Hardware Interfaces and Registers

Interfaces

Referring to the Comportable guideline for peripheral device functionality, the module kmac has the following hardware interfaces defined.

Primary Clock: clk_i

Other Clocks: clk_edn_i

Bus Device Interfaces (TL-UL): tl

Bus Host Interfaces (TL-UL): none

Peripheral Pins for Chip IO: none

Inter-Module Signals: Reference

Inter-Module Signals
Port Name	Package::Struct	Type	Act	Width
keymgr_key	keymgr_pkg::hw_key_req	uni	rcv	1
app	kmac_pkg::app	req_rsp	rsp	3
entropy	edn_pkg::edn	req_rsp	req	1
idle	prim_mubi_pkg::mubi4	uni	req	1
en_masking	logic	uni	req	1
lc_escalate_en	lc_ctrl_pkg::lc_tx	uni	rcv	1
tl	tlul_pkg::tl	req_rsp	rsp	1

Interrupts:

Interrupt Name	Type	Description
kmac_done	Event	KMAC/SHA3 absorbing has been completed
fifo_empty	Event	Message FIFO empty condition
kmac_err	Event	KMAC/SHA3 error occurred. ERR_CODE register shows the details

Security Alerts:

Alert Name	Description
recov_operation_err	Alert for KMAC operation error. It occurs when the shadow registers have update errors.
fatal_fault_err	This fatal alert is triggered when a fatal error is detected inside the KMAC unit. Examples for such faults include: i) TL-UL bus integrity fault. ii) Storage errors in the shadow registers. iii) Errors in the message, round, or key counter. iv) Any internal FSM entering an invalid state. v) An error in the redundant lfsr. The KMAC unit cannot recover from such an error and needs to be reset.

Security Countermeasures:

Countermeasure ID	Description
KMAC.BUS.INTEGRITY	End-to-end bus integrity scheme.
KMAC.LC_ESCALATE_EN.INTERSIG.MUBI	The global escalation input signal from the life cycle is multibit encoded
KMAC.SW_KEY.KEY.MASKING	Data storage and secret key are two share to guard against 1st order attack.
KMAC.KEY.SIDELOAD	Key from KeyMgr is sideloaded.
KMAC.CFG_SHADOWED.CONFIG.SHADOW	Shadowed CFG register.
KMAC.FSM.SPARSE	FSMs in KMAC are sparsely encoded.
KMAC.CTR.REDUN	Round counter, key index counter, sentmsg counter and hash counter use prim_count for redundancy
KMAC.PACKER.CTR.REDUN	Packer Position counter uses prim_count for redundancy
KMAC.CFG_SHADOWED.CONFIG.REGWEN	CFG_SHADOWED is protected by REGWEN
KMAC.FSM.GLOBAL_ESC	Escalation moves all sparse FSMs into an invalid state.
KMAC.FSM.LOCAL_ESC	Local fatal faults move all sparse FSMs into an invalid state.
KMAC.LOGIC.INTEGRITY	The reset net for the internal state register and critical nets around the output register are buried.
KMAC.ABSORBED.CTRL.MUBI	`absorbed` signal is mubi4_t type to protect against FI attacks.
KMAC.SW_CMD.CTRL.SPARSE	`sw_cmd` and related signals are sparse encoded to protect against FI attacks.

