From cefa3ef2ca1b8246f9372ee4bc3396bd3ebc6a4e Mon Sep 17 00:00:00 2001 From: Michael Norris <“michnorris@microsoft.com”> Date: Wed, 18 Sep 2024 11:46:00 -0700 Subject: [PATCH 01/10] Moved most of SK to ram --- src/mldsa_top/rtl/mldsa_ctrl.sv | 140 ++++++++++++++++++++------ src/mldsa_top/rtl/mldsa_ctrl_pkg.sv | 10 +- src/mldsa_top/rtl/mldsa_params_pkg.sv | 10 +- src/mldsa_top/rtl/mldsa_seq_prim.sv | 2 +- src/mldsa_top/rtl/mldsa_seq_sec.sv | 2 +- src/sk_decode/rtl/skdecode_ctrl.sv | 23 +++-- src/sk_decode/rtl/skdecode_top.sv | 10 +- 7 files changed, 145 insertions(+), 52 deletions(-) diff --git a/src/mldsa_top/rtl/mldsa_ctrl.sv b/src/mldsa_top/rtl/mldsa_ctrl.sv index 8f3d7db..531840b 100644 --- a/src/mldsa_top/rtl/mldsa_ctrl.sv +++ b/src/mldsa_top/rtl/mldsa_ctrl.sv @@ -276,17 +276,114 @@ module mldsa_ctrl mldsa_reg_hwif_in.intr_block_rf.error_internal_intr_r.error_internal_sts.hwset = '0; //TODO mldsa_reg_hwif_in.intr_block_rf.notif_internal_intr_r.notif_cmd_done_sts.hwset = mldsa_status_done_p; end - - logic [1:0][10:0] skdecode_rdaddr; - logic [1:0] skdecode_rden; + + //Private Key External Memory + + //Request muxing + logic [1:0] sk_ram_we_bank, sk_ram_re_bank; + logic [1:0][SK_MEM_ADDR_W-1:0] sk_ram_waddr_bank, sk_ram_raddr_bank; + logic [1:0][DATA_WIDTH-1:0] sk_ram_wdata, sk_ram_rdata; + + logic [1:0] skencode_keymem_we_bank, pwr2rnd_keymem_we_bank, api_keymem_we_bank; + logic [SK_MEM_ADDR_W:0] api_keymem_waddr, api_keymem_raddr; + + logic [1:0] api_keymem_re_bank, api_keymem_re_bank_f; + logic [1:0] skdecode_re_bank; + logic [1:0][SK_MEM_ADDR_W:0] skdecode_rdaddr; + + logic api_keymem_wr_dec, api_sk_reg_wr_dec; + logic api_keymem_rd_dec, api_sk_reg_rd_dec; + logic [DATA_WIDTH-1:0] privkey_reg_rdata; + logic [DATA_WIDTH-1:0] privkey_out_rdata; + + always_comb api_keymem_waddr = PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.addr[12:2]; + always_comb api_keymem_raddr = PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.addr[12:2]; + + always_comb api_sk_reg_wr_dec = api_keymem_waddr inside {[31:0]}; + always_comb api_keymem_wr_dec = api_keymem_waddr inside {[PRIVKEY_NUM_DWORDS-1:32]}; + + always_comb api_sk_reg_rd_dec = api_keymem_waddr inside {[31:0]}; + always_comb api_keymem_rd_dec = api_keymem_waddr inside {[PRIVKEY_NUM_DWORDS-1:32]}; always_comb begin - for (int port = 0; port < 2; port++) begin - skdecode_rdaddr[port] = skdecode_keymem_if_i[port].addr[10:0]; - skdecode_rden[port] = skdecode_keymem_if_i[port].rd_wr_en == RW_READ; + for (int i = 0; i < 2; i++) begin + skencode_keymem_we_bank[i] = ((skencode_keymem_if_i.rd_wr_en == RW_WRITE) & (skencode_keymem_if_i.addr[0] == i)); + pwr2rnd_keymem_we_bank[i] = (pwr2rnd_keymem_if_i[i].rd_wr_en == RW_WRITE); + api_keymem_we_bank[i] = mldsa_reg_hwif_in.MLDSA_PRIVKEY_IN.wr_ack & mldsa_ready & api_keymem_wr_dec & (api_keymem_waddr[0] == i); + + sk_ram_we_bank[i] = skencode_keymem_we_bank[i] | pwr2rnd_keymem_we_bank[i] | api_keymem_we_bank[i]; + + sk_ram_waddr_bank[i] = ({SK_MEM_ADDR_W{skencode_keymem_we_bank[i]}} & skencode_keymem_if_i.addr[SK_MEM_ADDR_W:1]) | + ({SK_MEM_ADDR_W{pwr2rnd_keymem_we_bank[i]}} & pwr2rnd_keymem_if_i[i].addr[SK_MEM_ADDR_W:1] ) | + ({SK_MEM_ADDR_W{api_keymem_we_bank[i]}} & api_keymem_waddr[SK_MEM_ADDR_W:1]); + + sk_ram_wdata[i] = ({DATA_WIDTH{skencode_keymem_we_bank[i]}} & skencode_wr_data_i) | + ({DATA_WIDTH{pwr2rnd_keymem_we_bank[i]}} & pwr2rnd_wr_data_i[i]) | + ({DATA_WIDTH{api_keymem_we_bank[i]}} & mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.wr_data); + end + end + + always_comb begin + for (int i = 0; i < 2; i++) begin + api_keymem_re_bank[i] = mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr & + mldsa_valid_reg & keygen_process & + api_keymem_rd_dec & (api_keymem_raddr[0] == i); + + skdecode_re_bank[i] = (skdecode_keymem_if_i[i].rd_wr_en == RW_READ); + + skdecode_rdaddr[i] = skdecode_keymem_if_i[i].addr[SK_MEM_ADDR_W:0]; + + sk_ram_re_bank[i] = skdecode_re_bank[i] | api_keymem_re_bank[i]; + + sk_ram_raddr_bank[i] = ({SK_MEM_ADDR_W{skdecode_re_bank[i]}} & skdecode_rdaddr[i][SK_MEM_ADDR_W:1]) | + ({SK_MEM_ADDR_W{api_keymem_re_bank[i]}} & api_keymem_raddr[SK_MEM_ADDR_W:1]); + end end + always_ff @(posedge clk or negedge rst_b) begin + if (!rst_b) begin + api_keymem_re_bank_f <= '0; + end begin + api_keymem_re_bank_f <= api_keymem_re_bank; + end + end + + always_comb skdecode_rd_data_o = sk_ram_rdata; + always_comb privkey_out_rdata = {DATA_WIDTH{api_keymem_re_bank_f[0]}} & sk_ram_rdata[0] | + {DATA_WIDTH{api_keymem_re_bank_f[1]}} & sk_ram_rdata[1] | + {DATA_WIDTH{api_sk_reg_rd_dec}} & privkey_reg_rdata; + + `ABR_MEM + #( + .DEPTH(SK_MEM_BANK_DEPTH), + .DATA_WIDTH(DATA_WIDTH) + ) mldsa_sk_ram_bank0 + ( + .clk_i(clk), + .we_i(sk_ram_we_bank[0]), + .waddr_i(sk_ram_waddr_bank[0]), + .wdata_i(sk_ram_wdata[0]), + .re_i(sk_ram_re_bank[0]), + .raddr_i(sk_ram_raddr_bank[0]), + .rdata_o(sk_ram_rdata[0]) + ); + + `ABR_MEM + #( + .DEPTH(SK_MEM_BANK_DEPTH), + .DATA_WIDTH(DATA_WIDTH) + ) mldsa_sk_ram_bank1 + ( + .clk_i(clk), + .we_i(sk_ram_we_bank[1]), + .waddr_i(sk_ram_waddr_bank[1]), + .wdata_i(sk_ram_wdata[1]), + .re_i(sk_ram_re_bank[1]), + .raddr_i(sk_ram_raddr_bank[1]), + .rdata_o(sk_ram_rdata[1]) + ); + //Private Key External Memory always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin @@ -295,8 +392,8 @@ module mldsa_ctrl privatekey_reg <= '0; end else begin //SW write port - if (mldsa_reg_hwif_in.MLDSA_PRIVKEY_IN.wr_ack & mldsa_ready) begin - privatekey_reg.raw[PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.addr[12:2]] <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.wr_data; + if (mldsa_reg_hwif_in.MLDSA_PRIVKEY_IN.wr_ack & mldsa_ready & api_sk_reg_wr_dec) begin + privatekey_reg.raw[PRIVKEY_REG_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.addr[12:2]] <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.wr_data; end //HW write rho if (sampler_state_dv_i) begin @@ -316,35 +413,19 @@ module mldsa_ctrl privatekey_reg.enc.tr <= sampler_state_data_i[0][511:0]; end end - //HW write s1s2 - if (skencode_keymem_if_i.rd_wr_en == RW_WRITE) begin - privatekey_reg.enc.s1s2[skencode_keymem_if_i.addr[8:0]] <= skencode_wr_data_i; - end - //HW write t0 - if (pwr2rnd_keymem_if_i[0].rd_wr_en == RW_WRITE) begin - privatekey_reg.enc.t0[pwr2rnd_keymem_if_i[0].addr[9:1]] <= pwr2rnd_wr_data_i; //fixme one interface - end end end //private key read ports - logic [DATA_WIDTH-1:0] privkey_out_rdata; always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin - skdecode_rd_data_o <= '0; - privkey_out_rdata <= '0; + privkey_reg_rdata <= '0; end else if (zeroize) begin - skdecode_rd_data_o <= '0; - privkey_out_rdata <= '0; + privkey_reg_rdata <= '0; end else begin - for (int i = 0; i < 2; i++) begin - if (skdecode_rden[i]) begin - skdecode_rd_data_o[i] <= privatekey_reg.raw[skdecode_rdaddr[i]]; - end - end - if (mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr) begin - privkey_out_rdata <= privatekey_reg.raw[PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.addr[12:2]]; + if (mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr & api_sk_reg_rd_dec) begin + privkey_reg_rdata <= privatekey_reg.raw[PRIVKEY_REG_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.addr[12:2]]; end end end @@ -361,7 +442,8 @@ module mldsa_ctrl mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack <= 0; end else begin - mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr; + mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr & + mldsa_valid_reg & keygen_process; end end diff --git a/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv b/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv index e925e9d..24c8dec 100644 --- a/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv +++ b/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv @@ -35,6 +35,7 @@ package mldsa_ctrl_pkg; localparam SEED_NUM_DWORDS = 8; localparam MSG_NUM_DWORDS = 16; localparam PRIVKEY_NUM_DWORDS = 1224; + localparam PRIVKEY_REG_NUM_DWORDS = 32; localparam SIGN_RND_NUM_DWORDS = 8; localparam PUBKEY_NUM_DWORDS = 648; localparam PUBKEY_NUM_BYTES = PUBKEY_NUM_DWORDS * 4; @@ -49,9 +50,11 @@ package mldsa_ctrl_pkg; localparam T1_NUM_COEFF = 2048; localparam T1_COEFF_W = 10; + localparam SK_MEM_DEPTH = 1192; + localparam SK_MEM_BANK_DEPTH = 596; + localparam SK_MEM_ADDR_W = $clog2(SK_MEM_BANK_DEPTH); + typedef struct packed { - logic [415:0][63:0] t0; - logic [359:0][31:0] s1s2; logic [7:0][63:0] tr; logic [3:0][63:0] K; logic [3:0][63:0] rho; @@ -59,7 +62,7 @@ package mldsa_ctrl_pkg; typedef union packed { mldsa_privkey_t enc; - logic [PRIVKEY_NUM_DWORDS-1:0][31:0] raw; + logic [PRIVKEY_REG_NUM_DWORDS-1:0][31:0] raw; } mldsa_privkey_u; typedef struct packed { @@ -216,6 +219,7 @@ package mldsa_ctrl_pkg; //SK offsets in dwords localparam [MLDSA_OPR_WIDTH-1 : 0] MLDSA_SK_S1_OFFSET = 'd32; + localparam [MLDSA_OPR_WIDTH-1 : 0] MLDSA_SK_T0_OFFSET = 'd360; // MLDSA MEMORY LOCATIONS //COEFF DEPTH is 256/4 diff --git a/src/mldsa_top/rtl/mldsa_params_pkg.sv b/src/mldsa_top/rtl/mldsa_params_pkg.sv index e4d6c44..df1ac73 100644 --- a/src/mldsa_top/rtl/mldsa_params_pkg.sv +++ b/src/mldsa_top/rtl/mldsa_params_pkg.sv @@ -43,13 +43,13 @@ package mldsa_params_pkg; parameter MLDSA_MEM_DATA_WIDTH = COEFF_PER_CLK * MLDSA_Q_WIDTH; parameter MLDSA_MEM_ADDR_WIDTH = $clog2(MLDSA_MEM_MAX_DEPTH) + 3; //+ 3 bits for bank selection - parameter MLDSA_MEM_INST0_DEPTH = 1664; + parameter MLDSA_MEM_INST0_DEPTH = 1664; //19.5 KB parameter MLDSA_MEM_INST0_ADDR_W = $clog2(MLDSA_MEM_INST0_DEPTH); - parameter MLDSA_MEM_INST1_DEPTH = 576; + parameter MLDSA_MEM_INST1_DEPTH = 576; //6.75 KB parameter MLDSA_MEM_INST1_ADDR_W = $clog2(MLDSA_MEM_INST1_DEPTH); - parameter MLDSA_MEM_INST2_DEPTH = 1408; + parameter MLDSA_MEM_INST2_DEPTH = 1408; //16.5 KB parameter MLDSA_MEM_INST2_ADDR_W = $clog2(MLDSA_MEM_INST2_DEPTH); - parameter MLDSA_MEM_INST3_DEPTH = 128; + parameter MLDSA_MEM_INST3_DEPTH = 128; //1.5 KB parameter MLDSA_MEM_INST3_ADDR_W = $clog2(MLDSA_MEM_INST3_DEPTH); parameter MLDSA_KEYGEN = 3'b001; @@ -61,7 +61,7 @@ package mldsa_params_pkg; parameter [63 : 0] MLDSA_CORE_VERSION = 64'h0; //FIXME // Implementation parameters - parameter DATA_WIDTH = 32; + parameter DATA_WIDTH = 32; //Common structs typedef enum logic [1:0] {RW_IDLE = 2'b00, RW_READ = 2'b01, RW_WRITE = 2'b10} mem_rw_mode_e; diff --git a/src/mldsa_top/rtl/mldsa_seq_prim.sv b/src/mldsa_top/rtl/mldsa_seq_prim.sv index 19d59d1..03936b5 100644 --- a/src/mldsa_top/rtl/mldsa_seq_prim.sv +++ b/src/mldsa_top/rtl/mldsa_seq_prim.sv @@ -177,7 +177,7 @@ module mldsa_seq_prim //t ←NTT−1(Aˆ ◦NTT(s1))+s2 MLDSA_KG_S+ 94 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_7_BASE, operand3:MLDSA_T7_BASE}; //(t1,t0)←Power2Round(t,d) AND pk ←pkEncode(ρ,t1) - MLDSA_KG_S+ 95 : data_o <= '{opcode:MLDSA_UOP_PWR2RND, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_KG_S+ 95 : data_o <= '{opcode:MLDSA_UOP_PWR2RND, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_SK_T0_OFFSET}; //tr ←H(BytesToBits(pk),512) MLDSA_KG_S+ 96 : data_o <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:PUBKEY_NUM_BYTES, operand1:MLDSA_PK_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_TR_REG_ID}; //sk ←skEncode(ρ,K,tr,s1,s2,t0) diff --git a/src/mldsa_top/rtl/mldsa_seq_sec.sv b/src/mldsa_top/rtl/mldsa_seq_sec.sv index 9bea47c..536d32b 100644 --- a/src/mldsa_top/rtl/mldsa_seq_sec.sv +++ b/src/mldsa_top/rtl/mldsa_seq_sec.sv @@ -51,7 +51,7 @@ module mldsa_seq_sec MLDSA_RESET : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; //Signing initial steps start - MLDSA_SIGN_INIT_S : data_o <= '{opcode:MLDSA_UOP_SKDECODE, imm:'h0000, length:'d00, operand1:MLDSA_SK_S1_OFFSET, operand2:MLDSA_NOP, operand3:MLDSA_S1_0_BASE}; + MLDSA_SIGN_INIT_S : data_o <= '{opcode:MLDSA_UOP_SKDECODE, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_S1_0_BASE}; //NTT(t0) MLDSA_SIGN_INIT_S+1 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T0_BASE}; MLDSA_SIGN_INIT_S+2 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T1_BASE}; diff --git a/src/sk_decode/rtl/skdecode_ctrl.sv b/src/sk_decode/rtl/skdecode_ctrl.sv index 8604105..b271d48 100644 --- a/src/sk_decode/rtl/skdecode_ctrl.sv +++ b/src/sk_decode/rtl/skdecode_ctrl.sv @@ -61,7 +61,8 @@ module skdecode_ctrl logic last_poly_last_addr; logic skdecode_busy; logic [3:0] num_poly, num_inst; - mem_rw_mode_e mem_rw_mode, kmem_rw_mode; + mem_rw_mode_e mem_rw_mode, kmem_a_rw_mode; + mem_rw_mode_e kmem_b_rw_mode; logic [8:0] skdecode_count; logic [3:0] poly_count; logic s1s2_enable_fsm, t0_enable_fsm; @@ -234,7 +235,8 @@ module skdecode_ctrl read_fsm_state_ns = read_fsm_state_ps; incr_rd_addr = 'b0; rst_rd_addr = 'b0; - kmem_rw_mode = RW_IDLE; + kmem_a_rw_mode = RW_IDLE; + kmem_b_rw_mode = RW_IDLE; incr_stall_count = 'b0; rst_stall_count = 'b0; incr_skdec_count = 'b0; @@ -255,7 +257,8 @@ module skdecode_ctrl read_fsm_state_ns = arc_SKDEC_RD_S1_SKDEC_RD_STAGE ? SKDEC_RD_STAGE : SKDEC_RD_S1; incr_stall_count = 'b1; incr_rd_addr = ~s1s2_buf_stall_fsm; - kmem_rw_mode = ~s1s2_buf_stall_fsm ? RW_READ : RW_IDLE; + kmem_a_rw_mode = ~s1s2_buf_stall_fsm & ~kmem_rd_addr[0] ? RW_READ : RW_IDLE; + kmem_b_rw_mode = ~s1s2_buf_stall_fsm & kmem_rd_addr[0] ? RW_READ : RW_IDLE; incr_skdec_count = 'b1; s1s2_enable_fsm = 'b1; num_poly = MLDSA_L; @@ -265,7 +268,8 @@ module skdecode_ctrl read_fsm_state_ns = arc_SKDEC_RD_S2_SKDEC_RD_STAGE ? SKDEC_RD_STAGE : SKDEC_RD_S2; incr_stall_count = 'b1; incr_rd_addr = ~s1s2_buf_stall_fsm; - kmem_rw_mode = ~s1s2_buf_stall_fsm ? RW_READ : RW_IDLE; + kmem_a_rw_mode = ~s1s2_buf_stall_fsm & ~kmem_rd_addr[0] ? RW_READ : RW_IDLE; + kmem_b_rw_mode = ~s1s2_buf_stall_fsm & kmem_rd_addr[0] ? RW_READ : RW_IDLE; incr_skdec_count = 'b1; s1s2_enable_fsm = 'b1; num_poly = MLDSA_K; @@ -275,7 +279,8 @@ module skdecode_ctrl read_fsm_state_ns = arc_SKDEC_RD_T0_SKDEC_RD_STAGE ? SKDEC_RD_STAGE : SKDEC_RD_T0; incr_stall_count = 'b1; incr_rd_addr = ~t0_buf_stall; - kmem_rw_mode = ~t0_buf_stall ? RW_READ : RW_IDLE; + kmem_a_rw_mode = ~t0_buf_stall ? RW_READ : RW_IDLE; + kmem_b_rw_mode = ~t0_buf_stall ? RW_READ : RW_IDLE; incr_skdec_count = 'b1; t0_enable_fsm = 'b1; num_poly = MLDSA_K; @@ -360,11 +365,11 @@ module skdecode_ctrl mem_b_wr_req.addr = t0_mode ? mem_wr_addr : (s1_mode | s2_mode) ? (mem_wr_addr << 1) + 'h1 : 'h0; mem_b_wr_req.rd_wr_en = t0_mode & ~mem_a_wr_req.addr[0]? RW_IDLE : mem_rw_mode; - kmem_a_rd_req.addr = kmem_rd_addr; - kmem_a_rd_req.rd_wr_en = kmem_rw_mode; + kmem_a_rd_req.addr = t0_enable_fsm ? kmem_rd_addr : kmem_rd_addr; + kmem_a_rd_req.rd_wr_en = t0_enable_fsm ? kmem_a_rw_mode : kmem_a_rw_mode; - kmem_b_rd_req.addr = t0_enable_fsm ? kmem_rd_addr + 'h1 : 'h0; - kmem_b_rd_req.rd_wr_en = t0_enable_fsm ? kmem_rw_mode : RW_IDLE; + kmem_b_rd_req.addr = t0_enable_fsm ? kmem_rd_addr + 'h1 : kmem_rd_addr; + kmem_b_rd_req.rd_wr_en = t0_enable_fsm ? kmem_b_rw_mode : kmem_b_rw_mode; end diff --git a/src/sk_decode/rtl/skdecode_top.sv b/src/sk_decode/rtl/skdecode_top.sv index a09e34b..b15c2cc 100644 --- a/src/sk_decode/rtl/skdecode_top.sv +++ b/src/sk_decode/rtl/skdecode_top.sv @@ -86,6 +86,8 @@ module skdecode_top logic s1s2_buf_stall_reg; logic s1s2_buf_full; + logic s1s2_keymem_b_valid; + //Read address counters logic [MLDSA_MEM_ADDR_WIDTH-1:0] keymem_rd_addr, keymem_rd_addr_nxt; @@ -104,6 +106,7 @@ module skdecode_top mem_a_wr_data_reg <= 'h0; mem_b_wr_data_reg <= 'h0; t0_done_reg <= 'b0; + s1s2_keymem_b_valid <= 'b0; end else if (zeroize) begin s1s2_enable_reg <= 'h0; @@ -117,6 +120,7 @@ module skdecode_top mem_a_wr_data_reg <= 'h0; mem_b_wr_data_reg <= 'h0; t0_done_reg <= 'b0; + s1s2_keymem_b_valid <= 'b0; end else begin s1s2_enable_reg <= s1s2_enable; @@ -128,6 +132,7 @@ module skdecode_top mem_a_wr_data_reg <= mem_a_wr_data_int; mem_b_wr_data_reg <= mem_b_wr_data_int; t0_done_reg <= t0_done; + s1s2_keymem_b_valid <= s1s2_enable & (keymem_b_rd_req.rd_wr_en == RW_READ); end end @@ -142,10 +147,7 @@ module skdecode_top keymem_b_rd_data_reg <= 'h0; end else if (~t0_buf_full & ~s1s2_buf_full) begin - //Bit swizzle to match endianness - //Eg: sk dword = 0x01234567 - //To process, it needs to be 0x6745230 - keymem_a_rd_data_reg <= keymem_a_rd_data; + keymem_a_rd_data_reg <= s1s2_keymem_b_valid ? keymem_b_rd_data: keymem_a_rd_data; keymem_b_rd_data_reg <= keymem_b_rd_data; end From 688cbec4aa9458fa0d6eba96d4beca268d36a5d5 Mon Sep 17 00:00:00 2001 From: Michael Norris <“michnorris@microsoft.com”> Date: Wed, 18 Sep 2024 11:51:22 -0700 Subject: [PATCH 02/10] testing sample buffer opt --- src/power2round/rtl/power2round_top.sv | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/power2round/rtl/power2round_top.sv b/src/power2round/rtl/power2round_top.sv index 3aa0ced..7f5322e 100644 --- a/src/power2round/rtl/power2round_top.sv +++ b/src/power2round/rtl/power2round_top.sv @@ -162,15 +162,15 @@ module power2round_top abr_sample_buffer #( - .NUM_WR(104), - .NUM_RD(64), - .BUFFER_DATA_W(1) + .NUM_WR(13), + .NUM_RD(8), + .BUFFER_DATA_W(8) ) sk_buffer_inst ( .clk(clk), .rst_b(reset_n), .zeroize(zeroize), - .data_valid_i({104{sk_buff_enable}}), + .data_valid_i({13{sk_buff_enable}}), .data_i(r0_packed_reg), .buffer_full_o(sk_buff_full), .data_valid_o(sk_buff_valid), From 3e745ccacaf687bbc0c2e529d4f40f50110b9262 Mon Sep 17 00:00:00 2001 From: Michael Norris <“michnorris@microsoft.com”> Date: Thu, 19 Sep 2024 10:39:26 -0700 Subject: [PATCH 03/10] updating registers with priority encodings to enforce mutex --- src/mldsa_top/rtl/mldsa_ctrl.sv | 115 ++++++++++++++-------------- src/mldsa_top/rtl/mldsa_ctrl_pkg.sv | 1 + 2 files changed, 58 insertions(+), 58 deletions(-) diff --git a/src/mldsa_top/rtl/mldsa_ctrl.sv b/src/mldsa_top/rtl/mldsa_ctrl.sv index 531840b..fd09add 100644 --- a/src/mldsa_top/rtl/mldsa_ctrl.sv +++ b/src/mldsa_top/rtl/mldsa_ctrl.sv @@ -109,7 +109,6 @@ module mldsa_ctrl output logic [7:0][T1_COEFF_W-1:0] pkdecode_rd_data_o, input logic pkdecode_done_i, - output logic sigdecode_h_enable_o, output logic [SIGNATURE_H_VALID_NUM_BYTES-1:0][7:0] signature_h_o, input logic sigdecode_h_invalid_i, @@ -285,7 +284,9 @@ module mldsa_ctrl logic [1:0][DATA_WIDTH-1:0] sk_ram_wdata, sk_ram_rdata; logic [1:0] skencode_keymem_we_bank, pwr2rnd_keymem_we_bank, api_keymem_we_bank; - logic [SK_MEM_ADDR_W:0] api_keymem_waddr, api_keymem_raddr; + logic [SK_MEM_ADDR_W:0] api_sk_waddr, api_sk_raddr; + logic [SK_MEM_ADDR_W:0] api_sk_mem_waddr, api_sk_mem_raddr; + logic [4:0] api_sk_reg_waddr, api_sk_reg_raddr; logic [1:0] api_keymem_re_bank, api_keymem_re_bank_f; logic [1:0] skdecode_re_bank; @@ -296,26 +297,32 @@ module mldsa_ctrl logic [DATA_WIDTH-1:0] privkey_reg_rdata; logic [DATA_WIDTH-1:0] privkey_out_rdata; - always_comb api_keymem_waddr = PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.addr[12:2]; - always_comb api_keymem_raddr = PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.addr[12:2]; + always_comb api_sk_waddr = PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.addr[12:2]; + always_comb api_sk_raddr = PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.addr[12:2]; + + always_comb api_sk_reg_wr_dec = api_sk_waddr inside {[0:31]}; + always_comb api_keymem_wr_dec = api_sk_waddr inside {[31:PRIVKEY_NUM_DWORDS-1]}; - always_comb api_sk_reg_wr_dec = api_keymem_waddr inside {[31:0]}; - always_comb api_keymem_wr_dec = api_keymem_waddr inside {[PRIVKEY_NUM_DWORDS-1:32]}; + always_comb api_sk_reg_rd_dec = api_sk_raddr inside {[0:31]}; + always_comb api_keymem_rd_dec = api_sk_raddr inside {[32:PRIVKEY_NUM_DWORDS-1]}; - always_comb api_sk_reg_rd_dec = api_keymem_waddr inside {[31:0]}; - always_comb api_keymem_rd_dec = api_keymem_waddr inside {[PRIVKEY_NUM_DWORDS-1:32]}; + assign api_sk_reg_waddr = api_sk_waddr[4:0]; + assign api_sk_reg_raddr = api_sk_raddr[4:0]; + + assign api_sk_mem_waddr = api_sk_waddr - 'd32; + assign api_sk_mem_raddr = api_sk_raddr - 'd32; always_comb begin for (int i = 0; i < 2; i++) begin skencode_keymem_we_bank[i] = ((skencode_keymem_if_i.rd_wr_en == RW_WRITE) & (skencode_keymem_if_i.addr[0] == i)); pwr2rnd_keymem_we_bank[i] = (pwr2rnd_keymem_if_i[i].rd_wr_en == RW_WRITE); - api_keymem_we_bank[i] = mldsa_reg_hwif_in.MLDSA_PRIVKEY_IN.wr_ack & mldsa_ready & api_keymem_wr_dec & (api_keymem_waddr[0] == i); + api_keymem_we_bank[i] = mldsa_reg_hwif_in.MLDSA_PRIVKEY_IN.wr_ack & mldsa_ready & api_keymem_wr_dec & (api_sk_mem_waddr[0] == i); sk_ram_we_bank[i] = skencode_keymem_we_bank[i] | pwr2rnd_keymem_we_bank[i] | api_keymem_we_bank[i]; sk_ram_waddr_bank[i] = ({SK_MEM_ADDR_W{skencode_keymem_we_bank[i]}} & skencode_keymem_if_i.addr[SK_MEM_ADDR_W:1]) | ({SK_MEM_ADDR_W{pwr2rnd_keymem_we_bank[i]}} & pwr2rnd_keymem_if_i[i].addr[SK_MEM_ADDR_W:1] ) | - ({SK_MEM_ADDR_W{api_keymem_we_bank[i]}} & api_keymem_waddr[SK_MEM_ADDR_W:1]); + ({SK_MEM_ADDR_W{api_keymem_we_bank[i]}} & api_sk_mem_waddr[SK_MEM_ADDR_W:1]); sk_ram_wdata[i] = ({DATA_WIDTH{skencode_keymem_we_bank[i]}} & skencode_wr_data_i) | ({DATA_WIDTH{pwr2rnd_keymem_we_bank[i]}} & pwr2rnd_wr_data_i[i]) | @@ -327,7 +334,7 @@ module mldsa_ctrl for (int i = 0; i < 2; i++) begin api_keymem_re_bank[i] = mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr & mldsa_valid_reg & keygen_process & - api_keymem_rd_dec & (api_keymem_raddr[0] == i); + api_keymem_rd_dec & (api_sk_mem_raddr[0] == i); skdecode_re_bank[i] = (skdecode_keymem_if_i[i].rd_wr_en == RW_READ); @@ -336,7 +343,7 @@ module mldsa_ctrl sk_ram_re_bank[i] = skdecode_re_bank[i] | api_keymem_re_bank[i]; sk_ram_raddr_bank[i] = ({SK_MEM_ADDR_W{skdecode_re_bank[i]}} & skdecode_rdaddr[i][SK_MEM_ADDR_W:1]) | - ({SK_MEM_ADDR_W{api_keymem_re_bank[i]}} & api_keymem_raddr[SK_MEM_ADDR_W:1]); + ({SK_MEM_ADDR_W{api_keymem_re_bank[i]}} & api_sk_mem_raddr[SK_MEM_ADDR_W:1]); end end @@ -344,7 +351,7 @@ module mldsa_ctrl always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin api_keymem_re_bank_f <= '0; - end begin + end else begin api_keymem_re_bank_f <= api_keymem_re_bank; end end @@ -391,33 +398,24 @@ module mldsa_ctrl end else if (zeroize) begin privatekey_reg <= '0; end else begin - //SW write port - if (mldsa_reg_hwif_in.MLDSA_PRIVKEY_IN.wr_ack & mldsa_ready & api_sk_reg_wr_dec) begin - privatekey_reg.raw[PRIVKEY_REG_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.addr[12:2]] <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.wr_data; - end - //HW write rho if (sampler_state_dv_i) begin if (instr.operand3 == MLDSA_DEST_K_RHO_REG_ID) begin + //HW write rho privatekey_reg.enc.rho <= sampler_state_data_i[0][255:0]; //FIXME optimize this to be shared with pubkey? - end - end - //HW write K - if (sampler_state_dv_i) begin - if (instr.operand3 == MLDSA_DEST_K_RHO_REG_ID) begin + //HW write K privatekey_reg.enc.K <= sampler_state_data_i[0][1023:768]; - end - end - //HW write tr - if (sampler_state_dv_i) begin - if (instr.operand3 == MLDSA_DEST_TR_REG_ID) begin + end else if (instr.operand3 == MLDSA_DEST_TR_REG_ID) begin + //HW write tr privatekey_reg.enc.tr <= sampler_state_data_i[0][511:0]; end + end else if (mldsa_reg_hwif_in.MLDSA_PRIVKEY_IN.wr_ack & mldsa_ready & api_sk_reg_wr_dec) begin + //SW write port + privatekey_reg.raw[api_sk_reg_waddr] <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.wr_data; end end end //private key read ports - always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin privkey_reg_rdata <= '0; @@ -425,7 +423,7 @@ module mldsa_ctrl privkey_reg_rdata <= '0; end else begin if (mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr & api_sk_reg_rd_dec) begin - privkey_reg_rdata <= privatekey_reg.raw[PRIVKEY_REG_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.addr[12:2]]; + privkey_reg_rdata <= privatekey_reg.raw[api_sk_reg_raddr]; end end end @@ -442,12 +440,11 @@ module mldsa_ctrl mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack <= 0; end else begin - mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr & - mldsa_valid_reg & keygen_process; + mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr; end end - always_comb mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_data = mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack ? privkey_out_rdata : 0; + always_comb mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_data = mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack & mldsa_valid_reg & keygen_process ? privkey_out_rdata : 0; //No write to PRIVKEY_OUT allowed - just ack it assign mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.wr_ack = mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr; @@ -469,19 +466,21 @@ module mldsa_ctrl if (instr.operand3 == MLDSA_DEST_SIG_C_REG_ID) begin signature_reg.enc.c <= sampler_state_data_i[0][511:0]; end - end - //HW write z - for (int chunk = 0; chunk < 224; chunk++) begin - if ((sigencode_wr_req_i.rd_wr_en == RW_WRITE) & (sigencode_wr_req_i.addr[8:1] == chunk)) begin - signature_reg.enc.z[chunk*5 +: 5] <= sigencode_wr_data_i; + end else if (sigencode_wr_req_i.rd_wr_en == RW_WRITE) begin + //HW write z + for (int chunk = 0; chunk < 224; chunk++) begin + if ((sigencode_wr_req_i.addr[8:1] == chunk)) begin + signature_reg.enc.z[chunk*5 +: 5] <= sigencode_wr_data_i; + end end - end - //HW write h - for (int dword = 0; dword < SIGNATURE_H_NUM_DWORDS; dword++) begin - if (set_signature_valid) begin - signature_reg.enc.h[dword] <= '0; - end else if (makehint_reg_wren_i & (makehint_reg_wr_addr_i == dword)) begin - signature_reg.enc.h[dword] <= signature_reg.enc.h[dword] | makehint_reg_wrdata_i; + end else if (set_signature_valid) begin + signature_reg.enc.h <= '0; + end else if (makehint_reg_wren_i) begin + //HW write h + for (int dword = 0; dword < SIGNATURE_H_NUM_DWORDS; dword++) begin + if ((makehint_reg_wr_addr_i == dword)) begin + signature_reg.enc.h[dword] <= signature_reg.enc.h[dword] | makehint_reg_wrdata_i; + end end end end @@ -516,21 +515,21 @@ module mldsa_ctrl end else if (zeroize) begin publickey_reg <= '0; end else begin - for (int dword = 0; dword < PUBKEY_NUM_DWORDS; dword++) begin - if (mldsa_ready & mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req & mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req_is_wr) begin - publickey_reg.raw[PUBKEY_NUM_DWORDS-1-dword] <= mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].wr_data; - end - end //HW write rho - if (sampler_state_dv_i) begin - if (instr.operand3 == MLDSA_DEST_K_RHO_REG_ID) begin - publickey_reg.enc.rho <= sampler_state_data_i[0][255:0]; + if (sampler_state_dv_i & (instr.operand3 == MLDSA_DEST_K_RHO_REG_ID)) begin + publickey_reg.enc.rho <= sampler_state_data_i[0][255:0]; + end else if (pk_t1_wren_i) begin + //HW write t1 + for (int coeff = 0; coeff < T1_NUM_COEFF; coeff++) begin + if ((pk_t1_wr_addr_i == coeff[10:3])) begin //pubkey t1 write interface + publickey_reg.enc.t1[coeff] <= pk_t1_wrdata_i[coeff[2:0]]; + end end - end - //HW write t1 - for (int coeff = 0; coeff < T1_NUM_COEFF; coeff++) begin - if (pk_t1_wren_i & (pk_t1_wr_addr_i == coeff[10:3])) begin //pubkey t1 write interface - publickey_reg.enc.t1[coeff] <= pk_t1_wrdata_i[coeff[2:0]]; + end else if (mldsa_ready) begin + for (int dword = 0; dword < PUBKEY_NUM_DWORDS; dword++) begin + if (mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req & mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req_is_wr) begin + publickey_reg.raw[PUBKEY_NUM_DWORDS-1-dword] <= mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].wr_data; + end end end end diff --git a/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv b/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv index 24c8dec..e46194d 100644 --- a/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv +++ b/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv @@ -36,6 +36,7 @@ package mldsa_ctrl_pkg; localparam MSG_NUM_DWORDS = 16; localparam PRIVKEY_NUM_DWORDS = 1224; localparam PRIVKEY_REG_NUM_DWORDS = 32; + localparam PRIVKEY_MEM_NUM_DWORDS = PRIVKEY_NUM_DWORDS - PRIVKEY_REG_NUM_DWORDS; localparam SIGN_RND_NUM_DWORDS = 8; localparam PUBKEY_NUM_DWORDS = 648; localparam PUBKEY_NUM_BYTES = PUBKEY_NUM_DWORDS * 4; From 0ec29c0c88e2fff285743ed6d66dfc5a52922d93 Mon Sep 17 00:00:00 2001 From: Michael Norris <“michnorris@microsoft.com”> Date: Fri, 20 Sep 2024 12:11:35 -0700 Subject: [PATCH 04/10] moving sig z to memory --- src/abr_libs/config/compile.yml | 4 + src/abr_libs/rtl/abr_1r1w_512x4_ram.sv | 47 +++ src/abr_libs/rtl/abr_1r1w_be_ram.sv | 51 ++++ src/mldsa_top/rtl/config_defines.svh | 15 +- src/mldsa_top/rtl/mldsa_ctrl.sv | 170 ++++++++--- src/mldsa_top/rtl/mldsa_ctrl_pkg.sv | 21 +- src/mldsa_top/rtl/mldsa_params_pkg.sv | 1 + src/mldsa_top/rtl/mldsa_reg.rdl | 15 +- src/mldsa_top/rtl/mldsa_reg.sv | 287 ++++++++++-------- src/mldsa_top/rtl/mldsa_reg_pkg.sv | 9 +- src/mldsa_top/rtl/mldsa_reg_uvm.sv | 51 ++-- src/mldsa_top/rtl/mldsa_top.sv | 42 +-- .../src/ML_DSA_randomized_all_sequence.svh | 14 +- ...A_randomized_key_gen_and_sign_sequence.svh | 4 +- .../ML_DSA_randomized_sign_gen_sequence.svh | 4 +- .../src/ML_DSA_randomized_verif_sequence.svh | 10 +- .../src/ML_DSA_randomized_verif_test.yml | 2 +- .../mldsa/tb/tests/src/abr_example_test.yml | 16 +- .../registers/mldsa_reg_covergroups.svh | 20 -- .../registers/mldsa_reg_sample.svh | 25 -- .../mldsa_env_pkg/registers/mldsa_reg_uvm.sv | 51 ++-- .../mldsa_env_pkg/src/mldsa_predictor.svh | 67 ++-- src/sigdecode_h/rtl/sigdecode_h_ctrl.sv | 2 +- src/sk_decode/rtl/skdecode_top.sv | 16 +- 24 files changed, 547 insertions(+), 397 deletions(-) create mode 100644 src/abr_libs/rtl/abr_1r1w_512x4_ram.sv create mode 100644 src/abr_libs/rtl/abr_1r1w_be_ram.sv diff --git a/src/abr_libs/config/compile.yml b/src/abr_libs/config/compile.yml index 042dc17..046cbac 100644 --- a/src/abr_libs/config/compile.yml +++ b/src/abr_libs/config/compile.yml @@ -10,6 +10,8 @@ targets: - $COMPILE_ROOT/rtl/abr_sva.svh - $COMPILE_ROOT/rtl/abr_macros.svh - $COMPILE_ROOT/rtl/abr_1r1w_ram.sv + - $COMPILE_ROOT/rtl/abr_1r1w_be_ram.sv + - $COMPILE_ROOT/rtl/abr_1r1w_512x4_ram.sv - $COMPILE_ROOT/rtl/abr_ram_regout.sv - $COMPILE_ROOT/rtl/abr_icg.sv - $COMPILE_ROOT/rtl/abr_2ff_sync.sv @@ -31,6 +33,8 @@ targets: - $COMPILE_ROOT/rtl/abr_sva.svh - $COMPILE_ROOT/rtl/abr_macros.svh - $COMPILE_ROOT/rtl/abr_1r1w_ram.sv + - $COMPILE_ROOT/rtl/abr_1r1w_be_ram.sv + - $COMPILE_ROOT/rtl/abr_1r1w_512x4_ram.sv - $COMPILE_ROOT/rtl/abr_ram_regout.sv - $COMPILE_ROOT/rtl/abr_icg.sv - $COMPILE_ROOT/rtl/abr_2ff_sync.sv diff --git a/src/abr_libs/rtl/abr_1r1w_512x4_ram.sv b/src/abr_libs/rtl/abr_1r1w_512x4_ram.sv new file mode 100644 index 0000000..58519b9 --- /dev/null +++ b/src/abr_libs/rtl/abr_1r1w_512x4_ram.sv @@ -0,0 +1,47 @@ +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +module abr_1r1w_512x4_ram #( + parameter DEPTH = 512 + ,parameter DATA_WIDTH = 4 + ,parameter ADDR_WIDTH = $clog2(DEPTH) + + ) + ( + input logic clk_i, + + input logic we_i, + input logic [ADDR_WIDTH-1:0] waddr_i, + input logic [DATA_WIDTH-1:0] wdata_i, + input logic re_i, + input logic [ADDR_WIDTH-1:0] raddr_i, + output logic [DATA_WIDTH-1:0] rdata_o + ); + + //storage element + logic [DEPTH-1:0][DATA_WIDTH-1:0] ram; + + always @(posedge clk_i) begin + if (we_i) begin + ram[waddr_i] <= wdata_i; + end + end + + always @(posedge clk_i) begin + if (re_i) begin + rdata_o <= ram[raddr_i]; + end + end + +endmodule diff --git a/src/abr_libs/rtl/abr_1r1w_be_ram.sv b/src/abr_libs/rtl/abr_1r1w_be_ram.sv new file mode 100644 index 0000000..2e8566a --- /dev/null +++ b/src/abr_libs/rtl/abr_1r1w_be_ram.sv @@ -0,0 +1,51 @@ +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +module abr_1r1w_be_ram #( + parameter DEPTH = 64 + ,parameter DATA_WIDTH = 32 + ,parameter STROBE_WIDTH = 8 + ,localparam ADDR_WIDTH = $clog2(DEPTH) + ) + ( + input logic clk_i, + + input logic we_i, + input logic [(DATA_WIDTH/STROBE_WIDTH)-1:0] wstrobe_i, + input logic [ADDR_WIDTH-1:0] waddr_i, + input logic [(DATA_WIDTH/STROBE_WIDTH)-1:0][STROBE_WIDTH-1:0] wdata_i, + input logic re_i, + input logic [ADDR_WIDTH-1:0] raddr_i, + output logic [DATA_WIDTH-1:0] rdata_o + ); + + //storage element + logic [(DATA_WIDTH/STROBE_WIDTH)-1:0][STROBE_WIDTH-1:0] ram [DEPTH-1:0]; + + always @(posedge clk_i) begin + if (we_i) begin + for (int i = 0; i < (DATA_WIDTH/STROBE_WIDTH); i++) begin + if (wstrobe_i[i]) + ram[waddr_i][i] <= wdata_i[i]; + end + end + end + + always @(posedge clk_i) begin + if (re_i) begin + rdata_o <= ram[raddr_i]; + end + end + +endmodule diff --git a/src/mldsa_top/rtl/config_defines.svh b/src/mldsa_top/rtl/config_defines.svh index 6a985c2..c4db129 100644 --- a/src/mldsa_top/rtl/config_defines.svh +++ b/src/mldsa_top/rtl/config_defines.svh @@ -16,6 +16,17 @@ `define ABR_CFG_SV `define ABR_ICG abr_clk_gate - `define ABR_MEM abr_1r1w_ram - + + `define ABR_MEM_TEST(_depth, _width) abr_1r1w_``_depth``x``_width``_ram + + `define ABR_MEM(_depth, _width) \ + abr_1r1w_ram \ + #( .DEPTH(``_depth``), \ + .DATA_WIDTH(``_width``)) + + `define ABR_MEM_BE(_depth, _width) \ + abr_1r1w_be_ram \ + #( .DEPTH(``_depth``), \ + .DATA_WIDTH(``_width``)) + `endif \ No newline at end of file diff --git a/src/mldsa_top/rtl/mldsa_ctrl.sv b/src/mldsa_top/rtl/mldsa_ctrl.sv index 531840b..c4e8a45 100644 --- a/src/mldsa_top/rtl/mldsa_ctrl.sv +++ b/src/mldsa_top/rtl/mldsa_ctrl.sv @@ -235,12 +235,6 @@ module mldsa_ctrl mldsa_reg_hwif_in.MLDSA_MSG[dword].MSG.hwclr = zeroize; end - for (int dword=0; dword < SIGNATURE_NUM_DWORDS; dword++)begin - mldsa_reg_hwif_in.MLDSA_SIGNATURE[dword].rd_ack = mldsa_reg_hwif_out.MLDSA_SIGNATURE[dword].req & ~mldsa_reg_hwif_out.MLDSA_SIGNATURE[dword].req_is_wr; //FIXME protect with signature done - mldsa_reg_hwif_in.MLDSA_SIGNATURE[dword].wr_ack = mldsa_reg_hwif_out.MLDSA_SIGNATURE[dword].req & mldsa_reg_hwif_out.MLDSA_SIGNATURE[dword].req_is_wr; //FIXME protect with busy - mldsa_reg_hwif_in.MLDSA_SIGNATURE[dword].rd_data = signature_reg.raw[SIGNATURE_NUM_DWORDS-1-dword]; - end - for (int dword=0; dword < SIGN_RND_NUM_DWORDS; dword++)begin sign_rnd_reg[dword] = mldsa_reg_hwif_out.MLDSA_SIGN_RND[SIGN_RND_NUM_DWORDS-1-dword].SIGN_RND.value; mldsa_reg_hwif_in.MLDSA_SIGN_RND[dword].SIGN_RND.hwclr = zeroize; @@ -285,7 +279,9 @@ module mldsa_ctrl logic [1:0][DATA_WIDTH-1:0] sk_ram_wdata, sk_ram_rdata; logic [1:0] skencode_keymem_we_bank, pwr2rnd_keymem_we_bank, api_keymem_we_bank; - logic [SK_MEM_ADDR_W:0] api_keymem_waddr, api_keymem_raddr; + logic [SK_MEM_ADDR_W:0] api_sk_waddr, api_sk_raddr; + logic [SK_MEM_ADDR_W:0] api_sk_mem_waddr, api_sk_mem_raddr; + logic [4:0] api_sk_reg_waddr, api_sk_reg_raddr; logic [1:0] api_keymem_re_bank, api_keymem_re_bank_f; logic [1:0] skdecode_re_bank; @@ -296,26 +292,32 @@ module mldsa_ctrl logic [DATA_WIDTH-1:0] privkey_reg_rdata; logic [DATA_WIDTH-1:0] privkey_out_rdata; - always_comb api_keymem_waddr = PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.addr[12:2]; - always_comb api_keymem_raddr = PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.addr[12:2]; + always_comb api_sk_waddr = PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.addr[12:2]; + always_comb api_sk_raddr = PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.addr[12:2]; + + always_comb api_sk_reg_wr_dec = api_sk_waddr inside {[0:31]}; + always_comb api_keymem_wr_dec = api_sk_waddr inside {[31:PRIVKEY_NUM_DWORDS-1]}; - always_comb api_sk_reg_wr_dec = api_keymem_waddr inside {[31:0]}; - always_comb api_keymem_wr_dec = api_keymem_waddr inside {[PRIVKEY_NUM_DWORDS-1:32]}; + always_comb api_sk_reg_rd_dec = api_sk_raddr inside {[0:31]}; + always_comb api_keymem_rd_dec = api_sk_raddr inside {[32:PRIVKEY_NUM_DWORDS-1]}; - always_comb api_sk_reg_rd_dec = api_keymem_waddr inside {[31:0]}; - always_comb api_keymem_rd_dec = api_keymem_waddr inside {[PRIVKEY_NUM_DWORDS-1:32]}; + assign api_sk_reg_waddr = api_sk_waddr[4:0]; + assign api_sk_reg_raddr = api_sk_raddr[4:0]; + + assign api_sk_mem_waddr = api_sk_waddr - 'd32; + assign api_sk_mem_raddr = api_sk_raddr - 'd32; always_comb begin for (int i = 0; i < 2; i++) begin skencode_keymem_we_bank[i] = ((skencode_keymem_if_i.rd_wr_en == RW_WRITE) & (skencode_keymem_if_i.addr[0] == i)); pwr2rnd_keymem_we_bank[i] = (pwr2rnd_keymem_if_i[i].rd_wr_en == RW_WRITE); - api_keymem_we_bank[i] = mldsa_reg_hwif_in.MLDSA_PRIVKEY_IN.wr_ack & mldsa_ready & api_keymem_wr_dec & (api_keymem_waddr[0] == i); + api_keymem_we_bank[i] = mldsa_reg_hwif_in.MLDSA_PRIVKEY_IN.wr_ack & mldsa_ready & api_keymem_wr_dec & (api_sk_mem_waddr[0] == i); sk_ram_we_bank[i] = skencode_keymem_we_bank[i] | pwr2rnd_keymem_we_bank[i] | api_keymem_we_bank[i]; sk_ram_waddr_bank[i] = ({SK_MEM_ADDR_W{skencode_keymem_we_bank[i]}} & skencode_keymem_if_i.addr[SK_MEM_ADDR_W:1]) | ({SK_MEM_ADDR_W{pwr2rnd_keymem_we_bank[i]}} & pwr2rnd_keymem_if_i[i].addr[SK_MEM_ADDR_W:1] ) | - ({SK_MEM_ADDR_W{api_keymem_we_bank[i]}} & api_keymem_waddr[SK_MEM_ADDR_W:1]); + ({SK_MEM_ADDR_W{api_keymem_we_bank[i]}} & api_sk_mem_waddr[SK_MEM_ADDR_W:1]); sk_ram_wdata[i] = ({DATA_WIDTH{skencode_keymem_we_bank[i]}} & skencode_wr_data_i) | ({DATA_WIDTH{pwr2rnd_keymem_we_bank[i]}} & pwr2rnd_wr_data_i[i]) | @@ -327,7 +329,7 @@ module mldsa_ctrl for (int i = 0; i < 2; i++) begin api_keymem_re_bank[i] = mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr & mldsa_valid_reg & keygen_process & - api_keymem_rd_dec & (api_keymem_raddr[0] == i); + api_keymem_rd_dec & (api_sk_mem_raddr[0] == i); skdecode_re_bank[i] = (skdecode_keymem_if_i[i].rd_wr_en == RW_READ); @@ -336,7 +338,7 @@ module mldsa_ctrl sk_ram_re_bank[i] = skdecode_re_bank[i] | api_keymem_re_bank[i]; sk_ram_raddr_bank[i] = ({SK_MEM_ADDR_W{skdecode_re_bank[i]}} & skdecode_rdaddr[i][SK_MEM_ADDR_W:1]) | - ({SK_MEM_ADDR_W{api_keymem_re_bank[i]}} & api_keymem_raddr[SK_MEM_ADDR_W:1]); + ({SK_MEM_ADDR_W{api_keymem_re_bank[i]}} & api_sk_mem_raddr[SK_MEM_ADDR_W:1]); end end @@ -344,7 +346,7 @@ module mldsa_ctrl always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin api_keymem_re_bank_f <= '0; - end begin + end else begin api_keymem_re_bank_f <= api_keymem_re_bank; end end @@ -354,11 +356,8 @@ module mldsa_ctrl {DATA_WIDTH{api_keymem_re_bank_f[1]}} & sk_ram_rdata[1] | {DATA_WIDTH{api_sk_reg_rd_dec}} & privkey_reg_rdata; - `ABR_MEM - #( - .DEPTH(SK_MEM_BANK_DEPTH), - .DATA_WIDTH(DATA_WIDTH) - ) mldsa_sk_ram_bank0 + `ABR_MEM(SK_MEM_BANK_DEPTH,DATA_WIDTH) + mldsa_sk_ram_bank0 ( .clk_i(clk), .we_i(sk_ram_we_bank[0]), @@ -369,11 +368,8 @@ module mldsa_ctrl .rdata_o(sk_ram_rdata[0]) ); - `ABR_MEM - #( - .DEPTH(SK_MEM_BANK_DEPTH), - .DATA_WIDTH(DATA_WIDTH) - ) mldsa_sk_ram_bank1 + `ABR_MEM(SK_MEM_BANK_DEPTH,DATA_WIDTH) + mldsa_sk_ram_bank1 ( .clk_i(clk), .we_i(sk_ram_we_bank[1]), @@ -393,7 +389,7 @@ module mldsa_ctrl end else begin //SW write port if (mldsa_reg_hwif_in.MLDSA_PRIVKEY_IN.wr_ack & mldsa_ready & api_sk_reg_wr_dec) begin - privatekey_reg.raw[PRIVKEY_REG_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.addr[12:2]] <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.wr_data; + privatekey_reg.raw[api_sk_reg_waddr] <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.wr_data; end //HW write rho if (sampler_state_dv_i) begin @@ -417,7 +413,6 @@ module mldsa_ctrl end //private key read ports - always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin privkey_reg_rdata <= '0; @@ -425,7 +420,7 @@ module mldsa_ctrl privkey_reg_rdata <= '0; end else begin if (mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr & api_sk_reg_rd_dec) begin - privkey_reg_rdata <= privatekey_reg.raw[PRIVKEY_REG_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.addr[12:2]]; + privkey_reg_rdata <= privatekey_reg.raw[api_sk_reg_raddr]; end end end @@ -440,28 +435,117 @@ module mldsa_ctrl always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack <= 0; + mldsa_reg_hwif_in.MLDSA_SIGNATURE.rd_ack <= 0; end else begin - mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr & - mldsa_valid_reg & keygen_process; + mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr; + mldsa_reg_hwif_in.MLDSA_SIGNATURE.rd_ack <= mldsa_reg_hwif_out.MLDSA_SIGNATURE.req & ~mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr; end end - always_comb mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_data = mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack ? privkey_out_rdata : 0; + always_comb mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_data = mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack & mldsa_valid_reg & keygen_process ? privkey_out_rdata : 0; //No write to PRIVKEY_OUT allowed - just ack it assign mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.wr_ack = mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr; - //Signature + //Signature external mem + logic sig_z_ram_we, sig_z_ram_re; + logic [SIG_Z_MEM_ADDR_W-1:0] sig_z_ram_waddr, sig_z_ram_raddr; + logic [SIG_Z_MEM_NUM_DWORD-1:0][31:0] sig_z_ram_wdata, sig_z_ram_rdata; + logic [SIG_Z_MEM_WSTROBE_W-1:0] sig_z_ram_wstrobe; + logic api_sig_z_dec, api_sig_h_dec, api_sig_c_dec; + logic api_sig_z_re, api_sig_z_re_f, api_sig_z_we; + logic [SIG_ADDR_W-1:0] api_sig_addr; + mldsa_signature_z_addr_t api_sig_z_addr; + logic [SIG_C_REG_ADDR_W-1:0] api_sig_c_addr; + logic [SIG_H_REG_ADDR_W-1:0] api_sig_h_addr; + logic [DATA_WIDTH-1:0] signature_reg_rdata; + + + always_ff @(posedge clk or negedge rst_b) begin + if (!rst_b) begin + api_sig_z_re_f <= '0; + end else begin + api_sig_z_re_f <= api_sig_z_re; + end + end + + always_comb api_sig_addr = SIGNATURE_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_SIGNATURE.addr[SIG_ADDR_W+1:2]; + + always_comb api_sig_c_dec = mldsa_reg_hwif_out.MLDSA_SIGNATURE.req & api_sig_addr inside {[0:SIGNATURE_C_NUM_DWORDS-1]}; + always_comb api_sig_z_dec = mldsa_reg_hwif_out.MLDSA_SIGNATURE.req & api_sig_addr inside {[SIGNATURE_C_NUM_DWORDS:SIGNATURE_C_NUM_DWORDS+SIGNATURE_Z_NUM_DWORDS-1]}; + always_comb api_sig_h_dec = mldsa_reg_hwif_out.MLDSA_SIGNATURE.req & api_sig_addr inside {[SIGNATURE_C_NUM_DWORDS+SIGNATURE_Z_NUM_DWORDS:SIGNATURE_NUM_DWORDS-1]}; + + always_comb api_sig_z_addr.addr = SIG_Z_MEM_ADDR_W'( (api_sig_addr - SIGNATURE_C_NUM_DWORDS)/SIG_Z_MEM_NUM_DWORD ); + always_comb api_sig_z_addr.offset = (api_sig_addr - SIGNATURE_C_NUM_DWORDS)%SIG_Z_MEM_NUM_DWORD; //FIXME can this be done better? + always_comb api_sig_c_addr = api_sig_addr[SIG_C_REG_ADDR_W-1:0]; + always_comb api_sig_h_addr = SIG_H_REG_ADDR_W'( api_sig_addr - (SIGNATURE_C_NUM_DWORDS+SIGNATURE_Z_NUM_DWORDS) ); + + always_comb mldsa_reg_hwif_in.MLDSA_SIGNATURE.wr_ack = mldsa_reg_hwif_out.MLDSA_SIGNATURE.req & mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr; + always_comb api_sig_z_we = api_sig_z_dec & mldsa_reg_hwif_in.MLDSA_SIGNATURE.wr_ack; + + always_comb api_sig_z_re = api_sig_z_dec & ~mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr; + + `ABR_MEM_BE(SIG_Z_MEM_DEPTH,SIG_Z_MEM_DATA_W) + mldsa_sig_z_ram_bank1 + ( + .clk_i(clk), + .we_i(sig_z_ram_we), + .waddr_i(sig_z_ram_waddr), + .wstrobe_i(sig_z_ram_wstrobe), + .wdata_i(sig_z_ram_wdata), + .re_i(sig_z_ram_re), + .raddr_i(sig_z_ram_raddr), + .rdata_o(sig_z_ram_rdata) + ); + + //read requests + always_comb sig_z_ram_re = (sigdecode_z_rd_req_i.rd_wr_en == RW_READ) | api_sig_z_re; + always_comb sig_z_ram_raddr = ({SIG_Z_MEM_ADDR_W{(sigdecode_z_rd_req_i.rd_wr_en == RW_READ)}} & sigdecode_z_rd_req_i.addr[SIG_Z_MEM_ADDR_W:1]) | + ({SIG_Z_MEM_ADDR_W{api_sig_z_re}} & api_sig_z_addr.addr); + + always_comb sigdecode_z_rd_data_o = sig_z_ram_rdata; + always_comb mldsa_reg_hwif_in.MLDSA_SIGNATURE.rd_data = api_sig_z_re_f ? sig_z_ram_rdata[api_sig_z_addr.offset] : signature_reg_rdata; + + //write requests + always_comb sig_z_ram_we = (sigencode_wr_req_i.rd_wr_en == RW_WRITE) | api_sig_z_we; + always_comb sig_z_ram_waddr = ({SIG_Z_MEM_ADDR_W{(sigencode_wr_req_i.rd_wr_en == RW_WRITE)}} & sigencode_wr_req_i.addr[SIG_Z_MEM_ADDR_W:1]) | + ({SIG_Z_MEM_ADDR_W{api_sig_z_we}} & api_sig_z_addr.addr); + + always_comb sig_z_ram_wstrobe = ({SIG_Z_MEM_WSTROBE_W{(sigencode_wr_req_i.rd_wr_en == RW_WRITE)}}) | + ({SIG_Z_MEM_WSTROBE_W{api_sig_z_we}} & ('hF << api_sig_z_addr.offset*32)); + + + always_comb sig_z_ram_wdata = ({SIG_Z_MEM_DATA_W{(sigencode_wr_req_i.rd_wr_en == RW_WRITE)}} & sigencode_wr_data_i) | + ({SIG_Z_MEM_DATA_W{(api_sig_z_we)}} & SIG_Z_MEM_DATA_W'(mldsa_reg_hwif_out.MLDSA_SIGNATURE.wr_data << api_sig_z_addr.offset*32)); + + //signature reg read flop + always_ff @(posedge clk or negedge rst_b) begin + if (!rst_b) begin + signature_reg_rdata <= '0; + end else if (zeroize) begin + signature_reg_rdata <= '0; + end else begin + if (mldsa_reg_hwif_out.MLDSA_SIGNATURE.req & ~mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr) + signature_reg_rdata <= {DATA_WIDTH{api_sig_c_dec}} & signature_reg.enc.c[api_sig_c_addr] | + {DATA_WIDTH{api_sig_h_dec}} & signature_reg.enc.h[api_sig_h_addr]; + end + end + always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin signature_reg <= '0; end else if (zeroize) begin signature_reg <= '0; end else begin - for (int dword = 0; dword < SIGNATURE_NUM_DWORDS; dword++) begin - if (mldsa_ready & mldsa_reg_hwif_out.MLDSA_SIGNATURE[dword].req & mldsa_reg_hwif_out.MLDSA_SIGNATURE[dword].req_is_wr) begin - signature_reg.raw[SIGNATURE_NUM_DWORDS-1-dword] <= mldsa_reg_hwif_out.MLDSA_SIGNATURE[dword].wr_data; + if (mldsa_ready & api_sig_c_dec & mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr) begin + for (int dword = 0; dword < SIGNATURE_NUM_DWORDS; dword++) begin + signature_reg.enc.c[api_sig_c_addr] <= mldsa_reg_hwif_out.MLDSA_SIGNATURE.wr_data; + end + end + if (mldsa_ready & api_sig_h_dec & mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr) begin + for (int dword = 0; dword < SIGNATURE_NUM_DWORDS; dword++) begin + signature_reg.enc.h[api_sig_h_addr] <= mldsa_reg_hwif_out.MLDSA_SIGNATURE.wr_data; end end //HW write c @@ -470,12 +554,6 @@ module mldsa_ctrl signature_reg.enc.c <= sampler_state_data_i[0][511:0]; end end - //HW write z - for (int chunk = 0; chunk < 224; chunk++) begin - if ((sigencode_wr_req_i.rd_wr_en == RW_WRITE) & (sigencode_wr_req_i.addr[8:1] == chunk)) begin - signature_reg.enc.z[chunk*5 +: 5] <= sigencode_wr_data_i; - end - end //HW write h for (int dword = 0; dword < SIGNATURE_H_NUM_DWORDS; dword++) begin if (set_signature_valid) begin @@ -497,12 +575,8 @@ module mldsa_ctrl //HW read z always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin - sigdecode_z_rd_data_o <= '0; pkdecode_rd_data_o <= '0; end else begin - if ((sigdecode_z_rd_req_i.rd_wr_en == RW_READ)) begin - sigdecode_z_rd_data_o <= signature_reg.enc.z[sigdecode_z_rd_req_i.addr[8:1]*5 +: 5]; - end if (1) begin //fixme read enable or remove flop pkdecode_rd_data_o <= publickey_reg.enc.t1[pkdecode_rd_addr_i*8 +: 8]; end diff --git a/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv b/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv index 24c8dec..8330181 100644 --- a/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv +++ b/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv @@ -44,6 +44,7 @@ package mldsa_ctrl_pkg; localparam SIGNATURE_Z_NUM_DWORDS = 1120; localparam SIGNATURE_C_NUM_DWORDS = 16; localparam SIGNATURE_NUM_DWORDS = SIGNATURE_H_NUM_DWORDS + SIGNATURE_Z_NUM_DWORDS + SIGNATURE_C_NUM_DWORDS; + localparam SIGNATURE_REG_NUM_DWORDS = SIGNATURE_H_NUM_DWORDS + SIGNATURE_C_NUM_DWORDS; localparam VERIFY_RES_NUM_DWORDS = 16; localparam ENTROPY_NUM_DWORDS = 16; @@ -51,9 +52,19 @@ package mldsa_ctrl_pkg; localparam T1_COEFF_W = 10; localparam SK_MEM_DEPTH = 1192; - localparam SK_MEM_BANK_DEPTH = 596; + localparam SK_MEM_BANK_DEPTH = 1192/2; localparam SK_MEM_ADDR_W = $clog2(SK_MEM_BANK_DEPTH); + localparam SIG_Z_MEM_DATA_W = 160; + localparam SIG_Z_MEM_NUM_DWORD = SIG_Z_MEM_DATA_W/32; + localparam SIG_Z_MEM_WSTROBE_W = SIG_Z_MEM_DATA_W/8; + localparam SIG_Z_MEM_DEPTH = (SIGNATURE_Z_NUM_DWORDS*32)/SIG_Z_MEM_DATA_W; + localparam SIG_ADDR_W = $clog2(SIGNATURE_NUM_DWORDS); + localparam SIG_Z_MEM_ADDR_W = $clog2(SIG_Z_MEM_DEPTH); + localparam SIG_Z_MEM_OFFSET_W = $clog2(SIG_Z_MEM_DATA_W/32); + localparam SIG_H_REG_ADDR_W = $clog2(SIGNATURE_H_NUM_DWORDS); + localparam SIG_C_REG_ADDR_W = $clog2(SIGNATURE_C_NUM_DWORDS); + typedef struct packed { logic [7:0][63:0] tr; logic [3:0][63:0] K; @@ -65,15 +76,19 @@ package mldsa_ctrl_pkg; logic [PRIVKEY_REG_NUM_DWORDS-1:0][31:0] raw; } mldsa_privkey_u; + typedef struct packed { + logic [SIG_Z_MEM_ADDR_W-1:0] addr; + logic [SIG_Z_MEM_OFFSET_W-1:0] offset; + } mldsa_signature_z_addr_t; + typedef struct packed { logic [SIGNATURE_H_NUM_DWORDS-1:0][31:0] h; - logic [SIGNATURE_Z_NUM_DWORDS-1:0][31:0] z; logic [SIGNATURE_C_NUM_DWORDS-1:0][31:0] c; } mldsa_signature_t; typedef union packed { mldsa_signature_t enc; - logic [SIGNATURE_NUM_DWORDS-1:0][31:0] raw; + logic [SIGNATURE_REG_NUM_DWORDS-1:0][31:0] raw; } mldsa_signature_u; typedef struct packed { diff --git a/src/mldsa_top/rtl/mldsa_params_pkg.sv b/src/mldsa_top/rtl/mldsa_params_pkg.sv index df1ac73..b95700a 100644 --- a/src/mldsa_top/rtl/mldsa_params_pkg.sv +++ b/src/mldsa_top/rtl/mldsa_params_pkg.sv @@ -51,6 +51,7 @@ package mldsa_params_pkg; parameter MLDSA_MEM_INST2_ADDR_W = $clog2(MLDSA_MEM_INST2_DEPTH); parameter MLDSA_MEM_INST3_DEPTH = 128; //1.5 KB parameter MLDSA_MEM_INST3_ADDR_W = $clog2(MLDSA_MEM_INST3_DEPTH); + parameter MLDSA_MEM_W1_DEPTH = 512; parameter MLDSA_KEYGEN = 3'b001; parameter MLDSA_SIGN = 3'b010; diff --git a/src/mldsa_top/rtl/mldsa_reg.rdl b/src/mldsa_top/rtl/mldsa_reg.rdl index 28cb666..12ee4f3 100644 --- a/src/mldsa_top/rtl/mldsa_reg.rdl +++ b/src/mldsa_top/rtl/mldsa_reg.rdl @@ -193,19 +193,16 @@ addrmap mldsa_reg { } MLDSA_PUBKEY[648]; /* ---- MLDSA Component Signature ---- */ - external reg { + external mem { name = "MLDSA component signature register type definition"; desc = "1157 32-bit registers storing the signature of the message in big-endian representation. These registers are read by MLDSA user after signing operation, or set before verifying operation."; - default sw = rw; - default hw = rw; - default we = true; - default resetsignal = reset_b; - field {desc = "Signature field"; swwe = mldsa_ready; hwclr;} SIGNATURE[32] = 32'b0; - - } MLDSA_SIGNATURE[1157]; + sw = rw; + mementries = 1157; + memwidth = 32; + } MLDSA_SIGNATURE; /* ---- MLDSA Component Private Key OUT---- */ external mem { @@ -496,5 +493,5 @@ addrmap mldsa_reg { /* ----------------------- * Register File instance * ----------------------- */ - intr_block_t intr_block_rf @0x6000; + intr_block_t intr_block_rf @0x8000; }; \ No newline at end of file diff --git a/src/mldsa_top/rtl/mldsa_reg.sv b/src/mldsa_top/rtl/mldsa_reg.sv index 4f98724..50b9476 100644 --- a/src/mldsa_top/rtl/mldsa_reg.sv +++ b/src/mldsa_top/rtl/mldsa_reg.sv @@ -7,7 +7,7 @@ module mldsa_reg ( input wire s_cpuif_req, input wire s_cpuif_req_is_wr, - input wire [14:0] s_cpuif_addr, + input wire [15:0] s_cpuif_addr, input wire [31:0] s_cpuif_wr_data, input wire [31:0] s_cpuif_wr_biten, output wire s_cpuif_req_stall_wr, @@ -27,7 +27,7 @@ module mldsa_reg ( //-------------------------------------------------------------------------- logic cpuif_req; logic cpuif_req_is_wr; - logic [14:0] cpuif_addr; + logic [15:0] cpuif_addr; logic [31:0] cpuif_wr_data; logic [31:0] cpuif_wr_biten; logic cpuif_req_stall_wr; @@ -93,7 +93,7 @@ module mldsa_reg ( logic [16-1:0]MLDSA_MSG; logic [16-1:0]MLDSA_VERIFY_RES; logic [648-1:0]MLDSA_PUBKEY; - logic [1157-1:0]MLDSA_SIGNATURE; + logic MLDSA_SIGNATURE; logic MLDSA_PRIVKEY_OUT; logic MLDSA_PRIVKEY_IN; struct packed{ @@ -115,7 +115,7 @@ module mldsa_reg ( decoded_reg_strb_t decoded_reg_strb; logic decoded_strb_is_external; - logic [14:0] decoded_addr; + logic [15:0] decoded_addr; logic decoded_req; logic decoded_req_is_wr; @@ -123,59 +123,56 @@ module mldsa_reg ( logic [31:0] decoded_wr_biten; always_comb begin - automatic logic is_external = '0; - + automatic logic is_external; + is_external = '0; for(int i0=0; i0<2; i0++) begin - decoded_reg_strb.MLDSA_NAME[i0] = cpuif_req_masked & (cpuif_addr == 15'h0 + i0*15'h4); + decoded_reg_strb.MLDSA_NAME[i0] = cpuif_req_masked & (cpuif_addr == 16'h0 + i0*16'h4); end for(int i0=0; i0<2; i0++) begin - decoded_reg_strb.MLDSA_VERSION[i0] = cpuif_req_masked & (cpuif_addr == 15'h8 + i0*15'h4); + decoded_reg_strb.MLDSA_VERSION[i0] = cpuif_req_masked & (cpuif_addr == 16'h8 + i0*16'h4); end - decoded_reg_strb.MLDSA_CTRL = cpuif_req_masked & (cpuif_addr == 15'h10); - decoded_reg_strb.MLDSA_STATUS = cpuif_req_masked & (cpuif_addr == 15'h14); + decoded_reg_strb.MLDSA_CTRL = cpuif_req_masked & (cpuif_addr == 16'h10); + decoded_reg_strb.MLDSA_STATUS = cpuif_req_masked & (cpuif_addr == 16'h14); for(int i0=0; i0<16; i0++) begin - decoded_reg_strb.MLDSA_ENTROPY[i0] = cpuif_req_masked & (cpuif_addr == 15'h18 + i0*15'h4); + decoded_reg_strb.MLDSA_ENTROPY[i0] = cpuif_req_masked & (cpuif_addr == 16'h18 + i0*16'h4); end for(int i0=0; i0<8; i0++) begin - decoded_reg_strb.MLDSA_SEED[i0] = cpuif_req_masked & (cpuif_addr == 15'h58 + i0*15'h4); + decoded_reg_strb.MLDSA_SEED[i0] = cpuif_req_masked & (cpuif_addr == 16'h58 + i0*16'h4); end for(int i0=0; i0<8; i0++) begin - decoded_reg_strb.MLDSA_SIGN_RND[i0] = cpuif_req_masked & (cpuif_addr == 15'h78 + i0*15'h4); + decoded_reg_strb.MLDSA_SIGN_RND[i0] = cpuif_req_masked & (cpuif_addr == 16'h78 + i0*16'h4); end for(int i0=0; i0<16; i0++) begin - decoded_reg_strb.MLDSA_MSG[i0] = cpuif_req_masked & (cpuif_addr == 15'h98 + i0*15'h4); + decoded_reg_strb.MLDSA_MSG[i0] = cpuif_req_masked & (cpuif_addr == 16'h98 + i0*16'h4); end for(int i0=0; i0<16; i0++) begin - decoded_reg_strb.MLDSA_VERIFY_RES[i0] = cpuif_req_masked & (cpuif_addr == 15'hd8 + i0*15'h4); + decoded_reg_strb.MLDSA_VERIFY_RES[i0] = cpuif_req_masked & (cpuif_addr == 16'hd8 + i0*16'h4); end for(int i0=0; i0<648; i0++) begin - decoded_reg_strb.MLDSA_PUBKEY[i0] = cpuif_req_masked & (cpuif_addr == 15'h118 + i0*15'h4); - is_external |= cpuif_req_masked & (cpuif_addr == 15'h118 + i0*15'h4); + decoded_reg_strb.MLDSA_PUBKEY[i0] = cpuif_req_masked & (cpuif_addr == 16'h118 + i0*16'h4); + is_external |= cpuif_req_masked & (cpuif_addr == 16'h118 + i0*16'h4); end - for(int i0=0; i0<1157; i0++) begin - decoded_reg_strb.MLDSA_SIGNATURE[i0] = cpuif_req_masked & (cpuif_addr == 15'hb38 + i0*15'h4); - is_external |= cpuif_req_masked & (cpuif_addr == 15'hb38 + i0*15'h4); - end - decoded_reg_strb.MLDSA_PRIVKEY_OUT = cpuif_req_masked & (cpuif_addr >= 15'h2000) & (cpuif_addr <= 15'h2000 + 15'h131f); - is_external |= cpuif_req_masked & (cpuif_addr >= 15'h2000) & (cpuif_addr <= 15'h2000 + 15'h131f); - decoded_reg_strb.MLDSA_PRIVKEY_IN = cpuif_req_masked & (cpuif_addr >= 15'h4000) & (cpuif_addr <= 15'h4000 + 15'h131f); - is_external |= cpuif_req_masked & (cpuif_addr >= 15'h4000) & (cpuif_addr <= 15'h4000 + 15'h131f); - decoded_reg_strb.intr_block_rf.global_intr_en_r = cpuif_req_masked & (cpuif_addr == 15'h6000); - decoded_reg_strb.intr_block_rf.error_intr_en_r = cpuif_req_masked & (cpuif_addr == 15'h6004); - decoded_reg_strb.intr_block_rf.notif_intr_en_r = cpuif_req_masked & (cpuif_addr == 15'h6008); - decoded_reg_strb.intr_block_rf.error_global_intr_r = cpuif_req_masked & (cpuif_addr == 15'h600c); - decoded_reg_strb.intr_block_rf.notif_global_intr_r = cpuif_req_masked & (cpuif_addr == 15'h6010); - decoded_reg_strb.intr_block_rf.error_internal_intr_r = cpuif_req_masked & (cpuif_addr == 15'h6014); - decoded_reg_strb.intr_block_rf.notif_internal_intr_r = cpuif_req_masked & (cpuif_addr == 15'h6018); - decoded_reg_strb.intr_block_rf.error_intr_trig_r = cpuif_req_masked & (cpuif_addr == 15'h601c); - decoded_reg_strb.intr_block_rf.notif_intr_trig_r = cpuif_req_masked & (cpuif_addr == 15'h6020); - decoded_reg_strb.intr_block_rf.error_internal_intr_count_r = cpuif_req_masked & (cpuif_addr == 15'h6100); - decoded_reg_strb.intr_block_rf.notif_cmd_done_intr_count_r = cpuif_req_masked & (cpuif_addr == 15'h6180); - decoded_reg_strb.intr_block_rf.error_internal_intr_count_incr_r = cpuif_req_masked & (cpuif_addr == 15'h6200); - decoded_reg_strb.intr_block_rf.notif_cmd_done_intr_count_incr_r = cpuif_req_masked & (cpuif_addr == 15'h6204); + decoded_reg_strb.MLDSA_SIGNATURE = cpuif_req_masked & (cpuif_addr >= 16'h2000) & (cpuif_addr <= 16'h2000 + 16'h1213); + is_external |= cpuif_req_masked & (cpuif_addr >= 16'h2000) & (cpuif_addr <= 16'h2000 + 16'h1213); + decoded_reg_strb.MLDSA_PRIVKEY_OUT = cpuif_req_masked & (cpuif_addr >= 16'h4000) & (cpuif_addr <= 16'h4000 + 16'h131f); + is_external |= cpuif_req_masked & (cpuif_addr >= 16'h4000) & (cpuif_addr <= 16'h4000 + 16'h131f); + decoded_reg_strb.MLDSA_PRIVKEY_IN = cpuif_req_masked & (cpuif_addr >= 16'h6000) & (cpuif_addr <= 16'h6000 + 16'h131f); + is_external |= cpuif_req_masked & (cpuif_addr >= 16'h6000) & (cpuif_addr <= 16'h6000 + 16'h131f); + decoded_reg_strb.intr_block_rf.global_intr_en_r = cpuif_req_masked & (cpuif_addr == 16'h8000); + decoded_reg_strb.intr_block_rf.error_intr_en_r = cpuif_req_masked & (cpuif_addr == 16'h8004); + decoded_reg_strb.intr_block_rf.notif_intr_en_r = cpuif_req_masked & (cpuif_addr == 16'h8008); + decoded_reg_strb.intr_block_rf.error_global_intr_r = cpuif_req_masked & (cpuif_addr == 16'h800c); + decoded_reg_strb.intr_block_rf.notif_global_intr_r = cpuif_req_masked & (cpuif_addr == 16'h8010); + decoded_reg_strb.intr_block_rf.error_internal_intr_r = cpuif_req_masked & (cpuif_addr == 16'h8014); + decoded_reg_strb.intr_block_rf.notif_internal_intr_r = cpuif_req_masked & (cpuif_addr == 16'h8018); + decoded_reg_strb.intr_block_rf.error_intr_trig_r = cpuif_req_masked & (cpuif_addr == 16'h801c); + decoded_reg_strb.intr_block_rf.notif_intr_trig_r = cpuif_req_masked & (cpuif_addr == 16'h8020); + decoded_reg_strb.intr_block_rf.error_internal_intr_count_r = cpuif_req_masked & (cpuif_addr == 16'h8100); + decoded_reg_strb.intr_block_rf.notif_cmd_done_intr_count_r = cpuif_req_masked & (cpuif_addr == 16'h8180); + decoded_reg_strb.intr_block_rf.error_internal_intr_count_incr_r = cpuif_req_masked & (cpuif_addr == 16'h8200); + decoded_reg_strb.intr_block_rf.notif_cmd_done_intr_count_incr_r = cpuif_req_masked & (cpuif_addr == 16'h8204); decoded_strb_is_external = is_external; external_req = is_external; - end // Pass down signals to next stage @@ -434,8 +431,10 @@ module mldsa_reg ( // Field: mldsa_reg.MLDSA_CTRL.CTRL always_comb begin - automatic logic [2:0] next_c = field_storage.MLDSA_CTRL.CTRL.value; - automatic logic load_next_c = '0; + automatic logic [2:0] next_c; + automatic logic load_next_c; + next_c = field_storage.MLDSA_CTRL.CTRL.value; + load_next_c = '0; if(decoded_reg_strb.MLDSA_CTRL && decoded_req_is_wr && hwif_in.mldsa_ready) begin // SW write next_c = (field_storage.MLDSA_CTRL.CTRL.value & ~decoded_wr_biten[2:0]) | (decoded_wr_data[2:0] & decoded_wr_biten[2:0]); load_next_c = '1; @@ -456,8 +455,10 @@ module mldsa_reg ( assign hwif_out.MLDSA_CTRL.CTRL.value = field_storage.MLDSA_CTRL.CTRL.value; // Field: mldsa_reg.MLDSA_CTRL.ZEROIZE always_comb begin - automatic logic [0:0] next_c = field_storage.MLDSA_CTRL.ZEROIZE.value; - automatic logic load_next_c = '0; + automatic logic [0:0] next_c; + automatic logic load_next_c; + next_c = field_storage.MLDSA_CTRL.ZEROIZE.value; + load_next_c = '0; if(decoded_reg_strb.MLDSA_CTRL && decoded_req_is_wr) begin // SW write next_c = (field_storage.MLDSA_CTRL.ZEROIZE.value & ~decoded_wr_biten[3:3]) | (decoded_wr_data[3:3] & decoded_wr_biten[3:3]); load_next_c = '1; @@ -479,8 +480,10 @@ module mldsa_reg ( for(genvar i0=0; i0<16; i0++) begin // Field: mldsa_reg.MLDSA_ENTROPY[].ENTROPY always_comb begin - automatic logic [31:0] next_c = field_storage.MLDSA_ENTROPY[i0].ENTROPY.value; - automatic logic load_next_c = '0; + automatic logic [31:0] next_c; + automatic logic load_next_c; + next_c = field_storage.MLDSA_ENTROPY[i0].ENTROPY.value; + load_next_c = '0; if(decoded_reg_strb.MLDSA_ENTROPY[i0] && decoded_req_is_wr && hwif_in.mldsa_ready) begin // SW write next_c = (field_storage.MLDSA_ENTROPY[i0].ENTROPY.value & ~decoded_wr_biten[31:0]) | (decoded_wr_data[31:0] & decoded_wr_biten[31:0]); load_next_c = '1; @@ -503,8 +506,10 @@ module mldsa_reg ( for(genvar i0=0; i0<8; i0++) begin // Field: mldsa_reg.MLDSA_SEED[].SEED always_comb begin - automatic logic [31:0] next_c = field_storage.MLDSA_SEED[i0].SEED.value; - automatic logic load_next_c = '0; + automatic logic [31:0] next_c; + automatic logic load_next_c; + next_c = field_storage.MLDSA_SEED[i0].SEED.value; + load_next_c = '0; if(decoded_reg_strb.MLDSA_SEED[i0] && decoded_req_is_wr && hwif_in.mldsa_ready) begin // SW write next_c = (field_storage.MLDSA_SEED[i0].SEED.value & ~decoded_wr_biten[31:0]) | (decoded_wr_data[31:0] & decoded_wr_biten[31:0]); load_next_c = '1; @@ -530,8 +535,10 @@ module mldsa_reg ( for(genvar i0=0; i0<8; i0++) begin // Field: mldsa_reg.MLDSA_SIGN_RND[].SIGN_RND always_comb begin - automatic logic [31:0] next_c = field_storage.MLDSA_SIGN_RND[i0].SIGN_RND.value; - automatic logic load_next_c = '0; + automatic logic [31:0] next_c; + automatic logic load_next_c; + next_c = field_storage.MLDSA_SIGN_RND[i0].SIGN_RND.value; + load_next_c = '0; if(decoded_reg_strb.MLDSA_SIGN_RND[i0] && decoded_req_is_wr && hwif_in.mldsa_ready) begin // SW write next_c = (field_storage.MLDSA_SIGN_RND[i0].SIGN_RND.value & ~decoded_wr_biten[31:0]) | (decoded_wr_data[31:0] & decoded_wr_biten[31:0]); load_next_c = '1; @@ -554,8 +561,10 @@ module mldsa_reg ( for(genvar i0=0; i0<16; i0++) begin // Field: mldsa_reg.MLDSA_MSG[].MSG always_comb begin - automatic logic [31:0] next_c = field_storage.MLDSA_MSG[i0].MSG.value; - automatic logic load_next_c = '0; + automatic logic [31:0] next_c; + automatic logic load_next_c; + next_c = field_storage.MLDSA_MSG[i0].MSG.value; + load_next_c = '0; if(decoded_reg_strb.MLDSA_MSG[i0] && decoded_req_is_wr && hwif_in.mldsa_ready) begin // SW write next_c = (field_storage.MLDSA_MSG[i0].MSG.value & ~decoded_wr_biten[31:0]) | (decoded_wr_data[31:0] & decoded_wr_biten[31:0]); load_next_c = '1; @@ -581,8 +590,10 @@ module mldsa_reg ( for(genvar i0=0; i0<16; i0++) begin // Field: mldsa_reg.MLDSA_VERIFY_RES[].VERIFY_RES always_comb begin - automatic logic [31:0] next_c = field_storage.MLDSA_VERIFY_RES[i0].VERIFY_RES.value; - automatic logic load_next_c = '0; + automatic logic [31:0] next_c; + automatic logic load_next_c; + next_c = field_storage.MLDSA_VERIFY_RES[i0].VERIFY_RES.value; + load_next_c = '0; if(hwif_in.MLDSA_VERIFY_RES[i0].VERIFY_RES.we) begin // HW Write - we next_c = hwif_in.MLDSA_VERIFY_RES[i0].VERIFY_RES.next; load_next_c = '1; @@ -609,13 +620,11 @@ module mldsa_reg ( assign hwif_out.MLDSA_PUBKEY[i0].wr_data = decoded_wr_data; assign hwif_out.MLDSA_PUBKEY[i0].wr_biten = decoded_wr_biten; end - for(genvar i0=0; i0<1157; i0++) begin - - assign hwif_out.MLDSA_SIGNATURE[i0].req = decoded_reg_strb.MLDSA_SIGNATURE[i0]; - assign hwif_out.MLDSA_SIGNATURE[i0].req_is_wr = decoded_req_is_wr; - assign hwif_out.MLDSA_SIGNATURE[i0].wr_data = decoded_wr_data; - assign hwif_out.MLDSA_SIGNATURE[i0].wr_biten = decoded_wr_biten; - end + assign hwif_out.MLDSA_SIGNATURE.req = decoded_reg_strb.MLDSA_SIGNATURE; + assign hwif_out.MLDSA_SIGNATURE.addr = decoded_addr[12:0]; + assign hwif_out.MLDSA_SIGNATURE.req_is_wr = decoded_req_is_wr; + assign hwif_out.MLDSA_SIGNATURE.wr_data = decoded_wr_data; + assign hwif_out.MLDSA_SIGNATURE.wr_biten = decoded_wr_biten; assign hwif_out.MLDSA_PRIVKEY_OUT.req = decoded_reg_strb.MLDSA_PRIVKEY_OUT; assign hwif_out.MLDSA_PRIVKEY_OUT.addr = decoded_addr[12:0]; assign hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr = decoded_req_is_wr; @@ -628,8 +637,10 @@ module mldsa_reg ( assign hwif_out.MLDSA_PRIVKEY_IN.wr_biten = decoded_wr_biten; // Field: mldsa_reg.intr_block_rf.global_intr_en_r.error_en always_comb begin - automatic logic [0:0] next_c = field_storage.intr_block_rf.global_intr_en_r.error_en.value; - automatic logic load_next_c = '0; + automatic logic [0:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.global_intr_en_r.error_en.value; + load_next_c = '0; if(decoded_reg_strb.intr_block_rf.global_intr_en_r && decoded_req_is_wr) begin // SW write next_c = (field_storage.intr_block_rf.global_intr_en_r.error_en.value & ~decoded_wr_biten[0:0]) | (decoded_wr_data[0:0] & decoded_wr_biten[0:0]); load_next_c = '1; @@ -646,8 +657,10 @@ module mldsa_reg ( end // Field: mldsa_reg.intr_block_rf.global_intr_en_r.notif_en always_comb begin - automatic logic [0:0] next_c = field_storage.intr_block_rf.global_intr_en_r.notif_en.value; - automatic logic load_next_c = '0; + automatic logic [0:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.global_intr_en_r.notif_en.value; + load_next_c = '0; if(decoded_reg_strb.intr_block_rf.global_intr_en_r && decoded_req_is_wr) begin // SW write next_c = (field_storage.intr_block_rf.global_intr_en_r.notif_en.value & ~decoded_wr_biten[1:1]) | (decoded_wr_data[1:1] & decoded_wr_biten[1:1]); load_next_c = '1; @@ -664,8 +677,10 @@ module mldsa_reg ( end // Field: mldsa_reg.intr_block_rf.error_intr_en_r.error_internal_en always_comb begin - automatic logic [0:0] next_c = field_storage.intr_block_rf.error_intr_en_r.error_internal_en.value; - automatic logic load_next_c = '0; + automatic logic [0:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.error_intr_en_r.error_internal_en.value; + load_next_c = '0; if(decoded_reg_strb.intr_block_rf.error_intr_en_r && decoded_req_is_wr) begin // SW write next_c = (field_storage.intr_block_rf.error_intr_en_r.error_internal_en.value & ~decoded_wr_biten[0:0]) | (decoded_wr_data[0:0] & decoded_wr_biten[0:0]); load_next_c = '1; @@ -682,8 +697,10 @@ module mldsa_reg ( end // Field: mldsa_reg.intr_block_rf.notif_intr_en_r.notif_cmd_done_en always_comb begin - automatic logic [0:0] next_c = field_storage.intr_block_rf.notif_intr_en_r.notif_cmd_done_en.value; - automatic logic load_next_c = '0; + automatic logic [0:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.notif_intr_en_r.notif_cmd_done_en.value; + load_next_c = '0; if(decoded_reg_strb.intr_block_rf.notif_intr_en_r && decoded_req_is_wr) begin // SW write next_c = (field_storage.intr_block_rf.notif_intr_en_r.notif_cmd_done_en.value & ~decoded_wr_biten[0:0]) | (decoded_wr_data[0:0] & decoded_wr_biten[0:0]); load_next_c = '1; @@ -700,8 +717,10 @@ module mldsa_reg ( end // Field: mldsa_reg.intr_block_rf.error_global_intr_r.agg_sts always_comb begin - automatic logic [0:0] next_c = field_storage.intr_block_rf.error_global_intr_r.agg_sts.value; - automatic logic load_next_c = '0; + automatic logic [0:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.error_global_intr_r.agg_sts.value; + load_next_c = '0; // HW Write next_c = hwif_out.intr_block_rf.error_internal_intr_r.intr; @@ -720,8 +739,10 @@ module mldsa_reg ( |(field_storage.intr_block_rf.error_global_intr_r.agg_sts.value & field_storage.intr_block_rf.global_intr_en_r.error_en.value); // Field: mldsa_reg.intr_block_rf.notif_global_intr_r.agg_sts always_comb begin - automatic logic [0:0] next_c = field_storage.intr_block_rf.notif_global_intr_r.agg_sts.value; - automatic logic load_next_c = '0; + automatic logic [0:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.notif_global_intr_r.agg_sts.value; + load_next_c = '0; // HW Write next_c = hwif_out.intr_block_rf.notif_internal_intr_r.intr; @@ -740,8 +761,10 @@ module mldsa_reg ( |(field_storage.intr_block_rf.notif_global_intr_r.agg_sts.value & field_storage.intr_block_rf.global_intr_en_r.notif_en.value); // Field: mldsa_reg.intr_block_rf.error_internal_intr_r.error_internal_sts always_comb begin - automatic logic [0:0] next_c = field_storage.intr_block_rf.error_internal_intr_r.error_internal_sts.value; - automatic logic load_next_c = '0; + automatic logic [0:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.error_internal_intr_r.error_internal_sts.value; + load_next_c = '0; if(field_storage.intr_block_rf.error_intr_trig_r.error_internal_trig.value != '0) begin // stickybit next_c = field_storage.intr_block_rf.error_internal_intr_r.error_internal_sts.value | field_storage.intr_block_rf.error_intr_trig_r.error_internal_trig.value; load_next_c = '1; @@ -766,8 +789,10 @@ module mldsa_reg ( |(field_storage.intr_block_rf.error_internal_intr_r.error_internal_sts.value & field_storage.intr_block_rf.error_intr_en_r.error_internal_en.value); // Field: mldsa_reg.intr_block_rf.notif_internal_intr_r.notif_cmd_done_sts always_comb begin - automatic logic [0:0] next_c = field_storage.intr_block_rf.notif_internal_intr_r.notif_cmd_done_sts.value; - automatic logic load_next_c = '0; + automatic logic [0:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.notif_internal_intr_r.notif_cmd_done_sts.value; + load_next_c = '0; if(field_storage.intr_block_rf.notif_intr_trig_r.notif_cmd_done_trig.value != '0) begin // stickybit next_c = field_storage.intr_block_rf.notif_internal_intr_r.notif_cmd_done_sts.value | field_storage.intr_block_rf.notif_intr_trig_r.notif_cmd_done_trig.value; load_next_c = '1; @@ -792,8 +817,10 @@ module mldsa_reg ( |(field_storage.intr_block_rf.notif_internal_intr_r.notif_cmd_done_sts.value & field_storage.intr_block_rf.notif_intr_en_r.notif_cmd_done_en.value); // Field: mldsa_reg.intr_block_rf.error_intr_trig_r.error_internal_trig always_comb begin - automatic logic [0:0] next_c = field_storage.intr_block_rf.error_intr_trig_r.error_internal_trig.value; - automatic logic load_next_c = '0; + automatic logic [0:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.error_intr_trig_r.error_internal_trig.value; + load_next_c = '0; if(decoded_reg_strb.intr_block_rf.error_intr_trig_r && decoded_req_is_wr) begin // SW write 1 set next_c = field_storage.intr_block_rf.error_intr_trig_r.error_internal_trig.value | (decoded_wr_data[0:0] & decoded_wr_biten[0:0]); load_next_c = '1; @@ -813,8 +840,10 @@ module mldsa_reg ( end // Field: mldsa_reg.intr_block_rf.notif_intr_trig_r.notif_cmd_done_trig always_comb begin - automatic logic [0:0] next_c = field_storage.intr_block_rf.notif_intr_trig_r.notif_cmd_done_trig.value; - automatic logic load_next_c = '0; + automatic logic [0:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.notif_intr_trig_r.notif_cmd_done_trig.value; + load_next_c = '0; if(decoded_reg_strb.intr_block_rf.notif_intr_trig_r && decoded_req_is_wr) begin // SW write 1 set next_c = field_storage.intr_block_rf.notif_intr_trig_r.notif_cmd_done_trig.value | (decoded_wr_data[0:0] & decoded_wr_biten[0:0]); load_next_c = '1; @@ -834,8 +863,10 @@ module mldsa_reg ( end // Field: mldsa_reg.intr_block_rf.error_internal_intr_count_r.cnt always_comb begin - automatic logic [31:0] next_c = field_storage.intr_block_rf.error_internal_intr_count_r.cnt.value; - automatic logic load_next_c = '0; + automatic logic [31:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.error_internal_intr_count_r.cnt.value; + load_next_c = '0; if(decoded_reg_strb.intr_block_rf.error_internal_intr_count_r && decoded_req_is_wr) begin // SW write next_c = (field_storage.intr_block_rf.error_internal_intr_count_r.cnt.value & ~decoded_wr_biten[31:0]) | (decoded_wr_data[31:0] & decoded_wr_biten[31:0]); load_next_c = '1; @@ -866,8 +897,10 @@ module mldsa_reg ( end // Field: mldsa_reg.intr_block_rf.notif_cmd_done_intr_count_r.cnt always_comb begin - automatic logic [31:0] next_c = field_storage.intr_block_rf.notif_cmd_done_intr_count_r.cnt.value; - automatic logic load_next_c = '0; + automatic logic [31:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.notif_cmd_done_intr_count_r.cnt.value; + load_next_c = '0; if(decoded_reg_strb.intr_block_rf.notif_cmd_done_intr_count_r && decoded_req_is_wr) begin // SW write next_c = (field_storage.intr_block_rf.notif_cmd_done_intr_count_r.cnt.value & ~decoded_wr_biten[31:0]) | (decoded_wr_data[31:0] & decoded_wr_biten[31:0]); load_next_c = '1; @@ -898,8 +931,10 @@ module mldsa_reg ( end // Field: mldsa_reg.intr_block_rf.error_internal_intr_count_incr_r.pulse always_comb begin - automatic logic [0:0] next_c = field_storage.intr_block_rf.error_internal_intr_count_incr_r.pulse.value; - automatic logic load_next_c = '0; + automatic logic [0:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.error_internal_intr_count_incr_r.pulse.value; + load_next_c = '0; if(field_storage.intr_block_rf.error_intr_trig_r.error_internal_trig.value) begin // HW Write - we next_c = field_storage.intr_block_rf.error_intr_trig_r.error_internal_trig.value; load_next_c = '1; @@ -927,8 +962,10 @@ module mldsa_reg ( end // Field: mldsa_reg.intr_block_rf.notif_cmd_done_intr_count_incr_r.pulse always_comb begin - automatic logic [0:0] next_c = field_storage.intr_block_rf.notif_cmd_done_intr_count_incr_r.pulse.value; - automatic logic load_next_c = '0; + automatic logic [0:0] next_c; + automatic logic load_next_c; + next_c = field_storage.intr_block_rf.notif_cmd_done_intr_count_incr_r.pulse.value; + load_next_c = '0; if(field_storage.intr_block_rf.notif_intr_trig_r.notif_cmd_done_trig.value) begin // HW Write - we next_c = field_storage.intr_block_rf.notif_intr_trig_r.notif_cmd_done_trig.value; load_next_c = '1; @@ -964,9 +1001,7 @@ module mldsa_reg ( for(int i0=0; i0<648; i0++) begin wr_ack |= hwif_in.MLDSA_PUBKEY[i0].wr_ack; end - for(int i0=0; i0<1157; i0++) begin - wr_ack |= hwif_in.MLDSA_SIGNATURE[i0].wr_ack; - end + wr_ack |= hwif_in.MLDSA_SIGNATURE.wr_ack; wr_ack |= hwif_in.MLDSA_PRIVKEY_OUT.wr_ack; wr_ack |= hwif_in.MLDSA_PRIVKEY_IN.wr_ack; external_wr_ack = wr_ack; @@ -985,9 +1020,7 @@ module mldsa_reg ( for(int i0=0; i0<648; i0++) begin rd_ack |= hwif_in.MLDSA_PUBKEY[i0].rd_ack; end - for(int i0=0; i0<1157; i0++) begin - rd_ack |= hwif_in.MLDSA_SIGNATURE[i0].rd_ack; - end + rd_ack |= hwif_in.MLDSA_SIGNATURE.rd_ack; rd_ack |= hwif_in.MLDSA_PRIVKEY_OUT.rd_ack; rd_ack |= hwif_in.MLDSA_PRIVKEY_IN.rd_ack; readback_external_rd_ack_c = rd_ack; @@ -1000,9 +1033,9 @@ module mldsa_reg ( logic readback_err; logic readback_done; logic [31:0] readback_data; - + // Assign readback values to a flattened array - logic [1841-1:0][31:0] readback_array; + logic [685-1:0][31:0] readback_array; for(genvar i0=0; i0<2; i0++) begin assign readback_array[i0*1 + 0][31:0] = (decoded_reg_strb.MLDSA_NAME[i0] && !decoded_req_is_wr) ? hwif_in.MLDSA_NAME[i0].NAME.next : '0; end @@ -1018,36 +1051,34 @@ module mldsa_reg ( for(genvar i0=0; i0<648; i0++) begin assign readback_array[i0*1 + 21] = hwif_in.MLDSA_PUBKEY[i0].rd_ack ? hwif_in.MLDSA_PUBKEY[i0].rd_data : '0; end - for(genvar i0=0; i0<1157; i0++) begin - assign readback_array[i0*1 + 669] = hwif_in.MLDSA_SIGNATURE[i0].rd_ack ? hwif_in.MLDSA_SIGNATURE[i0].rd_data : '0; - end - assign readback_array[1826] = hwif_in.MLDSA_PRIVKEY_OUT.rd_ack ? hwif_in.MLDSA_PRIVKEY_OUT.rd_data : '0; - assign readback_array[1827] = hwif_in.MLDSA_PRIVKEY_IN.rd_ack ? hwif_in.MLDSA_PRIVKEY_IN.rd_data : '0; - assign readback_array[1828][0:0] = (decoded_reg_strb.intr_block_rf.global_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.global_intr_en_r.error_en.value : '0; - assign readback_array[1828][1:1] = (decoded_reg_strb.intr_block_rf.global_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.global_intr_en_r.notif_en.value : '0; - assign readback_array[1828][31:2] = '0; - assign readback_array[1829][0:0] = (decoded_reg_strb.intr_block_rf.error_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_intr_en_r.error_internal_en.value : '0; - assign readback_array[1829][31:1] = '0; - assign readback_array[1830][0:0] = (decoded_reg_strb.intr_block_rf.notif_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_intr_en_r.notif_cmd_done_en.value : '0; - assign readback_array[1830][31:1] = '0; - assign readback_array[1831][0:0] = (decoded_reg_strb.intr_block_rf.error_global_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_global_intr_r.agg_sts.value : '0; - assign readback_array[1831][31:1] = '0; - assign readback_array[1832][0:0] = (decoded_reg_strb.intr_block_rf.notif_global_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_global_intr_r.agg_sts.value : '0; - assign readback_array[1832][31:1] = '0; - assign readback_array[1833][0:0] = (decoded_reg_strb.intr_block_rf.error_internal_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_internal_intr_r.error_internal_sts.value : '0; - assign readback_array[1833][31:1] = '0; - assign readback_array[1834][0:0] = (decoded_reg_strb.intr_block_rf.notif_internal_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_internal_intr_r.notif_cmd_done_sts.value : '0; - assign readback_array[1834][31:1] = '0; - assign readback_array[1835][0:0] = (decoded_reg_strb.intr_block_rf.error_intr_trig_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_intr_trig_r.error_internal_trig.value : '0; - assign readback_array[1835][31:1] = '0; - assign readback_array[1836][0:0] = (decoded_reg_strb.intr_block_rf.notif_intr_trig_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_intr_trig_r.notif_cmd_done_trig.value : '0; - assign readback_array[1836][31:1] = '0; - assign readback_array[1837][31:0] = (decoded_reg_strb.intr_block_rf.error_internal_intr_count_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_internal_intr_count_r.cnt.value : '0; - assign readback_array[1838][31:0] = (decoded_reg_strb.intr_block_rf.notif_cmd_done_intr_count_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_cmd_done_intr_count_r.cnt.value : '0; - assign readback_array[1839][0:0] = (decoded_reg_strb.intr_block_rf.error_internal_intr_count_incr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_internal_intr_count_incr_r.pulse.value : '0; - assign readback_array[1839][31:1] = '0; - assign readback_array[1840][0:0] = (decoded_reg_strb.intr_block_rf.notif_cmd_done_intr_count_incr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_cmd_done_intr_count_incr_r.pulse.value : '0; - assign readback_array[1840][31:1] = '0; + assign readback_array[669] = hwif_in.MLDSA_SIGNATURE.rd_ack ? hwif_in.MLDSA_SIGNATURE.rd_data : '0; + assign readback_array[670] = hwif_in.MLDSA_PRIVKEY_OUT.rd_ack ? hwif_in.MLDSA_PRIVKEY_OUT.rd_data : '0; + assign readback_array[671] = hwif_in.MLDSA_PRIVKEY_IN.rd_ack ? hwif_in.MLDSA_PRIVKEY_IN.rd_data : '0; + assign readback_array[672][0:0] = (decoded_reg_strb.intr_block_rf.global_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.global_intr_en_r.error_en.value : '0; + assign readback_array[672][1:1] = (decoded_reg_strb.intr_block_rf.global_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.global_intr_en_r.notif_en.value : '0; + assign readback_array[672][31:2] = '0; + assign readback_array[673][0:0] = (decoded_reg_strb.intr_block_rf.error_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_intr_en_r.error_internal_en.value : '0; + assign readback_array[673][31:1] = '0; + assign readback_array[674][0:0] = (decoded_reg_strb.intr_block_rf.notif_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_intr_en_r.notif_cmd_done_en.value : '0; + assign readback_array[674][31:1] = '0; + assign readback_array[675][0:0] = (decoded_reg_strb.intr_block_rf.error_global_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_global_intr_r.agg_sts.value : '0; + assign readback_array[675][31:1] = '0; + assign readback_array[676][0:0] = (decoded_reg_strb.intr_block_rf.notif_global_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_global_intr_r.agg_sts.value : '0; + assign readback_array[676][31:1] = '0; + assign readback_array[677][0:0] = (decoded_reg_strb.intr_block_rf.error_internal_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_internal_intr_r.error_internal_sts.value : '0; + assign readback_array[677][31:1] = '0; + assign readback_array[678][0:0] = (decoded_reg_strb.intr_block_rf.notif_internal_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_internal_intr_r.notif_cmd_done_sts.value : '0; + assign readback_array[678][31:1] = '0; + assign readback_array[679][0:0] = (decoded_reg_strb.intr_block_rf.error_intr_trig_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_intr_trig_r.error_internal_trig.value : '0; + assign readback_array[679][31:1] = '0; + assign readback_array[680][0:0] = (decoded_reg_strb.intr_block_rf.notif_intr_trig_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_intr_trig_r.notif_cmd_done_trig.value : '0; + assign readback_array[680][31:1] = '0; + assign readback_array[681][31:0] = (decoded_reg_strb.intr_block_rf.error_internal_intr_count_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_internal_intr_count_r.cnt.value : '0; + assign readback_array[682][31:0] = (decoded_reg_strb.intr_block_rf.notif_cmd_done_intr_count_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_cmd_done_intr_count_r.cnt.value : '0; + assign readback_array[683][0:0] = (decoded_reg_strb.intr_block_rf.error_internal_intr_count_incr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_internal_intr_count_incr_r.pulse.value : '0; + assign readback_array[683][31:1] = '0; + assign readback_array[684][0:0] = (decoded_reg_strb.intr_block_rf.notif_cmd_done_intr_count_incr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_cmd_done_intr_count_incr_r.pulse.value : '0; + assign readback_array[684][31:1] = '0; // Reduce the array always_comb begin @@ -1055,7 +1086,7 @@ module mldsa_reg ( readback_done = decoded_req & ~decoded_req_is_wr & ~decoded_strb_is_external; readback_err = '0; readback_data_var = '0; - for(int i=0; i<1841; i++) readback_data_var |= readback_array[i]; + for(int i=0; i<685; i++) readback_data_var |= readback_array[i]; readback_data = readback_data_var; end @@ -1066,4 +1097,4 @@ module mldsa_reg ( `ABR_ASSERT_KNOWN(ERR_HWIF_IN, hwif_in, clk, !hwif_in.hard_reset_b) -endmodule \ No newline at end of file +endmodule diff --git a/src/mldsa_top/rtl/mldsa_reg_pkg.sv b/src/mldsa_top/rtl/mldsa_reg_pkg.sv index 151dcd1..c7129bf 100644 --- a/src/mldsa_top/rtl/mldsa_reg_pkg.sv +++ b/src/mldsa_top/rtl/mldsa_reg_pkg.sv @@ -4,7 +4,7 @@ package mldsa_reg_pkg; localparam MLDSA_REG_DATA_WIDTH = 32; - localparam MLDSA_REG_MIN_ADDR_WIDTH = 15; + localparam MLDSA_REG_MIN_ADDR_WIDTH = 16; typedef struct packed{ logic [31:0] next; @@ -148,7 +148,7 @@ package mldsa_reg_pkg; mldsa_reg__MLDSA_MSG__in_t [16-1:0]MLDSA_MSG; mldsa_reg__MLDSA_VERIFY_RES__in_t [16-1:0]MLDSA_VERIFY_RES; mldsa_reg__MLDSA_PUBKEY__external__in_t [648-1:0]MLDSA_PUBKEY; - mldsa_reg__MLDSA_SIGNATURE__external__in_t [1157-1:0]MLDSA_SIGNATURE; + mldsa_reg__MLDSA_SIGNATURE__external__in_t MLDSA_SIGNATURE; mldsa_reg__MLDSA_PRIVKEY_OUT__external__in_t MLDSA_PRIVKEY_OUT; mldsa_reg__MLDSA_PRIVKEY_IN__external__in_t MLDSA_PRIVKEY_IN; mldsa_reg__intr_block_t__in_t intr_block_rf; @@ -216,6 +216,7 @@ package mldsa_reg_pkg; typedef struct packed{ logic req; + logic [12:0] addr; logic req_is_wr; logic [31:0] wr_data; logic [31:0] wr_biten; @@ -268,12 +269,12 @@ package mldsa_reg_pkg; mldsa_reg__MLDSA_MSG__out_t [16-1:0]MLDSA_MSG; mldsa_reg__MLDSA_VERIFY_RES__out_t [16-1:0]MLDSA_VERIFY_RES; mldsa_reg__MLDSA_PUBKEY__external__out_t [648-1:0]MLDSA_PUBKEY; - mldsa_reg__MLDSA_SIGNATURE__external__out_t [1157-1:0]MLDSA_SIGNATURE; + mldsa_reg__MLDSA_SIGNATURE__external__out_t MLDSA_SIGNATURE; mldsa_reg__MLDSA_PRIVKEY_OUT__external__out_t MLDSA_PRIVKEY_OUT; mldsa_reg__MLDSA_PRIVKEY_IN__external__out_t MLDSA_PRIVKEY_IN; mldsa_reg__intr_block_t__out_t intr_block_rf; } mldsa_reg__out_t; - localparam MLDSA_REG_ADDR_WIDTH = 32'd15; + localparam MLDSA_REG_ADDR_WIDTH = 32'd16; endpackage \ No newline at end of file diff --git a/src/mldsa_top/rtl/mldsa_reg_uvm.sv b/src/mldsa_top/rtl/mldsa_reg_uvm.sv index eddca70..ded7e60 100644 --- a/src/mldsa_top/rtl/mldsa_reg_uvm.sv +++ b/src/mldsa_top/rtl/mldsa_reg_uvm.sv @@ -314,33 +314,19 @@ package mldsa_reg_uvm; endfunction : build endclass : mldsa_reg__MLDSA_PUBKEY - // Reg - mldsa_reg::MLDSA_SIGNATURE - class mldsa_reg__MLDSA_SIGNATURE extends uvm_reg; - protected uvm_reg_data_t m_current; - protected uvm_reg_data_t m_data; - protected bit m_is_read; - - mldsa_reg__MLDSA_SIGNATURE_bit_cg SIGNATURE_bit_cg[32]; - mldsa_reg__MLDSA_SIGNATURE_fld_cg fld_cg; - rand uvm_reg_field SIGNATURE; - + // Mem - mldsa_reg::MLDSA_SIGNATURE + class mldsa_reg__MLDSA_SIGNATURE extends uvm_reg_block; + rand uvm_mem m_mem; + function new(string name = "mldsa_reg__MLDSA_SIGNATURE"); - super.new(name, 32, build_coverage(UVM_CVR_ALL)); + super.new(name); endfunction : new - extern virtual function void sample_values(); - extern protected virtual function void sample(uvm_reg_data_t data, - uvm_reg_data_t byte_en, - bit is_read, - uvm_reg_map map); virtual function void build(); - this.SIGNATURE = new("SIGNATURE"); - this.SIGNATURE.configure(this, 32, 0, "RW", 1, 'h0, 1, 1, 0); - if (has_coverage(UVM_CVR_REG_BITS)) begin - foreach(SIGNATURE_bit_cg[bt]) SIGNATURE_bit_cg[bt] = new(); - end - if (has_coverage(UVM_CVR_FIELD_VALS)) - fld_cg = new(); + this.default_map = create_map("reg_map", 0, 4.0, UVM_NO_ENDIAN); + this.m_mem = new("m_mem", 1157, 32, "RW"); + this.m_mem.configure(this); + this.default_map.add_mem(this.m_mem, 0); endfunction : build endclass : mldsa_reg__MLDSA_SIGNATURE @@ -873,7 +859,7 @@ package mldsa_reg_uvm; rand mldsa_reg__MLDSA_MSG MLDSA_MSG[16]; rand mldsa_reg__MLDSA_VERIFY_RES MLDSA_VERIFY_RES[16]; rand mldsa_reg__MLDSA_PUBKEY MLDSA_PUBKEY[648]; - rand mldsa_reg__MLDSA_SIGNATURE MLDSA_SIGNATURE[1157]; + rand mldsa_reg__MLDSA_SIGNATURE MLDSA_SIGNATURE; rand mldsa_reg__MLDSA_PRIVKEY_OUT MLDSA_PRIVKEY_OUT; rand mldsa_reg__MLDSA_PRIVKEY_IN MLDSA_PRIVKEY_IN; rand mldsa_reg__intr_block_t intr_block_rf; @@ -950,25 +936,22 @@ package mldsa_reg_uvm; this.MLDSA_PUBKEY[i0].build(); this.default_map.add_reg(this.MLDSA_PUBKEY[i0], 'h118 + i0*'h4); end - foreach(this.MLDSA_SIGNATURE[i0]) begin - this.MLDSA_SIGNATURE[i0] = new($sformatf("MLDSA_SIGNATURE[%0d]", i0)); - this.MLDSA_SIGNATURE[i0].configure(this); - - this.MLDSA_SIGNATURE[i0].build(); - this.default_map.add_reg(this.MLDSA_SIGNATURE[i0], 'hb38 + i0*'h4); - end + this.MLDSA_SIGNATURE = new("MLDSA_SIGNATURE"); + this.MLDSA_SIGNATURE.configure(this); + this.MLDSA_SIGNATURE.build(); + this.default_map.add_submap(this.MLDSA_SIGNATURE.default_map, 'h2000); this.MLDSA_PRIVKEY_OUT = new("MLDSA_PRIVKEY_OUT"); this.MLDSA_PRIVKEY_OUT.configure(this); this.MLDSA_PRIVKEY_OUT.build(); - this.default_map.add_submap(this.MLDSA_PRIVKEY_OUT.default_map, 'h2000); + this.default_map.add_submap(this.MLDSA_PRIVKEY_OUT.default_map, 'h4000); this.MLDSA_PRIVKEY_IN = new("MLDSA_PRIVKEY_IN"); this.MLDSA_PRIVKEY_IN.configure(this); this.MLDSA_PRIVKEY_IN.build(); - this.default_map.add_submap(this.MLDSA_PRIVKEY_IN.default_map, 'h4000); + this.default_map.add_submap(this.MLDSA_PRIVKEY_IN.default_map, 'h6000); this.intr_block_rf = new("intr_block_rf"); this.intr_block_rf.configure(this); this.intr_block_rf.build(); - this.default_map.add_submap(this.intr_block_rf.default_map, 'h6000); + this.default_map.add_submap(this.intr_block_rf.default_map, 'h8000); endfunction : build endclass : mldsa_reg diff --git a/src/mldsa_top/rtl/mldsa_top.sv b/src/mldsa_top/rtl/mldsa_top.sv index 56c5eea..c9470ca 100644 --- a/src/mldsa_top/rtl/mldsa_top.sv +++ b/src/mldsa_top/rtl/mldsa_top.sv @@ -723,11 +723,8 @@ sigdecode_h_inst ( ); //w1 memory -`ABR_MEM -#( - .DEPTH(512), //FIXME params - .DATA_WIDTH(4) //FIXME params -) mldsa_w1_mem_inst +`ABR_MEM_TEST(512, 4) +mldsa_w1_mem_inst ( .clk_i(clk), .we_i(w1_mem_wr_req.rd_wr_en == RW_WRITE), @@ -993,11 +990,8 @@ always_comb makehint_mem_rd_data = mldsa_mem_rdata[1]; always_comb sigencode_mem_rd_data = mldsa_mem_rdata0_bank; always_comb pwr2rnd_mem_rd_data = mldsa_mem_rdata0_bank; -`ABR_MEM -#( - .DEPTH(MLDSA_MEM_INST0_DEPTH/2), - .DATA_WIDTH(MLDSA_MEM_DATA_WIDTH) -) mldsa_ram_inst0_bank0 +`ABR_MEM(MLDSA_MEM_INST0_DEPTH/2,MLDSA_MEM_DATA_WIDTH) +mldsa_ram_inst0_bank0 ( .clk_i(clk), .we_i(mldsa_mem_we0_bank[0]), @@ -1007,11 +1001,8 @@ always_comb pwr2rnd_mem_rd_data = mldsa_mem_rdata0_bank; .raddr_i(mldsa_mem_raddr0_bank[0][MLDSA_MEM_INST0_ADDR_W-1:1]), .rdata_o(mldsa_mem_rdata0_bank[0]) ); -`ABR_MEM -#( - .DEPTH(MLDSA_MEM_INST0_DEPTH/2), - .DATA_WIDTH(MLDSA_MEM_DATA_WIDTH) -) mldsa_ram_inst0_bank1 +`ABR_MEM(MLDSA_MEM_INST0_DEPTH/2,MLDSA_MEM_DATA_WIDTH) +mldsa_ram_inst0_bank1 ( .clk_i(clk), .we_i(mldsa_mem_we0_bank[1]), @@ -1022,11 +1013,8 @@ always_comb pwr2rnd_mem_rd_data = mldsa_mem_rdata0_bank; .rdata_o(mldsa_mem_rdata0_bank[1]) ); -`ABR_MEM -#( - .DEPTH(MLDSA_MEM_INST1_DEPTH), - .DATA_WIDTH(MLDSA_MEM_DATA_WIDTH) -) mldsa_ram_inst1 +`ABR_MEM(MLDSA_MEM_INST1_DEPTH,MLDSA_MEM_DATA_WIDTH) +mldsa_ram_inst1 ( .clk_i(clk), .we_i(mldsa_mem_we[1]), @@ -1037,11 +1025,8 @@ always_comb pwr2rnd_mem_rd_data = mldsa_mem_rdata0_bank; .rdata_o(mldsa_mem_rdata[1]) ); -`ABR_MEM -#( - .DEPTH(MLDSA_MEM_INST2_DEPTH), - .DATA_WIDTH(MLDSA_MEM_DATA_WIDTH) -) mldsa_ram_inst2 +`ABR_MEM(MLDSA_MEM_INST2_DEPTH,MLDSA_MEM_DATA_WIDTH) +mldsa_ram_inst2 ( .clk_i(clk), .we_i(mldsa_mem_we[2]), @@ -1052,11 +1037,8 @@ always_comb pwr2rnd_mem_rd_data = mldsa_mem_rdata0_bank; .rdata_o(mldsa_mem_rdata[2]) ); -`ABR_MEM -#( - .DEPTH(MLDSA_MEM_INST3_DEPTH), - .DATA_WIDTH(MLDSA_MEM_DATA_WIDTH) -) mldsa_ram_inst3 +`ABR_MEM(MLDSA_MEM_INST3_DEPTH,MLDSA_MEM_DATA_WIDTH) +mldsa_ram_inst3 ( .clk_i(clk), .we_i(mldsa_mem_we[3]), diff --git a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_all_sequence.svh b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_all_sequence.svh index 2fb17f3..1742637 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_all_sequence.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_all_sequence.svh @@ -231,8 +231,8 @@ class ML_DSA_randomized_all_sequence extends mldsa_bench_sequence_base; end // Reading MLDSA_SIGNATURE register - foreach (reg_model.MLDSA_SIGNATURE[i]) begin - reg_model.MLDSA_SIGNATURE[i].read(status, data, UVM_FRONTDOOR, reg_model.default_map, this); + for(int i = 0; i < reg_model.MLDSA_SIGNATURE.m_mem.get_size(); i++) begin + reg_model.MLDSA_SIGNATURE.m_mem.read(status, i, data, UVM_FRONTDOOR, reg_model.default_map, this); if (status != UVM_IS_OK) begin `uvm_error("REG_READ", $sformatf("Failed to read MLDSA_SIGNATURE[%0d]", i)); end else begin @@ -297,13 +297,13 @@ class ML_DSA_randomized_all_sequence extends mldsa_bench_sequence_base; end end - // Writing MLDSA_SIGNATURE register - foreach (reg_model.MLDSA_SIGNATURE[i]) begin - reg_model.MLDSA_SIGNATURE[i].write(status, SIGNATURE[i], UVM_FRONTDOOR, reg_model.default_map, this); + // Writing the SIGNATURE into the MLDSA_SIGNATURE register array + for (int i = 0; i < reg_model.MLDSA_SIGNATURE.m_mem.get_size(); i++) begin + reg_model.MLDSA_SIGNATURE.m_mem.write(status, i, SIGNATURE[i], UVM_FRONTDOOR, reg_model.default_map, this); if (status != UVM_IS_OK) begin - `uvm_error("REG_WRITE", $sformatf("Failed to write MLDSA_SIGNATURE[%0d]", i)); + `uvm_error("REG_WRITE", $sformatf("Failed to write MLDSA_SIGNATURE[%0d]", i)); end else begin - `uvm_info("REG_WRITE", $sformatf("MLDSA_SIGNATURE[%0d] written with %0h", i, SIGNATURE[i]), UVM_LOW); + `uvm_info("REG_WRITE", $sformatf("MLDSA_SIGNATURE[%0d] written with %0h", i, SIGNATURE[i]), UVM_LOW); end end diff --git a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_key_gen_and_sign_sequence.svh b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_key_gen_and_sign_sequence.svh index 1337f19..3b9076a 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_key_gen_and_sign_sequence.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_key_gen_and_sign_sequence.svh @@ -161,8 +161,8 @@ class ML_DSA_randomized_key_gen_and_sign_sequence extends mldsa_bench_sequence_b end // Reading MLDSA_SIGNATURE register - foreach (reg_model.MLDSA_SIGNATURE[i]) begin - reg_model.MLDSA_SIGNATURE[i].read(status, data, UVM_FRONTDOOR, reg_model.default_map, this); + for(int i = 0; i < reg_model.MLDSA_SIGNATURE.m_mem.get_size(); i++) begin + reg_model.MLDSA_SIGNATURE.m_mem.read(status, i, data, UVM_FRONTDOOR, reg_model.default_map, this); if (status != UVM_IS_OK) begin `uvm_error("REG_READ", $sformatf("Failed to read MLDSA_SIGNATURE[%0d]", i)); end else begin diff --git a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_sign_gen_sequence.svh b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_sign_gen_sequence.svh index b0fec36..7ea1de6 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_sign_gen_sequence.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_sign_gen_sequence.svh @@ -149,8 +149,8 @@ class ML_DSA_randomized_sign_gen_sequence extends mldsa_bench_sequence_base; end // Reading MLDSA_SIGNATURE register - foreach (reg_model.MLDSA_SIGNATURE[i]) begin - reg_model.MLDSA_SIGNATURE[i].read(status, data, UVM_FRONTDOOR, reg_model.default_map, this); + for(int i = 0; i < reg_model.MLDSA_SIGNATURE.m_mem.get_size(); i++) begin + reg_model.MLDSA_SIGNATURE.m_mem.read(status, i, data, UVM_FRONTDOOR, reg_model.default_map, this); if (status != UVM_IS_OK) begin `uvm_error("REG_READ", $sformatf("Failed to read MLDSA_SIGNATURE[%0d]", i)); end else begin diff --git a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_verif_sequence.svh b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_verif_sequence.svh index 591d389..48c763c 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_verif_sequence.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_verif_sequence.svh @@ -152,13 +152,13 @@ class ML_DSA_randomized_verif_sequence extends mldsa_bench_sequence_base; end end - // Writing MLDSA_SIGNATURE register - foreach (reg_model.MLDSA_SIGNATURE[i]) begin - reg_model.MLDSA_SIGNATURE[i].write(status, SIG[i], UVM_FRONTDOOR, reg_model.default_map, this); + // Writing the SIGNATURE into the MLDSA_SIGNATURE register array + for (int i = 0; i < reg_model.MLDSA_SIGNATURE.m_mem.get_size(); i++) begin + reg_model.MLDSA_SIGNATURE.m_mem.write(status, i, SIG[i], UVM_FRONTDOOR, reg_model.default_map, this); if (status != UVM_IS_OK) begin - `uvm_error("REG_WRITE", $sformatf("Failed to write MLDSA_SIGNATURE[%0d]", i)); + `uvm_error("REG_WRITE", $sformatf("Failed to write MLDSA_SIGNATURE[%0d]", i)); end else begin - `uvm_info("REG_WRITE", $sformatf("MLDSA_SIGNATURE[%0d] written with %0h", i, SIG[i]), UVM_LOW); + `uvm_info("REG_WRITE", $sformatf("MLDSA_SIGNATURE[%0d] written with %0h", i, SIG[i]), UVM_LOW); end end diff --git a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/tests/src/ML_DSA_randomized_verif_test.yml b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/tests/src/ML_DSA_randomized_verif_test.yml index 5bcf189..f5b2eb2 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/tests/src/ML_DSA_randomized_verif_test.yml +++ b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/tests/src/ML_DSA_randomized_verif_test.yml @@ -1,6 +1,6 @@ --- # Random seed desired... -#seed: 1 +seed: 4098270334 plusargs: - '+UVM_TESTNAME=ML_DSA_randomized_verif_test' testname: ML_DSA_randomized_verif_test diff --git a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/tests/src/abr_example_test.yml b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/tests/src/abr_example_test.yml index a0bfd0a..d3145f6 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/tests/src/abr_example_test.yml +++ b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/tests/src/abr_example_test.yml @@ -1,16 +1,16 @@ --- # Random seed desired... seed: 1 -#plusargs: -# - '+UVM_TESTNAME=ML_DSA_randomized_key_gen_test' -#testname: ML_DSA_randomized_key_gen_test -#parameters: -# dilithium_command: "test_dilithium5" plusargs: - - '+UVM_TESTNAME=ML_DSA_randomized_sign_gen_test' -testname: ML_DSA_randomized_sign_gen_test + - '+UVM_TESTNAME=ML_DSA_randomized_key_gen_test' +testname: ML_DSA_randomized_key_gen_test parameters: - dilithium_command: "test_dilithium5" + dilithium_command: "test_dilithium5" +#plusargs: +# - '+UVM_TESTNAME=ML_DSA_randomized_sign_gen_test' +#testname: ML_DSA_randomized_sign_gen_test +#parameters: +# dilithium_command: "test_dilithium5" #plusargs: # - '+UVM_TESTNAME=ML_DSA_randomized_verif_test' #testname: ML_DSA_randomized_verif_test diff --git a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_covergroups.svh b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_covergroups.svh index 7689bec..e26eff0 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_covergroups.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_covergroups.svh @@ -219,26 +219,6 @@ endgroup - /*----------------------- MLDSA_REG__MLDSA_SIGNATURE COVERGROUPS -----------------------*/ - covergroup mldsa_reg__MLDSA_SIGNATURE_bit_cg with function sample(input bit reg_bit); - option.per_instance = 1; - reg_bit_cp : coverpoint reg_bit { - bins value[2] = {0,1}; - } - reg_bit_edge_cp : coverpoint reg_bit { - bins rise = (0 => 1); - bins fall = (1 => 0); - } - - endgroup - covergroup mldsa_reg__MLDSA_SIGNATURE_fld_cg with function sample( - input bit [32-1:0] SIGNATURE - ); - option.per_instance = 1; - SIGNATURE_cp : coverpoint SIGNATURE; - - endgroup - /*----------------------- MLDSA_REG__INTR_BLOCK_T__GLOBAL_INTR_EN_T COVERGROUPS -----------------------*/ covergroup mldsa_reg__intr_block_t__global_intr_en_t_bit_cg with function sample(input bit reg_bit); option.per_instance = 1; diff --git a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_sample.svh b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_sample.svh index 1157eb7..4025ea0 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_sample.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_sample.svh @@ -269,31 +269,6 @@ end endfunction - /*----------------------- MLDSA_REG__MLDSA_SIGNATURE SAMPLE FUNCTIONS -----------------------*/ - function void mldsa_reg__MLDSA_SIGNATURE::sample(uvm_reg_data_t data, - uvm_reg_data_t byte_en, - bit is_read, - uvm_reg_map map); - m_current = get(); - m_data = data; - m_is_read = is_read; - if (get_coverage(UVM_CVR_REG_BITS)) begin - foreach(SIGNATURE_bit_cg[bt]) this.SIGNATURE_bit_cg[bt].sample(data[0 + bt]); - end - if (get_coverage(UVM_CVR_FIELD_VALS)) begin - this.fld_cg.sample( data[31:0]/*SIGNATURE*/ ); - end - endfunction - - function void mldsa_reg__MLDSA_SIGNATURE::sample_values(); - if (get_coverage(UVM_CVR_REG_BITS)) begin - foreach(SIGNATURE_bit_cg[bt]) this.SIGNATURE_bit_cg[bt].sample(SIGNATURE.get_mirrored_value() >> bt); - end - if (get_coverage(UVM_CVR_FIELD_VALS)) begin - this.fld_cg.sample( SIGNATURE.get_mirrored_value() ); - end - endfunction - /*----------------------- MLDSA_REG__INTR_BLOCK_T__GLOBAL_INTR_EN_T SAMPLE FUNCTIONS -----------------------*/ function void mldsa_reg__intr_block_t__global_intr_en_t::sample(uvm_reg_data_t data, uvm_reg_data_t byte_en, diff --git a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_uvm.sv b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_uvm.sv index eddca70..ded7e60 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_uvm.sv +++ b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_uvm.sv @@ -314,33 +314,19 @@ package mldsa_reg_uvm; endfunction : build endclass : mldsa_reg__MLDSA_PUBKEY - // Reg - mldsa_reg::MLDSA_SIGNATURE - class mldsa_reg__MLDSA_SIGNATURE extends uvm_reg; - protected uvm_reg_data_t m_current; - protected uvm_reg_data_t m_data; - protected bit m_is_read; - - mldsa_reg__MLDSA_SIGNATURE_bit_cg SIGNATURE_bit_cg[32]; - mldsa_reg__MLDSA_SIGNATURE_fld_cg fld_cg; - rand uvm_reg_field SIGNATURE; - + // Mem - mldsa_reg::MLDSA_SIGNATURE + class mldsa_reg__MLDSA_SIGNATURE extends uvm_reg_block; + rand uvm_mem m_mem; + function new(string name = "mldsa_reg__MLDSA_SIGNATURE"); - super.new(name, 32, build_coverage(UVM_CVR_ALL)); + super.new(name); endfunction : new - extern virtual function void sample_values(); - extern protected virtual function void sample(uvm_reg_data_t data, - uvm_reg_data_t byte_en, - bit is_read, - uvm_reg_map map); virtual function void build(); - this.SIGNATURE = new("SIGNATURE"); - this.SIGNATURE.configure(this, 32, 0, "RW", 1, 'h0, 1, 1, 0); - if (has_coverage(UVM_CVR_REG_BITS)) begin - foreach(SIGNATURE_bit_cg[bt]) SIGNATURE_bit_cg[bt] = new(); - end - if (has_coverage(UVM_CVR_FIELD_VALS)) - fld_cg = new(); + this.default_map = create_map("reg_map", 0, 4.0, UVM_NO_ENDIAN); + this.m_mem = new("m_mem", 1157, 32, "RW"); + this.m_mem.configure(this); + this.default_map.add_mem(this.m_mem, 0); endfunction : build endclass : mldsa_reg__MLDSA_SIGNATURE @@ -873,7 +859,7 @@ package mldsa_reg_uvm; rand mldsa_reg__MLDSA_MSG MLDSA_MSG[16]; rand mldsa_reg__MLDSA_VERIFY_RES MLDSA_VERIFY_RES[16]; rand mldsa_reg__MLDSA_PUBKEY MLDSA_PUBKEY[648]; - rand mldsa_reg__MLDSA_SIGNATURE MLDSA_SIGNATURE[1157]; + rand mldsa_reg__MLDSA_SIGNATURE MLDSA_SIGNATURE; rand mldsa_reg__MLDSA_PRIVKEY_OUT MLDSA_PRIVKEY_OUT; rand mldsa_reg__MLDSA_PRIVKEY_IN MLDSA_PRIVKEY_IN; rand mldsa_reg__intr_block_t intr_block_rf; @@ -950,25 +936,22 @@ package mldsa_reg_uvm; this.MLDSA_PUBKEY[i0].build(); this.default_map.add_reg(this.MLDSA_PUBKEY[i0], 'h118 + i0*'h4); end - foreach(this.MLDSA_SIGNATURE[i0]) begin - this.MLDSA_SIGNATURE[i0] = new($sformatf("MLDSA_SIGNATURE[%0d]", i0)); - this.MLDSA_SIGNATURE[i0].configure(this); - - this.MLDSA_SIGNATURE[i0].build(); - this.default_map.add_reg(this.MLDSA_SIGNATURE[i0], 'hb38 + i0*'h4); - end + this.MLDSA_SIGNATURE = new("MLDSA_SIGNATURE"); + this.MLDSA_SIGNATURE.configure(this); + this.MLDSA_SIGNATURE.build(); + this.default_map.add_submap(this.MLDSA_SIGNATURE.default_map, 'h2000); this.MLDSA_PRIVKEY_OUT = new("MLDSA_PRIVKEY_OUT"); this.MLDSA_PRIVKEY_OUT.configure(this); this.MLDSA_PRIVKEY_OUT.build(); - this.default_map.add_submap(this.MLDSA_PRIVKEY_OUT.default_map, 'h2000); + this.default_map.add_submap(this.MLDSA_PRIVKEY_OUT.default_map, 'h4000); this.MLDSA_PRIVKEY_IN = new("MLDSA_PRIVKEY_IN"); this.MLDSA_PRIVKEY_IN.configure(this); this.MLDSA_PRIVKEY_IN.build(); - this.default_map.add_submap(this.MLDSA_PRIVKEY_IN.default_map, 'h4000); + this.default_map.add_submap(this.MLDSA_PRIVKEY_IN.default_map, 'h6000); this.intr_block_rf = new("intr_block_rf"); this.intr_block_rf.configure(this); this.intr_block_rf.build(); - this.default_map.add_submap(this.intr_block_rf.default_map, 'h6000); + this.default_map.add_submap(this.intr_block_rf.default_map, 'h8000); endfunction : build endclass : mldsa_reg diff --git a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/src/mldsa_predictor.svh b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/src/mldsa_predictor.svh index 4dd775d..4110bfc 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/src/mldsa_predictor.