; generate if (AccPQCEn) begin : gen_ispr_no_intg_mux_pqc - assign ispr_rdata_no_intg_mux_in[IsprKmacMsg] = 0; + assign ispr_rdata_no_intg_mux_in[IsprKmacMsg0] = 0; + assign ispr_rdata_no_intg_mux_in[IsprKmacMsg1] = 0; assign ispr_rdata_no_intg_mux_in[IsprKmacCfg] = {224'b0, gen_pqc_wsr.kmac_cfg_intg_q[31:0]}; @@ -1317,8 +1693,9 @@ endgenerate assign ispr_rdata_no_intg_mux_in[IsprKmacStatus] = {224'b0, gen_pqc_wsr.kmac_status_intg_q[31:0]}; - assign ispr_rdata_no_intg_mux_in[IsprKmacDigest] = 0; - assign ispr_rdata_no_intg_mux_in[IsprAccH] = 0; + assign ispr_rdata_no_intg_mux_in[IsprKmacDigest0] = 0; + assign ispr_rdata_no_intg_mux_in[IsprKmacDigest1] = 0; + assign ispr_rdata_no_intg_mux_in[IsprAccH] = 0; end endgenerate @@ -1357,30 +1734,38 @@ endgenerate end // Second stage - assign ispr_rdata_intg_mux_in[IsprModIntg] = mod_intg_q; - assign ispr_rdata_intg_mux_in[IsprAccIntg] = ispr_acc_intg_i; - assign ispr_rdata_intg_mux_in[IsprNoIntg] = ispr_rdata_intg_calc; + assign ispr_rdata_intg_mux_in[IsprModIntg] = mod_intg_q; + assign ispr_rdata_intg_mux_in[IsprAccIntg] = ispr_acc_intg_i; + assign ispr_rdata_intg_mux_in[IsprNoIntg] = ispr_rdata_intg_calc; generate if (AccPQCEn) begin : gen_ispr_intg_mux_pqc - assign ispr_rdata_intg_mux_in[gen_ispr_ids_pqc.IsprKmacMsgIntg] = - gen_pqc_wsr.kmac_msg_intg_q; - assign ispr_rdata_intg_mux_in[gen_ispr_ids_pqc.IsprKmacDigestIntg] = - gen_pqc_wsr.kmac_digest_intg_q; - assign ispr_rdata_intg_mux_in[gen_ispr_ids_pqc.IsprAccHIntg] = ispr_acch_intg_i; + assign ispr_rdata_intg_mux_in[gen_ispr_ids_pqc.IsprKmacMsg0Intg] = + gen_pqc_wsr.kmac_msg_intg_q[0]; + assign ispr_rdata_intg_mux_in[gen_ispr_ids_pqc.IsprKmacMsg1Intg] = + gen_pqc_wsr.kmac_digest_intg_q[1]; + assign ispr_rdata_intg_mux_in[gen_ispr_ids_pqc.IsprKmacDigest0Intg] = + gen_pqc_wsr.kmac_digest_intg_q[0]; + assign ispr_rdata_intg_mux_in[gen_ispr_ids_pqc.IsprKmacDigest1Intg] = + gen_pqc_wsr.kmac_digest_intg_q[1]; + assign ispr_rdata_intg_mux_in[gen_ispr_ids_pqc.IsprAccHIntg] = ispr_acch_intg_i; end endgenerate - assign ispr_rdata_intg_mux_sel[IsprModIntg] = ispr_predec_bignum_i.ispr_rd_en[IsprMod]; - assign ispr_rdata_intg_mux_sel[IsprAccIntg] = ispr_predec_bignum_i.ispr_rd_en[IsprAcc]; + assign ispr_rdata_intg_mux_sel[IsprModIntg] = ispr_predec_bignum_i.ispr_rd_en[IsprMod]; + assign ispr_rdata_intg_mux_sel[IsprAccIntg] = ispr_predec_bignum_i.ispr_rd_en[IsprAcc]; generate if (AccPQCEn) begin : gen_ispr_intg_mux_sel_pqc - assign ispr_rdata_intg_mux_sel[gen_ispr_ids_pqc.IsprKmacMsgIntg] = - ispr_predec_bignum_i.ispr_rd_en[IsprKmacMsg]; - assign ispr_rdata_intg_mux_sel[gen_ispr_ids_pqc.IsprKmacDigestIntg] = - ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest]; - assign ispr_rdata_intg_mux_sel[gen_ispr_ids_pqc.IsprAccHIntg] = + assign ispr_rdata_intg_mux_sel[gen_ispr_ids_pqc.IsprKmacMsg0Intg] = + ispr_predec_bignum_i.ispr_rd_en[IsprKmacMsg0]; + assign ispr_rdata_intg_mux_sel[gen_ispr_ids_pqc.IsprKmacMsg1Intg] = + ispr_predec_bignum_i.ispr_rd_en[IsprKmacMsg1]; + assign ispr_rdata_intg_mux_sel[gen_ispr_ids_pqc.IsprKmacDigest0Intg] = + ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest0]; + assign ispr_rdata_intg_mux_sel[gen_ispr_ids_pqc.IsprKmacDigest1Intg] = + ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest1]; + assign ispr_rdata_intg_mux_sel[gen_ispr_ids_pqc.IsprAccHIntg] = ispr_predec_bignum_i.ispr_rd_en[IsprAccH]; end endgenerate @@ -2498,8 +2883,7 @@ generate assign gen_unused_pqc_bits.unused_pqc_bits = ^{gen_pqc_wsr.ispr_kmac_cfg_bignum_wdata_intg_blanked[311:39], gen_pqc_wsr.ispr_kmac_pw_bignum_wdata_intg_blanked[311:39], - gen_pqc_wsr.kmac_pw_intg_err, - gen_pqc_wsr.unmasked_digest_share[383:256]}; + gen_pqc_wsr.kmac_pw_intg_err}; end endgenerate @@ -2517,19 +2901,23 @@ generate if (AccPQCEn) begin : gen_reg_intg_err_pqc logic kmac_used; assign kmac_used = operation_valid_i & (operation_i.op != AluOpBignumNone) & - ( |(ispr_predec_bignum_i.ispr_rd_en[IsprKmacMsg]) | - |(ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest]) | - |(ispr_predec_bignum_i.ispr_rd_en[IsprKmacCfg]) | - |(ispr_predec_bignum_i.ispr_rd_en[IsprKmacStatus]) ); + ( |(ispr_predec_bignum_i.ispr_rd_en[IsprKmacMsg0]) | + |(ispr_predec_bignum_i.ispr_rd_en[IsprKmacMsg1]) | + |(ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest0]) | + |(ispr_predec_bignum_i.ispr_rd_en[IsprKmacDigest1]) | + |(ispr_predec_bignum_i.ispr_rd_en[IsprKmacCfg]) | + |(ispr_predec_bignum_i.ispr_rd_en[IsprKmacStatus]) ); `ASSERT_KNOWN(KmacUsed_A, kmac_used) // Raise a register integrity violation error iff `mod_intg_q` is used // and (at least partially) invalid. assign reg_intg_violation_err_o = (mod_used & |(mod_intg_err)) | - (kmac_used & ( |(gen_pqc_wsr.kmac_msg_intg_err) | - |(gen_pqc_wsr.kmac_cfg_intg_err) | - |(gen_pqc_wsr.kmac_status_intg_err) | - |(gen_pqc_wsr.kmac_digest_intg_err) )); + (kmac_used & ( |(gen_pqc_wsr.kmac_msg_intg_err[0]) | + |(gen_pqc_wsr.kmac_msg_intg_err[1]) | + |(gen_pqc_wsr.kmac_digest_intg_err[0]) | + |(gen_pqc_wsr.kmac_digest_intg_err[1]) | + |(gen_pqc_wsr.kmac_cfg_intg_err) | + |(gen_pqc_wsr.kmac_status_intg_err))); // Detect and signal unexpected secure wipe signals. assign sec_wipe_err_o = (sec_wipe_kmac_regs_urnd_i | sec_wipe_mod_urnd_i) @@ -2635,10 +3023,18 @@ generate gen_pqc_wsr.ispr_kmac_cfg_bignum_wdata_intg_blanked == '0, clk_i, !rst_ni || ispr_predec_error_o || alu_predec_error_o || !operation_commit_i) - // KMAC MSG ISPR Blanking - `ASSERT(BlankingIsprKmacMsgA, - !