Registers

Summary
Name	Offset	Length	Description
kmac.INTR_STATE	0x0	4	Interrupt State Register
kmac.INTR_ENABLE	0x4	4	Interrupt Enable Register
kmac.INTR_TEST	0x8	4	Interrupt Test Register
kmac.ALERT_TEST	0xc	4	Alert Test Register
kmac.CFG_REGWEN	0x10	4	Controls the configurability of `CFG_SHADOWED` register.
kmac.CFG_SHADOWED	0x14	4	KMAC Configuration register.
kmac.CMD	0x18	4	KMAC/ SHA3 command register.
kmac.STATUS	0x1c	4	KMAC/SHA3 Status register.
kmac.ENTROPY_PERIOD	0x20	4	Entropy Timer Periods.
kmac.ENTROPY_REFRESH_HASH_CNT	0x24	4	Entropy Refresh Counter
kmac.ENTROPY_REFRESH_THRESHOLD_SHADOWED	0x28	4	Entropy Refresh Threshold
kmac.ENTROPY_SEED_0	0x2c	4	Entropy Seed
kmac.ENTROPY_SEED_1	0x30	4	Entropy Seed
kmac.ENTROPY_SEED_2	0x34	4	Entropy Seed
kmac.ENTROPY_SEED_3	0x38	4	Entropy Seed
kmac.ENTROPY_SEED_4	0x3c	4	Entropy Seed
kmac.KEY_SHARE0_0	0x40	4	KMAC Secret Key
kmac.KEY_SHARE0_1	0x44	4	KMAC Secret Key
kmac.KEY_SHARE0_2	0x48	4	KMAC Secret Key
kmac.KEY_SHARE0_3	0x4c	4	KMAC Secret Key
kmac.KEY_SHARE0_4	0x50	4	KMAC Secret Key
kmac.KEY_SHARE0_5	0x54	4	KMAC Secret Key
kmac.KEY_SHARE0_6	0x58	4	KMAC Secret Key
kmac.KEY_SHARE0_7	0x5c	4	KMAC Secret Key
kmac.KEY_SHARE0_8	0x60	4	KMAC Secret Key
kmac.KEY_SHARE0_9	0x64	4	KMAC Secret Key
kmac.KEY_SHARE0_10	0x68	4	KMAC Secret Key
kmac.KEY_SHARE0_11	0x6c	4	KMAC Secret Key
kmac.KEY_SHARE0_12	0x70	4	KMAC Secret Key
kmac.KEY_SHARE0_13	0x74	4	KMAC Secret Key
kmac.KEY_SHARE0_14	0x78	4	KMAC Secret Key
kmac.KEY_SHARE0_15	0x7c	4	KMAC Secret Key
kmac.KEY_SHARE1_0	0x80	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_1	0x84	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_2	0x88	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_3	0x8c	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_4	0x90	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_5	0x94	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_6	0x98	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_7	0x9c	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_8	0xa0	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_9	0xa4	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_10	0xa8	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_11	0xac	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_12	0xb0	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_13	0xb4	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_14	0xb8	4	KMAC Secret Key, 2nd share.
kmac.KEY_SHARE1_15	0xbc	4	KMAC Secret Key, 2nd share.
kmac.KEY_LEN	0xc0	4	Secret Key length in bit.
kmac.PREFIX_0	0xc4	4	cSHAKE Prefix register.
kmac.PREFIX_1	0xc8	4	cSHAKE Prefix register.
kmac.PREFIX_2	0xcc	4	cSHAKE Prefix register.
kmac.PREFIX_3	0xd0	4	cSHAKE Prefix register.
kmac.PREFIX_4	0xd4	4	cSHAKE Prefix register.
kmac.PREFIX_5	0xd8	4	cSHAKE Prefix register.
kmac.PREFIX_6	0xdc	4	cSHAKE Prefix register.
kmac.PREFIX_7	0xe0	4	cSHAKE Prefix register.
kmac.PREFIX_8	0xe4	4	cSHAKE Prefix register.
kmac.PREFIX_9	0xe8	4	cSHAKE Prefix register.
kmac.PREFIX_10	0xec	4	cSHAKE Prefix register.
kmac.ERR_CODE	0xf0	4	KMAC/SHA3 Error Code
kmac.STATE	0x400	512	Keccak State (1600 bit) memory.
kmac.MSG_FIFO	0x800	2048	Message FIFO.

kmac.INTR_STATE @ 0x0

Interrupt State Register

Reset default = 0x0, mask 0x7

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
													kmac_err	fifo_empty	kmac_done

Bits

Type

Reset

Name

Description

rw1c

0x0

kmac_done

KMAC/SHA3 absorbing has been completed

rw1c

0x0

fifo_empty

Message FIFO empty condition

rw1c

0x0

kmac_err

KMAC/SHA3 error occurred. ERR_CODE register shows the details

kmac.INTR_ENABLE @ 0x4

Interrupt Enable Register

Reset default = 0x0, mask 0x7

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
													kmac_err	fifo_empty	kmac_done

Bits Type Reset Name Description

0x0

kmac_done

Enable interrupt when INTR_STATE.kmac_done is set.

