Hardware Interfaces and Registers

Interfaces

Referring to the Comportable guideline for peripheral device functionality, the module kmac has the following hardware interfaces defined.

Primary Clock: clk_i

Other Clocks: clk_edn_i

Bus Device Interfaces (TL-UL): tl

Bus Host Interfaces (TL-UL): none

Peripheral Pins for Chip IO: none

Inter-Module Signals: Reference

Inter-Module Signals
Port Name Package::Struct Type Act Width Description
keymgr_key keymgr_pkg::hw_key_req uni rcv 1
app kmac_pkg::app req_rsp rsp 3
entropy edn_pkg::edn req_rsp req 1
idle prim_mubi_pkg::mubi4 uni req 1
en_masking logic uni req 1
lc_escalate_en lc_ctrl_pkg::lc_tx uni rcv 1
tl tlul_pkg::tl req_rsp rsp 1

Interrupts:

Interrupt NameTypeDescription
kmac_doneEvent

KMAC/SHA3 absorbing has been completed

fifo_emptyEvent

Message FIFO empty condition

kmac_errEvent

KMAC/SHA3 error occurred. ERR_CODE register shows the details

Security Alerts:

Alert NameDescription
recov_operation_err

Alert for KMAC operation error. It occurs when the shadow registers have update errors.

fatal_fault_err

This fatal alert is triggered when a fatal error is detected inside the KMAC unit. Examples for such faults include: i) TL-UL bus integrity fault. ii) Storage errors in the shadow registers. iii) Errors in the message, round, or key counter. iv) Any internal FSM entering an invalid state. v) An error in the redundant lfsr. The KMAC unit cannot recover from such an error and needs to be reset.

Security Countermeasures:

Countermeasure IDDescription
KMAC.BUS.INTEGRITY

End-to-end bus integrity scheme.

KMAC.LC_ESCALATE_EN.INTERSIG.MUBI

The global escalation input signal from the life cycle is multibit encoded

KMAC.SW_KEY.KEY.MASKING

Data storage and secret key are two share to guard against 1st order attack.

KMAC.KEY.SIDELOAD

Key from KeyMgr is sideloaded.

KMAC.CFG_SHADOWED.CONFIG.SHADOW

Shadowed CFG register.

KMAC.FSM.SPARSE

FSMs in KMAC are sparsely encoded.

KMAC.CTR.REDUN

Round counter, key index counter, sentmsg counter and hash counter use prim_count for redundancy

KMAC.PACKER.CTR.REDUN

Packer Position counter uses prim_count for redundancy

KMAC.CFG_SHADOWED.CONFIG.REGWEN

CFG_SHADOWED is protected by REGWEN

KMAC.FSM.GLOBAL_ESC

Escalation moves all sparse FSMs into an invalid state.

KMAC.FSM.LOCAL_ESC

Local fatal faults move all sparse FSMs into an invalid state.

KMAC.LOGIC.INTEGRITY

The reset net for the internal state register and critical nets around the output register are buried.

KMAC.ABSORBED.CTRL.MUBI

absorbed signal is mubi4_t type to protect against FI attacks.

KMAC.SW_CMD.CTRL.SPARSE

sw_cmd and related signals are sparse encoded to protect against FI attacks.

Registers

Summary
Name Offset Length Description
kmac.INTR_STATE 0x0 4

Interrupt State Register

kmac.INTR_ENABLE 0x4 4

Interrupt Enable Register

kmac.INTR_TEST 0x8 4

Interrupt Test Register

kmac.ALERT_TEST 0xc 4

Alert Test Register

kmac.CFG_REGWEN 0x10 4

Controls the configurability of CFG_SHADOWED register.

kmac.CFG_SHADOWED 0x14 4

KMAC Configuration register.

kmac.CMD 0x18 4

KMAC/ SHA3 command register.

kmac.STATUS 0x1c 4

KMAC/SHA3 Status register.

kmac.ENTROPY_PERIOD 0x20 4

Entropy Timer Periods.

