Hardware Interfaces

Referring to the Comportable guideline for peripheral device functionality, the module kmac has the following hardware interfaces defined

  • Primary Clock: clk_i
  • Other Clocks: clk_edn_i
  • Bus Device Interfaces (TL-UL): tl
  • Bus Host Interfaces (TL-UL): none
  • Peripheral Pins for Chip IO: none

Inter-Module Signals

Port NamePackage::StructTypeActWidthDescription
keymgr_keykeymgr_pkg::hw_key_requnircv1
appkmac_pkg::appreq_rsprsp3
entropyedn_pkg::ednreq_rspreq1
idleprim_mubi_pkg::mubi4unireq1
en_maskinglogicunireq1
lc_escalate_enlc_ctrl_pkg::lc_txunircv1
tltlul_pkg::tlreq_rsprsp1

Interrupts

Interrupt NameTypeDescription
kmac_doneEventKMAC/SHA3 absorbing has been completed
fifo_emptyEventMessage FIFO empty condition
kmac_errEventKMAC/SHA3 error occurred. ERR_CODE register shows the details

Security Alerts

Alert NameDescription
recov_operation_errAlert for KMAC operation error. It occurs when the shadow registers have update errors.
fatal_fault_errThis fatal alert is triggered when a fatal error is detected inside the KMAC unit. Examples for such faults include: i) TL-UL bus integrity fault. ii) Storage errors in the shadow registers. iii) Errors in the message, round, or key counter. iv) Any internal FSM entering an invalid state. v) An error in the redundant lfsr. The KMAC unit cannot recover from such an error and needs to be reset.

Security Countermeasures

Countermeasure IDDescription
KMAC.BUS.INTEGRITYEnd-to-end bus integrity scheme.
KMAC.LC_ESCALATE_EN.INTERSIG.MUBIThe global escalation input signal from the life cycle is multibit encoded
KMAC.SW_KEY.KEY.MASKINGData storage and secret key are two share to guard against 1st order attack.
KMAC.KEY.SIDELOADKey from KeyMgr is sideloaded.
KMAC.CFG_SHADOWED.CONFIG.SHADOWShadowed CFG register.
KMAC.FSM.SPARSEFSMs in KMAC are sparsely encoded.
KMAC.CTR.REDUNRound counter, key index counter, sentmsg counter and hash counter use prim_count for redundancy
KMAC.PACKER.CTR.REDUNPacker Position counter uses prim_count for redundancy
KMAC.CFG_SHADOWED.CONFIG.REGWENCFG_SHADOWED is protected by REGWEN
KMAC.FSM.GLOBAL_ESCEscalation moves all sparse FSMs into an invalid state.
KMAC.FSM.LOCAL_ESCLocal fatal faults move all sparse FSMs into an invalid state.
KMAC.LOGIC.INTEGRITYThe reset net for the internal state register and critical nets around the output register are buried.
KMAC.ABSORBED.CTRL.MUBIabsorbed signal is mubi4_t type to protect against FI attacks.
KMAC.SW_CMD.CTRL.SPARSEsw_cmd and related signals are sparse encoded to protect against FI attacks.

