289 always_ff @(posedge clk_i or negedge rst_ni) begin
290 2/2 if (!rst_ni) service_rejected_error <= 1'b 0;
Tests: T1 T2 T3 | T1 T2 T3
291 2/2 else if (service_rejected_error_set) service_rejected_error <= 1'b 1;
Tests: T1 T2 T3 | T4 T5 T6
292 2/2 else if (service_rejected_error_clr) service_rejected_error <= 1'b 0;
Tests: T1 T2 T3 | T3 T4 T7
293 end
295 ////////////////////////////
296 // Application Mux/ Demux //
297 ////////////////////////////
300 // Processing return data.
301 // sends to only selected app intf.
302 // clear digest right after done to not leak info to other interface
303 always_comb begin
304 1/1 for (int unsigned i = 0 ; i < NumAppIntf ; i++) begin
Tests: T1 T2 T3
305 1/1 if (i == app_id) begin
Tests: T1 T2 T3
306 1/1 app_o[i] = '{
Tests: T1 T2 T3
307 ready: app_data_ready | fsm_data_ready,
308 done: app_digest_done | fsm_digest_done_q,
309 digest_share0: app_digest[0],
310 digest_share1: app_digest[1],
311 // if fsm asserts done, should be an error case.
312 error: error_i | fsm_digest_done_q | sparse_fsm_error_o
313 | service_rejected_error
314 };
315 end else begin
316 1/1 app_o[i] = '{
Tests: T1 T2 T3
317 ready: 1'b 0,
318 done: 1'b 0,
319 digest_share0: '0,
320 digest_share1: '0,
321 error: 1'b 0
322 };
323 end
324 end // for {i, NumAppIntf, i++}
325 end // aiways_comb
327 // app_id latch
328 always_ff @(posedge clk_i or negedge rst_ni) begin
329 2/2 if (!rst_ni) app_id <= AppIdxW'(0) ; // Do not select any
Tests: T1 T2 T3 | T1 T2 T3
330 2/2 else if (clr_appid) app_id <= AppIdxW'(0);
Tests: T1 T2 T3 | T3 T8 T4
331 2/2 else if (set_appid) app_id <= app_id_d;
Tests: T1 T2 T3 | T3 T8 T4
332 end
334 // app_id selection as of now, app_id uses Priority. The assumption is that
335 // the request normally does not collide. (ROM_CTRL activates very early
336 // stage at the boot sequence)
337 //
338 // If this assumption is not true, consider RR arbiter.
340 // Prep for arbiter
341 logic [NumAppIntf-1:0] app_reqs;
342 logic [NumAppIntf-1:0] unused_app_gnts;
343 logic [$clog2(NumAppIntf)-1:0] arb_idx;
344 logic arb_valid;
345 logic arb_ready;
347 always_comb begin
348 1/1 app_reqs = '0;
Tests: T3 T9 T8
349 1/1 for (int unsigned i = 0 ; i < NumAppIntf ; i++) begin
Tests: T3 T9 T8
350 1/1 app_reqs[i] = app_i[i].valid;
Tests: T3 T9 T8
351 end
352 end
354 prim_arbiter_fixed #(
355 .N (NumAppIntf),
356 .DW(1),
357 .EnDataPort(1'b 0)
358 ) u_appid_arb (
359 .clk_i,
360 .rst_ni,
362 .req_i (app_reqs),
363 .data_i ('{default:'0}),
364 .gnt_o (unused_app_gnts),
365 .idx_o (arb_idx),
367 .valid_o (arb_valid),
368 .data_o (), // not used
369 .ready_i (arb_ready)
370 );
372 1/1 assign app_id_d = AppIdxW'(arb_idx);
Tests: T8 T4 T10
373 1/1 assign arb_ready = set_appid;
Tests: T3 T9 T8
375 always_ff @(posedge clk_i or negedge rst_ni) begin
376 2/2 if (!rst_ni) fsm_digest_done_q <= 1'b 0;
Tests: T1 T2 T3 | T1 T2 T3
377 1/1 else fsm_digest_done_q <= fsm_digest_done_d;
Tests: T1 T2 T3
378 end
380 /////////
381 // FSM //
382 /////////
384 // State register
385 3/3 `PRIM_FLOP_SPARSE_FSM(u_state_regs, st_d, st, st_e, StIdle)
Tests: T1 T2 T3 | T1 T2 T3 | T1 T2 T3
PRIM_FLOP_SPARSE_FSM(u_state_regs, st_d, st, st_e, StIdle):
385.1 `ifdef SIMULATION
385.2 prim_sparse_fsm_flop #(
385.3 .StateEnumT(st_e),
385.4 .Width($bits(st_e)),
385.5 .ResetValue($bits(st_e)'(StIdle)),
385.6 .EnableAlertTriggerSVA(1),
