Summary

ALERT_TEST

Alert Test Register

• Offset: 0x0
• Reset default: 0x0
• Reset mask: 0x3

Fields

{"reg": [{"name": "recov_ctrl_update_err", "bits": 1, "attr": ["wo"], "rotate": -90}, {"name": "fatal_fault", "bits": 1, "attr": ["wo"], "rotate": -90}, {"bits": 30}], "config": {"lanes": 1, "fontsize": 10, "vspace": 230}}

KEY_SHARE0

Initial Key Registers Share 0.

The actual initial key corresponds to Initial Key Registers Share 0 XORed with Initial Key Registers Share 1. Loaded into the internal Full Key register upon starting encryption/decryption. All key registers (Share 0 and Share 1) must be written at least once when the key is changed. The order in which the registers are updated does not matter. Can only be updated when the Ascon unit is idle. If the Ascon unit is non-idle, writes to these registers are ignored. Upon reset, these registers are cleared with pseudo-random data.

• Reset default: 0x0
• Reset mask: 0xffffffff

Instances

Fields

{"reg": [{"name": "key_share0", "bits": 32, "attr": ["wo"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}

KEY_SHARE1

Initial Key Registers Share 1.

The actual initial key corresponds to Initial Key Registers Share 0 XORed with Initial Key Registers Share 1. Loaded into the internal Full Key register upon starting encryption/decryption. All key registers (Share 0 and Share 1) must be written at least once when the key is changed. The order in which the registers are updated does not matter. Can only be updated when the Ascon unit is idle. If the Ascon unit is non-idle, writes to these registers are ignored. Upon reset, these registers are cleared with pseudo-random data.

• Reset default: 0x0
• Reset mask: 0xffffffff

Instances

Fields

{"reg": [{"name": "key_share1", "bits": 32, "attr": ["wo"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}

NONCE_SHARE0

Input Nonce Register Share 0. The actual data corresponds to Nonce Input Registers Share 0 XORed with Nonce Input Registers Share 1. If SW does not want to provide the Nonce masked, it can simply set one share to all zeros and provide the unmasked nonce in the other share. All nonce registers (Share 0 and Share 1) must be written each time a new message is processed. Ascon requires the nonce to be unique for each message. However there are no hardware checks to enforce this. The order in which the registers are updated does not matter. If the user fails to update the register the ERROR.NO_NONCE Register is set. Can only be updated when the Ascon unit is idle. If the Ascon unit is non-idle, writes to these registers are ignored. Upon reset, these registers are cleared with pseudo-random data.

• Reset default: 0x0
• Reset mask: 0xffffffff

Instances

Fields

{"reg": [{"name": "nonce", "bits": 32, "attr": ["wo"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}

NONCE_SHARE1

Input Nonce Register Share 1. The actual data corresponds to Nonce Input Registers Share 0 XORed with Nonce Input Registers Share 1. If SW does not want to provide the Nonce masked, it can simply set one share to all zeros and provide the unmasked nonce in the other share. All nonce registers (Share 0 and Share 1) must be written each time a new message is processed. Ascon requires the nonce to be unique for each message However there are no hardware checks to enforce this. The order in which the registers are updated does not matter. If the user fails to update the register the ERROR.NO_NONCE Register is set. Can only be updated when the Ascon unit is idle. If the Ascon unit is non-idle, writes to these registers are ignored. Upon reset, these registers are cleared with pseudo-random data.

• Reset default: 0x0
• Reset mask: 0xffffffff

Instances

Fields

{"reg": [{"name": "nonce", "bits": 32, "attr": ["wo"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}

DATA_IN_SHARE0

Input Data Register 0. The actual data corresponds to Data Input Registers Share 0 XORed with Data Input Registers Share 1. This register holds Share 0 of one input block. This is either the associated data, plaintext or the ciphertext, depending on the mode. All registers must be written each time a new block is processed. Otherwise the engine stalls until all registers have been written. For Ascon 128 the upper 64 bit can be set to any value For partial blocks the unused bytes can be set to any value. The order in which the registers are updated does not matter.