Registers

Summary

NameOffsetLengthDescription
kmac.INTR_STATE0x04Interrupt State Register
kmac.INTR_ENABLE0x44Interrupt Enable Register
kmac.INTR_TEST0x84Interrupt Test Register
kmac.ALERT_TEST0xc4Alert Test Register
kmac.CFG_REGWEN0x104Controls the configurability of !!CFG_SHADOWED register.
kmac.CFG_SHADOWED0x144KMAC Configuration register.
kmac.CMD0x184KMAC/ SHA3 command register.
kmac.STATUS0x1c4KMAC/SHA3 Status register.
kmac.ENTROPY_PERIOD0x204Entropy Timer Periods.
kmac.ENTROPY_REFRESH_HASH_CNT0x244Entropy Refresh Counter
kmac.ENTROPY_REFRESH_THRESHOLD_SHADOWED0x284Entropy Refresh Threshold
kmac.ENTROPY_SEED_00x2c4Entropy Seed
kmac.ENTROPY_SEED_10x304Entropy Seed
kmac.ENTROPY_SEED_20x344Entropy Seed
kmac.ENTROPY_SEED_30x384Entropy Seed
kmac.ENTROPY_SEED_40x3c4Entropy Seed
kmac.KEY_SHARE0_00x404KMAC Secret Key
kmac.KEY_SHARE0_10x444KMAC Secret Key
kmac.KEY_SHARE0_20x484KMAC Secret Key
kmac.KEY_SHARE0_30x4c4KMAC Secret Key
kmac.KEY_SHARE0_40x504KMAC Secret Key
kmac.KEY_SHARE0_50x544KMAC Secret Key
kmac.KEY_SHARE0_60x584KMAC Secret Key
kmac.KEY_SHARE0_70x5c4KMAC Secret Key
kmac.KEY_SHARE0_80x604KMAC Secret Key
kmac.KEY_SHARE0_90x644KMAC Secret Key
kmac.KEY_SHARE0_100x684KMAC Secret Key
kmac.KEY_SHARE0_110x6c4KMAC Secret Key
kmac.KEY_SHARE0_120x704KMAC Secret Key
kmac.KEY_SHARE0_130x744KMAC Secret Key
kmac.KEY_SHARE0_140x784KMAC Secret Key
kmac.KEY_SHARE0_150x7c4KMAC Secret Key
kmac.KEY_SHARE1_00x804KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_10x844KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_20x884KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_30x8c4KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_40x904KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_50x944KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_60x984KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_70x9c4KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_80xa04KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_90xa44KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_100xa84KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_110xac4KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_120xb04KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_130xb44KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_140xb84KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_150xbc4KMAC Secret Key, 2nd share.
kmac.KEY_LEN0xc04Secret Key length in bit.
kmac.PREFIX_00xc44cSHAKE Prefix register.
kmac.PREFIX_10xc84cSHAKE Prefix register.
kmac.PREFIX_20xcc4cSHAKE Prefix register.
kmac.PREFIX_30xd04cSHAKE Prefix register.
kmac.PREFIX_40xd44cSHAKE Prefix register.
kmac.PREFIX_50xd84cSHAKE Prefix register.
kmac.PREFIX_60xdc4cSHAKE Prefix register.
kmac.PREFIX_70xe04cSHAKE Prefix register.
kmac.PREFIX_80xe44cSHAKE Prefix register.
kmac.PREFIX_90xe84cSHAKE Prefix register.
kmac.PREFIX_100xec4cSHAKE Prefix register.
kmac.ERR_CODE0xf04KMAC/SHA3 Error Code
kmac.STATE0x400512Keccak State (1600 bit) memory.
kmac.MSG_FIFO0x8002048Message FIFO.

INTR_STATE

Interrupt State Register

  • Offset: 0x0
  • Reset default: 0x0
  • Reset mask: 0x7

Fields

BitsTypeResetNameDescription
31:3Reserved
2rw1c0x0kmac_errKMAC/SHA3 error occurred. ERR_CODE register shows the details
1rw1c0x0fifo_emptyMessage FIFO empty condition
0rw1c0x0kmac_doneKMAC/SHA3 absorbing has been completed

INTR_ENABLE

Interrupt Enable Register

  • Offset: 0x4
  • Reset default: 0x0
  • Reset mask: 0x7

Fields

BitsTypeResetNameDescription
31:3Reserved
2rw0x0kmac_errEnable interrupt when INTR_STATE.kmac_err is set.
1rw0x0fifo_emptyEnable interrupt when INTR_STATE.fifo_empty is set.
0rw0x0kmac_doneEnable interrupt when INTR_STATE.kmac_done is set.

INTR_TEST

Interrupt Test Register

  • Offset: 0x8
  • Reset default: 0x0
  • Reset mask: 0x7

Fields

BitsTypeResetNameDescription
31:3Reserved
2wo0x0kmac_errWrite 1 to force INTR_STATE.kmac_err to 1.
1wo0x0fifo_emptyWrite 1 to force INTR_STATE.fifo_empty to 1.
0wo0x0kmac_doneWrite 1 to force INTR_STATE.kmac_done to 1.

ALERT_TEST

Alert Test Register

  • Offset: 0xc
  • Reset default: 0x0
  • Reset mask: 0x3

Fields

BitsTypeResetNameDescription
31:2Reserved
1wo0x0fatal_fault_errWrite 1 to trigger one alert event of this kind.
0wo0x0recov_operation_errWrite 1 to trigger one alert event of this kind.

CFG_REGWEN

Controls the configurability of CFG_SHADOWED register.

This register ensures the contents of CFG_SHADOWED register cannot be changed by the software while the KMAC/SHA3 is in operation mode.

  • Offset: 0x10
  • Reset default: 0x1
  • Reset mask: 0x1

Fields

BitsTypeResetNameDescription
31:1Reserved
0ro0x1enConfiguration enable.

