comments added

2025-04-22 21:27:10 -04:00 · 2025-02-12 10:26:46 +05:00 · 2025-02-12 10:26:46 +05:00 · 0d44909e17
commit 0d44909e17
parent a68a3e92fa
4 changed files with 34 additions and 7 deletions
--- a/core/alu.sv
+++ b/core/alu.sv
@ -309,23 +309,32 @@ module alu
        assign unzip_gen[n] = fu_data_i.operand_a[n<<1];
        assign unzip_gen[n+16] = fu_data_i.operand_a[(n<<1)+1];
      end
+    // AES 32-bit final round encryption by applying rotations and the forward sbox to a single byte of rs2 based on the MSB byte of the instruction itself  
    assign aes32esi_gen = (fu_data_i.operand_a ^ ({24'b0, aes_sbox_fwd((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))} << {orig_instr_aes[5:4], 3'b000}) | ({24'b0, aes_sbox_fwd((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))} >> (32 - {orig_instr_aes[5:4], 3'b000})));
+    // AES 32-bit middle round encryption by applying rotations, forward mix-columns and the forward sbox to a single byte of rs2 based on the MSB byte of the instruction itself
    assign aes32esmi_gen = fu_data_i.operand_a ^ ((aes_mixcolumn_fwd({24'h000000, aes_sbox_fwd((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))}) << {orig_instr_aes[5:4], 3'b000}) | (aes_mixcolumn_fwd({24'h000000, aes_sbox_fwd((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))}) >> (32 - {orig_instr_aes[5:4], 3'b000})));
+    // AES 32-bit final round decryption by applying rotations and the inverse sbox to a single byte of rs2 based on the MSB byte of the instruction itself
    assign aes32dsi_gen = (fu_data_i.operand_a ^ ({24'b0, aes_sbox_inv((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))} << {orig_instr_aes[5:4], 3'b000}) | ({24'b0, aes_sbox_inv((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))} >> (32 - {orig_instr_aes[5:4], 3'b000})));
+    // AES 32-bit middle round decryption by applying rotations, inverse mix-columns and the inverse sbox to a single byte of rs2 based on the MSB byte of the instruction itself
    assign aes32dsmi_gen = fu_data_i.operand_a ^ ((aes_mixcolumn_inv({24'h000000, aes_sbox_inv((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))}) << {orig_instr_aes[5:4], 3'b000}) | (aes_mixcolumn_inv({24'h000000, aes_sbox_inv((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))}) >> (32 - {orig_instr_aes[5:4], 3'b000})));
    end
    else if (CVA6Cfg.IS_XLEN64) begin
-      // Shift rows step
+      // AES Shift rows forward and inverse step
      assign sr = {fu_data_i.operand_a[31:24], fu_data_i.operand_b[55:48], fu_data_i.operand_b[15:8], fu_data_i.operand_a[39:32], fu_data_i.operand_b[63:56], fu_data_i.operand_b[23:16], fu_data_i.operand_a[47:40], fu_data_i.operand_a[7:0]};
      assign sr_inv = {fu_data_i.operand_b[31:24], fu_data_i.operand_b[55:48], fu_data_i.operand_a[15:8], fu_data_i.operand_a[39:32], fu_data_i.operand_a[63:56], fu_data_i.operand_b[23:16], fu_data_i.operand_b[47:40], fu_data_i.operand_a[7:0]};
-      // AES64 results
+      // AES 64-bit final round encryption by applying forward shift-rows and the forward sbox to each byte
      assign aes64es_gen = {aes_sbox_fwd(sr[63:56]), aes_sbox_fwd(sr[55:48]), aes_sbox_fwd(sr[47:40]), aes_sbox_fwd(sr[39:32]), aes_sbox_fwd(sr[31:24]), aes_sbox_fwd(sr[23:16]), aes_sbox_fwd(sr[15:8]),  aes_sbox_fwd(sr[7:0])};
+      // AES 64-bit middle round encryption by applying forward shift-rows, forward sbox and forward mix-columns to all bytes