kmac.ENTROPY_REFRESH_HASH_CNT 0x24 4

Entropy Refresh Counter

kmac.ENTROPY_REFRESH_THRESHOLD_SHADOWED 0x28 4

Entropy Refresh Threshold

kmac.ENTROPY_SEED_0 0x2c 4

Entropy Seed

kmac.ENTROPY_SEED_1 0x30 4

Entropy Seed

kmac.ENTROPY_SEED_2 0x34 4

Entropy Seed

kmac.ENTROPY_SEED_3 0x38 4

Entropy Seed

kmac.ENTROPY_SEED_4 0x3c 4

Entropy Seed

kmac.KEY_SHARE0_0 0x40 4

KMAC Secret Key

kmac.KEY_SHARE0_1 0x44 4

KMAC Secret Key

kmac.KEY_SHARE0_2 0x48 4

KMAC Secret Key

kmac.KEY_SHARE0_3 0x4c 4

KMAC Secret Key

kmac.KEY_SHARE0_4 0x50 4

KMAC Secret Key

kmac.KEY_SHARE0_5 0x54 4

KMAC Secret Key

kmac.KEY_SHARE0_6 0x58 4

KMAC Secret Key

kmac.KEY_SHARE0_7 0x5c 4

KMAC Secret Key

kmac.KEY_SHARE0_8 0x60 4

KMAC Secret Key

kmac.KEY_SHARE0_9 0x64 4

KMAC Secret Key

kmac.KEY_SHARE0_10 0x68 4

KMAC Secret Key

kmac.KEY_SHARE0_11 0x6c 4

KMAC Secret Key

kmac.KEY_SHARE0_12 0x70 4

KMAC Secret Key

kmac.KEY_SHARE0_13 0x74 4

KMAC Secret Key

kmac.KEY_SHARE0_14 0x78 4

KMAC Secret Key

kmac.KEY_SHARE0_15 0x7c 4

KMAC Secret Key

kmac.KEY_SHARE1_0 0x80 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_1 0x84 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_2 0x88 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_3 0x8c 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_4 0x90 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_5 0x94 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_6 0x98 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_7 0x9c 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_8 0xa0 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_9 0xa4 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_10 0xa8 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_11 0xac 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_12 0xb0 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_13 0xb4 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_14 0xb8 4

KMAC Secret Key, 2nd share.

kmac.KEY_SHARE1_15 0xbc 4

KMAC Secret Key, 2nd share.

kmac.KEY_LEN 0xc0 4

Secret Key length in bit.

kmac.PREFIX_0 0xc4 4

cSHAKE Prefix register.

kmac.PREFIX_1 0xc8 4

cSHAKE Prefix register.

kmac.PREFIX_2 0xcc 4

cSHAKE Prefix register.

kmac.PREFIX_3 0xd0 4

cSHAKE Prefix register.

kmac.PREFIX_4 0xd4 4

cSHAKE Prefix register.

kmac.PREFIX_5 0xd8 4

cSHAKE Prefix register.

kmac.PREFIX_6 0xdc 4

cSHAKE Prefix register.

kmac.PREFIX_7 0xe0 4

cSHAKE Prefix register.

kmac.PREFIX_8 0xe4 4

cSHAKE Prefix register.

kmac.PREFIX_9 0xe8 4

cSHAKE Prefix register.

kmac.PREFIX_10 0xec 4

cSHAKE Prefix register.

kmac.ERR_CODE 0xf0 4

KMAC/SHA3 Error Code

kmac.STATE 0x400 512

Keccak State (1600 bit) memory.

kmac.MSG_FIFO 0x800 2048

Message FIFO.

kmac.INTR_STATE @ 0x0

Interrupt State Register

Reset default = 0x0, mask 0x7
31302928272625242322212019181716
 
1514131211109876543210
  kmac_err fifo_empty kmac_done
BitsTypeResetNameDescription
0rw1c0x0kmac_done

KMAC/SHA3 absorbing has been completed

1rw1c0x0fifo_empty

Message FIFO empty condition

2rw1c0x0kmac_err

KMAC/SHA3 error occurred. ERR_CODE register shows the details


kmac.INTR_ENABLE @ 0x4

Interrupt Enable Register

Reset default = 0x0, mask 0x7
31302928272625242322212019181716
 
1514131211109876543210
  kmac_err fifo_empty kmac_done
BitsTypeResetNameDescription
0rw0x0kmac_done

Enable interrupt when INTR_STATE.kmac_done is set.

1rw0x0fifo_empty

Enable interrupt when INTR_STATE.fifo_empty is set.

2rw0x0kmac_err

Enable interrupt when INTR_STATE.kmac_err is set.


kmac.INTR_TEST @ 0x8

Interrupt Test Register

Reset default = 0x0, mask 0x7
31302928272625242322212019181716
 
1514131211109876543210
  kmac_err fifo_empty kmac_done
BitsTypeResetNameDescription
0wo0x0kmac_done

Write 1 to force INTR_STATE.kmac_done to 1.

1wo0x0fifo_empty

Write 1 to force INTR_STATE.fifo_empty to 1.

2wo0x0kmac_err

Write 1 to force INTR_STATE.kmac_err to 1.


kmac.ALERT_TEST @ 0xc

Alert Test Register

Reset default = 0x0, mask 0x3
31302928272625242322212019181716
 
1514131211109876543210
  fatal_fault_err recov_operation_err
BitsTypeResetNameDescription
0wo0x0recov_operation_err

Write 1 to trigger one alert event of this kind.

1wo0x0fatal_fault_err

Write 1 to trigger one alert event of this kind.


kmac.CFG_REGWEN @ 0x10

Controls the configurability of CFG_SHADOWED register.

Reset default = 0x1, mask 0x1

This register ensures the contents of CFG_SHADOWED register cannot be changed by the software while the KMAC/SHA3 is in operation mode.

31302928272625242322212019181716
 
1514131211109876543210
  en
BitsTypeResetNameDescription
0ro0x1en

Configuration enable.


kmac.CFG_SHADOWED @ 0x14

KMAC Configuration register.

