From 7f6e23be4faa7217f1f6934124818035072e1ea2 Mon Sep 17 00:00:00 2001 From: Pirmin Vogel Date: Thu, 22 Feb 2024 11:43:01 +0100 Subject: [PATCH] [kmac] Switch to Trivium-based PRNG implementation This commit switches the LFSR-based PRNG with an unrolled, Trivium-based PRNG implementation to avoid brute-forcing attacks on the LFSR states. The overall PRNG state decreases from 800 bits to 288 bits but due to the heavy unrolling, the primitive can still generate 800 bits per cycle as required by the masked SHA3 core. This resolves lowRISC/OpenTitan#20828. Signed-off-by: Pirmin Vogel --- hw/ip/kmac/data/kmac.hjson | 70 +- hw/ip/kmac/doc/kmac-entropy.svg | 2244 ----------------- hw/ip/kmac/doc/registers.md | 213 +- hw/ip/kmac/doc/theory_of_operation.md | 20 +- hw/ip/kmac/dv/env/kmac_scoreboard.sv | 2 +- hw/ip/kmac/dv/env/seq_lib/kmac_base_vseq.sv | 4 +- hw/ip/kmac/kmac.core | 1 + .../kmac_reduced_tb/rtl/kmac_reduced_tb.sv | 11 +- .../pre_sca/prolead/kmac_reduced_config.set | 796 +----- hw/ip/kmac/pre_syn/syn_yosys.sh | 1 + hw/ip/kmac/rtl/kmac.sv | 21 +- hw/ip/kmac/rtl/kmac_entropy.sv | 287 +-- hw/ip/kmac/rtl/kmac_pkg.sv | 34 +- hw/ip/kmac/rtl/kmac_reduced.sv | 18 +- hw/ip/kmac/rtl/kmac_reg_pkg.sv | 228 +- hw/ip/kmac/rtl/kmac_reg_top.sv | 465 ++-- .../data/autogen/top_earlgrey.gen.hjson | 78 +- hw/top_earlgrey/rtl/autogen/top_earlgrey.sv | 2 +- .../rtl/autogen/top_earlgrey_rnd_cnst_pkg.sv | 159 +- sw/device/lib/dif/dif_kmac.c | 4 +- sw/device/lib/dif/dif_kmac.h | 2 +- sw/device/lib/dif/dif_kmac_unittest.cc | 8 +- sw/device/sca/kmac_serial.c | 5 +- sw/device/sca/sha3_serial.c | 4 +- sw/device/silicon_creator/lib/drivers/kmac.c | 21 +- .../lib/drivers/kmac_unittest.cc | 14 +- .../crypto/cryptotest/firmware/kmac_sca.c | 5 +- .../crypto/cryptotest/firmware/sha3_sca.c | 4 +- sw/device/tests/kmac_idle_test.c | 5 +- sw/device/tests/kmac_mode_cshake_test.c | 5 +- sw/device/tests/kmac_mode_kmac_test.c | 5 +- sw/device/tests/kmac_smoketest.c | 9 +- .../tests/sim_dv/csrng_lc_hw_debug_en_test.c | 5 +- 33 files changed, 778 insertions(+), 3972 deletions(-) delete mode 100644 hw/ip/kmac/doc/kmac-entropy.svg diff --git a/hw/ip/kmac/data/kmac.hjson b/hw/ip/kmac/data/kmac.hjson index 91ff277fd93b32..926fc4b5db8d1a 100644 --- a/hw/ip/kmac/data/kmac.hjson +++ b/hw/ip/kmac/data/kmac.hjson @@ -145,29 +145,29 @@ desc: "Width of the hash counter in the entropy" local: "true" } - { name: "NumSeedsEntropyLfsr", + { name: "NumSeedsEntropy", type: "int", - default: "5", - desc: "Number of words for the LFSR seed used for entropy generation", + default: "9", + desc: "Number of words for the PRNG seed used for entropy generation", local: "true" } { name: "RndCnstLfsrSeed" - desc: "Compile-time random data for LFSR default seed" + desc: "Compile-time random data for PRNG default seed" type: "kmac_pkg::lfsr_seed_t" - randcount: "800" + randcount: "288" randtype: "data" } { name: "RndCnstLfsrPerm", - desc: "Compile-time random permutation for LFSR output", + desc: "Compile-time random permutation for PRNG output", type: "kmac_pkg::lfsr_perm_t" randcount: "800", randtype: "perm", } - { name: "RndCnstLfsrFwdPerm", - desc: "Compile-time random permutation for forwarding LFSR state", - type: "kmac_pkg::lfsr_fwd_perm_t" - randcount: "32", - randtype: "perm", + { name: "RndCnstBufferLfsrSeed" + desc: "Compile-time random data for PRNG buffer default seed" + type: "kmac_pkg::buffer_lfsr_seed_t" + randcount: "800" + randtype: "data" } { name: "RndCnstMsgPerm" desc: "Compile-time random permutation for LFSR Message output" @@ -802,36 +802,30 @@ } ] } // R: ENTROPY_REFRESH_THRESHOLD_SHADOWED - { multireg: { - name: "ENTROPY_SEED" - desc: '''Entropy Seed + { + name: "ENTROPY_SEED" + desc: '''Entropy Seed - Entropy seed registers for the integrated entropy generator. + Entropy seed register for the integrated entropy generator. - If !!CFG_SHADOWED.entropy_mode is set to sw_mode, software first needs to set - !!CFG_SHADOWED.entropy_ready and then write the !!ENTROPY_SEED_0 - - !!ENTROPY_SEED_4 registers in ascending order. Software writes one 32-bit value - to every register which is subsequently loaded into the corresponding 32-bit LFSR - chunk of the entropy generator. + If !!CFG_SHADOWED.entropy_mode is set to sw_mode, software first needs to set !!CFG_SHADOWED.entropy_ready. + Then, software needs to write the !!ENTROPY_SEED register 9 times. + Upon each write, the written value is loaded into the corresponding state chunk of the entropy generator. - After writing all !!ENTROPY_SEED_0 registers, the entropy generator will start - its operation. After this point, writing these registers has no longer any - effect. - ''' - count: "NumSeedsEntropyLfsr" - cname: "KMAC" - hwext: "true" - hwqe : "true" - swaccess: "wo" - hwaccess: "hro" - fields: [ - { bits: "31:0" - name: "seed" - desc: "32-bit chunk of the entropy generator seed" - } - ] - } // R: ENTROPY_SEED - } // multireg: ENTROPY_SEED + After writing the !!ENTROPY_SEED register 9 times, the entropy generator will start its operation. + After this point, writing this register has no longer any effect. + ''' + hwext: "true" + hwqe : "true" + swaccess: "wo" + hwaccess: "hro" + fields: [ + { bits: "31:0" + name: "seed" + desc: "32-bit chunk of the entropy generator seed" + } + ] + } // R: ENTROPY_SEED { multireg: { name: "KEY_SHARE0" desc: '''KMAC Secret Key diff --git a/hw/ip/kmac/doc/kmac-entropy.svg b/hw/ip/kmac/doc/kmac-entropy.svg deleted file mode 100644 index b51821b36d1f55..00000000000000 --- a/hw/ip/kmac/doc/kmac-entropy.svg +++ /dev/null @@ -1,2244 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - image/svg+xml - - - - - - - - LFSR 0 - - seed_i - - seed_en - entropyfrom EDN - - - 32 - - state_o - - LFSR 1 - seed_i - - seed_en - - - 32 - state_o - - 32 - - LFSR 4 - seed_i - seed_en - - state_o - - 32 - - P - - - 32 - - P - - 32 - - - 32 - - - 32 - - P - - LFSR 5 - - seed_i - - seed_en - entropyfrom EDN - - - 32 - - state_o - - LFSR 6 - seed_i - - seed_en - - - 32 - state_o - - 32 - - LFSR 9 - seed_i - seed_en - - state_o - - 32 - - P - - - 32 - - P - - 32 - - - 32 - - - 32 - - - - - - - - LFSR 20 - - seed_i - - seed_en - entropyfrom EDN - - - 32 - - state_o - - LFSR 21 - seed_i - - seed_en - - - 32 - state_o - - 32 - - LFSR 24 - seed_i - seed_en - - state_o - - 32 - - P - - - 32 - - P - - 32 - - - 32 - - - 32 - - - - - - - - - 800 - entropy_o - - - - - FSM - - EDN request - - - entropy_valid_o - entropy_consumed_i - - lfsr_en - - diff --git a/hw/ip/kmac/doc/registers.md b/hw/ip/kmac/doc/registers.md index 9e61443bd92df4..1a579badfe52b9 100644 --- a/hw/ip/kmac/doc/registers.md +++ b/hw/ip/kmac/doc/registers.md @@ -16,56 +16,52 @@ | kmac.[`ENTROPY_PERIOD`](#entropy_period) | 0x20 | 4 | Entropy Timer Periods. | | kmac.[`ENTROPY_REFRESH_HASH_CNT`](#entropy_refresh_hash_cnt) | 0x24 | 4 | Entropy Refresh Counter | | kmac.[`ENTROPY_REFRESH_THRESHOLD_SHADOWED`](#entropy_refresh_threshold_shadowed) | 0x28 | 4 | Entropy Refresh Threshold | -| kmac.[`ENTROPY_SEED_0`](#entropy_seed) | 0x2c | 4 | Entropy Seed | -| kmac.[`ENTROPY_SEED_1`](#entropy_seed) | 0x30 | 4 | Entropy Seed | -| kmac.[`ENTROPY_SEED_2`](#entropy_seed) | 0x34 | 4 | Entropy Seed | -| kmac.[`ENTROPY_SEED_3`](#entropy_seed) | 0x38 | 4 | Entropy Seed | -| kmac.[`ENTROPY_SEED_4`](#entropy_seed) | 0x3c | 4 | Entropy Seed | -| kmac.[`KEY_SHARE0_0`](#key_share0) | 0x40 | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_1`](#key_share0) | 0x44 | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_2`](#key_share0) | 0x48 | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_3`](#key_share0) | 0x4c | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_4`](#key_share0) | 0x50 | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_5`](#key_share0) | 0x54 | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_6`](#key_share0) | 0x58 | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_7`](#key_share0) | 0x5c | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_8`](#key_share0) | 0x60 | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_9`](#key_share0) | 0x64 | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_10`](#key_share0) | 0x68 | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_11`](#key_share0) | 0x6c | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_12`](#key_share0) | 0x70 | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_13`](#key_share0) | 0x74 | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_14`](#key_share0) | 0x78 | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE0_15`](#key_share0) | 0x7c | 4 | KMAC Secret Key | -| kmac.[`KEY_SHARE1_0`](#key_share1) | 0x80 | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_1`](#key_share1) | 0x84 | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_2`](#key_share1) | 0x88 | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_3`](#key_share1) | 0x8c | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_4`](#key_share1) | 0x90 | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_5`](#key_share1) | 0x94 | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_6`](#key_share1) | 0x98 | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_7`](#key_share1) | 0x9c | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_8`](#key_share1) | 0xa0 | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_9`](#key_share1) | 0xa4 | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_10`](#key_share1) | 0xa8 | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_11`](#key_share1) | 0xac | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_12`](#key_share1) | 0xb0 | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_13`](#key_share1) | 0xb4 | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_14`](#key_share1) | 0xb8 | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_SHARE1_15`](#key_share1) | 0xbc | 4 | KMAC Secret Key, 2nd share. | -| kmac.[`KEY_LEN`](#key_len) | 0xc0 | 4 | Secret Key length in bit. | -| kmac.[`PREFIX_0`](#prefix) | 0xc4 | 4 | cSHAKE Prefix register. | -| kmac.[`PREFIX_1`](#prefix) | 0xc8 | 4 | cSHAKE Prefix register. | -| kmac.[`PREFIX_2`](#prefix) | 0xcc | 4 | cSHAKE Prefix register. | -| kmac.[`PREFIX_3`](#prefix) | 0xd0 | 4 | cSHAKE Prefix register. | -| kmac.[`PREFIX_4`](#prefix) | 0xd4 | 4 | cSHAKE Prefix register. | -| kmac.[`PREFIX_5`](#prefix) | 0xd8 | 4 | cSHAKE Prefix register. | -| kmac.[`PREFIX_6`](#prefix) | 0xdc | 4 | cSHAKE Prefix register. | -| kmac.[`PREFIX_7`](#prefix) | 0xe0 | 4 | cSHAKE Prefix register. | -| kmac.[`PREFIX_8`](#prefix) | 0xe4 | 4 | cSHAKE Prefix register. | -| kmac.[`PREFIX_9`](#prefix) | 0xe8 | 4 | cSHAKE Prefix register. | -| kmac.[`PREFIX_10`](#prefix) | 0xec | 4 | cSHAKE Prefix register. | -| kmac.[`ERR_CODE`](#err_code) | 0xf0 | 4 | KMAC/SHA3 Error Code | +| kmac.[`ENTROPY_SEED`](#entropy_seed) | 0x2c | 4 | Entropy Seed | +| kmac.[`KEY_SHARE0_0`](#key_share0) | 0x30 | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_1`](#key_share0) | 0x34 | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_2`](#key_share0) | 0x38 | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_3`](#key_share0) | 0x3c | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_4`](#key_share0) | 0x40 | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_5`](#key_share0) | 0x44 | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_6`](#key_share0) | 0x48 | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_7`](#key_share0) | 0x4c | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_8`](#key_share0) | 0x50 | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_9`](#key_share0) | 0x54 | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_10`](#key_share0) | 0x58 | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_11`](#key_share0) | 0x5c | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_12`](#key_share0) | 0x60 | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_13`](#key_share0) | 0x64 | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_14`](#key_share0) | 0x68 | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE0_15`](#key_share0) | 0x6c | 4 | KMAC Secret Key | +| kmac.[`KEY_SHARE1_0`](#key_share1) | 0x70 | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_1`](#key_share1) | 0x74 | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_2`](#key_share1) | 0x78 | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_3`](#key_share1) | 0x7c | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_4`](#key_share1) | 0x80 | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_5`](#key_share1) | 0x84 | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_6`](#key_share1) | 0x88 | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_7`](#key_share1) | 0x8c | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_8`](#key_share1) | 0x90 | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_9`](#key_share1) | 0x94 | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_10`](#key_share1) | 0x98 | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_11`](#key_share1) | 0x9c | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_12`](#key_share1) | 0xa0 | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_13`](#key_share1) | 0xa4 | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_14`](#key_share1) | 0xa8 | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_SHARE1_15`](#key_share1) | 0xac | 4 | KMAC Secret Key, 2nd share. | +| kmac.[`KEY_LEN`](#key_len) | 0xb0 | 4 | Secret Key length in bit. | +| kmac.[`PREFIX_0`](#prefix) | 0xb4 | 4 | cSHAKE Prefix register. | +| kmac.[`PREFIX_1`](#prefix) | 0xb8 | 4 | cSHAKE Prefix register. | +| kmac.[`PREFIX_2`](#prefix) | 0xbc | 4 | cSHAKE Prefix register. | +| kmac.[`PREFIX_3`](#prefix) | 0xc0 | 4 | cSHAKE Prefix register. | +| kmac.[`PREFIX_4`](#prefix) | 0xc4 | 4 | cSHAKE Prefix register. | +| kmac.[`PREFIX_5`](#prefix) | 0xc8 | 4 | cSHAKE Prefix register. | +| kmac.[`PREFIX_6`](#prefix) | 0xcc | 4 | cSHAKE Prefix register. | +| kmac.[`PREFIX_7`](#prefix) | 0xd0 | 4 | cSHAKE Prefix register. | +| kmac.[`PREFIX_8`](#prefix) | 0xd4 | 4 | cSHAKE Prefix register. | +| kmac.[`PREFIX_9`](#prefix) | 0xd8 | 4 | cSHAKE Prefix register. | +| kmac.[`PREFIX_10`](#prefix) | 0xdc | 4 | cSHAKE Prefix register. | +| kmac.[`ERR_CODE`](#err_code) | 0xe0 | 4 | KMAC/SHA3 Error Code | | kmac.[`STATE`](#state) | 0x400 | 512 | Keccak State (1600 bit) memory. | | kmac.[`MSG_FIFO`](#msg_fifo) | 0x800 | 2048 | Message FIFO. | @@ -536,31 +532,18 @@ counter is only reset by the CMD.hash_cnt_clr CSR bit. ## ENTROPY_SEED Entropy Seed -Entropy seed registers for the integrated entropy generator. +Entropy seed register for the integrated entropy generator. -If [`CFG_SHADOWED.entropy_mode`](#cfg_shadowed) is set to sw_mode, software first needs to set -[`CFG_SHADOWED.entropy_ready`](#cfg_shadowed) and then write the [`ENTROPY_SEED_0`](#entropy_seed_0) - -[`ENTROPY_SEED_4`](#entropy_seed_4) registers in ascending order. Software writes one 32-bit value -to every register which is subsequently loaded into the corresponding 32-bit LFSR -chunk of the entropy generator. +If [`CFG_SHADOWED.entropy_mode`](#cfg_shadowed) is set to sw_mode, software first needs to set [`CFG_SHADOWED.entropy_ready.