385.7 .CustomForceName("st")
385.8 ) u_state_regs (
385.9 .clk_i ( clk_i ),
385.10 .rst_ni ( rst_ni ),
385.11 .state_i ( st_d ),
385.12 .state_o ( )
385.13 );
385.14 always_ff @(posedge clk_i or negedge rst_ni) begin
385.15 1/1 if (!rst_ni) begin
Tests: T1 T2 T3
385.16 1/1 st <= StIdle;
Tests: T1 T2 T3
385.17 end else begin
385.18 1/1 st <= st_d;
Tests: T1 T2 T3
385.19 end
385.20 end
385.21 u_state_regs_A: assert property (@(posedge clk_i) disable iff ((!rst_ni) !== '0) (st === u_state_regs.state_o))
385.22 else begin
385.23 `ifdef UVM
385.24 uvm_pkg::uvm_report_error("ASSERT FAILED", "u_state_regs_A", uvm_pkg::UVM_NONE,
385.25 "../src/lowrisc_ip_kmac_0.1/rtl/", 385, "", 1);
385.26 `else
385.27 $error("%0t: (%0s:%0d) [%m] [ASSERT FAILED] %0s", $time, `__FILE__, `__LINE__,
385.28 `PRIM_STRINGIFY(u_state_regs_A));
385.29 `endif
385.30 end
385.31 `else
385.32 prim_sparse_fsm_flop #(
385.33 .StateEnumT(st_e),
385.34 .Width($bits(st_e)),
385.35 .ResetValue($bits(st_e)'(StIdle)),
385.36 .EnableAlertTriggerSVA(1)
385.37 ) u_state_regs (
385.38 .clk_i ( `PRIM_FLOP_CLK ),
385.39 .rst_ni ( `PRIM_FLOP_RST ),
385.40 .state_i ( st_d ),
385.41 .state_o ( st )
385.42 );
385.43 `endif386
387 // Create a lint error to reduce the risk of accidentally enabling this feature.
388 0/1 ==> `ASSERT_STATIC_LINT_ERROR(KmacSecIdleAcceptSwMsgNonDefault, SecIdleAcceptSwMsg == 0)
ASSERT_STATIC_LINT_ERROR(KmacSecIdleAcceptSwMsgNonDefault, SecIdleAcceptSwMsg == 0):
388.1 localparam int KmacSecIdleAcceptSwMsgNonDefault = (SecIdleAcceptSwMsg == 0) ? 1 : 2;
388.2 always_comb begin
388.3 logic unused_assert_static_lint_error;
388.4 0/1 ==> unused_assert_static_lint_error = KmacSecIdleAcceptSwMsgNonDefault'(1'b1);
388.5 end389
390 // Next State & output logic
392 always_comb begin
393 1/1 st_d = st;
Tests: T1 T2 T3
395 1/1 mux_sel = SecIdleAcceptSwMsg ? SelSw : SelNone;
Tests: T1 T2 T3
397 // app_id control
398 1/1 set_appid = 1'b 0;
Tests: T1 T2 T3
399 1/1 clr_appid = 1'b 0;
Tests: T1 T2 T3
401 // Commands
402 1/1 cmd_o = CmdNone;
Tests: T1 T2 T3
404 // Software output
405 1/1 absorbed_o = prim_mubi_pkg::MuBi4False;
Tests: T1 T2 T3
407 // Error
408 1/1 fsm_err = '{valid: 1'b 0, code: ErrNone, info: '0};
Tests: T1 T2 T3
409 1/1 sparse_fsm_error_o = 1'b 0;
Tests: T1 T2 T3
411 1/1 clear_after_error_o = prim_mubi_pkg::MuBi4False;
Tests: T1 T2 T3
413 1/1 service_rejected_error_set = 1'b 0;
Tests: T1 T2 T3
414 1/1 service_rejected_error_clr = 1'b 0;
Tests: T1 T2 T3
416 // If error happens, FSM asserts data ready but discard incoming msg
417 1/1 fsm_data_ready = 1'b 0;
Tests: T1 T2 T3
418 1/1 fsm_digest_done_d = 1'b 0;
Tests: T1 T2 T3
420 1/1 unique case (st)
Tests: T1 T2 T3
421 StIdle: begin
422 1/1 if (arb_valid) begin
Tests: T1 T2 T3
423 1/1 st_d = StAppCfg;
Tests: T3 T8 T4
425 // choose app_id
426 1/1 set_appid = 1'b 1;
Tests: T3 T8 T4
427 1/1 end else if (sw_cmd_i == CmdStart) begin
Tests: T1 T2 T3
428 1/1 st_d = StSw;
Tests: T1 T2 T9
429 // Software initiates the sequence
430 1/1 cmd_o = CmdStart;
Tests: T1 T2 T9
431 end else begin
432 1/1 st_d = StIdle;
Tests: T1 T2 T3
433 end
434 end
436 StAppCfg: begin
437 1/1 if (AppCfg[app_id].Mode == AppKMAC &&
Tests: T3 T8 T4
438 prim_mubi_pkg::mubi4_test_false_strict(entropy_ready_i)) begin
439 // Check if the entropy is not configured but it is needed in
440 // `AppCfg[app_id]` (KMAC mode).