Reset default = 0x0, mask 0x71b133f
Register enable = CFG_REGWEN

This register is updated when the hashing engine is in Idle. If the software updates the register while the engine computes, the updated value will be discarded.

31302928272625242322212019181716
  en_unsupported_modestrength err_processed entropy_ready   msg_mask entropy_fast_process   entropy_mode
1514131211109876543210
  sideload   state_endianness msg_endianness   mode kstrength kmac_en
BitsTypeResetNameDescription
0rw0x0kmac_en

KMAC datapath enable.

If this bit is 1, the incoming message is processed in KMAC with the secret key.

3:1rw0x0kstrength

Hashing Strength

3 bit field to select the security strength of SHA3 hashing engine. If mode field is set to SHAKE or cSHAKE, only 128 and 256 strength can be selected. Other value will result error when hashing starts.

0x0L128

128 bit strength. Keccak rate is 1344 bit

0x1L224

224 bit strength. Keccak rate is 1152 bit

0x2L256

256 bit strength. Keccak rate is 1088 bit

0x3L384

384 bit strength. Keccak rate is 832 bit

0x4L512

512 bit strength. Keccak rate is 576 bit

Other values are reserved.

5:4rw0x0mode

Keccak hashing mode.

This module supports SHA3 main hashing algorithm and the part of its derived functions, SHAKE and cSHAKE with limitations. This field is to select the mode.

0x0SHA3

SHA3 hashing mode. It appends 2'b 10 to the end of msg

0x2SHAKE

SHAKE hashing mode. It appends 1111 to the end of msg

0x3cSHAKE

cSHAKE hashing mode. It appends 00 to the end of msg

Other values are reserved.

7:6Reserved
8rw0x0msg_endianness

Message Endianness.

If 1 then each individual multi-byte value, regardless of its alignment, written to MSG_FIFO will be added to the message in big-endian byte order. If 0, each value will be added to the message in little-endian byte order. A message written to MSG_FIFO one byte at a time will not be affected by this setting. From a hardware perspective byte swaps are performed on a TL-UL word granularity.

9rw0x0state_endianness

State Endianness.

If 1 then each individual word in the STATE output register is converted to big-endian byte order. The order of the words in relation to one another is not changed. This setting does not affect how the state is interpreted during computation.

11:10Reserved
12rw0x0sideload

Sideloaded Key.

If 1, KMAC uses KeyMgr sideloaded key for SW initiated KMAC operation. KMAC uses the sideloaded key regardless of this configuration when KeyMgr initiates the KMAC operation for Key Derivation Function (KDF).

15:13Reserved
17:16rw0x0entropy_mode

Entropy Mode

Using this field, software can configure mode of operation of the internal pseudo-random number generator (PRNG). For the hardware to actually switch to an entropy mode other than the default idle_mode, software further needs to set the CFG_SHADOWED.entropy_ready bit. After that point, the hardware cannot be made to return to idle_mode unless the module is reset.

0x0idle_mode

Default mode after reset.

The sole purpose of this mode is to enable ROM_CTRL operation right after coming out of reset.

The internal PRNG is not reseeded with fresh entropy, nor updated while the core operates. It should therefore not be used after this very initial stage. Software should setup a different mode and set CFG_SHADOWED.entropy_ready as early as possible.

The module cannot be made to return to idle_mode once any of the other modes have been used.

0x1edn_mode

Receive fresh entropy from EDN for reseeding the internal PRNG.

This entropy mode is to be used for regular operation.

Once the CFG_SHADOWED.entropy_ready bit is set after reset, the module requests fresh entropy from EDN for reseeding the internal PRNG. Only after that, the module can start processing commands. Depending on CFG_SHADOWED, the internal PRNG is then used for (re-)masking inputs (prefix, key, message) and intermediate results of the Keccak core.

Depending on ENTROPY_PERIOD, the module will periodically reseed the internal PRNG with fresh entropy from EDN. Using CMD.entropy_req software can manually initiate the reseeding.

0x2sw_mode

Receive initial entropy from software for reseeding the internal PRNG.

This entropy mode is a fall-back option to be used if the entropy complex is not available.

Once the CFG_SHADOWED.entropy_ready bit is set after reset, the module will wait for software to write each of the ENTROPY_SEED_0 - ENTROPY_SEED_4 registers exactly once and in ascending order. Only after that, the module can start processing commands. Depending on CFG_SHADOWED, the internal PRNG is then used for (re-)masking inputs (prefix, key, message) and intermediate results of the Keccak core.

After this point, the PRNG can no longer be reseeded by software - also after switching back into this mode from edn_mode. However, it is possible to switch to edn_mode.

Other values are reserved.

18Reserved
19rw0x0entropy_fast_process

Entropy Fast process mode.

If 1, entropy logic uses garbage data while not processing the KMAC key block. It will re-use previous entropy value and will not expand the entropy when it is consumed. Only it refreshes the entropy while processing the secret key block. This process should not be used if SCA resistance is required because it may cause side channel leakage.