0x0

fifo_empty

Enable interrupt when INTR_STATE.fifo_empty is set.

0x0

kmac_err

Enable interrupt when INTR_STATE.kmac_err is set.

kmac.INTR_TEST @ 0x8

Interrupt Test Register

Reset default = 0x0, mask 0x7

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
													kmac_err	fifo_empty	kmac_done

Bits Type Reset Name Description

0x0

kmac_done

Write 1 to force INTR_STATE.kmac_done to 1.

0x0

fifo_empty

Write 1 to force INTR_STATE.fifo_empty to 1.

0x0

kmac_err

Write 1 to force INTR_STATE.kmac_err to 1.

kmac.ALERT_TEST @ 0xc

Alert Test Register

Reset default = 0x0, mask 0x3

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
														fatal_fault_err	recov_operation_err

Bits

Type

Reset

Name

Description

0x0

recov_operation_err

Write 1 to trigger one alert event of this kind.

0x0

fatal_fault_err

Write 1 to trigger one alert event of this kind.

kmac.CFG_REGWEN @ 0x10

Controls the configurability of CFG_SHADOWED register.

Reset default = 0x1, mask 0x1

This register ensures the contents of CFG_SHADOWED register cannot be changed by the software while the KMAC/SHA3 is in operation mode.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
															en

Bits Type Reset Name Description

0x1

Configuration enable.

kmac.CFG_SHADOWED @ 0x14

KMAC Configuration register.

Reset default = 0x0, mask 0x71b133f

This register is updated when the hashing engine is in Idle. If the software updates the register while the engine computes, the updated value will be discarded.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
					en_unsupported_modestrength	err_processed	entropy_ready				msg_mask	entropy_fast_process		entropy_mode
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
			sideload			state_endianness	msg_endianness			mode		kstrength			kmac_en

Bits Type Reset Name Description

0x0

kmac_en

KMAC datapath enable.

If this bit is 1, the incoming message is processed in KMAC with the secret key.

3:1

0x0

kstrength

Hashing Strength

3 bit field to select the security strength of SHA3 hashing engine. If mode field is set to SHAKE or cSHAKE, only 128 and 256 strength can be selected. Other value will result error when hashing starts.

0x0	L128	128 bit strength. Keccak rate is 1344 bit
0x1	L224	224 bit strength. Keccak rate is 1152 bit
0x2	L256	256 bit strength. Keccak rate is 1088 bit
0x3	L384	384 bit strength. Keccak rate is 832 bit
0x4	L512	512 bit strength. Keccak rate is 576 bit

Other values are reserved.

5:4

0x0

mode

Keccak hashing mode.

This module supports SHA3 main hashing algorithm and the part of its derived functions, SHAKE and cSHAKE with limitations. This field is to select the mode.

0x0	SHA3	SHA3 hashing mode. It appends `2'b 10` to the end of msg
0x2	SHAKE	SHAKE hashing mode. It appends `1111` to the end of msg
0x3	cSHAKE	cSHAKE hashing mode. It appends `00` to the end of msg

Other values are reserved.

7:6 Reserved

0x0

msg_endianness

Message Endianness.

If 1 then each individual multi-byte value, regardless of its alignment, written to MSG_FIFO will be added to the message in big-endian byte order. If 0, each value will be added to the message in little-endian byte order. A message written to MSG_FIFO one byte at a time will not be affected by this setting. From a hardware perspective byte swaps are performed on a TL-UL word granularity.

0x0

state_endianness

State Endianness.

If 1 then each individual word in the STATE output register is converted to big-endian byte order. The order of the words in relation to one another is not changed. This setting does not affect how the state is interpreted during computation.

11:10 Reserved

0x0

sideload

Sideloaded Key.

If 1, KMAC uses KeyMgr sideloaded key for SW initiated KMAC operation. KMAC uses the sideloaded key regardless of this configuration when KeyMgr initiates the KMAC operation for Key Derivation Function (KDF).

15:13 Reserved

17:16

0x0

entropy_mode

Entropy Mode

Using this field, software can configure mode of operation of the internal pseudo-random number generator (PRNG). For the hardware to actually switch to an entropy mode other than the default idle_mode, software further needs to set the CFG_SHADOWED.entropy_ready bit. After that point, the hardware cannot be made to return to idle_mode unless the module is reset.