      assign aes64esm_gen = {aes_mixcolumn_fwd(aes64es_gen[63:32]), aes_mixcolumn_fwd(aes64es_gen[31:0])};
+      // AES 64-bit final round decryption by applying inverse shift-rows and the inverse sbox to each byte
      assign aes64ds_gen = {aes_sbox_inv(sr_inv[63:56]), aes_sbox_inv(sr_inv[55:48]), aes_sbox_inv(sr_inv[47:40]), aes_sbox_inv(sr_inv[39:32]), aes_sbox_inv(sr_inv[31:24]), aes_sbox_inv(sr_inv[23:16]), aes_sbox_inv(sr_inv[15:8]),  aes_sbox_inv(sr_inv[7:0])};
+      // AES 64-bit middle round decryption by applying inverse shift-rows, inverse sbox and inverse mix-columns to all bytes
      assign aes64dsm_gen = {aes_mixcolumn_inv(aes64ds_gen[63:32]), aes_mixcolumn_inv(aes64ds_gen[31:0])};
+      // AES 64-bit keySchedule decryption by applying inverse mix-columns on rs1 
      assign aes64im_gen = {aes_mixcolumn_inv(fu_data_i.operand_a[63:32]), aes_mixcolumn_inv(fu_data_i.operand_a[31:0])};
-      // AES Key Schedule results
+      // AES Key Schedule part by XORing different slices of rs1 and rs2 
      assign aes64ks2_gen = {(fu_data_i.operand_a[63:32] ^ fu_data_i.operand_b[31:0] ^ fu_data_i.operand_b[63:32]), (fu_data_i.operand_a[63:32] ^ fu_data_i.operand_b[31:0])};      
+      // AES Key Schedule part by substituting round constant based on round number(from instruction), rotations and forward subword substitutions
      assign aes64ks1i_gen = (orig_instr_aes[3:0] <= 4'hA) ? {((aes_subword_fwd((orig_instr_aes[3:0] == 4'hA) ? fu_data_i.operand_a[63:32] : ((fu_data_i.operand_a[63:32] >> 8) | (fu_data_i.operand_a[63:32] << 24)))) ^ (aes_decode_rcon(orig_instr_aes[3:0]))), ((aes_subword_fwd((orig_instr_aes[3:0] == 4'hA) ? fu_data_i.operand_a[63:32] : ((fu_data_i.operand_a[63:32] >> 8) | (fu_data_i.operand_a[63:32] << 24)))) ^ (aes_decode_rcon(orig_instr_aes[3:0])))} : 64'h0;
    end
  end
--- a/core/ex_stage.sv
+++ b/core/ex_stage.sv
@ -727,4 +727,24 @@ module ex_stage
    assign gpaddr_to_be_flushed               = '0;
  end

+  // // ----------------
+  // // Scalar Cryptography Unit
+  // // ----------------
+  // generate
+  //   if (CVA6Cfg.ZKN) begin : crypto_gen
+  //       crypto_fu #(
+  //     .CVA6Cfg  (CVA6Cfg),
+  //     .fu_data_t(fu_data_t)
+  // ) crypto_fu_i (
+  //     .clk_i,
+  //     .rst_ni,
+  //     .fu_data_i       (one_cycle_data),
+  //     .result_o        (crypto_result),
+  //     .orig_instr_aes  (orig_instr_aes_i)
+  // );
+  //   end else begin : no_crypto_gen
+
+  //   end
+  // endgenerate
+
 endmodule
--- a/core/include/ariane_pkg.sv
+++ b/core/include/ariane_pkg.sv
@ -903,6 +903,7 @@ package ariane_pkg;
    end
    return result;
  endfunction
+  // AES Sbox implementation based on https://github.com/riscv/riscv-crypto
  // AES Sbox Forward
  function automatic logic [7:0] aes_sbox_fwd(input logic [7:0] in_byte);
    logic [20:0] expanded;
--- a/verif/sim/cva6.py
+++ b/verif/sim/cva6.py
@ -887,10 +887,7 @@ def load_config(args, cwd):
    elif base in ("cv64a6_imafdc_sv39_wb"):
      args.mabi = "lp64d"
      args.isa  = "rv64gc_zba_zbb_zbs_zbc"
-    elif base in ("cv64a6_imafdc_sv39_hpdcache_wb"):
-      args.mabi = "lp64d"
-      args.isa  = "rv64gc_zba_zbb_zbs_zbc"
-    elif base in ("cv64a6_imafdc_sv39", "cv64a6_imafdc_sv39_hpdcache"):
+    elif base in ("cv64a6_imafdc_sv39", "cv64a6_imafdc_sv39_hpdcache", "cv64a6_imafdc_sv39_hpdcache_wb"):
      args.mabi = "lp64d"
      args.isa  = "rv64gc_zba_zbb_zbs_zbc_zbkb_zbkx_zkne_zknd"
    elif base == "cv32a60x":