• Reset default: 0x0
• Reset mask: 0xffffffff

Instances

Fields

{"reg": [{"name": "msg_in", "bits": 32, "attr": ["wo"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}

DATA_IN_SHARE1

Data Input Register Share 1 The actual message corresponds to Data Input Registers Share 0 XORed with Data Input Registers Share 1. This register holds Share 1 of one data input block. This is either the associated data, plaintext or the ciphertext, depending on the mode. If CTRL_SHADOWED.masked_{ad,msg}input = 1, all registers must be written each time a block of associated data or message is processed If CTRL_SHADOWED.masked{ad,msg}_input = 0, the write operation tracking for these registers is disabled. Software should set Share 1 to all zeros before the first block of associated data / message is written to Share 0. This basically disables input masking. For Ascon 128 the upper 64 bit can be set to any value. For partial blocks the unused bytes can be set to any value. The order in which the registers are updated does not matter.

• Reset default: 0x0
• Reset mask: 0xffffffff

Instances

Fields

{"reg": [{"name": "msg_in", "bits": 32, "attr": ["wo"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}

TAG_IN

Input TAG Register. This register holds the expected tag for authenticated decryption. All registers must be written each time a new decryption is started. The order in which the registers are updated does not matter. Upon reset, these registers are cleared with pseudo-random data.

• Reset default: 0x0
• Reset mask: 0xffffffff

Instances

Fields

{"reg": [{"name": "tag_in", "bits": 32, "attr": ["wo"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}

MSG_OUT

Output Data Register. Holds the output data produced by the Ascon unit during the last encryption/decryption operation. If CTRL_AUX_SHADOWED.force_data_overwrite = 0 (see Control Register), the Ascon unit is stalled when the previous output data has not yet been read and is about to be overwritten. Each register has to be read at least once. The order in which the registers are read does not matter. Upon reset, these registers are cleared with pseudo-random data.

• Reset default: 0x0
• Reset mask: 0xffffffff

Instances

Fields

{"reg": [{"name": "msg_out", "bits": 32, "attr": ["ro"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}

TAG_OUT

Output Tag Register. Holds the computed tag that is produced by the Ascon unit during an authenticated encryption/decryption. Each register has to be read at least once for encryption. For decryption the read is optional, but allows software to double check the result. The order in which the registers are read does not matter. Upon reset, these registers are cleared with pseudo-random data.

• Reset default: 0x0
• Reset mask: 0xffffffff

Instances

Fields

{"reg": [{"name": "tag_out", "bits": 32, "attr": ["ro"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}

CTRL_SHADOWED

Control Register. Can only be updated when the Ascon unit is idle. If the Ascon unit is non-idle, writes to this register are ignored. This register is shadowed, meaning two subsequent write operations are required to change its content. If the two write operations try to set a different value, a recoverable alert is triggered (See Status Register). A read operation clears the internal phase tracking: The next write operation is always considered a first write operation of an update sequence. Any write operation to this register will clear the status tracking required for automatic mode (See CTRL_AUX_SHADOWED.manual_start_trigger). A write to the Control Register is considered the start of a new message. Hence, software needs to provide a new Nonce and input data afterwards.

• Offset: 0x94
• Reset default: 0x0
• Reset mask: 0xff

Fields

{"reg": [{"name": "OPERATION", "bits": 3, "attr": ["rw"], "rotate": -90}, {"name": "SIDELOAD_KEY", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "MASKED_AD_INPUT", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "MASKED_MSG_INPUT", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "NO_MSG", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "NO_AD", "bits": 1, "attr": ["rw"], "rotate": -90}, {"bits": 24}], "config": {"lanes": 1, "fontsize": 10, "vspace": 180}}

CTRL_SHADOWED . NO_AD

There is no (1) associated data to be processed. There is (0) associated data.

CTRL_SHADOWED . NO_MSG

There is no (1) message (plaintext/ciphertext) to be processed. There is (0) a message.

CTRL_SHADOWED . MASKED_MSG_INPUT

Controls whether the message input is provided in shares (1) or not (0). If the input is provided in shares all registers of both shares must be written for each input block. If set to 0, the write operation tracking of Share 1 is disabled. Software should set Share 1 to all zeros before the first block of the message is written to Share 0. It does not need to be rewritten for each block. Once all registers of Share 0 have been written, Ascon starts to process the data depending on the CTRL_AUX_SHADOWED.manual_start_trigger.