`](#cfg_shadowed) +Then, software needs to write the [`ENTROPY_SEED`](#entropy_seed) register 9 times. +Upon each write, the written value is loaded into the corresponding state chunk of the entropy generator. -After writing all [`ENTROPY_SEED_0`](#entropy_seed_0) registers, the entropy generator will start -its operation. After this point, writing these registers has no longer any -effect. +After writing the [`ENTROPY_SEED`](#entropy_seed) register 9 times, the entropy generator will start its operation. +After this point, writing this register has no longer any effect. +- Offset: `0x2c` - Reset default: `0x0` - Reset mask: `0xffffffff` -### Instances - -| Name | Offset | -|:---------------|:---------| -| ENTROPY_SEED_0 | 0x2c | -| ENTROPY_SEED_1 | 0x30 | -| ENTROPY_SEED_2 | 0x34 | -| ENTROPY_SEED_3 | 0x38 | -| ENTROPY_SEED_4 | 0x3c | - - ### Fields ```wavejson @@ -591,22 +574,22 @@ responsibility to keep upper bits of the secret key to 0. | Name | Offset | |:--------------|:---------| -| KEY_SHARE0_0 | 0x40 | -| KEY_SHARE0_1 | 0x44 | -| KEY_SHARE0_2 | 0x48 | -| KEY_SHARE0_3 | 0x4c | -| KEY_SHARE0_4 | 0x50 | -| KEY_SHARE0_5 | 0x54 | -| KEY_SHARE0_6 | 0x58 | -| KEY_SHARE0_7 | 0x5c | -| KEY_SHARE0_8 | 0x60 | -| KEY_SHARE0_9 | 0x64 | -| KEY_SHARE0_10 | 0x68 | -| KEY_SHARE0_11 | 0x6c | -| KEY_SHARE0_12 | 0x70 | -| KEY_SHARE0_13 | 0x74 | -| KEY_SHARE0_14 | 0x78 | -| KEY_SHARE0_15 | 0x7c | +| KEY_SHARE0_0 | 0x30 | +| KEY_SHARE0_1 | 0x34 | +| KEY_SHARE0_2 | 0x38 | +| KEY_SHARE0_3 | 0x3c | +| KEY_SHARE0_4 | 0x40 | +| KEY_SHARE0_5 | 0x44 | +| KEY_SHARE0_6 | 0x48 | +| KEY_SHARE0_7 | 0x4c | +| KEY_SHARE0_8 | 0x50 | +| KEY_SHARE0_9 | 0x54 | +| KEY_SHARE0_10 | 0x58 | +| KEY_SHARE0_11 | 0x5c | +| KEY_SHARE0_12 | 0x60 | +| KEY_SHARE0_13 | 0x64 | +| KEY_SHARE0_14 | 0x68 | +| KEY_SHARE0_15 | 0x6c | ### Fields @@ -639,22 +622,22 @@ responsibility to keep upper bits of the secret key to 0. | Name | Offset | |:--------------|:---------| -| KEY_SHARE1_0 | 0x80 | -| KEY_SHARE1_1 | 0x84 | -| KEY_SHARE1_2 | 0x88 | -| KEY_SHARE1_3 | 0x8c | -| KEY_SHARE1_4 | 0x90 | -| KEY_SHARE1_5 | 0x94 | -| KEY_SHARE1_6 | 0x98 | -| KEY_SHARE1_7 | 0x9c | -| KEY_SHARE1_8 | 0xa0 | -| KEY_SHARE1_9 | 0xa4 | -| KEY_SHARE1_10 | 0xa8 | -| KEY_SHARE1_11 | 0xac | -| KEY_SHARE1_12 | 0xb0 | -| KEY_SHARE1_13 | 0xb4 | -| KEY_SHARE1_14 | 0xb8 | -| KEY_SHARE1_15 | 0xbc | +| KEY_SHARE1_0 | 0x70 | +| KEY_SHARE1_1 | 0x74 | +| KEY_SHARE1_2 | 0x78 | +| KEY_SHARE1_3 | 0x7c | +| KEY_SHARE1_4 | 0x80 | +| KEY_SHARE1_5 | 0x84 | +| KEY_SHARE1_6 | 0x88 | +| KEY_SHARE1_7 | 0x8c | +| KEY_SHARE1_8 | 0x90 | +| KEY_SHARE1_9 | 0x94 | +| KEY_SHARE1_10 | 0x98 | +| KEY_SHARE1_11 | 0x9c | +| KEY_SHARE1_12 | 0xa0 | +| KEY_SHARE1_13 | 0xa4 | +| KEY_SHARE1_14 | 0xa8 | +| KEY_SHARE1_15 | 0xac | ### Fields @@ -673,7 +656,7 @@ Secret Key length in bit. This value is used to make encoded secret key in KMAC. KMAC supports certain lengths of the secret key. Currently it supports 128b, 192b, 256b, 384b, and 512b secret keys. -- Offset: `0xc0` +- Offset: `0xb0` - Reset default: `0x0` - Reset mask: `0x7` - Register enable: [`CFG_REGWEN`](#cfg_regwen) @@ -729,17 +712,17 @@ and report an error. | Name | Offset | |:----------|:---------| -| PREFIX_0 | 0xc4 | -| PREFIX_1 | 0xc8 | -| PREFIX_2 | 0xcc | -| PREFIX_3 | 0xd0 | -| PREFIX_4 | 0xd4 | -| PREFIX_5 | 0xd8 | -| PREFIX_6 | 0xdc | -| PREFIX_7 | 0xe0 | -| PREFIX_8 | 0xe4 | -| PREFIX_9 | 0xe8 | -| PREFIX_10 | 0xec | +| PREFIX_0 | 0xb4 | +| PREFIX_1 | 0xb8 | +| PREFIX_2 | 0xbc | +| PREFIX_3 | 0xc0 | +| PREFIX_4 | 0xc4 | +| PREFIX_5 | 0xc8 | +| PREFIX_6 | 0xcc | +| PREFIX_7 | 0xd0 | +| PREFIX_8 | 0xd4 | +| PREFIX_9 | 0xd8 | +| PREFIX_10 | 0xdc | ### Fields @@ -754,7 +737,7 @@ and report an error. ## ERR_CODE KMAC/SHA3 Error Code -- Offset: `0xf0` +- Offset: `0xe0` - Reset default: `0x0` - Reset mask: `0xffffffff` diff --git a/hw/ip/kmac/doc/theory_of_operation.md b/hw/ip/kmac/doc/theory_of_operation.md index 463c7b38aa0639..a21c4ca29e36fc 100644 --- a/hw/ip/kmac/doc/theory_of_operation.md +++ b/hw/ip/kmac/doc/theory_of_operation.md @@ -284,22 +284,12 @@ This section explains the entropy generator inside the KMAC HWIP. KMAC has an entropy generator to provide the design with pseudo-random numbers while processing the secret key block. The entropy is used for both remasking the DOM multipliers inside the Chi function of the Keccak core as well as for masking the message if [`CFG_SHADOWED.msg_mask`](registers.md#cfg_shadowed) is enabled. -![Entropy block](../doc/kmac-entropy.svg) - -The entropy generator is made up of 25 32-bit linear feedback shift registers (LFSRs). +The entropy generator is constructed using a [heavily unrolled Trivium stream cipher primitive](https://eprint.iacr.org/2023/1134). This allows the module to generate 800 bits of fresh, pseudo-random numbers required by the 800 DOM multipliers for remasking in every clock cycle. -To break linear shift patterns, each LFSR features a non-linear layer. -In addition an 800-bit wide permutation spanning across all LFSRs is used. - -Depending on [`CFG_SHADOWED.entropy_mode`](registers.md#cfg_shadowed), the entropy generator fetches initial entropy from the [Entropy Distribution Network (EDN)][edn] module or software has to provide a seed by writing the [`ENTROPY_SEED_0`](registers.md#entropy_seed) - [`ENTROPY_SEED_4`](registers.md#entropy_seed) registers in ascending order. -The module periodically refreshes the LFSR seeds with the new entropy from EDN. - -To limit the entropy consumption for reseeding, a cascaded reseeding mechanism is used. -Per reseeding operation, the entropy generator consumes five times 32 bits of entropy from [EDN][edn], one 32-bit word at a time. -These five 32-bit words are directly fed into LFSRs 0/5/10/15/20 for reseeding. -At the same time, the previous states of LFSRs 0/5/10/15/20 from before the reseeding operation are permuted and then forwarded to reseed LFSRs 1/6/11/16/21. -Similarly, the previous states of LFSRs 1/6/11/16/21 from before the reseeding operation are permuted and then forwarded to reseed LFSRs 2/7/12/17/22. -Software can still request a complete reseed of all 25 LFSRs from EDN by subsequently triggering five reseeding operations through [`CMD.entropy_req`](registers.md#cmd). + +Depending on [`CFG_SHADOWED.entropy_mode`](registers.md#cfg_shadowed), the entropy generator fetches initial entropy from the [Entropy Distribution Network (EDN)][edn] module or software has to provide a seed by writing the [`ENTROPY_SEED`](registers.md#entropy_seed) register 9 times. +The module periodically refreshes the PRNG seed with fresh entropy from EDN. +Software can explicitly request a complete reseed of the PRNG state from EDN through [`CMD.entropy_req`](registers.md#cmd). [edn]: ../../edn/README.md diff --git a/hw/ip/kmac/dv/env/kmac_scoreboard.sv b/hw/ip/kmac/dv/env/kmac_scoreboard.sv index 3c6a76fbc734ab..2039f0a1a3dda3 100644 --- a/hw/ip/kmac/dv/env/kmac_scoreboard.sv +++ b/hw/ip/kmac/dv/env/kmac_scoreboard.sv @@ -221,7 +221,7 @@ class kmac_scoreboard extends cip_base_scoreboard #( // Entropy interface is native 32 bits - prim_edn_req component internally // does as many EDN fetches as necessary to fill up the required data bus size // of the "host". - repeat (kmac_reg_pkg::NumSeedsEntropyLfsr) begin + repeat (kmac_reg_pkg::NumSeedsEntropy) begin `DV_SPINWAIT(edn_fifos[0].get(edn_item);, "Wait EDN request") end `uvm_info(`gfn, "got all edn transactions", UVM_HIGH) diff --git a/hw/ip/kmac/dv/env/seq_lib/kmac_base_vseq.sv b/hw/ip/kmac/dv/env/seq_lib/kmac_base_vseq.sv index 82235a8d6df401..0c2cf96530e46a 100644 --- a/hw/ip/kmac/dv/env/seq_lib/kmac_base_vseq.sv +++ b/hw/ip/kmac/dv/env/seq_lib/kmac_base_vseq.sv @@ -568,8 +568,8 @@ class kmac_base_vseq extends cip_base_vseq #( endtask virtual task provide_sw_entropy(); - for (int i = 0; i < kmac_reg_pkg::NumSeedsEntropyLfsr; i++) begin - csr_wr(.ptr(ral.entropy_seed[i]), .value($urandom())); + for (int i = 0; i < kmac_reg_pkg::NumSeedsEntropy; i++) begin + csr_wr(.ptr(ral.entropy_seed), .value($urandom())); end endtask diff --git a/hw/ip/kmac/kmac.core b/hw/ip/kmac/kmac.core index 8f58f9c8941150..c86a6185d8dea2 100644 --- a/hw/ip/kmac/kmac.core +++ b/hw/ip/kmac/kmac.core @@ -14,6 +14,7 @@ filesets: - lowrisc:prim:assert - lowrisc:prim:count - lowrisc:prim:sparse_fsm + - lowrisc:prim:trivium - lowrisc:prim:mubi - lowrisc:ip:tlul - lowrisc:ip:keymgr_pkg diff --git a/hw/ip/kmac/pre_dv/kmac_reduced_tb/rtl/kmac_reduced_tb.sv b/hw/ip/kmac/pre_dv/kmac_reduced_tb/rtl/kmac_reduced_tb.sv index 9cdff1f3b27cb7..e002be2ed17255 100644 --- a/hw/ip/kmac/pre_dv/kmac_reduced_tb/rtl/kmac_reduced_tb.sv +++ b/hw/ip/kmac/pre_dv/kmac_reduced_tb/rtl/kmac_reduced_tb.sv @@ -163,10 +163,8 @@ module kmac_reduced_tb #( assign msg_handshake = msg_valid & msg_ready; // Randomness generation. - // Track falling edges of entropy_req. - // Since there are 5 x 5 32-bit LFSRs and every reseed just reseeds 5 LFSRs, - // we need to do 5 consecutive reseed operations. The end of each reseed - // operation is signaled with entropy_req going low. + // Track falling edges of entropy_req. The end of the reseed operation is signaled with + // entropy_req going low. assign entropy_req_d = entropy_req; always_ff @(posedge clk_i or negedge rst_ni) begin : reg_entropy_req if (!rst_ni) begin @@ -228,11 +226,10 @@ module kmac_reduced_tb #( INIT_RESEED: begin // Perform an initial reseed of the PRNG to put it into a random state. - // Since there are 5 x 5 32-bit LFSRs and every reseed just reseeds 5 LFSRs, - // we need to do 5 consecutive reseed operations. + // We do one reseed operation to reseed the single Trivium primitive. entropy_refresh_req = 1'b1; reseed_count_increment = entropy_req_fell; - if (reseed_count_q == 8'd5) begin + if (reseed_count_q == 8'd1) begin entropy_refresh_req = 1'b0; kmac_reduced_tb_state_d = START_TRIGGER; end diff --git a/hw/ip/kmac/pre_sca/prolead/kmac_reduced_config.set b/hw/ip/kmac/pre_sca/prolead/kmac_reduced_config.set index 2942792a7e0f58..24dc4ab6f68df6 100644 --- a/hw/ip/kmac/pre_sca/prolead/kmac_reduced_config.set +++ b/hw/ip/kmac/pre_sca/prolead/kmac_reduced_config.set @@ -87,7 +87,7 @@ no_of_initial_inputs % number of clock cycles to initiate the run (start of encryption) no_of_initial_clock_cycles -44 +20 %1 - First clock cycle with inactive reset. rst_ni 1'b1 @@ -109,8 +109,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -138,8 +138,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -167,8 +167,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -196,8 +196,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -225,8 +225,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -254,8 +254,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -283,8 +283,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -312,8 +312,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -341,8 +341,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -370,8 +370,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -399,8 +399,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -428,8 +428,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -457,8 +457,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -466,703 +466,7 @@ no_of_initial_clock_cycles [3:0] lc_escalate_en_i 4'b1010 err_processed_i 1'b0 -%14 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%15 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%16 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%17 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%18 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%19 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%20 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%21 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%22 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%23 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%24 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%25 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%26 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%27 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%28 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%29 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%30 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%31 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%32 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%33 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%34 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%35 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%36 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%37 - Perform an initial reseed of the internal PRNG to put it into a random state. - rst_ni 1'b1 -[127:0] msg_i group_in0[127:0] -[255:128] msg_i group_in1[127:0] - msg_valid_i 1'b0 - start_i 1'b0 - process_i 1'b0 - run_i 1'b0 -[3:0] done_i 4'b1001 - entropy_ready_i 1'b0 - entropy_refresh_req_i 1'b1 - entropy_ack_i 1'b1 -[1:0] mode_i 2'b00 -[2:0] strength_i 3'b010 -[351:0] ns_prefix_i 352'h000000000000000000000000000000000000000000000000000000000000000000000000000043414D4B2001 -[7:0] msg_strb_i 8'hFF - msg_mask_en_i 1'b1 -[1:0] entropy_mode_i 2'b01 - entropy_fast_process_i 1'b0 - entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 -[9:0] wait_timer_prescaler_i 10'b0000000000 -[15:0] wait_timer_limit_i 16'hFFFF -[9:0] entropy_hash_threshold_i 10'b1111111111 - entropy_hash_clr_i 1'b0 -[3:0] lc_escalate_en_i 4'b1010 - err_processed_i 1'b0 - -%38 - Stop reseeding the internal PRNG. +%14 - Stop reseeding the internal PRNG. rst_ni 1'b1 [127:0] msg_i group_in0[127:0] [255:128] msg_i group_in1[127:0] @@ -1182,8 +486,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -1191,7 +495,7 @@ no_of_initial_clock_cycles [3:0] lc_escalate_en_i 4'b1010 err_processed_i 1'b0 -%39 - Send the start trigger. +%15 - Send the start trigger. rst_ni 1'b1 [127:0] msg_i group_in0[127:0] [255:128] msg_i group_in1[127:0] @@ -1211,8 +515,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -1220,7 +524,7 @@ no_of_initial_clock_cycles [3:0] lc_escalate_en_i 4'b1010 err_processed_i 1'b0 -%40 - Signal that the message is valid. +%16 - Signal that the message is valid. rst_ni 1'b1 [127:0] msg_i group_in0[127:0] [255:128] msg_i group_in1[127:0] @@ -1240,8 +544,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -1249,7 +553,7 @@ no_of_initial_clock_cycles [3:0] lc_escalate_en_i 4'b1010 err_processed_i 1'b0 -%41 - Internal message loading. +%17 - Internal message loading. rst_ni 1'b1 [127:0] msg_i group_in0[127:0] [255:128] msg_i group_in1[127:0] @@ -1269,8 +573,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -1278,7 +582,7 @@ no_of_initial_clock_cycles [3:0] lc_escalate_en_i 4'b1010 err_processed_i 1'b0 -%42 - Internal message loading. +%18 - Internal message loading. rst_ni 1'b1 [127:0] msg_i group_in0[127:0] [255:128] msg_i group_in1[127:0] @@ -1298,8 +602,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -1307,7 +611,7 @@ no_of_initial_clock_cycles [3:0] lc_escalate_en_i 4'b1010 err_processed_i 1'b0 -%43 - Send the process trigger. +%19 - Send the process trigger. rst_ni 1'b1 [127:0] msg_i group_in0[127:0] [255:128] msg_i group_in1[127:0] @@ -1327,8 +631,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -1336,7 +640,7 @@ no_of_initial_clock_cycles [3:0] lc_escalate_en_i 4'b1010 err_processed_i 1'b0 -%44 - De-assert process_i. +%20 - De-assert process_i. rst_ni 1'b1 [127:0] msg_i group_in0[127:0] [255:128] msg_i group_in1[127:0] @@ -1356,8 +660,8 @@ no_of_initial_clock_cycles [1:0] entropy_mode_i 2'b01 entropy_fast_process_i 1'b0 entropy_in_keyblock_i 1'b1 -[4:0] entropy_seed_update_i 5'b00000 -[159:0] entropy_seed_data_i 160'h0000000000000000000000000000000000000000 + entropy_seed_update_i 1'b0 +[31:0] entropy_seed_data_i 32'h00000000 [9:0] wait_timer_prescaler_i 10'b0000000000 [15:0] wait_timer_limit_i 16'hFFFF [9:0] entropy_hash_threshold_i 10'b1111111111 @@ -1377,7 +681,7 @@ end_wait_cycles % maximum number of clock cycles per run before checking the end_condition max_clock_cycle -159 +135 no_of_outputs 0 @@ -1386,7 +690,7 @@ no_of_outputs no_of_test_clock_cycles 1 -39-159 % The start trigger is sent at %39 and the state_valid_o arrives at %158. +15-135 % The start trigger is sent at %15 and the state_valid_o arrives at %134. % max number of entries in the report file with maximum leakage % 0 : do not generate the report file diff --git a/hw/ip/kmac/pre_syn/syn_yosys.sh b/hw/ip/kmac/pre_syn/syn_yosys.sh index 168f971cfe9521..353712648ea388 100755 --- a/hw/ip/kmac/pre_syn/syn_yosys.sh +++ b/hw/ip/kmac/pre_syn/syn_yosys.sh @@ -64,6 +64,7 @@ OT_DEP_SOURCES=( "$LR_SYNTH_SRC_DIR"/../prim/rtl/prim_lc_sync.sv "$LR_SYNTH_SRC_DIR"/../prim/rtl/prim_sync_reqack_data.sv "$LR_SYNTH_SRC_DIR"/../prim/rtl/prim_sync_reqack.sv + "$LR_SYNTH_SRC_DIR"/../prim/rtl/prim_trivium.sv "$LR_SYNTH_SRC_DIR"/../prim/rtl/prim_packer_fifo.sv "$LR_SYNTH_SRC_DIR"/../prim/rtl/prim_lfsr.sv "$LR_SYNTH_SRC_DIR"/../prim/rtl/prim_flop_2sync.sv diff --git a/hw/ip/kmac/rtl/kmac.sv b/hw/ip/kmac/rtl/kmac.sv index 6c04393991cae4..c5d463385194ee 100644 --- a/hw/ip/kmac/rtl/kmac.sv +++ b/hw/ip/kmac/rtl/kmac.sv @@ -32,7 +32,7 @@ module kmac parameter lfsr_perm_t RndCnstLfsrPerm = RndCnstLfsrPermDefault, parameter lfsr_seed_t RndCnstLfsrSeed = RndCnstLfsrSeedDefault, - parameter lfsr_fwd_perm_t RndCnstLfsrFwdPerm = RndCnstLfsrFwdPermDefault, + parameter buffer_lfsr_seed_t RndCnstBufferLfsrSeed = RndCnstBufferLfsrSeedDefault, parameter msg_perm_t RndCnstMsgPerm = RndCnstMsgPermDefault, parameter logic [NumAlerts-1:0] AlertAsyncOn = {NumAlerts{1'b1}} @@ -292,8 +292,8 @@ module kmac logic [9:0] wait_timer_prescaler; logic [15:0] wait_timer_limit; logic entropy_refresh_req; - logic [NumSeedsEntropyLfsr-1:0] entropy_seed_update; - logic [NumSeedsEntropyLfsr-1:0][31:0] entropy_seed_data; + logic entropy_seed_update; + logic [31:0] entropy_seed_data; logic [HashCntW-1:0] entropy_hash_threshold; logic [HashCntW-1:0] entropy_hash_cnt; @@ -526,10 +526,8 @@ module kmac assign wait_timer_limit = reg2hw.entropy_period.wait_timer.q; assign entropy_refresh_req = reg2hw.cmd.entropy_req.q && reg2hw.cmd.entropy_req.qe; - for (genvar i = 0; i < NumSeedsEntropyLfsr; i++) begin : gen_entropy_seed - assign entropy_seed_update[i] = reg2hw.entropy_seed[i].qe; - assign entropy_seed_data[i] = reg2hw.entropy_seed[i].q; - end + assign entropy_seed_update = reg2hw.entropy_seed.qe; + assign entropy_seed_data = reg2hw.entropy_seed.q; assign entropy_hash_threshold = reg2hw.entropy_refresh_threshold_shadowed.q; assign hw2reg.entropy_refresh_hash_cnt.de = 1'b 1; @@ -1189,7 +1187,7 @@ module kmac kmac_entropy #( .RndCnstLfsrPerm(RndCnstLfsrPerm), .RndCnstLfsrSeed(RndCnstLfsrSeed), - .RndCnstLfsrFwdPerm(RndCnstLfsrFwdPerm) + .RndCnstBufferLfsrSeed(RndCnstBufferLfsrSeed) ) u_entropy ( .clk_i, .rst_ni, @@ -1266,8 +1264,8 @@ module kmac assign unused_sha3_rand_update = sha3_rand_update; assign unused_sha3_rand_consumed = sha3_rand_consumed; - logic [NumSeedsEntropyLfsr-1:0] unused_seed_update; - logic [NumSeedsEntropyLfsr-1:0][31:0] unused_seed_data; + logic unused_seed_update; + logic [31:0] unused_seed_data; logic [31:0] unused_refresh_period; logic unused_entropy_refresh_req; assign unused_seed_data = entropy_seed_data; @@ -1498,9 +1496,6 @@ module kmac `ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(HashCountCheck_A, gen_entropy.u_entropy.u_hash_count, alert_tx_o[1]) - `ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(SeedIdxCountCheck_A, - gen_entropy.u_entropy.u_seed_idx_count, - alert_tx_o[1]) // MsgFifo.Packer `ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT( diff --git a/hw/ip/kmac/rtl/kmac_entropy.sv b/hw/ip/kmac/rtl/kmac_entropy.sv index 08c306ab9ff342..69b3d2c06a8a47 100644 --- a/hw/ip/kmac/rtl/kmac_entropy.sv +++ b/hw/ip/kmac/rtl/kmac_entropy.sv @@ -12,7 +12,7 @@ module kmac_entropy #( parameter lfsr_perm_t RndCnstLfsrPerm = RndCnstLfsrPermDefault, parameter lfsr_seed_t RndCnstLfsrSeed = RndCnstLfsrSeedDefault, - parameter lfsr_fwd_perm_t RndCnstLfsrFwdPerm = RndCnstLfsrFwdPermDefault + parameter buffer_lfsr_seed_t RndCnstBufferLfsrSeed = RndCnstBufferLfsrSeedDefault ) ( input clk_i, input rst_ni, @@ -44,15 +44,15 @@ module kmac_entropy //// rand_valid_o unless it is not processing KeyBlock. input fast_process_i, - //// LFSR Enable for Message Masking - //// If 1, LFSR advances to create 64-bit PRNG. This input is used to mask + //// PRNG enable for Message Masking + //// If 1, PRNG advances to create 64-bit PRN. This input is used to mask //// the message fed into SHA3 (Keccak). input msg_mask_en_i, output logic [MsgWidth-1:0] msg_mask_o, //// SW update of seed - input [NumSeedsEntropyLfsr-1:0] seed_update_i, - input [NumSeedsEntropyLfsr-1:0][31:0] seed_data_i, + input seed_update_i, + input [31:0] seed_data_i, //// SW may initiate manual EDN seed refresh input entropy_refresh_req_i, @@ -118,7 +118,7 @@ module kmac_entropy // get new entropy from EDN or the seed should be feeded by the software. StRandReset = 10'b1001111000, - // The seed is fed into LFSR and the entropy is ready. It means the + // The seed is fed into PRNG and the entropy is ready. It means the // rand_valid is asserted with valid data. It takes a few steps to reach // this state from StRandReset. StRandReady = 10'b0110000100, @@ -129,7 +129,7 @@ module kmac_entropy // Reset --> EdnReq: // If entropy source module is ready, the software sets a bit in CFG // also sets the entropy mode to EdnMode. Then this FSM moves to EdnReq - // to initialize LFSR seed. + // to initialize PRNG seed. // // Ready --> EdnReq: // 1. If a mode is configured as to update entropy everytime it is @@ -137,7 +137,7 @@ module kmac_entropy // 2. If the software enabled EDN timer and the timer is expired and // also the KMAC is processing the key block, the FSM moves to // EdnReq to refresh seed - // 3. If a KMAC operation is completed, the FSM also refreshes the LFSR + // 3. If a KMAC operation is completed, the FSM also refreshes the PRNG // seed to prepare next KMAC op or wipe out operation. StRandEdn = 10'b1100100111, @@ -146,7 +146,7 @@ module kmac_entropy // entropy StSwSeedWait = 10'b1011110110, - // Generate: In this state, the entropy generator advances the LFSRs to + // Generate: In this state, the entropy generator advances the PRNG to // generate the 800-bits of pseudo random data for the next evaluation. StRandGenerate = 10'b0000001100, @@ -190,19 +190,17 @@ module kmac_entropy localparam int unsigned PrescalerW = TimerPrescalerW; logic [PrescalerW-1:0] prescaler_cnt; - // LFSR - // SW configures to use EDN or SEED register as a LFSR seed - logic [NumSeedsEntropyLfsr-1:0] lfsr_seed_en_red; - logic [NumChunksEntropyLfsr-1:0] lfsr_seed_en; - logic [NumChunksEntropyLfsr-1:0][ChunkSizeEntropyLfsr-1:0] lfsr_seed; - logic lfsr_seed_done; - logic lfsr_en; - logic [NumChunksEntropyLfsr-1:0][ChunkSizeEntropyLfsr-1:0] lfsr_data_chunked; - logic [EntropyLfsrW-1:0] lfsr_data, lfsr_data_permuted; + // PRNG primitive + // SW configures to use EDN or ENTROPY_SEED register as PRNG seed + logic seed_en, seed_done; + logic seed_req, seed_ack; + logic [edn_pkg::ENDPOINT_BUS_WIDTH-1:0] seed; + logic prng_en; + logic [EntropyOutputW-1:0] prng_data, prng_data_permuted; // Buffer stage to prevent glitches happening inside the PRNG itself from // propagating into the masked processing core. - logic [EntropyLfsrW-1:0] rand_data_q; + logic [EntropyOutputW-1:0] rand_data_q; logic data_update; // Auxliliary randomness @@ -211,7 +209,7 @@ module kmac_entropy // Randomness for controlling PRNG updates. This only matters for clock cycles // where the PRNG output is not actually used. - logic [3:0] lfsr_en_rand_d, lfsr_en_rand_q; + logic [3:0] prng_en_rand_d, prng_en_rand_q; // Entropy valid signal // FSM set and clear the valid signal, rand_consume signal clear the valid @@ -349,131 +347,61 @@ module kmac_entropy else if (mode_latch) mode_q <= mode_i; end - // LFSRs ==================================================================== + // PRNG primitive =========================================================== - // We use 25 32-bit LFSRs in parallel to generate the 800 bits of randomness - // required by the DOM multipliers inside the Keccak core in a single clock - // cycle. To reduce the entropy consumption for periodic reseeding, a cascaded - // reseeding mechanism is used: - // - // - LFSR 0 (5/10/15/20) gets one 32-bit seed each from EDN/SW. - // - LFSR 1 (6/11/16/21) gets the old state of LFSR 0 (5/10/15/20) - // - ... - // - LFSR 4 (9/14/19/24) gets the old state of LFSR 3 (8/13/18/23) - // - // In addition, the forwarded old states are permuted. - // - // This allows to reduce the entropy consumption. A full reseed of all 25 - // LFSRs is still possible by subsequently triggering 5 reseeding operations - // though software. - - // Reseeding counter - We reseed one 32-bit chunk at a time and need to keep - // track of which LFSR chunk to reseed next. - localparam int unsigned SeedIdxWidth = - prim_util_pkg::vbits(NumSeedsEntropyLfsr); - logic [SeedIdxWidth-1:0] seed_idx; - logic seed_idx_count_error; - - // SEC_CM CTR.REDUN - // This primitive is used to place a hardened counter - prim_count #( - .Width(SeedIdxWidth) - ) u_seed_idx_count ( - .clk_i, - .rst_ni, - .clr_i(lfsr_seed_done), - .set_i(1'b0), - .set_cnt_i(SeedIdxWidth'(0)), - .incr_en_i(|lfsr_seed_en), - .decr_en_i(1'b0), - .step_i(SeedIdxWidth'(1)), - .commit_i(1'b1), - .cnt_o(seed_idx), - .cnt_after_commit_o(), - .err_o(seed_idx_count_error) - ); - - assign lfsr_seed_done = - (seed_idx == SeedIdxWidth'(unsigned'(NumSeedsEntropyLfsr - 1))) & - |lfsr_seed_en; - - // Seed selection - The reduced seed enable signal `lfsr_seed_en_red` is - // controlled by the FSM. Here we just repliate it as we're always reseeding - // 5 LFSRs together. - for (genvar i = 0; i < 5; i++) begin : gen_lfsr_seed_en - assign lfsr_seed_en[i * 5 +: 5] = {5{lfsr_seed_en_red[i]}}; - end - - // From software we get NumChunks 32-bit seeds but only one is valid. The - // others may be zero. - // From EDN we get a single 32-bit seed. This is the default value forwarded. - for (genvar i = 0; i < NumSeedsEntropyLfsr; i++) begin : gen_lfsr_seed - // LFSRs 0/5/10/15/20 get the fresh entropy. - assign lfsr_seed[i * 5] = - (mode_q == EntropyModeSw) ? seed_data_i[i] : entropy_data_i; - - // The other LFSRs get the permuted old states. - for (genvar j = 0; j < 4; j++) begin : gen_fwd_seeds - for (genvar k = 0; k < ChunkSizeEntropyLfsr; k++) begin : gen_fwd_perm - assign lfsr_seed[i * 5 + j + 1][k] = - lfsr_data_chunked[i * 5 + j][RndCnstLfsrFwdPerm[k]]; - end - end - end `ASSERT_KNOWN(ModeKnown_A, mode_i) + assign seed = (mode_q == EntropyModeSw) ? seed_data_i : entropy_data_i; + + // We employ a single unrolled Trivium stream cipher primitive to generate + // 800 bits per clock cycle. + prim_trivium #( + .BiviumVariant (0), + .OutputWidth (EntropyOutputW), + .StrictLockupProtection(1), + .SeedType (prim_trivium_pkg::SeedTypeStatePartial), + .PartialSeedWidth (edn_pkg::ENDPOINT_BUS_WIDTH), + .RndCnstTriviumLfsrSeed(RndCnstLfsrSeed) + ) u_prim_trivium ( + .clk_i (clk_i), + .rst_ni(rst_ni), + + .en_i (prng_en || msg_mask_en_i), + .allow_lockup_i ('0), // Not used. + .seed_en_i (seed_en), + .seed_done_o (seed_done), + .seed_req_o (seed_req), + .seed_ack_i (seed_ack), + .seed_key_i ('0), // Not used. + .seed_iv_i ('0), // Not used. + .seed_state_full_i ('0), // Not used. + .seed_state_partial_i(seed), + + .key_o(prng_data), + .err_o() + ); - // We employ five 32-bit LFSRs to generate 160 bits per clock cycle. Using - // multiple 32-bit LFSRs with an additional permutation layer spanning across - // all LFSRs has relevant advantages: - // - Multiple simulateneous faults needs to be injected to get a fully - // deterministic output. - // - No additional buffering is needed for reseeding. Both software and EDN - // provide 32 bits at a time meaning we can reseed the LFSRs directly as - // we get the entropy. - // We use multiple LFSR instances each having a width of ChunkSize. - for (genvar i = 0; i < NumChunksEntropyLfsr; i++) begin : gen_lfsrs - prim_lfsr #( - .LfsrType("GAL_XOR"), - .LfsrDw(ChunkSizeEntropyLfsr), - .StateOutDw(ChunkSizeEntropyLfsr), - .DefaultSeed(RndCnstLfsrSeed[i * ChunkSizeEntropyLfsr +: ChunkSizeEntropyLfsr]), - .StatePermEn(1'b0), - .NonLinearOut(1'b1) - ) u_lfsr_chunk ( - .clk_i, - .rst_ni, - .seed_en_i(lfsr_seed_en[i]), - .seed_i (lfsr_seed[i]), - .lfsr_en_i(lfsr_en || msg_mask_en_i), - .entropy_i('0), - .state_o (lfsr_data_chunked[i]) - ); - end - - // Add a permutation layer spanning across all LFSRs to break linear shift - // patterns. - assign lfsr_data = lfsr_data_chunked; - for (genvar i = 0; i < EntropyLfsrW; i++) begin : gen_perm - assign lfsr_data_permuted[i] = lfsr_data[RndCnstLfsrPerm[i]]; + // Add a permutation layer to obfuscate the output of the PRNG primitive. + for (genvar i = 0; i < EntropyOutputW; i++) begin : gen_perm + assign prng_data_permuted[i] = prng_data[RndCnstLfsrPerm[i]]; end - // Buffer stage to prevent glitches happening inside the LFSR primitives - // from propagating into the masked processing core. + // Buffer stage to prevent glitches happening inside the PRNG primitive from + // propagating into the masked processing core. always_ff @(posedge clk_i or negedge rst_ni) begin if (!rst_ni) begin - rand_data_q <= RndCnstLfsrSeed; + rand_data_q <= RndCnstBufferLfsrSeed; end else if (data_update || msg_mask_en_i) begin - rand_data_q <= lfsr_data_permuted; + rand_data_q <= prng_data_permuted; end end // Forwrad LSBs for masking the message. assign msg_mask_o = rand_data_q[MsgWidth-1:0]; - // LFSRs -------------------------------------------------------------------- + // PRNG primitive ---------------------------------------------------------- // Auxiliary randomness ===================================================== - assign aux_rand_d = aux_update ? rand_data_q[EntropyLfsrW - 1] : + assign aux_rand_d = aux_update ? rand_data_q[EntropyOutputW - 1] : aux_rand_q; always_ff @(posedge clk_i or negedge rst_ni) begin if (!rst_ni) begin @@ -485,20 +413,20 @@ module kmac_entropy // Auxiliary randomness ----------------------------------------------------- - // LFSR enable randomness =================================================== - assign lfsr_en_rand_d = - aux_update ? rand_data_q[EntropyLfsrW - 2 -: 4] : // refresh - {1'b0, lfsr_en_rand_q[3:1]}; // shift out + // PRNG enable randomness =================================================== + assign prng_en_rand_d = + aux_update ? rand_data_q[EntropyOutputW - 2 -: 4] : // refresh + {1'b0, prng_en_rand_q[3:1]}; // shift out always_ff @(posedge clk_i or negedge rst_ni) begin if (!rst_ni) begin - lfsr_en_rand_q <= '0; + prng_en_rand_q <= '0; end else begin - lfsr_en_rand_q <= lfsr_en_rand_d; + prng_en_rand_q <= prng_en_rand_d; end end - // LFSR enable randomness --------------------------------------------------- + // PRNG enable randomness --------------------------------------------------- // Randomness outputs ======================================================= assign rand_data_o = rand_data_q; @@ -519,15 +447,15 @@ module kmac_entropy assign rand_early_o = rand_valid_set; // The Keccak core is not supposed to ever consume randomness unless it's marked - // as valid. The only exception is if the reseeding of the LFSRs just finished + // as valid. The only exception is if the reseeding of the PRNG just finished // in the previous clock cycle. Because it's possible for the randomness to stay // valid throughout the reseeding (the valid is for sure de-asserted at the end). // The Keccak core may base its decision to start processing / consuming entropy - // before the valid is de-asserted. If this happens, the current LFSR output + // before the valid is de-asserted. If this happens, the current buffer output // might be used for both remasking and as auxiliary randomness which isn't ideal // but given this happens only very rarely it should be okay. `ASSUME(ConsumeNotAssertWhenNotValid_M, - rand_update_i | rand_consumed_i |-> rand_valid_o || $past(lfsr_seed_done)) + rand_update_i | rand_consumed_i |-> rand_valid_o || $past(seed_done)) // Upon escalation or in case the EDN wait timer expires the entropy_req signal // can be dropped before getting acknowledged. This may leave EDN in a strange @@ -547,7 +475,7 @@ module kmac_entropy // Randomness outputs ------------------------------------------------------- // Remaining outputs - assign count_error_o = hash_count_error | seed_idx_count_error; + assign count_error_o = hash_count_error; /////////////////// // State Machine // @@ -570,9 +498,6 @@ module kmac_entropy threshold_hit_clr = 1'b 0; - // EDN request - entropy_req = 1'b 0; - // rand is valid when this logic expands the entropy. // FSM sets the valid signal, the signal is cleared by `consume` signal // or FSM clear signal. @@ -585,15 +510,13 @@ module kmac_entropy // mode_latch to store mode_i into mode_q mode_latch = 1'b 0; - // lfsr_en: Let LFSR run - // To save power, this logic enables LFSR when it needs entropy expansion. - lfsr_en = 1'b 0; - - // lfsr_seed_en_red: Signal to update LFSR seed - // LFSR seed can be updated by EDN or SW. - lfsr_seed_en_red = '0; + // PRNG reseed handling + seed_en = 1'b 0; + seed_ack = 1'b 0; + entropy_req = 1'b 0; // Randomness control signals + prng_en = 1'b 0; data_update = 1'b 0; aux_update = 1'b 0; @@ -611,10 +534,14 @@ module kmac_entropy // SW has configured KMAC unique case (mode_i) EntropyModeSw: begin + // Start reseeding the PRNG via ENTROPY_SEED CSR. + seed_en = 1'b 1; st_d = StSwSeedWait; end EntropyModeEdn: begin + // Start reseeding the PRNG via EDN. + seed_en = 1'b 1; st_d = StRandEdn; // Timer reset @@ -640,7 +567,7 @@ module kmac_entropy StRandReady: begin timer_enable = 1'b 1; // If limit is zero, timer won't work - lfsr_en = lfsr_en_rand_q[0]; + prng_en = prng_en_rand_q[0]; if ((rand_update_i || rand_consumed_i) && ((fast_process_i && in_keyblock_i) || !fast_process_i)) begin @@ -648,7 +575,7 @@ module kmac_entropy // consumed. So, the logic does not expand the entropy again. // If fast_process is not set, then every rand_consume signal // triggers rand expansion. - lfsr_en = 1'b 1; + prng_en = 1'b 1; data_update = 1'b 1; if (rand_consumed_i) begin @@ -660,6 +587,8 @@ module kmac_entropy end end else if ((mode_q == EntropyModeEdn) && (entropy_refresh_req_i || threshold_hit_q)) begin + // Start reseeding the PRNG via EDN. + seed_en = 1'b 1; st_d = StRandEdn; // Timer reset @@ -673,8 +602,8 @@ module kmac_entropy end StRandEdn: begin - // Send request - entropy_req = 1'b 1; + // Forward request of PRNG primitive. + entropy_req = seed_req; // Wait timer timer_enable = 1'b 1; @@ -683,14 +612,14 @@ module kmac_entropy // If timer count is non-zero and expired; st_d = StRandErrWaitExpired; - end else if (entropy_ack_i) begin - lfsr_seed_en_red[seed_idx] = 1'b 1; + end else if (entropy_req_o && entropy_ack_i) begin + seed_ack = 1'b 1; - if (lfsr_seed_done) begin + if (seed_done) begin st_d = StRandGenerate; if ((fast_process_i && in_keyblock_i) || !fast_process_i) begin - lfsr_en = 1'b 1; + prng_en = 1'b 1; data_update = 1'b 1; rand_valid_clear = 1'b 1; end @@ -706,7 +635,7 @@ module kmac_entropy // operation while waiting for the EDN response. st_d = StRandEdn; - lfsr_en = 1'b 1; + prng_en = 1'b 1; data_update = 1'b 1; rand_valid_clear = rand_consumed_i; end else begin @@ -715,12 +644,13 @@ module kmac_entropy end StSwSeedWait: begin - lfsr_seed_en_red = seed_update_i; + // Forward ack driven by software. + seed_ack = seed_req & seed_update_i; - if (lfsr_seed_done) begin + if (seed_done) begin st_d = StRandGenerate; - lfsr_en = 1'b 1; + prng_en = 1'b 1; data_update = 1'b 1; rand_valid_clear = 1'b 1; @@ -745,7 +675,7 @@ module kmac_entropy // randomness for the non-linear layer requiring it. aux_update = 1'b 1; rand_valid_set = 1'b 1; - lfsr_en = lfsr_en_rand_q[0]; + prng_en = prng_en_rand_q[0]; st_d = StRandReady; end @@ -772,10 +702,10 @@ module kmac_entropy // Keep entropy signal valid to complete current hashing even with error rand_valid_set = 1'b 1; - // Advance the LFSR after the entropy has been used. - lfsr_en = (rand_update_i | rand_consumed_i) & + // Advance the PRNG after the entropy has been used. + prng_en = (rand_update_i | rand_consumed_i) & ((fast_process_i & in_keyblock_i) | ~fast_process_i); - data_update = lfsr_en; + data_update = prng_en; if (err_processed_i) begin st_d = StRandReset; @@ -826,38 +756,23 @@ module kmac_entropy // Assertions // //////////////// - `ASSERT_INIT(EntropyLfsrWDivisble, NumChunksEntropyLfsr == - EntropyLfsrW / ChunkSizeEntropyLfsr) - - // We reseed one chunk of the entropy generator at a time. Therefore the - // chunk size must match the data width of the software and EDN inputs. - `ASSERT_INIT(ChunkSizeEntropyLfsrMatchesSw, ChunkSizeEntropyLfsr == 32) - `ASSERT_INIT(ChunkSizeEntropyLfsrMatchesEdn, ChunkSizeEntropyLfsr == - edn_pkg::ENDPOINT_BUS_WIDTH) + // The EDN bus width needs to be equal to the width of the ENTROPY_SEED + // register as this module doesn't perform width adaption. + `ASSERT_INIT(EdnBusWidth_A, edn_pkg::ENDPOINT_BUS_WIDTH == 32) // the code below is not meant to be synthesized, // but it is intended to be used in simulation and FPV `ifndef SYNTHESIS // Check that the supplied permutations are valid. - logic [EntropyLfsrW-1:0] perm_test; + logic [EntropyOutputW-1:0] perm_test; initial begin : p_perm_check perm_test = '0; - for (int k = 0; k < EntropyLfsrW; k++) begin + for (int k = 0; k < EntropyOutputW; k++) begin perm_test[RndCnstLfsrPerm[k]] = 1'b1; end // All bit positions must be marked with 1. `ASSERT_I(PermutationCheck_A, &perm_test) end - - logic [ChunkSizeEntropyLfsr-1:0] perm_fwd_test; - initial begin : p_perm_fwd_check - perm_fwd_test = '0; - for (int k = 0; k < ChunkSizeEntropyLfsr; k++) begin - perm_fwd_test[RndCnstLfsrFwdPerm[k]] = 1'b1; - end - // All bit positions must be marked with 1. - `ASSERT_I(PermutationCheck_A, &perm_fwd_test) - end `endif endmodule : kmac_entropy diff --git a/hw/ip/kmac/rtl/kmac_pkg.sv b/hw/ip/kmac/rtl/kmac_pkg.sv index 5b2efc3d3af432..b852e6666b0ec5 100644 --- a/hw/ip/kmac/rtl/kmac_pkg.sv +++ b/hw/ip/kmac/rtl/kmac_pkg.sv @@ -116,21 +116,21 @@ package kmac_pkg; } entropy_mode_e; // PRNG (kmac_entropy) - parameter int unsigned EntropyLfsrW = 800; - parameter int unsigned ChunkSizeEntropyLfsr = 32; - parameter int unsigned NumChunksEntropyLfsr = EntropyLfsrW / ChunkSizeEntropyLfsr; + parameter int unsigned EntropyOutputW = 800; + parameter int unsigned EntropyStateW = 288; - // We use a single seed that is split down into chunks internally. // These LFSR parameters have been generated with - // $ ./util/design/gen-lfsr-seed.py --width 800 --seed 3369807298 --prefix "" - typedef logic [EntropyLfsrW-1:0] lfsr_seed_t; - typedef logic [EntropyLfsrW-1:0][$clog2(EntropyLfsrW)-1:0] lfsr_perm_t; + // $ ./util/design/gen-lfsr-seed.py --width 288 --seed 31468618 --prefix "" + typedef logic [EntropyStateW-1:0] lfsr_seed_t; parameter lfsr_seed_t RndCnstLfsrSeedDefault = { - 32'h34a19ca3, - 256'he514d8e17a5630c287247dff3d354c022f581ace4b6c5736b5efa4160261ab0f, - 256'h6cb2915197ab3588982bcffc9cf3b46a250cebf728c0e76f0e680420d7f428f2, - 256'h092c1e308f7c8f9d8bacc20cd18fd586d58879654aa4851de224033bfdcbc578 + 32'h758a4420, + 256'h31e1c461_6ea343ec_153282a3_0c132b57_23c5a4cf_4743b3c7_c32d580f_74f1713a }; + + // We use a single seed that is split down into chunks internally. + // These LFSR parameters have been generated with + // $ ./util/design/gen-lfsr-seed.py --width 800 --seed 3369807298 --prefix "" + typedef logic [EntropyOutputW-1:0][$clog2(EntropyOutputW)-1:0] lfsr_perm_t; parameter lfsr_perm_t RndCnstLfsrPermDefault = { 64'hb1a3e87aeb4e69f0, 256'h2d8a6ee2c9ac567b2aa401a639a2a8ea2553614c0a8daf672c06546fc0d35267, @@ -167,11 +167,13 @@ package kmac_pkg; }; // These LFSR parameters have been generated with - // $ ./util/design/gen-lfsr-seed.py --width 32 --seed 2336700764 --prefix "" - parameter int LfsrFwdWidth = 32; - typedef logic [LfsrFwdWidth-1:0][$clog2(LfsrFwdWidth)-1:0] lfsr_fwd_perm_t; - parameter lfsr_fwd_perm_t RndCnstLfsrFwdPermDefault = { - 160'h7f3ac6d173d78678d84908157fba482e76685704 + // $ ./util/design/gen-lfsr-seed.py --width 800 --seed 31468618 --prefix "Buffer" + typedef logic [EntropyOutputW-1:0] buffer_lfsr_seed_t; + parameter buffer_lfsr_seed_t RndCnstBufferLfsrSeedDefault = { + 32'h292603b4, + 256'hf1d83863_e0bd0634_4544ad28_a91d8668_24b66efd_92ad8123_5381f2bc_3d65392c, + 256'h83c01ea5_d8be84f1_e2588917_11849a07_5a71f35f_e9b31605_f9077a6b_758a4420, + 256'h31e1c461_6ea343ec_153282a3_0c132b57_23c5a4cf_4743b3c7_c32d580f_74f1713a }; // Message permutation diff --git a/hw/ip/kmac/rtl/kmac_reduced.sv b/hw/ip/kmac/rtl/kmac_reduced.sv index 08371792efe142..f47ba11cbb7abc 100644 --- a/hw/ip/kmac/rtl/kmac_reduced.sv +++ b/hw/ip/kmac/rtl/kmac_reduced.sv @@ -23,8 +23,8 @@ module kmac_reduced parameter lfsr_perm_t RndCnstLfsrPerm = RndCnstLfsrPermDefault, parameter lfsr_seed_t RndCnstLfsrSeed = RndCnstLfsrSeedDefault, - parameter lfsr_fwd_perm_t RndCnstLfsrFwdPerm = RndCnstLfsrFwdPermDefault, - parameter msg_perm_t RndCnstMsgPerm = RndCnstMsgPermDefault + parameter buffer_lfsr_seed_t RndCnstBufferLfsrSeed = RndCnstBufferLfsrSeedDefault, + parameter msg_perm_t RndCnstMsgPerm = RndCnstMsgPermDefault ) ( input logic clk_i, input logic rst_ni, @@ -70,10 +70,10 @@ module kmac_reduced input logic entropy_in_keyblock_i, // drive to 1 // Entropy reseed control - input logic [NumSeedsEntropyLfsr-1:0] entropy_seed_update_i, // drive to 0 - input logic [NumSeedsEntropyLfsr-1:0][31:0] entropy_seed_data_i, // drive to 0 - input logic [TimerPrescalerW-1:0] wait_timer_prescaler_i, // drive to 0 - input logic [EdnWaitTimerW-1:0] wait_timer_limit_i, // drive to EdnWaitTimerW'1 + input logic entropy_seed_update_i, // drive to 0 + input logic [31:0] entropy_seed_data_i, // drive to 0 + input logic [TimerPrescalerW-1:0] wait_timer_prescaler_i, // drive to 0 + input logic [EdnWaitTimerW-1:0] wait_timer_limit_i, // drive to EdnWaitTimerW'1 // Signals primarily kept to prevent them from being optimized away during synthesis. // State output @@ -245,9 +245,9 @@ module kmac_reduced // PRNG // ////////// kmac_entropy #( - .RndCnstLfsrPerm(RndCnstLfsrPerm), - .RndCnstLfsrSeed(RndCnstLfsrSeed), - .RndCnstLfsrFwdPerm(RndCnstLfsrFwdPerm) + .RndCnstLfsrPerm(RndCnstLfsrPerm), + .RndCnstLfsrSeed(RndCnstLfsrSeed), + .RndCnstBufferLfsrSeed(RndCnstBufferLfsrSeed) ) u_entropy ( .clk_i, .rst_ni, diff --git a/hw/ip/kmac/rtl/kmac_reg_pkg.sv b/hw/ip/kmac/rtl/kmac_reg_pkg.sv index 735bb2915cc525..314f5b2d8aadad 100644 --- a/hw/ip/kmac/rtl/kmac_reg_pkg.sv +++ b/hw/ip/kmac/rtl/kmac_reg_pkg.sv @@ -12,7 +12,7 @@ package kmac_reg_pkg; parameter int NumEntriesMsgFifo = 10; parameter int NumBytesMsgFifoEntry = 8; parameter int unsigned HashCntW = 10; - parameter int NumSeedsEntropyLfsr = 5; + parameter int NumSeedsEntropy = 9; parameter int NumAlerts = 2; // Address widths within the block @@ -154,7 +154,7 @@ package kmac_reg_pkg; typedef struct packed { logic [31:0] q; logic qe; - } kmac_reg2hw_entropy_seed_mreg_t; + } kmac_reg2hw_entropy_seed_reg_t; typedef struct packed { logic [31:0] q; @@ -232,16 +232,16 @@ package kmac_reg_pkg; // Register -> HW type typedef struct packed { - kmac_reg2hw_intr_state_reg_t intr_state; // [1666:1664] - kmac_reg2hw_intr_enable_reg_t intr_enable; // [1663:1661] - kmac_reg2hw_intr_test_reg_t intr_test; // [1660:1655] - kmac_reg2hw_alert_test_reg_t alert_test; // [1654:1651] - kmac_reg2hw_cfg_shadowed_reg_t cfg_shadowed; // [1650:1623] - kmac_reg2hw_cmd_reg_t cmd; // [1622:1612] - kmac_reg2hw_entropy_period_reg_t entropy_period; // [1611:1586] + kmac_reg2hw_intr_state_reg_t intr_state; // [1534:1532] + kmac_reg2hw_intr_enable_reg_t intr_enable; // [1531:1529] + kmac_reg2hw_intr_test_reg_t intr_test; // [1528:1523] + kmac_reg2hw_alert_test_reg_t alert_test; // [1522:1519] + kmac_reg2hw_cfg_shadowed_reg_t cfg_shadowed; // [1518:1491] + kmac_reg2hw_cmd_reg_t cmd; // [1490:1480] + kmac_reg2hw_entropy_period_reg_t entropy_period; // [1479:1454] kmac_reg2hw_entropy_refresh_threshold_shadowed_reg_t - entropy_refresh_threshold_shadowed; // [1585:1576] - kmac_reg2hw_entropy_seed_mreg_t [4:0] entropy_seed; // [1575:1411] + entropy_refresh_threshold_shadowed; // [1453:1444] + kmac_reg2hw_entropy_seed_reg_t entropy_seed; // [1443:1411] kmac_reg2hw_key_share0_mreg_t [15:0] key_share0; // [1410:883] kmac_reg2hw_key_share1_mreg_t [15:0] key_share1; // [882:355] kmac_reg2hw_key_len_reg_t key_len; // [354:352] @@ -269,56 +269,52 @@ package kmac_reg_pkg; parameter logic [BlockAw-1:0] KMAC_ENTROPY_PERIOD_OFFSET = 12'h 20; parameter logic [BlockAw-1:0] KMAC_ENTROPY_REFRESH_HASH_CNT_OFFSET = 12'h 24; parameter logic [BlockAw-1:0] KMAC_ENTROPY_REFRESH_THRESHOLD_SHADOWED_OFFSET = 12'h 28; - parameter logic [BlockAw-1:0] KMAC_ENTROPY_SEED_0_OFFSET = 12'h 2c; - parameter logic [BlockAw-1:0] KMAC_ENTROPY_SEED_1_OFFSET = 12'h 30; - parameter logic [BlockAw-1:0] KMAC_ENTROPY_SEED_2_OFFSET = 12'h 34; - parameter logic [BlockAw-1:0] KMAC_ENTROPY_SEED_3_OFFSET = 12'h 38; - parameter logic [BlockAw-1:0] KMAC_ENTROPY_SEED_4_OFFSET = 12'h 3c; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_0_OFFSET = 12'h 40; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_1_OFFSET = 12'h 44; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_2_OFFSET = 12'h 48; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_3_OFFSET = 12'h 4c; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_4_OFFSET = 12'h 50; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_5_OFFSET = 12'h 54; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_6_OFFSET = 12'h 58; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_7_OFFSET = 12'h 5c; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_8_OFFSET = 12'h 60; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_9_OFFSET = 12'h 64; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_10_OFFSET = 12'h 68; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_11_OFFSET = 12'h 6c; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_12_OFFSET = 12'h 70; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_13_OFFSET = 12'h 74; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_14_OFFSET = 12'h 78; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_15_OFFSET = 12'h 7c; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_0_OFFSET = 12'h 80; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_1_OFFSET = 12'h 84; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_2_OFFSET = 12'h 88; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_3_OFFSET = 12'h 8c; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_4_OFFSET = 12'h 90; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_5_OFFSET = 12'h 94; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_6_OFFSET = 12'h 98; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_7_OFFSET = 12'h 9c; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_8_OFFSET = 12'h a0; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_9_OFFSET = 12'h a4; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_10_OFFSET = 12'h a8; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_11_OFFSET = 12'h ac; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_12_OFFSET = 12'h b0; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_13_OFFSET = 12'h b4; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_14_OFFSET = 12'h b8; - parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_15_OFFSET = 12'h bc; - parameter logic [BlockAw-1:0] KMAC_KEY_LEN_OFFSET = 12'h c0; - parameter logic [BlockAw-1:0] KMAC_PREFIX_0_OFFSET = 12'h c4; - parameter logic [BlockAw-1:0] KMAC_PREFIX_1_OFFSET = 12'h c8; - parameter logic [BlockAw-1:0] KMAC_PREFIX_2_OFFSET = 12'h cc; - parameter logic [BlockAw-1:0] KMAC_PREFIX_3_OFFSET = 12'h d0; - parameter logic [BlockAw-1:0] KMAC_PREFIX_4_OFFSET = 12'h d4; - parameter logic [BlockAw-1:0] KMAC_PREFIX_5_OFFSET = 12'h d8; - parameter logic [BlockAw-1:0] KMAC_PREFIX_6_OFFSET = 12'h dc; - parameter logic [BlockAw-1:0] KMAC_PREFIX_7_OFFSET = 12'h e0; - parameter logic [BlockAw-1:0] KMAC_PREFIX_8_OFFSET = 12'h e4; - parameter logic [BlockAw-1:0] KMAC_PREFIX_9_OFFSET = 12'h e8; - parameter logic [BlockAw-1:0] KMAC_PREFIX_10_OFFSET = 12'h ec; - parameter logic [BlockAw-1:0] KMAC_ERR_CODE_OFFSET = 12'h f0; + parameter logic [BlockAw-1:0] KMAC_ENTROPY_SEED_OFFSET = 12'h 2c; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_0_OFFSET = 12'h 30; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_1_OFFSET = 12'h 34; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_2_OFFSET = 12'h 38; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_3_OFFSET = 12'h 3c; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_4_OFFSET = 12'h 40; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_5_OFFSET = 12'h 44; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_6_OFFSET = 12'h 48; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_7_OFFSET = 12'h 4c; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_8_OFFSET = 12'h 50; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_9_OFFSET = 12'h 54; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_10_OFFSET = 12'h 58; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_11_OFFSET = 12'h 5c; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_12_OFFSET = 12'h 60; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_13_OFFSET = 12'h 64; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_14_OFFSET = 12'h 68; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE0_15_OFFSET = 12'h 6c; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_0_OFFSET = 12'h 70; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_1_OFFSET = 12'h 74; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_2_OFFSET = 12'h 78; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_3_OFFSET = 12'h 7c; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_4_OFFSET = 12'h 80; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_5_OFFSET = 12'h 84; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_6_OFFSET = 12'h 88; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_7_OFFSET = 12'h 8c; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_8_OFFSET = 12'h 90; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_9_OFFSET = 12'h 94; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_10_OFFSET = 12'h 98; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_11_OFFSET = 12'h 9c; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_12_OFFSET = 12'h a0; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_13_OFFSET = 12'h a4; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_14_OFFSET = 12'h a8; + parameter logic [BlockAw-1:0] KMAC_KEY_SHARE1_15_OFFSET = 12'h ac; + parameter logic [BlockAw-1:0] KMAC_KEY_LEN_OFFSET = 12'h b0; + parameter logic [BlockAw-1:0] KMAC_PREFIX_0_OFFSET = 12'h b4; + parameter logic [BlockAw-1:0] KMAC_PREFIX_1_OFFSET = 12'h b8; + parameter logic [BlockAw-1:0] KMAC_PREFIX_2_OFFSET = 12'h bc; + parameter logic [BlockAw-1:0] KMAC_PREFIX_3_OFFSET = 12'h c0; + parameter logic [BlockAw-1:0] KMAC_PREFIX_4_OFFSET = 12'h c4; + parameter logic [BlockAw-1:0] KMAC_PREFIX_5_OFFSET = 12'h c8; + parameter logic [BlockAw-1:0] KMAC_PREFIX_6_OFFSET = 12'h cc; + parameter logic [BlockAw-1:0] KMAC_PREFIX_7_OFFSET = 12'h d0; + parameter logic [BlockAw-1:0] KMAC_PREFIX_8_OFFSET = 12'h d4; + parameter logic [BlockAw-1:0] KMAC_PREFIX_9_OFFSET = 12'h d8; + parameter logic [BlockAw-1:0] KMAC_PREFIX_10_OFFSET = 12'h dc; + parameter logic [BlockAw-1:0] KMAC_ERR_CODE_OFFSET = 12'h e0; // Reset values for hwext registers and their fields parameter logic [2:0] KMAC_INTR_TEST_RESVAL = 3'h 0; @@ -336,11 +332,7 @@ package kmac_reg_pkg; parameter logic [0:0] KMAC_STATUS_FIFO_EMPTY_RESVAL = 1'h 1; parameter logic [0:0] KMAC_STATUS_ALERT_FATAL_FAULT_RESVAL = 1'h 0; parameter logic [0:0] KMAC_STATUS_ALERT_RECOV_CTRL_UPDATE_ERR_RESVAL = 1'h 0; - parameter logic [31:0] KMAC_ENTROPY_SEED_0_RESVAL = 32'h 0; - parameter logic [31:0] KMAC_ENTROPY_SEED_1_RESVAL = 32'h 0; - parameter logic [31:0] KMAC_ENTROPY_SEED_2_RESVAL = 32'h 0; - parameter logic [31:0] KMAC_ENTROPY_SEED_3_RESVAL = 32'h 0; - parameter logic [31:0] KMAC_ENTROPY_SEED_4_RESVAL = 32'h 0; + parameter logic [31:0] KMAC_ENTROPY_SEED_RESVAL = 32'h 0; parameter logic [31:0] KMAC_KEY_SHARE0_0_RESVAL = 32'h 0; parameter logic [31:0] KMAC_KEY_SHARE0_1_RESVAL = 32'h 0; parameter logic [31:0] KMAC_KEY_SHARE0_2_RESVAL = 32'h 0; @@ -395,11 +387,7 @@ package kmac_reg_pkg; KMAC_ENTROPY_PERIOD, KMAC_ENTROPY_REFRESH_HASH_CNT, KMAC_ENTROPY_REFRESH_THRESHOLD_SHADOWED, - KMAC_ENTROPY_SEED_0, - KMAC_ENTROPY_SEED_1, - KMAC_ENTROPY_SEED_2, - KMAC_ENTROPY_SEED_3, - KMAC_ENTROPY_SEED_4, + KMAC_ENTROPY_SEED, KMAC_KEY_SHARE0_0, KMAC_KEY_SHARE0_1, KMAC_KEY_SHARE0_2, @@ -448,7 +436,7 @@ package kmac_reg_pkg; } kmac_id_e; // Register width information to check illegal writes - parameter logic [3:0] KMAC_PERMIT [61] = '{ + parameter logic [3:0] KMAC_PERMIT [57] = '{ 4'b 0001, // index[ 0] KMAC_INTR_STATE 4'b 0001, // index[ 1] KMAC_INTR_ENABLE 4'b 0001, // index[ 2] KMAC_INTR_TEST @@ -460,56 +448,52 @@ package kmac_reg_pkg; 4'b 1111, // index[ 8] KMAC_ENTROPY_PERIOD 4'b 0011, // index[ 9] KMAC_ENTROPY_REFRESH_HASH_CNT 4'b 0011, // index[10] KMAC_ENTROPY_REFRESH_THRESHOLD_SHADOWED - 4'b 1111, // index[11] KMAC_ENTROPY_SEED_0 - 4'b 1111, // index[12] KMAC_ENTROPY_SEED_1 - 4'b 1111, // index[13] KMAC_ENTROPY_SEED_2 - 4'b 1111, // index[14] KMAC_ENTROPY_SEED_3 - 4'b 1111, // index[15] KMAC_ENTROPY_SEED_4 - 4'b 1111, // index[16] KMAC_KEY_SHARE0_0 - 4'b 1111, // index[17] KMAC_KEY_SHARE0_1 - 4'b 1111, // index[18] KMAC_KEY_SHARE0_2 - 4'b 1111, // index[19] KMAC_KEY_SHARE0_3 - 4'b 1111, // index[20] KMAC_KEY_SHARE0_4 - 4'b 1111, // index[21] KMAC_KEY_SHARE0_5 - 4'b 1111, // index[22] KMAC_KEY_SHARE0_6 - 4'b 1111, // index[23] KMAC_KEY_SHARE0_7 - 4'b 1111, // index[24] KMAC_KEY_SHARE0_8 - 4'b 1111, // index[25] KMAC_KEY_SHARE0_9 - 4'b 1111, // index[26] KMAC_KEY_SHARE0_10 - 4'b 1111, // index[27] KMAC_KEY_SHARE0_11 - 4'b 1111, // index[28] KMAC_KEY_SHARE0_12 - 4'b 1111, // index[29] KMAC_KEY_SHARE0_13 - 4'b 1111, // index[30] KMAC_KEY_SHARE0_14 - 4'b 1111, // index[31] KMAC_KEY_SHARE0_15 - 4'b 1111, // index[32] KMAC_KEY_SHARE1_0 - 4'b 1111, // index[33] KMAC_KEY_SHARE1_1 - 4'b 1111, // index[34] KMAC_KEY_SHARE1_2 - 4'b 1111, // index[35] KMAC_KEY_SHARE1_3 - 4'b 1111, // index[36] KMAC_KEY_SHARE1_4 - 4'b 1111, // index[37] KMAC_KEY_SHARE1_5 - 4'b 1111, // index[38] KMAC_KEY_SHARE1_6 - 4'b 1111, // index[39] KMAC_KEY_SHARE1_7 - 4'b 1111, // index[40] KMAC_KEY_SHARE1_8 - 4'b 1111, // index[41] KMAC_KEY_SHARE1_9 - 4'b 1111, // index[42] KMAC_KEY_SHARE1_10 - 4'b 1111, // index[43] KMAC_KEY_SHARE1_11 - 4'b 1111, // index[44] KMAC_KEY_SHARE1_12 - 4'b 1111, // index[45] KMAC_KEY_SHARE1_13 - 4'b 1111, // index[46] KMAC_KEY_SHARE1_14 - 4'b 1111, // index[47] KMAC_KEY_SHARE1_15 - 4'b 0001, // index[48] KMAC_KEY_LEN - 4'b 1111, // index[49] KMAC_PREFIX_0 - 4'b 1111, // index[50] KMAC_PREFIX_1 - 4'b 1111, // index[51] KMAC_PREFIX_2 - 4'b 1111, // index[52] KMAC_PREFIX_3 - 4'b 1111, // index[53] KMAC_PREFIX_4 - 4'b 1111, // index[54] KMAC_PREFIX_5 - 4'b 1111, // index[55] KMAC_PREFIX_6 - 4'b 1111, // index[56] KMAC_PREFIX_7 - 4'b 1111, // index[57] KMAC_PREFIX_8 - 4'b 1111, // index[58] KMAC_PREFIX_9 - 4'b 1111, // index[59] KMAC_PREFIX_10 - 4'b 1111 // index[60] KMAC_ERR_CODE + 4'b 1111, // index[11] KMAC_ENTROPY_SEED + 4'b 1111, // index[12] KMAC_KEY_SHARE0_0 + 4'b 1111, // index[13] KMAC_KEY_SHARE0_1 + 4'b 1111, // index[14] KMAC_KEY_SHARE0_2 + 4'b 1111, // index[15] KMAC_KEY_SHARE0_3 + 4'b 1111, // index[16] KMAC_KEY_SHARE0_4 + 4'b 1111, // index[17] KMAC_KEY_SHARE0_5 + 4'b 1111, // index[18] KMAC_KEY_SHARE0_6 + 4'b 1111, // index[19] KMAC_KEY_SHARE0_7 + 4'b 1111, // index[20] KMAC_KEY_SHARE0_8 + 4'b 1111, // index[21] KMAC_KEY_SHARE0_9 + 4'b 1111, // index[22] KMAC_KEY_SHARE0_10 + 4'b 1111, // index[23] KMAC_KEY_SHARE0_11 + 4'b 1111, // index[24] KMAC_KEY_SHARE0_12 + 4'b 1111, // index[25] KMAC_KEY_SHARE0_13 + 4'b 1111, // index[26] KMAC_KEY_SHARE0_14 + 4'b 1111, // index[27] KMAC_KEY_SHARE0_15 + 4'b 1111, // index[28] KMAC_KEY_SHARE1_0 + 4'b 1111, // index[29] KMAC_KEY_SHARE1_1 + 4'b 1111, // index[30] KMAC_KEY_SHARE1_2 + 4'b 1111, // index[31] KMAC_KEY_SHARE1_3 + 4'b 1111, // index[32] KMAC_KEY_SHARE1_4 + 4'b 1111, // index[33] KMAC_KEY_SHARE1_5 + 4'b 1111, // index[34] KMAC_KEY_SHARE1_6 + 4'b 1111, // index[35] KMAC_KEY_SHARE1_7 + 4'b 1111, // index[36] KMAC_KEY_SHARE1_8 + 4'b 1111, // index[37] KMAC_KEY_SHARE1_9 + 4'b 1111, // index[38] KMAC_KEY_SHARE1_10 + 4'b 1111, // index[39] KMAC_KEY_SHARE1_11 + 4'b 1111, // index[40] KMAC_KEY_SHARE1_12 + 4'b 1111, // index[41] KMAC_KEY_SHARE1_13 + 4'b 1111, // index[42] KMAC_KEY_SHARE1_14 + 4'b 1111, // index[43] KMAC_KEY_SHARE1_15 + 4'b 0001, // index[44] KMAC_KEY_LEN + 4'b 1111, // index[45] KMAC_PREFIX_0 + 4'b 1111, // index[46] KMAC_PREFIX_1 + 4'b 1111, // index[47] KMAC_PREFIX_2 + 4'b 1111, // index[48] KMAC_PREFIX_3 + 4'b 1111, // index[49] KMAC_PREFIX_4 + 4'b 1111, // index[50] KMAC_PREFIX_5 + 4'b 1111, // index[51] KMAC_PREFIX_6 + 4'b 1111, // index[52] KMAC_PREFIX_7 + 4'b 1111, // index[53] KMAC_PREFIX_8 + 4'b 1111, // index[54] KMAC_PREFIX_9 + 4'b 1111, // index[55] KMAC_PREFIX_10 + 4'b 1111 // index[56] KMAC_ERR_CODE }; endpackage diff --git a/hw/ip/kmac/rtl/kmac_reg_top.sv b/hw/ip/kmac/rtl/kmac_reg_top.sv index 404f9d6d8bad2b..ff5c9b1546f068 100644 --- a/hw/ip/kmac/rtl/kmac_reg_top.sv +++ b/hw/ip/kmac/rtl/kmac_reg_top.sv @@ -61,9 +61,9 @@ module kmac_reg_top ( // also check for spurious write enables logic reg_we_err; - logic [60:0] reg_we_check; + logic [56:0] reg_we_check; prim_reg_we_check #( - .OneHotWidth(61) + .OneHotWidth(57) ) u_prim_reg_we_check ( .clk_i(clk_i), .rst_ni(rst_ni), @@ -275,16 +275,8 @@ module kmac_reg_top ( logic [9:0] entropy_refresh_threshold_shadowed_wd; logic entropy_refresh_threshold_shadowed_storage_err; logic entropy_refresh_threshold_shadowed_update_err; - logic entropy_seed_0_we; - logic [31:0] entropy_seed_0_wd; - logic entropy_seed_1_we; - logic [31:0] entropy_seed_1_wd; - logic entropy_seed_2_we; - logic [31:0] entropy_seed_2_wd; - logic entropy_seed_3_we; - logic [31:0] entropy_seed_3_wd; - logic entropy_seed_4_we; - logic [31:0] entropy_seed_4_wd; + logic entropy_seed_we; + logic [31:0] entropy_seed_wd; logic key_share0_0_we; logic [31:0] key_share0_0_wd; logic key_share0_1_we; @@ -1422,109 +1414,24 @@ module kmac_reg_top ( ); - // Subregister 0 of Multireg entropy_seed - // R[entropy_seed_0]: V(True) - logic entropy_seed_0_qe; - logic [0:0] entropy_seed_0_flds_we; - assign entropy_seed_0_qe = &entropy_seed_0_flds_we; + // R[entropy_seed]: V(True) + logic entropy_seed_qe; + logic [0:0] entropy_seed_flds_we; + assign entropy_seed_qe = &entropy_seed_flds_we; prim_subreg_ext #( .DW (32) - ) u_entropy_seed_0 ( + ) u_entropy_seed ( .re (1'b0), - .we (entropy_seed_0_we), - .wd (entropy_seed_0_wd), + .we (entropy_seed_we), + .wd (entropy_seed_wd), .d ('0), .qre (), - .qe (entropy_seed_0_flds_we[0]), - .q (reg2hw.entropy_seed[0].q), + .qe (entropy_seed_flds_we[0]), + .q (reg2hw.entropy_seed.q), .ds (), .qs () ); - assign reg2hw.entropy_seed[0].qe = entropy_seed_0_qe; - - - // Subregister 1 of Multireg entropy_seed - // R[entropy_seed_1]: V(True) - logic entropy_seed_1_qe; - logic [0:0] entropy_seed_1_flds_we; - assign entropy_seed_1_qe = &entropy_seed_1_flds_we; - prim_subreg_ext #( - .DW (32) - ) u_entropy_seed_1 ( - .re (1'b0), - .we (entropy_seed_1_we), - .wd (entropy_seed_1_wd), - .d ('0), - .qre (), - .qe (entropy_seed_1_flds_we[0]), - .q (reg2hw.entropy_seed[1].q), - .ds (), - .qs () - ); - assign reg2hw.entropy_seed[1].qe = entropy_seed_1_qe; - - - // Subregister 2 of Multireg entropy_seed - // R[entropy_seed_2]: V(True) - logic entropy_seed_2_qe; - logic [0:0] entropy_seed_2_flds_we; - assign entropy_seed_2_qe = &entropy_seed_2_flds_we; - prim_subreg_ext #( - .DW (32) - ) u_entropy_seed_2 ( - .re (1'b0), - .we (entropy_seed_2_we), - .wd (entropy_seed_2_wd), - .d ('0), - .qre (), - .qe (entropy_seed_2_flds_we[0]), - .q (reg2hw.entropy_seed[2].q), - .ds (), - .qs () - ); - assign reg2hw.entropy_seed[2].qe = entropy_seed_2_qe; - - - // Subregister 3 of Multireg entropy_seed - // R[entropy_seed_3]: V(True) - logic entropy_seed_3_qe; - logic [0:0] entropy_seed_3_flds_we; - assign entropy_seed_3_qe = &entropy_seed_3_flds_we; - prim_subreg_ext #( - .DW (32) - ) u_entropy_seed_3 ( - .re (1'b0), - .we (entropy_seed_3_we), - .wd (entropy_seed_3_wd), - .d ('0), - .qre (), - .qe (entropy_seed_3_flds_we[0]), - .q (reg2hw.entropy_seed[3].q), - .ds (), - .qs () - ); - assign reg2hw.entropy_seed[3].qe = entropy_seed_3_qe; - - - // Subregister 4 of Multireg entropy_seed - // R[entropy_seed_4]: V(True) - logic entropy_seed_4_qe; - logic [0:0] entropy_seed_4_flds_we; - assign entropy_seed_4_qe = &entropy_seed_4_flds_we; - prim_subreg_ext #( - .DW (32) - ) u_entropy_seed_4 ( - .re (1'b0), - .we (entropy_seed_4_we), - .wd (entropy_seed_4_wd), - .d ('0), - .qre (), - .qe (entropy_seed_4_flds_we[0]), - .q (reg2hw.entropy_seed[4].q), - .ds (), - .qs () - ); - assign reg2hw.entropy_seed[4].qe = entropy_seed_4_qe; + assign reg2hw.entropy_seed.qe = entropy_seed_qe; // Subregister 0 of Multireg key_share0 @@ -2707,7 +2614,7 @@ module kmac_reg_top ( - logic [60:0] addr_hit; + logic [56:0] addr_hit; always_comb begin addr_hit = '0; addr_hit[ 0] = (reg_addr == KMAC_INTR_STATE_OFFSET); @@ -2721,56 +2628,52 @@ module kmac_reg_top ( addr_hit[ 8] = (reg_addr == KMAC_ENTROPY_PERIOD_OFFSET); addr_hit[ 9] = (reg_addr == KMAC_ENTROPY_REFRESH_HASH_CNT_OFFSET); addr_hit[10] = (reg_addr == KMAC_ENTROPY_REFRESH_THRESHOLD_SHADOWED_OFFSET); - addr_hit[11] = (reg_addr == KMAC_ENTROPY_SEED_0_OFFSET); - addr_hit[12] = (reg_addr == KMAC_ENTROPY_SEED_1_OFFSET); - addr_hit[13] = (reg_addr == KMAC_ENTROPY_SEED_2_OFFSET); - addr_hit[14] = (reg_addr == KMAC_ENTROPY_SEED_3_OFFSET); - addr_hit[15] = (reg_addr == KMAC_ENTROPY_SEED_4_OFFSET); - addr_hit[16] = (reg_addr == KMAC_KEY_SHARE0_0_OFFSET); - addr_hit[17] = (reg_addr == KMAC_KEY_SHARE0_1_OFFSET); - addr_hit[18] = (reg_addr == KMAC_KEY_SHARE0_2_OFFSET); - addr_hit[19] = (reg_addr == KMAC_KEY_SHARE0_3_OFFSET); - addr_hit[20] = (reg_addr == KMAC_KEY_SHARE0_4_OFFSET); - addr_hit[21] = (reg_addr == KMAC_KEY_SHARE0_5_OFFSET); - addr_hit[22] = (reg_addr == KMAC_KEY_SHARE0_6_OFFSET); - addr_hit[23] = (reg_addr == KMAC_KEY_SHARE0_7_OFFSET); - addr_hit[24] = (reg_addr == KMAC_KEY_SHARE0_8_OFFSET); - addr_hit[25] = (reg_addr == KMAC_KEY_SHARE0_9_OFFSET); - addr_hit[26] = (reg_addr == KMAC_KEY_SHARE0_10_OFFSET); - addr_hit[27] = (reg_addr == KMAC_KEY_SHARE0_11_OFFSET); - addr_hit[28] = (reg_addr == KMAC_KEY_SHARE0_12_OFFSET); - addr_hit[29] = (reg_addr == KMAC_KEY_SHARE0_13_OFFSET); - addr_hit[30] = (reg_addr == KMAC_KEY_SHARE0_14_OFFSET); - addr_hit[31] = (reg_addr == KMAC_KEY_SHARE0_15_OFFSET); - addr_hit[32] = (reg_addr == KMAC_KEY_SHARE1_0_OFFSET); - addr_hit[33] = (reg_addr == KMAC_KEY_SHARE1_1_OFFSET); - addr_hit[34] = (reg_addr == KMAC_KEY_SHARE1_2_OFFSET); - addr_hit[35] = (reg_addr == KMAC_KEY_SHARE1_3_OFFSET); - addr_hit[36] = (reg_addr == KMAC_KEY_SHARE1_4_OFFSET); - addr_hit[37] = (reg_addr == KMAC_KEY_SHARE1_5_OFFSET); - addr_hit[38] = (reg_addr == KMAC_KEY_SHARE1_6_OFFSET); - addr_hit[39] = (reg_addr == KMAC_KEY_SHARE1_7_OFFSET); - addr_hit[40] = (reg_addr == KMAC_KEY_SHARE1_8_OFFSET); - addr_hit[41] = (reg_addr == KMAC_KEY_SHARE1_9_OFFSET); - addr_hit[42] = (reg_addr == KMAC_KEY_SHARE1_10_OFFSET); - addr_hit[43] = (reg_addr == KMAC_KEY_SHARE1_11_OFFSET); - addr_hit[44] = (reg_addr == KMAC_KEY_SHARE1_12_OFFSET); - addr_hit[45] = (reg_addr == KMAC_KEY_SHARE1_13_OFFSET); - addr_hit[46] = (reg_addr == KMAC_KEY_SHARE1_14_OFFSET); - addr_hit[47] = (reg_addr == KMAC_KEY_SHARE1_15_OFFSET); - addr_hit[48] = (reg_addr == KMAC_KEY_LEN_OFFSET); - addr_hit[49] = (reg_addr == KMAC_PREFIX_0_OFFSET); - addr_hit[50] = (reg_addr == KMAC_PREFIX_1_OFFSET); - addr_hit[51] = (reg_addr == KMAC_PREFIX_2_OFFSET); - addr_hit[52] = (reg_addr == KMAC_PREFIX_3_OFFSET); - addr_hit[53] = (reg_addr == KMAC_PREFIX_4_OFFSET); - addr_hit[54] = (reg_addr == KMAC_PREFIX_5_OFFSET); - addr_hit[55] = (reg_addr == KMAC_PREFIX_6_OFFSET); - addr_hit[56] = (reg_addr == KMAC_PREFIX_7_OFFSET); - addr_hit[57] = (reg_addr == KMAC_PREFIX_8_OFFSET); - addr_hit[58] = (reg_addr == KMAC_PREFIX_9_OFFSET); - addr_hit[59] = (reg_addr == KMAC_PREFIX_10_OFFSET); - addr_hit[60] = (reg_addr == KMAC_ERR_CODE_OFFSET); + addr_hit[11] = (reg_addr == KMAC_ENTROPY_SEED_OFFSET); + addr_hit[12] = (reg_addr == KMAC_KEY_SHARE0_0_OFFSET); + addr_hit[13] = (reg_addr == KMAC_KEY_SHARE0_1_OFFSET); + addr_hit[14] = (reg_addr == KMAC_KEY_SHARE0_2_OFFSET); + addr_hit[15] = (reg_addr == KMAC_KEY_SHARE0_3_OFFSET); + addr_hit[16] = (reg_addr == KMAC_KEY_SHARE0_4_OFFSET); + addr_hit[17] = (reg_addr == KMAC_KEY_SHARE0_5_OFFSET); + addr_hit[18] = (reg_addr == KMAC_KEY_SHARE0_6_OFFSET); + addr_hit[19] = (reg_addr == KMAC_KEY_SHARE0_7_OFFSET); + addr_hit[20] = (reg_addr == KMAC_KEY_SHARE0_8_OFFSET); + addr_hit[21] = (reg_addr == KMAC_KEY_SHARE0_9_OFFSET); + addr_hit[22] = (reg_addr == KMAC_KEY_SHARE0_10_OFFSET); + addr_hit[23] = (reg_addr == KMAC_KEY_SHARE0_11_OFFSET); + addr_hit[24] = (reg_addr == KMAC_KEY_SHARE0_12_OFFSET); + addr_hit[25] = (reg_addr == KMAC_KEY_SHARE0_13_OFFSET); + addr_hit[26] = (reg_addr == KMAC_KEY_SHARE0_14_OFFSET); + addr_hit[27] = (reg_addr == KMAC_KEY_SHARE0_15_OFFSET); + addr_hit[28] = (reg_addr == KMAC_KEY_SHARE1_0_OFFSET); + addr_hit[29] = (reg_addr == KMAC_KEY_SHARE1_1_OFFSET); + addr_hit[30] = (reg_addr == KMAC_KEY_SHARE1_2_OFFSET); + addr_hit[31] = (reg_addr == KMAC_KEY_SHARE1_3_OFFSET); + addr_hit[32] = (reg_addr == KMAC_KEY_SHARE1_4_OFFSET); + addr_hit[33] = (reg_addr == KMAC_KEY_SHARE1_5_OFFSET); + addr_hit[34] = (reg_addr == KMAC_KEY_SHARE1_6_OFFSET); + addr_hit[35] = (reg_addr == KMAC_KEY_SHARE1_7_OFFSET); + addr_hit[36] = (reg_addr == KMAC_KEY_SHARE1_8_OFFSET); + addr_hit[37] = (reg_addr == KMAC_KEY_SHARE1_9_OFFSET); + addr_hit[38] = (reg_addr == KMAC_KEY_SHARE1_10_OFFSET); + addr_hit[39] = (reg_addr == KMAC_KEY_SHARE1_11_OFFSET); + addr_hit[40] = (reg_addr == KMAC_KEY_SHARE1_12_OFFSET); + addr_hit[41] = (reg_addr == KMAC_KEY_SHARE1_13_OFFSET); + addr_hit[42] = (reg_addr == KMAC_KEY_SHARE1_14_OFFSET); + addr_hit[43] = (reg_addr == KMAC_KEY_SHARE1_15_OFFSET); + addr_hit[44] = (reg_addr == KMAC_KEY_LEN_OFFSET); + addr_hit[45] = (reg_addr == KMAC_PREFIX_0_OFFSET); + addr_hit[46] = (reg_addr == KMAC_PREFIX_1_OFFSET); + addr_hit[47] = (reg_addr == KMAC_PREFIX_2_OFFSET); + addr_hit[48] = (reg_addr == KMAC_PREFIX_3_OFFSET); + addr_hit[49] = (reg_addr == KMAC_PREFIX_4_OFFSET); + addr_hit[50] = (reg_addr == KMAC_PREFIX_5_OFFSET); + addr_hit[51] = (reg_addr == KMAC_PREFIX_6_OFFSET); + addr_hit[52] = (reg_addr == KMAC_PREFIX_7_OFFSET); + addr_hit[53] = (reg_addr == KMAC_PREFIX_8_OFFSET); + addr_hit[54] = (reg_addr == KMAC_PREFIX_9_OFFSET); + addr_hit[55] = (reg_addr == KMAC_PREFIX_10_OFFSET); + addr_hit[56] = (reg_addr == KMAC_ERR_CODE_OFFSET); end assign addrmiss = (reg_re || reg_we) ? ~|addr_hit : 1'b0 ; @@ -2834,11 +2737,7 @@ module kmac_reg_top ( (addr_hit[53] & (|(KMAC_PERMIT[53] & ~reg_be))) | (addr_hit[54] & (|(KMAC_PERMIT[54] & ~reg_be))) | (addr_hit[55] & (|(KMAC_PERMIT[55] & ~reg_be))) | - (addr_hit[56] & (|(KMAC_PERMIT[56] & ~reg_be))) | - (addr_hit[57] & (|(KMAC_PERMIT[57] & ~reg_be))) | - (addr_hit[58] & (|(KMAC_PERMIT[58] & ~reg_be))) | - (addr_hit[59] & (|(KMAC_PERMIT[59] & ~reg_be))) | - (addr_hit[60] & (|(KMAC_PERMIT[60] & ~reg_be))))); + (addr_hit[56] & (|(KMAC_PERMIT[56] & ~reg_be))))); end // Generate write-enables @@ -2912,151 +2811,139 @@ module kmac_reg_top ( assign entropy_refresh_threshold_shadowed_we = addr_hit[10] & reg_we & !reg_error; assign entropy_refresh_threshold_shadowed_wd = reg_wdata[9:0]; - assign entropy_seed_0_we = addr_hit[11] & reg_we & !reg_error; + assign entropy_seed_we = addr_hit[11] & reg_we & !reg_error; - assign entropy_seed_0_wd = reg_wdata[31:0]; - assign entropy_seed_1_we = addr_hit[12] & reg_we & !reg_error; - - assign entropy_seed_1_wd = reg_wdata[31:0]; - assign entropy_seed_2_we = addr_hit[13] & reg_we & !reg_error; - - assign entropy_seed_2_wd = reg_wdata[31:0]; - assign entropy_seed_3_we = addr_hit[14] & reg_we & !reg_error; - - assign entropy_seed_3_wd = reg_wdata[31:0]; - assign entropy_seed_4_we = addr_hit[15] & reg_we & !reg_error; - - assign entropy_seed_4_wd = reg_wdata[31:0]; - assign key_share0_0_we = addr_hit[16] & reg_we & !reg_error; + assign entropy_seed_wd = reg_wdata[31:0]; + assign key_share0_0_we = addr_hit[12] & reg_we & !reg_error; assign key_share0_0_wd = reg_wdata[31:0]; - assign key_share0_1_we = addr_hit[17] & reg_we & !reg_error; + assign key_share0_1_we = addr_hit[13] & reg_we & !reg_error; assign key_share0_1_wd = reg_wdata[31:0]; - assign key_share0_2_we = addr_hit[18] & reg_we & !reg_error; + assign key_share0_2_we = addr_hit[14] & reg_we & !reg_error; assign key_share0_2_wd = reg_wdata[31:0]; - assign key_share0_3_we = addr_hit[19] & reg_we & !reg_error; + assign key_share0_3_we = addr_hit[15] & reg_we & !reg_error; assign key_share0_3_wd = reg_wdata[31:0]; - assign key_share0_4_we = addr_hit[20] & reg_we & !reg_error; + assign key_share0_4_we = addr_hit[16] & reg_we & !reg_error; assign key_share0_4_wd = reg_wdata[31:0]; - assign key_share0_5_we = addr_hit[21] & reg_we & !reg_error; + assign key_share0_5_we = addr_hit[17] & reg_we & !reg_error; assign key_share0_5_wd = reg_wdata[31:0]; - assign key_share0_6_we = addr_hit[22] & reg_we & !reg_error; + assign key_share0_6_we = addr_hit[18] & reg_we & !reg_error; assign key_share0_6_wd = reg_wdata[31:0]; - assign key_share0_7_we = addr_hit[23] & reg_we & !reg_error; + assign key_share0_7_we = addr_hit[19] & reg_we & !reg_error; assign key_share0_7_wd = reg_wdata[31:0]; - assign key_share0_8_we = addr_hit[24] & reg_we & !reg_error; + assign key_share0_8_we = addr_hit[20] & reg_we & !reg_error; assign key_share0_8_wd = reg_wdata[31:0]; - assign key_share0_9_we = addr_hit[25] & reg_we & !reg_error; + assign key_share0_9_we = addr_hit[21] & reg_we & !reg_error; assign key_share0_9_wd = reg_wdata[31:0]; - assign key_share0_10_we = addr_hit[26] & reg_we & !reg_error; + assign key_share0_10_we = addr_hit[22] & reg_we & !reg_error; assign key_share0_10_wd = reg_wdata[31:0]; - assign key_share0_11_we = addr_hit[27] & reg_we & !reg_error; + assign key_share0_11_we = addr_hit[23] & reg_we & !reg_error; assign key_share0_11_wd = reg_wdata[31:0]; - assign key_share0_12_we = addr_hit[28] & reg_we & !reg_error; + assign key_share0_12_we = addr_hit[24] & reg_we & !reg_error; assign key_share0_12_wd = reg_wdata[31:0]; - assign key_share0_13_we = addr_hit[29] & reg_we & !reg_error; + assign key_share0_13_we = addr_hit[25] & reg_we & !reg_error; assign key_share0_13_wd = reg_wdata[31:0]; - assign key_share0_14_we = addr_hit[30] & reg_we & !reg_error; + assign key_share0_14_we = addr_hit[26] & reg_we & !reg_error; assign key_share0_14_wd = reg_wdata[31:0]; - assign key_share0_15_we = addr_hit[31] & reg_we & !reg_error; + assign key_share0_15_we = addr_hit[27] & reg_we & !reg_error; assign key_share0_15_wd = reg_wdata[31:0]; - assign key_share1_0_we = addr_hit[32] & reg_we & !reg_error; + assign key_share1_0_we = addr_hit[28] & reg_we & !reg_error; assign key_share1_0_wd = reg_wdata[31:0]; - assign key_share1_1_we = addr_hit[33] & reg_we & !reg_error; + assign key_share1_1_we = addr_hit[29] & reg_we & !reg_error; assign key_share1_1_wd = reg_wdata[31:0]; - assign key_share1_2_we = addr_hit[34] & reg_we & !reg_error; + assign key_share1_2_we = addr_hit[30] & reg_we & !reg_error; assign key_share1_2_wd = reg_wdata[31:0]; - assign key_share1_3_we = addr_hit[35] & reg_we & !reg_error; + assign key_share1_3_we = addr_hit[31] & reg_we & !reg_error; assign key_share1_3_wd = reg_wdata[31:0]; - assign key_share1_4_we = addr_hit[36] & reg_we & !reg_error; + assign key_share1_4_we = addr_hit[32] & reg_we & !reg_error; assign key_share1_4_wd = reg_wdata[31:0]; - assign key_share1_5_we = addr_hit[37] & reg_we & !reg_error; + assign key_share1_5_we = addr_hit[33] & reg_we & !reg_error; assign key_share1_5_wd = reg_wdata[31:0]; - assign key_share1_6_we = addr_hit[38] & reg_we & !reg_error; + assign key_share1_6_we = addr_hit[34] & reg_we & !reg_error; assign key_share1_6_wd = reg_wdata[31:0]; - assign key_share1_7_we = addr_hit[39] & reg_we & !reg_error; + assign key_share1_7_we = addr_hit[35] & reg_we & !reg_error; assign key_share1_7_wd = reg_wdata[31:0]; - assign key_share1_8_we = addr_hit[40] & reg_we & !reg_error; + assign key_share1_8_we = addr_hit[36] & reg_we & !reg_error; assign key_share1_8_wd = reg_wdata[31:0]; - assign key_share1_9_we = addr_hit[41] & reg_we & !reg_error; + assign key_share1_9_we = addr_hit[37] & reg_we & !reg_error; assign key_share1_9_wd = reg_wdata[31:0]; - assign key_share1_10_we = addr_hit[42] & reg_we & !reg_error; + assign key_share1_10_we = addr_hit[38] & reg_we & !reg_error; assign key_share1_10_wd = reg_wdata[31:0]; - assign key_share1_11_we = addr_hit[43] & reg_we & !reg_error; + assign key_share1_11_we = addr_hit[39] & reg_we & !reg_error; assign key_share1_11_wd = reg_wdata[31:0]; - assign key_share1_12_we = addr_hit[44] & reg_we & !reg_error; + assign key_share1_12_we = addr_hit[40] & reg_we & !reg_error; assign key_share1_12_wd = reg_wdata[31:0]; - assign key_share1_13_we = addr_hit[45] & reg_we & !reg_error; + assign key_share1_13_we = addr_hit[41] & reg_we & !reg_error; assign key_share1_13_wd = reg_wdata[31:0]; - assign key_share1_14_we = addr_hit[46] & reg_we & !reg_error; + assign key_share1_14_we = addr_hit[42] & reg_we & !reg_error; assign key_share1_14_wd = reg_wdata[31:0]; - assign key_share1_15_we = addr_hit[47] & reg_we & !reg_error; + assign key_share1_15_we = addr_hit[43] & reg_we & !reg_error; assign key_share1_15_wd = reg_wdata[31:0]; - assign key_len_we = addr_hit[48] & reg_we & !reg_error; + assign key_len_we = addr_hit[44] & reg_we & !reg_error; assign key_len_wd = reg_wdata[2:0]; - assign prefix_0_we = addr_hit[49] & reg_we & !reg_error; + assign prefix_0_we = addr_hit[45] & reg_we & !reg_error; assign prefix_0_wd = reg_wdata[31:0]; - assign prefix_1_we = addr_hit[50] & reg_we & !reg_error; + assign prefix_1_we = addr_hit[46] & reg_we & !reg_error; assign prefix_1_wd = reg_wdata[31:0]; - assign prefix_2_we = addr_hit[51] & reg_we & !reg_error; + assign prefix_2_we = addr_hit[47] & reg_we & !reg_error; assign prefix_2_wd = reg_wdata[31:0]; - assign prefix_3_we = addr_hit[52] & reg_we & !reg_error; + assign prefix_3_we = addr_hit[48] & reg_we & !reg_error; assign prefix_3_wd = reg_wdata[31:0]; - assign prefix_4_we = addr_hit[53] & reg_we & !reg_error; + assign prefix_4_we = addr_hit[49] & reg_we & !reg_error; assign prefix_4_wd = reg_wdata[31:0]; - assign prefix_5_we = addr_hit[54] & reg_we & !reg_error; + assign prefix_5_we = addr_hit[50] & reg_we & !reg_error; assign prefix_5_wd = reg_wdata[31:0]; - assign prefix_6_we = addr_hit[55] & reg_we & !reg_error; + assign prefix_6_we = addr_hit[51] & reg_we & !reg_error; assign prefix_6_wd = reg_wdata[31:0]; - assign prefix_7_we = addr_hit[56] & reg_we & !reg_error; + assign prefix_7_we = addr_hit[52] & reg_we & !reg_error; assign prefix_7_wd = reg_wdata[31:0]; - assign prefix_8_we = addr_hit[57] & reg_we & !reg_error; + assign prefix_8_we = addr_hit[53] & reg_we & !reg_error; assign prefix_8_wd = reg_wdata[31:0]; - assign prefix_9_we = addr_hit[58] & reg_we & !reg_error; + assign prefix_9_we = addr_hit[54] & reg_we & !reg_error; assign prefix_9_wd = reg_wdata[31:0]; - assign prefix_10_we = addr_hit[59] & reg_we & !reg_error; + assign prefix_10_we = addr_hit[55] & reg_we & !reg_error; assign prefix_10_wd = reg_wdata[31:0]; @@ -3074,56 +2961,52 @@ module kmac_reg_top ( reg_we_check[8] = entropy_period_gated_we; reg_we_check[9] = 1'b0; reg_we_check[10] = entropy_refresh_threshold_shadowed_gated_we; - reg_we_check[11] = entropy_seed_0_we; - reg_we_check[12] = entropy_seed_1_we; - reg_we_check[13] = entropy_seed_2_we; - reg_we_check[14] = entropy_seed_3_we; - reg_we_check[15] = entropy_seed_4_we; - reg_we_check[16] = key_share0_0_gated_we; - reg_we_check[17] = key_share0_1_gated_we; - reg_we_check[18] = key_share0_2_gated_we; - reg_we_check[19] = key_share0_3_gated_we; - reg_we_check[20] = key_share0_4_gated_we; - reg_we_check[21] = key_share0_5_gated_we; - reg_we_check[22] = key_share0_6_gated_we; - reg_we_check[23] = key_share0_7_gated_we; - reg_we_check[24] = key_share0_8_gated_we; - reg_we_check[25] = key_share0_9_gated_we; - reg_we_check[26] = key_share0_10_gated_we; - reg_we_check[27] = key_share0_11_gated_we; - reg_we_check[28] = key_share0_12_gated_we; - reg_we_check[29] = key_share0_13_gated_we; - reg_we_check[30] = key_share0_14_gated_we; - reg_we_check[31] = key_share0_15_gated_we; - reg_we_check[32] = key_share1_0_gated_we; - reg_we_check[33] = key_share1_1_gated_we; - reg_we_check[34] = key_share1_2_gated_we; - reg_we_check[35] = key_share1_3_gated_we; - reg_we_check[36] = key_share1_4_gated_we; - reg_we_check[37] = key_share1_5_gated_we; - reg_we_check[38] = key_share1_6_gated_we; - reg_we_check[39] = key_share1_7_gated_we; - reg_we_check[40] = key_share1_8_gated_we; - reg_we_check[41] = key_share1_9_gated_we; - reg_we_check[42] = key_share1_10_gated_we; - reg_we_check[43] = key_share1_11_gated_we; - reg_we_check[44] = key_share1_12_gated_we; - reg_we_check[45] = key_share1_13_gated_we; - reg_we_check[46] = key_share1_14_gated_we; - reg_we_check[47] = key_share1_15_gated_we; - reg_we_check[48] = key_len_gated_we; - reg_we_check[49] = prefix_0_gated_we; - reg_we_check[50] = prefix_1_gated_we; - reg_we_check[51] = prefix_2_gated_we; - reg_we_check[52] = prefix_3_gated_we; - reg_we_check[53] = prefix_4_gated_we; - reg_we_check[54] = prefix_5_gated_we; - reg_we_check[55] = prefix_6_gated_we; - reg_we_check[56] = prefix_7_gated_we; - reg_we_check[57] = prefix_8_gated_we; - reg_we_check[58] = prefix_9_gated_we; - reg_we_check[59] = prefix_10_gated_we; - reg_we_check[60] = 1'b0; + reg_we_check[11] = entropy_seed_we; + reg_we_check[12] = key_share0_0_gated_we; + reg_we_check[13] = key_share0_1_gated_we; + reg_we_check[14] = key_share0_2_gated_we; + reg_we_check[15] = key_share0_3_gated_we; + reg_we_check[16] = key_share0_4_gated_we; + reg_we_check[17] = key_share0_5_gated_we; + reg_we_check[18] = key_share0_6_gated_we; + reg_we_check[19] = key_share0_7_gated_we; + reg_we_check[20] = key_share0_8_gated_we; + reg_we_check[21] = key_share0_9_gated_we; + reg_we_check[22] = key_share0_10_gated_we; + reg_we_check[23] = key_share0_11_gated_we; + reg_we_check[24] = key_share0_12_gated_we; + reg_we_check[25] = key_share0_13_gated_we; + reg_we_check[26] = key_share0_14_gated_we; + reg_we_check[27] = key_share0_15_gated_we; + reg_we_check[28] = key_share1_0_gated_we; + reg_we_check[29] = key_share1_1_gated_we; + reg_we_check[30] = key_share1_2_gated_we; + reg_we_check[31] = key_share1_3_gated_we; + reg_we_check[32] = key_share1_4_gated_we; + reg_we_check[33] = key_share1_5_gated_we; + reg_we_check[34] = key_share1_6_gated_we; + reg_we_check[35] = key_share1_7_gated_we; + reg_we_check[36] = key_share1_8_gated_we; + reg_we_check[37] = key_share1_9_gated_we; + reg_we_check[38] = key_share1_10_gated_we; + reg_we_check[39] = key_share1_11_gated_we; + reg_we_check[40] = key_share1_12_gated_we; + reg_we_check[41] = key_share1_13_gated_we; + reg_we_check[42] = key_share1_14_gated_we; + reg_we_check[43] = key_share1_15_gated_we; + reg_we_check[44] = key_len_gated_we; + reg_we_check[45] = prefix_0_gated_we; + reg_we_check[46] = prefix_1_gated_we; + reg_we_check[47] = prefix_2_gated_we; + reg_we_check[48] = prefix_3_gated_we; + reg_we_check[49] = prefix_4_gated_we; + reg_we_check[50] = prefix_5_gated_we; + reg_we_check[51] = prefix_6_gated_we; + reg_we_check[52] = prefix_7_gated_we; + reg_we_check[53] = prefix_8_gated_we; + reg_we_check[54] = prefix_9_gated_we; + reg_we_check[55] = prefix_10_gated_we; + reg_we_check[56] = 1'b0; end // Read data return @@ -3335,70 +3218,54 @@ module kmac_reg_top ( end addr_hit[44]: begin - reg_rdata_next[31:0] = '0; - end - - addr_hit[45]: begin - reg_rdata_next[31:0] = '0; - end - - addr_hit[46]: begin - reg_rdata_next[31:0] = '0; - end - - addr_hit[47]: begin - reg_rdata_next[31:0] = '0; - end - - addr_hit[48]: begin reg_rdata_next[2:0] = '0; end - addr_hit[49]: begin + addr_hit[45]: begin reg_rdata_next[31:0] = prefix_0_qs; end - addr_hit[50]: begin + addr_hit[46]: begin reg_rdata_next[31:0] = prefix_1_qs; end - addr_hit[51]: begin + addr_hit[47]: begin reg_rdata_next[31:0] = prefix_2_qs; end - addr_hit[52]: begin + addr_hit[48]: begin reg_rdata_next[31:0] = prefix_3_qs; end - addr_hit[53]: begin + addr_hit[49]: begin reg_rdata_next[31:0] = prefix_4_qs; end - addr_hit[54]: begin + addr_hit[50]: begin reg_rdata_next[31:0] = prefix_5_qs; end - addr_hit[55]: begin + addr_hit[51]: begin reg_rdata_next[31:0] = prefix_6_qs; end - addr_hit[56]: begin + addr_hit[52]: begin reg_rdata_next[31:0] = prefix_7_qs; end - addr_hit[57]: begin + addr_hit[53]: begin reg_rdata_next[31:0] = prefix_8_qs; end - addr_hit[58]: begin + addr_hit[54]: begin reg_rdata_next[31:0] = prefix_9_qs; end - addr_hit[59]: begin + addr_hit[55]: begin reg_rdata_next[31:0] = prefix_10_qs; end - addr_hit[60]: begin + addr_hit[56]: begin reg_rdata_next[31:0] = err_code_qs; end diff --git a/hw/top_earlgrey/data/autogen/top_earlgrey.gen.hjson b/hw/top_earlgrey/data/autogen/top_earlgrey.gen.hjson index c6e18e30117d4c..fc32fe8983eaf0 100644 --- a/hw/top_earlgrey/data/autogen/top_earlgrey.gen.hjson +++ b/hw/top_earlgrey/data/autogen/top_earlgrey.gen.hjson @@ -1167,7 +1167,7 @@ randcount: 40 randtype: data name_top: RndCnstOtpCtrlLfsrSeed - default: 0xe18549cb1e + default: 0x23d532c0ab randwidth: 40 } { @@ -1177,7 +1177,7 @@ randcount: 40 randtype: perm name_top: RndCnstOtpCtrlLfsrPerm - default: 0x9d559824550804312249a00d96481f4176ce4531a374c84a7821cb9993dc + default: 0x35f9e27449828087a351b19228f05a15730754e0d98507166090139642d1 randwidth: 240 } { @@ -1187,7 +1187,7 @@ randcount: 256 randtype: data name_top: RndCnstOtpCtrlScrmblKeyInit - default: 0x44c3bcdf8087b7facd65e9654cd85bc66d10208c4fb51b97bbf4d12c378ccfd6 + default: 0x55d70063277642b5309a163990b966cd494444c3bcdf8087b7facd65e9654cd8 randwidth: 256 } ] @@ -1602,7 +1602,7 @@ randcount: 128 randtype: data name_top: RndCnstLcCtrlLcKeymgrDivInvalid - default: 0xa5a5bf3032db51fa1eb92f6ce10e90f9 + default: 0x5bc66d10208c4fb51b97bbf4d12c378c randwidth: 128 } { @@ -1612,7 +1612,7 @@ randcount: 128 randtype: data name_top: RndCnstLcCtrlLcKeymgrDivTestUnlocked - default: 0xc5c06f733dc911a321dd4c0ac2406d46 + default: 0xcfd6a5a5bf3032db51fa1eb92f6ce10e randwidth: 128 } { @@ -1622,7 +1622,7 @@ randcount: 128 randtype: data name_top: RndCnstLcCtrlLcKeymgrDivDev - default: 0x7215dab3f2b54a52e6728678af071806 + default: 0x90f9c5c06f733dc911a321dd4c0ac240 randwidth: 128 } { @@ -1632,7 +1632,7 @@ randcount: 128 randtype: data name_top: RndCnstLcCtrlLcKeymgrDivProduction - default: 0x8e344d2eae4d73c8fa54de8aa4a4f258 + default: 0x6d467215dab3f2b54a52e6728678af07 randwidth: 128 } { @@ -1642,7 +1642,7 @@ randcount: 128 randtype: data name_top: RndCnstLcCtrlLcKeymgrDivRma - default: 0xf3b2a145fd1950ae55d693e57968117e + default: 0x18068e344d2eae4d73c8fa54de8aa4a4 randwidth: 128 } { @@ -1652,7 +1652,7 @@ randcount: 1024 randtype: data name_top: RndCnstLcCtrlInvalidTokens - default: 0x66dc634155e0f8150242862eb20eea9a1f7544716551512a112ded678ce824a08e29c772795a358ec30f1bedd1af0ec9d9a9cf36a2b130d32afe121af734f628363aaa0e93d45c423690ed05bd1e710f22d1095889fbd8a7b57fb1e11df367c1c1ede3f35cfc8f6e72abdd73a9eefbf8b7081eb9f636e13ca9d21f1edebe60a2 + default: 0xf258f3b2a145fd1950ae55d693e57968117e66dc634155e0f8150242862eb20eea9a1f7544716551512a112ded678ce824a08e29c772795a358ec30f1bedd1af0ec9d9a9cf36a2b130d32afe121af734f628363aaa0e93d45c423690ed05bd1e710f22d1095889fbd8a7b57fb1e11df367c1c1ede3f35cfc8f6e72abdd73a9ee randwidth: 1024 } { @@ -2180,7 +2180,7 @@ randcount: 32 randtype: data name_top: RndCnstAlertHandlerLfsrSeed - default: 0x2db6d398 + default: 0xfbf8b708 randwidth: 32 } { @@ -2190,7 +2190,7 @@ randcount: 32 randtype: perm name_top: RndCnstAlertHandlerLfsrPerm - default: 0xff4e1aecac5cb0f2239612af14f8c0cc26d70e9a + default: 0xd07af5ec5681152045096bb132d19ecfea7e1ae3 randwidth: 160 } ] @@ -4582,7 +4582,7 @@ randcount: 128 randtype: data name_top: RndCnstSramCtrlRetAonSramKey - default: 0xe4612980d48e6c6493a50eedbac6a46b + default: 0x42692b089a6f99b1a7ac084224ade461 randwidth: 128 } { @@ -4592,7 +4592,7 @@ randcount: 128 randtype: data name_top: RndCnstSramCtrlRetAonSramNonce - default: 0x7a8a9b2c7aec92f39e49478c398c91db + default: 0x2980d48e6c6493a50eedbac6a46b7a8a randwidth: 128 } { @@ -4602,7 +4602,7 @@ randcount: 32 randtype: data name_top: RndCnstSramCtrlRetAonLfsrSeed - default: 0x1841831b + default: 0x9b2c7aec randwidth: 32 } { @@ -4612,7 +4612,7 @@ randcount: 32 randtype: perm name_top: RndCnstSramCtrlRetAonLfsrPerm - default: 0xf7e60ae6d8eca26bf09ada50579c4e6342aa4163 + default: 0x791b870b95b872c300aaa2fb686c7fd1e284cfd2 randwidth: 160 } { @@ -4792,7 +4792,7 @@ randcount: 128 randtype: data name_top: RndCnstFlashCtrlAddrKey - default: 0x76a61e112578bf9f469fc482fa14a8f2 + default: 0x11e64066908adfd5918f8c563c92184f randwidth: 128 } { @@ -4802,7 +4802,7 @@ randcount: 128 randtype: data name_top: RndCnstFlashCtrlDataKey - default: 0xb75c265c9cb3b2f1c44a7287ab4c0618 + default: 0x1c76a61e112578bf9f469fc482fa14a8 randwidth: 128 } { @@ -4812,7 +4812,7 @@ randcount: 512 randtype: data name_top: RndCnstFlashCtrlAllSeeds - default: 0x822e92a084a048ffe9fb86140a79d38055b24b5f3b3ea79bd7f203d55eabf9f733d9b0cc2ca2b394f2526e4430c2afb4f5b43b1667039c6305bf983af472a23d + default: 0xf2b75c265c9cb3b2f1c44a7287ab4c0618822e92a084a048ffe9fb86140a79d38055b24b5f3b3ea79bd7f203d55eabf9f733d9b0cc2ca2b394f2526e4430c2af randwidth: 512 } { @@ -4822,7 +4822,7 @@ randcount: 32 randtype: data name_top: RndCnstFlashCtrlLfsrSeed - default: 0xb96be84f + default: 0xb4f5b43b randwidth: 32 } { @@ -4832,7 +4832,7 @@ randcount: 32 randtype: perm name_top: RndCnstFlashCtrlLfsrPerm - default: 0x699d74aab26079d11564d8e119f807b23fac51f9 + default: 0xda8c1fc48584aba1e2cb43d2dcd1c7e5fbe98182 randwidth: 160 } { @@ -5552,7 +5552,7 @@ randcount: 64 randtype: data name_top: RndCnstAesClearingLfsrSeed - default: 0x5bb696be7a52b9a + default: 0xec27f13eb602172c randwidth: 64 } { @@ -5562,7 +5562,7 @@ randcount: 64 randtype: perm name_top: RndCnstAesClearingLfsrPerm - default: 0xd3a648f1d3034be54ead70b0cc7be7d46dbf2e5780469b23264358894ded85f4e6105a1aaa0e71b8f581f5b43b732e0a + default: 0x352b301e82238b40c93bbf82ad9c4b5fd798caa906f1d45552d9e17ff105e60dcf5b86d073398aa766ba075baf300953 randwidth: 384 } { @@ -5572,7 +5572,7 @@ randcount: 64 randtype: perm name_top: RndCnstAesClearingSharePerm - default: 0x33abe47ae86d74341505c68d478f07d5208ac532178d8df302727ea0bca9504d0f16b8b63b09595b981f1a6ffbf6ca9b + default: 0x347b55e5dfa46903140e8241db2fc0f67bcb7a38520972b01383c5d6b3a5d16ba07c69b3c6cddb66262aa5121c4fbf3a randwidth: 384 } { @@ -5582,7 +5582,7 @@ randcount: 288 randtype: data name_top: RndCnstAesMaskingLfsrSeed - default: 0xe33fd2c07986c2a511755f072ee7a8e2fc45e111df07fa067f64056d9bf30d48543bec2 + default: 0x80499e6fcce64ceafd282c0e33fd2c07986c2a511755f072ee7a8e2fc45e111df07fa067 randwidth: 288 } { @@ -5592,7 +5592,7 @@ randcount: 160 randtype: perm name_top: RndCnstAesMaskingLfsrPerm - default: 0x317227746d588692343a5d20839a9569306e375716411e61447a26422452080e898e637c497f607d2e0a390d2d4f29329e82066a3f4c8a02679f48146c1794094010224a872c33472a0c73967e1c009b8c811b0f3518035b3c151f71563e99667b8028198d786f1a1d777679538b4e6865114623454388503b07973d389c596b4d0b84914b628f702b21015c2f510413125a859098935f5455645e9d05253675 + default: 0x5227992e22693a163f8b5d8d58914a1e3283106a866c4c2d760e497831847c29673779240a710d9581424147066639488702639f7a144f178009209d0834447b7d612c332a0c6f5b901c007f890b1b0f351803573c151f6d9e3e6082774d28198a74941a1d73729a53884e6865114623459b8f503b07923d387e596b266e97968e4b628c702b21015c2f510413125a9c935f5455645e98052536754385305640 randwidth: 1280 } ] @@ -5813,33 +5813,33 @@ } { name: RndCnstLfsrSeed - desc: Compile-time random data for LFSR default seed + desc: Compile-time random data for PRNG default seed type: kmac_pkg::lfsr_seed_t - randcount: 800 + randcount: 288 randtype: data name_top: RndCnstKmacLfsrSeed - default: 0x20f89caa47e5ced5d29cc9cdb468773ebacec14da34c505aedc70ea184c7a34193d59c735b5b4e2cbee5ab93cb024d6f8c0c700110cbf01425daf5141df19a882a71d66b5953dbc603379da9efb2069bd79815b2f8d99a40e7fdc4fb13143d7753ce1cf9 - randwidth: 800 + default: 0xb666a5e22d3320f89caa47e5ced5d29cc9cdb468773ebacec14da34c505aedc70ea184c7 + randwidth: 288 } { name: RndCnstLfsrPerm - desc: Compile-time random permutation for LFSR output + desc: Compile-time random permutation for PRNG output type: kmac_pkg::lfsr_perm_t randcount: 800 randtype: perm name_top: RndCnstKmacLfsrPerm - default: 0xa412388eb94bea6c303f6e98ba947313195941c727aa77ad82bb6a330d7158f0a34905badd82fd2d794a0b20991f57b465f070a7e305873d48c166660c65c1de8e5bc4764ebb179b97441e8dc72a0838538ed55ae6632f4860aeb5cf9acc14a717d0c94d9c4dc3a6134b2dc8f0ab3fd455da290951a235095deec52d2b770fe6a0d3149d32cc3a718a276506a5e1d49f100a2999448832c551259721302c69614008766827a29e81f1d05795556135ad568872ad7267f0adf470df19864383069c731b73dab90a7d9a28da2c4e3180f899db69a838be01896791fd0ea5522996737b41a3df0b845af20064bdac0605d5b1cba801921b2e7102782f40a83b063090d2b705147085acc5246851e4989e9785d02d659b0678e1342c90a97a6b01527cc4b6857048b1bf246990ca0ced2749cc12eb7528204c5e2058956f0097b86897c92272b15d641b87070345f888d7b7c44046a8c00ee0609b89e0319f141588372dcd47f049757c3b1155f8f1c4ef910c06032ff3cd40580a32e6ca9c88b0f8a1b65b41f8d119a09326383219bb8e4f92cdda925e50c81332f2782772f8b5462758ca5b1aaae75a3d675f9ad957268da4a1251e9aa9ee343daa10d076215bb1b6b26d9d457208624db4813ab0d6c6c8e44dd33958ef884f27980e00460000afbeca7b60e29b5020c2ce4406186e8f4e4137f1bfb91a04d20235a3046e89961907d8c06b647474047866a8b715be9c885d649d05d6954f4131d47111924086016a074b73a048c664c2b0e00bee059c65589ca0de104d9a9091dfc46a02d0705429a448a6219a31c4fb7b20a0722ca06de38ec1965a1137031063567240bd62a4aad38e61e79e9829214b42fd716e213e53362e8430d5aad69baac6b3c8a12a44140e7a7a31b46072da916202e51dfd8ba282ee601ad249bcaa23c7502d3f6c5707027c69e362c0fc4055dc7eaf16094bbd99188f03eacb9c0bc0e58e8f81f7dc297eb09b74a5880e6619796cef8c3cde84ae97907bab2842406fae8fd5b5089af17b359f4e1d7a302125a87b32d6af56e9a4df7edf5869420d5488e929b96d482c034f04631d44815be4299424c1942d4c351ae9d93b2cab8008a883c972a489a5ad549a805989d5fcf814db56346e041f20f507bc50fc4abf89263c595a54436366541713e09983a4e6c7e116506454799169054c364e0163f9371887d658aef0525de7a53057db799ddd1d1ce8edf344c07c785aaf845aa4cf0895bc383b06db868a865ce5716d842e2b0a5262a6c429683c20985bfb01af1c476a4abcd14564637bceb8102c85aee7aac463dbd3369d9b92e7fa55a4921551ffad13d706523d1e31e23323a19a8ac5a7d8a40ec254e06b6c17bdd3208e88518ce660eaaaa0d855525c91739648 + default: 0x3181458084094d29114aaf9e6620f99adec77c9ba71ac27ac3b24c369a2380eee7ad87899d20e92f178ba48cc15c4ad288ee8389c0c94d23069974b6781ca7947d5580d156ef1f2687c2918bc2bb2852789c6c2ab686d75a79d9a0cdc32dd448a504159b466ed4aced492ac3430b878bb97d2d654f75d2897309911dd65a319b345f9dce184636ba4889e16f4b19734c388b5906d0c25f0ff1c88dbcd5c09f09a8e90a871e06312c0d451fc11aa10da15f4bc6c19ff06800801923d2cca0770e7b9ece1000ab184455451678bf2466f1e609995c90b4c5424aec7c2a6c17e0549f8c4570497a7f2320cde16bd5812d31081779b495a6ac71a2e2c04495384e7d9064394b808500fd5e944e990416c628f2619a165b67b515a66ff91aa6659b935dd19ceaf9e9432c4abafc09b22e0681781b27d6a64b9d313078bd9d62c401ba5021d19e07c30836a1aa46aeb49e643b1613c672c5406c3e3e3cf00c6ad42e6b19788b0f8a1b01921f8d11982e3260c3217bc09d58dcdda5c81332d96f0be2d518631d091c6a8e6288a57d625cb268da4a1251eacb999e73da7b0d076216131b6176fe585ad6c36d204eaab58ce44dd33908ef3c9c203801180002bdd829e4038a594083060510185f99e5397c59da1d34be8d67a11b64dab73cc062eea4740495aecbf2e1a2ed1592609270841304471118d4086016a074b73a048852382b0e00bea459c6558a080dc6b4d8246eef8734b41c1fda11122988668c713edc751ecf862e638eada39a11368a106dd6725bb72d34aaba8960aa08a4806b7b91c513e963610c356bd5a610b7e702284ac5c28c1c136080f70ed28bab99855721cc45d9d38711f28dada04fe7201c0c5dbad6438f05dc368c6964c7b9b224950884ca2a88f1d40b4fdb15c31669e222c0fc4055d8d2931609489d99188f03eab2970bc0e58e8a81f7dc297eaf0b58a5880e6619796ce7cbd8de84ad07907ba56f52406f94cfdc7108ae2feb8d9fc6dd7c382125b1dace7ea956eb78df7edf5869420d5488e929b32bb82c034f04631d44815be4299424c1942d4c351ae4ecb2a80022a20fc531122680a61265989d5fcf814db56346e041f20f507b610fbe6a789263bf55a54436366541713e099839b1f8459419151e645a4152f4938058fe4d87f108aed7525de7a53057db799ddd1d1ce8edf344c07c145a116a933c2256ef20ec1b6e1a2a197395c5b610b8ac29498a9b10a5a0f082616e5ba2bc711da92ada4515918def3ae040b216b55eab118f6f4cda766e4b9fe95692485547feb44f5c1948f478c788cc8e866a2b169f62903b095381adb05ef74c823a2146339983aaaa836155497245ce59207353cf5132691581a9d80c594a99a87725c43702304d6aebed385b67193e8d randwidth: 8000 } { - name: RndCnstLfsrFwdPerm - desc: Compile-time random permutation for forwarding LFSR state - type: kmac_pkg::lfsr_fwd_perm_t - randcount: 32 - randtype: perm - name_top: RndCnstKmacLfsrFwdPerm - default: 0xddd8eaffd1cf789808d653c85a60ed5ca7a18028 - randwidth: 160 + name: RndCnstBufferLfsrSeed + desc: Compile-time random data for PRNG buffer default seed + type: kmac_pkg::buffer_lfsr_seed_t + randcount: 800 + randtype: data + name_top: RndCnstKmacBufferLfsrSeed + default: 0xac29042563ae4733313ad2696788a8735b27982f5007a24a125f876c9ca6ddeb52ac92f5600d2a41bc465efe57aa3b59bd6b0a40216363420f041ed29a965b68faea3e59d4f2e2a0b42eb9a8c3ab227b50766d2eaec89eb13b07e9bf4ee42784136d42c8 + randwidth: 800 } { name: RndCnstMsgPerm diff --git a/hw/top_earlgrey/rtl/autogen/top_earlgrey.sv b/hw/top_earlgrey/rtl/autogen/top_earlgrey.sv index 4fecb176b33e9b..e89903162afd0a 100644 --- a/hw/top_earlgrey/rtl/autogen/top_earlgrey.sv +++ b/hw/top_earlgrey/rtl/autogen/top_earlgrey.sv @@ -2253,7 +2253,7 @@ module top_earlgrey #( .SecIdleAcceptSwMsg(SecKmacIdleAcceptSwMsg), .RndCnstLfsrSeed(RndCnstKmacLfsrSeed), .RndCnstLfsrPerm(RndCnstKmacLfsrPerm), - .RndCnstLfsrFwdPerm(RndCnstKmacLfsrFwdPerm), + .RndCnstBufferLfsrSeed(RndCnstKmacBufferLfsrSeed), .RndCnstMsgPerm(RndCnstKmacMsgPerm) ) u_kmac ( diff --git a/hw/top_earlgrey/rtl/autogen/top_earlgrey_rnd_cnst_pkg.sv b/hw/top_earlgrey/rtl/autogen/top_earlgrey_rnd_cnst_pkg.sv index cdafa1d3cc5f51..c65249e5ce6178 100644 --- a/hw/top_earlgrey/rtl/autogen/top_earlgrey_rnd_cnst_pkg.sv +++ b/hw/top_earlgrey/rtl/autogen/top_earlgrey_rnd_cnst_pkg.sv @@ -18,17 +18,17 @@ package top_earlgrey_rnd_cnst_pkg; //////////////////////////////////////////// // Compile-time random bits for initial LFSR seed parameter otp_ctrl_pkg::lfsr_seed_t RndCnstOtpCtrlLfsrSeed = { - 40'hE1_8549CB1E + 40'h23_D532C0AB }; // Compile-time random permutation for LFSR output parameter otp_ctrl_pkg::lfsr_perm_t RndCnstOtpCtrlLfsrPerm = { - 240'h9D55_98245508_04312249_A00D9648_1F4176CE_4531A374_C84A7821_CB9993DC + 240'h35F9_E2744982_8087A351_B19228F0_5A157307_54E0D985_07166090_139642D1 }; // Compile-time random permutation for scrambling key/nonce register reset value parameter otp_ctrl_pkg::scrmbl_key_init_t RndCnstOtpCtrlScrmblKeyInit = { - 256'h44C3BCDF_8087B7FA_CD65E965_4CD85BC6_6D10208C_4FB51B97_BBF4D12C_378CCFD6 + 256'h55D70063_277642B5_309A1639_90B966CD_494444C3_BCDF8087_B7FACD65_E9654CD8 }; //////////////////////////////////////////// @@ -36,35 +36,35 @@ package top_earlgrey_rnd_cnst_pkg; //////////////////////////////////////////// // Diversification value used for all invalid life cycle states. parameter lc_ctrl_pkg::lc_keymgr_div_t RndCnstLcCtrlLcKeymgrDivInvalid = { - 128'hA5A5BF30_32DB51FA_1EB92F6C_E10E90F9 + 128'h5BC66D10_208C4FB5_1B97BBF4_D12C378C }; // Diversification value used for the TEST_UNLOCKED* life cycle states. parameter lc_ctrl_pkg::lc_keymgr_div_t RndCnstLcCtrlLcKeymgrDivTestUnlocked = { - 128'hC5C06F73_3DC911A3_21DD4C0A_C2406D46 + 128'hCFD6A5A5_BF3032DB_51FA1EB9_2F6CE10E }; // Diversification value used for the DEV life cycle state. parameter lc_ctrl_pkg::lc_keymgr_div_t RndCnstLcCtrlLcKeymgrDivDev = { - 128'h7215DAB3_F2B54A52_E6728678_AF071806 + 128'h90F9C5C0_6F733DC9_11A321DD_4C0AC240 }; // Diversification value used for the PROD/PROD_END life cycle states. parameter lc_ctrl_pkg::lc_keymgr_div_t RndCnstLcCtrlLcKeymgrDivProduction = { - 128'h8E344D2E_AE4D73C8_FA54DE8A_A4A4F258 + 128'h6D467215_DAB3F2B5_4A52E672_8678AF07 }; // Diversification value used for the RMA life cycle state. parameter lc_ctrl_pkg::lc_keymgr_div_t RndCnstLcCtrlLcKeymgrDivRma = { - 128'hF3B2A145_FD1950AE_55D693E5_7968117E + 128'h18068E34_4D2EAE4D_73C8FA54_DE8AA4A4 }; // Compile-time random bits used for invalid tokens in the token mux parameter lc_ctrl_pkg::lc_token_mux_t RndCnstLcCtrlInvalidTokens = { - 256'h66DC6341_55E0F815_0242862E_B20EEA9A_1F754471_6551512A_112DED67_8CE824A0, - 256'h8E29C772_795A358E_C30F1BED_D1AF0EC9_D9A9CF36_A2B130D3_2AFE121A_F734F628, - 256'h363AAA0E_93D45C42_3690ED05_BD1E710F_22D10958_89FBD8A7_B57FB1E1_1DF367C1, - 256'hC1EDE3F3_5CFC8F6E_72ABDD73_A9EEFBF8_B7081EB9_F636E13C_A9D21F1E_DEBE60A2 + 256'hF258F3B2_A145FD19_50AE55D6_93E57968_117E66DC_634155E0_F8150242_862EB20E, + 256'hEA9A1F75_44716551_512A112D_ED678CE8_24A08E29_C772795A_358EC30F_1BEDD1AF, + 256'h0EC9D9A9_CF36A2B1_30D32AFE_121AF734_F628363A_AA0E93D4_5C423690_ED05BD1E, + 256'h710F22D1_095889FB_D8A7B57F_B1E11DF3_67C1C1ED_E3F35CFC_8F6E72AB_DD73A9EE }; //////////////////////////////////////////// @@ -72,12 +72,12 @@ package top_earlgrey_rnd_cnst_pkg; //////////////////////////////////////////// // Compile-time random bits for initial LFSR seed parameter alert_pkg::lfsr_seed_t RndCnstAlertHandlerLfsrSeed = { - 32'h2DB6D398 + 32'hFBF8B708 }; // Compile-time random permutation for LFSR output parameter alert_pkg::lfsr_perm_t RndCnstAlertHandlerLfsrPerm = { - 160'hFF4E1AEC_AC5CB0F2_239612AF_14F8C0CC_26D70E9A + 160'hD07AF5EC_56811520_45096BB1_32D19ECF_EA7E1AE3 }; //////////////////////////////////////////// @@ -85,22 +85,22 @@ package top_earlgrey_rnd_cnst_pkg; //////////////////////////////////////////// // Compile-time random reset value for SRAM scrambling key. parameter otp_ctrl_pkg::sram_key_t RndCnstSramCtrlRetAonSramKey = { - 128'hE4612980_D48E6C64_93A50EED_BAC6A46B + 128'h42692B08_9A6F99B1_A7AC0842_24ADE461 }; // Compile-time random reset value for SRAM scrambling nonce. parameter otp_ctrl_pkg::sram_nonce_t RndCnstSramCtrlRetAonSramNonce = { - 128'h7A8A9B2C_7AEC92F3_9E49478C_398C91DB + 128'h2980D48E_6C6493A5_0EEDBAC6_A46B7A8A }; // Compile-time random bits for initial LFSR seed parameter sram_ctrl_pkg::lfsr_seed_t RndCnstSramCtrlRetAonLfsrSeed = { - 32'h1841831B + 32'h9B2C7AEC }; // Compile-time random permutation for LFSR output parameter sram_ctrl_pkg::lfsr_perm_t RndCnstSramCtrlRetAonLfsrPerm = { - 160'hF7E60AE6_D8ECA26B_F09ADA50_579C4E63_42AA4163 + 160'h791B870B_95B872C3_00AAA2FB_686C7FD1_E284CFD2 }; //////////////////////////////////////////// @@ -108,28 +108,28 @@ package top_earlgrey_rnd_cnst_pkg; //////////////////////////////////////////// // Compile-time random bits for default address key parameter flash_ctrl_pkg::flash_key_t RndCnstFlashCtrlAddrKey = { - 128'h76A61E11_2578BF9F_469FC482_FA14A8F2 + 128'h11E64066_908ADFD5_918F8C56_3C92184F }; // Compile-time random bits for default data key parameter flash_ctrl_pkg::flash_key_t RndCnstFlashCtrlDataKey = { - 128'hB75C265C_9CB3B2F1_C44A7287_AB4C0618 + 128'h1C76A61E_112578BF_9F469FC4_82FA14A8 }; // Compile-time random bits for default seeds parameter flash_ctrl_pkg::all_seeds_t RndCnstFlashCtrlAllSeeds = { - 256'h822E92A0_84A048FF_E9FB8614_0A79D380_55B24B5F_3B3EA79B_D7F203D5_5EABF9F7, - 256'h33D9B0CC_2CA2B394_F2526E44_30C2AFB4_F5B43B16_67039C63_05BF983A_F472A23D + 256'hF2B75C26_5C9CB3B2_F1C44A72_87AB4C06_18822E92_A084A048_FFE9FB86_140A79D3, + 256'h8055B24B_5F3B3EA7_9BD7F203_D55EABF9_F733D9B0_CC2CA2B3_94F2526E_4430C2AF }; // Compile-time random bits for initial LFSR seed parameter flash_ctrl_pkg::lfsr_seed_t RndCnstFlashCtrlLfsrSeed = { - 32'hB96BE84F + 32'hB4F5B43B }; // Compile-time random permutation for LFSR output parameter flash_ctrl_pkg::lfsr_perm_t RndCnstFlashCtrlLfsrPerm = { - 160'h699D74AA_B26079D1_1564D8E1_19F807B2_3FAC51F9 + 160'hDA8C1FC4_8584ABA1_E2CB43D2_DCD1C7E5_FBE98182 }; //////////////////////////////////////////// @@ -137,86 +137,87 @@ package top_earlgrey_rnd_cnst_pkg; //////////////////////////////////////////// // Default seed of the PRNG used for register clearing. parameter aes_pkg::clearing_lfsr_seed_t RndCnstAesClearingLfsrSeed = { - 64'h05BB696B_E7A52B9A + 64'hEC27F13E_B602172C }; // Permutation applied to the LFSR of the PRNG used for clearing. parameter aes_pkg::clearing_lfsr_perm_t RndCnstAesClearingLfsrPerm = { - 128'hD3A648F1_D3034BE5_4EAD70B0_CC7BE7D4, - 256'h6DBF2E57_80469B23_26435889_4DED85F4_E6105A1A_AA0E71B8_F581F5B4_3B732E0A + 128'h352B301E_82238B40_C93BBF82_AD9C4B5F, + 256'hD798CAA9_06F1D455_52D9E17F_F105E60D_CF5B86D0_73398AA7_66BA075B_AF300953 }; // Permutation applied to the clearing PRNG output for clearing the second share of registers. parameter aes_pkg::clearing_lfsr_perm_t RndCnstAesClearingSharePerm = { - 128'h33ABE47A_E86D7434_1505C68D_478F07D5, - 256'h208AC532_178D8DF3_02727EA0_BCA9504D_0F16B8B6_3B09595B_981F1A6F_FBF6CA9B + 128'h347B55E5_DFA46903_140E8241_DB2FC0F6, + 256'h7BCB7A38_520972B0_1383C5D6_B3A5D16B_A07C69B3_C6CDDB66_262AA512_1C4FBF3A }; // Default seed of the PRNG used for masking. parameter aes_pkg::masking_lfsr_seed_t RndCnstAesMaskingLfsrSeed = { - 32'h0E33FD2C, - 256'h07986C2A_511755F0_72EE7A8E_2FC45E11_1DF07FA0_67F64056_D9BF30D4_8543BEC2 + 32'h80499E6F, + 256'hCCE64CEA_FD282C0E_33FD2C07_986C2A51_1755F072_EE7A8E2F_C45E111D_F07FA067 }; // Permutation applied to the concatenated LFSRs of the PRNG used for masking. parameter aes_pkg::masking_lfsr_perm_t RndCnstAesMaskingLfsrPerm = { - 256'h31722774_6D588692_343A5D20_839A9569_306E3757_16411E61_447A2642_2452080E, - 256'h898E637C_497F607D_2E0A390D_2D4F2932_9E82066A_3F4C8A02_679F4814_6C179409, - 256'h4010224A_872C3347_2A0C7396_7E1C009B_8C811B0F_3518035B_3C151F71_563E9966, - 256'h7B802819_8D786F1A_1D777679_538B4E68_65114623_45438850_3B07973D_389C596B, - 256'h4D0B8491_4B628F70_2B21015C_2F510413_125A8590_98935F54_55645E9D_05253675 + 256'h5227992E_22693A16_3F8B5D8D_58914A1E_3283106A_866C4C2D_760E4978_31847C29, + 256'h67377924_0A710D95_81424147_06663948_8702639F_7A144F17_8009209D_0834447B, + 256'h7D612C33_2A0C6F5B_901C007F_890B1B0F_35180357_3C151F6D_9E3E6082_774D2819, + 256'h8A74941A_1D73729A_53884E68_65114623_459B8F50_3B07923D_387E596B_266E9796, + 256'h8E4B628C_702B2101_5C2F5104_13125A9C_935F5455_645E9805_25367543_85305640 }; //////////////////////////////////////////// // kmac //////////////////////////////////////////// - // Compile-time random data for LFSR default seed + // Compile-time random data for PRNG default seed parameter kmac_pkg::lfsr_seed_t RndCnstKmacLfsrSeed = { - 32'h20F89CAA, - 256'h47E5CED5_D29CC9CD_B468773E_BACEC14D_A34C505A_EDC70EA1_84C7A341_93D59C73, - 256'h5B5B4E2C_BEE5AB93_CB024D6F_8C0C7001_10CBF014_25DAF514_1DF19A88_2A71D66B, - 256'h5953DBC6_03379DA9_EFB2069B_D79815B2_F8D99A40_E7FDC4FB_13143D77_53CE1CF9 + 32'hB666A5E2, + 256'h2D3320F8_9CAA47E5_CED5D29C_C9CDB468_773EBACE_C14DA34C_505AEDC7_0EA184C7 }; - // Compile-time random permutation for LFSR output + // Compile-time random permutation for PRNG output parameter kmac_pkg::lfsr_perm_t RndCnstKmacLfsrPerm = { - 64'hA412388E_B94BEA6C, - 256'h303F6E98_BA947313_195941C7_27AA77AD_82BB6A33_0D7158F0_A34905BA_DD82FD2D, - 256'h794A0B20_991F57B4_65F070A7_E305873D_48C16666_0C65C1DE_8E5BC476_4EBB179B, - 256'h97441E8D_C72A0838_538ED55A_E6632F48_60AEB5CF_9ACC14A7_17D0C94D_9C4DC3A6, - 256'h134B2DC8_F0AB3FD4_55DA2909_51A23509_5DEEC52D_2B770FE6_A0D3149D_32CC3A71, - 256'h8A276506_A5E1D49F_100A2999_448832C5_51259721_302C6961_40087668_27A29E81, - 256'hF1D05795_556135AD_568872AD_7267F0AD_F470DF19_86438306_9C731B73_DAB90A7D, - 256'h9A28DA2C_4E3180F8_99DB69A8_38BE0189_6791FD0E_A5522996_737B41A3_DF0B845A, - 256'hF20064BD_AC0605D5_B1CBA801_921B2E71_02782F40_A83B0630_90D2B705_147085AC, - 256'hC5246851_E4989E97_85D02D65_9B0678E1_342C90A9_7A6B0152_7CC4B685_7048B1BF, - 256'h246990CA_0CED2749_CC12EB75_28204C5E_2058956F_0097B868_97C92272_B15D641B, - 256'h87070345_F888D7B7_C44046A8_C00EE060_9B89E031_9F141588_372DCD47_F049757C, - 256'h3B1155F8_F1C4EF91_0C06032F_F3CD4058_0A32E6CA_9C88B0F8_A1B65B41_F8D119A0, - 256'h93263832_19BB8E4F_92CDDA92_5E50C813_32F27827_72F8B546_2758CA5B_1AAAE75A, - 256'h3D675F9A_D957268D_A4A1251E_9AA9EE34_3DAA10D0_76215BB1_B6B26D9D_45720862, - 256'h4DB4813A_B0D6C6C8_E44DD339_58EF884F_27980E00_460000AF_BECA7B60_E29B5020, - 256'hC2CE4406_186E8F4E_4137F1BF_B91A04D2_0235A304_6E899619_07D8C06B_64747404, - 256'h7866A8B7_15BE9C88_5D649D05_D6954F41_31D47111_92408601_6A074B73_A048C664, - 256'hC2B0E00B_EE059C65_589CA0DE_104D9A90_91DFC46A_02D07054_29A448A6_219A31C4, - 