Adding support for Scalar Cryptography Extension (Crossbar permutation instructions, Zbkx)

core/alu.sv

@@ -34,7 +34,9 @@ module alu
     // ALU result - ISSUE_STAGE
     output logic [CVA6Cfg.XLEN-1:0] result_o,
     // ALU branch compare result - branch_unit
-    output logic alu_branch_res_o
+    output logic alu_branch_res_o,
+    // Original instruction AES bits
+    input  logic [5:0] orig_instr_aes
 );
 
   logic [CVA6Cfg.XLEN-1:0] operand_a_rev;
@@ -54,6 +56,25 @@ module alu
   logic [CVA6Cfg.XLEN-1:0] brev8_reversed;
   logic [            31:0] unzip_gen;
   logic [            31:0] zip_gen;
+  logic [CVA6Cfg.XLEN-1:0] xperm8_result;
+  logic [CVA6Cfg.XLEN-1:0] xperm4_result;
+  logic [            63:0] sr;
+  logic [            31:0] aes32esi_gen;
+  logic [            31:0] aes32esmi_gen;
+  logic [            63:0] aes64es_gen;
+  logic [            63:0] aes64esm_gen;
+  logic [            31:0] aes32dsi_gen;
+  logic [            31:0] aes32dsmi_gen;
+  logic [            63:0] sr_inv;
+  logic [            63:0] aes64ds_gen;
+  logic [            63:0] aes64dsm_gen;
+  logic [            63:0] aes64im_gen;
+  // logic [            31:0] tmp1;
+  // logic [            31:0] tmp2;
+  // logic [            31:0] tmp3;
+  // logic [            31:0] rc;
+  // logic [            63:0] aes64ks1i_gen;
+  logic [            63:0] aes64ks2_gen;
   // bit reverse operand_a for left shifts and bit counting
   generate
     genvar k;
@@ -268,16 +289,22 @@ module alu
 