CTRL_SHADOWED . MASKED_AD_INPUT

Controls whether the associated data input is provided in shares (1) or not (0). If the input is provided in shares all registers of both shares must be written for each input block. If set to 0, the write operation tracking of Share 1 is disabled. Software should set Share 1 to all zeros before the first block of associated data is written to Share 0. It does not need to be rewritten for each block. Once all registers of Share 0 have been written, Ascon starts to process the data depending on the CTRL_AUX_SHADOWED.manual_start_trigger.

CTRL_SHADOWED . SIDELOAD_KEY

Controls whether the Ascon unit uses the key provided by the key manager via key sideload interface (1) or the key provided by software via Initial Key Registers KEY_SHARE1 and KEY_SHARE_0 (0).

CTRL_SHADOWED . OPERATION

Specifies which operation ascon should perform. There are: Enc, Dec, XOF (not implemented yet) They are one-hot encoded

Other values are reserved.

CTRL_AUX_SHADOWED

Auxiliary Control Register. This register is shadowed, meaning two subsequent write operations are required to change its content. If the two write operations try to set a different value, a recoverable alert is triggered (See Status Register). A read operation clears the internal phase tracking: The next write operation is always considered a first write operation of an update sequence. These configuration options are only used for special cases during development and can therefore be locked to the default values. For normal operation these options should all be set to zero.

• Offset: 0x98
• Reset default: 0x0
• Reset mask: 0x3
• Register enable: CTRL_AUX_REGWEN

Fields

{"reg": [{"name": "MANUAL_START_TRIGGER", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "FORCE_DATA_OVERWRITE", "bits": 1, "attr": ["rw"], "rotate": -90}, {"bits": 30}], "config": {"lanes": 1, "fontsize": 10, "vspace": 220}}

CTRL_AUX_REGWEN

Lock bit for Auxiliary Control Register.

• Offset: 0x9c
• Reset default: 0x1
• Reset mask: 0x1

Fields

{"reg": [{"name": "CTRL_AUX_REGWEN", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"bits": 31}], "config": {"lanes": 1, "fontsize": 10, "vspace": 170}}

BLOCK_CTRL_SHADOWED

Block Control Register. This register is shadowed, meaning two subsequent write operations are required to change its content. If the two write operations try to set a different value, a recoverable alert is triggered (See Status Register). A read operation clears the internal phase tracking: The next write operation is always considered a first write operation of an update sequence. This register has to be written at least for each first and last block of message, associated data. Intermediate blocks are expected to be of full block size. If there’s only one block of data, all three fields: valid_bytes, data_type_last and data_type_start must be set.

• Offset: 0xa0
• Reset default: 0x1f000000
• Reset mask: 0x1fffffff

Fields

{"reg": [{"name": "DATA_TYPE_START", "bits": 12, "attr": ["rw"], "rotate": 0}, {"name": "DATA_TYPE_LAST", "bits": 12, "attr": ["rw"], "rotate": 0}, {"name": "VALID_BYTES", "bits": 5, "attr": ["rw"], "rotate": -90}, {"bits": 3}], "config": {"lanes": 1, "fontsize": 10, "vspace": 130}}

TRIGGER

Trigger Register. Each bit is individually cleared to zero when executing the corresponding trigger. While executing any of the triggered operations, the Ascon unit will set the IDLE bit in the Status Register to zero. The processor must check the Status Register before triggering further actions. For example, writes to Initial Key and nonce Registers are ignored while the Ascon unit is busy. Writes to the Message and associated data Registers are not ignored but the data will be cleared if a WIPE operation is pending.