((|gen_pqc_wsr.kmac_msg_wr_en) | ispr_predec_bignum_i.ispr_wr_en[IsprKmacMsg]) |-> - gen_pqc_wsr.ispr_kmac_msg_bignum_wdata_intg_blanked == '0, + // KMAC MSG0 ISPR Blanking + `ASSERT(BlankingIsprKmacMsg0A, + !((|gen_pqc_wsr.kmac_msg_wr_en[0]) | + ispr_predec_bignum_i.ispr_wr_en[IsprKmacMsg0]) |-> + gen_pqc_wsr.ispr_kmac_msg_bignum_wdata_intg_blanked[0] == '0, + clk_i, !rst_ni || ispr_predec_error_o || alu_predec_error_o || !operation_commit_i) + + // KMAC MSG1 ISPR Blanking + `ASSERT(BlankingIsprKmacMsg1A, + !((|gen_pqc_wsr.kmac_msg_wr_en[1]) | + ispr_predec_bignum_i.ispr_wr_en[IsprKmacMsg1]) |-> + gen_pqc_wsr.ispr_kmac_msg_bignum_wdata_intg_blanked[1] == '0, clk_i, !rst_ni || ispr_predec_error_o || alu_predec_error_o || !operation_commit_i) end endgenerate diff --git a/hw/ip/acc/rtl/acc_controller.sv b/hw/ip/acc/rtl/acc_controller.sv index 69a9cde5692..38cb6477e70 100644 --- a/hw/ip/acc/rtl/acc_controller.sv +++ b/hw/ip/acc/rtl/acc_controller.sv @@ -26,7 +26,8 @@ module acc_controller parameter bit AccPQCEn = 1'b1, localparam int ImemAddrWidth = prim_util_pkg::vbits(ImemSizeByte), - localparam int DmemAddrWidth = prim_util_pkg::vbits(DmemSizeByte) + localparam int DmemAddrWidth = prim_util_pkg::vbits(DmemSizeByte), + localparam int Share = 2 ) ( input logic clk_i, input logic rst_ni, @@ -153,8 +154,8 @@ module acc_controller input logic urnd_reseed_err_i, // KMAC interface - input logic kmac_msg_write_ready_i, - input logic kmac_msg_pending_write_i, + input logic kmac_msg_write_ready_i [Share], + input logic kmac_msg_pending_write_i [Share], input logic kmac_digest_valid_i, // Secure Wipe @@ -193,7 +194,8 @@ module acc_controller if (!AccPQCEn) begin : gen_unused_ports // Tie off unused inputs logic unused_bits; - assign unused_bits = ^{kmac_msg_write_ready_i, kmac_msg_pending_write_i, + assign unused_bits = ^{kmac_msg_write_ready_i[0], kmac_msg_pending_write_i[0], + kmac_msg_write_ready_i[1], kmac_msg_pending_write_i[1], kmac_digest_valid_i}; end endgenerate @@ -230,8 +232,11 @@ module acc_controller generate if (AccPQCEn) begin : gen_kmac_nets logic kmac_write_stall; + logic kmac_msg0_stall; + logic kmac_msg1_stall; + logic kmac_msg0_write_req_raw; + logic kmac_msg1_write_req_raw; logic kmac_digest_req_raw; - logic kmac_msg_write_req_raw; logic kmac_msg_partial_raw; end endgenerate @@ -416,9 +421,16 @@ module acc_controller assign ispr_stall = (rnd_req_raw & ~rnd_valid_i) | (gen_kmac_nets.kmac_digest_req_raw & ~kmac_digest_valid_i); - assign gen_kmac_nets.kmac_write_stall = - (gen_kmac_nets.kmac_msg_write_req_raw & ~kmac_msg_write_ready_i) | - (gen_kmac_nets.kmac_msg_partial_raw & kmac_msg_pending_write_i); + assign gen_kmac_nets.kmac_msg0_stall = + (gen_kmac_nets.kmac_msg0_write_req_raw & ~kmac_msg_write_ready_i[0]) | + (gen_kmac_nets.kmac_msg_partial_raw & kmac_msg_pending_write_i[0]); + + assign gen_kmac_nets.kmac_msg1_stall = + (gen_kmac_nets.kmac_msg1_write_req_raw & ~kmac_msg_write_ready_i[1]) | + (gen_kmac_nets.kmac_msg_partial_raw & kmac_msg_pending_write_i[1]); + + assign gen_kmac_nets.kmac_write_stall = gen_kmac_nets.kmac_msg0_stall | + gen_kmac_nets.kmac_msg1_stall; assign stall = mem_stall | ispr_stall | rf_indirect_stall | gen_kmac_nets.kmac_write_stall; end else begin : gen_ispr_stall @@ -1512,9 +1524,16 @@ module acc_controller WsrRnd: ispr_addr_bignum = IsprRnd; WsrUrnd: ispr_addr_bignum = IsprUrnd; WsrAcc: ispr_addr_bignum = IsprAcc; - WsrKmacMsg: begin + WsrKmacMsg0: begin + if (AccPQCEn) begin + ispr_addr_bignum = IsprKmacMsg0; + end else begin + wsr_illegal_addr = 1'b1; + end + end + WsrKmacMsg1: begin if (AccPQCEn) begin - ispr_addr_bignum = IsprKmacMsg; + ispr_addr_bignum = IsprKmacMsg1; end else begin wsr_illegal_addr = 1'b1; end @@ -1526,9 +1545,16 @@ module acc_controller wsr_illegal_addr = 1'b1; end end - WsrKmacDigest: begin + WsrKmacDigest0: begin + if (AccPQCEn) begin + ispr_addr_bignum = IsprKmacDigest0; + end else begin + wsr_illegal_addr = 1'b1; + end + end + WsrKmacDigest1: begin if (AccPQCEn) begin - ispr_addr_bignum = IsprKmacDigest; + ispr_addr_bignum = IsprKmacDigest1; end else begin wsr_illegal_addr = 1'b1; end @@ -1708,12 +1734,15 @@ module acc_controller generate if (AccPQCEn) begin : gen_kmac_raw - assign gen_kmac_nets.kmac_digest_req_raw = insn_valid_i & ispr_rd_insn & - (ispr_addr_o == IsprKmacDigest); - assign gen_kmac_nets.kmac_msg_write_req_raw = insn_valid_i & ispr_wr_insn & - (ispr_addr_o == IsprKmacMsg); - assign gen_kmac_nets.kmac_msg_partial_raw = insn_valid_i & ispr_wr_insn & - (ispr_addr_o == IsprKmacPartialW); + assign gen_kmac_nets.kmac_digest_req_raw = insn_valid_i & ispr_rd_insn & + ((ispr_addr_o == IsprKmacDigest0) + |(ispr_addr_o == IsprKmacDigest1)); + assign gen_kmac_nets.kmac_msg0_write_req_raw = insn_valid_i & ispr_wr_insn & + (ispr_addr_o == IsprKmacMsg0); + assign gen_kmac_nets.kmac_msg1_write_req_raw = insn_valid_i & ispr_wr_insn & + (ispr_addr_o == IsprKmacMsg1); + assign gen_kmac_nets.kmac_msg_partial_raw = insn_valid_i & ispr_wr_insn & + (ispr_addr_o == IsprKmacPartialW); end endgenerate diff --git a/hw/ip/acc/rtl/acc_core.sv b/hw/ip/acc/rtl/acc_core.sv index ac39ea15f15..b858765bfe0 100644 --- a/hw/ip/acc/rtl/acc_core.sv +++ b/hw/ip/acc/rtl/acc_core.sv @@ -266,8 +266,9 @@ module acc_core logic insn_cnt_clear_int; logic [31:0] insn_cnt; - logic kmac_msg_write_ready; - logic kmac_msg_pending_write; + // Split into two shares + logic kmac_msg_write_ready [2]; + logic kmac_msg_pending_write [2]; logic kmac_digest_valid; logic secure_wipe_req, secure_wipe_ack; @@ -303,7 +304,7 @@ module acc_core logic start_stop_fatal_error; logic rf_bignum_predec_error, alu_bignum_predec_error, ispr_predec_error, mac_bignum_predec_error; - logic controller_predec_error; + logic controller_predec_error, kmac_intf_fatal_error, kmac_intf_recov_error; logic rd_predec_error, predec_error; logic req_sec_wipe_urnd_keys_q; @@ -631,6 +632,7 @@ module acc_core // Generate an err_bits output by combining errors from all the blocks in acc_core assign err_bits_d = '{ + kmac_fatal_error: kmac_intf_fatal_error, fatal_software: controller_err_bits.fatal_software, bad_internal_state: |{controller_err_bits.bad_internal_state, start_stop_fatal_error, @@ -643,6 +645,7 @@ module acc_core non_controller_reg_intg_violation}, dmem_intg_violation: lsu_rdata_err, imem_intg_violation: insn_fetch_err, + kmac_recov_error: kmac_intf_recov_error, rnd_fips_chk_fail: rnd_fips_err, rnd_rep_chk_fail: rnd_rep_err, key_invalid: controller_err_bits.key_invalid, @@ -674,17 +677,18 @@ module acc_core mubi4_bool_to_mubi(|{start_stop_fatal_error, urnd_all_zero, predec_error, rf_base_intg_err, rf_base_spurious_we_err, lsu_rdata_err, insn_fetch_err, non_controller_reg_intg_violation, - insn_addr_err})); + insn_addr_err, kmac_intf_fatal_error})); assign controller_recov_escalate_en = - mubi4_bool_to_mubi(|{rnd_rep_err, rnd_fips_err}); + mubi4_bool_to_mubi(|{rnd_rep_err, rnd_fips_err, kmac_intf_recov_error}); // Similarly for the start/stop controller assign start_stop_escalate_en = mubi4_or_hi(escalate_en_i, mubi4_bool_to_mubi(|{urnd_all_zero, rf_base_intg_err, rf_base_spurious_we_err, predec_error, lsu_rdata_err, insn_fetch_err, - controller_fatal_err, insn_addr_err})); + controller_fatal_err, insn_addr_err, + kmac_intf_fatal_error})); // Signal error if MuBi input signals take on invalid values as this means something bad is // happening. The explicit error detection is required as the mubi4_or_hi operations above @@ -912,7 +916,9 @@ module acc_core .kmac_app_req_o, .alu_predec_error_o(alu_bignum_predec_error), - .ispr_predec_error_o(ispr_predec_error) + .ispr_predec_error_o(ispr_predec_error), + .kmac_intf_fatal_error_o(kmac_intf_fatal_error), + .kmac_intf_recov_error_o(kmac_intf_recov_error) ); acc_mac_bignum #( diff --git a/hw/ip/acc/rtl/acc_digest_mux.sv b/hw/ip/acc/rtl/acc_digest_mux.sv new file mode 100644 index 00000000000..641dd368152 --- /dev/null +++ b/hw/ip/acc/rtl/acc_digest_mux.sv @@ -0,0 +1,32 @@ +// Copyright zeroRISC Inc. +// Licensed under the Apache License, Version 2.0, see LICENSE for details. +// SPDX-License-Identifier: Apache-2.0 + + +/** + * This is a simple module to unmask the KMAC digest depending on the + * AppIntf configuration. It exists as a standalone module to allow isolation + * as this module should be considered a *do_not_touch* to stop any + * optimizations for the mux and xor location to prevent leakage during + * masked operations. + */ + +module acc_digest_mux + import acc_pkg::*; +( + input logic [DigestRegLen-1:0] digest_share0_i, + input logic [DigestRegLen-1:0] digest_share1_i, + input logic mask_digest_en_i, + + output logic [DigestRegLen-1:0] digest_share0_wsr_o +); + + logic [DigestRegLen-1:0] digest_share1_mux; + logic [DigestRegLen-1:0] digest_share0_result; + + assign digest_share1_mux = mask_digest_en_i ? 256'b0 : digest_share1_i; + assign digest_share0_result = digest_share0_i ^ digest_share1_mux; + + assign digest_share0_wsr_o = digest_share0_result; + +endmodule diff --git a/hw/ip/acc/rtl/acc_pkg.sv b/hw/ip/acc/rtl/acc_pkg.sv index c016cceabd7..b2e3de0a9ae 100644 --- a/hw/ip/acc/rtl/acc_pkg.sv +++ b/hw/ip/acc/rtl/acc_pkg.sv @@ -108,6 +108,7 @@ package acc_pkg; // // Note: These errors are duplicated in other places. If updating them here, update those too. typedef struct packed { + logic kmac_fatal_error; logic fatal_software; logic lifecycle_escalation; logic illegal_bus_access; @@ -116,6 +117,7 @@ package acc_pkg; logic reg_intg_violation; logic dmem_intg_violation; logic imem_intg_violation; + logic kmac_recov_error; logic rnd_fips_chk_fail; logic rnd_rep_chk_fail; logic key_invalid; @@ -186,11 +188,13 @@ package acc_pkg; // All the error signals that can be generated somewhere