0x0

idle_mode

Default mode after reset.

The sole purpose of this mode is to enable ROM_CTRL operation right after coming out of reset.

The internal PRNG is not reseeded with fresh entropy, nor updated while the core operates. It should therefore not be used after this very initial stage. Software should setup a different mode and set CFG_SHADOWED.entropy_ready as early as possible.

The module cannot be made to return to idle_mode once any of the other modes have been used.

0x1

edn_mode

Receive fresh entropy from EDN for reseeding the internal PRNG.

This entropy mode is to be used for regular operation.

Once the CFG_SHADOWED.entropy_ready bit is set after reset, the module requests fresh entropy from EDN for reseeding the internal PRNG. Only after that, the module can start processing commands. Depending on CFG_SHADOWED, the internal PRNG is then used for (re-)masking inputs (prefix, key, message) and intermediate results of the Keccak core.

Depending on ENTROPY_PERIOD, the module will periodically reseed the internal PRNG with fresh entropy from EDN. Using CMD.entropy_req software can manually initiate the reseeding.

0x2

sw_mode

Receive initial entropy from software for reseeding the internal PRNG.

This entropy mode is a fall-back option to be used if the entropy complex is not available.

Once the CFG_SHADOWED.entropy_ready bit is set after reset, the module will wait for software to write each of the ENTROPY_SEED_0 - ENTROPY_SEED_4 registers exactly once and in ascending order. Only after that, the module can start processing commands. Depending on CFG_SHADOWED, the internal PRNG is then used for (re-)masking inputs (prefix, key, message) and intermediate results of the Keccak core.

After this point, the PRNG can no longer be reseeded by software - also after switching back into this mode from edn_mode. However, it is possible to switch to edn_mode.

Other values are reserved.

18 Reserved

0x0

entropy_fast_process

Entropy Fast process mode.

If 1, entropy logic uses garbage data while not processing the KMAC key block. It will re-use previous entropy value and will not expand the entropy when it is consumed. Only it refreshes the entropy while processing the secret key block. This process should not be used if SCA resistance is required because it may cause side channel leakage.

0x0

msg_mask

Message Masking with PRNG.

If 1, KMAC applies PRNG to the input messages to the Keccak module when KMAC mode is on.

23:21 Reserved

0x0

entropy_ready

Entropy Ready status.

Software sets this field to allow the entropy generator in KMAC to fetch the entropy and run.

0x0

err_processed

When error occurs and one of the state machine stays at Error handling state, SW may process the error based on ERR_CODE, then let FSM back to the reset state

0x0

en_unsupported_modestrength

Enable Unsupported Mode and Strength configs.

SW may set this field for KMAC to move forward with unsupported Keccak Mode and Strength configurations, such as cSHAKE512.

If not set, KMAC won't propagate the SW command (CmdStart) to the rest of the blocks (AppIntf, KMAC Core, SHA3).

kmac.CMD @ 0x18

KMAC/ SHA3 command register.

Reset default = 0x0, mask 0x33f

This register is to control the KMAC to start accepting message, to process the message, and to manually run additional keccak rounds at the end. Only at certain stage, the CMD affects to the control logic. It follows the sequence of

start --> process --> {run if needed --> } done

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
						hash_cnt_clr	entropy_req			cmd

Bits Type Reset Name Description

5:0

r0w1c

cmd

Issue a command to the KMAC/SHA3 IP. The command is sparse encoded. To prevent sw from writing multiple commands at once, the field is defined as enum.

0x1d	start	Writing 6'b011101 or dec 29 into this field when KMAC/SHA3 is in idle, KMAC/SHA3 begins its operation. If the mode is cSHAKE, before receiving the message, the hashing logic processes Function name string N and customization input string S first. If KMAC mode is enabled, additionally it processes secret key block.
0x2e	process	Writing 6'b101110 or dec 46 into this field when KMAC/SHA3 began its operation and received the entire message, it computes the digest or signing.
0x31	run	The `run` field is used in the sponge squeezing stage. It triggers the keccak round logic to run full 24 rounds. This is optional and used when software needs more digest bits than the keccak rate. It only affects when the kmac/sha3 operation is completed.
0x16	done	Writing 6'b010110 or dec 22 into this field when KMAC/SHA3 squeezing is completed, KMAC/SHA3 hashing engine clears internal variables and goes back to Idle state for next command.