441 //
442 // SW is not properly configured, report and not request Hashing
443 // Return the app with errors
444 1/1 st_d = StError;
Tests: T4 T5 T6
446 1/1 service_rejected_error_set = 1'b 1;
Tests: T4 T5 T6
448 end else begin
449 // As Cfg is stable now, it sends cmd
450 1/1 st_d = StAppMsg;
Tests: T3 T8 T4
452 // App initiates the data
453 1/1 cmd_o = CmdStart;
Tests: T3 T8 T4
454 end
455 end
457 StAppMsg: begin
458 1/1 mux_sel = SelApp;
Tests: T8 T4 T11
459 1/1 if (app_i[app_id].valid && app_o[app_id].ready && app_i[app_id].last) begin
Tests: T8 T4 T11
460 1/1 if (AppCfg[app_id].Mode == AppKMAC) begin
Tests: T8 T4 T11
461 1/1 st_d = StAppOutLen;
Tests: T8 T11 T12
462 end else begin
463 1/1 st_d = StAppProcess;
Tests: T8 T4 T11
464 end
465 end else begin
466 1/1 st_d = StAppMsg;
Tests: T8 T4 T11
467 end
468 end
470 StAppOutLen: begin
471 1/1 mux_sel = SelOutLen;
Tests: T8 T11 T12
473 1/1 if (kmac_valid_o && kmac_ready_i) begin
Tests: T8 T11 T12
474 1/1 st_d = StAppProcess;
Tests: T8 T11 T12
475 end else begin
476 1/1 st_d = StAppOutLen;
Tests: T8 T12 T13
477 end
478 end
480 StAppProcess: begin
481 1/1 cmd_o = CmdProcess;
Tests: T8 T4 T11
482 1/1 st_d = StAppWait;
Tests: T8 T4 T11
483 end
485 StAppWait: begin
486 1/1 if (prim_mubi_pkg::mubi4_test_true_strict(absorbed_i)) begin
Tests: T8 T4 T11
487 // Send digest to KeyMgr and complete the op
488 1/1 st_d = StIdle;
Tests: T8 T4 T11
489 1/1 cmd_o = CmdDone;
Tests: T8 T4 T11
491 1/1 clr_appid = 1'b 1;
Tests: T8 T4 T11
492 end else begin
493 1/1 st_d = StAppWait;
Tests: T8 T4 T11
494 end
495 end
497 StSw: begin
498 1/1 mux_sel = SelSw;
Tests: T1 T2 T9
500 1/1 cmd_o = sw_cmd_i;
Tests: T1 T2 T9
501 1/1 absorbed_o = absorbed_i;
Tests: T1 T2 T9
503 1/1 if (sw_cmd_i == CmdDone) begin
Tests: T1 T2 T9
504 1/1 st_d = StIdle;
Tests: T1 T2 T8
505 end else begin
506 1/1 st_d = StSw;
Tests: T1 T2 T9
507 end
508 end
510 StKeyMgrErrKeyNotValid: begin
511 1/1 st_d = StError;
Tests: T3 T7 T14
513 // As mux_sel is not set to SelApp, app_data_ready is still 0.
514 // This logic won't accept the requests from the selected App.
515 1/1 fsm_err.valid = 1'b 1;
Tests: T3 T7 T14
516 1/1 fsm_err.code = ErrKeyNotValid;
Tests: T3 T7 T14
517 1/1 = 24'(app_id);
Tests: T3 T7 T14
518 end
520 StError: begin
521 // In this state, the state machine flush out the request
522 1/1 st_d = StError;
Tests: T3 T4 T7
524 // Absorb data on the app interface.
525 1/1 fsm_data_ready = ~err_during_sw_q;
Tests: T3 T4 T7
527 // Next step depends on two conditions:
528 // 1) Error being processed by SW
529 // 2) Last data provided from the app interface (so that the app interface is completely)
530 // drained. If the error occurred during a SW operation, the app interface is not
531 // involved, so this condition gets skipped.