inside acc_core typedef struct packed { + logic kmac_fatal_error; logic fatal_software; logic bad_internal_state; logic reg_intg_violation; logic dmem_intg_violation; logic imem_intg_violation; + logic kmac_recov_error; logic rnd_fips_chk_fail; logic rnd_rep_chk_fail; logic key_invalid; @@ -371,15 +375,17 @@ package acc_pkg; WsrKeyS1L = 'd6, WsrKeyS1H = 'd7, WsrKmacCfg = 'd8, - WsrKmacMsg = 'd9, - WsrKmacDigest = 'd10, - WsrAccH = 'd11 + WsrKmacMsg0 = 'd9, + WsrKmacDigest0 = 'd10, + WsrAccH = 'd11, + WsrKmacMsg1 = 'd12, + WsrKmacDigest1 = 'd13 } wsr_e; // Internal Special Purpose Registers (ISPRs) // CSRs and WSRs have some overlap into what they map into. ISPRs are the actual registers in the // design which CSRs and WSRs are mapped on to. - parameter int NIspr = 15; + parameter int NIspr = 17; parameter int IsprNumWidth = $clog2(NIspr); typedef enum logic [IsprNumWidth-1:0] { IsprMod = 'd0, @@ -392,11 +398,13 @@ package acc_pkg; IsprKeyS1L = 'd7, IsprKeyS1H = 'd8, IsprKmacCfg = 'd9, - IsprKmacMsg = 'd10, - IsprKmacStatus = 'd11, - IsprKmacDigest = 'd12, - IsprKmacPartialW = 'd13, - IsprAccH = 'd14 + IsprKmacMsg0 = 'd10, + IsprKmacMsg1 = 'd11, + IsprKmacStatus = 'd12, + IsprKmacDigest0 = 'd13, + IsprKmacDigest1 = 'd14, + IsprKmacPartialW = 'd15, + IsprAccH = 'd16 } ispr_e; typedef logic [$clog2(NFlagGroups)-1:0] flag_group_t; @@ -659,12 +667,61 @@ package acc_pkg; // Minimum Hamming weight: 2 // Maximum Hamming weight: 3 // - localparam int StateWidth = 4; - typedef enum logic [StateWidth-1:0] { + localparam int StateUndersizedWidth = 4; + typedef enum logic [StateUndersizedWidth-1:0] { StIdle = 4'b1010, StPendingReady = 4'b1101 } kmac_undersized_state_e; + // States for eager KMAC refresh with masked digest + // Encoding generated with: + // $ ./util/design/sparse-fsm-encode.py -d 2 -m 3 -n 4 \ + // -s 2029365291 --language=sv + // + // Hamming distance histogram: + // + // 0: -- + // 1: -- + // 2: |||||||||| (33.33%) + // 3: |||||||||||||||||||| (66.67%) + // 4: -- + // + // Minimum Hamming distance: 2 + // Maximum Hamming distance: 3 + // Minimum Hamming weight: 2 + // Maximum Hamming weight: 3 + // + localparam int StateEagerWidth = 4; + typedef enum logic [StateEagerWidth-1:0] { + StDigestWait = 4'b1010, + StDigestShare0 = 4'b0111, + StDigestShare1 = 4'b1100 + } kmac_eager_state_e; + + // Encoding generated with: + // $ ./util/design/sparse-fsm-encode.py -d 2 -m 3 -n 4 \ + // -s 4780358931 --language=sv + // + // Hamming distance histogram: + // + // 0: -- + // 1: -- + // 2: |||||||||| (33.33%) + // 3: |||||||||||||||||||| (66.67%) + // 4: -- + // + // Minimum Hamming distance: 2 + // Maximum Hamming distance: 3 + // Minimum Hamming weight: 1 + // Maximum Hamming weight: 3 + // + localparam int StateWidth = 4; + typedef enum logic [StateWidth-1:0] { + StMsgWait = 4'b0110, + StMsgShare0 = 4'b1101, + StMsgShare1 = 4'b1000 + } kmac_write_state_e; + // Encoding generated with: // $ ./util/design/sparse-fsm-encode.py -d 3 -m 4 -n 5 \ // -s 5799399942 --language=sv diff --git a/hw/ip/acc/rtl/acc_predecode.sv b/hw/ip/acc/rtl/acc_predecode.sv index 4507afe2f2b..402cce2ecfa 100644 --- a/hw/ip/acc/rtl/acc_predecode.sv +++ b/hw/ip/acc/rtl/acc_predecode.sv @@ -601,14 +601,24 @@ module acc_predecode ispr_addr = IsprKmacCfg; end end - WsrKmacMsg: begin + WsrKmacMsg0: begin if (AccPQCEn) begin - ispr_addr = IsprKmacMsg; + ispr_addr = IsprKmacMsg0; end end - WsrKmacDigest: begin + WsrKmacMsg1: begin if (AccPQCEn) begin - ispr_addr = IsprKmacDigest; + ispr_addr = IsprKmacMsg1; + end + end + WsrKmacDigest0: begin + if (AccPQCEn) begin + ispr_addr = IsprKmacDigest0; + end + end + WsrKmacDigest1: begin + if (AccPQCEn) begin + ispr_addr = IsprKmacDigest1; end end WsrAccH: begin diff --git a/hw/ip/acc/rtl/acc_reg_pkg.sv b/hw/ip/acc/rtl/acc_reg_pkg.sv index d8656c8f70d..0a87caa3adc 100644 --- a/hw/ip/acc/rtl/acc_reg_pkg.sv +++ b/hw/ip/acc/rtl/acc_reg_pkg.sv @@ -60,6 +60,10 @@ package acc_reg_pkg; } acc_reg2hw_ctrl_reg_t; typedef struct packed { + struct packed { + logic q; + logic qe; + } kmac_fatal_error; struct packed { logic q; logic qe; @@ -92,6 +96,10 @@ package acc_reg_pkg; logic q; logic qe; } imem_intg_violation; + struct packed { + logic q; + logic qe; + } kmac_recov_error; struct packed { logic q; logic qe; @@ -151,6 +159,9 @@ package acc_reg_pkg; } acc_hw2reg_status_reg_t; typedef struct packed { + struct packed { + logic d; + } kmac_fatal_error; struct packed { logic d; } fatal_software; @@ -175,6 +186,9 @@ package acc_reg_pkg; struct packed { logic d; } imem_intg_violation; + struct packed { + logic d; + } kmac_recov_error; struct packed { logic d; } rnd_fips_chk_fail; @@ -202,6 +216,10 @@ package acc_reg_pkg; } acc_hw2reg_err_bits_reg_t; typedef struct packed { + struct packed { + logic d; + logic de; + } kmac_fatal_error; struct packed { logic d; logic de; @@ -246,24 +264,24 @@ package acc_reg_pkg; // Register -> HW type typedef struct packed { - acc_reg2hw_intr_state_reg_t intr_state; // [116:116] - acc_reg2hw_intr_enable_reg_t intr_enable; // [115:115] - acc_reg2hw_intr_test_reg_t