CFG_SHADOWED

KMAC Configuration register.

This register is updated when the hashing engine is in Idle. If the software updates the register while the engine computes, the updated value will be discarded.

  • Offset: 0x14
  • Reset default: 0x0
  • Reset mask: 0x71b133f
  • Register enable: CFG_REGWEN

Fields

BitsTypeResetName
31:27Reserved
26rw0x0en_unsupported_modestrength
25rw0x0err_processed
24rw0x0entropy_ready
23:21Reserved
20rw0x0msg_mask
19rw0x0entropy_fast_process
18Reserved
17:16rw0x0entropy_mode
15:13Reserved
12rw0x0sideload
11:10Reserved
9rw0x0state_endianness
8rw0x0msg_endianness
7:6Reserved
5:4rw0x0mode
3:1rw0x0kstrength
0rw0x0kmac_en

CFG_SHADOWED . en_unsupported_modestrength

Enable Unsupported Mode and Strength configs.

SW may set this field for KMAC to move forward with unsupported Keccak Mode and Strength configurations, such as cSHAKE512.

If not set, KMAC won’t propagate the SW command (CmdStart) to the rest of the blocks (AppIntf, KMAC Core, SHA3).

CFG_SHADOWED . err_processed

When error occurs and one of the state machine stays at Error handling state, SW may process the error based on ERR_CODE, then let FSM back to the reset state

CFG_SHADOWED . entropy_ready

Entropy Ready status.

Software sets this field to allow the entropy generator in KMAC to fetch the entropy and run.

CFG_SHADOWED . msg_mask

Message Masking with PRNG.

If 1, KMAC applies PRNG to the input messages to the Keccak module when KMAC mode is on.

CFG_SHADOWED . entropy_fast_process

Entropy Fast process mode.

If 1, entropy logic uses garbage data while not processing the KMAC key block. It will re-use previous entropy value and will not expand the entropy when it is consumed. Only it refreshes the entropy while processing the secret key block. This process should not be used if SCA resistance is required because it may cause side channel leakage.

CFG_SHADOWED . entropy_mode

Entropy Mode

Using this field, software can configure mode of operation of the internal pseudo-random number generator (PRNG). For the hardware to actually switch to an entropy mode other than the default idle_mode, software further needs to set the CFG_SHADOWED.entropy_ready bit. After that point, the hardware cannot be made to return to idle_mode unless the module is reset.

ValueNameDescription
0x0idle_modeDefault mode after reset. The sole purpose of this mode is to enable ROM_CTRL operation right after coming out of reset. The internal PRNG is not reseeded with fresh entropy, nor updated while the core operates. It should therefore not be used after this very initial stage. Software should setup a different mode and set !!CFG_SHADOWED.entropy_ready as early as possible. The module cannot be made to return to idle_mode once any of the other modes have been used.
0x1edn_modeReceive fresh entropy from EDN for reseeding the internal PRNG. This entropy mode is to be used for regular operation. Once the !!CFG_SHADOWED.entropy_ready bit is set after reset, the module requests fresh entropy from EDN for reseeding the internal PRNG. Only after that, the module can start processing commands. Depending on !!CFG_SHADOWED, the internal PRNG is then used for (re-)masking inputs (prefix, key, message) and intermediate results of the Keccak core. Depending on !!ENTROPY_PERIOD, the module will periodically reseed the internal PRNG with fresh entropy from EDN. Using !!CMD.entropy_req software can manually initiate the reseeding.
0x2sw_modeReceive initial entropy from software for reseeding the internal PRNG. This entropy mode is a fall-back option to be used if the entropy complex is not available. Once the !!CFG_SHADOWED.entropy_ready bit is set after reset, the module will wait for software to write each of the !!ENTROPY_SEED_0 - !!ENTROPY_SEED_4 registers exactly once and in ascending order. Only after that, the module can start processing commands. Depending on !!CFG_SHADOWED, the internal PRNG is then used for (re-)masking inputs (prefix, key, message) and intermediate results of the Keccak core. After this point, the PRNG can no longer be reseeded by software - also after switching back into this mode from edn_mode. However, it is possible to switch to edn_mode.

Other values are reserved.

CFG_SHADOWED . sideload

Sideloaded Key.

If 1, KMAC uses KeyMgr sideloaded key for SW initiated KMAC operation. KMAC uses the sideloaded key regardless of this configuration when KeyMgr initiates the KMAC operation for Key Derivation Function (KDF).

CFG_SHADOWED . state_endianness

State Endianness.