532 1/1 unique case ({err_processed_i,
Tests: T3 T4 T7
533 (app_i[app_id].valid && app_i[app_id].last) || err_during_sw_q})
534 2'b00: begin
535 // Error not processed by SW and not last data from app interface -> keep current state.
536 1/1 st_d = StError;
Tests: T3 T4 T7
537 end
538 2'b01: begin
539 // Error not processed by SW but last data from app interface:
540 // 1. Send garbage digest to the app interface (in the next cycle) to complete the
541 // transaction.
542 1/1 fsm_digest_done_d = ~err_during_sw_q;
Tests: T3 T4 T7
543 1/1 if (service_rejected_error) begin
Tests: T3 T4 T7
544 // 2.a) Service was rejected because an app interface tried to configure KMAC while no
545 // entropy was available. It is assumed that SW is not loaded yet, so don't wait for
546 // SW to process the error. The last data from the app interface has now arrived, but
547 // we don't need to wait for the SHA3 core to have absorbed it because the data never
548 // entered the SHA3 core: the request from the app interface was terminated during the
549 // configuration phase.
550 1/1 st_d = StErrorServiceRejected;
Tests: T4 T5 T6
551 end else begin
552 // 2.b) If service was not rejected, wait for SW to process the error.
553 1/1 st_d = StErrorAwaitSw;
Tests: T3 T7 T14
554 end
555 end
556 2'b10: begin
557 // Error processed by SW but not last data from app interface -> wait for app interface.
558 0/1 ==> st_d = StErrorAwaitApp;
559 end
560 2'b11: begin
561 // Error processed by SW and last data from app interface:
562 // Send garbage digest to the app interface (in the next cycle) to complete the
563 // transaction.
564 0/1 ==> fsm_digest_done_d = ~err_during_sw_q;
565 // Flush the message FIFO and let the SHA3 engine compute a digest (which won't be used
566 // but serves to bring the SHA3 engine back to the idle state).
567 0/1 ==> cmd_o = CmdProcess;
568 0/1 ==> st_d = StErrorWaitAbsorbed;
569 end
570 default: st_d = StError;
571 endcase
572 end
574 StErrorAwaitSw: begin
575 // Just wait for SW to process the error.
576 1/1 if (err_processed_i) begin
Tests: T3 T7 T14
577 // Flush the message FIFO and let the SHA3 engine compute a digest (which won't be used
578 // but serves to bring the SHA3 engine back to the idle state).
579 1/1 cmd_o = CmdProcess;
Tests: T3 T7 T14
580 1/1 st_d = StErrorWaitAbsorbed;
Tests: T3 T7 T14
581 end
582 end
584 StErrorAwaitApp: begin
585 // Keep absorbing data on the app interface until the last data.
586 0/1 ==> fsm_data_ready = 1'b1;
587 0/1 ==> if (app_i[app_id].valid && app_i[app_id].last) begin
588 // Send garbage digest to the app interface (in the next cycle) to complete the
589 // transaction.
590 0/1 ==> fsm_digest_done_d = 1'b1;
591 // Flush the message FIFO and let the SHA3 engine compute a digest (which won't be used
592 // but serves to bring the SHA3 engine back to the idle state).
593 0/1 ==> cmd_o = CmdProcess;
594 0/1 ==> st_d = StErrorWaitAbsorbed;
595 end
596 end
598 StErrorWaitAbsorbed: begin
599 1/1 if (prim_mubi_pkg::mubi4_test_true_strict(absorbed_i)) begin
Tests: T3 T7 T14
600 // Clear internal variables, send done command, and return to idle.
601 1/1 clr_appid = 1'b1;
Tests: T3 T7 T14
602 1/1 clear_after_error_o = prim_mubi_pkg::MuBi4True;
Tests: T3 T7 T14
603 1/1 service_rejected_error_clr = 1'b1;
Tests: T3 T7 T14
604 1/1 cmd_o = CmdDone;
Tests: T3 T7 T14
605 1/1 st_d = StIdle;
Tests: T3 T7 T14
606 // If error originated from SW, report 'absorbed' to SW.
607 1/1 if (err_during_sw_q) begin
Tests: T3 T7 T14
608 0/1 ==> absorbed_o = prim_mubi_pkg::MuBi4True;
609 end
610 end
611 end
613 StErrorServiceRejected: begin
614 // Clear internal variables and return to idle.