20rw0x0msg_mask

Message Masking with PRNG.

If 1, KMAC applies PRNG to the input messages to the Keccak module when KMAC mode is on.

23:21Reserved
24rw0x0entropy_ready

Entropy Ready status.

Software sets this field to allow the entropy generator in KMAC to fetch the entropy and run.

25rw0x0err_processed

When error occurs and one of the state machine stays at Error handling state, SW may process the error based on ERR_CODE, then let FSM back to the reset state

26rw0x0en_unsupported_modestrength

Enable Unsupported Mode and Strength configs.

SW may set this field for KMAC to move forward with unsupported Keccak Mode and Strength configurations, such as cSHAKE512.

If not set, KMAC won't propagate the SW command (CmdStart) to the rest of the blocks (AppIntf, KMAC Core, SHA3).


kmac.CMD @ 0x18

KMAC/ SHA3 command register.

Reset default = 0x0, mask 0x33f

This register is to control the KMAC to start accepting message, to process the message, and to manually run additional keccak rounds at the end. Only at certain stage, the CMD affects to the control logic. It follows the sequence of

start --> process --> {run if needed --> } done

31302928272625242322212019181716
 
1514131211109876543210
  hash_cnt_clr entropy_req   cmd
BitsTypeResetNameDescription
5:0r0w1cxcmd

Issue a command to the KMAC/SHA3 IP. The command is sparse encoded. To prevent sw from writing multiple commands at once, the field is defined as enum.

0x1dstart

Writing 6'b011101 or dec 29 into this field when KMAC/SHA3 is in idle, KMAC/SHA3 begins its operation.

If the mode is cSHAKE, before receiving the message, the hashing logic processes Function name string N and customization input string S first. If KMAC mode is enabled, additionally it processes secret key block.

0x2eprocess

Writing 6'b101110 or dec 46 into this field when KMAC/SHA3 began its operation and received the entire message, it computes the digest or signing.

0x31run

The run field is used in the sponge squeezing stage. It triggers the keccak round logic to run full 24 rounds. This is optional and used when software needs more digest bits than the keccak rate.

It only affects when the kmac/sha3 operation is completed.

0x16done

Writing 6'b010110 or dec 22 into this field when KMAC/SHA3 squeezing is completed, KMAC/SHA3 hashing engine clears internal variables and goes back to Idle state for next command.

Other values are reserved.

7:6Reserved
8r0w1cxentropy_req

SW triggered Entropy Request

If writes 1 to this field

9r0w1cxhash_cnt_clr

If writes 1, it clears the hash (KMAC) counter in the entropy module


kmac.STATUS @ 0x1c

KMAC/SHA3 Status register.

Reset default = 0x4001, mask 0x3df07
31302928272625242322212019181716
  ALERT_RECOV_CTRL_UPDATE_ERR ALERT_FATAL_FAULT
1514131211109876543210
fifo_full fifo_empty   fifo_depth   sha3_squeeze sha3_absorb sha3_idle
BitsTypeResetNameDescription
0ro0x1sha3_idle

If 1, SHA3 hashing engine is in idle state.

1roxsha3_absorb

If 1, SHA3 is receiving message stream and processing it

2roxsha3_squeeze

If 1, SHA3 completes sponge absorbing stage. In this stage, SW can manually run the hashing engine.

7:3Reserved
12:8roxfifo_depth

Count of occupied entries in the message FIFO.

13Reserved
14ro0x1fifo_empty

Message FIFO Empty indicator.

The FIFO's Pass parameter is set to 1'b 1. So, by default, if the SHA engine is ready, the write data to FIFO just passes through.

In this case, fifo_depth remains 0. fifo_empty, however, lowers the value to 0 for a cycle, then goes back to the empty state, 1.

See the "Message FIFO" section in the spec for the reason.

15roxfifo_full

Message FIFO Full indicator

16ro0x0ALERT_FATAL_FAULT

No fatal fault has occurred inside the KMAC unit (0). A fatal fault has occured and the KMAC unit needs to be reset (1), Examples for such faults include i) TL-UL bus integrity fault ii) storage errors in the shadow registers iii) errors in the message, round, or key counter iv) any internal FSM entering an invalid state v) an error in the redundant lfsr

17ro0x0ALERT_RECOV_CTRL_UPDATE_ERR

An update error has not occurred (0) or has occured (1) in the shadowed Control Register. KMAC operation needs to be restarted by re-writing the Control Register.


kmac.ENTROPY_PERIOD @ 0x20

Entropy Timer Periods.

Reset default = 0x0, mask 0xffff03ff
Register enable = CFG_REGWEN
31302928272625242322212019181716
wait_timer
1514131211109876543210
  prescaler
BitsTypeResetNameDescription
9:0rw0x0prescaler

EDN Wait timer prescaler.

EDN Wait timer has 16 bit value. The timer value is increased when the timer pulse is generated. Timer pulse is raises when the number of the clock cycles hit this prescaler value.

