Line Coverage for Module :
keccak_2share
| Line No. | Total | Covered | Percent |
TOTAL | | 73 | 73 | 100.00 |
CONT_ASSIGN | 86 | 1 | 1 | 100.00 |
CONT_ASSIGN | 87 | 1 | 1 | 100.00 |
CONT_ASSIGN | 88 | 1 | 1 | 100.00 |
CONT_ASSIGN | 89 | 1 | 1 | 100.00 |
CONT_ASSIGN | 91 | 0 | 0 | |
CONT_ASSIGN | 98 | 1 | 1 | 100.00 |
CONT_ASSIGN | 99 | 1 | 1 | 100.00 |
CONT_ASSIGN | 114 | 1 | 1 | 100.00 |
CONT_ASSIGN | 115 | 1 | 1 | 100.00 |
CONT_ASSIGN | 116 | 1 | 1 | 100.00 |
CONT_ASSIGN | 125 | 1 | 1 | 100.00 |
CONT_ASSIGN | 129 | 1 | 1 | 100.00 |
CONT_ASSIGN | 136 | 1 | 1 | 100.00 |
CONT_ASSIGN | 143 | 1 | 1 | 100.00 |
CONT_ASSIGN | 296 | 1 | 1 | 100.00 |
CONT_ASSIGN | 297 | 1 | 1 | 100.00 |
CONT_ASSIGN | 314 | 1 | 1 | 100.00 |
CONT_ASSIGN | 315 | 1 | 1 | 100.00 |
CONT_ASSIGN | 322 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 324 | 1 | 1 | 100.00 |
CONT_ASSIGN | 344 | 1 | 1 | 100.00 |
ROUTINE | 363 | 0 | 0 | |
ROUTINE | 363 | 5 | 5 | 100.00 |
ROUTINE | 376 | 0 | 0 | |
ROUTINE | 376 | 5 | 5 | 100.00 |
ROUTINE | 409 | 0 | 0 | |
ROUTINE | 409 | 10 | 10 | 100.00 |
ROUTINE | 478 | 0 | 0 | |
ROUTINE | 478 | 4 | 4 | 100.00 |
ROUTINE | 492 | 0 | 0 | |
ROUTINE | 492 | 3 | 3 | 100.00 |
ROUTINE | 547 | 3 | 3 | 100.00 |
85 logic [Width/2-1:0] unused_rand;
86 1/1 assign unused_clk = clk_i;
Tests: T1 T2 T3
87 1/1 assign unused_rst_n = rst_ni;
Tests: T1 T2 T3
88 1/1 assign unused_phase_sel = phase_sel_i;
Tests: T1 T2 T3
89 1/1 assign unused_dom_ctrl =
Tests: T1 T2 T3
90 ^{dom_out_low_i, dom_in_low_i, dom_in_rand_ext_i, dom_update_i};
91 unreachable assign unused_rand = rand_i;
92 end
93
94 //////////////////////////////////////////////////
95 // Input/output type conversion and interfacing //
96 //////////////////////////////////////////////////
97 for (genvar i = 0 ; i < Share ; i++) begin : g_state_inout
98 1/1 assign state_in[i] = bitarray_to_box(s_i[i]);
Tests: T1 T2 T3
99 1/1 assign s_o[i] = box_to_bitarray(state_out[i]);
Tests: T1 T2 T3
100 end : g_state_inout
101
102 if (EnMasking) begin : g_2share_data
103 assign phase1_in = state_in;
104 assign phase2_in = state_in;
105
106 always_comb begin
107 unique case (phase_sel_i)
108 MuBi4False: state_out = phase1_out;
109 MuBi4True: state_out = phase2_out;
110 default: state_out = phase1_out;
111 endcase
112 end
113 end else begin : g_single_data
114 1/1 assign phase1_in = state_in;
Tests: T1 T2 T3
115 1/1 assign phase2_in = phase1_out;
Tests: T1 T2 T3
116 1/1 assign state_out = phase2_out;
Tests: T1 T2 T3
117 end
118
119 //////////////
120 // Datapath //
121 //////////////
122 for (genvar i = 0 ; i < Share ; i++) begin : g_datapath
123
124 // Phase 1:
125 1/1 assign theta_data[i] = theta(phase1_in[i]);
Tests: T1 T2 T3
126 // Commented out rho function as vcs complains z-Offset%W isn't constant
127 // assign rho_data[i] = rho(theta_data[i]);
128
129 1/1 assign pi_data[i] = pi(rho_data[i]);
Tests: T1 T2 T3
130
131 // Phase 2 (Cycles 1, 2 and 3):
132 // Chi : See below
133 // Iota: See below
134 end : g_datapath
135
136 1/1 assign phase1_out = pi_data;