615 1/1 clr_appid = 1'b1;
Tests: T4 T5 T6
616 1/1 clear_after_error_o = prim_mubi_pkg::MuBi4True;
Tests: T4 T5 T6
617 1/1 service_rejected_error_clr = 1'b1;
Tests: T4 T5 T6
618 1/1 st_d = StIdle;
Tests: T4 T5 T6
619 end
621 StTerminalError: begin
622 // this state is terminal
623 1/1 st_d = st;
Tests: T9 T10 T11
624 1/1 sparse_fsm_error_o = 1'b 1;
Tests: T9 T10 T11
625 1/1 fsm_err.valid = 1'b 1;
Tests: T9 T10 T11
626 1/1 fsm_err.code = ErrFatalError;
Tests: T9 T10 T11
627 1/1 = 24'(app_id);
Tests: T9 T10 T11
628 end
630 default: begin
631 st_d = StTerminalError;
632 sparse_fsm_error_o = 1'b 1;
633 end
634 endcase
637 // Unconditionally jump into the terminal error state
638 // if the life cycle controller triggers an escalation.
639 1/1 if (lc_ctrl_pkg::lc_tx_test_true_loose(lc_escalate_en_i)) begin
Tests: T1 T2 T3
640 1/1 st_d = StTerminalError;
Tests: T9 T10 T11
641 end
643 // Handle errors outside the terminal error state.
644 1/1 if (st_d != StTerminalError) begin
Tests: T1 T2 T3
645 // Key from keymgr is used but not valid, so abort into the invalid key error state.
646 1/1 if (keymgr_key_used && !keymgr_key_i.valid) begin
Tests: T1 T2 T3
647 1/1 st_d = StKeyMgrErrKeyNotValid;
Tests: T3 T7 T14
648 end
649 end
650 end
652 // Track errors occurring in SW mode.
653 1/1 assign err_during_sw_d =
Tests: T1 T2 T3
654 (mux_sel == SelSw) && (st_d inside {StError, StKeyMgrErrKeyNotValid}) ? 1'b1 : // set
655 (st_d == StIdle) ? 1'b0 : // clear
656 err_during_sw_q; // hold
658 always_ff @(posedge clk_i or negedge rst_ni) begin
659 1/1 if (!rst_ni) begin
Tests: T1 T2 T3
660 1/1 err_during_sw_q <= 1'b0;
Tests: T1 T2 T3
661 end else begin
662 1/1 err_during_sw_q <= err_during_sw_d;
Tests: T1 T2 T3
663 end
664 end
666 //////////////
667 // Datapath //
668 //////////////
670 // Encoded output length
671 assign encoded_outlen = EncodedOutLen[SelDigSize];
672 assign encoded_outlen_mask = EncodedOutLenMask[SelKeySize];
674 // Data mux
675 // This is the main part of the KeyMgr interface logic.
676 // The FSM selects KeyMgr interface in a cycle after it receives the first
677 // valid data from KeyMgr. The ready signal to the KeyMgr data interface
678 // represents the MSG_FIFO ready, only when it is in StKeyMgrMsg state.
679 // After KeyMgr sends last beat, the kmac interface (to MSG_FIFO) is switched
680 // to OutLen. OutLen is pre-defined values. See `EncodeOutLen` parameter above.
681 always_comb begin
682 1/1 app_data_ready = 1'b 0;
Tests: T1 T2 T3
683 1/1 sw_ready_o = 1'b 1;
Tests: T1 T2 T3
685 1/1 kmac_valid_o = 1'b 0;
Tests: T1 T2 T3
686 1/1 kmac_data_o = '0;
Tests: T1 T2 T3
687 1/1 kmac_mask_o = '0;
Tests: T1 T2 T3
689 1/1 unique case (mux_sel_buf_kmac)
Tests: T1 T2 T3
690 SelApp: begin
691 // app_id is valid at this time
692 1/1 kmac_valid_o = app_i[app_id].valid;
Tests: T8 T4 T11
693 1/1 kmac_data_o = app_i[app_id].data;
Tests: T8 T4 T11
694 // Expand strb to bits. prim_packer inside MSG_FIFO accepts the bit masks
695 1/1 for (int i = 0 ; i < $bits(app_i[app_id].strb) ; i++) begin
Tests: T8 T4 T11
696 1/1 kmac_mask_o[8*i+:8] = {8{app_i[app_id].strb[i]}};
Tests: T8 T4 T11
697 end
698 1/1 app_data_ready = kmac_ready_i;
Tests: T8 T4 T11