   // ZKN gen block
   if (CVA6Cfg.ZKN && CVA6Cfg.RVB) begin : zkn_gen_block
-    genvar i, m, n;
-    // Generate brev8_reversed by reversing bits within each byte
-    for (i = 0; i < (CVA6Cfg.XLEN / 8); i++) begin : brev8_gen
+    genvar i, m, n, q;
+    for (i = 0; i < (CVA6Cfg.XLEN / 8); i++) begin : brev8_xperm8_gen
+      // Generating xperm8_result by extracting bytes from operand a based on indices from operand b
+      assign xperm8_result[i << 3 +: 8] = (fu_data_i.operand_b[i << 3 +: 8] < (CVA6Cfg.XLEN / 8)) ? fu_data_i.operand_a[fu_data_i.operand_b[i << 3 +: 8] << 3 +: 8] : 8'b0;
+      // Generate brev8_reversed by reversing bits within each byte
       for (m = 0; m < 8; m++) begin : reverse_bits
         // Reversing the order of bits within a single byte
         assign brev8_reversed[(i<<3)+m] = fu_data_i.operand_a[(i<<3)+(7-m)];
       end
     end
-    // Generate zip and unzip results
+    for (q = 0; q < (CVA6Cfg.XLEN / 4); q++) begin : xperm4_gen
+      // Generating xperm4_result by extracting nibbles from operand a based on indices from operand b
+      assign xperm4_result[q << 2 +: 4] = (fu_data_i.operand_b[q << 2 +: 4] < (CVA6Cfg.XLEN / 4)) ? fu_data_i.operand_a[{2'b0, fu_data_i.operand_b[q << 2 +: 4]} << 2 +: 4] : 4'b0;
+    end
     if (CVA6Cfg.IS_XLEN32) begin
+      // Generate zip and unzip results
       for (n = 0; n < 16; n++) begin : zip_unzip_gen
         // Assigning lower and upper half of operand into the even and odd positions of result
         assign zip_gen[n<<1] = fu_data_i.operand_a[n];
@@ -286,6 +313,28 @@ module alu
         assign unzip_gen[n] = fu_data_i.operand_a[n<<1];
         assign unzip_gen[n+16] = fu_data_i.operand_a[(n<<1)+1];
       end
+    assign aes32esi_gen = (fu_data_i.operand_a ^ ({24'b0, aes_sbox_fwd((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))} << {orig_instr_aes[5:4], 3'b000}) | ({24'b0, aes_sbox_fwd((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))} >> (32 - {orig_instr_aes[5:4], 3'b000})));
+    assign aes32esmi_gen = fu_data_i.operand_a ^ ((aes_mixcolumn_fwd({24'h000000, aes_sbox_fwd((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))}) << {orig_instr_aes[5:4], 3'b000}) | (aes_mixcolumn_fwd({24'h000000, aes_sbox_fwd((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))}) >> (32 - {orig_instr_aes[5:4], 3'b000})));
+    assign aes32dsi_gen = (fu_data_i.operand_a ^ ({24'b0, aes_sbox_inv((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))} << {orig_instr_aes[5:4], 3'b000}) | ({24'b0, aes_sbox_inv((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))} >> (32 - {orig_instr_aes[5:4], 3'b000})));
+    assign aes32dsmi_gen = fu_data_i.operand_a ^ ((aes_mixcolumn_inv({24'h000000, aes_sbox_inv((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))}) << {orig_instr_aes[5:4], 3'b000}) | (aes_mixcolumn_inv({24'h000000, aes_sbox_inv((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))}) >> (32 - {orig_instr_aes[5:4], 3'b000})));
+    end
+    else if (CVA6Cfg.IS_XLEN64) begin
+      // Shift rows step
+      assign sr = {fu_data_i.operand_a[31:24], fu_data_i.operand_b[55:48], fu_data_i.operand_b[15:8], fu_data_i.operand_a[39:32], fu_data_i.operand_b[63:56], fu_data_i.operand_b[23:16], fu_data_i.operand_a[47:40], fu_data_i.operand_a[7:0]};
+      assign sr_inv = {fu_data_i.operand_b[31:24], fu_data_i.operand_b[55:48], fu_data_i.operand_a[15:8], fu_data_i.operand_a[39:32], fu_data_i.operand_a[63:56], fu_data_i.operand_b[23:16], fu_data_i.operand_b[47:40], fu_data_i.operand_a[7:0]};
+      // AES64 encryption results
+      assign aes64es_gen = {aes_sbox_fwd(sr[63:56]), aes_sbox_fwd(sr[55:48]), aes_sbox_fwd(sr[47:40]), aes_sbox_fwd(sr[39:32]), aes_sbox_fwd(sr[31:24]), aes_sbox_fwd(sr[23:16]), aes_sbox_fwd(sr[15:8]),  aes_sbox_fwd(sr[7:0])};
+      assign aes64esm_gen = {aes_mixcolumn_fwd(aes64es_gen[63:32]), aes_mixcolumn_fwd(aes64es_gen[31:0])};
+      assign aes64ds_gen = {aes_sbox_inv(sr_inv[63:56]), aes_sbox_inv(sr_inv[55:48]), aes_sbox_inv(sr_inv[47:40]), aes_sbox_inv(sr_inv[39:32]), aes_sbox_inv(sr_inv[31:24]), aes_sbox_inv(sr_inv[23:16]), aes_sbox_inv(sr_inv[15:8]),  aes_sbox_inv(sr_inv[7:0])};
+      assign aes64dsm_gen = {aes_mixcolumn_inv(aes64ds_gen[63:32]), aes_mixcolumn_inv(aes64ds_gen[31:0])};
+      assign aes64im_gen = {aes_mixcolumn_inv(fu_data_i.operand_a[63:32]), aes_mixcolumn_inv(fu_data_i.operand_a[31:0])};
+      // AES Key Schedule results
+      assign aes64ks2_gen = {(fu_data_i.operand_a[63:32] ^ fu_data_i.operand_b[31:0] ^ fu_data_i.operand_b[63:32]), (fu_data_i.operand_a[63:32] ^ fu_data_i.operand_b[31:0])};
+      // assign tmp1 = fu_data_i.operand_a[63:32];
+      // assign rc = orig_instr_aes[3:0];
+      // assign tmp2 = (orig_instr_aes[3:0] == 4'hA) ? fu_data_i.operand_a[63:32] : ((fu_data_i.operand_a[63:32] >> 8) | (fu_data_i.operand_a[63:32] << 24));
+      // assign tmp3 = aes_subword_fwd(tmp2);
+      // assign aes64ks1i_gen = (orig_instr_aes[3:0] <= 4'hA) ? {(tmp3 ^ rc), (tmp3 ^ rc)} : 64'h0;
     end
   end
 