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/src/mldsa_predictor.svh @@ -125,12 +125,12 @@ class mldsa_predictor #( // of DUT output values based on DUT input, configuration and state virtual function void write_ahb_slave_0_ae(mvc_sequence_item_base _t); logic [31:0] written_value, expected_value; - uvm_reg_addr_t privkey_out_base_addr, privkey_in_base_addr; - uvm_reg_addr_t privkey_out_size, privkey_in_size; + uvm_reg_addr_t privkey_out_base_addr, privkey_in_base_addr, signature_base_addr; + uvm_reg_addr_t privkey_out_size, privkey_in_size, signature_size; uvm_reg_addr_t reg_addr; - uvm_mem privkey_out_mem, privkey_in_mem; + uvm_mem privkey_out_mem, privkey_in_mem, signature_mem; uvm_reg reg_obj; - bit SK_range_true; + bit MEM_range_true; // pragma uvmf custom ahb_slave_0_ae_predictor begin ahb_master_burst_transfer #(ahb_lite_slave_0_params::AHB_NUM_MASTERS, ahb_lite_slave_0_params::AHB_NUM_MASTER_BITS, @@ -178,15 +178,30 @@ class mldsa_predictor #( else begin `uvm_fatal("PRED_AHB", "Could not retrieve MLDSA_PRIVKEY_IN memory from sub-map") end + + // Retrieve base address and memory object for MLDSA_SIGNATURE + signature_base_addr = p_mldsa_rm.default_map.get_submap_offset(p_mldsa_rm.MLDSA_SIGNATURE.default_map); + signature_mem = p_mldsa_rm.default_map.get_mem_by_offset(signature_base_addr); + signature_size = uvm_reg_addr_t'(signature_mem.get_size()); + + // Check if MLDSA_SIGNATURE memory is correctly retrieved + if (signature_mem != null) begin + //`uvm_info("PRED_AHB", $sformatf("MLDSA_SIGNATURE: Base Addr = 0x%0h, Size = %0d", signature_base_addr, signature_size), UVM_LOW) + end + else begin + `uvm_fatal("PRED_AHB", "Could not retrieve MLDSA_SIGNATURE memory from sub-map") + end + reg_addr = t.address; - SK_range_true = (reg_addr >= privkey_in_base_addr && reg_addr < privkey_in_base_addr + privkey_in_size * 4) + MEM_range_true = (reg_addr >= privkey_in_base_addr && reg_addr < privkey_in_base_addr + privkey_in_size * 4) || - (reg_addr >= privkey_out_base_addr && reg_addr < privkey_out_base_addr + privkey_out_size * 4); - + (reg_addr >= privkey_out_base_addr && reg_addr < privkey_out_base_addr + privkey_out_size * 4) + || + (reg_addr >= signature_base_addr && reg_addr < signature_base_addr + signature_size * 4); //=========================================================================================== if (t.RnW == 1'b1) begin // write - if (reg_obj == null && !SK_range_true) begin + if (reg_obj == null && !MEM_range_true) begin `uvm_error("PRED_AHB", $sformatf("AHB transaction to address: 0x%x decodes to null from AHB_map", t.address)) end else begin @@ -216,11 +231,11 @@ class mldsa_predictor #( idx = (reg_addr - base_addr) / 4; PK[idx] = t.data[0][31:0]; end - else if (reg_addr >= p_mldsa_rm.MLDSA_SIGNATURE[0].get_address(p_mldsa_map) && - reg_addr <= p_mldsa_rm.MLDSA_SIGNATURE[$size(p_mldsa_rm.MLDSA_SIGNATURE)-1].get_address(p_mldsa_map)) begin - base_addr = p_mldsa_rm.MLDSA_SIGNATURE[0].get_address(p_mldsa_map); - idx = (reg_addr - base_addr) / 4; + // Accessing data in MLDSA_SIGNATURE + else if (reg_addr >= signature_base_addr && reg_addr < signature_base_addr + signature_size * 4) begin + idx = (reg_addr - signature_base_addr) / 4; SIG[idx] = t.data[0][31:0]; + //`uvm_info("PRED_AHB", $sformatf("Writing to MLDSA_SIGNATURE: Addr = 0x%0h, Data = 0x%0h", reg_addr, t.data[0][31:0]), UVM_LOW) end else if (reg_addr == p_mldsa_rm.MLDSA_CTRL.get_address(p_mldsa_map)) begin run_executable(t.data[0][2:0]); @@ -236,7 +251,7 @@ class mldsa_predictor #( end end else if (t.RnW == 1'b0) begin // read - if (reg_obj == null && !SK_range_true) begin + if (reg_obj == null && !MEM_range_true) begin `uvm_error("PRED_AHB", $sformatf("AHB transaction to address: 0x%x decodes to null from AHB_map", t.address)) end else begin @@ -265,16 +280,16 @@ class mldsa_predictor #( `uvm_error("PRED_AHB", "Private key out read out of bounds") end end - else if (reg_addr >= p_mldsa_rm.MLDSA_SIGNATURE[0].get_address(p_mldsa_map) && - reg_addr <= p_mldsa_rm.MLDSA_SIGNATURE[$size(p_mldsa_rm.MLDSA_SIGNATURE)-1].get_address(p_mldsa_map)) begin - base_addr = p_mldsa_rm.MLDSA_SIGNATURE[0].get_address(p_mldsa_map); - idx = (reg_addr - base_addr) / 4; - if (idx < $size(SIG)) begin - t.data[0][31:0] = SIG[idx]; - end - else begin - `uvm_error("PRED_AHB", "Signature read out of bounds") - end + // Accessing data in MLDSA_SIGNATURE + else if (reg_addr >= signature_base_addr && reg_addr < signature_base_addr + signature_size * 4) begin + idx = (reg_addr - signature_base_addr) / 4; + if (idx < signature_size) begin + t.data[0][31:0] = SIG[idx]; // Example read from SIG + //`uvm_info("PRED_AHB", $sformatf("Reading from MLDSA_SIGNATURE: Addr = 0x%0h, Data = 0x%0h", reg_addr, t.data[0][31:0]), UVM_LOW) + end + else begin + `uvm_error("PRED_AHB", "Signature read out of bounds") + end end else if (reg_addr >= p_mldsa_rm.MLDSA_VERIFY_RES[0].get_address(p_mldsa_map) && reg_addr <= p_mldsa_rm.MLDSA_VERIFY_RES[$size(p_mldsa_rm.MLDSA_VERIFY_RES)-1].get_address(p_mldsa_map)) begin @@ -559,9 +574,9 @@ class mldsa_predictor #( foreach (p_mldsa_rm.MLDSA_PUBKEY[i]) begin p_mldsa_rm.MLDSA_PUBKEY[i].set(zero_value); end - foreach (p_mldsa_rm.MLDSA_SIGNATURE[i]) begin - p_mldsa_rm.MLDSA_SIGNATURE[i].set(zero_value); - end + //foreach (p_mldsa_rm.MLDSA_SIGNATURE[i]) begin + // p_mldsa_rm.MLDSA_SIGNATURE[i].set(zero_value); + //end end endfunction diff --git a/src/sigdecode_h/rtl/sigdecode_h_ctrl.sv b/src/sigdecode_h/rtl/sigdecode_h_ctrl.sv index d272442..fe7eb24 100644 --- a/src/sigdecode_h/rtl/sigdecode_h_ctrl.sv +++ b/src/sigdecode_h/rtl/sigdecode_h_ctrl.sv @@ -238,7 +238,7 @@ module sigdecode_h_ctrl //----------------- always_comb begin arc_SDH_WR_IDLE_SDH_WR_INIT = (write_fsm_state_ps == SDH_WR_IDLE) & sigdecode_h_enable; - arc_SDH_WR_INIT_SDH_WR_MEM = (write_fsm_state_ps == SDH_WR_INIT) & hint_rd_en; //hint_rd_en indicates bitmap is going to be constructed, so we can move to WR MEM state + arc_SDH_WR_INIT_SDH_WR_MEM = (write_fsm_state_ps == SDH_WR_INIT) & (hint_rd_en | poly_done_rd); //hint_rd_en indicates bitmap is going to be constructed, so we can move to WR MEM state arc_SDH_WR_INIT_SDH_WR_IDLE = (write_fsm_state_ps == SDH_WR_INIT) & sigdecode_h_error; arc_SDH_WR_MEM_SDH_WR_INIT = (write_fsm_state_ps == SDH_WR_MEM) & ~last_poly & poly_done_wr; arc_SDH_WR_MEM_SDH_WR_IDLE = (write_fsm_state_ps == SDH_WR_MEM) & ((last_poly & poly_done_wr) | sigdecode_h_error); diff --git a/src/sk_decode/rtl/skdecode_top.sv b/src/sk_decode/rtl/skdecode_top.sv index b15c2cc..a02e5b1 100644 --- a/src/sk_decode/rtl/skdecode_top.sv +++ b/src/sk_decode/rtl/skdecode_top.sv @@ -218,15 +218,15 @@ module skdecode_top end abr_sample_buffer #( - .NUM_WR(64), - .NUM_RD(52), - .BUFFER_DATA_W(1) + .NUM_WR(16), + .NUM_RD(13), + .BUFFER_DATA_W(4) ) t0_sample_buffer_inst ( .clk(clk), .rst_b(reset_n), .zeroize(zeroize), - .data_valid_i((t0_buf_full | ~t0_enable) ? 64'h0 : {64{t0_enable_reg}}), + .data_valid_i((t0_buf_full | ~t0_enable) ? 16'h0 : {16{t0_enable_reg}}), .data_i({keymem_b_rd_data_reg, keymem_a_rd_data_reg}), .buffer_full_o(t0_buf_full), .data_valid_o(t0_data_valid), @@ -234,15 +234,15 @@ module skdecode_top ); abr_sample_buffer #( - .NUM_WR(32), - .NUM_RD(24), - .BUFFER_DATA_W(1) + .NUM_WR(4), + .NUM_RD(3), + .BUFFER_DATA_W(8) ) s1s2_sample_buffer_inst ( .clk(clk), .rst_b(reset_n), .zeroize(zeroize), - .data_valid_i(s1s2_buf_stall_reg/*(s1s2_buf_full | ~s1s2_enable)*/ ? 'h0 : {32{s1s2_enable_reg}}), + .data_valid_i(s1s2_buf_stall_reg/*(s1s2_buf_full | ~s1s2_enable)*/ ? 4'h0 : {4{s1s2_enable_reg}}), .data_i(keymem_a_rd_data_reg), .buffer_full_o(s1s2_buf_full), .data_valid_o(s1s2_data_valid), From 1e7361a0bf053295afa4e101c55fbd3c06817ffc Mon Sep 17 00:00:00 2001 From: Michael Norris <“michnorris@microsoft.com”> Date: Fri, 20 Sep 2024 13:46:02 -0700 Subject: [PATCH 05/10] fixing bug in sig h --- src/mldsa_top/rtl/mldsa_ctrl.sv | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/mldsa_top/rtl/mldsa_ctrl.sv b/src/mldsa_top/rtl/mldsa_ctrl.sv index 1ba0735..afa57fe 100644 --- a/src/mldsa_top/rtl/mldsa_ctrl.sv +++ b/src/mldsa_top/rtl/mldsa_ctrl.sv @@ -539,14 +539,15 @@ module mldsa_ctrl end end //HW write h - for (int dword = 0; dword < SIGNATURE_H_NUM_DWORDS; dword++) begin - if (set_signature_valid) begin - signature_reg.enc.h[dword] <= '0; - end else if (makehint_reg_wren_i & (makehint_reg_wr_addr_i == dword)) begin - signature_reg.enc.h[dword] <= signature_reg.enc.h[dword] | makehint_reg_wrdata_i; - end else if (mldsa_ready & api_sig_h_dec & mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr) begin - signature_reg.enc.h[api_sig_h_addr] <= mldsa_reg_hwif_out.MLDSA_SIGNATURE.wr_data; + if (set_signature_valid) begin + signature_reg.enc.h <= '0; + end else if (makehint_reg_wren_i) begin + for (int dword = 0; dword < SIGNATURE_H_NUM_DWORDS; dword++) begin + if (makehint_reg_wr_addr_i == dword) + signature_reg.enc.h[dword] <= signature_reg.enc.h[dword] | makehint_reg_wrdata_i; end + end else if (mldsa_ready & api_sig_h_dec & mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr) begin + signature_reg.enc.h[api_sig_h_addr] <= mldsa_reg_hwif_out.MLDSA_SIGNATURE.wr_data; end end end From 1ff70aefe6e6035a2863c59b24ecb22e976d457d Mon Sep 17 00:00:00 2001 From: Michael Norris <“michnorris@microsoft.com”> Date: Thu, 26 Sep 2024 14:56:17 -0700 Subject: [PATCH 06/10] pubkey mem implementation --- src/mldsa_top/rtl/mldsa_ctrl.sv | 204 +++++++++++++----- src/mldsa_top/rtl/mldsa_ctrl_pkg.sv | 18 +- src/mldsa_top/rtl/mldsa_reg.rdl | 13 +- src/mldsa_top/rtl/mldsa_reg.sv | 92 ++++---- src/mldsa_top/rtl/mldsa_reg_pkg.sv | 5 +- src/mldsa_top/rtl/mldsa_reg_uvm.sv | 45 ++-- .../src/ML_DSA_randomized_all_sequence.svh | 24 +-- ...A_randomized_key_gen_and_sign_sequence.svh | 4 +- .../ML_DSA_randomized_key_gen_sequence.svh | 4 +- .../src/ML_DSA_randomized_verif_sequence.svh | 16 +- .../src/example_derived_test_sequence.svh | 16 +- .../registers/mldsa_reg_covergroups.svh | 20 -- .../registers/mldsa_reg_sample.svh | 25 --- .../mldsa_env_pkg/registers/mldsa_reg_uvm.sv | 45 ++-- .../mldsa_env_pkg/src/mldsa_predictor.svh | 60 ++++-- 15 files changed, 316 insertions(+), 275 deletions(-) diff --git a/src/mldsa_top/rtl/mldsa_ctrl.sv b/src/mldsa_top/rtl/mldsa_ctrl.sv index afa57fe..a3cec7a 100644 --- a/src/mldsa_top/rtl/mldsa_ctrl.sv +++ b/src/mldsa_top/rtl/mldsa_ctrl.sv @@ -109,7 +109,6 @@ module mldsa_ctrl output logic [7:0][T1_COEFF_W-1:0] pkdecode_rd_data_o, input logic pkdecode_done_i, - output logic sigdecode_h_enable_o, output logic [SIGNATURE_H_VALID_NUM_BYTES-1:0][7:0] signature_h_o, input logic sigdecode_h_invalid_i, @@ -142,6 +141,7 @@ module mldsa_ctrl //assign appropriate data to msg interface logic [MLDSA_OPR_WIDTH-1:0] sampler_src; logic [15:0] sampler_src_offset; + logic [2:0] sampler_src_offset_f; logic [15:0] sampler_imm; logic [SEED_NUM_DWORDS-1 : 0][DATA_WIDTH-1:0] seed_reg; @@ -153,6 +153,8 @@ module mldsa_ctrl logic [15:0] kappa_reg; logic update_kappa; + logic [MsgWidth-1:0] msg_data, msg_data_nxt; + logic seq_en; logic [MLDSA_PROG_ADDR_W-1 : 0] prog_cntr, prog_cntr_nxt; mldsa_seq_instr_t instr; @@ -162,13 +164,14 @@ module mldsa_ctrl logic msg_done; logic [MsgStrbW-1:0] last_msg_strobe; logic [MLDSA_OPR_WIDTH-1:$clog2(MsgStrbW)] msg_cnt; - logic vld_cycle; + logic msg_hold; logic error_flag_edge; logic subcomponent_busy; logic sign_subcomponent_busy; mldsa_ctrl_fsm_state_e ctrl_fsm_ps, ctrl_fsm_ns; + logic msg_valid; mldsa_ctrl_fsm_state_e sign_ctrl_fsm_ps, sign_ctrl_fsm_ns; mldsa_reg__in_t mldsa_reg_hwif_in; @@ -216,11 +219,6 @@ module mldsa_ctrl always_comb zeroize = mldsa_reg_hwif_out.MLDSA_CTRL.ZEROIZE.value; always_comb begin // mldsa reg writing - for (int dword=0; dword < PUBKEY_NUM_DWORDS; dword++)begin - mldsa_reg_hwif_in.MLDSA_PUBKEY[dword].rd_ack = mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req & ~mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req_is_wr; //FIXME protect with key done - mldsa_reg_hwif_in.MLDSA_PUBKEY[dword].wr_ack = mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req & mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req_is_wr; //FIXME protect with busy - mldsa_reg_hwif_in.MLDSA_PUBKEY[dword].rd_data = publickey_reg.raw[PUBKEY_NUM_DWORDS-1-dword]; - end for (int dword=0; dword < SEED_NUM_DWORDS; dword++)begin seed_reg[dword] = mldsa_reg_hwif_out.MLDSA_SEED[SEED_NUM_DWORDS-1-dword].SEED.value; mldsa_reg_hwif_in.MLDSA_SEED[dword].SEED.we = '0; @@ -428,10 +426,12 @@ module mldsa_ctrl if (!rst_b) begin mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack <= 0; mldsa_reg_hwif_in.MLDSA_SIGNATURE.rd_ack <= 0; + mldsa_reg_hwif_in.MLDSA_PUBKEY.rd_ack <= 0; end else begin mldsa_reg_hwif_in.MLDSA_PRIVKEY_OUT.rd_ack <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr; mldsa_reg_hwif_in.MLDSA_SIGNATURE.rd_ack <= mldsa_reg_hwif_out.MLDSA_SIGNATURE.req & ~mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr; + mldsa_reg_hwif_in.MLDSA_PUBKEY.rd_ack <= mldsa_reg_hwif_out.MLDSA_PUBKEY.req & ~mldsa_reg_hwif_out.MLDSA_PUBKEY.req_is_wr; end end @@ -505,7 +505,7 @@ module mldsa_ctrl ({SIG_Z_MEM_ADDR_W{api_sig_z_we}} & api_sig_z_addr.addr); always_comb sig_z_ram_wstrobe = ({SIG_Z_MEM_WSTROBE_W{(sigencode_wr_req_i.rd_wr_en == RW_WRITE)}}) | - ({SIG_Z_MEM_WSTROBE_W{api_sig_z_we}} & ('hF << api_sig_z_addr.offset*32)); + ({SIG_Z_MEM_WSTROBE_W{api_sig_z_we}} & ('hF << api_sig_z_addr.offset*4)); always_comb sig_z_ram_wdata = ({SIG_Z_MEM_DATA_W{(sigencode_wr_req_i.rd_wr_en == RW_WRITE)}} & sigencode_wr_data_i) | @@ -559,18 +559,116 @@ module mldsa_ctrl end end - //HW read z + +//public key memory + logic pubkey_ram_we, pubkey_ram_re; + logic [PK_MEM_ADDR_W-1:0] pubkey_ram_waddr, pubkey_ram_raddr; + logic [PK_MEM_NUM_DWORDS-1:0][31:0] pubkey_ram_wdata, pubkey_ram_rdata; + logic [31:0][T1_COEFF_W-1:0] pubkey_ram_rdata_t1; + logic [PK_MEM_WSTROBE_W-1:0] pubkey_ram_wstrobe; + logic api_pubkey_dec, api_pubkey_rho_dec; + logic api_pubkey_re, api_pubkey_re_f, api_pubkey_we; + logic [PK_ADDR_W-1:0] api_pubkey_addr; + mldsa_pubkey_mem_addr_t api_pubkey_mem_addr; + mldsa_pubkey_mem_addr_t sampler_pubkey_mem_addr; + logic [PK_RHO_REG_ADDR_W-1:0] api_pk_rho_addr; + logic [DATA_WIDTH-1:0] pk_reg_rdata; + logic sampler_pk_rd_en, sampler_pk_rd_en_f, pkdecode_rd_en; + logic [1:0] pkdecode_rd_offset_f; + always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin - pkdecode_rd_data_o <= '0; + api_pubkey_re_f <= '0; + sampler_pk_rd_en_f <= '0; + sampler_src_offset_f <= '0; + pkdecode_rd_offset_f <= '0; end else begin - if (1) begin //fixme read enable or remove flop - pkdecode_rd_data_o <= publickey_reg.enc.t1[pkdecode_rd_addr_i*8 +: 8]; - end + api_pubkey_re_f <= api_pubkey_re; + sampler_pk_rd_en_f <= msg_hold ? sampler_pk_rd_en_f : sampler_pk_rd_en; + sampler_src_offset_f <= msg_hold ? sampler_src_offset_f : sampler_pubkey_mem_addr.offset[2:0]; + pkdecode_rd_offset_f <= pkdecode_rd_addr_i[1:0]; end end - //Public Key + always_comb api_pubkey_addr = PUBKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PUBKEY.addr[PK_ADDR_W+1:2]; + + always_comb api_pubkey_rho_dec = mldsa_ready & mldsa_reg_hwif_out.MLDSA_PUBKEY.req & api_pubkey_addr inside {[0:7]}; + always_comb api_pubkey_dec = mldsa_ready & mldsa_reg_hwif_out.MLDSA_PUBKEY.req & api_pubkey_addr inside {[8:PUBKEY_NUM_DWORDS-1]}; + + always_comb api_pubkey_mem_addr.addr = PK_MEM_ADDR_W'( (api_pubkey_addr - 8)/PK_MEM_NUM_DWORDS ); + always_comb api_pubkey_mem_addr.offset = (api_pubkey_addr - 8)%PK_MEM_NUM_DWORDS; //FIXME can this be done better? + + always_comb sampler_pubkey_mem_addr.addr = PK_MEM_ADDR_W'((sampler_src_offset- 4)/(PK_MEM_NUM_DWORDS/2)); + always_comb sampler_pubkey_mem_addr.offset = (sampler_src_offset- 4)%(PK_MEM_NUM_DWORDS/2); + always_comb api_pk_rho_addr = api_pubkey_addr[2:0]; + + always_comb mldsa_reg_hwif_in.MLDSA_PUBKEY.wr_ack = mldsa_reg_hwif_out.MLDSA_PUBKEY.req & mldsa_reg_hwif_out.MLDSA_PUBKEY.req_is_wr; + always_comb api_pubkey_we = api_pubkey_dec & mldsa_reg_hwif_in.MLDSA_PUBKEY.wr_ack; + + always_comb api_pubkey_re = api_pubkey_dec & ~mldsa_reg_hwif_out.MLDSA_PUBKEY.req_is_wr; + + `ABR_MEM_BE(64,320) + mldsa_pubkey_ram + ( + .clk_i(clk), + .we_i(pubkey_ram_we), + .waddr_i(pubkey_ram_waddr), + .wstrobe_i(pubkey_ram_wstrobe), + .wdata_i(pubkey_ram_wdata), + .re_i(pubkey_ram_re), + .raddr_i(pubkey_ram_raddr), + .rdata_o(pubkey_ram_rdata) + ); + + assign pubkey_ram_rdata_t1 = pubkey_ram_rdata; + + always_comb pkdecode_rd_en = instr.opcode.aux_en & (instr.opcode.mode.aux_mode == MLDSA_PKDECODE); + + always_comb sampler_pk_rd_en = (sampler_src == MLDSA_PK_REG_ID) & (sampler_src_offset inside {[4:342]}) & ~msg_hold; + + //read requests + always_comb pubkey_ram_re = sampler_pk_rd_en | pkdecode_rd_en | api_pubkey_re; + always_comb pubkey_ram_raddr = ({PK_MEM_ADDR_W{sampler_pk_rd_en}} & sampler_pubkey_mem_addr.addr) | + ({PK_MEM_ADDR_W{pkdecode_rd_en}} & pkdecode_rd_addr_i[PK_MEM_ADDR_W+1:2]) | + ({PK_MEM_ADDR_W{api_pubkey_re}} & api_pubkey_mem_addr.addr); + + always_comb begin + unique case (pkdecode_rd_offset_f[1:0]) + 2'b00: pkdecode_rd_data_o = pubkey_ram_rdata_t1[7:0]; + 2'b01: pkdecode_rd_data_o = pubkey_ram_rdata_t1[15:8]; + 2'b10: pkdecode_rd_data_o = pubkey_ram_rdata_t1[23:16]; + 2'b11: pkdecode_rd_data_o = pubkey_ram_rdata_t1[31:24]; + endcase + end + + always_comb mldsa_reg_hwif_in.MLDSA_PUBKEY.rd_data = api_pubkey_re_f ? pubkey_ram_rdata[api_pubkey_mem_addr.offset] : pk_reg_rdata; + + //write requests + always_comb pubkey_ram_we = (pk_t1_wren_i) | api_pubkey_we; + always_comb pubkey_ram_waddr = ({PK_MEM_ADDR_W{pk_t1_wren_i}} & pk_t1_wr_addr_i[PK_MEM_ADDR_W+1:2]) | + ({PK_MEM_ADDR_W{api_pubkey_we}} & api_pubkey_mem_addr.addr); + + always_comb pubkey_ram_wstrobe = ({PK_MEM_WSTROBE_W{pk_t1_wren_i}} & 'h3FF << pk_t1_wr_addr_i[1:0]*10) | + ({PK_MEM_WSTROBE_W{api_pubkey_we}} & ('hF << api_pubkey_mem_addr.offset*4)); + + + always_comb pubkey_ram_wdata = ({PK_MEM_DATA_W{pk_t1_wren_i}} & PK_MEM_DATA_W'(pk_t1_wrdata_i << pk_t1_wr_addr_i[1:0]*80)) | + ({PK_MEM_DATA_W{(api_pubkey_we)}} & PK_MEM_DATA_W'(mldsa_reg_hwif_out.MLDSA_SIGNATURE.wr_data << api_pubkey_mem_addr.offset*32)); + + + //pk reg read flop + always_ff @(posedge clk or negedge rst_b) begin + if (!rst_b) begin + pk_reg_rdata <= '0; + end else if (zeroize) begin + pk_reg_rdata <= '0; + end else begin + if (api_pubkey_rho_dec) + pk_reg_rdata <= publickey_reg.enc.rho[api_pk_rho_addr]; + end + end + + //Public Key rho always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin publickey_reg <= '0; @@ -580,19 +678,8 @@ module mldsa_ctrl //HW write rho if (sampler_state_dv_i & (instr.operand3 == MLDSA_DEST_K_RHO_REG_ID)) begin publickey_reg.enc.rho <= sampler_state_data_i[0][255:0]; - end else if (pk_t1_wren_i) begin - //HW write t1 - for (int coeff = 0; coeff < T1_NUM_COEFF; coeff++) begin - if ((pk_t1_wr_addr_i == coeff[10:3])) begin //pubkey t1 write interface - publickey_reg.enc.t1[coeff] <= pk_t1_wrdata_i[coeff[2:0]]; - end - end - end else if (mldsa_ready) begin - for (int dword = 0; dword < PUBKEY_NUM_DWORDS; dword++) begin - if (mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req & mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].req_is_wr) begin - publickey_reg.raw[PUBKEY_NUM_DWORDS-1-dword] <= mldsa_reg_hwif_out.MLDSA_PUBKEY[dword].wr_data; - end - end + end else if (mldsa_ready & api_pubkey_rho_dec & mldsa_reg_hwif_out.MLDSA_PUBKEY.req_is_wr) begin + publickey_reg.enc.rho[api_pk_rho_addr] <= mldsa_reg_hwif_out.MLDSA_PUBKEY.wr_data; end end end @@ -604,21 +691,34 @@ module mldsa_ctrl always_comb rho_reg = verifying_process ? publickey_reg.enc.rho : privatekey_reg.enc.rho; - always_comb begin : sampler_src_mux - unique case (sampler_src) inside - MLDSA_SEED_ID: msg_data_o[0] = msg_done ? {48'b0,sampler_imm} : {seed_reg[{sampler_src_offset[1:0],1'b1}],seed_reg[{sampler_src_offset[1:0],1'b0}]}; - MLDSA_RHO_ID: msg_data_o[0] = msg_done ? {48'b0,sampler_imm} : rho_reg[sampler_src_offset[1:0]]; - MLDSA_RHO_P_ID: msg_data_o[0] = msg_done ? {48'b0,sampler_imm} : rho_p_reg[sampler_src_offset[2:0]]; - MLDSA_TR_ID: msg_data_o[0] = privatekey_reg.enc.tr[sampler_src_offset[2:0]]; - MLDSA_MSG_ID: msg_data_o[0] = {msg_p_reg[{sampler_src_offset[3:0],1'b1}],msg_p_reg[{sampler_src_offset[3:0],1'b0}]}; - MLDSA_K_ID: msg_data_o[0] = privatekey_reg.enc.K[sampler_src_offset[1:0]]; - MLDSA_MU_ID: msg_data_o[0] = mu_reg[sampler_src_offset[2:0]]; - MLDSA_SIGN_RND_ID: msg_data_o[0] = {sign_rnd_reg[{sampler_src_offset[1:0],1'b1}],sign_rnd_reg[{sampler_src_offset[1:0],1'b0}]}; - MLDSA_RHO_P_KAPPA_ID: msg_data_o[0] = msg_done ? {48'b0,(kappa_reg + sampler_imm[2:0])} : rho_p_reg[sampler_src_offset[2:0]]; - MLDSA_SIG_C_REG_ID: msg_data_o[0] = {signature_reg.enc.c[{sampler_src_offset[2:0],1'b1}], signature_reg.enc.c[{sampler_src_offset[2:0],1'b0}]}; - MLDSA_PK_REG_ID: msg_data_o[0] = {publickey_reg.raw[{sampler_src_offset[8:0],1'b1}],publickey_reg.raw[{sampler_src_offset[8:0],1'b0}]}; - default: msg_data_o[0] = '0; - endcase + always_ff @(posedge clk or negedge rst_b) begin + if (!rst_b) begin + msg_data <= '0; + end else begin + if (msg_hold) begin + msg_data <= msg_data; + end else begin + unique case (sampler_src) inside + MLDSA_SEED_ID: msg_data <= msg_done ? {48'b0,sampler_imm} : {seed_reg[{sampler_src_offset[1:0],1'b1}],seed_reg[{sampler_src_offset[1:0],1'b0}]}; + MLDSA_RHO_ID: msg_data <= msg_done ? {48'b0,sampler_imm} : rho_reg[sampler_src_offset[1:0]]; + MLDSA_RHO_P_ID: msg_data <= msg_done ? {48'b0,sampler_imm} : rho_p_reg[sampler_src_offset[2:0]]; + MLDSA_TR_ID: msg_data <= privatekey_reg.enc.tr[sampler_src_offset[2:0]]; + MLDSA_MSG_ID: msg_data <= {msg_p_reg[{sampler_src_offset[3:0],1'b1}],msg_p_reg[{sampler_src_offset[3:0],1'b0}]}; + MLDSA_K_ID: msg_data <= privatekey_reg.enc.K[sampler_src_offset[1:0]]; + MLDSA_MU_ID: msg_data <= mu_reg[sampler_src_offset[2:0]]; + MLDSA_SIGN_RND_ID: msg_data <= {sign_rnd_reg[{sampler_src_offset[1:0],1'b1}],sign_rnd_reg[{sampler_src_offset[1:0],1'b0}]}; + MLDSA_RHO_P_KAPPA_ID: msg_data <= msg_done ? {48'b0,(kappa_reg + sampler_imm[2:0])} : rho_p_reg[sampler_src_offset[2:0]]; + MLDSA_SIG_C_REG_ID: msg_data <= {signature_reg.enc.c[{sampler_src_offset[2:0],1'b1}], signature_reg.enc.c[{sampler_src_offset[2:0],1'b0}]}; + MLDSA_PK_REG_ID: msg_data <= {publickey_reg.enc.rho[{sampler_src_offset[1:0],1'b1}],publickey_reg.raw[{sampler_src_offset[1:0],1'b0}]}; + default: msg_data <= '0; + endcase + end + end + end + + always_comb begin + msg_data_o[0] = sampler_pk_rd_en_f ? {pubkey_ram_rdata[{sampler_src_offset_f[2:0],1'b1}],pubkey_ram_rdata[{sampler_src_offset_f[2:0],1'b0}]} : + msg_data; end //If we're storing state directly into registers, do that here @@ -907,7 +1007,7 @@ module mldsa_ctrl //shift a zero into the strobe for each byte, and invert to get the valid bytes always_comb last_msg_strobe = ~(MsgStrbW'('1) << instr.length[$clog2(MsgStrbW)-1:0]); -always_comb vld_cycle = msg_valid_o & msg_rdy_i; +always_comb msg_hold = msg_valid_o & ~msg_rdy_i; //Done when msg count is equal to length //length is in bytes - compare against MSB from strobe width gets us the length in msg interface chunks @@ -916,13 +1016,21 @@ always_comb msg_done = msg_cnt >= instr.length[MLDSA_OPR_WIDTH-1:$clog2(MsgStrbW always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin msg_cnt <= 0; + msg_valid_o <= 0; + msg_strobe_o <= 0; end else if (zeroize) begin msg_cnt <= 0; + msg_valid_o <= 0; + msg_strobe_o <= 0; end else begin msg_cnt <= msg_done ? 'd0 : - vld_cycle ? msg_cnt + 'd1 : msg_cnt; + msg_hold ? msg_cnt : + msg_valid ? msg_cnt + 'd1 : msg_cnt; + msg_valid_o <= msg_hold ? msg_valid_o : msg_valid; + msg_strobe_o <= msg_hold ? msg_strobe_o : + msg_done ? last_msg_strobe : '1; end end @@ -933,8 +1041,7 @@ always_comb begin : primary_ctrl_fsm_out_combo ctrl_fsm_ns = ctrl_fsm_ps; sha3_start_o = 0; msg_start_o = 0; - msg_valid_o = 0; - msg_strobe_o = 0; + msg_valid = 0; sampler_start_o = 0; sampler_src = 0; sampler_imm = 0; @@ -966,15 +1073,12 @@ always_comb begin : primary_ctrl_fsm_out_combo msg_start_o = 1; end MLDSA_CTRL_MSG_LOAD: begin - msg_valid_o = 1; + msg_valid = 1; sampler_src = instr.operand1; sampler_imm = instr.imm; if (msg_done) begin - msg_strobe_o = last_msg_strobe; if (instr.opcode.sampler_en) ctrl_fsm_ns = MLDSA_CTRL_FUNC_START; else ctrl_fsm_ns = MLDSA_CTRL_MSG_WAIT; - end else begin - msg_strobe_o = '1; end end MLDSA_CTRL_MSG_WAIT: begin diff --git a/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv b/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv index ef57f8c..f6a6f89 100644 --- a/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv +++ b/src/mldsa_top/rtl/mldsa_ctrl_pkg.sv @@ -66,6 +66,16 @@ package mldsa_ctrl_pkg; localparam SIG_H_REG_ADDR_W = $clog2(SIGNATURE_H_NUM_DWORDS); localparam SIG_C_REG_ADDR_W = $clog2(SIGNATURE_C_NUM_DWORDS); + localparam PK_MEM_DEPTH = 64; + localparam PK_MEM_DATA_W = 320; + localparam PK_MEM_NUM_DWORDS = (PK_MEM_DATA_W)/32; + localparam PK_MEM_WSTROBE_W = PK_MEM_DATA_W/8; + localparam PK_ADDR_W = $clog2(PUBKEY_NUM_DWORDS); + localparam PK_MEM_ADDR_W = $clog2(PK_MEM_DEPTH); + localparam PK_MEM_OFFSET_W = $clog2(PK_MEM_DATA_W/32); + localparam PK_RHO_REG_ADDR_W = $clog2(8); //fixme + + typedef struct packed { logic [7:0][63:0] tr; logic [3:0][63:0] K; @@ -93,13 +103,17 @@ package mldsa_ctrl_pkg; } mldsa_signature_u; typedef struct packed { - logic [T1_NUM_COEFF-1:0][T1_COEFF_W-1:0] t1; + logic [PK_MEM_ADDR_W-1:0] addr; + logic [PK_MEM_OFFSET_W-1:0] offset; + } mldsa_pubkey_mem_addr_t; + + typedef struct packed { logic [7:0][31:0] rho; } mldsa_pubkey_t; typedef union packed { mldsa_pubkey_t enc; - logic [PUBKEY_NUM_DWORDS-1:0][31:0] raw; + logic [7:0][31:0] raw; } mldsa_pubkey_u; //FSM Controller for driving sampler diff --git a/src/mldsa_top/rtl/mldsa_reg.rdl b/src/mldsa_top/rtl/mldsa_reg.rdl index 12ee4f3..14a3f50 100644 --- a/src/mldsa_top/rtl/mldsa_reg.rdl +++ b/src/mldsa_top/rtl/mldsa_reg.rdl @@ -178,19 +178,16 @@ addrmap mldsa_reg { } MLDSA_VERIFY_RES[16]; /* ---- MLDSA Component Public Key ---- */ - external reg { + external mem { name = "MLDSA component public key register type definition"; desc = "648 32-bit registers storing the public key in big-endian representation. These registers are read by MLDSA user after keygen operation, or set before verifying operation."; - default sw = rw; - default hw = rw; - default we = true; - default resetsignal = reset_b; - field {desc = "Public key field"; swwe = mldsa_ready; hwclr;} PUBKEY[32] = 32'b0; - - } MLDSA_PUBKEY[648]; + sw = rw; + mementries = 648; + memwidth = 32; + } MLDSA_PUBKEY; /* ---- MLDSA Component Signature ---- */ external mem { diff --git a/src/mldsa_top/rtl/mldsa_reg.sv b/src/mldsa_top/rtl/mldsa_reg.sv index 50b9476..ab82da2 100644 --- a/src/mldsa_top/rtl/mldsa_reg.sv +++ b/src/mldsa_top/rtl/mldsa_reg.sv @@ -92,7 +92,7 @@ module mldsa_reg ( logic [8-1:0]MLDSA_SIGN_RND; logic [16-1:0]MLDSA_MSG; logic [16-1:0]MLDSA_VERIFY_RES; - logic [648-1:0]MLDSA_PUBKEY; + logic MLDSA_PUBKEY; logic MLDSA_SIGNATURE; logic MLDSA_PRIVKEY_OUT; logic MLDSA_PRIVKEY_IN; @@ -148,10 +148,8 @@ module mldsa_reg ( for(int i0=0; i0<16; i0++) begin decoded_reg_strb.MLDSA_VERIFY_RES[i0] = cpuif_req_masked & (cpuif_addr == 16'hd8 + i0*16'h4); end - for(int i0=0; i0<648; i0++) begin - decoded_reg_strb.MLDSA_PUBKEY[i0] = cpuif_req_masked & (cpuif_addr == 16'h118 + i0*16'h4); - is_external |= cpuif_req_masked & (cpuif_addr == 16'h118 + i0*16'h4); - end + decoded_reg_strb.MLDSA_PUBKEY = cpuif_req_masked & (cpuif_addr >= 16'h1000) & (cpuif_addr <= 16'h1000 + 16'ha1f); + is_external |= cpuif_req_masked & (cpuif_addr >= 16'h1000) & (cpuif_addr <= 16'h1000 + 16'ha1f); decoded_reg_strb.MLDSA_SIGNATURE = cpuif_req_masked & (cpuif_addr >= 16'h2000) & (cpuif_addr <= 16'h2000 + 16'h1213); is_external |= cpuif_req_masked & (cpuif_addr >= 16'h2000) & (cpuif_addr <= 16'h2000 + 16'h1213); decoded_reg_strb.MLDSA_PRIVKEY_OUT = cpuif_req_masked & (cpuif_addr >= 16'h4000) & (cpuif_addr <= 16'h4000 + 16'h131f); @@ -613,13 +611,11 @@ module mldsa_reg ( end assign hwif_out.MLDSA_VERIFY_RES[i0].VERIFY_RES.value = field_storage.MLDSA_VERIFY_RES[i0].VERIFY_RES.value; end - for(genvar i0=0; i0<648; i0++) begin - - assign hwif_out.MLDSA_PUBKEY[i0].req = decoded_reg_strb.MLDSA_PUBKEY[i0]; - assign hwif_out.MLDSA_PUBKEY[i0].req_is_wr = decoded_req_is_wr; - assign hwif_out.MLDSA_PUBKEY[i0].wr_data = decoded_wr_data; - assign hwif_out.MLDSA_PUBKEY[i0].wr_biten = decoded_wr_biten; - end + assign hwif_out.MLDSA_PUBKEY.req = decoded_reg_strb.MLDSA_PUBKEY; + assign hwif_out.MLDSA_PUBKEY.addr = decoded_addr[11:0]; + assign hwif_out.MLDSA_PUBKEY.req_is_wr = decoded_req_is_wr; + assign hwif_out.MLDSA_PUBKEY.wr_data = decoded_wr_data; + assign hwif_out.MLDSA_PUBKEY.wr_biten = decoded_wr_biten; assign hwif_out.MLDSA_SIGNATURE.req = decoded_reg_strb.MLDSA_SIGNATURE; assign hwif_out.MLDSA_SIGNATURE.addr = decoded_addr[12:0]; assign hwif_out.MLDSA_SIGNATURE.req_is_wr = decoded_req_is_wr; @@ -998,9 +994,7 @@ module mldsa_reg ( always_comb begin automatic logic wr_ack; wr_ack = '0; - for(int i0=0; i0<648; i0++) begin - wr_ack |= hwif_in.MLDSA_PUBKEY[i0].wr_ack; - end + wr_ack |= hwif_in.MLDSA_PUBKEY.wr_ack; wr_ack |= hwif_in.MLDSA_SIGNATURE.wr_ack; wr_ack |= hwif_in.MLDSA_PRIVKEY_OUT.wr_ack; wr_ack |= hwif_in.MLDSA_PRIVKEY_IN.wr_ack; @@ -1017,9 +1011,7 @@ module mldsa_reg ( always_comb begin automatic logic rd_ack; rd_ack = '0; - for(int i0=0; i0<648; i0++) begin - rd_ack |= hwif_in.MLDSA_PUBKEY[i0].rd_ack; - end + rd_ack |= hwif_in.MLDSA_PUBKEY.rd_ack; rd_ack |= hwif_in.MLDSA_SIGNATURE.rd_ack; rd_ack |= hwif_in.MLDSA_PRIVKEY_OUT.rd_ack; rd_ack |= hwif_in.MLDSA_PRIVKEY_IN.rd_ack; @@ -1035,7 +1027,7 @@ module mldsa_reg ( logic [31:0] readback_data; // Assign readback values to a flattened array - logic [685-1:0][31:0] readback_array; + logic [38-1:0][31:0] readback_array; for(genvar i0=0; i0<2; i0++) begin assign readback_array[i0*1 + 0][31:0] = (decoded_reg_strb.MLDSA_NAME[i0] && !decoded_req_is_wr) ? hwif_in.MLDSA_NAME[i0].NAME.next : '0; end @@ -1048,37 +1040,35 @@ module mldsa_reg ( for(genvar i0=0; i0<16; i0++) begin assign readback_array[i0*1 + 5][31:0] = (decoded_reg_strb.MLDSA_VERIFY_RES[i0] && !decoded_req_is_wr) ? field_storage.MLDSA_VERIFY_RES[i0].VERIFY_RES.value : '0; end - for(genvar i0=0; i0<648; i0++) begin - assign readback_array[i0*1 + 21] = hwif_in.MLDSA_PUBKEY[i0].rd_ack ? hwif_in.MLDSA_PUBKEY[i0].rd_data : '0; - end - assign readback_array[669] = hwif_in.MLDSA_SIGNATURE.rd_ack ? hwif_in.MLDSA_SIGNATURE.rd_data : '0; - assign readback_array[670] = hwif_in.MLDSA_PRIVKEY_OUT.rd_ack ? hwif_in.MLDSA_PRIVKEY_OUT.rd_data : '0; - assign readback_array[671] = hwif_in.MLDSA_PRIVKEY_IN.rd_ack ? hwif_in.MLDSA_PRIVKEY_IN.rd_data : '0; - assign readback_array[672][0:0] = (decoded_reg_strb.intr_block_rf.global_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.global_intr_en_r.error_en.value : '0; - assign readback_array[672][1:1] = (decoded_reg_strb.intr_block_rf.global_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.global_intr_en_r.notif_en.value : '0; - assign readback_array[672][31:2] = '0; - assign readback_array[673][0:0] = (decoded_reg_strb.intr_block_rf.error_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_intr_en_r.error_internal_en.value : '0; - assign readback_array[673][31:1] = '0; - assign readback_array[674][0:0] = (decoded_reg_strb.intr_block_rf.notif_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_intr_en_r.notif_cmd_done_en.value : '0; - assign readback_array[674][31:1] = '0; - assign readback_array[675][0:0] = (decoded_reg_strb.intr_block_rf.error_global_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_global_intr_r.agg_sts.value : '0; - assign readback_array[675][31:1] = '0; - assign readback_array[676][0:0] = (decoded_reg_strb.intr_block_rf.notif_global_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_global_intr_r.agg_sts.value : '0; - assign readback_array[676][31:1] = '0; - assign readback_array[677][0:0] = (decoded_reg_strb.intr_block_rf.error_internal_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_internal_intr_r.error_internal_sts.value : '0; - assign readback_array[677][31:1] = '0; - assign readback_array[678][0:0] = (decoded_reg_strb.intr_block_rf.notif_internal_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_internal_intr_r.notif_cmd_done_sts.value : '0; - assign readback_array[678][31:1] = '0; - assign readback_array[679][0:0] = (decoded_reg_strb.intr_block_rf.error_intr_trig_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_intr_trig_r.error_internal_trig.value : '0; - assign readback_array[679][31:1] = '0; - assign readback_array[680][0:0] = (decoded_reg_strb.intr_block_rf.notif_intr_trig_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_intr_trig_r.notif_cmd_done_trig.value : '0; - assign readback_array[680][31:1] = '0; - assign readback_array[681][31:0] = (decoded_reg_strb.intr_block_rf.error_internal_intr_count_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_internal_intr_count_r.cnt.value : '0; - assign readback_array[682][31:0] = (decoded_reg_strb.intr_block_rf.notif_cmd_done_intr_count_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_cmd_done_intr_count_r.cnt.value : '0; - assign readback_array[683][0:0] = (decoded_reg_strb.intr_block_rf.error_internal_intr_count_incr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_internal_intr_count_incr_r.pulse.value : '0; - assign readback_array[683][31:1] = '0; - assign readback_array[684][0:0] = (decoded_reg_strb.intr_block_rf.notif_cmd_done_intr_count_incr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_cmd_done_intr_count_incr_r.pulse.value : '0; - assign readback_array[684][31:1] = '0; + assign readback_array[21] = hwif_in.MLDSA_PUBKEY.rd_ack ? hwif_in.MLDSA_PUBKEY.rd_data : '0; + assign readback_array[22] = hwif_in.MLDSA_SIGNATURE.rd_ack ? hwif_in.MLDSA_SIGNATURE.rd_data : '0; + assign readback_array[23] = hwif_in.MLDSA_PRIVKEY_OUT.rd_ack ? hwif_in.MLDSA_PRIVKEY_OUT.rd_data : '0; + assign readback_array[24] = hwif_in.MLDSA_PRIVKEY_IN.rd_ack ? hwif_in.MLDSA_PRIVKEY_IN.rd_data : '0; + assign readback_array[25][0:0] = (decoded_reg_strb.intr_block_rf.global_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.global_intr_en_r.error_en.value : '0; + assign readback_array[25][1:1] = (decoded_reg_strb.intr_block_rf.global_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.global_intr_en_r.notif_en.value : '0; + assign readback_array[25][31:2] = '0; + assign readback_array[26][0:0] = (decoded_reg_strb.intr_block_rf.error_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_intr_en_r.error_internal_en.value : '0; + assign readback_array[26][31:1] = '0; + assign readback_array[27][0:0] = (decoded_reg_strb.intr_block_rf.notif_intr_en_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_intr_en_r.notif_cmd_done_en.value : '0; + assign readback_array[27][31:1] = '0; + assign readback_array[28][0:0] = (decoded_reg_strb.intr_block_rf.error_global_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_global_intr_r.agg_sts.value : '0; + assign readback_array[28][31:1] = '0; + assign readback_array[29][0:0] = (decoded_reg_strb.intr_block_rf.notif_global_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_global_intr_r.agg_sts.value : '0; + assign readback_array[29][31:1] = '0; + assign readback_array[30][0:0] = (decoded_reg_strb.intr_block_rf.error_internal_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_internal_intr_r.error_internal_sts.value : '0; + assign readback_array[30][31:1] = '0; + assign readback_array[31][0:0] = (decoded_reg_strb.intr_block_rf.notif_internal_intr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_internal_intr_r.notif_cmd_done_sts.value : '0; + assign readback_array[31][31:1] = '0; + assign readback_array[32][0:0] = (decoded_reg_strb.intr_block_rf.error_intr_trig_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_intr_trig_r.error_internal_trig.value : '0; + assign readback_array[32][31:1] = '0; + assign readback_array[33][0:0] = (decoded_reg_strb.intr_block_rf.notif_intr_trig_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_intr_trig_r.notif_cmd_done_trig.value : '0; + assign readback_array[33][31:1] = '0; + assign readback_array[34][31:0] = (decoded_reg_strb.intr_block_rf.error_internal_intr_count_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_internal_intr_count_r.cnt.value : '0; + assign readback_array[35][31:0] = (decoded_reg_strb.intr_block_rf.notif_cmd_done_intr_count_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_cmd_done_intr_count_r.cnt.value : '0; + assign readback_array[36][0:0] = (decoded_reg_strb.intr_block_rf.error_internal_intr_count_incr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.error_internal_intr_count_incr_r.pulse.value : '0; + assign readback_array[36][31:1] = '0; + assign readback_array[37][0:0] = (decoded_reg_strb.intr_block_rf.notif_cmd_done_intr_count_incr_r && !decoded_req_is_wr) ? field_storage.intr_block_rf.notif_cmd_done_intr_count_incr_r.pulse.value : '0; + assign readback_array[37][31:1] = '0; // Reduce the array always_comb begin @@ -1086,7 +1076,7 @@ module mldsa_reg ( readback_done = decoded_req & ~decoded_req_is_wr & ~decoded_strb_is_external; readback_err = '0; readback_data_var = '0; - for(int i=0; i<685; i++) readback_data_var |= readback_array[i]; + for(int i=0; i<38; i++) readback_data_var |= readback_array[i]; readback_data = readback_data_var; end diff --git a/src/mldsa_top/rtl/mldsa_reg_pkg.sv b/src/mldsa_top/rtl/mldsa_reg_pkg.sv index c7129bf..c94b9af 100644 --- a/src/mldsa_top/rtl/mldsa_reg_pkg.sv +++ b/src/mldsa_top/rtl/mldsa_reg_pkg.sv @@ -147,7 +147,7 @@ package mldsa_reg_pkg; mldsa_reg__MLDSA_SIGN_RND__in_t [8-1:0]MLDSA_SIGN_RND; mldsa_reg__MLDSA_MSG__in_t [16-1:0]MLDSA_MSG; mldsa_reg__MLDSA_VERIFY_RES__in_t [16-1:0]MLDSA_VERIFY_RES; - mldsa_reg__MLDSA_PUBKEY__external__in_t [648-1:0]MLDSA_PUBKEY; + mldsa_reg__MLDSA_PUBKEY__external__in_t MLDSA_PUBKEY; mldsa_reg__MLDSA_SIGNATURE__external__in_t MLDSA_SIGNATURE; mldsa_reg__MLDSA_PRIVKEY_OUT__external__in_t MLDSA_PRIVKEY_OUT; mldsa_reg__MLDSA_PRIVKEY_IN__external__in_t MLDSA_PRIVKEY_IN; @@ -209,6 +209,7 @@ package mldsa_reg_pkg; typedef struct packed{ logic req; + logic [11:0] addr; logic req_is_wr; logic [31:0] wr_data; logic [31:0] wr_biten; @@ -268,7 +269,7 @@ package mldsa_reg_pkg; mldsa_reg__MLDSA_SIGN_RND__out_t [8-1:0]MLDSA_SIGN_RND; mldsa_reg__MLDSA_MSG__out_t [16-1:0]MLDSA_MSG; mldsa_reg__MLDSA_VERIFY_RES__out_t [16-1:0]MLDSA_VERIFY_RES; - mldsa_reg__MLDSA_PUBKEY__external__out_t [648-1:0]MLDSA_PUBKEY; + mldsa_reg__MLDSA_PUBKEY__external__out_t MLDSA_PUBKEY; mldsa_reg__MLDSA_SIGNATURE__external__out_t MLDSA_SIGNATURE; mldsa_reg__MLDSA_PRIVKEY_OUT__external__out_t MLDSA_PRIVKEY_OUT; mldsa_reg__MLDSA_PRIVKEY_IN__external__out_t MLDSA_PRIVKEY_IN; diff --git a/src/mldsa_top/rtl/mldsa_reg_uvm.sv b/src/mldsa_top/rtl/mldsa_reg_uvm.sv index ded7e60..0e41ccc 100644 --- a/src/mldsa_top/rtl/mldsa_reg_uvm.sv +++ b/src/mldsa_top/rtl/mldsa_reg_uvm.sv @@ -284,33 +284,19 @@ package mldsa_reg_uvm; endfunction : build endclass : mldsa_reg__MLDSA_VERIFY_RES - // Reg - mldsa_reg::MLDSA_PUBKEY - class mldsa_reg__MLDSA_PUBKEY extends uvm_reg; - protected uvm_reg_data_t m_current; - protected uvm_reg_data_t m_data; - protected bit m_is_read; - - mldsa_reg__MLDSA_PUBKEY_bit_cg PUBKEY_bit_cg[32]; - mldsa_reg__MLDSA_PUBKEY_fld_cg fld_cg; - rand uvm_reg_field PUBKEY; - + // Mem - mldsa_reg::MLDSA_PUBKEY + class mldsa_reg__MLDSA_PUBKEY extends uvm_reg_block; + rand uvm_mem m_mem; + function new(string name = "mldsa_reg__MLDSA_PUBKEY"); - super.new(name, 32, build_coverage(UVM_CVR_ALL)); + super.new(name); endfunction : new - extern virtual function void sample_values(); - extern protected virtual function void sample(uvm_reg_data_t data, - uvm_reg_data_t byte_en, - bit is_read, - uvm_reg_map map); virtual function void build(); - this.PUBKEY = new("PUBKEY"); - this.PUBKEY.configure(this, 32, 0, "RW", 1, 'h0, 1, 1, 0); - if (has_coverage(UVM_CVR_REG_BITS)) begin - foreach(PUBKEY_bit_cg[bt]) PUBKEY_bit_cg[bt] = new(); - end - if (has_coverage(UVM_CVR_FIELD_VALS)) - fld_cg = new(); + this.default_map = create_map("reg_map", 0, 4.0, UVM_NO_ENDIAN); + this.m_mem = new("m_mem", 648, 32, "RW"); + this.m_mem.configure(this); + this.default_map.add_mem(this.m_mem, 0); endfunction : build endclass : mldsa_reg__MLDSA_PUBKEY @@ -858,7 +844,7 @@ package mldsa_reg_uvm; rand mldsa_reg__MLDSA_SIGN_RND MLDSA_SIGN_RND[8]; rand mldsa_reg__MLDSA_MSG MLDSA_MSG[16]; rand mldsa_reg__MLDSA_VERIFY_RES MLDSA_VERIFY_RES[16]; - rand mldsa_reg__MLDSA_PUBKEY MLDSA_PUBKEY[648]; + rand mldsa_reg__MLDSA_PUBKEY MLDSA_PUBKEY; rand mldsa_reg__MLDSA_SIGNATURE MLDSA_SIGNATURE; rand mldsa_reg__MLDSA_PRIVKEY_OUT MLDSA_PRIVKEY_OUT; rand mldsa_reg__MLDSA_PRIVKEY_IN MLDSA_PRIVKEY_IN; @@ -929,13 +915,10 @@ package mldsa_reg_uvm; this.MLDSA_VERIFY_RES[i0].build(); this.default_map.add_reg(this.MLDSA_VERIFY_RES[i0], 'hd8 + i0*'h4); end - foreach(this.MLDSA_PUBKEY[i0]) begin - this.MLDSA_PUBKEY[i0] = new($sformatf("MLDSA_PUBKEY[%0d]", i0)); - this.MLDSA_PUBKEY[i0].configure(this); - - this.MLDSA_PUBKEY[i0].build(); - this.default_map.add_reg(this.MLDSA_PUBKEY[i0], 'h118 + i0*'h4); - end + this.MLDSA_PUBKEY = new("MLDSA_PUBKEY"); + this.MLDSA_PUBKEY.configure(this); + this.MLDSA_PUBKEY.build(); + this.default_map.add_submap(this.MLDSA_PUBKEY.default_map, 'h1000); this.MLDSA_SIGNATURE = new("MLDSA_SIGNATURE"); this.MLDSA_SIGNATURE.configure(this); this.MLDSA_SIGNATURE.build(); diff --git a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_all_sequence.svh b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_all_sequence.svh index 1742637..32a80ca 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_all_sequence.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_all_sequence.svh @@ -112,8 +112,8 @@ class ML_DSA_randomized_all_sequence extends mldsa_bench_sequence_base; end // Reading MLDSA_PUBKEY register - foreach (reg_model.MLDSA_PUBKEY[i]) begin - reg_model.MLDSA_PUBKEY[i].read(status, data, UVM_FRONTDOOR, reg_model.default_map, this); + for(int i = 0; i < reg_model.MLDSA_PUBKEY.m_mem.get_size(); i++) begin + reg_model.MLDSA_PUBKEY.m_mem.read(status, i, data, UVM_FRONTDOOR, reg_model.default_map, this); if (status != UVM_IS_OK) begin `uvm_error("REG_READ", $sformatf("Failed to read MLDSA_PUBKEY[%0d]", i)); end else begin @@ -277,16 +277,6 @@ class ML_DSA_randomized_all_sequence extends mldsa_bench_sequence_base; ready = data[0]; end - // Writing MLDSA_PUBKEY register - foreach (reg_model.MLDSA_PUBKEY[i]) begin - reg_model.MLDSA_PUBKEY[i].write(status, PUBKEY[i], UVM_FRONTDOOR, reg_model.default_map, this); - if (status != UVM_IS_OK) begin - `uvm_error("REG_WRITE", $sformatf("Failed to write MLDSA_PUBKEY[%0d]", i)); - end else begin - `uvm_info("REG_WRITE", $sformatf("MLDSA_PUBKEY[%0d] written with %0h", i, PUBKEY[i]), UVM_LOW); - end - end - // Writing MLDSA_MSG register foreach (reg_model.MLDSA_MSG[i]) begin reg_model.MLDSA_MSG[i].write(status, MSG_IN[i], UVM_FRONTDOOR, reg_model.default_map, this); @@ -297,6 +287,16 @@ class ML_DSA_randomized_all_sequence extends mldsa_bench_sequence_base; end end + // Writing the PUBKEY into the MLDSA_PUBKEY register array + for (int i = 0; i < reg_model.MLDSA_PUBKEY.m_mem.get_size(); i++) begin + reg_model.MLDSA_PUBKEY.m_mem.write(status, i, PUBKEY[i], UVM_FRONTDOOR, reg_model.default_map, this); + if (status != UVM_IS_OK) begin + `uvm_error("REG_WRITE", $sformatf("Failed to write MLDSA_PUBKEY[%0d]", i)); + end else begin + `uvm_info("REG_WRITE", $sformatf("MLDSA_PUBKEY[%0d] written with %0h", i, PUBKEY[i]), UVM_LOW); + end + end + // Writing the SIGNATURE into the MLDSA_SIGNATURE register array for (int i = 0; i < reg_model.MLDSA_SIGNATURE.m_mem.get_size(); i++) begin reg_model.MLDSA_SIGNATURE.m_mem.write(status, i, SIGNATURE[i], UVM_FRONTDOOR, reg_model.default_map, this); diff --git a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_key_gen_and_sign_sequence.svh b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_key_gen_and_sign_sequence.svh index 3b9076a..2633674 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_key_gen_and_sign_sequence.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_key_gen_and_sign_sequence.svh @@ -151,8 +151,8 @@ class ML_DSA_randomized_key_gen_and_sign_sequence extends mldsa_bench_sequence_b end // Reading MLDSA_PUBKEY register - foreach (reg_model.MLDSA_PUBKEY[i]) begin - reg_model.MLDSA_PUBKEY[i].read(status, data, UVM_FRONTDOOR, reg_model.default_map, this); + for(int i = 0; i < reg_model.MLDSA_PUBKEY.m_mem.get_size(); i++) begin + reg_model.MLDSA_PUBKEY.m_mem.read(status, i, data, UVM_FRONTDOOR, reg_model.default_map, this); if (status != UVM_IS_OK) begin `uvm_error("REG_READ", $sformatf("Failed to read MLDSA_PUBKEY[%0d]", i)); end else begin diff --git a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_key_gen_sequence.svh b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_key_gen_sequence.svh index a2b7bd4..f3b3e7c 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_key_gen_sequence.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_key_gen_sequence.svh @@ -91,8 +91,8 @@ class ML_DSA_randomized_key_gen_sequence extends mldsa_bench_sequence_base; end // Reading MLDSA_PUBKEY register - foreach (reg_model.MLDSA_PUBKEY[i]) begin - reg_model.MLDSA_PUBKEY[i].read(status, data, UVM_FRONTDOOR, reg_model.default_map, this); + for(int i = 0; i < reg_model.MLDSA_PUBKEY.m_mem.get_size(); i++) begin + reg_model.MLDSA_PUBKEY.m_mem.read(status, i, data, UVM_FRONTDOOR, reg_model.default_map, this); if (status != UVM_IS_OK) begin `uvm_error("REG_READ", $sformatf("Failed to read MLDSA_PUBKEY[%0d]", i)); end else begin diff --git a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_verif_sequence.svh b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_verif_sequence.svh index 48c763c..6434baf 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_verif_sequence.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/ML_DSA_randomized_verif_sequence.svh @@ -93,14 +93,14 @@ class ML_DSA_randomized_verif_sequence extends mldsa_bench_sequence_base; read_line(fd, 1224, SK); $fclose(fd); - // Writing MLDSA_PUBKEY register - foreach (reg_model.MLDSA_PUBKEY[i]) begin - reg_model.MLDSA_PUBKEY[i].write(status, PK[i], UVM_FRONTDOOR, reg_model.default_map, this); - if (status != UVM_IS_OK) begin - `uvm_error("REG_WRITE", $sformatf("Failed to write MLDSA_PUBKEY[%0d]", i)); - end else begin - `uvm_info("REG_WRITE", $sformatf("MLDSA_PUBKEY[%0d] written with %0h", i, PK[i]), UVM_LOW); - end + // Writing the SK into the MLDSA_PUBKEY register array + for (int i = 0; i < reg_model.MLDSA_PUBKEY.m_mem.get_size(); i++) begin + reg_model.MLDSA_PUBKEY.m_mem.write(status, i, PK[i], UVM_FRONTDOOR, reg_model.default_map, this); + if (status != UVM_IS_OK) begin + `uvm_error("REG_WRITE", $sformatf("Failed to write MLDSA_PUBKEY[%0d]", i)); + end else begin + `uvm_info("REG_WRITE", $sformatf("MLDSA_PUBKEY[%0d] written with %0h", i, SK[i]), UVM_LOW); + end end //========================================================= diff --git a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/example_derived_test_sequence.svh b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/example_derived_test_sequence.svh index 5a4f804..32b1733 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/example_derived_test_sequence.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/project_benches/mldsa/tb/sequences/src/example_derived_test_sequence.svh @@ -93,14 +93,14 @@ class example_derived_test_sequence extends mldsa_bench_sequence_base; end // Reading MLDSA_PUBKEY register - foreach (reg_model.MLDSA_PUBKEY[i]) begin - reg_model.MLDSA_PUBKEY[i].read(status, data, UVM_FRONTDOOR, reg_model.default_map, this); - if (status != UVM_IS_OK) begin - `uvm_error("REG_READ", $sformatf("Failed to read MLDSA_PUBKEY[%0d]", i)); - end else begin - `uvm_info("REG_READ", $sformatf("MLDSA_PUBKEY[%0d]: %0h", i, data), UVM_LOW); - end - end + //foreach (reg_model.MLDSA_PUBKEY[i]) begin + // reg_model.MLDSA_PUBKEY[i].read(status, data, UVM_FRONTDOOR, reg_model.default_map, this); + // if (status != UVM_IS_OK) begin + // `uvm_error("REG_READ", $sformatf("Failed to read MLDSA_PUBKEY[%0d]", i)); + // end else begin + // `uvm_info("REG_READ", $sformatf("MLDSA_PUBKEY[%0d]: %0h", i, data), UVM_LOW); + // end + //end // Reading MLDSA_PRIVKEY_OUT register //foreach (reg_model.MLDSA_PRIVKEY_OUT[i]) begin diff --git a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_covergroups.svh b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_covergroups.svh index e26eff0..52c4245 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_covergroups.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_covergroups.svh @@ -199,26 +199,6 @@ endgroup - /*----------------------- MLDSA_REG__MLDSA_PUBKEY COVERGROUPS -----------------------*/ - covergroup mldsa_reg__MLDSA_PUBKEY_bit_cg with function sample(input bit reg_bit); - option.per_instance = 1; - reg_bit_cp : coverpoint reg_bit { - bins value[2] = {0,1}; - } - reg_bit_edge_cp : coverpoint reg_bit { - bins rise = (0 => 1); - bins fall = (1 => 0); - } - - endgroup - covergroup mldsa_reg__MLDSA_PUBKEY_fld_cg with function sample( - input bit [32-1:0] PUBKEY - ); - option.per_instance = 1; - PUBKEY_cp : coverpoint PUBKEY; - - endgroup - /*----------------------- MLDSA_REG__INTR_BLOCK_T__GLOBAL_INTR_EN_T COVERGROUPS -----------------------*/ covergroup mldsa_reg__intr_block_t__global_intr_en_t_bit_cg with function sample(input bit reg_bit); option.per_instance = 1; diff --git a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_sample.svh b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_sample.svh index 4025ea0..2f6d99c 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_sample.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_sample.svh @@ -244,31 +244,6 @@ end endfunction - /*----------------------- MLDSA_REG__MLDSA_PUBKEY SAMPLE FUNCTIONS -----------------------*/ - function void mldsa_reg__MLDSA_PUBKEY::sample(uvm_reg_data_t data, - uvm_reg_data_t byte_en, - bit is_read, - uvm_reg_map map); - m_current = get(); - m_data = data; - m_is_read = is_read; - if (get_coverage(UVM_CVR_REG_BITS)) begin - foreach(PUBKEY_bit_cg[bt]) this.PUBKEY_bit_cg[bt].sample(data[0 + bt]); - end - if (get_coverage(UVM_CVR_FIELD_VALS)) begin - this.fld_cg.sample( data[31:0]/*PUBKEY*/ ); - end - endfunction - - function void mldsa_reg__MLDSA_PUBKEY::sample_values(); - if (get_coverage(UVM_CVR_REG_BITS)) begin - foreach(PUBKEY_bit_cg[bt]) this.PUBKEY_bit_cg[bt].sample(PUBKEY.get_mirrored_value() >> bt); - end - if (get_coverage(UVM_CVR_FIELD_VALS)) begin - this.fld_cg.sample( PUBKEY.get_mirrored_value() ); - end - endfunction - /*----------------------- MLDSA_REG__INTR_BLOCK_T__GLOBAL_INTR_EN_T SAMPLE FUNCTIONS -----------------------*/ function void mldsa_reg__intr_block_t__global_intr_en_t::sample(uvm_reg_data_t data, uvm_reg_data_t byte_en, diff --git a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_uvm.sv b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_uvm.sv index ded7e60..0e41ccc 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_uvm.sv +++ b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/registers/mldsa_reg_uvm.sv @@ -284,33 +284,19 @@ package mldsa_reg_uvm; endfunction : build endclass : mldsa_reg__MLDSA_VERIFY_RES - // Reg - mldsa_reg::MLDSA_PUBKEY - class mldsa_reg__MLDSA_PUBKEY extends uvm_reg; - protected uvm_reg_data_t m_current; - protected uvm_reg_data_t m_data; - protected bit m_is_read; - - mldsa_reg__MLDSA_PUBKEY_bit_cg PUBKEY_bit_cg[32]; - mldsa_reg__MLDSA_PUBKEY_fld_cg fld_cg; - rand uvm_reg_field PUBKEY; - + // Mem - mldsa_reg::MLDSA_PUBKEY + class mldsa_reg__MLDSA_PUBKEY extends uvm_reg_block; + rand uvm_mem m_mem; + function new(string name = "mldsa_reg__MLDSA_PUBKEY"); - super.new(name, 32, build_coverage(UVM_CVR_ALL)); + super.new(name); endfunction : new - extern virtual function void sample_values(); - extern protected virtual function void sample(uvm_reg_data_t data, - uvm_reg_data_t byte_en, - bit is_read, - uvm_reg_map map); virtual function void build(); - this.PUBKEY = new("PUBKEY"); - this.PUBKEY.configure(this, 32, 0, "RW", 1, 'h0, 1, 1, 0); - if (has_coverage(UVM_CVR_REG_BITS)) begin - foreach(PUBKEY_bit_cg[bt]) PUBKEY_bit_cg[bt] = new(); - end - if (has_coverage(UVM_CVR_FIELD_VALS)) - fld_cg = new(); + this.default_map = create_map("reg_map", 0, 4.0, UVM_NO_ENDIAN); + this.m_mem = new("m_mem", 648, 32, "RW"); + this.m_mem.configure(this); + this.default_map.add_mem(this.m_mem, 0); endfunction : build endclass : mldsa_reg__MLDSA_PUBKEY @@ -858,7 +844,7 @@ package mldsa_reg_uvm; rand mldsa_reg__MLDSA_SIGN_RND MLDSA_SIGN_RND[8]; rand mldsa_reg__MLDSA_MSG MLDSA_MSG[16]; rand mldsa_reg__MLDSA_VERIFY_RES MLDSA_VERIFY_RES[16]; - rand mldsa_reg__MLDSA_PUBKEY MLDSA_PUBKEY[648]; + rand mldsa_reg__MLDSA_PUBKEY MLDSA_PUBKEY; rand mldsa_reg__MLDSA_SIGNATURE MLDSA_SIGNATURE; rand mldsa_reg__MLDSA_PRIVKEY_OUT MLDSA_PRIVKEY_OUT; rand mldsa_reg__MLDSA_PRIVKEY_IN MLDSA_PRIVKEY_IN; @@ -929,13 +915,10 @@ package mldsa_reg_uvm; this.MLDSA_VERIFY_RES[i0].build(); this.default_map.add_reg(this.MLDSA_VERIFY_RES[i0], 'hd8 + i0*'h4); end - foreach(this.MLDSA_PUBKEY[i0]) begin - this.MLDSA_PUBKEY[i0] = new($sformatf("MLDSA_PUBKEY[%0d]", i0)); - this.MLDSA_PUBKEY[i0].configure(this); - - this.MLDSA_PUBKEY[i0].build(); - this.default_map.add_reg(this.MLDSA_PUBKEY[i0], 'h118 + i0*'h4); - end + this.MLDSA_PUBKEY = new("MLDSA_PUBKEY"); + this.MLDSA_PUBKEY.configure(this); + this.MLDSA_PUBKEY.build(); + this.default_map.add_submap(this.MLDSA_PUBKEY.default_map, 'h1000); this.MLDSA_SIGNATURE = new("MLDSA_SIGNATURE"); this.MLDSA_SIGNATURE.configure(this); this.MLDSA_SIGNATURE.build(); diff --git a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/src/mldsa_predictor.svh b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/src/mldsa_predictor.svh index 4110bfc..0c85dcc 100644 --- a/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/src/mldsa_predictor.svh +++ b/src/mldsa_top/uvmf/uvmf_template_output/verification_ip/environment_packages/mldsa_env_pkg/src/mldsa_predictor.svh @@ -125,10 +125,10 @@ class mldsa_predictor #( // of DUT output values based on DUT input, configuration and state virtual function void write_ahb_slave_0_ae(mvc_sequence_item_base _t); logic [31:0] written_value, expected_value; - uvm_reg_addr_t privkey_out_base_addr, privkey_in_base_addr, signature_base_addr; - uvm_reg_addr_t privkey_out_size, privkey_in_size, signature_size; + uvm_reg_addr_t privkey_out_base_addr, privkey_in_base_addr, signature_base_addr, pubkey_base_addr; + uvm_reg_addr_t privkey_out_size, privkey_in_size, signature_size, pubkey_size; uvm_reg_addr_t reg_addr; - uvm_mem privkey_out_mem, privkey_in_mem, signature_mem; + uvm_mem privkey_out_mem, privkey_in_mem, signature_mem, pubkey_mem; uvm_reg reg_obj; bit MEM_range_true; // pragma uvmf custom ahb_slave_0_ae_predictor begin @@ -192,12 +192,26 @@ class mldsa_predictor #( `uvm_fatal("PRED_AHB", "Could not retrieve MLDSA_SIGNATURE memory from sub-map") end + // Retrieve base address and memory object for MLDSA_PUBKEY + pubkey_base_addr = p_mldsa_rm.default_map.get_submap_offset(p_mldsa_rm.MLDSA_PUBKEY.default_map); + pubkey_mem = p_mldsa_rm.default_map.get_mem_by_offset(pubkey_base_addr); + pubkey_size = uvm_reg_addr_t'(pubkey_mem.get_size()); + + // Check if MLDSA_PUBKEY memory is correctly retrieved + if (pubkey_mem != null) begin + //`uvm_info("PRED_AHB", $sformatf("MLDSA_PUBKEY: Base Addr = 0x%0h, Size = %0d", pubkey_base_addr, pubkey_size), UVM_LOW) + end + else begin + `uvm_fatal("PRED_AHB", "Could not retrieve MLDSA_PUBKEY memory from sub-map") + end reg_addr = t.address; MEM_range_true = (reg_addr >= privkey_in_base_addr && reg_addr < privkey_in_base_addr + privkey_in_size * 4) || (reg_addr >= privkey_out_base_addr && reg_addr < privkey_out_base_addr + privkey_out_size * 4) || - (reg_addr >= signature_base_addr && reg_addr < signature_base_addr + signature_size * 4); + (reg_addr >= signature_base_addr && reg_addr < signature_base_addr + signature_size * 4) + || + (reg_addr >= pubkey_base_addr && reg_addr < pubkey_base_addr + pubkey_size * 4); //=========================================================================================== if (t.RnW == 1'b1) begin // write @@ -225,11 +239,11 @@ class mldsa_predictor #( SK[idx] = t.data[0][31:0]; //`uvm_info("PRED_AHB", $sformatf("Writing to MLDSA_PRIVKEY_IN: Addr = 0x%0h, Data = 0x%0h", reg_addr, t.data[0][31:0]), UVM_LOW) end - else if (reg_addr >= p_mldsa_rm.MLDSA_PUBKEY[0].get_address(p_mldsa_map) && - reg_addr <= p_mldsa_rm.MLDSA_PUBKEY[$size(p_mldsa_rm.MLDSA_PUBKEY)-1].get_address(p_mldsa_map)) begin - base_addr = p_mldsa_rm.MLDSA_PUBKEY[0].get_address(p_mldsa_map); - idx = (reg_addr - base_addr) / 4; + // Accessing data in MLDSA_PUBKEY + else if (reg_addr >= pubkey_base_addr && reg_addr < pubkey_base_addr + pubkey_size * 4) begin + idx = (reg_addr - pubkey_base_addr) / 4; PK[idx] = t.data[0][31:0]; + //`uvm_info("PRED_AHB", $sformatf("Writing to MLDSA_PUBKEY: Addr = 0x%0h, Data = 0x%0h", reg_addr, t.data[0][31:0]), UVM_LOW) end // Accessing data in MLDSA_SIGNATURE else if (reg_addr >= signature_base_addr && reg_addr < signature_base_addr + signature_size * 4) begin @@ -258,19 +272,8 @@ class mldsa_predictor #( uvm_reg_addr_t base_addr; // uvm_reg_addr_t reg_addr = t.address; int idx; - if (reg_addr >= p_mldsa_rm.MLDSA_PUBKEY[0].get_address(p_mldsa_map) && - reg_addr <= p_mldsa_rm.MLDSA_PUBKEY[$size(p_mldsa_rm.MLDSA_PUBKEY)-1].get_address(p_mldsa_map)) begin - base_addr = p_mldsa_rm.MLDSA_PUBKEY[0].get_address(p_mldsa_map); - idx = (reg_addr - base_addr) / 4; - if (idx < $size(PK)) begin - t.data[0][31:0] = PK[idx]; - end - else begin - `uvm_error("PRED_AHB", "Public key read out of bounds") - end - end // Accessing data in MLDSA_PRIVKEY_OUT - else if (reg_addr >= privkey_out_base_addr && reg_addr < privkey_out_base_addr + privkey_out_size * 4) begin + if (reg_addr >= privkey_out_base_addr && reg_addr < privkey_out_base_addr + privkey_out_size * 4) begin idx = (reg_addr - privkey_out_base_addr) / 4; if (idx < privkey_out_size) begin t.data[0][31:0] = SK[idx]; // Example read from SK @@ -280,6 +283,17 @@ class mldsa_predictor #( `uvm_error("PRED_AHB", "Private key out read out of bounds") end end + // Accessing data in MLDSA_PUBKEY + else if (reg_addr >= pubkey_base_addr && reg_addr < pubkey_base_addr + pubkey_size * 4) begin + idx = (reg_addr - pubkey_base_addr) / 4; + if (idx < pubkey_size) begin + t.data[0][31:0] = PK[idx]; // Example read from SIG + //`uvm_info("PRED_AHB", $sformatf("Reading from MLDSA_PUBKEY: Addr = 0x%0h, Data = 0x%0h", reg_addr, t.data[0][31:0]), UVM_LOW) + end + else begin + `uvm_error("PRED_AHB", "Pubkey read out of bounds") + end + end // Accessing data in MLDSA_SIGNATURE else if (reg_addr >= signature_base_addr && reg_addr < signature_base_addr + signature_size * 4) begin idx = (reg_addr - signature_base_addr) / 4; @@ -571,9 +585,9 @@ class mldsa_predictor #( //foreach (p_mldsa_rm.MLDSA_PRIVKEY_IN[i]) begin // p_mldsa_rm.MLDSA_PRIVKEY_IN[i].set(zero_value); //end - foreach (p_mldsa_rm.MLDSA_PUBKEY[i]) begin - p_mldsa_rm.MLDSA_PUBKEY[i].set(zero_value); - end + //foreach (p_mldsa_rm.MLDSA_PUBKEY[i]) begin + // p_mldsa_rm.MLDSA_PUBKEY[i].set(zero_value); + //end //foreach (p_mldsa_rm.MLDSA_SIGNATURE[i]) begin // p_mldsa_rm.MLDSA_SIGNATURE[i].set(zero_value); //end From 998fa02637cec8dd1ea069b7b9e495368df1d08a Mon Sep 17 00:00:00 2001 From: Emre Karabulut Date: Mon, 30 Sep 2024 11:28:51 -0700 Subject: [PATCH 07/10] manually merged with Mike's piso_exp and added FPGA ifdefs --- src/abr_libs/rtl/abr_1r1w_512x4_ram.sv | 5 + src/abr_libs/rtl/abr_1r1w_be_ram.sv | 103 ++- src/abr_libs/rtl/abr_1r1w_ram.sv | 52 +- src/abr_libs/rtl/abr_piso.sv | 59 +- src/abr_prim/rtl/abr_prim_count.sv | 1 + src/abr_prim/rtl/abr_prim_intr_hw.sv | 3 +- src/abr_prim/rtl/abr_prim_sparse_fsm_flop.sv | 1 + src/abr_sha3/rtl/abr_keccak_2share.sv | 1 + src/abr_sha3/rtl/abr_keccak_round.sv | 1 + src/abr_sha3/rtl/abr_sha3.sv | 1 + src/abr_sha3/rtl/abr_sha3pad.sv | 1 + .../rtl/mldsa_sampler_top.sv | 136 ++-- src/mldsa_top/rtl/config_defines.svh | 4 + src/mldsa_top/rtl/mldsa_ctrl.sv | 49 +- src/mldsa_top/rtl/mldsa_reg.sv | 2 + src/mldsa_top/rtl/mldsa_seq_prim.sv | 644 +++++++++--------- src/mldsa_top/rtl/mldsa_seq_sec.sv | 417 +++++++----- src/mldsa_top/rtl/mldsa_top.sv | 15 + src/sample_in_ball/rtl/sample_in_ball_ctrl.sv | 6 +- 19 files changed, 868 insertions(+), 633 deletions(-) diff --git a/src/abr_libs/rtl/abr_1r1w_512x4_ram.sv b/src/abr_libs/rtl/abr_1r1w_512x4_ram.sv index 58519b9..0b46ee1 100644 --- a/src/abr_libs/rtl/abr_1r1w_512x4_ram.sv +++ b/src/abr_libs/rtl/abr_1r1w_512x4_ram.sv @@ -11,6 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. +`include "config_defines.svh" module abr_1r1w_512x4_ram #( parameter DEPTH = 512 @@ -30,7 +31,11 @@ module abr_1r1w_512x4_ram #( ); //storage element +`ifndef RV_FPGA_OPTIMIZE logic [DEPTH-1:0][DATA_WIDTH-1:0] ram; +`else + (* ram_style = "block" *) logic [DATA_WIDTH-1:0] ram [DEPTH-1:0]; +`endif always @(posedge clk_i) begin if (we_i) begin diff --git a/src/abr_libs/rtl/abr_1r1w_be_ram.sv b/src/abr_libs/rtl/abr_1r1w_be_ram.sv index 2e8566a..6c77299 100644 --- a/src/abr_libs/rtl/abr_1r1w_be_ram.sv +++ b/src/abr_libs/rtl/abr_1r1w_be_ram.sv @@ -11,7 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - +`include "config_defines.svh" module abr_1r1w_be_ram #( parameter DEPTH = 64 ,parameter DATA_WIDTH = 32 @@ -30,8 +30,46 @@ module abr_1r1w_be_ram #( output logic [DATA_WIDTH-1:0] rdata_o ); +`ifdef RV_FPGA_OPTIMIZE + + + logic [DATA_WIDTH-1:0] flattened_wdata; + + // Create a flattened version of the wdata_i using always_comb + always_comb begin + flattened_wdata = '0; // Initialize to zero + for (int i = 0; i < (DATA_WIDTH/STROBE_WIDTH); i++) begin + flattened_wdata[i*STROBE_WIDTH +: STROBE_WIDTH] = wdata_i[i]; + end + end + + // Instantiation of the dual-port byte-write RAM + bytewrite_tdp_ram_rf #( + .NUM_COL(DATA_WIDTH / STROBE_WIDTH), // Number of columns (bytes) + .COL_WIDTH(STROBE_WIDTH), // Width of each column (byte width) + .ADDR_WIDTH(ADDR_WIDTH), // Address width + .DATA_WIDTH(DATA_WIDTH), // Data width (total) + .DEPTH(DEPTH) + ) bytewrite_ram_inst ( + .clkA(clk_i), // Clock for Port A (write) + .enaA(we_i), // Enable for Port A (write enable) + .weA(wstrobe_i), // Byte-wise write enable for Port A + .addrA(waddr_i), // Address for Port A (write) + .dinA(flattened_wdata), // Data input for Port A (flattened) + .doutA(), // Data output for Port A (unused in write-only) + + .clkB(clk_i), // Clock for Port B (read) + .enaB(re_i), // Enable for Port B (read enable) + .weB({(DATA_WIDTH/STROBE_WIDTH){1'b0}}), // No write enable for Port B + .addrB(raddr_i), // Address for Port B (read) + .dinB({DATA_WIDTH{1'b0}}), // No data input for Port B + .doutB(rdata_o) // Data output for Port B (read data) + ); + +`else + //storage element - logic [(DATA_WIDTH/STROBE_WIDTH)-1:0][STROBE_WIDTH-1:0] ram [DEPTH-1:0]; + logic [(DATA_WIDTH/STROBE_WIDTH)-1:0][STROBE_WIDTH-1:0] ram [DEPTH-1:0]; always @(posedge clk_i) begin if (we_i) begin @@ -48,4 +86,65 @@ module abr_1r1w_be_ram #( end end + +`endif + + +endmodule + +`ifdef RV_FPGA_OPTIMIZE + +module bytewrite_tdp_ram_rf #( + parameter NUM_COL = 4, // Number of columns (bytes) + parameter COL_WIDTH = 8, // Width of each column (byte) + parameter ADDR_WIDTH = 10, // Address width + parameter DATA_WIDTH = NUM_COL * COL_WIDTH, // Data width (total) + parameter DEPTH = 64 +) ( + input wire clkA, // Clock for Port A + input wire enaA, // Enable for Port A + input wire [NUM_COL-1:0] weA, // Write enable for Port A (byte-wise) + input wire [ADDR_WIDTH-1:0] addrA, // Address for Port A + input wire [DATA_WIDTH-1:0] dinA, // Data input for Port A + output reg [DATA_WIDTH-1:0] doutA, // Data output for Port A + + input wire clkB, // Clock for Port B + input wire enaB, // Enable for Port B + input wire [NUM_COL-1:0] weB, // Write enable for Port B (byte-wise) + input wire [ADDR_WIDTH-1:0] addrB, // Address for Port B + input wire [DATA_WIDTH-1:0] dinB, // Data input for Port B + output reg [DATA_WIDTH-1:0] doutB // Data output for Port B +); + + // Core memory storage (True Dual Port) + (* ram_style = "block" *) reg [DATA_WIDTH-1:0] ram_block [DEPTH-1:0]; // Memory array + + integer i; + + // Port A Operations + always @(posedge clkA) begin + if (enaA) begin + for (i = 0; i < NUM_COL; i = i + 1) begin + if (weA[i]) begin + ram_block[addrA][i*COL_WIDTH +: COL_WIDTH] <= dinA[i*COL_WIDTH +: COL_WIDTH]; // Write byte + end + end + doutA <= ram_block[addrA]; // Read operation (read-first) + end + end + + // Port B Operations + always @(posedge clkB) begin + if (enaB) begin + for (i = 0; i < NUM_COL; i = i + 1) begin + if (weB[i]) begin + ram_block[addrB][i*COL_WIDTH +: COL_WIDTH] <= dinB[i*COL_WIDTH +: COL_WIDTH]; // Write byte + end + end + doutB <= ram_block[addrB]; // Read operation (read-first) + end + end + endmodule + +`endif diff --git a/src/abr_libs/rtl/abr_1r1w_ram.sv b/src/abr_libs/rtl/abr_1r1w_ram.sv index 1268323..81f90d5 100644 --- a/src/abr_libs/rtl/abr_1r1w_ram.sv +++ b/src/abr_libs/rtl/abr_1r1w_ram.sv @@ -1,17 +1,5 @@ -// SPDX-License-Identifier: Apache-2.0 -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - +`include "config_defines.svh" +`ifndef RV_FPGA_OPTIMIZE module abr_1r1w_ram #( parameter DEPTH = 64 ,parameter DATA_WIDTH = 32 @@ -45,3 +33,39 @@ module abr_1r1w_ram #( end endmodule + +`else +module abr_1r1w_ram #( + parameter DEPTH = 64 + ,parameter DATA_WIDTH = 32 + ,parameter ADDR_WIDTH = $clog2(DEPTH) + + ) + ( + input logic clk_i, + + input logic we_i, + input logic [ADDR_WIDTH-1:0] waddr_i, + input logic [DATA_WIDTH-1:0] wdata_i, + input logic re_i, + input logic [ADDR_WIDTH-1:0] raddr_i, + output logic [DATA_WIDTH-1:0] rdata_o + ); + + (* ram_style = "block" *) reg [DATA_WIDTH-1:0] ram [DEPTH-1:0]; + + always @(posedge clk_i) begin + if (we_i) begin + if (we_i) + ram[waddr_i] <= wdata_i; + end + end + + always @(posedge clk_i) begin + if (re_i) + rdata_o <= ram[raddr_i]; + end + +endmodule + +`endif \ No newline at end of file diff --git a/src/abr_libs/rtl/abr_piso.sv b/src/abr_libs/rtl/abr_piso.sv index 5800a25..d0d9b7e 100644 --- a/src/abr_libs/rtl/abr_piso.sv +++ b/src/abr_libs/rtl/abr_piso.sv @@ -16,9 +16,10 @@ module abr_piso // import ::*; #( - parameter PISO_BUFFER_W = 1344 - ,parameter PISO_INPUT_RATE = 1088 - ,parameter PISO_OUTPUT_RATE = 80 + parameter PISO_NUM_MODE = 1 + ,parameter PISO_BUFFER_W = 1344 + ,parameter integer PISO_INPUT_RATE[PISO_NUM_MODE-1:0] = {1088} + ,parameter integer PISO_OUTPUT_RATE[PISO_NUM_MODE-1:0] = {80} ) ( input logic clk, @@ -26,19 +27,20 @@ module abr_piso input logic zeroize, //input data - input logic valid_i, - output logic hold_o, - input logic [PISO_INPUT_RATE-1:0] data_i, + input logic [$clog2(PISO_NUM_MODE)-1:0] mode, + input logic valid_i, + output logic hold_o, + input logic [PISO_INPUT_RATE[0]-1:0] data_i, //Output data - output logic valid_o, - input logic hold_i, - output logic [PISO_OUTPUT_RATE-1:0] data_o + output logic valid_o, + input logic hold_i, + output logic [PISO_OUTPUT_RATE[0]-1:0] data_o ); parameter PISO_PTR_W = $clog2(PISO_BUFFER_W); - parameter BUFFER_W_DELTA = PISO_BUFFER_W - PISO_INPUT_RATE; + parameter BUFFER_W_DELTA = PISO_BUFFER_W - PISO_INPUT_RATE[0]; logic [PISO_BUFFER_W-1:0] buffer, buffer_d; logic [PISO_PTR_W-1:0] buffer_wr_ptr, buffer_wr_ptr_d; @@ -47,10 +49,10 @@ module abr_piso logic update_buffer; //hold when not enough room for full input data - always_comb hold_o = buffer_wr_ptr > (PISO_BUFFER_W - PISO_INPUT_RATE); + always_comb hold_o = buffer_wr_ptr > (PISO_BUFFER_W[PISO_PTR_W-1:0] - PISO_INPUT_RATE[mode][PISO_PTR_W-1:0]); - always_comb data_o = buffer[PISO_OUTPUT_RATE-1:0]; - always_comb valid_o = buffer_wr_ptr >= PISO_OUTPUT_RATE; + always_comb data_o = buffer[PISO_OUTPUT_RATE[0]-1:0]; + always_comb valid_o = buffer_wr_ptr >= PISO_OUTPUT_RATE[mode][PISO_PTR_W-1:0]; always_comb buffer_wr = valid_i & ~hold_o; always_comb buffer_rd = valid_o & ~hold_i; @@ -74,23 +76,38 @@ module abr_piso always_comb begin unique case ({buffer_rd, buffer_wr}) 2'b00 : buffer_wr_ptr_d = buffer_wr_ptr; - 2'b01 : buffer_wr_ptr_d = buffer_wr_ptr + PISO_INPUT_RATE; - 2'b10 : buffer_wr_ptr_d = buffer_wr_ptr - PISO_OUTPUT_RATE; - 2'b11 : buffer_wr_ptr_d = buffer_wr_ptr + (PISO_INPUT_RATE - PISO_OUTPUT_RATE); + 2'b01 : buffer_wr_ptr_d = buffer_wr_ptr + PISO_INPUT_RATE[mode][PISO_PTR_W-1:0]; + 2'b10 : buffer_wr_ptr_d = buffer_wr_ptr - PISO_OUTPUT_RATE[mode][PISO_PTR_W-1:0]; + 2'b11 : buffer_wr_ptr_d = buffer_wr_ptr + (PISO_INPUT_RATE[mode][PISO_PTR_W-1:0] - PISO_OUTPUT_RATE[mode][PISO_PTR_W-1:0]); default : buffer_wr_ptr_d = buffer_wr_ptr; endcase end + logic [PISO_BUFFER_W-1:0] buffer_wdata; + logic [PISO_BUFFER_W-1:0] buffer_wdata_mask; + + always_comb begin + buffer_wdata = '0; + buffer_wdata_mask = '1; + for (int i = 0; i < PISO_NUM_MODE; i++) begin + if (i == mode) begin + buffer_wdata_mask = PISO_BUFFER_W'(buffer_wdata_mask >> (PISO_BUFFER_W[PISO_PTR_W-1:0] - PISO_INPUT_RATE[mode][PISO_PTR_W-1:0])); + end + end + buffer_wdata = {{BUFFER_W_DELTA{1'b0}},data_i} & buffer_wdata_mask; + end + //buffer next logic always_comb begin - unique case ({buffer_rd, buffer_wr}) + unique case ({buffer_rd, buffer_wr}) 2'b00 : buffer_d = buffer; - 2'b01 : buffer_d = PISO_BUFFER_W'({{BUFFER_W_DELTA{1'b0}},data_i} << buffer_wr_ptr) | buffer; - 2'b10 : buffer_d = PISO_BUFFER_W'(buffer >> PISO_OUTPUT_RATE); - 2'b11 : buffer_d = PISO_BUFFER_W'({{BUFFER_W_DELTA{1'b0}},data_i} << (buffer_wr_ptr - PISO_OUTPUT_RATE)) | PISO_BUFFER_W'(buffer >> PISO_OUTPUT_RATE); + 2'b10 : buffer_d = PISO_BUFFER_W'(buffer >> PISO_OUTPUT_RATE[mode]); + 2'b01 : buffer_d = PISO_BUFFER_W'(buffer_wdata << buffer_wr_ptr) | buffer; + 2'b11 : buffer_d = PISO_BUFFER_W'(buffer_wdata << (buffer_wr_ptr - PISO_OUTPUT_RATE[mode][PISO_PTR_W-1:0])) | PISO_BUFFER_W'(buffer >> PISO_OUTPUT_RATE[mode]); + default : buffer_d = buffer; endcase end - + // {{PISO_BUFFER_W - PISO_INPUT_RATE[mode]{1'b0}}, endmodule \ No newline at end of file diff --git a/src/abr_prim/rtl/abr_prim_count.sv b/src/abr_prim/rtl/abr_prim_count.sv index 9f413b4..c4a20bf 100644 --- a/src/abr_prim/rtl/abr_prim_count.sv +++ b/src/abr_prim/rtl/abr_prim_count.sv @@ -21,6 +21,7 @@ // unchanged. The counter is also protected against under- and overflows. `include "abr_prim_assert.sv" +`timescale 1ns / 1ps module abr_prim_count #( parameter int Width = 2, diff --git a/src/abr_prim/rtl/abr_prim_intr_hw.sv b/src/abr_prim/rtl/abr_prim_intr_hw.sv index e95e7ef..d79ebe7 100644 --- a/src/abr_prim/rtl/abr_prim_intr_hw.sv +++ b/src/abr_prim/rtl/abr_prim_intr_hw.sv @@ -6,7 +6,8 @@ // controller registers: INTR_ENABLE, INTR_STATE, INTR_TEST. // This module can be instantiated once per interrupt field, or // "bussified" with all fields of the interrupt vector. - +`include "abr_sva.svh" +`include "abr_prim_assert.sv" module abr_prim_intr_hw # ( parameter int unsigned Width = 1, parameter bit FlopOutput = 1, diff --git a/src/abr_prim/rtl/abr_prim_sparse_fsm_flop.sv b/src/abr_prim/rtl/abr_prim_sparse_fsm_flop.sv index 49ca9ee..c7a71c2 100644 --- a/src/abr_prim/rtl/abr_prim_sparse_fsm_flop.sv +++ b/src/abr_prim/rtl/abr_prim_sparse_fsm_flop.sv @@ -3,6 +3,7 @@ // SPDX-License-Identifier: Apache-2.0 `include "abr_prim_assert.sv" +`timescale 1ns / 1ps module abr_prim_sparse_fsm_flop import abr_prim_sparse_fsm_pkg::*; diff --git a/src/abr_sha3/rtl/abr_keccak_2share.sv b/src/abr_sha3/rtl/abr_keccak_2share.sv index 8eca018..59af71f 100644 --- a/src/abr_sha3/rtl/abr_keccak_2share.sv +++ b/src/abr_sha3/rtl/abr_keccak_2share.sv @@ -6,6 +6,7 @@ // It supports Keccak with up to 1600b of state `include "abr_sva.svh" +`include "abr_prim_assert.sv" module abr_keccak_2share import abr_prim_mubi_pkg::*; diff --git a/src/abr_sha3/rtl/abr_keccak_round.sv b/src/abr_sha3/rtl/abr_keccak_round.sv index f44390a..295fbfc 100644 --- a/src/abr_sha3/rtl/abr_keccak_round.sv +++ b/src/abr_sha3/rtl/abr_keccak_round.sv @@ -6,6 +6,7 @@ // e.g. Width 800 requires 22 rounds `include "abr_sva.svh" +`include "abr_prim_assert.sv" module abr_keccak_round import abr_prim_mubi_pkg::*; diff --git a/src/abr_sha3/rtl/abr_sha3.sv b/src/abr_sha3/rtl/abr_sha3.sv index e7e76a5..eb1205f 100644 --- a/src/abr_sha3/rtl/abr_sha3.sv +++ b/src/abr_sha3/rtl/abr_sha3.sv @@ -7,6 +7,7 @@ // It instantiates a keccak_round with 1600 bits of the state. `include "abr_sva.svh" +`include "abr_prim_assert.sv" module abr_sha3 import abr_sha3_pkg::*; diff --git a/src/abr_sha3/rtl/abr_sha3pad.sv b/src/abr_sha3/rtl/abr_sha3pad.sv index aa5f675..5f1a5ad 100644 --- a/src/abr_sha3/rtl/abr_sha3pad.sv +++ b/src/abr_sha3/rtl/abr_sha3pad.sv @@ -5,6 +5,7 @@ // ABR_SHA3 padding logic `include "abr_sva.svh" +`include "abr_prim_assert.sv" module abr_sha3pad import abr_sha3_pkg::*; diff --git a/src/mldsa_sampler_top/rtl/mldsa_sampler_top.sv b/src/mldsa_sampler_top/rtl/mldsa_sampler_top.sv index ead8b5a..02e4a7d 100644 --- a/src/mldsa_sampler_top/rtl/mldsa_sampler_top.sv +++ b/src/mldsa_sampler_top/rtl/mldsa_sampler_top.sv @@ -87,10 +87,6 @@ module mldsa_sampler_top logic sha3_rst_storage_err; //rej sampler - logic sha3_rejs_dv; - logic rejs_sha3_hold; - logic [REJS_PISO_INPUT_RATE-1:0] sha3_rejs_data; - logic rejs_piso_dv; logic rejs_piso_hold; logic [REJS_NUM_SAMPLERS-1:0][REJS_SAMPLE_W-1:0] rejs_piso_data; @@ -100,10 +96,6 @@ module mldsa_sampler_top logic [REJS_VLD_SAMPLES-1:0][MLDSA_Q_WIDTH-1:0] rejs_data_q; //rej bounded - logic sha3_rejb_dv; - logic rejb_sha3_hold; - logic [REJB_PISO_INPUT_RATE-1:0] sha3_rejb_data; - logic rejb_piso_dv; logic rejb_piso_hold; logic [REJB_NUM_SAMPLERS-1:0][REJB_SAMPLE_W-1:0] rejb_piso_data; @@ -112,10 +104,6 @@ module mldsa_sampler_top logic [REJB_VLD_SAMPLES-1:0][MLDSA_Q_WIDTH-1:0] rejb_data; //exp mask - logic sha3_exp_dv; - logic exp_sha3_hold; - logic [EXP_PISO_INPUT_RATE-1:0] sha3_exp_data; - logic exp_piso_dv; logic exp_piso_hold; logic [EXP_NUM_SAMPLERS-1:0][EXP_SAMPLE_W-1:0] exp_piso_data; @@ -124,10 +112,6 @@ module mldsa_sampler_top logic [EXP_VLD_SAMPLES-1:0][EXP_VLD_SAMPLE_W-1:0] exp_data; //sample in ball - logic sha3_sib_dv; - logic sib_sha3_hold; - logic [SIB_PISO_INPUT_RATE-1:0] sha3_sib_data; - logic sib_piso_dv; logic sib_piso_hold; logic [SIB_NUM_SAMPLERS-1:0][SIB_SAMPLE_W-1:0] sib_piso_data; @@ -147,6 +131,11 @@ module mldsa_sampler_top logic zeroize_sha3, zeroize_rejb, zeroize_rejs, zeroize_sib, zeroize_exp_mask; logic zeroize_sib_mem; + logic zeroize_piso; + + logic [1:0] piso_mode; + logic piso_dv, piso_hold; + logic [REJS_PISO_OUTPUT_RATE-1:0] piso_data; //Sampler mode muxes always_comb begin @@ -165,6 +154,8 @@ module mldsa_sampler_top zeroize_sib = zeroize; zeroize_sib_mem = zeroize; zeroize_sha3 = zeroize; + zeroize_piso = zeroize; + piso_mode = 0; unique case (sampler_mode_i) inside MLDSA_SHAKE256: begin @@ -190,6 +181,8 @@ module mldsa_sampler_top sampler_done = (coeff_cnt == (MLDSA_COEFF_CNT/4)); zeroize_rejs |= sampler_done; zeroize_sha3 |= sampler_done; + zeroize_piso |= sampler_done; + piso_mode = 0; end MLDSA_EXP_MASK: begin mode = abr_sha3_pkg::Shake; @@ -201,6 +194,8 @@ module mldsa_sampler_top sampler_done = (coeff_cnt == (MLDSA_COEFF_CNT/4)); zeroize_exp_mask |= sampler_done; zeroize_sha3 |= sampler_done; + zeroize_piso |= sampler_done; + piso_mode = 2; end MLDSA_REJ_BOUNDED: begin mode = abr_sha3_pkg::Shake; @@ -212,6 +207,8 @@ module mldsa_sampler_top sampler_done = (coeff_cnt == (MLDSA_COEFF_CNT/4)); zeroize_rejb |= sampler_done; zeroize_sha3 |= sampler_done; + zeroize_piso |= sampler_done; + piso_mode = 1; end MLDSA_SAMPLE_IN_BALL: begin mode = abr_sha3_pkg::Shake; @@ -220,6 +217,8 @@ module mldsa_sampler_top sampler_done = sib_done; zeroize_sib |= sampler_done; zeroize_sha3 |= sampler_done; + zeroize_piso |= sampler_done; + piso_mode = 3; end default: begin @@ -379,40 +378,40 @@ always_comb sampler_ntt_data_o = rejs_data; .keccak_storage_rst_error_o (sha3_rst_storage_err) ); - //FIXME just one PISO - //control logic to steer sha3 output to appropriate sampler - always_comb sha3_rejs_dv = sha3_state_dv & (sampler_mode_i == MLDSA_REJ_SAMPLER); - always_comb sha3_rejb_dv = sha3_state_dv & (sampler_mode_i == MLDSA_REJ_BOUNDED); - always_comb sha3_exp_dv = sha3_state_dv & (sampler_mode_i == MLDSA_EXP_MASK); - always_comb sha3_sib_dv = sha3_state_dv & (sampler_mode_i == MLDSA_SAMPLE_IN_BALL); - - always_comb sha3_state_hold = ((sampler_mode_i == MLDSA_REJ_SAMPLER) & rejs_sha3_hold) | - ((sampler_mode_i == MLDSA_REJ_BOUNDED) & rejb_sha3_hold) | - ((sampler_mode_i == MLDSA_EXP_MASK) & exp_sha3_hold) | - ((sampler_mode_i == MLDSA_SAMPLE_IN_BALL) & sib_sha3_hold); - - always_comb sha3_rejs_data = sha3_state[0][REJS_PISO_INPUT_RATE-1:0]; - always_comb sha3_rejb_data = sha3_state[0][REJB_PISO_INPUT_RATE-1:0]; - always_comb sha3_exp_data = sha3_state[0][EXP_PISO_INPUT_RATE-1:0]; - always_comb sha3_sib_data = sha3_state[0][SIB_PISO_INPUT_RATE-1:0]; - -//rej sampler +//one piso abr_piso #( + .PISO_NUM_MODE(4), .PISO_BUFFER_W(REJS_PISO_BUFFER_W), - .PISO_INPUT_RATE(REJS_PISO_INPUT_RATE), - .PISO_OUTPUT_RATE(REJS_PISO_OUTPUT_RATE) - ) rej_sampler_piso_inst ( + .PISO_INPUT_RATE({SIB_PISO_INPUT_RATE,EXP_PISO_INPUT_RATE,REJB_PISO_INPUT_RATE,REJS_PISO_INPUT_RATE}), + .PISO_OUTPUT_RATE({SIB_PISO_OUTPUT_RATE,EXP_PISO_OUTPUT_RATE,REJB_PISO_OUTPUT_RATE,REJS_PISO_OUTPUT_RATE}) + ) abr_piso_inst ( .clk(clk), .rst_b(rst_b), - .zeroize(zeroize_rejs), - .valid_i(sha3_rejs_dv), - .hold_o(rejs_sha3_hold), - .data_i(sha3_rejs_data), - .valid_o(rejs_piso_dv), - .hold_i(rejs_piso_hold), - .data_o(rejs_piso_data) + .zeroize(zeroize_piso), + .mode(piso_mode), + .valid_i(sha3_state_dv & sampler_mode_i inside {MLDSA_REJ_SAMPLER,MLDSA_REJ_BOUNDED,MLDSA_EXP_MASK,MLDSA_SAMPLE_IN_BALL}), + .hold_o(sha3_state_hold), + .data_i(sha3_state[0][REJS_PISO_INPUT_RATE-1:0]), + .valid_o(piso_dv), + .hold_i(piso_hold), + .data_o(piso_data) ); + always_comb rejs_piso_dv = piso_dv & (sampler_mode_i == MLDSA_REJ_SAMPLER); + always_comb rejb_piso_dv = piso_dv & (sampler_mode_i == MLDSA_REJ_BOUNDED); + always_comb exp_piso_dv = piso_dv & (sampler_mode_i == MLDSA_EXP_MASK); + always_comb sib_piso_dv = piso_dv & (sampler_mode_i == MLDSA_SAMPLE_IN_BALL); + + always_comb piso_hold = ((sampler_mode_i == MLDSA_REJ_SAMPLER) & rejs_piso_hold) | + ((sampler_mode_i == MLDSA_REJ_BOUNDED) & rejb_piso_hold) | + ((sampler_mode_i == MLDSA_EXP_MASK) & exp_piso_hold) | + ((sampler_mode_i == MLDSA_SAMPLE_IN_BALL) & sib_piso_hold); + + always_comb rejs_piso_data = piso_data[REJS_PISO_OUTPUT_RATE-1:0]; + always_comb rejb_piso_data = piso_data[REJB_PISO_OUTPUT_RATE-1:0]; + always_comb exp_piso_data = piso_data[EXP_PISO_OUTPUT_RATE-1:0]; + always_comb sib_piso_data = piso_data[SIB_PISO_OUTPUT_RATE-1:0]; + rej_sampler_ctrl#( .REJ_NUM_SAMPLERS(REJS_NUM_SAMPLERS), .REJ_SAMPLE_W(REJS_SAMPLE_W), @@ -446,22 +445,6 @@ always_ff @(posedge clk or negedge rst_b) begin : delay_rejs_data end //rej bounded - abr_piso #( - .PISO_BUFFER_W(REJB_PISO_BUFFER_W), - .PISO_INPUT_RATE(REJB_PISO_INPUT_RATE), - .PISO_OUTPUT_RATE(REJB_PISO_OUTPUT_RATE) - ) rej_bounded_piso_inst ( - .clk(clk), - .rst_b(rst_b), - .zeroize(zeroize_rejb), - .valid_i(sha3_rejb_dv), - .hold_o(rejb_sha3_hold), - .data_i(sha3_rejb_data), - .valid_o(rejb_piso_dv), - .hold_i(rejb_piso_hold), - .data_o(rejb_piso_data) - ); - rej_bounded_ctrl #( .REJ_NUM_SAMPLERS(REJB_NUM_SAMPLERS), .REJ_SAMPLE_W(REJB_SAMPLE_W), @@ -482,23 +465,6 @@ end ); //exp mask - abr_piso #( - .PISO_BUFFER_W(EXP_PISO_BUFFER_W), - .PISO_INPUT_RATE(EXP_PISO_INPUT_RATE), - .PISO_OUTPUT_RATE(EXP_PISO_OUTPUT_RATE) - ) exp_mask_piso_inst ( - .clk(clk), - .rst_b(rst_b), - .zeroize(zeroize_exp_mask), - .valid_i(sha3_exp_dv), - .hold_o(exp_sha3_hold), - .data_i(sha3_exp_data), - .valid_o(exp_piso_dv), - .hold_i(exp_piso_hold), - .data_o(exp_piso_data) - ); - - exp_mask_ctrl #( .EXP_NUM_SAMPLERS(EXP_NUM_SAMPLERS), .EXP_SAMPLE_W(EXP_SAMPLE_W), @@ -546,22 +512,6 @@ end .rdata_o(sib_mem_rddata) ); - abr_piso #( - .PISO_BUFFER_W(SIB_PISO_BUFFER_W), - .PISO_INPUT_RATE(SIB_PISO_INPUT_RATE), - .PISO_OUTPUT_RATE(SIB_PISO_OUTPUT_RATE) - ) sib_piso_inst ( - .clk(clk), - .rst_b(rst_b), - .zeroize(zeroize_sib), - .valid_i(sha3_sib_dv), - .hold_o(sib_sha3_hold), - .data_i(sha3_sib_data), - .valid_o(sib_piso_dv), - .hold_i(sib_piso_hold), - .data_o(sib_piso_data) - ); - sample_in_ball_ctrl #( .SIB_NUM_SAMPLERS(SIB_NUM_SAMPLERS), .SIB_SAMPLE_W(SIB_SAMPLE_W), diff --git a/src/mldsa_top/rtl/config_defines.svh b/src/mldsa_top/rtl/config_defines.svh index c4db129..14d9f1a 100644 --- a/src/mldsa_top/rtl/config_defines.svh +++ b/src/mldsa_top/rtl/config_defines.svh @@ -15,6 +15,10 @@ `ifndef ABR_CFG_SV `define ABR_CFG_SV + `include "abr_sva.svh" + `define RV_FPGA_OPTIMIZE + `define RV_FPGA_SCA + `define ABR_ICG abr_clk_gate `define ABR_MEM_TEST(_depth, _width) abr_1r1w_``_depth``x``_width``_ram diff --git a/src/mldsa_top/rtl/mldsa_ctrl.sv b/src/mldsa_top/rtl/mldsa_ctrl.sv index a3cec7a..739d8a1 100644 --- a/src/mldsa_top/rtl/mldsa_ctrl.sv +++ b/src/mldsa_top/rtl/mldsa_ctrl.sv @@ -33,6 +33,14 @@ module mldsa_ctrl input logic rst_b, output logic zeroize, +`ifdef RV_FPGA_SCA + output wire NTT_trigger, + output wire PWM_trigger, + output wire PWA_trigger, + output wire INTT_trigger, +`endif + + output mldsa_reg__in_t mldsa_reg_hwif_in_o, input mldsa_reg__out_t mldsa_reg_hwif_out_i, @@ -286,18 +294,18 @@ module mldsa_ctrl logic [1:0][SK_MEM_ADDR_W:0] skdecode_rdaddr; logic api_keymem_wr_dec, api_sk_reg_wr_dec; - logic api_keymem_rd_dec, api_sk_reg_rd_dec; + logic api_keymem_rd_dec, api_sk_reg_rd_dec, api_sk_reg_rd_dec_f; logic [DATA_WIDTH-1:0] privkey_reg_rdata; logic [DATA_WIDTH-1:0] privkey_out_rdata; always_comb api_sk_waddr = PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.addr[12:2]; always_comb api_sk_raddr = PRIVKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.addr[12:2]; - always_comb api_sk_reg_wr_dec = api_sk_waddr inside {[0:31]}; - always_comb api_keymem_wr_dec = api_sk_waddr inside {[31:PRIVKEY_NUM_DWORDS-1]}; + always_comb api_sk_reg_wr_dec = mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.req & api_sk_waddr inside {[0:31]}; + always_comb api_keymem_wr_dec = mldsa_reg_hwif_out.MLDSA_PRIVKEY_IN.req & api_sk_waddr inside {[31:PRIVKEY_NUM_DWORDS-1]}; - always_comb api_sk_reg_rd_dec = api_sk_raddr inside {[0:31]}; - always_comb api_keymem_rd_dec = api_sk_raddr inside {[32:PRIVKEY_NUM_DWORDS-1]}; + always_comb api_sk_reg_rd_dec = mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & api_sk_raddr inside {[0:31]}; + always_comb api_keymem_rd_dec = mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & api_sk_raddr inside {[32:PRIVKEY_NUM_DWORDS-1]}; assign api_sk_reg_waddr = api_sk_waddr[4:0]; assign api_sk_reg_raddr = api_sk_raddr[4:0]; @@ -344,15 +352,17 @@ module mldsa_ctrl always_ff @(posedge clk or negedge rst_b) begin if (!rst_b) begin api_keymem_re_bank_f <= '0; + api_sk_reg_rd_dec_f <= '0; end else begin api_keymem_re_bank_f <= api_keymem_re_bank; + api_sk_reg_rd_dec_f <= api_sk_reg_rd_dec; end end always_comb skdecode_rd_data_o = sk_ram_rdata; always_comb privkey_out_rdata = {DATA_WIDTH{api_keymem_re_bank_f[0]}} & sk_ram_rdata[0] | {DATA_WIDTH{api_keymem_re_bank_f[1]}} & sk_ram_rdata[1] | - {DATA_WIDTH{api_sk_reg_rd_dec}} & privkey_reg_rdata; + {DATA_WIDTH{api_sk_reg_rd_dec_f}} & privkey_reg_rdata; `ABR_MEM(SK_MEM_BANK_DEPTH,DATA_WIDTH) mldsa_sk_ram_bank0 @@ -409,7 +419,7 @@ module mldsa_ctrl end else if (zeroize) begin privkey_reg_rdata <= '0; end else begin - if (mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr & api_sk_reg_rd_dec) begin + if (mldsa_valid_reg & mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr & api_sk_reg_rd_dec) begin privkey_reg_rdata <= privatekey_reg.raw[api_sk_reg_raddr]; end end @@ -474,12 +484,12 @@ module mldsa_ctrl always_comb api_sig_h_addr = SIG_H_REG_ADDR_W'( api_sig_addr - (SIGNATURE_C_NUM_DWORDS+SIGNATURE_Z_NUM_DWORDS) ); always_comb mldsa_reg_hwif_in.MLDSA_SIGNATURE.wr_ack = mldsa_reg_hwif_out.MLDSA_SIGNATURE.req & mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr; - always_comb api_sig_z_we = api_sig_z_dec & mldsa_reg_hwif_in.MLDSA_SIGNATURE.wr_ack; + always_comb api_sig_z_we = mldsa_ready & api_sig_z_dec & mldsa_reg_hwif_in.MLDSA_SIGNATURE.wr_ack; - always_comb api_sig_z_re = api_sig_z_dec & ~mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr; + always_comb api_sig_z_re = mldsa_valid_reg & api_sig_z_dec & ~mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr; `ABR_MEM_BE(SIG_Z_MEM_DEPTH,SIG_Z_MEM_DATA_W) - mldsa_sig_z_ram_bank1 + mldsa_sig_z_ram ( .clk_i(clk), .we_i(sig_z_ram_we), @@ -518,7 +528,7 @@ module mldsa_ctrl end else if (zeroize) begin signature_reg_rdata <= '0; end else begin - if (mldsa_reg_hwif_out.MLDSA_SIGNATURE.req & ~mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr) + if (mldsa_valid_reg & mldsa_reg_hwif_out.MLDSA_SIGNATURE.req & ~mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr) signature_reg_rdata <= {DATA_WIDTH{api_sig_c_dec}} & signature_reg.enc.c[api_sig_c_addr] | {DATA_WIDTH{api_sig_h_dec}} & signature_reg.enc.h[api_sig_h_addr]; end @@ -592,8 +602,8 @@ module mldsa_ctrl always_comb api_pubkey_addr = PUBKEY_NUM_DWORDS-1-mldsa_reg_hwif_out.MLDSA_PUBKEY.addr[PK_ADDR_W+1:2]; - always_comb api_pubkey_rho_dec = mldsa_ready & mldsa_reg_hwif_out.MLDSA_PUBKEY.req & api_pubkey_addr inside {[0:7]}; - always_comb api_pubkey_dec = mldsa_ready & mldsa_reg_hwif_out.MLDSA_PUBKEY.req & api_pubkey_addr inside {[8:PUBKEY_NUM_DWORDS-1]}; + always_comb api_pubkey_rho_dec = mldsa_reg_hwif_out.MLDSA_PUBKEY.req & api_pubkey_addr inside {[0:7]}; + always_comb api_pubkey_dec = mldsa_reg_hwif_out.MLDSA_PUBKEY.req & api_pubkey_addr inside {[8:PUBKEY_NUM_DWORDS-1]}; always_comb api_pubkey_mem_addr.addr = PK_MEM_ADDR_W'( (api_pubkey_addr - 8)/PK_MEM_NUM_DWORDS ); always_comb api_pubkey_mem_addr.offset = (api_pubkey_addr - 8)%PK_MEM_NUM_DWORDS; //FIXME can this be done better? @@ -603,9 +613,9 @@ module mldsa_ctrl always_comb api_pk_rho_addr = api_pubkey_addr[2:0]; always_comb mldsa_reg_hwif_in.MLDSA_PUBKEY.wr_ack = mldsa_reg_hwif_out.MLDSA_PUBKEY.req & mldsa_reg_hwif_out.MLDSA_PUBKEY.req_is_wr; - always_comb api_pubkey_we = api_pubkey_dec & mldsa_reg_hwif_in.MLDSA_PUBKEY.wr_ack; + always_comb api_pubkey_we = mldsa_ready & api_pubkey_dec & mldsa_reg_hwif_in.MLDSA_PUBKEY.wr_ack; - always_comb api_pubkey_re = api_pubkey_dec & ~mldsa_reg_hwif_out.MLDSA_PUBKEY.req_is_wr; + always_comb api_pubkey_re = mldsa_valid_reg & api_pubkey_dec & ~mldsa_reg_hwif_out.MLDSA_PUBKEY.req_is_wr; `ABR_MEM_BE(64,320) mldsa_pubkey_ram @@ -663,7 +673,7 @@ module mldsa_ctrl end else if (zeroize) begin pk_reg_rdata <= '0; end else begin - if (api_pubkey_rho_dec) + if (mldsa_valid_reg & api_pubkey_rho_dec) pk_reg_rdata <= publickey_reg.enc.rho[api_pk_rho_addr]; end end @@ -1357,6 +1367,13 @@ mldsa_seq_sec mldsa_seq_sec_inst .clk(clk), .rst_b(rst_b), .zeroize(zeroize), + +`ifdef RV_FPGA_SCA + .NTT_trigger(NTT_trigger), + .PWM_trigger(PWM_trigger), + .PWA_trigger(PWA_trigger), + .INTT_trigger(INTT_trigger), +`endif .en_i(seq_en), .addr_i(sign_prog_cntr_nxt), diff --git a/src/mldsa_top/rtl/mldsa_reg.sv b/src/mldsa_top/rtl/mldsa_reg.sv index ab82da2..3c469c2 100644 --- a/src/mldsa_top/rtl/mldsa_reg.sv +++ b/src/mldsa_top/rtl/mldsa_reg.sv @@ -1,6 +1,8 @@ // Generated by PeakRDL-regblock - A free and open-source SystemVerilog generator // https://github.com/SystemRDL/PeakRDL-regblock +`include "config_defines.svh" + module mldsa_reg ( input wire clk, input wire rst, diff --git a/src/mldsa_top/rtl/mldsa_seq_prim.sv b/src/mldsa_top/rtl/mldsa_seq_prim.sv index 03936b5..f3dce54 100644 --- a/src/mldsa_top/rtl/mldsa_seq_prim.sv +++ b/src/mldsa_top/rtl/mldsa_seq_prim.sv @@ -19,7 +19,6 @@ // Verify `include "config_defines.svh" - module mldsa_seq_prim import mldsa_ctrl_pkg::*; ( @@ -29,426 +28,425 @@ module mldsa_seq_prim input logic en_i, input logic [MLDSA_PROG_ADDR_W-1 : 0] addr_i, - output mldsa_seq_instr_t data_o - ); + output mldsa_seq_instr_t data_o + ); + +`ifdef RV_FPGA_OPTIMIZE + (*rom_style = "block" *) mldsa_seq_instr_t data_o_rom; +`else + mldsa_seq_instr_t data_o_rom; +`endif + assign data_o = data_o_rom; //---------------------------------------------------------------- // ROM content //---------------------------------------------------------------- - always_ff @(posedge clk or negedge rst_b) begin - if (!rst_b) begin - data_o <= '0; - end - else if (zeroize) begin - data_o <= '0; - end - else begin + always_ff @(posedge clk) begin if (en_i) begin unique case(addr_i) //RESET - MLDSA_RESET : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_RESET : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; //KEYGEN //(p,p',K)=Keccak(seed) // //SHAKE256 operation //SRC //SRC2 //DEST - MLDSA_KG_S : data_o <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0708, length:'d34, operand1:MLDSA_SEED_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_K_RHO_REG_ID}; + MLDSA_KG_S : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0708, length:'d34, operand1:MLDSA_SEED_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_K_RHO_REG_ID}; //s1=expandS // //Rej Bounded op //SRC imm //SRC1 //SRC2 //DEST - MLDSA_KG_S+ 1 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h0000, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_0_BASE}; - MLDSA_KG_S+ 2 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h0001, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_1_BASE}; - MLDSA_KG_S+ 3 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h0002, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_2_BASE}; - MLDSA_KG_S+ 4 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h0003, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_3_BASE}; - MLDSA_KG_S+ 5 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h0004, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_4_BASE}; - MLDSA_KG_S+ 6 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h0005, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_5_BASE}; - MLDSA_KG_S+ 7 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h0006, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_6_BASE}; + MLDSA_KG_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0000, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_0_BASE}; + MLDSA_KG_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0001, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_1_BASE}; + MLDSA_KG_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0002, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_2_BASE}; + MLDSA_KG_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0003, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_3_BASE}; + MLDSA_KG_S+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0004, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_4_BASE}; + MLDSA_KG_S+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0005, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_5_BASE}; + MLDSA_KG_S+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0006, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S1_6_BASE}; //s1=expandS - MLDSA_KG_S+ 8 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h0007, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_0_BASE}; - MLDSA_KG_S+ 9 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h0008, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_1_BASE}; - MLDSA_KG_S+ 10 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h0009, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_2_BASE}; - MLDSA_KG_S+ 11 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h000A, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_3_BASE}; - MLDSA_KG_S+ 12 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h000B, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_4_BASE}; - MLDSA_KG_S+ 13 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h000C, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_5_BASE}; - MLDSA_KG_S+ 14 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h000D, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_6_BASE}; - MLDSA_KG_S+ 15 : data_o <= '{opcode:MLDSA_UOP_REJB, imm:'h000E, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_7_BASE}; + MLDSA_KG_S+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0007, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_0_BASE}; + MLDSA_KG_S+ 9 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0008, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_1_BASE}; + MLDSA_KG_S+ 10 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h0009, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_2_BASE}; + MLDSA_KG_S+ 11 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000A, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_3_BASE}; + MLDSA_KG_S+ 12 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000B, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_4_BASE}; + MLDSA_KG_S+ 13 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000C, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_5_BASE}; + MLDSA_KG_S+ 14 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000D, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_6_BASE}; + MLDSA_KG_S+ 15 : data_o_rom <= '{opcode:MLDSA_UOP_REJB, imm:'h000E, length:'d66, operand1:MLDSA_RHO_P_ID, operand2:MLDSA_NOP, operand3:MLDSA_S2_7_BASE}; //NTT(s1) - MLDSA_KG_S+ 16 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_0_NTT_BASE}; - MLDSA_KG_S+ 17 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_1_NTT_BASE}; - MLDSA_KG_S+ 18 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_2_NTT_BASE}; - MLDSA_KG_S+ 19 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_3_NTT_BASE}; - MLDSA_KG_S+ 20 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_4_NTT_BASE}; - MLDSA_KG_S+ 21 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_5_NTT_BASE}; - MLDSA_KG_S+ 22 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_6_NTT_BASE}; + MLDSA_KG_S+ 16 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_0_NTT_BASE}; + MLDSA_KG_S+ 17 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_1_NTT_BASE}; + MLDSA_KG_S+ 18 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_2_NTT_BASE}; + MLDSA_KG_S+ 19 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_3_NTT_BASE}; + MLDSA_KG_S+ 20 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_4_NTT_BASE}; + MLDSA_KG_S+ 21 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_5_NTT_BASE}; + MLDSA_KG_S+ 22 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_6_NTT_BASE}; //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 23 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0000, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 24 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0001, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 25 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0002, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 26 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0003, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 27 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0004, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 28 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0005, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 29 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0006, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 23 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0000, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 24 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0001, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 25 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0002, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 26 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0003, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 27 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0004, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 28 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0005, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 29 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0006, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 30 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + MLDSA_KG_S+ 30 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 31 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_0_BASE, operand3:MLDSA_T0_BASE}; + MLDSA_KG_S+ 31 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_0_BASE, operand3:MLDSA_T0_BASE}; //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 32 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0100, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 33 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0101, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 34 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0102, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 35 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0103, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 36 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0104, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 37 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0105, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 38 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0106, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 32 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0100, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 33 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0101, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 34 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0102, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 35 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0103, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 36 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0104, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 37 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0105, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 38 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0106, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 39 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + MLDSA_KG_S+ 39 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 40 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_1_BASE, operand3:MLDSA_T1_BASE}; + MLDSA_KG_S+ 40 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_1_BASE, operand3:MLDSA_T1_BASE}; //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 41 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0200, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 42 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0201, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 43 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0202, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 44 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0203, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 45 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0204, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 46 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0205, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 47 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0206, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 41 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0200, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 42 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0201, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 43 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0202, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 44 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0203, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 45 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0204, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 46 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0205, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 47 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0206, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 48 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + MLDSA_KG_S+ 48 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 49 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_2_BASE, operand3:MLDSA_T2_BASE}; + MLDSA_KG_S+ 49 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_2_BASE, operand3:MLDSA_T2_BASE}; //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 50 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0300, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 51 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0301, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 52 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0302, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 53 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0303, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 54 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0304, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 55 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0305, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 56 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0306, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 50 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0300, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 51 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0301, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 52 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0302, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 53 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0303, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 54 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0304, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 55 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0305, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 56 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0306, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 57 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + MLDSA_KG_S+ 57 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 58 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_3_BASE, operand3:MLDSA_T3_BASE}; + MLDSA_KG_S+ 58 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_3_BASE, operand3:MLDSA_T3_BASE}; //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 59 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0400, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 60 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0401, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 61 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0402, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 62 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0403, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 63 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0404, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 64 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0405, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 65 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0406, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 59 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0400, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 60 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0401, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 61 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0402, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 62 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0403, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 63 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0404, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 64 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0405, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 65 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0406, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 66 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + MLDSA_KG_S+ 66 