699 end
701 SelOutLen: begin
702 // Write encoded output length value
703 1/1 kmac_valid_o = 1'b 1; // always write
Tests: T8 T11 T12
704 1/1 kmac_data_o = MsgWidth'(encoded_outlen);
Tests: T8 T11 T12
705 1/1 kmac_mask_o = MsgWidth'(encoded_outlen_mask);
Tests: T8 T11 T12
706 end
708 SelSw: begin
709 1/1 kmac_valid_o = sw_valid_i;
Tests: T1 T2 T9
710 1/1 kmac_data_o = sw_data_i ;
Tests: T1 T2 T9
711 1/1 kmac_mask_o = sw_mask_i ;
Tests: T1 T2 T9
712 1/1 sw_ready_o = kmac_ready_i ;
Tests: T1 T2 T9
713 end
715 default: begin // Incl. SelNone
716 kmac_valid_o = 1'b 0;
717 kmac_data_o = '0;
718 kmac_mask_o = '0;
719 end
721 endcase
722 end
724 // Error checking for Mux
725 always_comb begin
726 1/1 mux_err = '{valid: 1'b 0, code: ErrNone, info: '0};
Tests: T1 T2 T3
728 1/1 if (mux_sel_buf_err_check != SelSw && sw_valid_i) begin
Tests: T1 T2 T3
729 // If SW writes message into FIFO
730 1/1 mux_err = '{
Tests: T9 T10 T11
731 valid: 1'b 1,
732 code: ErrSwPushedMsgFifo,
733 info: 24'({8'h 00, 8'(st), 8'(mux_sel_buf_err_check)})
734 };
735 1/1 end else if (app_active_o && sw_cmd_i != CmdNone) begin
Tests: T1 T2 T3
736 // If SW issues command except start
737 1/1 mux_err = '{
Tests: T15 T16 T17
738 valid: 1'b 1,
739 code: ErrSwIssuedCmdInAppActive,
740 info: 24'(sw_cmd_i)
741 };
742 end
743 end
745 logic [AppMuxWidth-1:0] mux_sel_buf_output_logic;
746 1/1 assign mux_sel_buf_output = app_mux_sel_e'(mux_sel_buf_output_logic);
Tests: T1 T2 T3
749 prim_sec_anchor_buf #(
750 .Width(AppMuxWidth)
751 ) u_prim_buf_state_output_sel (
752 .in_i(mux_sel),
753 .out_o(mux_sel_buf_output_logic)
754 );
756 logic [AppMuxWidth-1:0] mux_sel_buf_err_check_logic;
757 1/1 assign mux_sel_buf_err_check = app_mux_sel_e'(mux_sel_buf_err_check_logic);
Tests: T1 T2 T3
760 prim_sec_anchor_buf #(
761 .Width(AppMuxWidth)
762 ) u_prim_buf_state_err_check (
763 .in_i(mux_sel),
764 .out_o(mux_sel_buf_err_check_logic)
765 );
767 logic [AppMuxWidth-1:0] mux_sel_buf_kmac_logic;
768 1/1 assign mux_sel_buf_kmac = app_mux_sel_e'(mux_sel_buf_kmac_logic);
Tests: T1 T2 T3
771 prim_sec_anchor_buf #(
772 .Width(AppMuxWidth)
773 ) u_prim_buf_state_kmac_sel (
774 .in_i(mux_sel),
775 .out_o(mux_sel_buf_kmac_logic)
776 );
779 logic reg_state_valid;
780 prim_sec_anchor_buf #(
781 .Width(1)
782 ) u_prim_buf_state_output_valid (
783 .in_i(reg_state_valid),
784 .out_o(reg_state_valid_o)
785 );
787 // Keccak state Demux
788 // Keccak state --> Register output is enabled when state is in StSw
789 always_comb begin
790 1/1 reg_state_valid = 1'b 0;
Tests: T1 T2 T3
791 1/1 reg_state_o = '{default:'0};
Tests: T1 T2 T3
792 1/1 if ((mux_sel_buf_output == SelSw) &&
Tests: T1 T2 T3
793 lc_ctrl_pkg::lc_tx_test_false_strict(lc_escalate_en_i)) begin
794 1/1 reg_state_valid = keccak_state_valid_i;
Tests: T1 T2 T9
795 1/1 reg_state_o = keccak_state_i;
Tests: T1 T2 T9
796 // If key is sideloaded and KMAC is SW initiated
797 // hide the capacity from SW by zeroing (see #17508)
798 1/1 if (keymgr_key_en_i) begin
Tests: T1 T2 T9
799 1/1 for (int i = 0; i < Share; i++) begin
Tests: T9 T18 T19
800 1/1 unique case (reg_keccak_strength_i)
Tests: T9 T18 T19
801 1/1 L128: reg_state_o[i][sha3_pkg::StateW-1-:KeccakBitCapacity[L128]] = '0;