• Offset: 0xa4
• Reset default: 0x0
• Reset mask: 0x3

Fields

{"reg": [{"name": "START", "bits": 1, "attr": ["rw"], "rotate": -90}, {"name": "WIPE", "bits": 1, "attr": ["rw"], "rotate": -90}, {"bits": 30}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}

STATUS

Status Register

• Offset: 0xa8
• Reset default: 0x0
• Reset mask: 0xff

Fields

{"reg": [{"name": "IDLE", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "STALL", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "WAIT_EDN", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "ASCON_ERROR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "ALERT_RECOV_CTRL_UPDATE_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "ALERT_RECOV_CTRL_AUX_UPDATE_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "ALERT_RECOV_BLOCK_CTRL_UPDATE_ERR", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "ALERT_FATAL_FAULT", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 24}], "config": {"lanes": 1, "fontsize": 10, "vspace": 350}}

STATUS . ALERT_FATAL_FAULT

No fatal fault has occurred inside the Asconunit (0). A fatal fault has occurred and the Ascon unit needs to be reset (1). Examples for fatal faults include i) storage errors in the Control Register, ii) if any internal FSM enters an invalid state, iii) if any sparsely encoded signal takes on an invalid value, iv) errors in the internal round counter, v) escalations triggered by the life cycle controller, and vi) fatal integrity failures on the TL-UL bus.

STATUS . ALERT_RECOV_BLOCK_CTRL_UPDATE_ERR

An update error has not occurred (0) or has occurred (1) in the shadowed block Control Register. The register has to be rewritten.

STATUS . ALERT_RECOV_CTRL_AUX_UPDATE_ERR

An update error has not occurred (0) or has occurred (1) in the shadowed Auxiliary Control Register. The register has to be rewritten.

STATUS . ALERT_RECOV_CTRL_UPDATE_ERR

An update error has not occurred (0) or has occurred (1) in the shadowed Control Register. Ascon operation needs to be restarted by re-writing the Control Register.

STATUS . ASCON_ERROR

An error due to a misconfiguration has happened. The user should read out the error register for more information

STATUS . WAIT_EDN

The Ascon unit is waiting for new entropy.

STATUS . STALL

The Ascon unit is not stalled (0) or stalled (1) because there is previous output data that must be read by the processor before the Ascon unit can overwrite this data.

STATUS . IDLE

The Ascon unit is idle (0) or busy (1).

OUTPUT_VALID

Output Valid Register This register specifies which output register contains valid data and should be read next. It also contains the status information whether the TAG comparison was valid or not.

• Offset: 0xac
• Reset default: 0x0
• Reset mask: 0x1f

Fields

{"reg": [{"name": "DATA_TYPE", "bits": 3, "attr": ["ro"], "rotate": -90}, {"name": "TAG_COMPARISON_VALID", "bits": 2, "attr": ["ro"], "rotate": -90}, {"bits": 27}], "config": {"lanes": 1, "fontsize": 10, "vspace": 220}}

FSM_STATE

Main FSM State register. These registers can be used for debugging the internal state of ASCON’s FSM. The read can be blocked with the FSM_STATE_REGREN register

• Offset: 0xb0
• Reset default: 0x0
• Reset mask: 0xffffffff

Fields

{"reg": [{"name": "MAIN_FSM", "bits": 32, "attr": ["ro"], "rotate": 0}], "config": {"lanes": 1, "fontsize": 10, "vspace": 80}}

FSM_STATE_REGREN

Lock bit for Auxiliary Control Register.

• Offset: 0xb4
• Reset default: 0x1
• Reset mask: 0x1

Fields

{"reg": [{"name": "FSM_STATE_REGREN", "bits": 1, "attr": ["rw0c"], "rotate": -90}, {"bits": 31}], "config": {"lanes": 1, "fontsize": 10, "vspace": 180}}

ERROR

Error Register. Error register for errors caused by user’s misconfiguration. To clear the error, a wipe must be triggered.

• Offset: 0xb8
• Reset default: 0x0
• Reset mask: 0xf

Fields

{"reg": [{"name": "NO_KEY", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "NO_NONCE", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "WRONG_ORDER", "bits": 1, "attr": ["ro"], "rotate": -90}, {"name": "FLAG_INPUT_MISSMATCH", "bits": 1, "attr": ["ro"], "rotate": -90}, {"bits": 28}], "config": {"lanes": 1, "fontsize": 10, "vspace": 220}}