256'hFB7B20A0_722CA06D_E38EC196_5A113703_10635672_40BD62A4_AAD38E61_E79E9829, - 256'h214B42FD_716E213E_53362E84_30D5AAD6_9BAAC6B3_C8A12A44_140E7A7A_31B46072, - 256'hDA916202_E51DFD8B_A282EE60_1AD249BC_AA23C750_2D3F6C57_07027C69_E362C0FC, - 256'h4055DC7E_AF16094B_BD99188F_03EACB9C_0BC0E58E_8F81F7DC_297EB09B_74A5880E, - 256'h6619796C_EF8C3CDE_84AE9790_7BAB2842_406FAE8F_D5B5089A_F17B359F_4E1D7A30, - 256'h2125A87B_32D6AF56_E9A4DF7E_DF586942_0D5488E9_29B96D48_2C034F04_631D4481, - 256'h5BE42994_24C1942D_4C351AE9_D93B2CAB_8008A883_C972A489_A5AD549A_805989D5, - 256'hFCF814DB_56346E04_1F20F507_BC50FC4A_BF89263C_595A5443_63665417_13E09983, - 256'hA4E6C7E1_16506454_79916905_4C364E01_63F93718_87D658AE_F0525DE7_A53057DB, - 256'h799DDD1D_1CE8EDF3_44C07C78_5AAF845A_A4CF0895_BC383B06_DB868A86_5CE5716D, - 256'h842E2B0A_5262A6C4_29683C20_985BFB01_AF1C476A_4ABCD145_64637BCE_B8102C85, - 256'hAEE7AAC4_63DBD336_9D9B92E7_FA55A492_1551FFAD_13D70652_3D1E31E2_3323A19A, - 256'h8AC5A7D8_A40EC254_E06B6C17_BDD3208E_88518CE6_60EAAAA0_D855525C_91739648 - }; - - // Compile-time random permutation for forwarding LFSR state - parameter kmac_pkg::lfsr_fwd_perm_t RndCnstKmacLfsrFwdPerm = { - 160'hDDD8EAFF_D1CF7898_08D653C8_5A60ED5C_A7A18028 + 64'h31814580_84094D29, + 256'h114AAF9E_6620F99A_DEC77C9B_A71AC27A_C3B24C36_9A2380EE_E7AD8789_9D20E92F, + 256'h178BA48C_C15C4AD2_88EE8389_C0C94D23_069974B6_781CA794_7D5580D1_56EF1F26, + 256'h87C2918B_C2BB2852_789C6C2A_B686D75A_79D9A0CD_C32DD448_A504159B_466ED4AC, + 256'hED492AC3_430B878B_B97D2D65_4F75D289_7309911D_D65A319B_345F9DCE_184636BA, + 256'h4889E16F_4B19734C_388B5906_D0C25F0F_F1C88DBC_D5C09F09_A8E90A87_1E06312C, + 256'h0D451FC1_1AA10DA1_5F4BC6C1_9FF06800_801923D2_CCA0770E_7B9ECE10_00AB1844, + 256'h55451678_BF2466F1_E609995C_90B4C542_4AEC7C2A_6C17E054_9F8C4570_497A7F23, + 256'h20CDE16B_D5812D31_081779B4_95A6AC71_A2E2C044_95384E7D_9064394B_808500FD, + 256'h5E944E99_0416C628_F2619A16_5B67B515_A66FF91A_A6659B93_5DD19CEA_F9E9432C, + 256'h4ABAFC09_B22E0681_781B27D6_A64B9D31_3078BD9D_62C401BA_5021D19E_07C30836, + 256'hA1AA46AE_B49E643B_1613C672_C5406C3E_3E3CF00C_6AD42E6B_19788B0F_8A1B0192, + 256'h1F8D1198_2E3260C3_217BC09D_58DCDDA5_C81332D9_6F0BE2D5_18631D09_1C6A8E62, + 256'h88A57D62_5CB268DA_4A1251EA_CB999E73_DA7B0D07_6216131B_6176FE58_5AD6C36D, + 256'h204EAAB5_8CE44DD3_3908EF3C_9C203801_180002BD_D829E403_8A594083_06051018, + 256'h5F99E539_7C59DA1D_34BE8D67_A11B64DA_B73CC062_EEA47404_95AECBF2_E1A2ED15, + 256'h92609270_84130447_1118D408_6016A074_B73A0488_52382B0E_00BEA459_C6558A08, + 256'h0DC6B4D8_246EEF87_34B41C1F_DA111229_88668C71_3EDC751E_CF862E63_8EADA39A, + 256'h11368A10_6DD6725B_B72D34AA_BA8960AA_08A4806B_7B91C513_E963610C_356BD5A6, + 256'h10B7E702_284AC5C2_8C1C1360_80F70ED2_8BAB9985_5721CC45_D9D38711_F28DADA0, + 256'h4FE7201C_0C5DBAD6_438F05DC_368C6964_C7B9B224_950884CA_2A88F1D4_0B4FDB15, + 256'hC31669E2_22C0FC40_55D8D293_1609489D_99188F03_EAB2970B_C0E58E8A_81F7DC29, + 256'h7EAF0B58_A5880E66_19796CE7_CBD8DE84_AD07907B_A56F5240_6F94CFDC_7108AE2F, + 256'hEB8D9FC6_DD7C3821_25B1DACE_7EA956EB_78DF7EDF_5869420D_5488E929_B32BB82C, + 256'h034F0463_1D44815B_E4299424_C1942D4C_351AE4EC_B2A80022_A20FC531_122680A6, + 256'h1265989D_5FCF814D_B56346E0_41F20F50_7B610FBE_6A789263_BF55A544_36366541, + 256'h713E0998_39B1F845_9419151E_645A4152_F4938058_FE4D87F1_08AED752_5DE7A530, + 256'h57DB799D_DD1D1CE8_EDF344C0_7C145A11_6A933C22_56EF20EC_1B6E1A2A_197395C5, + 256'hB610B8AC_29498A9B_10A5A0F0_82616E5B_A2BC711D_A92ADA45_15918DEF_3AE040B2, + 256'h16B55EAB_118F6F4C_DA766E4B_9FE95692_485547FE_B44F5C19_48F478C7_88CC8E86, + 256'h6A2B169F_62903B09_5381ADB0_5EF74C82_3A214633_9983AAAA_83615549_7245CE59, + 256'h207353CF_51326915_81A9D80C_594A99A8_7725C437_02304D6A_EBED385B_67193E8D + }; + + // Compile-time random data for PRNG buffer default seed + parameter kmac_pkg::buffer_lfsr_seed_t RndCnstKmacBufferLfsrSeed = { + 32'hAC290425, + 256'h63AE4733_313AD269_6788A873_5B27982F_5007A24A_125F876C_9CA6DDEB_52AC92F5, + 256'h600D2A41_BC465EFE_57AA3B59_BD6B0A40_21636342_0F041ED2_9A965B68_FAEA3E59, + 256'hD4F2E2A0_B42EB9A8_C3AB227B_50766D2E_AEC89EB1_3B07E9BF_4EE42784_136D42C8 }; // Compile-time random permutation for LFSR Message output diff --git a/sw/device/lib/dif/dif_kmac.c b/sw/device/lib/dif/dif_kmac.c index 60bccacb95dc0d..87ec29b9c9d998 100644 --- a/sw/device/lib/dif/dif_kmac.c +++ b/sw/device/lib/dif/dif_kmac.c @@ -237,9 +237,7 @@ dif_result_t dif_kmac_configure(dif_kmac_t *kmac, dif_kmac_config_t config) { // Write entropy seed registers. for (int i = 0; i < kDifKmacEntropySeedWords; ++i) { - mmio_region_write32(kmac->base_addr, - KMAC_ENTROPY_SEED_0_REG_OFFSET + - (ptrdiff_t)i * (ptrdiff_t)sizeof(uint32_t), + mmio_region_write32(kmac->base_addr, KMAC_ENTROPY_SEED_REG_OFFSET, config.entropy_seed[i]); } diff --git a/sw/device/lib/dif/dif_kmac.h b/sw/device/lib/dif/dif_kmac.h index 6bca289f6acd72..6b81ebe55bffb9 100644 --- a/sw/device/lib/dif/dif_kmac.h +++ b/sw/device/lib/dif/dif_kmac.h @@ -134,7 +134,7 @@ enum { * * The length is in 32-bit words. */ - kDifKmacEntropySeedWords = 5, + kDifKmacEntropySeedWords = 9, /** * The offset of the second share within the output state register. */ diff --git a/sw/device/lib/dif/dif_kmac_unittest.cc b/sw/device/lib/dif/dif_kmac_unittest.cc index 979db26203920b..91c7dfe05b94a2 100644 --- a/sw/device/lib/dif/dif_kmac_unittest.cc +++ b/sw/device/lib/dif/dif_kmac_unittest.cc @@ -244,8 +244,7 @@ class KmacTest : public testing::Test, public mock_mmio::MmioTest { void ExpectEntropySeed(const uint32_t *seed) { for (uint32_t i = 0; i < kDifKmacEntropySeedWords; ++i) { - ptrdiff_t offset = KMAC_ENTROPY_SEED_0_REG_OFFSET + i * sizeof(uint32_t); - EXPECT_WRITE32(offset, seed[i]); + EXPECT_WRITE32(KMAC_ENTROPY_SEED_REG_OFFSET, seed[i]); } } @@ -657,8 +656,9 @@ class KmacConfigureTest : public KmacTest { dif_kmac_config_t kmac_config_ = { .entropy_mode = kDifKmacEntropyModeIdle, .entropy_fast_process = false, - .entropy_seed = {0xaa25b4bf, 0x48ce8fff, 0x5a78282a, 0x48465647, - 0x70410fef}, + .entropy_seed = {0x5d2a3764, 0x37d3ecba, 0xe1859094, 0xb153e3fe, + 0x09596819, 0x3e85a6e8, 0xb6dcdaba, 0x50dc409c, + 0x11e1ebd1}, .entropy_hash_threshold = 0x03ff, .entropy_wait_timer = 0xffff, .entropy_prescaler = 0x03ff, diff --git a/sw/device/sca/kmac_serial.c b/sw/device/sca/kmac_serial.c index f5632bd45e6e1b..667677d59150aa 100644 --- a/sw/device/sca/kmac_serial.c +++ b/sw/device/sca/kmac_serial.c @@ -430,8 +430,9 @@ static void kmac_init(void) { dif_kmac_config_t config = (dif_kmac_config_t){ .entropy_mode = kDifKmacEntropyModeSoftware, .entropy_fast_process = kDifToggleDisabled, - .entropy_seed = {0xaa25b4bf, 0x48ce8fff, 0x5a78282a, 0x48465647, - 0x70410fef}, + .entropy_seed = {0x5d2a3764, 0x37d3ecba, 0xe1859094, 0xb153e3fe, + 0x09596819, 0x3e85a6e8, 0xb6dcdaba, 0x50dc409c, + 0x11e1ebd1}, .message_big_endian = kDifToggleDisabled, .output_big_endian = kDifToggleDisabled, .sideload = kDifToggleDisabled, diff --git a/sw/device/sca/sha3_serial.c b/sw/device/sca/sha3_serial.c index 3db388059fa145..0ce924e306330e 100644 --- a/sw/device/sca/sha3_serial.c +++ b/sw/device/sca/sha3_serial.c @@ -76,8 +76,8 @@ static dif_kmac_t kmac; static dif_kmac_config_t config = (dif_kmac_config_t){ .entropy_mode = kDifKmacEntropyModeSoftware, .entropy_fast_process = kDifToggleDisabled, - .entropy_seed = {0xaa25b4bf, 0x48ce8fff, 0x5a78282a, 0x48465647, - 0x70410fef}, + .entropy_seed = {0x5d2a3764, 0x37d3ecba, 0xe1859094, 0xb153e3fe, 0x09596819, + 0x3e85a6e8, 0xb6dcdaba, 0x50dc409c, 0x11e1ebd1}, .message_big_endian = kDifToggleDisabled, .output_big_endian = kDifToggleDisabled, .sideload = kDifToggleDisabled, diff --git a/sw/device/silicon_creator/lib/drivers/kmac.c b/sw/device/silicon_creator/lib/drivers/kmac.c index e9a685e264850b..63a1562964b3df 100644 --- a/sw/device/silicon_creator/lib/drivers/kmac.c +++ b/sw/device/silicon_creator/lib/drivers/kmac.c @@ -55,8 +55,9 @@ enum { static_assert(kShake256KeccakRateWords <= kStateShareSize, "assert SHAKE256 rate is <= share size"); -static const uint32_t kEntropySeed[] = {0xaa25b4bf, 0x48ce8fff, 0x5a78282a, - 0x48465647, 0x70410fef}; +static const uint32_t kEntropySeed[] = {0x5d2a3764, 0x37d3ecba, 0xe1859094, + 0xb153e3fe, 0x09596819, 0x3e85a6e8, + 0xb6dcdaba, 0x50dc409c, 0x11e1ebd1}; /** * KMAC configuration parameters. @@ -204,14 +205,18 @@ static rom_error_t kmac_configure(kmac_config_t config) { cfg_reg, KMAC_CFG_SHADOWED_EN_UNSUPPORTED_MODESTRENGTH_BIT, 0); abs_mmio_write32_shadowed(kBase + KMAC_CFG_SHADOWED_REG_OFFSET, cfg_reg); - // Write entropy seed registers. Even though the values are + // Write entropy seed register. Even though the values are // irrelevant, these registers must be written for the KMAC block to consider // its entropy "ready" and to begin operation. - abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_0_REG_OFFSET, kEntropySeed[0]); - abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_1_REG_OFFSET, kEntropySeed[1]); - abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_2_REG_OFFSET, kEntropySeed[2]); - abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_3_REG_OFFSET, kEntropySeed[3]); - abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_4_REG_OFFSET, kEntropySeed[4]); + abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_REG_OFFSET, kEntropySeed[0]); + abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_REG_OFFSET, kEntropySeed[1]); + abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_REG_OFFSET, kEntropySeed[2]); + abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_REG_OFFSET, kEntropySeed[3]); + abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_REG_OFFSET, kEntropySeed[4]); + abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_REG_OFFSET, kEntropySeed[5]); + abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_REG_OFFSET, kEntropySeed[6]); + abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_REG_OFFSET, kEntropySeed[7]); + abs_mmio_write32(kBase + KMAC_ENTROPY_SEED_REG_OFFSET, kEntropySeed[8]); return kErrorOk; } diff --git a/sw/device/silicon_creator/lib/drivers/kmac_unittest.cc b/sw/device/silicon_creator/lib/drivers/kmac_unittest.cc index a0b96301ab37ea..2ef59ff260ccd3 100644 --- a/sw/device/silicon_creator/lib/drivers/kmac_unittest.cc +++ b/sw/device/silicon_creator/lib/drivers/kmac_unittest.cc @@ -96,11 +96,15 @@ TEST_F(ConfigureTest, SuccessKeyMgr) { (1 << KMAC_CFG_SHADOWED_SIDELOAD_BIT); EXPECT_ABS_WRITE32_SHADOWED(base_ + KMAC_CFG_SHADOWED_REG_OFFSET, cfg); - EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_0_REG_OFFSET, 0xaa25b4bf); - EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_1_REG_OFFSET, 0x48ce8fff); - EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_2_REG_OFFSET, 0x5a78282a); - EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_3_REG_OFFSET, 0x48465647); - EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_4_REG_OFFSET, 0x70410fef); + EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_REG_OFFSET, 0x5d2a3764); + EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_REG_OFFSET, 0x37d3ecba); + EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_REG_OFFSET, 0xe1859094); + EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_REG_OFFSET, 0xb153e3fe); + EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_REG_OFFSET, 0x09596819); + EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_REG_OFFSET, 0x3e85a6e8); + EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_REG_OFFSET, 0xb6dcdaba); + EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_REG_OFFSET, 0x50dc409c); + EXPECT_ABS_WRITE32(base_ + KMAC_ENTROPY_SEED_REG_OFFSET, 0x11e1ebd1); EXPECT_EQ(kmac_keymgr_configure(), kErrorOk); } diff --git a/sw/device/tests/crypto/cryptotest/firmware/kmac_sca.c b/sw/device/tests/crypto/cryptotest/firmware/kmac_sca.c index 8728dc5159c3e9..8ac23bbd1ef82c 100644 --- a/sw/device/tests/crypto/cryptotest/firmware/kmac_sca.c +++ b/sw/device/tests/crypto/cryptotest/firmware/kmac_sca.c @@ -460,8 +460,9 @@ status_t handle_kmac_sca_init(ujson_t *uj) { dif_kmac_config_t config = (dif_kmac_config_t){ .entropy_mode = kDifKmacEntropyModeSoftware, .entropy_fast_process = kDifToggleDisabled, - .entropy_seed = {0xaa25b4bf, 0x48ce8fff, 0x5a78282a, 0x48465647, - 0x70410fef}, + .entropy_seed = {0x5d2a3764, 0x37d3ecba, 0xe1859094, 0xb153e3fe, + 0x09596819, 0x3e85a6e8, 0xb6dcdaba, 0x50dc409c, + 0x11e1ebd1}, .message_big_endian = kDifToggleDisabled, .output_big_endian = kDifToggleDisabled, .sideload = kDifToggleDisabled, diff --git a/sw/device/tests/crypto/cryptotest/firmware/sha3_sca.c b/sw/device/tests/crypto/cryptotest/firmware/sha3_sca.c index aab374c7362259..8fdd9af9844bd3 100644 --- a/sw/device/tests/crypto/cryptotest/firmware/sha3_sca.c +++ b/sw/device/tests/crypto/cryptotest/firmware/sha3_sca.c @@ -69,8 +69,8 @@ static dif_kmac_t kmac; static dif_kmac_config_t config = (dif_kmac_config_t){ .entropy_mode = kDifKmacEntropyModeSoftware, .entropy_fast_process = kDifToggleDisabled, - .entropy_seed = {0xaa25b4bf, 0x48ce8fff, 0x5a78282a, 0x48465647, - 0x70410fef}, + .entropy_seed = {0x5d2a3764, 0x37d3ecba, 0xe1859094, 0xb153e3fe, 0x09596819, + 0x3e85a6e8, 0xb6dcdaba, 0x50dc409c, 0x11e1ebd1}, .message_big_endian = kDifToggleDisabled, .output_big_endian = kDifToggleDisabled, .sideload = kDifToggleDisabled, diff --git a/sw/device/tests/kmac_idle_test.c b/sw/device/tests/kmac_idle_test.c index b01480f9824b3e..e8318a99cef2b7 100644 --- a/sw/device/tests/kmac_idle_test.c +++ b/sw/device/tests/kmac_idle_test.c @@ -136,8 +136,9 @@ bool test_main(void) { // Configure KMAC hardware using software entropy. dif_kmac_config_t config = (dif_kmac_config_t){ .entropy_mode = kDifKmacEntropyModeSoftware, - .entropy_seed = {0xaa25b4bf, 0x48ce8fff, 0x5a78282a, 0x48465647, - 0x70410fef}, + .entropy_seed = {0x5d2a3764, 0x37d3ecba, 0xe1859094, 0xb153e3fe, + 0x09596819, 0x3e85a6e8, 0xb6dcdaba, 0x50dc409c, + 0x11e1ebd1}, .entropy_fast_process = kDifToggleEnabled, }; CHECK_DIF_OK(dif_kmac_configure(&kmac, config)); diff --git a/sw/device/tests/kmac_mode_cshake_test.c b/sw/device/tests/kmac_mode_cshake_test.c index bce70dfe6e6d6f..cbf12a5e95128d 100644 --- a/sw/device/tests/kmac_mode_cshake_test.c +++ b/sw/device/tests/kmac_mode_cshake_test.c @@ -99,8 +99,9 @@ bool test_main(void) { // Configure KMAC hardware using software entropy. dif_kmac_config_t config = (dif_kmac_config_t){ .entropy_mode = kDifKmacEntropyModeSoftware, - .entropy_seed = {0xaa25b4bf, 0x48ce8fff, 0x5a78282a, 0x48465647, - 0x70410fef}, + .entropy_seed = {0x5d2a3764, 0x37d3ecba, 0xe1859094, 0xb153e3fe, + 0x09596819, 0x3e85a6e8, 0xb6dcdaba, 0x50dc409c, + 0x11e1ebd1}, .entropy_fast_process = kDifToggleEnabled, }; CHECK_DIF_OK(dif_kmac_configure(&kmac, config)); diff --git a/sw/device/tests/kmac_mode_kmac_test.c b/sw/device/tests/kmac_mode_kmac_test.c index 8142be6dce2b4c..7bc1823a0f52b9 100644 --- a/sw/device/tests/kmac_mode_kmac_test.c +++ b/sw/device/tests/kmac_mode_kmac_test.c @@ -200,8 +200,9 @@ bool test_main(void) { // Configure KMAC hardware using software entropy. dif_kmac_config_t config = (dif_kmac_config_t){ .entropy_mode = kDifKmacEntropyModeSoftware, - .entropy_seed = {0xaa25b4bf, 0x48ce8fff, 0x5a78282a, 0x48465647, - 0x70410fef}, + .entropy_seed = {0x5d2a3764, 0x37d3ecba, 0xe1859094, 0xb153e3fe, + 0x09596819, 0x3e85a6e8, 0xb6dcdaba, 0x50dc409c, + 0x11e1ebd1}, .entropy_fast_process = kDifToggleEnabled, }; CHECK_DIF_OK(dif_kmac_configure(&kmac, config)); diff --git a/sw/device/tests/kmac_smoketest.c b/sw/device/tests/kmac_smoketest.c index ee6f82aa56da6b..eb75e4c5855853 100644 --- a/sw/device/tests/kmac_smoketest.c +++ b/sw/device/tests/kmac_smoketest.c @@ -292,11 +292,14 @@ bool test_main(void) { CHECK_DIF_OK( dif_kmac_init(mmio_region_from_addr(TOP_EARLGREY_KMAC_BASE_ADDR), &kmac)); - // Configure KMAC hardware using software entropy. + // Configure KMAC hardware using software entropy. The seed has been randomnly + // chosen and is genrated using enerated using + // ./util/design/gen-lfsr-seed.py --width 288 --seed 2034386436 --prefix "" dif_kmac_config_t config = (dif_kmac_config_t){ .entropy_mode = kDifKmacEntropyModeSoftware, - .entropy_seed = {0xaa25b4bf, 0x48ce8fff, 0x5a78282a, 0x48465647, - 0x70410fef}, + .entropy_seed = {0x5d2a3764, 0x37d3ecba, 0xe1859094, 0xb153e3fe, + 0x09596819, 0x3e85a6e8, 0xb6dcdaba, 0x50dc409c, + 0x11e1ebd1}, .entropy_fast_process = kDifToggleEnabled, }; CHECK_DIF_OK(dif_kmac_configure(&kmac, config)); diff --git a/sw/device/tests/sim_dv/csrng_lc_hw_debug_en_test.c b/sw/device/tests/sim_dv/csrng_lc_hw_debug_en_test.c index 213024610e17e1..a795dbeb0ef0d5 100644 --- a/sw/device/tests/sim_dv/csrng_lc_hw_debug_en_test.c +++ b/sw/device/tests/sim_dv/csrng_lc_hw_debug_en_test.c @@ -91,8 +91,9 @@ static void kmac_init(void) { // Configure KMAC hardware using software entropy. dif_kmac_config_t config = (dif_kmac_config_t){ .entropy_mode = kDifKmacEntropyModeSoftware, - .entropy_seed = {0xaa25b4bf, 0x48ce8fff, 0x5a78282a, 0x48465647, - 0x70410fef}, + .entropy_seed = {0x5d2a3764, 0x37d3ecba, 0xe1859094, 0xb153e3fe, + 0x09596819, 0x3e85a6e8, 0xb6dcdaba, 0x50dc409c, + 0x11e1ebd1}, .entropy_fast_process = kDifToggleEnabled, }; CHECK_DIF_OK(dif_kmac_configure(&kmac, config));