Tests: T19 T12 T13
802 1/1 L224: reg_state_o[i][sha3_pkg::StateW-1-:KeccakBitCapacity[L224]] = '0;
Tests: T20 T17 T21
803 1/1 L256: reg_state_o[i][sha3_pkg::StateW-1-:KeccakBitCapacity[L256]] = '0;
Tests: T9 T18 T12
804 1/1 L384: reg_state_o[i][sha3_pkg::StateW-1-:KeccakBitCapacity[L384]] = '0;
Tests: T22 T20 T23
805 1/1 L512: reg_state_o[i][sha3_pkg::StateW-1-:KeccakBitCapacity[L512]] = '0;
Tests: T24 T20 T23
806 default: reg_state_o[i] = '0;
807 endcase
808 end
809 end
810 end
811 end
813 // Keccak state --> KeyMgr
814 always_comb begin
815 1/1 app_digest_done = 1'b 0;
Tests: T1 T2 T3
816 1/1 app_digest = '{default:'0};
Tests: T1 T2 T3
817 1/1 if (st == StAppWait && prim_mubi_pkg::mubi4_test_true_strict(absorbed_i) &&
Tests: T1 T2 T3
818 lc_ctrl_pkg::lc_tx_test_false_strict(lc_escalate_en_i)) begin
819 // SHA3 engine has calculated the hash. Return the data to KeyMgr
820 1/1 app_digest_done = 1'b 1;
Tests: T8 T4 T11
822 // digest has always 2 entries. If !EnMasking, second is tied to 0.
823 1/1 for (int i = 0 ; i < Share ; i++) begin
Tests: T8 T4 T11
824 // Return the portion of state.
825 1/1 app_digest[i] = keccak_state_i[i][AppDigestW-1:0];
Tests: T8 T4 T11
826 end
827 end
828 end
831 // Secret Key Mux
833 // Prepare merged key if EnMasking is not set.
834 // Combine share keys into unpacked array for logic below to assign easily.
836 logic [MaxKeyLen-1:0] keymgr_key [Share];
837 if (EnMasking == 1) begin : g_masked_key
838 for (genvar i = 0; i < Share; i++) begin : gen_key_pad
839 2/2 assign keymgr_key[i] = {(MaxKeyLen-KeyMgrKeyW)'(0), keymgr_key_i.key[i]};
Tests: T9 T8 T18 | T9 T8 T18
840 end
841 end else begin : g_unmasked_key
842 always_comb begin
843 keymgr_key[0] = '0;
844 for (int i = 0; i < keymgr_pkg::Shares; i++) begin
845 keymgr_key[0][KeyMgrKeyW-1:0] ^= keymgr_key_i.key[i];
846 end
847 end
848 end
850 // Sideloaded key manage: Keep use sideloaded key for KMAC AppIntf until the
851 // hashing operation is finished.
852 always_comb begin
853 1/1 keymgr_key_used = 1'b0;
Tests: T1 T2 T3
854 1/1 key_len_o = reg_key_len_i;
Tests: T1 T2 T3
855 1/1 for (int i = 0 ; i < Share; i++) begin
Tests: T1 T2 T3
856 1/1 key_data_o[i] = reg_key_data_i[i];
Tests: T1 T2 T3
857 end
858 // The key is considered invalid in all cases that are not listed below (which includes idle and
859 // error states).
860 1/1 key_valid_o = 1'b0;
Tests: T1 T2 T3
862 1/1 unique case (st)
Tests: T1 T2 T3
863 StAppCfg, StAppMsg, StAppOutLen, StAppProcess, StAppWait: begin
864 // Key from keymgr is actually used if the current HW app interface does *keyed* MAC.
865 1/1 keymgr_key_used = AppCfg[app_id].Mode == AppKMAC;
Tests: T3 T8 T4
866 1/1 key_len_o = SideloadedKey;
Tests: T3 T8 T4
867 1/1 for (int i = 0 ; i < Share; i++) begin
Tests: T3 T8 T4
868 1/1 key_data_o[i] = keymgr_key[i];
Tests: T3 T8 T4
869 end
870 // Key is valid if the current HW app interface does *keyed* MAC and the key provided by
871 // keymgr is valid.
872 1/1 key_valid_o = keymgr_key_used && keymgr_key_i.valid;
Tests: T3 T8 T4
873 end
875 StSw: begin
876 1/1 if (keymgr_key_en_i) begin
Tests: T1 T2 T9
877 // Key from keymgr is actually used if *keyed* MAC is enabled.