Tests: T1 T2 T3
137
138 // Iota adds Round Constants(RC), so only one share should be XORed
139 if (EnMasking) begin : g_2share_iota
140 assign iota_data[0] = iota(chi_data[0], rnd_i);
141 assign iota_data[1] = chi_data[1];
142 end else begin : g_single_iota
143 1/1 assign iota_data[0] = iota(chi_data[0], rnd_i);
Tests: T1 T2 T3
144 end
145
146 if (EnMasking) begin : g_2share_chi
147 // Domain-Oriented Masking
148 // reference: https://eprint.iacr.org/2017/395.pdf
149
150 localparam int unsigned WSheetHalf = $bits(sheet_t)/2;
151 logic [4:0][WSheetHalf-1:0] in_prd, out_prd;
152
153 /////////////////////
154 // DOM multipliers //
155 /////////////////////
156
157 for (genvar x = 0 ; x < 5 ; x++) begin : g_chi_w
158 localparam int X1 = (x + 1) % 5;
159 localparam int X2 = (x + 2) % 5;
160
161 sheet_t sheet0[Share]; // Inverted input X1
162 sheet_t sheet1[Share]; // X2
163 sheet_t sheet2[Share]; // DOM output
164
165 assign sheet0[0] = ~phase2_in[0][X1];
166 assign sheet0[1] = phase2_in[1][X1];
167
168 assign sheet1[0] = phase2_in[0][X2];
169 assign sheet1[1] = phase2_in[1][X2];
170
171 // Convert sheet_t to 1D arrays, one for the upper and lower half lane.
172 logic [WSheetHalf-1:0] a0_l, a1_l, b0_l, b1_l;
173 logic [WSheetHalf-1:0] a0_h, a1_h, b0_h, b1_h;
174 logic [WSheetHalf-1:0] a0, a1, b0, b1, q0, q1;
175
176 assign a0_l = {sheet0[0][0][W/2-1:0],
177 sheet0[0][1][W/2-1:0],
178 sheet0[0][2][W/2-1:0],
179 sheet0[0][3][W/2-1:0],
180 sheet0[0][4][W/2-1:0]};
181 assign a1_l = {sheet0[1][0][W/2-1:0],
182 sheet0[1][1][W/2-1:0],
183 sheet0[1][2][W/2-1:0],
184 sheet0[1][3][W/2-1:0],
185 sheet0[1][4][W/2-1:0]};
186
187 assign a0_h = {sheet0[0][0][W-1:W/2],
188 sheet0[0][1][W-1:W/2],
189 sheet0[0][2][W-1:W/2],
190 sheet0[0][3][W-1:W/2],
191 sheet0[0][4][W-1:W/2]};
192 assign a1_h = {sheet0[1][0][W-1:W/2],
193 sheet0[1][1][W-1:W/2],
194 sheet0[1][2][W-1:W/2],
195 sheet0[1][3][W-1:W/2],
196 sheet0[1][4][W-1:W/2]};
197
198 assign b0_l = {sheet1[0][0][W/2-1:0],
199 sheet1[0][1][W/2-1:0],
200 sheet1[0][2][W/2-1:0],
201 sheet1[0][3][W/2-1:0],
202 sheet1[0][4][W/2-1:0]};
203 assign b1_l = {sheet1[1][0][W/2-1:0],
204 sheet1[1][1][W/2-1:0],
205 sheet1[1][2][W/2-1:0],
206 sheet1[1][3][W/2-1:0],
207 sheet1[1][4][W/2-1:0]};
208
209 assign b0_h = {sheet1[0][0][W-1:W/2],
210 sheet1[0][1][W-1:W/2],
211 sheet1[0][2][W-1:W/2],
212 sheet1[0][3][W-1:W/2],
213 sheet1[0][4][W-1:W/2]};
214 assign b1_h = {sheet1[1][0][W-1:W/2],
215 sheet1[1][1][W-1:W/2],
216 sheet1[1][2][W-1:W/2],
217 sheet1[1][3][W-1:W/2],
218 sheet1[1][4][W-1:W/2]};
219
220 // Input muxing
221 assign a0 = dom_in_low_i ? a0_l : a0_h;
222 assign a1 = dom_in_low_i ? a1_l : a1_h;
223 assign b0 = dom_in_low_i ? b0_l : b0_h;
224 assign b1 = dom_in_low_i ? b1_l : b1_h;
225
226 // Randomness muxing
227 if (!ForceRandExt) begin : gen_in_prd_mux
228 // Intermediate results are rotated across rows. The new Row x depends on
229 // data from Rows x + 1 and x + 2. Hence we don't want to use intermediate
230 // results from Rows x, x + 1, and x + 2 for remasking.