Other values are reserved.

7:6 Reserved

r0w1c

entropy_req

SW triggered Entropy Request

If writes 1 to this field

r0w1c

hash_cnt_clr

If writes 1, it clears the hash (KMAC) counter in the entropy module

kmac.STATUS @ 0x1c

KMAC/SHA3 Status register.

Reset default = 0x4001, mask 0x3df07

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
														ALERT_RECOV_CTRL_UPDATE_ERR	ALERT_FATAL_FAULT
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
fifo_full	fifo_empty		fifo_depth										sha3_squeeze	sha3_absorb	sha3_idle

Bits Type Reset Name Description

0x1

sha3_idle

If 1, SHA3 hashing engine is in idle state.

sha3_absorb

If 1, SHA3 is receiving message stream and processing it

sha3_squeeze

If 1, SHA3 completes sponge absorbing stage. In this stage, SW can manually run the hashing engine.

7:3 Reserved

12:8

fifo_depth

Count of occupied entries in the message FIFO.

13 Reserved

0x1

fifo_empty

Message FIFO Empty indicator.

The FIFO's Pass parameter is set to 1'b 1. So, by default, if the SHA engine is ready, the write data to FIFO just passes through.

In this case, fifo_depth remains 0. fifo_empty, however, lowers the value to 0 for a cycle, then goes back to the empty state, 1.

See the "Message FIFO" section in the spec for the reason.

fifo_full

Message FIFO Full indicator

0x0

ALERT_FATAL_FAULT

No fatal fault has occurred inside the KMAC unit (0). A fatal fault has occured and the KMAC unit needs to be reset (1), Examples for such faults include i) TL-UL bus integrity fault ii) storage errors in the shadow registers iii) errors in the message, round, or key counter iv) any internal FSM entering an invalid state v) an error in the redundant lfsr

0x0

ALERT_RECOV_CTRL_UPDATE_ERR

An update error has not occurred (0) or has occured (1) in the shadowed Control Register. KMAC operation needs to be restarted by re-writing the Control Register.

kmac.ENTROPY_PERIOD @ 0x20

Entropy Timer Periods.

Reset default = 0x0, mask 0xffff03ff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
wait_timer
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
						prescaler

Bits

Type

Reset

Name

Description

9:0

0x0

prescaler

EDN Wait timer prescaler.

EDN Wait timer has 16 bit value. The timer value is increased when the timer pulse is generated. Timer pulse is raises when the number of the clock cycles hit this prescaler value.

The exact period of the timer pulse is unknown as the KMAC input clock may contain jitters.

15:10

Reserved

31:16

0x0

wait_timer

EDN request wait timer.

The entropy module in KMAC waits up to this field in the timer pulse after it sends request to EDN module. If the timer expires, the entropy module moves to an error state and notifies to the system.

If 0, the entropy module waits the EDN response always. If EDN does not respond in this configuration, the software shall reset the IP.

kmac.ENTROPY_REFRESH_HASH_CNT @ 0x24

Entropy Refresh Counter

Reset default = 0x0, mask 0x3ff

KMAC entropy can be refreshed after the given threshold KMAC operations run. If the KMAC hash counter ENTROPY_REFRESH_HASH_CNT hits (GTE) the configured threshold ENTROPY_REFRESH_THRESHOLD_SHADOWED, the entropy module in the KMAC IP requests new seed to EDN and reset the KMAC hash counter.

If the threshold is 0, the refresh by the counter does not work. And the counter is only reset by the CMD.hash_cnt_clr CSR bit.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
						hash_cnt

Bits Type Reset Name Description

9:0

0x0

hash_cnt

Hash (KMAC) counter

kmac.ENTROPY_REFRESH_THRESHOLD_SHADOWED @ 0x28

Entropy Refresh Threshold

Reset default = 0x0, mask 0x3ff

If the threshold is 0, the refresh by the counter does not work. And the counter is only reset by the CMD.hash_cnt_clr CSR bit.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
						threshold

Bits Type Reset Name Description

9:0

0x0

threshold

Hash Threshold

kmac.ENTROPY_SEED_0 @ 0x2c

Entropy Seed

Reset default = 0x0, mask 0xffffffff

Entropy seed registers for the integrated entropy generator.