878 1/1 keymgr_key_used = kmac_en_o;
Tests: T9 T18 T19
879 1/1 key_len_o = SideloadedKey;
Tests: T9 T18 T19
880 1/1 for (int i = 0 ; i < Share; i++) begin
Tests: T9 T18 T19
881 1/1 key_data_o[i] = keymgr_key[i];
Tests: T9 T18 T19
882 end
883 end
884 // Key is valid if SW does *keyed* MAC and ...
885 1/1 if (kmac_en_o) begin
Tests: T1 T2 T9
886 1/1 if (!keymgr_key_en_i) begin
Tests: T1 T2 T9
887 // ... it uses the key from kmac's CSR, or ...
888 1/1 key_valid_o = 1'b1;
Tests: T1 T2 T8
889 end else begin
890 // ... it uses the key provided by keymgr and that one is valid.
891 1/1 key_valid_o = keymgr_key_i.valid;
Tests: T9 T18 T19
892 end
893 end
894 end
896 default: ;
897 endcase
898 end
900 // Prefix Demux
901 // For SW, always prefix register.
902 // For App intf, check PrefixMode cfg and if 1, use Prefix cfg.
903 always_comb begin
904 1/1 sha3_prefix_o = '0;
Tests: T1 T2 T3
906 1/1 unique case (st)
Tests: T1 T2 T3
907 StAppCfg, StAppMsg, StAppOutLen, StAppProcess, StAppWait: begin
908 // Check app intf cfg
909 1/1 for (int unsigned i = 0 ; i < NumAppIntf ; i++) begin
Tests: T3 T8 T4
910 1/1 if (app_id == i) begin
Tests: T3 T8 T4
911 1/1 if (AppCfg[i].PrefixMode == 1'b 0) begin
Tests: T3 T8 T4
912 0/1 ==> sha3_prefix_o = reg_prefix_i;
913 end else begin
914 1/1 sha3_prefix_o = AppCfg[i].Prefix;
Tests: T3 T8 T4
915 end
916 end
917 end
918 end
920 StSw: begin
921 1/1 sha3_prefix_o = reg_prefix_i;
Tests: T1 T2 T9
922 end
924 default: begin
925 sha3_prefix_o = reg_prefix_i;
926 end
927 endcase
928 end
930 // KMAC en / SHA3 mode / Strength
931 // by default, it uses reg cfg. When app intf reqs come, it uses AppCfg.
932 always_ff @(posedge clk_i or negedge rst_ni) begin
933 1/1 if (!rst_ni) begin
Tests: T1 T2 T3
934 1/1 kmac_en_o <= 1'b 0;
Tests: T1 T2 T3
935 1/1 sha3_mode_o <= sha3_pkg::Sha3;
Tests: T1 T2 T3
936 1/1 keccak_strength_o <= sha3_pkg::L256;
Tests: T1 T2 T3
937 1/1 end else if (clr_appid) begin
Tests: T1 T2 T3
938 // As App completed, latch reg value
939 1/1 kmac_en_o <= reg_kmac_en_i;
Tests: T3 T8 T4
940 1/1 sha3_mode_o <= reg_sha3_mode_i;
Tests: T3 T8 T4
941 1/1 keccak_strength_o <= reg_keccak_strength_i;
Tests: T3 T8 T4
942 1/1 end else if (set_appid) begin
Tests: T1 T2 T3
943 1/1 kmac_en_o <= AppCfg[arb_idx].Mode == AppKMAC ? 1'b 1 : 1'b 0;
Tests: T3 T8 T4
944 1/1 sha3_mode_o <= AppCfg[arb_idx].Mode == AppSHA3
Tests: T3 T8 T4
945 ? sha3_pkg::Sha3 : sha3_pkg::CShake;
946 1/1 keccak_strength_o <= AppCfg[arb_idx].Strength ;
Tests: T3 T8 T4
947 1/1 end else if (st == StIdle) begin
Tests: T1 T2 T3
948 1/1 kmac_en_o <= reg_kmac_en_i;
Tests: T1 T2 T3
949 1/1 sha3_mode_o <= reg_sha3_mode_i;
Tests: T1 T2 T3
950 1/1 keccak_strength_o <= reg_keccak_strength_i;
Tests: T1 T2 T3
951 end
952 end
954 // Status
955 assign app_active_o = (st inside {StAppCfg, StAppMsg, StAppOutLen,
956 StAppProcess, StAppWait});
958 // Error Reporting ==========================================================
959 always_comb begin
960 1/1 priority casez ({fsm_err.valid, mux_err.valid})
Tests: T1 T2 T3
961 1/1 2'b ?1: error_o = mux_err;
Tests: T9 T10 T11
962 1/1 2'b 10: error_o = fsm_err;
Tests: T3 T9 T10
963 default: error_o = '{valid: 1'b0, code: ErrNone, info: '0};