The exact period of the timer pulse is unknown as the KMAC input clock may contain jitters.

15:10Reserved
31:16rw0x0wait_timer

EDN request wait timer.

The entropy module in KMAC waits up to this field in the timer pulse after it sends request to EDN module. If the timer expires, the entropy module moves to an error state and notifies to the system.

If 0, the entropy module waits the EDN response always. If EDN does not respond in this configuration, the software shall reset the IP.


Entropy Refresh Counter

Reset default = 0x0, mask 0x3ff
Register enable = CFG_REGWEN

KMAC entropy can be refreshed after the given threshold KMAC operations run. If the KMAC hash counter ENTROPY_REFRESH_HASH_CNT hits (GTE) the configured threshold ENTROPY_REFRESH_THRESHOLD_SHADOWED, the entropy module in the KMAC IP requests new seed to EDN and reset the KMAC hash counter.

If the threshold is 0, the refresh by the counter does not work. And the counter is only reset by the CMD.hash_cnt_clr CSR bit.

31302928272625242322212019181716
 
1514131211109876543210
  hash_cnt
BitsTypeResetNameDescription
9:0ro0x0hash_cnt

Hash (KMAC) counter


Entropy Refresh Threshold

Reset default = 0x0, mask 0x3ff
Register enable = CFG_REGWEN

KMAC entropy can be refreshed after the given threshold KMAC operations run. If the KMAC hash counter ENTROPY_REFRESH_HASH_CNT hits (GTE) the configured threshold ENTROPY_REFRESH_THRESHOLD_SHADOWED, the entropy module in the KMAC IP requests new seed to EDN and reset the KMAC hash counter.

If the threshold is 0, the refresh by the counter does not work. And the counter is only reset by the CMD.hash_cnt_clr CSR bit.

31302928272625242322212019181716
 
1514131211109876543210
  threshold
BitsTypeResetNameDescription
9:0rw0x0threshold

Hash Threshold


kmac.ENTROPY_SEED_0 @ 0x2c

Entropy Seed

Reset default = 0x0, mask 0xffffffff

Entropy seed registers for the integrated entropy generator.

If CFG_SHADOWED.entropy_mode is set to sw_mode, software first needs to set CFG_SHADOWED.entropy_ready and then write the ENTROPY_SEED_0 - ENTROPY_SEED_4 registers in ascending order. Software writes one 32-bit value to every register which is subsequently loaded into the corresponding 32-bit LFSR chunk of the entropy generator.

After writing all ENTROPY_SEED_0 registers, the entropy generator will start its operation. After this point, writing these registers has no longer any effect.

31302928272625242322212019181716
seed_0...
1514131211109876543210
...seed_0
BitsTypeResetNameDescription
31:0woxseed_0

32-bit chunk of the entropy generator seed


kmac.ENTROPY_SEED_1 @ 0x30

Entropy Seed

Reset default = 0x0, mask 0xffffffff

Entropy seed registers for the integrated entropy generator.

If CFG_SHADOWED.entropy_mode is set to sw_mode, software first needs to set CFG_SHADOWED.entropy_ready and then write the ENTROPY_SEED_0 - ENTROPY_SEED_4 registers in ascending order. Software writes one 32-bit value to every register which is subsequently loaded into the corresponding 32-bit LFSR chunk of the entropy generator.

After writing all ENTROPY_SEED_0 registers, the entropy generator will start its operation. After this point, writing these registers has no longer any effect.

31302928272625242322212019181716
seed_1...
1514131211109876543210
...seed_1
BitsTypeResetNameDescription
31:0woxseed_1

For KMAC1


kmac.ENTROPY_SEED_2 @ 0x34

Entropy Seed

Reset default = 0x0, mask 0xffffffff

Entropy seed registers for the integrated entropy generator.

If CFG_SHADOWED.entropy_mode is set to sw_mode, software first needs to set CFG_SHADOWED.entropy_ready and then write the ENTROPY_SEED_0 - ENTROPY_SEED_4 registers in ascending order. Software writes one 32-bit value to every register which is subsequently loaded into the corresponding 32-bit LFSR chunk of the entropy generator.

After writing all ENTROPY_SEED_0 registers, the entropy generator will start its operation. After this point, writing these registers has no longer any effect.

31302928272625242322212019181716
seed_2...
1514131211109876543210
...seed_2
BitsTypeResetNameDescription
31:0woxseed_2

For KMAC2


kmac.ENTROPY_SEED_3 @ 0x38

Entropy Seed

Reset default = 0x0, mask 0xffffffff

Entropy seed registers for the integrated entropy generator.

If CFG_SHADOWED.entropy_mode is set to sw_mode, software first needs to set CFG_SHADOWED.entropy_ready and then write the ENTROPY_SEED_0 - ENTROPY_SEED_4 registers in ascending order. Software writes one 32-bit value to every register which is subsequently loaded into the corresponding 32-bit LFSR chunk of the entropy generator.