@@ -392,6 +441,8 @@ module alu
         PACK_H:
         result_o = (CVA6Cfg.IS_XLEN32) ? ({16'b0, fu_data_i.operand_b[7:0], fu_data_i.operand_a[7:0]}) : ({48'b0, fu_data_i.operand_b[7:0], fu_data_i.operand_a[7:0]});
         BREV8: result_o = brev8_reversed;
+        XPERM8: result_o = xperm8_result;
+        XPERM4: result_o = xperm4_result;
         default: ;
       endcase
       if (fu_data_i.operation == PACK_W && CVA6Cfg.IS_XLEN64)
@@ -400,6 +451,17 @@ module alu
         };
       if (fu_data_i.operation == UNZIP && CVA6Cfg.IS_XLEN32) result_o = unzip_gen;
       if (fu_data_i.operation == ZIP && CVA6Cfg.IS_XLEN32) result_o = zip_gen;
+      if (fu_data_i.operation == AES32ESI && CVA6Cfg.IS_XLEN32) result_o = aes32esi_gen;
+      if (fu_data_i.operation == AES32ESMI && CVA6Cfg.IS_XLEN32) result_o = aes32esmi_gen;
+      if (fu_data_i.operation == AES64ES && CVA6Cfg.IS_XLEN64) result_o = aes64es_gen;
+      if (fu_data_i.operation == AES64ESM && CVA6Cfg.IS_XLEN64) result_o = aes64esm_gen;
+      if (fu_data_i.operation == AES32DSI && CVA6Cfg.IS_XLEN32) result_o = aes32dsi_gen;
+      if (fu_data_i.operation == AES32DSMI && CVA6Cfg.IS_XLEN32) result_o = aes32dsmi_gen;
+      if (fu_data_i.operation == AES64DS && CVA6Cfg.IS_XLEN64) result_o = aes64ds_gen;
+      if (fu_data_i.operation == AES64DSM && CVA6Cfg.IS_XLEN64) result_o = aes64dsm_gen;
+      if (fu_data_i.operation == AES64IM && CVA6Cfg.IS_XLEN64) result_o = aes64im_gen;
+      //if (fu_data_i.operation == AES64KS1I && CVA6Cfg.IS_XLEN64) result_o = aes64ks1i_gen;
+      if (fu_data_i.operation == AES64KS2 && CVA6Cfg.IS_XLEN64) result_o = aes64ks2_gen;
     end
   end
 endmodule

core/cva6.sv

@@ -425,6 +425,7 @@ module cva6
   exception_t flu_exception_ex_id;
   // ALU
   logic [CVA6Cfg.NrIssuePorts-1:0] alu_valid_id_ex;
+  logic [5:0] orig_instr_aes;
   // Branches and Jumps
   logic [CVA6Cfg.NrIssuePorts-1:0] branch_valid_id_ex;
 
@@ -879,7 +880,8 @@ module cva6
       .stall_issue_o        (stall_issue),
       //RVFI
       .rvfi_issue_pointer_o (rvfi_issue_pointer),
-      .rvfi_commit_pointer_o(rvfi_commit_pointer)
+      .rvfi_commit_pointer_o(rvfi_commit_pointer),
+      .orig_instr_aes_bits(orig_instr_aes)
   );
 
   // ---------
@@ -918,6 +920,7 @@ module cva6
       .flu_ready_o(flu_ready_ex_id),
       // ALU
       .alu_valid_i(alu_valid_id_ex),
+      .orig_instr_aes_i(orig_instr_aes),
       // Branches and Jumps
       .branch_valid_i(branch_valid_id_ex),
       .branch_predict_i(branch_predict_id_ex),  // branch predict to ex