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 67 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_4_BASE, operand3:MLDSA_T4_BASE}; + MLDSA_KG_S+ 67 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_4_BASE, operand3:MLDSA_T4_BASE}; //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 68 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0500, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 69 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0501, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 70 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0502, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 71 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0503, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 72 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0504, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 73 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0505, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 74 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0506, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 68 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0500, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 69 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0501, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 70 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0502, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 71 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0503, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 72 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0504, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 73 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0505, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 74 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0506, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 75 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + MLDSA_KG_S+ 75 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 76 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_5_BASE, operand3:MLDSA_T5_BASE}; + MLDSA_KG_S+ 76 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_5_BASE, operand3:MLDSA_T5_BASE}; //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 77 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0600, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 78 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0601, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 79 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0602, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 80 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0603, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 81 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0604, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 82 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0605, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 83 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0606, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 77 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0600, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 78 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0601, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 79 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0602, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 80 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0603, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 81 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0604, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 82 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0605, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 83 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0606, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 84 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + MLDSA_KG_S+ 84 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 85 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_6_BASE, operand3:MLDSA_T6_BASE}; + MLDSA_KG_S+ 85 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_6_BASE, operand3:MLDSA_T6_BASE}; //ExpandA(ρ) AND Aˆ NTT(s1) - MLDSA_KG_S+ 86 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0700, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 87 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0701, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 88 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0702, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 89 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0703, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 90 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0704, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 91 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0705, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; - MLDSA_KG_S+ 92 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0706, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 86 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0700, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_0_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 87 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0701, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_1_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 88 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0702, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_2_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 89 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0703, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_3_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 90 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0704, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_4_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 91 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0705, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_5_NTT_BASE, operand3:MLDSA_AS0_BASE}; + MLDSA_KG_S+ 92 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0706, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_S1_6_NTT_BASE, operand3:MLDSA_AS0_BASE}; //NTT−1(Aˆ ◦NTT(s1)) - MLDSA_KG_S+ 93 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; + MLDSA_KG_S+ 93 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'d00, length:'d00, operand1:MLDSA_AS0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_AS0_INTT_BASE}; //t ←NTT−1(Aˆ ◦NTT(s1))+s2 - MLDSA_KG_S+ 94 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_7_BASE, operand3:MLDSA_T7_BASE}; + MLDSA_KG_S+ 94 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'d00, length:'d00, operand1:MLDSA_AS0_INTT_BASE, operand2:MLDSA_S2_7_BASE, operand3:MLDSA_T7_BASE}; //(t1,t0)←Power2Round(t,d) AND pk ←pkEncode(ρ,t1) - MLDSA_KG_S+ 95 : data_o <= '{opcode:MLDSA_UOP_PWR2RND, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_SK_T0_OFFSET}; + MLDSA_KG_S+ 95 : data_o_rom <= '{opcode:MLDSA_UOP_PWR2RND, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_SK_T0_OFFSET}; //tr ←H(BytesToBits(pk),512) - MLDSA_KG_S+ 96 : data_o <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:PUBKEY_NUM_BYTES, operand1:MLDSA_PK_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_TR_REG_ID}; + MLDSA_KG_S+ 96 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:PUBKEY_NUM_BYTES, operand1:MLDSA_PK_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_TR_REG_ID}; //sk ←skEncode(ρ,K,tr,s1,s2,t0) - MLDSA_KG_S+ 97: data_o <= '{opcode:MLDSA_UOP_SKENCODE, imm:'h0000, length:'d00, operand1:MLDSA_S1_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_KG_JUMP_SIGN : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_KG_S+ 97: data_o_rom <= '{opcode:MLDSA_UOP_SKENCODE, imm:'h0000, length:'d00, operand1:MLDSA_S1_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_KG_JUMP_SIGN : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; //KG end - MLDSA_KG_E : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_KG_E : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; //Signing start //μ ←H(tr||M,512) - MLDSA_SIGN_S : data_o <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_TR_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_S+ 1 : data_o <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d77, operand1:MLDSA_MSG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_MU_REG_ID}; + MLDSA_SIGN_S : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_TR_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d77, operand1:MLDSA_MSG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_MU_REG_ID}; //ρ′=Keccak(K||rnd|| μ) - MLDSA_SIGN_S+ 2 : data_o <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d32, operand1:MLDSA_K_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_S+ 3 : data_o <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d32, operand1:MLDSA_SIGN_RND_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_S+ 4 : data_o <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_MU_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_RHO_P_REG_ID}; + MLDSA_SIGN_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d32, operand1:MLDSA_K_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d32, operand1:MLDSA_SIGN_RND_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_MU_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_RHO_P_REG_ID}; //Check Y valid - MLDSA_SIGN_CHECK_Y_CLR : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_UOP_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_CHECK_Y_CLR : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_UOP_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; //y=ExpandMask(ρ’ ,κ) - MLDSA_SIGN_MAKE_Y_S : data_o <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0000, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_0_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 1 : data_o <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0001, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_1_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 2 : data_o <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0002, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_2_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 3 : data_o <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0003, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_3_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 4 : data_o <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0004, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_4_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 5 : data_o <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0005, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_5_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 6 : data_o <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0006, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_6_BASE}; + MLDSA_SIGN_MAKE_Y_S : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0000, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_0_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0001, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_1_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0002, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_2_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0003, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_3_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0004, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_4_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0005, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_5_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_EXP_MASK, imm:'h0006, length:'d66, operand1:MLDSA_RHO_P_KAPPA_ID, operand2:MLDSA_NOP, operand3:MLDSA_Y_6_BASE}; //NTT(Y) - MLDSA_SIGN_MAKE_Y_S+ 7 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_0_NTT_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 8 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_1_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_1_NTT_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 9 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_2_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_2_NTT_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 10 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_3_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_3_NTT_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 11 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_4_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_4_NTT_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 12 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_5_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_5_NTT_BASE}; - MLDSA_SIGN_MAKE_Y_S+ 13 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_6_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_6_NTT_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_0_NTT_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_1_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_1_NTT_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 9 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_2_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_2_NTT_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 10 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_3_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_3_NTT_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 11 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_4_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_4_NTT_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 12 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_5_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_5_NTT_BASE}; + MLDSA_SIGN_MAKE_Y_S+ 13 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Y_6_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_Y_6_NTT_BASE}; //Check W0 clear - MLDSA_SIGN_CHECK_W0_CLR : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_CHECK_W0_CLR : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; //Aˆ ←ExpandA(ρ) AND Aˆ ◦NTT(y) - MLDSA_SIGN_MAKE_W_S : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0000, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 1 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0001, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 2 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0002, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 3 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0003, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 4 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0004, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 5 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0005, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 6 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0006, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0000, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0001, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0002, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0003, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0004, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0005, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0006, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 7 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 8 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0100, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 9 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0101, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 10 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0102, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 11 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0103, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 12 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0104, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 13 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0105, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 14 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0106, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0100, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 9 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0101, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 10 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0102, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 11 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0103, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 12 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0104, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 13 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0105, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 14 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0106, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 15 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_1_BASE}; + MLDSA_SIGN_MAKE_W_S+ 15 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_1_BASE}; - MLDSA_SIGN_MAKE_W_S+ 16 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0200, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 17 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0201, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 18 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0202, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 19 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0203, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 20 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0204, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 21 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0205, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 22 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0206, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 16 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0200, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 17 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0201, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 18 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0202, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 19 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0203, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 20 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0204, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 21 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0205, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 22 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0206, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 23 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_2_BASE}; + MLDSA_SIGN_MAKE_W_S+ 23 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_2_BASE}; - MLDSA_SIGN_MAKE_W_S+ 24 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0300, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 25 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0301, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 26 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0302, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 27 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0303, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 28 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0304, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 29 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0305, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 30 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0306, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 24 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0300, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 25 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0301, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 26 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0302, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 27 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0303, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 28 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0304, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 29 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0305, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 30 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0306, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 31 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_3_BASE}; + MLDSA_SIGN_MAKE_W_S+ 31 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_3_BASE}; - MLDSA_SIGN_MAKE_W_S+ 32 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0400, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 33 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0401, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 34 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0402, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 35 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0403, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 36 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0404, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 37 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0405, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 38 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0406, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 32 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0400, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 33 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0401, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 34 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0402, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 35 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0403, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 36 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0404, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 37 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0405, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 38 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0406, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 39 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_4_BASE}; + MLDSA_SIGN_MAKE_W_S+ 39 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_4_BASE}; - MLDSA_SIGN_MAKE_W_S+ 40 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0500, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 41 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0501, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 42 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0502, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 43 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0503, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 44 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0504, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 45 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0505, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 46 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0506, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 40 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0500, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 41 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0501, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 42 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0502, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 43 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0503, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 44 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0504, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 45 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0505, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 46 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0506, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 47 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_5_BASE}; + MLDSA_SIGN_MAKE_W_S+ 47 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_5_BASE}; - MLDSA_SIGN_MAKE_W_S+ 48 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0600, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 49 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0601, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 50 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0602, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 51 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0603, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 52 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0604, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 53 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0605, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 54 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0606, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 48 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0600, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 49 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0601, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 50 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0602, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 51 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0603, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 52 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0604, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 53 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0605, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 54 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0606, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 55 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_6_BASE}; + MLDSA_SIGN_MAKE_W_S+ 55 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_6_BASE}; - MLDSA_SIGN_MAKE_W_S+ 56 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0700, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 57 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0701, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 58 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0702, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 59 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0703, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 60 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0704, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 61 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0705, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 62 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0706, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 56 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0700, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_0_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 57 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0701, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_1_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 58 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0702, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_2_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 59 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0703, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_3_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 60 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0704, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_4_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 61 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0705, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_5_NTT_BASE, operand3:MLDSA_AY0_BASE}; + MLDSA_SIGN_MAKE_W_S+ 62 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0706, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Y_6_NTT_BASE, operand3:MLDSA_AY0_BASE}; - MLDSA_SIGN_MAKE_W_S+ 63 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_7_BASE}; + MLDSA_SIGN_MAKE_W_S+ 63 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AY0_BASE, operand2:MLDSA_TEMP3_BASE, operand3:MLDSA_W0_7_BASE}; //Set Y valid //FIXME this can move before MAKE_W if we opt accumulator to not have to read dest - MLDSA_SIGN_SET_Y : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_UOP_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_SET_Y : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_UOP_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; //(w1,w0) ←Decompose(w) AND c˜←H(μ||w1Encode(w1),2λ) - MLDSA_SIGN_MAKE_W_S+ 65 : data_o <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_MU_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_MAKE_W : data_o <= '{opcode:MLDSA_UOP_DECOMP, imm:'h0000, length:'d00, operand1:MLDSA_W0_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_W0_0_BASE}; - MLDSA_SIGN_SET_W0 : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_MAKE_W_S+ 65 : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_MU_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_MAKE_W : data_o_rom <= '{opcode:MLDSA_UOP_DECOMP, imm:'h0000, length:'d00, operand1:MLDSA_W0_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_W0_0_BASE}; + MLDSA_SIGN_SET_W0 : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; // c ←SampleInBall(c˜1) //Check C clear - MLDSA_SIGN_CHECK_C_CLR : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_MAKE_C : data_o <= '{opcode:MLDSA_UOP_RUN_SHAKE256, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_DEST_SIG_C_REG_ID}; - MLDSA_SIGN_MAKE_C+ 1 : data_o <= '{opcode:MLDSA_UOP_SIB, imm:'h0000, length:'d64, operand1:MLDSA_SIG_C_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_SET_C : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_CHECK_C_CLR : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_MAKE_C : data_o_rom <= '{opcode:MLDSA_UOP_RUN_SHAKE256, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_DEST_SIG_C_REG_ID}; + MLDSA_SIGN_MAKE_C+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SIB, imm:'h0000, length:'d64, operand1:MLDSA_SIG_C_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_SET_C : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_E : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_E : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; //Verify flow //(ρ,t1)←pkDecode(pk) - MLDSA_VERIFY_S : data_o <= '{opcode:MLDSA_UOP_PKDECODE, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_T0_BASE}; + MLDSA_VERIFY_S : data_o_rom <= '{opcode:MLDSA_UOP_PKDECODE, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_T0_BASE}; //(c˜,z,h)←sigDecode(σ) - MLDSA_VERIFY_S+ 1 : data_o <= '{opcode:MLDSA_UOP_SIGDEC_Z, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_Z_0_BASE}; + MLDSA_VERIFY_S+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SIGDEC_Z, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_Z_0_BASE}; //||z||∞ ≥ γ1 −β - MLDSA_VERIFY_S+ 2 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_S+ 3 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_1_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_S+ 4 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_2_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_S+ 5 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_3_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_S+ 6 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_4_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_S+ 7 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_5_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_S+ 8 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_6_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_S+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_S+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_1_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_S+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_2_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_S+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_3_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_S+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_4_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_S+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_5_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_S+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_6_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; //tr ←H(pk,512) - MLDSA_VERIFY_H_TR : data_o <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:PUBKEY_NUM_BYTES, operand1:MLDSA_PK_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_TR_REG_ID}; + MLDSA_VERIFY_H_TR : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:PUBKEY_NUM_BYTES, operand1:MLDSA_PK_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_TR_REG_ID}; //μ ←H(tr||M,512) - MLDSA_VERIFY_H_MU : data_o <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_TR_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_H_MU+ 1 : data_o <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d77, operand1:MLDSA_MSG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_MU_REG_ID}; + MLDSA_VERIFY_H_MU : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_TR_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_H_MU+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_SHAKE256, imm:'h0000, length:'d77, operand1:MLDSA_MSG_ID, operand2:MLDSA_NOP, operand3:MLDSA_DEST_MU_REG_ID}; //c ←SampleInBall(c˜1) - MLDSA_VERIFY_MAKE_C : data_o <= '{opcode:MLDSA_UOP_SIB, imm:'h0000, length:'d64, operand1:MLDSA_SIG_C_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_MAKE_C : data_o_rom <= '{opcode:MLDSA_UOP_SIB, imm:'h0000, length:'d64, operand1:MLDSA_SIG_C_REG_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; //cˆ ←NTT(c) - MLDSA_VERIFY_NTT_C : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_C_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_C_NTT_BASE}; + MLDSA_VERIFY_NTT_C : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_C_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_C_NTT_BASE}; //t1 ←NTT(t1) - MLDSA_VERIFY_NTT_T1 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T0_BASE}; - MLDSA_VERIFY_NTT_T1+ 1 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T1_BASE}; - MLDSA_VERIFY_NTT_T1+ 2 