After writing all ENTROPY_SEED_0 registers, the entropy generator will start its operation. After this point, writing these registers has no longer any effect.

31302928272625242322212019181716
seed_3...
1514131211109876543210
...seed_3
BitsTypeResetNameDescription
31:0woxseed_3

For KMAC3


kmac.ENTROPY_SEED_4 @ 0x3c

Entropy Seed

Reset default = 0x0, mask 0xffffffff

Entropy seed registers for the integrated entropy generator.

If CFG_SHADOWED.entropy_mode is set to sw_mode, software first needs to set CFG_SHADOWED.entropy_ready and then write the ENTROPY_SEED_0 - ENTROPY_SEED_4 registers in ascending order. Software writes one 32-bit value to every register which is subsequently loaded into the corresponding 32-bit LFSR chunk of the entropy generator.

After writing all ENTROPY_SEED_0 registers, the entropy generator will start its operation. After this point, writing these registers has no longer any effect.

31302928272625242322212019181716
seed_4...
1514131211109876543210
...seed_4
BitsTypeResetNameDescription
31:0woxseed_4

For KMAC4


kmac.KEY_SHARE0_0 @ 0x40

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_0...
1514131211109876543210
...key_0
BitsTypeResetNameDescription
31:0woxkey_0

32-bit chunk of up-to 512-bit Secret Key


kmac.KEY_SHARE0_1 @ 0x44

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_1...
1514131211109876543210
...key_1
BitsTypeResetNameDescription
31:0woxkey_1

For KMAC1


kmac.KEY_SHARE0_2 @ 0x48

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_2...
1514131211109876543210
...key_2
BitsTypeResetNameDescription
31:0woxkey_2

For KMAC2


kmac.KEY_SHARE0_3 @ 0x4c

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_3...
1514131211109876543210
...key_3
BitsTypeResetNameDescription
31:0woxkey_3

For KMAC3


kmac.KEY_SHARE0_4 @ 0x50

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_4...
1514131211109876543210
...key_4
BitsTypeResetNameDescription
31:0woxkey_4

For KMAC4


kmac.KEY_SHARE0_5 @ 0x54

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_5...
1514131211109876543210
...key_5
BitsTypeResetNameDescription
31:0woxkey_5

For KMAC5


kmac.KEY_SHARE0_6 @ 0x58

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_6...
1514131211109876543210
...key_6
BitsTypeResetNameDescription
31:0woxkey_6

For KMAC6


kmac.KEY_SHARE0_7 @ 0x5c

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_7...
1514131211109876543210
...key_7
BitsTypeResetNameDescription
31:0woxkey_7

For KMAC7


kmac.KEY_SHARE0_8 @ 0x60

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_8...
1514131211109876543210
...key_8
BitsTypeResetNameDescription
31:0woxkey_8

For KMAC8


kmac.KEY_SHARE0_9 @ 0x64

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_9...
1514131211109876543210
...key_9
BitsTypeResetNameDescription
31:0woxkey_9

For KMAC9


kmac.KEY_SHARE0_10 @ 0x68

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_10...
1514131211109876543210
...key_10
BitsTypeResetNameDescription
31:0woxkey_10

For KMAC10


kmac.KEY_SHARE0_11 @ 0x6c

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_11...
1514131211109876543210
...key_11
BitsTypeResetNameDescription
31:0woxkey_11

For KMAC11


kmac.KEY_SHARE0_12 @ 0x70

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_12...
1514131211109876543210
...key_12
BitsTypeResetNameDescription
31:0woxkey_12

For KMAC12


kmac.KEY_SHARE0_13 @ 0x74

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_13...
1514131211109876543210
...key_13
BitsTypeResetNameDescription
31:0woxkey_13

For KMAC13


kmac.KEY_SHARE0_14 @ 0x78

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_14...
1514131211109876543210
...key_14
BitsTypeResetNameDescription
31:0woxkey_14

For KMAC14


kmac.KEY_SHARE0_15 @ 0x7c

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_15...
1514131211109876543210
...key_15
BitsTypeResetNameDescription
31:0woxkey_15

For KMAC15


kmac.KEY_SHARE1_0 @ 0x80

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_0...
1514131211109876543210
...key_0
BitsTypeResetNameDescription
31:0woxkey_0

32-bit chunk of up-to 512-bit Secret Key


kmac.KEY_SHARE1_1 @ 0x84

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_1...
1514131211109876543210
...key_1
BitsTypeResetNameDescription
31:0woxkey_1

For KMAC1


kmac.KEY_SHARE1_2 @ 0x88

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_2...
1514131211109876543210
...key_2
BitsTypeResetNameDescription
31:0woxkey_2

For KMAC2


kmac.KEY_SHARE1_3 @ 0x8c

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_3...
1514131211109876543210
...key_3
BitsTypeResetNameDescription
31:0woxkey_3

For KMAC3


kmac.KEY_SHARE1_4 @ 0x90

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_4...
1514131211109876543210
...key_4
BitsTypeResetNameDescription
31:0woxkey_4