core/decoder.sv

@@ -461,7 +461,7 @@ module decoder
           // --------------------------------------------
           // Vectorial Floating-Point Reg-Reg Operations
           // --------------------------------------------
-          if (instr.rvftype.funct2 == 2'b10) begin  // Prefix 10 for all Xfvec ops
+          if (!CVA6Cfg.ZKN && instr.rvftype.funct2 == 2'b10) begin  // Prefix 10 for all Xfvec ops
             // only generate decoder if FP extensions are enabled (static)
             if (CVA6Cfg.FpPresent && CVA6Cfg.XFVec && fs_i != riscv::Off && ((CVA6Cfg.RVH && (!v_i || vfs_i != riscv::Off)) || !CVA6Cfg.RVH)) begin
               automatic logic allow_replication;  // control honoring of replication flag
@@ -782,6 +782,18 @@ module decoder
                   if (CVA6Cfg.ZKN) instruction_o.op = ariane_pkg::PACK_H;  //packh
                   else illegal_instr_bm = 1'b1;
                 end
+                {
+                  7'b001_0100, 3'b100
+                } : begin
+                  if (CVA6Cfg.ZKN) instruction_o.op = ariane_pkg::XPERM8;  // xperm8
+                  else illegal_instr_bm = 1'b1;
+                end
+                {
+                  7'b001_0100, 3'b010
+                } : begin
+                  if (CVA6Cfg.ZKN) instruction_o.op = ariane_pkg::XPERM4;  // xperm4
+                  else illegal_instr_bm = 1'b1;
+                end
                 // Zero Extend Op RV32 encoding
                 {
                   7'b000_0100, 3'b100
@@ -791,6 +803,52 @@ module decoder
                   else if (CVA6Cfg.ZKN) instruction_o.op = ariane_pkg::PACK;  // pack
                   else illegal_instr_bm = 1'b1;
                 end
+                {
+                  7'b001_1001, 3'b000
+                } : begin
+                  if (CVA6Cfg.ZKN) instruction_o.op = ariane_pkg::AES64ES;  // aes64es
+                  else illegal_instr_bm = 1'b1;
+                end
+                {
+                  7'b001_1011, 3'b000
+                } : begin
+                  if (CVA6Cfg.ZKN) instruction_o.op = ariane_pkg::AES64ESM;  // aes64esm
+                  else illegal_instr_bm = 1'b1;
+                end
+                {
+                  7'b011_1111, 3'b000
+                } : begin
+                  if (CVA6Cfg.ZKN) instruction_o.op = ariane_pkg::AES64KS2;  // aes64ks2
+                  else illegal_instr_bm = 1'b1;
+                end
+                {7'b0010001, 3'b000}, {7'b0110001, 3'b000}, {7'b1010001, 3'b000}, {7'b1110001, 3'b000}: begin
+                  if (CVA6Cfg.ZKN) instruction_o.op = ariane_pkg::AES32ESI;  // aes32esi
+                  else illegal_instr_bm = 1'b1;
+                end
+                {7'b0010011, 3'b000}, {7'b0110011, 3'b000}, {7'b1010011, 3'b000}, {7'b1110011, 3'b000}: begin
+                  if (CVA6Cfg.ZKN) instruction_o.op = ariane_pkg::AES32ESMI;  // aes32esmi
+                  else illegal_instr_bm = 1'b1;
+                end
+                {7'b0010101, 3'b000}, {7'b0110101, 3'b000}, {7'b1010101, 3'b000}, {7'b1110101, 3'b000}: begin
+                  if (CVA6Cfg.ZKN) instruction_o.op = ariane_pkg::AES32DSI;  // aes32dsi
+                  else illegal_instr_bm = 1'b1;
+                end
+                {7'b0010111, 3'b000}, {7'b0110111, 3'b000}, {7'b1010111, 3'b000}, {7'b1110111, 3'b000}: begin
+                  if (CVA6Cfg.ZKN) instruction_o.op = ariane_pkg::AES32DSMI;  // aes32dsmi
+                  else illegal_instr_bm = 1'b1;
+                end
+                {
+                  7'b001_1101, 3'b000
+                } : begin
+                  if (CVA6Cfg.ZKN) instruction_o.op = ariane_pkg::AES64DS;  // aes64ds
+                  else illegal_instr_bm = 1'b1;
+                end
+                {
+                  7'b001_1111, 3'b000
+                } : begin
+                  if (CVA6Cfg.ZKN) instruction_o.op = ariane_pkg::AES64DSM;  // aes64dsm
+                  else illegal_instr_bm = 1'b1;
+                end
                 default: begin
                   illegal_instr_bm = 1'b1;
                 end
@@ -921,6 +979,10 @@ module decoder
                 else if (instr.instr[31:26] == 6'b001010) instruction_o.op = ariane_pkg::BSETI;
                 else if (CVA6Cfg.ZKN && instr.instr[31:20] == 12'b000010001111)
                   instruction_o.op = ariane_pkg::ZIP;
+                // else if (CVA6Cfg.ZKN && instr.instr[31:24] == 8'b00110001)
+                //   instruction_o.op = ariane_pkg::AES64KS1I;
+                else if (CVA6Cfg.ZKN && instr.instr[31:20] == 12'b001100000000)
+                  instruction_o.op = ariane_pkg::AES64IM;
                 else illegal_instr_bm = 1'b1;
               end
               3'b101: begin

core/ex_stage.sv

@@ -228,7 +228,9 @@ module ex_stage
     // Information dedicated to RVFI - RVFI
     output lsu_ctrl_t rvfi_lsu_ctrl_o,
     // Information dedicated to RVFI - RVFI
-    output [CVA6Cfg.PLEN-1:0] rvfi_mem_paddr_o
+    output [CVA6Cfg.PLEN-1:0] rvfi_mem_paddr_o,
+    // Original instruction AES bits
+    input logic [5:0] orig_instr_aes_i
 );
 
   // -------------------------
@@ -301,7 +303,8 @@ module ex_stage
       .rst_ni,
       .fu_data_i       (one_cycle_data),
       .result_o        (alu_result),
-      .alu_branch_res_o(alu_branch_res)
+      .alu_branch_res_o(alu_branch_res),
+      .orig_instr_aes(orig_instr_aes_i)
   );
 
   // 2. Branch Unit (combinatorial)
@@ -468,7 +471,8 @@ module ex_stage
         .rst_ni,
         .fu_data_i       (alu2_data),
         .result_o        (alu2_result),
-        .alu_branch_res_o(  /* this ALU does not handle branching */)
+        .alu_branch_res_o(  /* this ALU does not handle branching */),
+        .orig_instr_aes()
     );
   end else begin
     assign alu2_data   = '0;