If CFG_SHADOWED.entropy_mode is set to sw_mode, software first needs to set CFG_SHADOWED.entropy_ready and then write the ENTROPY_SEED_0 - ENTROPY_SEED_4 registers in ascending order. Software writes one 32-bit value to every register which is subsequently loaded into the corresponding 32-bit LFSR chunk of the entropy generator.

After writing all ENTROPY_SEED_0 registers, the entropy generator will start its operation. After this point, writing these registers has no longer any effect.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
seed_0...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...seed_0

Bits Type Reset Name Description

31:0

seed_0

32-bit chunk of the entropy generator seed

kmac.ENTROPY_SEED_1 @ 0x30

Entropy Seed

Reset default = 0x0, mask 0xffffffff

Entropy seed registers for the integrated entropy generator.

After writing all ENTROPY_SEED_0 registers, the entropy generator will start its operation. After this point, writing these registers has no longer any effect.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
seed_1...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...seed_1

Bits Type Reset Name Description

31:0

seed_1

For KMAC1

kmac.ENTROPY_SEED_2 @ 0x34

Entropy Seed

Reset default = 0x0, mask 0xffffffff

Entropy seed registers for the integrated entropy generator.

After writing all ENTROPY_SEED_0 registers, the entropy generator will start its operation. After this point, writing these registers has no longer any effect.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
seed_2...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...seed_2

Bits Type Reset Name Description

31:0

seed_2

For KMAC2

kmac.ENTROPY_SEED_3 @ 0x38

Entropy Seed

Reset default = 0x0, mask 0xffffffff

Entropy seed registers for the integrated entropy generator.

After writing all ENTROPY_SEED_0 registers, the entropy generator will start its operation. After this point, writing these registers has no longer any effect.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
seed_3...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...seed_3

Bits Type Reset Name Description

31:0

seed_3

For KMAC3

kmac.ENTROPY_SEED_4 @ 0x3c

Entropy Seed

Reset default = 0x0, mask 0xffffffff

Entropy seed registers for the integrated entropy generator.

After writing all ENTROPY_SEED_0 registers, the entropy generator will start its operation. After this point, writing these registers has no longer any effect.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
seed_4...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...seed_4

Bits Type Reset Name Description

31:0

seed_4

For KMAC4

kmac.KEY_SHARE0_0 @ 0x40

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_0...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_0

Bits

Type

Reset

Name

Description

31:0

key_0

32-bit chunk of up-to 512-bit Secret Key

kmac.KEY_SHARE0_1 @ 0x44

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_1...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_1

Bits

Type

Reset

Name

Description

31:0

key_1

For KMAC1

kmac.KEY_SHARE0_2 @ 0x48

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_2...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_2

Bits

Type

Reset

Name

Description

31:0

key_2

For KMAC2

kmac.KEY_SHARE0_3 @ 0x4c

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_3...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_3

Bits

Type

Reset

Name

Description

31:0

key_3

For KMAC3

kmac.KEY_SHARE0_4 @ 0x50

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_4...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_4

Bits

Type

Reset

Name

Description

31:0

key_4

For KMAC4

kmac.KEY_SHARE0_5 @ 0x54

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_5...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_5

Bits

Type

Reset

Name

Description

31:0

key_5

For KMAC5

kmac.KEY_SHARE0_6 @ 0x58

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_6...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_6

Bits

Type

Reset

Name

Description

31:0

key_6

For KMAC6

kmac.KEY_SHARE0_7 @ 0x5c

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_7...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_7

Bits

Type

Reset

Name

Description

31:0

key_7

For KMAC7

kmac.KEY_SHARE0_8 @ 0x60

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_8...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_8

Bits

Type

Reset

Name

Description

31:0

key_8

For KMAC8

kmac.KEY_SHARE0_9 @ 0x64

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_9...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_9

Bits

Type

Reset

Name

Description

31:0

key_9

For KMAC9

kmac.KEY_SHARE0_10 @ 0x68

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_10...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_10

Bits

Type

Reset

Name

Description

31:0

key_10

For KMAC10

kmac.KEY_SHARE0_11 @ 0x6c

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_11...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_11