For KMAC4


kmac.KEY_SHARE1_5 @ 0x94

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_5...
1514131211109876543210
...key_5
BitsTypeResetNameDescription
31:0woxkey_5

For KMAC5


kmac.KEY_SHARE1_6 @ 0x98

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_6...
1514131211109876543210
...key_6
BitsTypeResetNameDescription
31:0woxkey_6

For KMAC6


kmac.KEY_SHARE1_7 @ 0x9c

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_7...
1514131211109876543210
...key_7
BitsTypeResetNameDescription
31:0woxkey_7

For KMAC7


kmac.KEY_SHARE1_8 @ 0xa0

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_8...
1514131211109876543210
...key_8
BitsTypeResetNameDescription
31:0woxkey_8

For KMAC8


kmac.KEY_SHARE1_9 @ 0xa4

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_9...
1514131211109876543210
...key_9
BitsTypeResetNameDescription
31:0woxkey_9

For KMAC9


kmac.KEY_SHARE1_10 @ 0xa8

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_10...
1514131211109876543210
...key_10
BitsTypeResetNameDescription
31:0woxkey_10

For KMAC10


kmac.KEY_SHARE1_11 @ 0xac

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_11...
1514131211109876543210
...key_11
BitsTypeResetNameDescription
31:0woxkey_11

For KMAC11


kmac.KEY_SHARE1_12 @ 0xb0

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_12...
1514131211109876543210
...key_12
BitsTypeResetNameDescription
31:0woxkey_12

For KMAC12


kmac.KEY_SHARE1_13 @ 0xb4

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_13...
1514131211109876543210
...key_13
BitsTypeResetNameDescription
31:0woxkey_13

For KMAC13


kmac.KEY_SHARE1_14 @ 0xb8

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_14...
1514131211109876543210
...key_14
BitsTypeResetNameDescription
31:0woxkey_14

For KMAC14


kmac.KEY_SHARE1_15 @ 0xbc

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31302928272625242322212019181716
key_15...
1514131211109876543210
...key_15
BitsTypeResetNameDescription
31:0woxkey_15

For KMAC15


kmac.KEY_LEN @ 0xc0

Secret Key length in bit.

Reset default = 0x0, mask 0x7
Register enable = CFG_REGWEN

This value is used to make encoded secret key in KMAC. KMAC supports certain lengths of the secret key. Currently it supports 128b, 192b, 256b, 384b, and 512b secret keys.

31302928272625242322212019181716
 
1514131211109876543210
  len
BitsTypeResetNameDescription
2:0wo0x0len

Key length choice

0x0Key128

Key length is 128 bit.

0x1Key192

Key length is 192 bit.

0x2Key256

Key length is 256 bit.

0x3Key384

Key length is 384 bit.

0x4Key512

Key length is 512 bit.

Other values are reserved.


kmac.PREFIX_0 @ 0xc4

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

Prefix including Function Name N and Customization String S. The SHA3 assumes this register value is encoded as: encode_string(N) || encode_string(S) || 0. It means that the software can freely decide the length of N or S based on the given Prefix register size 320bit. 320bit is determined to have 32-bit of N and up to 256-bit of S + encode of their length.

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31302928272625242322212019181716
prefix_0...
1514131211109876543210
...prefix_0
BitsTypeResetNameDescription
31:0rw0x0prefix_0

32-bit chunk of Encoded NS Prefix


kmac.PREFIX_1 @ 0xc8

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

Prefix including Function Name N and Customization String S. The SHA3 assumes this register value is encoded as: encode_string(N) || encode_string(S) || 0. It means that the software can freely decide the length of N or S based on the given Prefix register size 320bit. 320bit is determined to have 32-bit of N and up to 256-bit of S + encode of their length.

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31302928272625242322212019181716
prefix_1...
1514131211109876543210
...prefix_1
BitsTypeResetNameDescription
31:0rw0x0prefix_1

For KMAC1


kmac.PREFIX_2 @ 0xcc

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

Prefix including Function Name N and Customization String S. The SHA3 assumes this register value is encoded as: encode_string(N) || encode_string(S) || 0. It means that the software can freely decide the length of N or S based on the given Prefix register size 320bit. 320bit is determined to have 32-bit of N and up to 256-bit of S + encode of their length.

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31302928272625242322212019181716
prefix_2...
1514131211109876543210
...prefix_2
BitsTypeResetNameDescription
31:0rw0x0prefix_2

For KMAC2


kmac.PREFIX_3 @ 0xd0

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

Prefix including Function Name N and Customization String S. The SHA3 assumes this register value is encoded as: encode_string(N) || encode_string(S) || 0. It means that the software can freely decide the length of N or S based on the given Prefix register size 320bit. 320bit is determined to have 32-bit of N and up to 256-bit of S + encode of their length.