If 1 then each individual word in the STATE output register is converted to big-endian byte order. The order of the words in relation to one another is not changed. This setting does not affect how the state is interpreted during computation.

CFG_SHADOWED . msg_endianness

Message Endianness.

If 1 then each individual multi-byte value, regardless of its alignment, written to MSG_FIFO will be added to the message in big-endian byte order. If 0, each value will be added to the message in little-endian byte order. A message written to MSG_FIFO one byte at a time will not be affected by this setting. From a hardware perspective byte swaps are performed on a TL-UL word granularity.

CFG_SHADOWED . mode

Keccak hashing mode.

This module supports SHA3 main hashing algorithm and the part of its derived functions, SHAKE and cSHAKE with limitations. This field is to select the mode.

ValueNameDescription
0x0SHA3SHA3 hashing mode. It appends 2'b 10 to the end of msg
0x2SHAKESHAKE hashing mode. It appends 1111 to the end of msg
0x3cSHAKEcSHAKE hashing mode. It appends 00 to the end of msg

Other values are reserved.

CFG_SHADOWED . kstrength

Hashing Strength

3 bit field to select the security strength of SHA3 hashing engine. If mode field is set to SHAKE or cSHAKE, only 128 and 256 strength can be selected. Other value will result error when hashing starts.

ValueNameDescription
0x0L128128 bit strength. Keccak rate is 1344 bit
0x1L224224 bit strength. Keccak rate is 1152 bit
0x2L256256 bit strength. Keccak rate is 1088 bit
0x3L384384 bit strength. Keccak rate is 832 bit
0x4L512512 bit strength. Keccak rate is 576 bit

Other values are reserved.

CFG_SHADOWED . kmac_en

KMAC datapath enable.

If this bit is 1, the incoming message is processed in KMAC with the secret key.

CMD

KMAC/ SHA3 command register.

This register is to control the KMAC to start accepting message, to process the message, and to manually run additional keccak rounds at the end. Only at certain stage, the CMD affects to the control logic. It follows the sequence of

start –> process –> {run if needed –> } done

  • Offset: 0x18
  • Reset default: 0x0
  • Reset mask: 0x33f

Fields

BitsTypeResetName
31:10Reserved
9r0w1cxhash_cnt_clr
8r0w1cxentropy_req
7:6Reserved
5:0r0w1cxcmd

CMD . hash_cnt_clr

If writes 1, it clears the hash (KMAC) counter in the entropy module

CMD . entropy_req

SW triggered Entropy Request

If writes 1 to this field

CMD . cmd

Issue a command to the KMAC/SHA3 IP. The command is sparse encoded. To prevent sw from writing multiple commands at once, the field is defined as enum.

ValueNameDescription
0x1dstartWriting 6’b011101 or dec 29 into this field when KMAC/SHA3 is in idle, KMAC/SHA3 begins its operation. If the mode is cSHAKE, before receiving the message, the hashing logic processes Function name string N and customization input string S first. If KMAC mode is enabled, additionally it processes secret key block.
0x2eprocessWriting 6’b101110 or dec 46 into this field when KMAC/SHA3 began its operation and received the entire message, it computes the digest or signing.
0x31runThe run field is used in the sponge squeezing stage. It triggers the keccak round logic to run full 24 rounds. This is optional and used when software needs more digest bits than the keccak rate. It only affects when the kmac/sha3 operation is completed.
0x16doneWriting 6’b010110 or dec 22 into this field when KMAC/SHA3 squeezing is completed, KMAC/SHA3 hashing engine clears internal variables and goes back to Idle state for next command.

Other values are reserved.

STATUS

KMAC/SHA3 Status register.

  • Offset: 0x1c
  • Reset default: 0x4001
  • Reset mask: 0x3df07

Fields

BitsTypeResetName
31:18Reserved
17ro0x0ALERT_RECOV_CTRL_UPDATE_ERR
16ro0x0ALERT_FATAL_FAULT
15roxfifo_full
14ro0x1fifo_empty
13Reserved
12:8roxfifo_depth
7:3Reserved
2roxsha3_squeeze
1roxsha3_absorb
0ro0x1sha3_idle

STATUS . ALERT_RECOV_CTRL_UPDATE_ERR

An update error has not occurred (0) or has occured (1) in the shadowed Control Register. KMAC operation needs to be restarted by re-writing the Control Register.