231 assign in_prd[x] = dom_in_rand_ext_i ? rand_i[x * WSheetHalf +: WSheetHalf] :
232 out_prd[rot_int(x, 5)];
233 end else begin : gen_no_in_prd_mux
234 // Always use the externally provided randomness.
235 assign in_prd[x] = rand_i[x * WSheetHalf +: WSheetHalf];
236 // Tie off unused signals.
237 logic unused_out_prd;
238 assign unused_out_prd = ^{dom_in_rand_ext_i, out_prd[rot_int(x, 5)]};
239 end
240
241 prim_dom_and_2share #(
242 .DW (WSheetHalf), // a half sheet
243 .Pipeline(1) // Process the full sheet in 3 clock cycles. This reduces
244 // SCA leakage.
245 ) u_dom (
246 .clk_i,
247 .rst_ni,
248
249 .a0_i (a0),
250 .a1_i (a1),
251 .b0_i (b0),
252 .b1_i (b1),
253 .z_valid_i (dom_update_i),
254 .z_i (in_prd[x]),
255 .q0_o (q0),
256 .q1_o (q1),
257 .prd_o (out_prd[x])
258 );
259
260 // Output conversion from q0, q1 to sheet_t
261 // For simplicity, we forward the generated lane half to both the upper
262 // and lower lane halves at this point. The actual output muxing/selection
263 // happens after the Iota step when generating phase2_out from iota_data
264 // and state_in below.
265 assign sheet2[0][4] = {2{q0[W/2*0+:W/2]}};
266 assign sheet2[0][3] = {2{q0[W/2*1+:W/2]}};
267 assign sheet2[0][2] = {2{q0[W/2*2+:W/2]}};
268 assign sheet2[0][1] = {2{q0[W/2*3+:W/2]}};
269 assign sheet2[0][0] = {2{q0[W/2*4+:W/2]}};
270
271 assign sheet2[1][4] = {2{q1[W/2*0+:W/2]}};
272 assign sheet2[1][3] = {2{q1[W/2*1+:W/2]}};
273 assign sheet2[1][2] = {2{q1[W/2*2+:W/2]}};
274 assign sheet2[1][1] = {2{q1[W/2*3+:W/2]}};
275 assign sheet2[1][0] = {2{q1[W/2*4+:W/2]}};
276
277 // Final XOR to generate the output
278 assign chi_data[0][x] = sheet2[0] ^ phase2_in[0][x];
279 assign chi_data[1][x] = sheet2[1] ^ phase2_in[1][x];
280 end : g_chi_w
281
282 // Since Chi and thus Iota are separately applied to the lower and upper half
283 // lanes, we need to forward the input to the other half.
284 for (genvar x = 0 ; x < 5 ; x++) begin : g_2share_phase2_out_row
285 for (genvar y = 0 ; y < 5 ; y++) begin : g_2share_phase2_out_col
286 assign phase2_out[0][x][y] = dom_out_low_i ?
287 { state_in[0][x][y][W-1:W/2], iota_data[0][x][y][W/2-1:0]} :
288 {iota_data[0][x][y][W-1:W/2], state_in[0][x][y][W/2-1:0]};
289 assign phase2_out[1][x][y] = dom_out_low_i ?