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31302928272625242322212019181716
prefix_3...
1514131211109876543210
...prefix_3
BitsTypeResetNameDescription
31:0rw0x0prefix_3

For KMAC3


kmac.PREFIX_4 @ 0xd4

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

Prefix including Function Name N and Customization String S. The SHA3 assumes this register value is encoded as: encode_string(N) || encode_string(S) || 0. It means that the software can freely decide the length of N or S based on the given Prefix register size 320bit. 320bit is determined to have 32-bit of N and up to 256-bit of S + encode of their length.

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31302928272625242322212019181716
prefix_4...
1514131211109876543210
...prefix_4
BitsTypeResetNameDescription
31:0rw0x0prefix_4

For KMAC4


kmac.PREFIX_5 @ 0xd8

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

Prefix including Function Name N and Customization String S. The SHA3 assumes this register value is encoded as: encode_string(N) || encode_string(S) || 0. It means that the software can freely decide the length of N or S based on the given Prefix register size 320bit. 320bit is determined to have 32-bit of N and up to 256-bit of S + encode of their length.

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31302928272625242322212019181716
prefix_5...
1514131211109876543210
...prefix_5
BitsTypeResetNameDescription
31:0rw0x0prefix_5

For KMAC5


kmac.PREFIX_6 @ 0xdc

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

Prefix including Function Name N and Customization String S. The SHA3 assumes this register value is encoded as: encode_string(N) || encode_string(S) || 0. It means that the software can freely decide the length of N or S based on the given Prefix register size 320bit. 320bit is determined to have 32-bit of N and up to 256-bit of S + encode of their length.

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31302928272625242322212019181716
prefix_6...
1514131211109876543210
...prefix_6
BitsTypeResetNameDescription
31:0rw0x0prefix_6

For KMAC6


kmac.PREFIX_7 @ 0xe0

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

Prefix including Function Name N and Customization String S. The SHA3 assumes this register value is encoded as: encode_string(N) || encode_string(S) || 0. It means that the software can freely decide the length of N or S based on the given Prefix register size 320bit. 320bit is determined to have 32-bit of N and up to 256-bit of S + encode of their length.

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31302928272625242322212019181716
prefix_7...
1514131211109876543210
...prefix_7
BitsTypeResetNameDescription
31:0rw0x0prefix_7

For KMAC7


kmac.PREFIX_8 @ 0xe4

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

Prefix including Function Name N and Customization String S. The SHA3 assumes this register value is encoded as: encode_string(N) || encode_string(S) || 0. It means that the software can freely decide the length of N or S based on the given Prefix register size 320bit. 320bit is determined to have 32-bit of N and up to 256-bit of S + encode of their length.

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31302928272625242322212019181716
prefix_8...
1514131211109876543210
...prefix_8
BitsTypeResetNameDescription
31:0rw0x0prefix_8

For KMAC8


kmac.PREFIX_9 @ 0xe8

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

Prefix including Function Name N and Customization String S. The SHA3 assumes this register value is encoded as: encode_string(N) || encode_string(S) || 0. It means that the software can freely decide the length of N or S based on the given Prefix register size 320bit. 320bit is determined to have 32-bit of N and up to 256-bit of S + encode of their length.

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31302928272625242322212019181716
prefix_9...
1514131211109876543210
...prefix_9
BitsTypeResetNameDescription
31:0rw0x0prefix_9

For KMAC9


kmac.PREFIX_10 @ 0xec

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff
Register enable = CFG_REGWEN

Prefix including Function Name N and Customization String S. The SHA3 assumes this register value is encoded as: encode_string(N) || encode_string(S) || 0. It means that the software can freely decide the length of N or S based on the given Prefix register size 320bit. 320bit is determined to have 32-bit of N and up to 256-bit of S + encode of their length.

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31302928272625242322212019181716
prefix_10...
1514131211109876543210
...prefix_10
BitsTypeResetNameDescription
31:0rw0x0prefix_10

For KMAC10


kmac.ERR_CODE @ 0xf0

KMAC/SHA3 Error Code

Reset default = 0x0, mask 0xffffffff
31302928272625242322212019181716
err_code...
1514131211109876543210
...err_code
BitsTypeResetNameDescription
31:0ro0x0err_code

If error interrupt occurs, this register has information of error cause. Please take a look at `hw/ip/kmac/rtl/kmac_pkg.sv:err_code_e enum type.


kmac.STATE @ + 0x400
128 item ro window
Byte writes are not supported
310
+0x400 
+0x404 
 ...
+0x5f8 
+0x5fc 

Keccak State (1600 bit) memory.

The software can get the processed digest by reading this memory region. Unlike MSG_FIFO, STATE memory space sees the addr[9:0]. If Masking feature is enabled, the software reads two shares from this memory space.

0x400 - 0x4C7: State share 0x500 - 0x5C7: Mask share of the state, 0 if EnMasking = 0


kmac.MSG_FIFO @ + 0x800
512 item wo window
Byte writes are supported
310
+0x800 
+0x804 
 ...
+0xff8 
+0xffc 

Message FIFO.

Any write to this window will be appended to the FIFO. Only lower 2 bits [1:0] of the address matter to writes within the window in order to handle with sub-word writes.