Bits

Type

Reset

Name

Description

31:0

key_11

For KMAC11

kmac.KEY_SHARE0_12 @ 0x70

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_12...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_12

Bits

Type

Reset

Name

Description

31:0

key_12

For KMAC12

kmac.KEY_SHARE0_13 @ 0x74

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_13...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_13

Bits

Type

Reset

Name

Description

31:0

key_13

For KMAC13

kmac.KEY_SHARE0_14 @ 0x78

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_14...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_14

Bits

Type

Reset

Name

Description

31:0

key_14

For KMAC14

kmac.KEY_SHARE0_15 @ 0x7c

KMAC Secret Key

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_15...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_15

Bits

Type

Reset

Name

Description

31:0

key_15

For KMAC15

kmac.KEY_SHARE1_0 @ 0x80

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_0...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_0

Bits

Type

Reset

Name

Description

31:0

key_0

32-bit chunk of up-to 512-bit Secret Key

kmac.KEY_SHARE1_1 @ 0x84

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_1...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_1

Bits

Type

Reset

Name

Description

31:0

key_1

For KMAC1

kmac.KEY_SHARE1_2 @ 0x88

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_2...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_2

Bits

Type

Reset

Name

Description

31:0

key_2

For KMAC2

kmac.KEY_SHARE1_3 @ 0x8c

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_3...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_3

Bits

Type

Reset

Name

Description

31:0

key_3

For KMAC3

kmac.KEY_SHARE1_4 @ 0x90

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_4...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_4

Bits

Type

Reset

Name

Description

31:0

key_4

For KMAC4

kmac.KEY_SHARE1_5 @ 0x94

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_5...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_5

Bits

Type

Reset

Name

Description

31:0

key_5

For KMAC5

kmac.KEY_SHARE1_6 @ 0x98

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_6...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_6

Bits

Type

Reset

Name

Description

31:0

key_6

For KMAC6

kmac.KEY_SHARE1_7 @ 0x9c

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_7...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_7

Bits

Type

Reset

Name

Description

31:0

key_7

For KMAC7

kmac.KEY_SHARE1_8 @ 0xa0

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_8...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_8

Bits

Type

Reset

Name

Description

31:0

key_8

For KMAC8

kmac.KEY_SHARE1_9 @ 0xa4

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_9...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_9

Bits

Type

Reset

Name

Description

31:0

key_9

For KMAC9

kmac.KEY_SHARE1_10 @ 0xa8

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_10...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_10

Bits

Type

Reset

Name

Description

31:0

key_10

For KMAC10

kmac.KEY_SHARE1_11 @ 0xac

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_11...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_11

Bits

Type

Reset

Name

Description

31:0

key_11

For KMAC11

kmac.KEY_SHARE1_12 @ 0xb0

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_12...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_12

Bits

Type

Reset

Name

Description

31:0

key_12

For KMAC12

kmac.KEY_SHARE1_13 @ 0xb4

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_13...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_13

Bits

Type

Reset

Name

Description

31:0

key_13

For KMAC13

kmac.KEY_SHARE1_14 @ 0xb8

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_14...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_14

Bits

Type

Reset

Name

Description

31:0

key_14

For KMAC14

kmac.KEY_SHARE1_15 @ 0xbc

KMAC Secret Key, 2nd share.

Reset default = 0x0, mask 0xffffffff

KMAC secret key can be up to 512 bit. Order of the secret key is: key[512:0] = {KEY15, KEY14, ... , KEY0};

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

Current KMAC supports up to 512 bit secret key. It is the sw responsibility to keep upper bits of the secret key to 0.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
key_15...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...key_15

Bits

Type

Reset

Name

Description

31:0

key_15

For KMAC15

kmac.KEY_LEN @ 0xc0

Secret Key length in bit.

Reset default = 0x0, mask 0x7

This value is used to make encoded secret key in KMAC. KMAC supports certain lengths of the secret key. Currently it supports 128b, 192b, 256b, 384b, and 512b secret keys.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16

15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
													len

Bits

Type

Reset

Name

Description

2:0

0x0

len

Key length choice

0x0	Key128	Key length is 128 bit.
0x1	Key192	Key length is 192 bit.
0x2	Key256	Key length is 256 bit.
0x3	Key384	Key length is 384 bit.
0x4	Key512	Key length is 512 bit.