290 { state_in[1][x][y][W-1:W/2], iota_data[1][x][y][W/2-1:0]} :
291 {iota_data[1][x][y][W-1:W/2], state_in[1][x][y][W/2-1:0]};
292 end
293 end
294
295 end else begin : g_single_chi
296 1/1 assign chi_data[0] = chi(phase2_in[0]);
Tests: T1 T2 T3
297 1/1 assign phase2_out = iota_data;
Tests: T1 T2 T3
298 end
299
300 // Rho ======================================================================
301 // As RhoOffset[x][y] is considered as variable int in VCS,
302 // it is replaced with generate statement.
303 // Revised to meet verilator lint. Now RhoOffset is 1-D array
304 localparam int RhoOffset [25] = '{
305 //y 0 1 2 3 4 x
306 0, 36, 3, 105, 210, // 0: 0 1 2 3 4
307 1, 300, 10, 45, 66, // 1: 5 6 7 8 9
308 190, 6, 171, 15, 253, // 2: 10 11 12 13 14
309 28, 55, 153, 21, 120, // 3: 15 16 17 18 19
310 91, 276, 231, 136, 78 // 4: 20 21 22 23 24
311 };
312 for (genvar i = 0 ; i < Share ; i++) begin : g_rho
313 box_t rho_in, rho_out;
314 1/1 assign rho_in = theta_data[i];
Tests: T1 T2 T3
315 1/1 assign rho_data[i] = rho_out;
Tests: T1 T2 T3
316
317 for (genvar x = 0 ; x < 5 ; x++) begin : gen_rho_x
318 for (genvar y = 0 ; y < 5 ; y++) begin : gen_rho_y
319 localparam int Offset = RhoOffset[5*x+y]%W;
320 localparam int ShiftAmt = W- Offset;
321 if (Offset == 0) begin : gen_offset0
322 1/1 assign rho_out[x][y][W-1:0] = rho_in[x][y][W-1:0];
Tests: T1 T2 T3
323 end else begin : gen_others
324 24/24 assign rho_out[x][y][W-1:0] = {rho_in[x][y][0+:ShiftAmt],
Tests: T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3
325 rho_in[x][y][ShiftAmt+:Offset]};
326 end
327 end
328 end
329 end : g_rho
330
331 ////////////////
332 // Assertions //
333 ////////////////
334
335 `ASSERT_INIT(ValidWidth_A,
336 EnMasking == 0 && Width inside {25, 50, 100, 200, 400, 800, 1600} ||
337 EnMasking == 1 && Width inside {50, 100, 200, 400, 800, 1600})
338 `ASSERT_INIT(ValidW_A, W inside {1, 2, 4, 8, 16, 32, 64})
339 `ASSERT_INIT(ValidL_A, L inside {0, 1, 2, 3, 4, 5, 6})
340 `ASSERT_INIT(ValidRound_A, MaxRound <= 24) // Keccak-f only
341
342 // phase_sel_i shall stay for two cycle after change to 1.
343 lc_ctrl_pkg::lc_tx_t unused_lc_sig;
344 1/1 assign unused_lc_sig = lc_escalate_en_i;
Tests: T1 T2 T3
345 if (EnMasking) begin : gen_selperiod_chk
346 `ASSUME(SelStayTwoCycleIfTrue_A,
347 ($past(phase_sel_i) == MuBi4False) && (phase_sel_i == MuBi4True)
348 |=> phase_sel_i == MuBi4True, clk_i, !rst_ni ||
349 lc_ctrl_pkg::lc_tx_test_true_loose(lc_escalate_en_i))
350 end
351
352 ///////////////
353 // Functions //
354 ///////////////
355
356 // Convert bitarray to 3D box
357 // Please take a look at FIPS PUB 202
358 // https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
359 // > For all triples (x,y,z) such that 0<=x<5, 0<=y<5, and 0<=z<w,