intr_test; // [114:113] - acc_reg2hw_alert_test_reg_t alert_test; // [112:109] - acc_reg2hw_cmd_reg_t cmd; // [108:100] - acc_reg2hw_ctrl_reg_t ctrl; // [99:98] - acc_reg2hw_err_bits_reg_t err_bits; // [97:66] + acc_reg2hw_intr_state_reg_t intr_state; // [120:120] + acc_reg2hw_intr_enable_reg_t intr_enable; // [119:119] + acc_reg2hw_intr_test_reg_t intr_test; // [118:117] + acc_reg2hw_alert_test_reg_t alert_test; // [116:113] + acc_reg2hw_cmd_reg_t cmd; // [112:104] + acc_reg2hw_ctrl_reg_t ctrl; // [103:102] + acc_reg2hw_err_bits_reg_t err_bits; // [101:66] acc_reg2hw_insn_cnt_reg_t insn_cnt; // [65:33] acc_reg2hw_load_checksum_reg_t load_checksum; // [32:0] } acc_reg2hw_t; // HW -> register type typedef struct packed { - acc_hw2reg_intr_state_reg_t intr_state; // [107:106] - acc_hw2reg_ctrl_reg_t ctrl; // [105:105] - acc_hw2reg_status_reg_t status; // [104:96] - acc_hw2reg_err_bits_reg_t err_bits; // [95:80] - acc_hw2reg_fatal_alert_cause_reg_t fatal_alert_cause; // [79:64] + acc_hw2reg_intr_state_reg_t intr_state; // [111:110] + acc_hw2reg_ctrl_reg_t ctrl; // [109:109] + acc_hw2reg_status_reg_t status; // [108:100] + acc_hw2reg_err_bits_reg_t err_bits; // [99:82] + acc_hw2reg_fatal_alert_cause_reg_t fatal_alert_cause; // [81:64] acc_hw2reg_insn_cnt_reg_t insn_cnt; // [63:32] acc_hw2reg_load_checksum_reg_t load_checksum; // [31:0] } acc_hw2reg_t; @@ -291,7 +309,7 @@ package acc_reg_pkg; parameter logic [7:0] ACC_CMD_CMD_RESVAL = 8'h 0; parameter logic [0:0] ACC_CTRL_RESVAL = 1'h 0; parameter logic [0:0] ACC_CTRL_SOFTWARE_ERRS_FATAL_RESVAL = 1'h 0; - parameter logic [23:0] ACC_ERR_BITS_RESVAL = 24'h 0; + parameter logic [24:0] ACC_ERR_BITS_RESVAL = 25'h 0; parameter logic [0:0] ACC_ERR_BITS_BAD_DATA_ADDR_RESVAL = 1'h 0; parameter logic [0:0] ACC_ERR_BITS_BAD_INSN_ADDR_RESVAL = 1'h 0; parameter logic [0:0] ACC_ERR_BITS_CALL_STACK_RESVAL = 1'h 0; @@ -300,6 +318,7 @@ package acc_reg_pkg; parameter logic [0:0] ACC_ERR_BITS_KEY_INVALID_RESVAL = 1'h 0; parameter logic [0:0] ACC_ERR_BITS_RND_REP_CHK_FAIL_RESVAL = 1'h 0; parameter logic [0:0] ACC_ERR_BITS_RND_FIPS_CHK_FAIL_RESVAL = 1'h 0; + parameter logic [0:0] ACC_ERR_BITS_KMAC_RECOV_ERROR_RESVAL = 1'h 0; parameter logic [0:0] ACC_ERR_BITS_IMEM_INTG_VIOLATION_RESVAL = 1'h 0; parameter logic [0:0] ACC_ERR_BITS_DMEM_INTG_VIOLATION_RESVAL = 1'h 0; parameter logic [0:0] ACC_ERR_BITS_REG_INTG_VIOLATION_RESVAL = 1'h 0; @@ -308,6 +327,7 @@ package acc_reg_pkg; parameter logic [0:0] ACC_ERR_BITS_ILLEGAL_BUS_ACCESS_RESVAL = 1'h 0; parameter logic [0:0] ACC_ERR_BITS_LIFECYCLE_ESCALATION_RESVAL = 1'h 0; parameter logic [0:0] ACC_ERR_BITS_FATAL_SOFTWARE_RESVAL = 1'h 0; + parameter logic [0:0] ACC_ERR_BITS_KMAC_FATAL_ERROR_RESVAL = 1'h 0; parameter logic [31:0] ACC_INSN_CNT_RESVAL = 32'h 0; parameter logic [31:0] ACC_INSN_CNT_INSN_CNT_RESVAL = 32'h 0; parameter logic [31:0] ACC_LOAD_CHECKSUM_RESVAL = 32'h 0; @@ -345,8 +365,8 @@ package acc_reg_pkg; 4'b 0001, // index[ 4] ACC_CMD 4'b 0001, // index[ 5] ACC_CTRL 4'b 0001, // index[ 6] ACC_STATUS - 4'b 0111, // index[ 7] ACC_ERR_BITS - 4'b 0001, // index[ 8] ACC_FATAL_ALERT_CAUSE + 4'b 1111, // index[ 7] ACC_ERR_BITS + 4'b 0011, // index[ 8] ACC_FATAL_ALERT_CAUSE 4'b 1111, // index[ 9] ACC_INSN_CNT 4'b 1111 // index[10] ACC_LOAD_CHECKSUM }; diff --git a/hw/ip/acc/rtl/acc_reg_top.sv b/hw/ip/acc/rtl/acc_reg_top.sv index 25a1144a24a..4bceaa855ea 100644 --- a/hw/ip/acc/rtl/acc_reg_top.sv +++ b/hw/ip/acc/rtl/acc_reg_top.sv @@ -209,6 +209,8 @@ module acc_reg_top ( logic err_bits_rnd_rep_chk_fail_wd; logic err_bits_rnd_fips_chk_fail_qs; logic err_bits_rnd_fips_chk_fail_wd; + logic err_bits_kmac_recov_error_qs; + logic err_bits_kmac_recov_error_wd; logic err_bits_imem_intg_violation_qs; logic err_bits_imem_intg_violation_wd; logic err_bits_dmem_intg_violation_qs; @@ -225,6 +227,8 @@ module acc_reg_top ( logic err_bits_lifecycle_escalation_wd; logic err_bits_fatal_software_qs; logic err_bits_fatal_software_wd; + logic err_bits_kmac_fatal_error_qs; + logic err_bits_kmac_fatal_error_wd; logic fatal_alert_cause_imem_intg_violation_qs; logic fatal_alert_cause_dmem_intg_violation_qs; logic fatal_alert_cause_reg_intg_violation_qs; @@ -233,6 +237,7 @@ module acc_reg_top ( logic fatal_alert_cause_illegal_bus_access_qs; logic fatal_alert_cause_lifecycle_escalation_qs; logic fatal_alert_cause_fatal_software_qs; + logic fatal_alert_cause_kmac_fatal_error_qs; logic insn_cnt_re; logic insn_cnt_we; logic [31:0] insn_cnt_qs; @@ -426,7 +431,7 @@ module acc_reg_top ( // R[err_bits]: V(True) logic err_bits_qe; - logic [15:0] err_bits_flds_we; + logic [17:0] err_bits_flds_we; assign err_bits_qe = &err_bits_flds_we; // F[bad_data_addr]: 0:0 prim_subreg_ext #( @@ -556,6 +561,22 @@ module acc_reg_top ( ); assign reg2hw.err_bits.rnd_fips_chk_fail.qe = err_bits_qe; + // F[kmac_recov_error]: 8:8 + prim_subreg_ext #( + .DW (1) + ) u_err_bits_kmac_recov_error ( + .re (err_bits_re), + .we (err_bits_we), + .wd (err_bits_kmac_recov_error_wd), + .d (hw2reg.err_bits.kmac_recov_error.d), + .qre (), + .qe (err_bits_flds_we[8]), + .q (reg2hw.err_bits.kmac_recov_error.q), + .ds (), + .qs (err_bits_kmac_recov_error_qs) + ); + assign reg2hw.err_bits.kmac_recov_error.qe = err_bits_qe; + // F[imem_intg_violation]: 16:16 prim_subreg_ext #( .DW (1) @@ -565,7 +586,7 @@ module acc_reg_top ( .wd (err_bits_imem_intg_violation_wd), .d (hw2reg.err_bits.imem_intg_violation.d), .qre (), - .qe (err_bits_flds_we[8]), + .qe (err_bits_flds_we[9]), .q (reg2hw.err_bits.imem_intg_violation.q), .ds (), .qs (err_bits_imem_intg_violation_qs) @@ -581,7 +602,7 @@ module acc_reg_top ( .wd (err_bits_dmem_intg_violation_wd), .d (hw2reg.err_bits.dmem_intg_violation.d), .qre (), - .qe (err_bits_flds_we[9]), + .qe (err_bits_flds_we[10]), .q (reg2hw.err_bits.dmem_intg_violation.q), .ds (), .qs (err_bits_dmem_intg_violation_qs) @@ -597,7 +618,7 @@ module acc_reg_top ( .wd (err_bits_reg_intg_violation_wd), .d (hw2reg.err_bits.reg_intg_violation.d), .qre (), - .qe (err_bits_flds_we[10]), + .qe (err_bits_flds_we[11]), .q (reg2hw.err_bits.reg_intg_violation.q), .ds (), .qs (err_bits_reg_intg_violation_qs) @@ -613,7 +634,7 @@ module acc_reg_top ( .wd (err_bits_bus_intg_violation_wd), .d (hw2reg.err_bits.bus_intg_violation.d), .qre (), - .qe (err_bits_flds_we[11]), + .qe (err_bits_flds_we[12]), .q (reg2hw.err_bits.bus_intg_violation.q), .ds (), .qs (err_bits_bus_intg_violation_qs) @@ -629,7 +650,7 @@ module acc_reg_top ( .wd (err_bits_bad_internal_state_wd), .d (hw2reg.err_bits.bad_internal_state.d), .qre (), - .qe (err_bits_flds_we[12]), + .qe (err_bits_flds_we[13]), .q (reg2hw.err_bits.bad_internal_state.q), .ds (), .qs (err_bits_bad_internal_state_qs) @@ -645,7 +666,7 @@ module acc_reg_top ( .wd (err_bits_illegal_bus_access_wd), .d (hw2reg.err_bits.illegal_bus_access.d), .qre (), - .qe (err_bits_flds_we[13]), + .qe (err_bits_flds_we[14]), .q (reg2hw.err_bits.illegal_bus_access.q), .ds (), .qs (err_bits_illegal_bus_access_qs) @@ -661,7 +682,7 @@ module acc_reg_top ( .wd (err_bits_lifecycle_escalation_wd), .d (hw2reg.err_bits.lifecycle_escalation.d), .qre (), - .qe (err_bits_flds_we[14]), + .qe (err_bits_flds_we[15]), .q (reg2hw.err_bits.lifecycle_escalation.q), .ds (), .qs (err_bits_lifecycle_escalation_qs) @@ -677,13 +698,29 @@ module acc_reg_top ( .wd (err_bits_fatal_software_wd), .d (hw2reg.err_bits.fatal_software.d), .qre (), - .qe (err_bits_flds_we[15]), + .qe (err_bits_flds_we[16]), .q (reg2hw.err_bits.fatal_software.q), .ds (), .qs (err_bits_fatal_software_qs) ); assign reg2hw.err_bits.fatal_software.qe = err_bits_qe; + // F[kmac_fatal_error]: 24:24 + prim_subreg_ext #( + .DW (1) + ) u_err_bits_kmac_fatal_error ( + .re (err_bits_re), + .we (err_bits_we), + .wd (err_bits_kmac_fatal_error_wd), + .d (hw2reg.err_bits.kmac_fatal_error.d), + .qre (), + .qe (err_bits_flds_we[17]), + .q (reg2hw.err_bits.kmac_fatal_error.q), + .ds (), + .qs (err_bits_kmac_fatal_error_qs) + ); + assign reg2hw.err_bits.kmac_fatal_error.qe = err_bits_qe; + // R[fatal_alert_cause]: V(False) // F[imem_intg_violation]: 0:0 @@ -902,6 +939,33 @@ module acc_reg_top ( .qs (fatal_alert_cause_fatal_software_qs) ); + // F[kmac_fatal_error]: 8:8 + prim_subreg #( + .DW (1), + .SwAccess(prim_subreg_pkg::SwAccessRO), + .RESVAL (1'h0), + .Mubi (1'b0) + ) u_fatal_alert_cause_kmac_fatal_error ( + .clk_i (clk_i), + .rst_ni (rst_ni), + + // from register interface + .we (1'b0), + .wd ('0), + + // from internal hardware + .de (hw2reg.fatal_alert_cause.kmac_fatal_error.de), + .d (hw2reg.fatal_alert_cause.kmac_fatal_error.d), + + // to internal hardware + .qe (), + .q (), + .ds (), + + // to register interface (read) + .qs (fatal_alert_cause_kmac_fatal_error_qs) + ); + // R[insn_cnt]: V(True) logic insn_cnt_qe; @@ -1018,6 +1082,8 @@ module acc_reg_top ( assign err_bits_rnd_fips_chk_fail_wd = reg_wdata[7]; + assign err_bits_kmac_recov_error_wd = reg_wdata[8]; + assign err_bits_imem_intg_violation_wd = reg_wdata[16]; assign err_bits_dmem_intg_violation_wd = reg_wdata[17]; @@ -1033,6 +1099,8 @@ module acc_reg_top ( assign err_bits_lifecycle_escalation_wd = reg_wdata[22]; assign err_bits_fatal_software_wd = reg_wdata[23]; + + assign err_bits_kmac_fatal_error_wd = reg_wdata[24]; assign insn_cnt_re = addr_hit[9] & reg_re & !reg_error; assign insn_cnt_we = addr_hit[9] & reg_we & !reg_error; @@ -1099,6 +1167,7 @@ module acc_reg_top ( reg_rdata_next[5] = err_bits_key_invalid_qs; reg_rdata_next[6] = err_bits_rnd_rep_chk_fail_qs; reg_rdata_next[7] = err_bits_rnd_fips_chk_fail_qs; + reg_rdata_next[8] = err_bits_kmac_recov_error_qs; reg_rdata_next[16] = err_bits_imem_intg_violation_qs; reg_rdata_next[17] = err_bits_dmem_intg_violation_qs; reg_rdata_next[18] = err_bits_reg_intg_violation_qs; @@ -1107,6 +1176,7 @@ module acc_reg_top ( reg_rdata_next[21] = err_bits_illegal_bus_access_qs; reg_rdata_next[22] = err_bits_lifecycle_escalation_qs; reg_rdata_next[23] = err_bits_fatal_software_qs; + reg_rdata_next[24] = err_bits_kmac_fatal_error_qs; end addr_hit[8]: begin @@ -1118,6 +1188,7 @@ module acc_reg_top ( reg_rdata_next[5] = fatal_alert_cause_illegal_bus_access_qs; reg_rdata_next[6] = fatal_alert_cause_lifecycle_escalation_qs; reg_rdata_next[7] = fatal_alert_cause_fatal_software_qs; + reg_rdata_next[8] = fatal_alert_cause_kmac_fatal_error_qs; end addr_hit[9]: begin diff --git a/hw/ip/acc/util/acc_sim_test.py b/hw/ip/acc/util/acc_sim_test.py index 467fa81b48c..0e6c371c879 100755 --- a/hw/ip/acc/util/acc_sim_test.py +++ b/hw/ip/acc/util/acc_sim_test.py @@ -44,6 +44,7 @@ class ErrBits(IntEnum): ILLEGAL_BUS_ACCESS = 1 << 21 LIFECYCLE_ESCALATION = 1 << 22 FATAL_SOFTWARE = 1 << 23 + KMAC_FATAL_ERROR = 1 << 24 def get_err_names(err: int) -> List[str]: diff --git a/hw/ip/keymgr/rtl/keymgr_kmac_if.sv b/hw/ip/keymgr/rtl/keymgr_kmac_if.sv index d973343b4ce..3a578789444 100644 --- a/hw/ip/keymgr/rtl/keymgr_kmac_if.sv +++ b/hw/ip/keymgr/rtl/keymgr_kmac_if.sv @@ -329,15 +329,17 @@ module keymgr_kmac_if // so a subtract is necessary to send the right byte // alternatively we can also reverse the order of the input always_comb begin - kmac_data_o.data = decoy_data; + // Keymgr does not use the msg interface in masked mode + kmac_data_o.data_share0 = decoy_data; + kmac_data_o.data_share1 = 64'b0; if (|cmd_error_o || inputs_invalid_o || fsm_error_o) begin - kmac_data_o.data = decoy_data; + kmac_data_o.data_share0 = decoy_data; end else if (valid && adv_en_i) begin - kmac_data_o.data = adv_data[adv_sel]; + kmac_data_o.data_share0 = adv_data[adv_sel]; end else if (valid && id_en_i) begin - kmac_data_o.data = id_data[id_sel]; + kmac_data_o.data_share0 = id_data[id_sel]; end else if (valid && gen_en_i) begin - kmac_data_o.data = gen_data[gen_sel]; + kmac_data_o.data_share0 = gen_data[gen_sel]; end end diff --git a/hw/ip/kmac/rtl/kmac_app.sv b/hw/ip/kmac/rtl/kmac_app.sv index 13c3c1c753f..3d81bc3f6ed 100644 --- a/hw/ip/kmac/rtl/kmac_app.sv +++ b/hw/ip/kmac/rtl/kmac_app.sv @@ -264,8 +264,9 @@ module kmac_app always_ff @(posedge clk_i) begin if (AppCfg[app_id_d].Mode == AppConfigDynamic) begin if (app_i[app_id_d].valid && set_appid) begin - dynamic_sha3_mode_q <= sha3_pkg::sha3_mode_e'(app_i[app_id_d].data[1:0]); - dynamic_keccak_strength_q <= sha3_pkg::keccak_strength_e'(app_i[app_id_d].data[4:2]); + dynamic_sha3_mode_q <= sha3_pkg::sha3_mode_e'(app_i[app_id_d].data_share0[1:0]); + dynamic_keccak_strength_q <= + sha3_pkg::keccak_strength_e'(app_i[app_id_d].data_share0[4:2]); end end end @@ -766,7 +767,7 @@ module kmac_app SelApp: begin // app_id is valid at this time kmac_valid_o = app_i[app_id].valid; - kmac_data_o = app_i[app_id].data; + kmac_data_o = app_i[app_id].data_share0; // Expand strb to bits. prim_packer inside MSG_FIFO accepts the bit masks for (int i = 0 ; i < $bits(app_i[app_id].strb) ; i++) begin kmac_mask_o[8*i+:8] = {8{app_i[app_id].strb[i]}}; diff --git a/hw/ip/kmac/rtl/kmac_pkg.sv b/hw/ip/kmac/rtl/kmac_pkg.sv index 430fa2a8b47..a9547c8f93d 100644 --- a/hw/ip/kmac/rtl/kmac_pkg.sv +++ b/hw/ip/kmac/rtl/kmac_pkg.sv @@ -388,7 +388,8 @@ package kmac_pkg; logic valid; logic hold; logic next; - logic [MsgWidth-1:0] data; + logic [MsgWidth-1:0] data_share0; + logic [MsgWidth-1:0] data_share1; logic [MsgStrbW-1:0] strb; logic last; } app_req_t; @@ -408,7 +409,8 @@ package kmac_pkg; valid: 1'b 0, hold: 1'b0, next: 1'b0, - data: '0, + data_share0: '0, + data_share1: '0, strb: '0, last: 1'b 0 }; diff --git a/hw/ip/lc_ctrl/rtl/lc_ctrl_kmac_if.sv b/hw/ip/lc_ctrl/rtl/lc_ctrl_kmac_if.sv index 35d42be2fb7..1f00878b7d9 100644 --- a/hw/ip/lc_ctrl/rtl/lc_ctrl_kmac_if.sv +++ b/hw/ip/lc_ctrl/rtl/lc_ctrl_kmac_if.sv @@ -166,9 +166,9 @@ module lc_ctrl_kmac_if // LC token. FirstSt: begin if (kmac_req) begin - kmac_data_o.valid = 1'b1; - kmac_data_o.strb = 8'hFF; - kmac_data_o.data = kmac_transition_token[0 +: 64]; + kmac_data_o.valid = 1'b1; + kmac_data_o.strb = 8'hFF; + kmac_data_o.data_share0 = kmac_transition_token[0 +: 64]; if (kmac_data_i.ready) begin state_d = SecondSt; end @@ -176,10 +176,10 @@ module lc_ctrl_kmac_if end // Transfer second half of LC token. SecondSt: begin - kmac_data_o.valid = 1'b1; - kmac_data_o.strb = 8'hFF; - kmac_data_o.last = 1'b1; - kmac_data_o.data = kmac_transition_token[64 +: 64]; + kmac_data_o.valid = 1'b1; + kmac_data_o.strb = 8'hFF; + kmac_data_o.last = 1'b1; + kmac_data_o.data_share0 = kmac_transition_token[64 +: 64]; if (kmac_data_i.ready) begin state_d = WaitSt; end diff --git a/hw/ip/rom_ctrl/rtl/rom_ctrl.sv b/hw/ip/rom_ctrl/rtl/rom_ctrl.sv index 0da24c52d1c..61008b3a298 100644 --- a/hw/ip/rom_ctrl/rtl/rom_ctrl.sv +++ b/hw/ip/rom_ctrl/rtl/rom_ctrl.sv @@ -131,7 +131,8 @@ module rom_ctrl assign kmac_data_o = '{valid: kmac_rom_vld_outer, hold: 1'b0, // Tied to 1'b0 outside of ACC mode next: 1'b0, // Not used in ROM mode - data: kmac_rom_data, + data_share0: kmac_rom_data, + data_share1: 64'b0, strb: kmac_pkg::MsgStrbW'({NumBytes{1'b1}}), last: kmac_rom_last_outer}; diff --git a/sw/acc/crypto/mldsa/mldsa_keypair.s b/sw/acc/crypto/mldsa/mldsa_keypair.s index cc4b000c56c..fd21037ad17 100644 --- a/sw/acc/crypto/mldsa/mldsa_keypair.s +++ b/sw/acc/crypto/mldsa/mldsa_keypair.s @@ -246,7 +246,7 @@ crypto_sign_keypair: for i in 0..k-1: t[i] += A[i][j] * s1j */ - loopi L, 37 + loopi L, 41 bn.wsrw mod, w16 /* MOD = R | Q */ /* Sample the next polynomial from s1. */ addi a0, s5, 0 @@ -259,6 +259,8 @@ crypto_sign_keypair: addi a0, s8, 0 bn.lid x0, 0(a0) bn.wsrw kmac_msg, w0 + addi t0, x0, 2 + csrrw x0, kmac_partial_write, t0 bn.wsrw kmac_msg, w23 /* Pack the s1 polynomial into the secret key. */ addi a0, s7, 0 @@ -270,7 +272,7 @@ crypto_sign_keypair: addi a0, s0, 0 addi a2, s0, 0 jal x1, ntt - loopi K, 13 + loopi K, 15 /* Compute A[i][j]. */ addi a1, s1, 0 jal x1, poly_uniform @@ -281,6 +283,8 @@ crypto_sign_keypair: addi a0, s8, 0 bn.lid x0, 0(a0) bn.wsrw kmac_msg, w0 + addi t0, x0, 2 + csrrw x0, kmac_partial_write, t0 bn.wsrw kmac_msg, w23 /* Compute A[i][j] * s1[j] and add it to the output at index i. */ addi a0, s0, 0 diff --git a/sw/acc/crypto/mldsa/mldsa_sign.s b/sw/acc/crypto/mldsa/mldsa_sign.s index 9a49273f4b3..60e212a6ffb 100644 --- a/sw/acc/crypto/mldsa/mldsa_sign.s +++ b/sw/acc/crypto/mldsa/mldsa_sign.s @@ -320,7 +320,7 @@ _rej_crypto_sign_signature_internal: for i in 0..k-1: w[i] += A[i][j] * yj */ - loopi L, 37 + loopi L, 41 /* Zero the buffer for y[j]. */ addi t0, s8, 0 loopi 32, 1 @@ -337,13 +337,15 @@ _rej_crypto_sign_signature_internal: addi a0, s0, 0 bn.lid x0, 0(a0) bn.wsrw kmac_msg, w0 + addi t0, x0, 2 + csrrw x0, kmac_partial_write, t0 bn.wsrw kmac_msg, w23 bn.wsrw 0x0, mod_x2 /* MOD = 2*R | 2*Q */ /* Compute ntt(y[j]). */ addi a0, s8, 0 addi a2, s8, 0 jal x1, ntt - loopi K, 13 + loopi K, 15 /* Compute A[i][j]. */ addi a1, s10, 0 jal x1, poly_uniform @@ -354,6 +356,8 @@ _rej_crypto_sign_signature_internal: addi a0, s0, 0 bn.lid x0, 0(a0) bn.wsrw kmac_msg, w0 + addi t0, x0, 2 + csrrw x0, kmac_partial_write, t0 bn.wsrw kmac_msg, w23 addi a0, s8, 0 addi a1, s10, 0 diff --git a/sw/acc/crypto/mldsa/mldsa_verify.s b/sw/acc/crypto/mldsa/mldsa_verify.s index 5dbfdcebfda..07c3c80f401 100644 --- a/sw/acc/crypto/mldsa/mldsa_verify.s +++ b/sw/acc/crypto/mldsa/mldsa_verify.s @@ -329,6 +329,8 @@ crypto_sign_verify_internal: la a0, pk bn.lid x0, 0(a0) bn.wsrw kmac_msg, w0 + addi t0, x0, 2 + csrrw x0, kmac_partial_write, t0 bn.wsrw kmac_msg, w23 /* After NTT(z), w16 is still R | Q and MOD is still 2*R | 2*Q */ @@ -354,7 +356,7 @@ crypto_sign_verify_internal: la s5, pk /* Compute A * z, computing elements of A on the fly. */ - loopi K, 33 + loopi K, 39 /* Compute A[i][0]. */ addi a1, s1, 0 jal x1, poly_uniform @@ -364,6 +366,8 @@ crypto_sign_verify_internal: csrrw x0, kmac_cfg, s4 bn.lid x0, 0(s5) bn.wsrw kmac_msg, w0 + addi t0, x0, 2 + csrrw x0, kmac_partial_write, t0 bn.wsrw kmac_msg, w23 /* Compute A[i][0] * z[0] and set the output at index i. */ addi a0, s0, 0 @@ -371,7 +375,7 @@ crypto_sign_verify_internal: addi a2, s2, 0 jal x1, poly_pointwise addi s0, s0, 1024 - loopi Lminus1, 12 + loopi Lminus1, 14 /* Compute A[i][j]. */ addi a1, s1, 0 jal x1, poly_uniform @@ -381,6 +385,8 @@ crypto_sign_verify_internal: csrrw x0, kmac_cfg, s4 bn.lid x0, 0(s5) bn.wsrw kmac_msg, w0 + addi t0, x0, 2 + csrrw x0, kmac_partial_write, t0 bn.wsrw kmac_msg, w23 /* Compute A[i][j] * z[j] and add it to the output at index i. */ addi a0, s0, 0 @@ -398,6 +404,8 @@ crypto_sign_verify_internal: csrrw x0, kmac_cfg, s4 bn.lid x0, 0(s5) bn.wsrw kmac_msg, w0 + addi t0, x0, 2 + csrrw x0, kmac_partial_write, t0 bn.wsrw kmac_msg, w23 /* Call random oracle and verify challenge */ diff --git a/sw/acc/crypto/mlkem/kmac_send_msg.s b/sw/acc/crypto/mlkem/kmac_send_msg.s index ac0f9a0d459..9bc2dc3a26f 100644 --- a/sw/acc/crypto/mlkem/kmac_send_msg.s +++ b/sw/acc/crypto/mlkem/kmac_send_msg.s @@ -60,6 +60,7 @@ _no_full_wdr: /* If the remaining length is zero, return early. */ beq t0, x0, _keccak_send_message_end + csrrw x0, kmac_partial_write, t0 bn.lid x0, 0(x10) bn.wsrw 0x9, w0 diff --git a/sw/acc/crypto/mlkem/poly.s b/sw/acc/crypto/mlkem/poly.s index a15b7674e9c..1342e45858f 100644 --- a/sw/acc/crypto/mlkem/poly.s +++ b/sw/acc/crypto/mlkem/poly.s @@ -156,6 +156,8 @@ poly_getnoise_eta_init: /* Send the message to the Keccak core. */ bn.lid x0, 0(x10) bn.wsrw 0x9, w0 + li x5, 1 + csrrw x0, kmac_partial_write, x5 bn.lid x0, 0(x13) bn.wsrw 0x9, w0 diff --git a/sw/acc/crypto/mlkem/poly_gen_matrix.s b/sw/acc/crypto/mlkem/poly_gen_matrix.s index 8b7f8b9a186..f2f0bef3688 100644 --- a/sw/acc/crypto/mlkem/poly_gen_matrix.s +++ b/sw/acc/crypto/mlkem/poly_gen_matrix.s @@ -81,6 +81,8 @@ poly_gen_matrix_init: /* Send the message to the Keccak core. */ bn.lid x0, 0(a0) /* a0 still contains the input buffer */ bn.wsrw 0x9, w0 /* Write to KECCAK_MSG_REG */ + li t0, 2 + csrrw zero, kmac_partial_write, t0 bn.wsrw 0x9, w30 /* Write to KECCAK_MSG_REG */ ret diff --git a/sw/acc/crypto/tests/mldsa/poly_uniform_test.s b/sw/acc/crypto/tests/mldsa/poly_uniform_test.s index a6d08562e5c..e4da67d3419 100644 --- a/sw/acc/crypto/tests/mldsa/poly_uniform_test.s +++ b/sw/acc/crypto/tests/mldsa/poly_uniform_test.s @@ -20,6 +20,8 @@ main: /* Send the input (34 zero bytes) */ bn.wsrw kmac_msg, w31 + li x2, 2 + csrrw x0, kmac_partial_write, x2 bn.wsrw kmac_msg, w31 /* Call poly_uniform. */