Other values are reserved.

kmac.PREFIX_0 @ 0xc4

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff

Prefix including Function Name N and Customization String S. The SHA3 assumes this register value is encoded as: encode_string(N) || encode_string(S) || 0. It means that the software can freely decide the length of N or S based on the given Prefix register size 320bit. 320bit is determined to have 32-bit of N and up to 256-bit of S + encode of their length.

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
prefix_0...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...prefix_0

Bits Type Reset Name Description

31:0

0x0

prefix_0

32-bit chunk of Encoded NS Prefix

kmac.PREFIX_1 @ 0xc8

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
prefix_1...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...prefix_1

Bits Type Reset Name Description

31:0

0x0

prefix_1

For KMAC1

kmac.PREFIX_2 @ 0xcc

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
prefix_2...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...prefix_2

Bits Type Reset Name Description

31:0

0x0

prefix_2

For KMAC2

kmac.PREFIX_3 @ 0xd0

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
prefix_3...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...prefix_3

Bits Type Reset Name Description

31:0

0x0

prefix_3

For KMAC3

kmac.PREFIX_4 @ 0xd4

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
prefix_4...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...prefix_4

Bits Type Reset Name Description

31:0

0x0

prefix_4

For KMAC4

kmac.PREFIX_5 @ 0xd8

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
prefix_5...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...prefix_5

Bits Type Reset Name Description

31:0

0x0

prefix_5

For KMAC5

kmac.PREFIX_6 @ 0xdc

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
prefix_6...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...prefix_6

Bits Type Reset Name Description

31:0

0x0

prefix_6

For KMAC6

kmac.PREFIX_7 @ 0xe0

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
prefix_7...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...prefix_7

Bits Type Reset Name Description

31:0

0x0

prefix_7

For KMAC7

kmac.PREFIX_8 @ 0xe4

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
prefix_8...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...prefix_8

Bits Type Reset Name Description

31:0

0x0

prefix_8

For KMAC8

kmac.PREFIX_9 @ 0xe8

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
prefix_9...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...prefix_9

Bits Type Reset Name Description

31:0

0x0

prefix_9

For KMAC9

kmac.PREFIX_10 @ 0xec

cSHAKE Prefix register.

Reset default = 0x0, mask 0xffffffff

It is SW responsibility to fill the register with encoded value that is described at Section 2.3.2 String Encoding in NIST SP 800-185 specification.

Order of Prefix is: prefix[end:0] := {PREFIX(N-1), ..., PREFIX(1), PREFIX(0) }

The registers are allowed to be updated when the engine is in Idle state. If the engine computes the hash, it discards any attempts to update the secret keys and report an error.

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
prefix_10...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...prefix_10

Bits Type Reset Name Description

31:0

0x0

prefix_10

For KMAC10

kmac.ERR_CODE @ 0xf0

KMAC/SHA3 Error Code

Reset default = 0x0, mask 0xffffffff

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16
err_code...
15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
...err_code

Bits

Type

Reset

Name

Description

31:0

0x0

err_code

If error interrupt occurs, this register has information of error cause. Please take a look at `hw/ip/kmac/rtl/kmac_pkg.sv:err_code_e enum type.

kmac.STATE @ + 0x400

128 item ro window

Byte writes are not supported

	31	0
+0x400
+0x404
	...
+0x5f8
+0x5fc

Keccak State (1600 bit) memory.

The software can get the processed digest by reading this memory region. Unlike MSG_FIFO, STATE memory space sees the addr[9:0]. If Masking feature is enabled, the software reads two shares from this memory space.

0x400 - 0x4C7: State share 0x500 - 0x5C7: Mask share of the state, 0 if EnMasking = 0

kmac.MSG_FIFO @ + 0x800

512 item wo window

Byte writes are supported

	31	0
+0x800
+0x804
	...
+0xff8
+0xffc

Message FIFO.

Any write to this window will be appended to the FIFO. Only lower 2 bits [1:0] of the address matter to writes within the window in order to handle with sub-word writes.

OpenTitan Documentation

Hardware Interfaces and Registers

Interfaces

Registers