STATUS . ALERT_FATAL_FAULT

No fatal fault has occurred inside the KMAC unit (0). A fatal fault has occured and the KMAC unit needs to be reset (1), Examples for such faults include i) TL-UL bus integrity fault ii) storage errors in the shadow registers iii) errors in the message, round, or key counter iv) any internal FSM entering an invalid state v) an error in the redundant lfsr

STATUS . fifo_full

Message FIFO Full indicator

STATUS . fifo_empty

Message FIFO Empty indicator.

The FIFO’s Pass parameter is set to 1'b 1. So, by default, if the SHA engine is ready, the write data to FIFO just passes through.

In this case, fifo_depth remains 0. fifo_empty, however, lowers the value to 0 for a cycle, then goes back to the empty state, 1.

See the “Message FIFO” section in the spec for the reason.

STATUS . fifo_depth

Count of occupied entries in the message FIFO.

STATUS . sha3_squeeze

If 1, SHA3 completes sponge absorbing stage. In this stage, SW can manually run the hashing engine.

STATUS . sha3_absorb

If 1, SHA3 is receiving message stream and processing it

STATUS . sha3_idle

If 1, SHA3 hashing engine is in idle state.

ENTROPY_PERIOD

Entropy Timer Periods.

  • Offset: 0x20
  • Reset default: 0x0
  • Reset mask: 0xffff03ff
  • Register enable: CFG_REGWEN

Fields

BitsTypeResetName
31:16rw0x0wait_timer
15:10Reserved
9:0rw0x0prescaler

ENTROPY_PERIOD . wait_timer

EDN request wait timer.

The entropy module in KMAC waits up to this field in the timer pulse after it sends request to EDN module. If the timer expires, the entropy module moves to an error state and notifies to the system.

If there is a pending EDN request during wait timer update, then this update is delayed until the EDN request is complete.

If 0, the entropy module waits the EDN response always. If EDN does not respond in this configuration, the software shall reset the IP.

ENTROPY_PERIOD . prescaler

EDN Wait timer prescaler.

EDN Wait timer has 16 bit value. The timer value is increased when the timer pulse is generated. Timer pulse is raises when the number of the clock cycles hit this prescaler value.

The exact period of the timer pulse is unknown as the KMAC input clock may contain jitters.

ENTROPY_REFRESH_HASH_CNT

Entropy Refresh Counter

KMAC entropy can be refreshed after the given threshold KMAC operations run. If the KMAC hash counter ENTROPY_REFRESH_HASH_CNT hits (GTE) the configured threshold ENTROPY_REFRESH_THRESHOLD_SHADOWED, the entropy module in the KMAC IP requests new seed to EDN and reset the KMAC hash counter.

If the threshold is 0, the refresh by the counter does not work. And the counter is only reset by the CMD.hash_cnt_clr CSR bit.

  • Offset: 0x24
  • Reset default: 0x0
  • Reset mask: 0x3ff
  • Register enable: CFG_REGWEN

Fields

BitsTypeResetNameDescription
31:10Reserved
9:0ro0x0hash_cntHash (KMAC) counter

ENTROPY_REFRESH_THRESHOLD_SHADOWED

Entropy Refresh Threshold

KMAC entropy can be refreshed after the given threshold KMAC operations run. If the KMAC hash counter ENTROPY_REFRESH_HASH_CNT hits (GTE) the configured threshold ENTROPY_REFRESH_THRESHOLD_SHADOWED, the entropy module in the KMAC IP requests new seed to EDN and reset the KMAC hash counter.

If the threshold is 0, the refresh by the counter does not work. And the counter is only reset by the CMD.hash_cnt_clr CSR bit.

  • Offset: 0x28
  • Reset default: 0x0
  • Reset mask: 0x3ff
  • Register enable: CFG_REGWEN

Fields

BitsTypeResetNameDescription
31:10Reserved
9:0rw0x0thresholdHash Threshold

ENTROPY_SEED

Entropy Seed

Entropy seed registers for the integrated entropy generator.

If CFG_SHADOWED.entropy_mode is set to sw_mode, software first needs to set CFG_SHADOWED.entropy_ready and then write the ENTROPY_SEED_0 - ENTROPY_SEED_4 registers in ascending order. Software writes one 32-bit value to every register which is subsequently loaded into the corresponding 32-bit LFSR chunk of the entropy generator.

After writing all ENTROPY_SEED_0 registers, the entropy generator will start its operation. After this point, writing these registers has no longer any effect.