360 // > A[x,y,z]=S[w(5y+x)+z]
361 function automatic box_t bitarray_to_box(logic [Width-1:0] s_in);
362 automatic box_t box;
363 1/1 for (int y = 0 ; y < 5 ; y++) begin
Tests: T1 T2 T3
364 1/1 for (int x = 0 ; x < 5 ; x++) begin
Tests: T1 T2 T3
365 1/1 for (int z = 0 ; z < W ; z++) begin
Tests: T1 T2 T3
366 1/1 box[x][y][z] = s_in[W*(5*y+x) + z];
Tests: T1 T2 T3
367 end
368 end
369 end
370 1/1 return box;
Tests: T1 T2 T3
371 endfunction : bitarray_to_box
372
373 // Convert 3D cube to bitarray
374 function automatic logic [Width-1:0] box_to_bitarray(box_t state);
375 automatic logic [Width-1:0] bitarray;
376 1/1 for (int y = 0 ; y < 5 ; y++) begin
Tests: T1 T2 T3
377 1/1 for (int x = 0 ; x < 5 ; x++) begin
Tests: T1 T2 T3
378 1/1 for (int z = 0 ; z < W ; z++) begin
Tests: T1 T2 T3
379 1/1 bitarray[W*(5*y+x)+z] = state[x][y][z];
Tests: T1 T2 T3
380 end
381 end
382 end
383 1/1 return bitarray;
Tests: T1 T2 T3
384 endfunction : box_to_bitarray
385
386 // Rotate integer indices
387 function automatic integer rot_int(integer in, integer num);
388 integer out;
389 if (in == 0) begin
390 out = num - 1;
391 end else begin
392 out = in - 1;
393 end
394 return out;
395 endfunction
396
397 // Step Mapping =============================================================
398 // theta
399 // XOR each bit in the state with the parity of two columns
400 // C[x,z] = A[x,0,z] ^ A[x,1,z] ^ A[x,2,z] ^ A[x,3,z] ^ A[x,4,z]
401 // D[x,z] = C[x-1,z] ^ C[x+1,z-1]
402 // theta = A[x,y,z] ^ D[x,z]
403 localparam int ThetaIndexX1 [5] = '{4, 0, 1, 2, 3}; // (x-1)%5
404 localparam int ThetaIndexX2 [5] = '{1, 2, 3, 4, 0}; // (x+1)%5
405 function automatic box_t theta(box_t state);
406 plane_t c;
407 plane_t d;
408 box_t result;
409 1/1 for (int x = 0 ; x < 5 ; x++) begin
Tests: T1 T2 T3
410 1/1 c[x] = state[x][0] ^ state[x][1] ^ state[x][2] ^ state[x][3] ^ state[x][4];
Tests: T1 T2 T3
411 end
412 1/1 for (int x = 0 ; x < 5 ; x++) begin
Tests: T1 T2 T3
413 1/1 for (int z = 0 ; z < W ; z++) begin
Tests: T1 T2 T3
414 int index_z;
415 1/1 index_z = (z == 0) ? W-1 : z-1; // (z+1)%W
Tests: T1 T2 T3
416 1/1 d[x][z] = c[ThetaIndexX1[x]][z] ^ c[ThetaIndexX2[x]][index_z];
Tests: T1 T2 T3
417 end
418 end
419 1/1 for (int x = 0 ; x < 5 ; x++) begin
Tests: T1 T2 T3
420 1/1 for (int y = 0 ; y < 5 ; y++) begin
Tests: T1 T2 T3
421 1/1 result[x][y] = state[x][y] ^ d[x];
Tests: T1 T2 T3
422 end
423 end
424 1/1 return result;
Tests: T1 T2 T3
425 endfunction : theta
426
427 // rho
428
429 // Commented out entire rho function due to VCS elaboration error.
430 // (z-RhoOffset[x][y]%W) isn't considered as a constant in VCS.
431 // Even changing it to W-RhoOffset[x][y]%W and assign to ShiftAmt
432 // creates same error.
433
434 // Offset : Look at Table 2 in FIPS PUB 202
435 //localparam int RhoOffset [5][5] = '{
436 // //y 0 1 2 3 4 x
437 // '{ 0, 36, 3, 105, 210},// 0
438 // '{ 1, 300, 10, 45, 66},// 1
439 // '{ 190, 6, 171, 15, 253},// 2
440 // '{ 28, 55, 153, 21, 120},// 3
441 // '{ 91, 276, 231, 136, 78} // 4
442 //};
443
444 // rotate bits of each lane by offset
445 // 1. rho[0,0,z] = A[0,0,z]
446 // 2. Offset swap
447 // a. (x,y) := (1,0)
448 // b. for t [0..23]
449 // i. rho[x,y,z] = A[x,y,z-(t+1)(t+2)/2]
450 // ii. (x,y) = (y, (2x+3y))
451 //function automatic box_t rho(box_t state);
452 // box_t result;
453 // for (int x = 0 ; x < 5 ; x++) begin
454 // for (int y = 0 ; y < 5 ; y++) begin
455 // for (int z = 0 ; z < W ; z++) begin
456 // automatic int index_z;
457 // index_z = (z-RhoOffset[x][y])%W;
458 // result[x][y][z] = state[x][y][(z-RhoOffset[x][y])%W];
459 // end
460 // end
461 // end
462 // return result;
463 //endfunction : rho
464
465 // pi
466 // rearrange the position of lanes
467 // pi[x,y,z] = state[(x+3y),x,z]
468 localparam int PiRotate [5][5] = '{
469 //y 0 1 2 3 4 x
470 '{ 0, 3, 1, 4, 2},// 0
471 '{ 1, 4, 2, 0, 3},// 1
472 '{ 2, 0, 3, 1, 4},// 2
473 '{ 3, 1, 4, 2, 0},// 3
474 '{ 4, 2, 0, 3, 1} // 4
475 };
476 function automatic box_t pi(box_t state);
477 box_t result;
478 1/1 for (int x = 0 ; x < 5 ; x++) begin
Tests: T1 T2 T3
479 1/1 for (int y = 0 ; y < 5 ; y++) begin
Tests: T1 T2 T3
480 1/1 result[x][y][W-1:0] = state[PiRotate[x][y]][x][W-1:0];
Tests: T1 T2 T3
481 end
482 end
483 1/1 return result;
Tests: T1 T2 T3
484 endfunction : pi
485
486 // chi
487 // chi[x,y,z] = state[x,y,z] ^ ((state[x+1,y,z] ^ 1) & state[x+2,y,z])
488 localparam int ChiIndexX1 [5] = '{1, 2, 3, 4, 0}; // (x+1)%5
489 localparam int ChiIndexX2 [5] = '{2, 3, 4, 0, 1}; // (x+2)%5
490 function automatic box_t chi(box_t state);
491 box_t result;
492 1/1 for (int x = 0 ; x < 5 ; x++) begin
Tests: T1 T2 T3
493 1/1 result[x] = state[x] ^ ((~state[ChiIndexX1[x]]) & state[ChiIndexX2[x]]);
Tests: T1 T2 T3
494 end
495 1/1 return result;
Tests: T1 T2 T3
496 endfunction : chi
497
498 // iota
499 // XOR (x,y) = (0,0) with Round Constant (RC)
500
501 // RC parameter: Precomputed by util/keccak_rc.py. Only up-to 0..L-1 is used
502 // RC = '0
503 // RC[2**j-1] = rc(j+7*rnd)
504 // rc(t) =
505 // 1. t%255 == 0 -> 1
506 // 2. R[0:7] = 'b10000000
507 // 3. for i = [1..t%255]
508 // a. R = 0 || R
509 // b. R[0] = R[0] ^ R[8]
510 // c. R[4] = R[4] ^ R[8]
511 // d. R[5] = R[5] ^ R[8]
512 // e. R[6] = R[6] ^ R[8]
513 // f. R = R[0:7]
514 // 4. return R[0]
515 // RC has L = [0..6]
516 // for lower L case, only chopping lower part of 64bit RC is sufficient.