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
ENTROPY_SEED_00x2c
ENTROPY_SEED_10x30
ENTROPY_SEED_20x34
ENTROPY_SEED_30x38
ENTROPY_SEED_40x3c

Fields

BitsTypeResetNameDescription
31:0woxseed32-bit chunk of the entropy generator seed

KEY_SHARE0

KMAC Secret Key

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, … , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
KEY_SHARE0_00x40
KEY_SHARE0_10x44
KEY_SHARE0_20x48
KEY_SHARE0_30x4c
KEY_SHARE0_40x50
KEY_SHARE0_50x54
KEY_SHARE0_60x58
KEY_SHARE0_70x5c
KEY_SHARE0_80x60
KEY_SHARE0_90x64
KEY_SHARE0_100x68
KEY_SHARE0_110x6c
KEY_SHARE0_120x70
KEY_SHARE0_130x74
KEY_SHARE0_140x78
KEY_SHARE0_150x7c

Fields

BitsTypeResetNameDescription
31:0woxkey32-bit chunk of up-to 512-bit Secret Key

KEY_SHARE1

KMAC Secret Key, 2nd share.

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, … , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
KEY_SHARE1_00x80
KEY_SHARE1_10x84
KEY_SHARE1_20x88
KEY_SHARE1_30x8c
KEY_SHARE1_40x90
KEY_SHARE1_50x94
KEY_SHARE1_60x98
KEY_SHARE1_70x9c
KEY_SHARE1_80xa0
KEY_SHARE1_90xa4
KEY_SHARE1_100xa8
KEY_SHARE1_110xac
KEY_SHARE1_120xb0
KEY_SHARE1_130xb4
KEY_SHARE1_140xb8
KEY_SHARE1_150xbc

Fields

BitsTypeResetNameDescription
31:0woxkey32-bit chunk of up-to 512-bit Secret Key

KEY_LEN

Secret Key length in bit.

This value is used to make encoded secret key in KMAC. KMAC supports certain lengths of the secret key. Currently it supports 128b, 192b, 256b, 384b, and 512b secret keys.

  • Offset: 0xc0
  • Reset default: 0x0
  • Reset mask: 0x7
  • Register enable: CFG_REGWEN

Fields

BitsTypeResetName
31:3Reserved
2:0wo0x0len

KEY_LEN . len

Key length choice

ValueNameDescription
0x0Key128Key length is 128 bit.
0x1Key192Key length is 192 bit.
0x2Key256Key length is 256 bit.
0x3Key384Key length is 384 bit.
0x4Key512Key length is 512 bit.

Other values are reserved.

PREFIX

cSHAKE Prefix register.

Prefix including Function Name N and Customization String S. The SHA3 assumes this register value is encoded as: encode_string(N) || encode_string(S) || 0. It means that the software can freely decide the length of N or S based on the given Prefix register size 320bit. 320bit is determined to have 32-bit of N and up to 256-bit of S + encode of their length.

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), …, PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

  • Reset default: 0x0
  • Reset mask: 0xffffffff

Instances

NameOffset
PREFIX_00xc4
PREFIX_10xc8
PREFIX_20xcc
PREFIX_30xd0
PREFIX_40xd4
PREFIX_50xd8
PREFIX_60xdc
PREFIX_70xe0
PREFIX_80xe4
PREFIX_90xe8
PREFIX_100xec

Fields

BitsTypeResetNameDescription
31:0rw0x0prefix32-bit chunk of Encoded NS Prefix

ERR_CODE

KMAC/SHA3 Error Code

  • Offset: 0xf0
  • Reset default: 0x0
  • Reset mask: 0xffffffff

Fields

BitsTypeResetNameDescription
31:0ro0x0err_codeIf error interrupt occurs, this register has information of error cause. Please take a look at `hw/ip/kmac/rtl/kmac_pkg.sv:err_code_e enum type.

STATE

Keccak State (1600 bit) memory.

The software can get the processed digest by reading this memory region. Unlike MSG_FIFO, STATE memory space sees the addr[9:0]. If Masking feature is enabled, the software reads two shares from this memory space.

0x400 - 0x4C7: State share 0x500 - 0x5C7: Mask share of the state, 0 if EnMasking = 0

  • Word Aligned Offset Range: 0x400to0x5fc
  • Size (words): 128
  • Access: ro
  • Byte writes are not supported.

MSG_FIFO

Message FIFO.

Any write to this window will be appended to the FIFO. Only lower 2 bits [1:0] of the address matter to writes within the window in order to handle with sub-word writes.

  • Word Aligned Offset Range: 0x800to0xffc
  • Size (words): 512
  • Access: wo
  • Byte writes are supported.