517 localparam logic [63:0] RC [24] = '{
518 64'h 0000_0000_0000_0001, // Round 0
519 64'h 0000_0000_0000_8082, // Round 1
520 64'h 8000_0000_0000_808A, // Round 2
521 64'h 8000_0000_8000_8000, // Round 3
522 64'h 0000_0000_0000_808B, // Round 4
523 64'h 0000_0000_8000_0001, // Round 5
524 64'h 8000_0000_8000_8081, // Round 6
525 64'h 8000_0000_0000_8009, // Round 7
526 64'h 0000_0000_0000_008A, // Round 8
527 64'h 0000_0000_0000_0088, // Round 9
528 64'h 0000_0000_8000_8009, // Round 10
529 64'h 0000_0000_8000_000A, // Round 11
530 64'h 0000_0000_8000_808B, // Round 12
531 64'h 8000_0000_0000_008B, // Round 13
532 64'h 8000_0000_0000_8089, // Round 14
533 64'h 8000_0000_0000_8003, // Round 15
534 64'h 8000_0000_0000_8002, // Round 16
535 64'h 8000_0000_0000_0080, // Round 17
536 64'h 0000_0000_0000_800A, // Round 18
537 64'h 8000_0000_8000_000A, // Round 19
538 64'h 8000_0000_8000_8081, // Round 20
539 64'h 8000_0000_0000_8080, // Round 21
540 64'h 0000_0000_8000_0001, // Round 22
541 64'h 8000_0000_8000_8008 // Round 23
542 };
543
544 // iota: XOR with RC for (x,y) = (0,0)
545 function automatic box_t iota(box_t state, logic [RndW-1:0] rnd);
546 box_t result;
547 1/1 result = state;
Tests: T1 T2 T3
548 1/1 result[0][0][W-1:0] = state[0][0][W-1:0] ^ RC[rnd][W-1:0];
Tests: T1 T2 T3
549
550 1/1 return result;
Tests: T1 T2 T3
Cond Coverage for Module :
keccak_2share
| Total | Covered | Percent |
Conditions | 8 | 6 | 75.00 |
Logical | 8 | 6 | 75.00 |
Non-Logical | 0 | 0 | |
Event | 0 | 0 | |
LINE 415
EXPRESSION ((z == 0) ? ((W - 1)) : ((z - 1)))
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Not Covered | |
LINE 415
SUB-EXPRESSION (z == 0)
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Not Covered | |
LINE 416
EXPRESSION (c[ThetaIndexX1[x]][z] ^ c[ThetaIndexX2[x]][index_z])
----------1---------- -------------2-------------
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T1,T2,T4 |
1 | 0 | Covered | T1,T2,T4 |
1 | 1 | Covered | T1,T2,T4 |
Branch Coverage for Module :
keccak_2share
| Line No. | Total | Covered | Percent |
Branches |
|
2 |
1 |
50.00 |
TERNARY |
415 |
2 |
1 |
50.00 |
415 index_z = (z == 0) ? W-1 : z-1; // (z+1)%W
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Not Covered |
|
0 |
Covered |
T1,T2,T3 |
Assert Coverage for Module :
keccak_2share
Assertion Details
ValidL_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
663 |
663 |
0 |
0 |
T1 |
1 |
1 |
0 |
0 |
T2 |
1 |
1 |
0 |
0 |
T3 |
1 |
1 |
0 |
0 |
T4 |
1 |
1 |
0 |
0 |
T12 |
1 |
1 |
0 |
0 |
T13 |
1 |
1 |
0 |
0 |
T14 |
1 |
1 |
0 |
0 |
T15 |
1 |
1 |
0 |
0 |
T16 |
1 |
1 |
0 |
0 |
T19 |
1 |
1 |
0 |
0 |
ValidRound_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
663 |
663 |
0 |
0 |
T1 |
1 |
1 |
0 |
0 |
T2 |
1 |
1 |
0 |
0 |
T3 |
1 |
1 |
0 |
0 |
T4 |
1 |
1 |
0 |
0 |
T12 |
1 |
1 |
0 |
0 |
T13 |
1 |
1 |
0 |
0 |
T14 |
1 |
1 |
0 |
0 |
T15 |
1 |
1 |
0 |
0 |
T16 |
1 |
1 |
0 |
0 |
T19 |
1 |
1 |
0 |
0 |
ValidW_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
663 |
663 |
0 |
0 |
T1 |
1 |
1 |
0 |
0 |
T2 |
1 |
1 |
0 |
0 |
T3 |
1 |
1 |
0 |
0 |
T4 |
1 |
1 |
0 |
0 |
T12 |
1 |
1 |
0 |
0 |
T13 |
1 |
1 |
0 |
0 |
T14 |
1 |
1 |
0 |
0 |
T15 |
1 |
1 |
0 |
0 |
T16 |
1 |
1 |
0 |
0 |
T19 |
1 |
1 |
0 |
0 |
ValidWidth_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
663 |
663 |
0 |
0 |
T1 |
1 |
1 |
0 |
0 |
T2 |
1 |
1 |
0 |
0 |
T3 |
1 |
1 |
0 |
0 |
T4 |
1 |
1 |
0 |
0 |
T12 |
1 |
1 |
0 |
0 |
T13 |
1 |
1 |
0 |
0 |
T14 |
1 |
1 |
0 |
0 |
T15 |
1 |
1 |
0 |
0 |
T16 |
1 |
1 |
0 |
0 |
T19 |
1 |
1 |
0 |
0 |