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T2_BASE}; - MLDSA_VERIFY_NTT_T1+ 3 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T3_BASE}; - MLDSA_VERIFY_NTT_T1+ 4 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T4_BASE}; - MLDSA_VERIFY_NTT_T1+ 5 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T5_BASE}; - MLDSA_VERIFY_NTT_T1+ 6 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T6_BASE}; - MLDSA_VERIFY_NTT_T1+ 7 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T7_BASE}; + MLDSA_VERIFY_NTT_T1 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T0_BASE}; + MLDSA_VERIFY_NTT_T1+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T1_BASE}; + MLDSA_VERIFY_NTT_T1+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T2_BASE}; + MLDSA_VERIFY_NTT_T1+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T3_BASE}; + MLDSA_VERIFY_NTT_T1+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T4_BASE}; + MLDSA_VERIFY_NTT_T1+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T5_BASE}; + MLDSA_VERIFY_NTT_T1+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T6_BASE}; + MLDSA_VERIFY_NTT_T1+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T7_BASE}; //z ←NTT(z) - MLDSA_VERIFY_NTT_Z : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_0_BASE}; - MLDSA_VERIFY_NTT_Z+ 1 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_1_BASE}; - MLDSA_VERIFY_NTT_Z+ 2 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_2_BASE}; - MLDSA_VERIFY_NTT_Z+ 3 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_3_BASE}; - MLDSA_VERIFY_NTT_Z+ 4 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_4_BASE}; - MLDSA_VERIFY_NTT_Z+ 5 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_5_BASE}; - MLDSA_VERIFY_NTT_Z+ 6 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_6_BASE}; + MLDSA_VERIFY_NTT_Z : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_0_BASE}; + MLDSA_VERIFY_NTT_Z+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_1_BASE}; + MLDSA_VERIFY_NTT_Z+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_2_BASE}; + MLDSA_VERIFY_NTT_Z+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_3_BASE}; + MLDSA_VERIFY_NTT_Z+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_4_BASE}; + MLDSA_VERIFY_NTT_Z+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_5_BASE}; + MLDSA_VERIFY_NTT_Z+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_Z_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_Z_NTT_6_BASE}; //Aˆ ←ExpandA(ρ) AND Aˆ ◦NTT(z) - MLDSA_VERIFY_EXP_A+ 0 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0000, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 1 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0001, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 2 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0002, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 3 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0003, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 4 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0004, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 5 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0005, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 6 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0006, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 7 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T0_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 8 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 9 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_0_BASE}; + MLDSA_VERIFY_EXP_A+ 0 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0000, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0001, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0002, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0003, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 4 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0004, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 5 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0005, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 6 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0006, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 7 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T0_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 8 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 9 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_0_BASE}; - MLDSA_VERIFY_EXP_A+ 10 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0100, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 11 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0101, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 12 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0102, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 13 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0103, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 14 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0104, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 15 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0105, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 16 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0106, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 17 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T1_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 18 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 19 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_1_BASE}; + MLDSA_VERIFY_EXP_A+ 10 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0100, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 11 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0101, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 12 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0102, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 13 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0103, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 14 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0104, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 15 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0105, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 16 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0106, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 17 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T1_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 18 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 19 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_1_BASE}; - MLDSA_VERIFY_EXP_A+ 20 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0200, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 21 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0201, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 22 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0202, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 23 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0203, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 24 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0204, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 25 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0205, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 26 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0206, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 27 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T2_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 28 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 29 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_2_BASE}; + MLDSA_VERIFY_EXP_A+ 20 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0200, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 21 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0201, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 22 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0202, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 23 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0203, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 24 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0204, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 25 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0205, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 26 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0206, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 27 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T2_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 28 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 29 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_2_BASE}; - MLDSA_VERIFY_EXP_A+ 30 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0300, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 31 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0301, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 32 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0302, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 33 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0303, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 34 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0304, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 35 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0305, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 36 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0306, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 37 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T3_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 38 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 39 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_3_BASE}; + MLDSA_VERIFY_EXP_A+ 30 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0300, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 31 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0301, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 32 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0302, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 33 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0303, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 34 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0304, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 35 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0305, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 36 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0306, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 37 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T3_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 38 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 39 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_3_BASE}; - MLDSA_VERIFY_EXP_A+ 40 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0400, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 41 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0401, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 42 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0402, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 43 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0403, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 44 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0404, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 45 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0405, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 46 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0406, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 47 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T4_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 48 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 49 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_4_BASE}; + MLDSA_VERIFY_EXP_A+ 40 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0400, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 41 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0401, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 42 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0402, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 43 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0403, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 44 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0404, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 45 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0405, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 46 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0406, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 47 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T4_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 48 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 49 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_4_BASE}; - MLDSA_VERIFY_EXP_A+ 50 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0500, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 51 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0501, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 52 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0502, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 53 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0503, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 54 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0504, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 55 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0505, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 56 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0506, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 57 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T5_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 58 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 59 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_5_BASE}; + MLDSA_VERIFY_EXP_A+ 50 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0500, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 51 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0501, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 52 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0502, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 53 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0503, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 54 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0504, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 55 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0505, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 56 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0506, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 57 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T5_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 58 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 59 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_5_BASE}; - MLDSA_VERIFY_EXP_A+ 60 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0600, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 61 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0601, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 62 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0602, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 63 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0603, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 64 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0604, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 65 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0605, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 66 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0606, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 67 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T6_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 68 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 69 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_6_BASE}; + MLDSA_VERIFY_EXP_A+ 60 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0600, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 61 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0601, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 62 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0602, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 63 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0603, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 64 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0604, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 65 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0605, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 66 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0606, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 67 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T6_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 68 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 69 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_6_BASE}; - MLDSA_VERIFY_EXP_A+ 70 : data_o <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0700, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 71 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0701, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 72 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0702, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 73 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0703, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 74 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0704, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 75 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0705, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 76 : data_o <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0706, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 77 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T7_BASE, operand3:MLDSA_CT_BASE}; - MLDSA_VERIFY_EXP_A+ 78 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; - MLDSA_VERIFY_EXP_A+ 79 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_7_BASE}; + MLDSA_VERIFY_EXP_A+ 70 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWM, imm:'h0700, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 71 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0701, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_1_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 72 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0702, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_2_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 73 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0703, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_3_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 74 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0704, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_4_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 75 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0705, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_5_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 76 : data_o_rom <= '{opcode:MLDSA_UOP_REJS_PWMA, imm:'h0706, length:'d34, operand1:MLDSA_RHO_ID, operand2:MLDSA_Z_NTT_6_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 77 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T7_BASE, operand3:MLDSA_CT_BASE}; + MLDSA_VERIFY_EXP_A+ 78 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CT_BASE, operand2:MLDSA_AZ0_BASE, operand3:MLDSA_AZ0_BASE}; + MLDSA_VERIFY_EXP_A+ 79 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_AZ0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_W0_7_BASE}; - MLDSA_VERIFY_RES+ 0 : data_o <= '{opcode:MLDSA_UOP_SIGDEC_H, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_HINT_R_0_BASE}; - MLDSA_VERIFY_RES+ 1 : data_o <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_MU_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_VERIFY_RES+ 2 : data_o <= '{opcode:MLDSA_UOP_USEHINT, imm:'h0000, length:'d00, operand1:MLDSA_W0_0_BASE, operand2:MLDSA_HINT_R_0_BASE, operand3:MLDSA_NOP}; - MLDSA_VERIFY_RES+ 3 : data_o <= '{opcode:MLDSA_UOP_RUN_SHAKE256, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_DEST_VERIFY_RES_REG_ID}; - MLDSA_VERIFY_E : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_RES+ 0 : data_o_rom <= '{opcode:MLDSA_UOP_SIGDEC_H, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_HINT_R_0_BASE}; + MLDSA_VERIFY_RES+ 1 : data_o_rom <= '{opcode:MLDSA_UOP_LD_SHAKE256, imm:'h0000, length:'d64, operand1:MLDSA_MU_ID, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_VERIFY_RES+ 2 : data_o_rom <= '{opcode:MLDSA_UOP_USEHINT, imm:'h0000, length:'d00, operand1:MLDSA_W0_0_BASE, operand2:MLDSA_HINT_R_0_BASE, operand3:MLDSA_NOP}; + MLDSA_VERIFY_RES+ 3 : data_o_rom <= '{opcode:MLDSA_UOP_RUN_SHAKE256, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_DEST_VERIFY_RES_REG_ID}; + MLDSA_VERIFY_E : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - default : data_o <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + default : data_o_rom <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; endcase - end end end -endmodule +endmodule \ No newline at end of file diff --git a/src/mldsa_top/rtl/mldsa_seq_sec.sv b/src/mldsa_top/rtl/mldsa_seq_sec.sv index 536d32b..f43fc53 100644 --- a/src/mldsa_top/rtl/mldsa_seq_sec.sv +++ b/src/mldsa_top/rtl/mldsa_seq_sec.sv @@ -29,193 +29,290 @@ module mldsa_seq_sec input logic en_i, input logic [MLDSA_PROG_ADDR_W-1 : 0] addr_i, - output mldsa_seq_instr_t data_o + +`ifdef RV_FPGA_SCA + output wire NTT_trigger, + output wire PWM_trigger, + output wire PWA_trigger, + output wire INTT_trigger, +`endif + + output mldsa_seq_instr_t data_o ); +`ifdef RV_FPGA_SCA + //=========================================================================== + // + // ************** TRIGER Functionality ************** + // + //=========================================================================== + logic NTT_raw_signal, PWM_raw_signal, PWA_raw_signal, INTT_raw_signal; + gen_pulse_custom NTT_pulse + ( + .clk(clk), + .reset_n(rst_b), + .raw_signal(NTT_raw_signal), + .trigger_pulse(NTT_trigger) + ); + + gen_pulse_custom PWM_pulse + ( + .clk(clk), + .reset_n(rst_b), + .raw_signal(PWM_raw_signal), + .trigger_pulse(PWM_trigger) + ); + + gen_pulse_custom PWA_pulse + ( + .clk(clk), + .reset_n(rst_b), + .raw_signal(PWA_raw_signal), + .trigger_pulse(PWA_trigger) + ); + + gen_pulse_custom INTT_pulse + ( + .clk(clk), + .reset_n(rst_b), + .raw_signal(INTT_raw_signal), + .trigger_pulse(INTT_trigger) + ); + + always_ff @(posedge clk or negedge rst_b) begin + if (!rst_b) begin + NTT_raw_signal <= 'h0; + PWM_raw_signal <= 'h0; + PWA_raw_signal <= 'h0; + INTT_raw_signal <= 'h0; + end + else if (zeroize) begin + NTT_raw_signal <= 'h0; + PWM_raw_signal <= 'h0; + PWA_raw_signal <= 'h0; + INTT_raw_signal <= 'h0; + end + else begin + if (en_i) begin + unique case(addr_i) + MLDSA_SIGN_VALID_S : begin //NTT(C) + NTT_raw_signal <= 'h1; + PWM_raw_signal <= 'h0; + PWA_raw_signal <= 'h0; + INTT_raw_signal <= 'h0; + end + MLDSA_SIGN_VALID_S+2 : begin + NTT_raw_signal <= 'h0; + PWM_raw_signal <= 'h1; + PWA_raw_signal <= 'h0; + INTT_raw_signal <= 'h0; + end + MLDSA_SIGN_VALID_S+4 : begin + NTT_raw_signal <= 'h0; + PWM_raw_signal <= 'h0; + PWA_raw_signal <= 'h1; + INTT_raw_signal <= 'h0; + end + MLDSA_SIGN_VALID_S+3 : begin + NTT_raw_signal <= 'h0; + PWM_raw_signal <= 'h0; + PWA_raw_signal <= 'h0; + INTT_raw_signal <= 'h1; + end + default : begin + NTT_raw_signal <= 'h0; + PWM_raw_signal <= 'h0; + PWA_raw_signal <= 'h0; + INTT_raw_signal <= 'h0; + end + endcase + end + end + end +`endif + +`ifdef RV_FPGA_OPTIMIZE + (*rom_style = "block" *) mldsa_seq_instr_t data_o_rom; +`else + mldsa_seq_instr_t data_o_rom; +`endif + assign data_o = data_o_rom; //---------------------------------------------------------------- // ROM content //---------------------------------------------------------------- - always_ff @(posedge clk or negedge rst_b) begin - if (!rst_b) begin - data_o <= '0; - end - else if (zeroize) begin - data_o <= '0; - end - else begin + always_ff @(posedge clk ) begin if (en_i) begin unique case(addr_i) //RESET - MLDSA_RESET : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_RESET : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; //Signing initial steps start - MLDSA_SIGN_INIT_S : data_o <= '{opcode:MLDSA_UOP_SKDECODE, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_S1_0_BASE}; + MLDSA_SIGN_INIT_S : data_o_rom <= '{opcode:MLDSA_UOP_SKDECODE, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_S1_0_BASE}; //NTT(t0) - MLDSA_SIGN_INIT_S+1 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T0_BASE}; - MLDSA_SIGN_INIT_S+2 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T1_BASE}; - MLDSA_SIGN_INIT_S+3 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T2_BASE}; - MLDSA_SIGN_INIT_S+4 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T3_BASE}; - MLDSA_SIGN_INIT_S+5 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T4_BASE}; - MLDSA_SIGN_INIT_S+6 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T5_BASE}; - MLDSA_SIGN_INIT_S+7 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T6_BASE}; - MLDSA_SIGN_INIT_S+8 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T7_BASE}; + MLDSA_SIGN_INIT_S+1 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T0_BASE}; + MLDSA_SIGN_INIT_S+2 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T1_BASE}; + MLDSA_SIGN_INIT_S+3 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T2_BASE}; + MLDSA_SIGN_INIT_S+4 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T3_BASE}; + MLDSA_SIGN_INIT_S+5 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T4_BASE}; + MLDSA_SIGN_INIT_S+6 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T5_BASE}; + MLDSA_SIGN_INIT_S+7 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T6_BASE}; + MLDSA_SIGN_INIT_S+8 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_T7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_T7_BASE}; //NTT(s1) - MLDSA_SIGN_INIT_S+9 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_0_BASE}; - MLDSA_SIGN_INIT_S+10 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_1_BASE}; - MLDSA_SIGN_INIT_S+11: data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_2_BASE}; - MLDSA_SIGN_INIT_S+12: data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_3_BASE}; - MLDSA_SIGN_INIT_S+13: data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_4_BASE}; - MLDSA_SIGN_INIT_S+14: data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_5_BASE}; - MLDSA_SIGN_INIT_S+15: data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_6_BASE}; + MLDSA_SIGN_INIT_S+9 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_0_BASE}; + MLDSA_SIGN_INIT_S+10 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_1_BASE}; + MLDSA_SIGN_INIT_S+11: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_2_BASE}; + MLDSA_SIGN_INIT_S+12: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_3_BASE}; + MLDSA_SIGN_INIT_S+13: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_4_BASE}; + MLDSA_SIGN_INIT_S+14: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_5_BASE}; + MLDSA_SIGN_INIT_S+15: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S1_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S1_6_BASE}; //NTT(s2) - MLDSA_SIGN_INIT_S+16: data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_0_BASE}; - MLDSA_SIGN_INIT_S+17: data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_1_BASE}; - MLDSA_SIGN_INIT_S+18 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_2_BASE}; - MLDSA_SIGN_INIT_S+19 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_3_BASE}; - MLDSA_SIGN_INIT_S+20 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_4_BASE}; - MLDSA_SIGN_INIT_S+21 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_5_BASE}; - MLDSA_SIGN_INIT_S+22 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_6_BASE}; - MLDSA_SIGN_INIT_S+23 : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_7_BASE}; + MLDSA_SIGN_INIT_S+16: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_0_BASE}; + MLDSA_SIGN_INIT_S+17: data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_1_BASE}; + MLDSA_SIGN_INIT_S+18 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_2_BASE}; + MLDSA_SIGN_INIT_S+19 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_3_BASE}; + MLDSA_SIGN_INIT_S+20 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_4_BASE}; + MLDSA_SIGN_INIT_S+21 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_5_BASE}; + MLDSA_SIGN_INIT_S+22 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_6_BASE}; + MLDSA_SIGN_INIT_S+23 : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_S2_7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_S2_7_BASE}; //Signing validity checks - MLDSA_SIGN_CHECK_C_VLD : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_CHECK_C_VLD : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; //NTT(C) - MLDSA_SIGN_VALID_S : data_o <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_C_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_C_NTT_BASE}; + MLDSA_SIGN_VALID_S : data_o_rom <= '{opcode:MLDSA_UOP_NTT, imm:'h0000, length:'d00, operand1:MLDSA_C_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_C_NTT_BASE}; //Compute Z and perform norm check - MLDSA_SIGN_CHECK_Y_VLD : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+2 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_0_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+3 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+4 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_0_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+5 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+6 : data_o <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h000}; - - MLDSA_SIGN_VALID_S+7 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_1_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+8 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+9 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_1_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+10 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+11 : data_o <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h040}; - - MLDSA_SIGN_VALID_S+12 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_2_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+13 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+14 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_2_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+15 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+16 : data_o <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h080}; - - MLDSA_SIGN_VALID_S+17 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_3_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+18 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+19 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_3_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+20 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+21 : data_o <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h0C0}; - - MLDSA_SIGN_VALID_S+22 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_4_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+23 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+24 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_4_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+25 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+26 : data_o <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h100}; - - MLDSA_SIGN_VALID_S+27 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_5_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+28 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+29 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_5_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+30 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+31 : data_o <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h140}; - - MLDSA_SIGN_VALID_S+32 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_6_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+33 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; - MLDSA_SIGN_VALID_S+34 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_6_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; - MLDSA_SIGN_VALID_S+35 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+36 : data_o <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h180}; + MLDSA_SIGN_CHECK_Y_VLD : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+2 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_0_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+3 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+4 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_0_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+5 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+6 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h000}; + + MLDSA_SIGN_VALID_S+7 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_1_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+8 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+9 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_1_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+10 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+11 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h040}; + + MLDSA_SIGN_VALID_S+12 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_2_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+13 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+14 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_2_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+15 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+16 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h080}; + + MLDSA_SIGN_VALID_S+17 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_3_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+18 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+19 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_3_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+20 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+21 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h0C0}; + + MLDSA_SIGN_VALID_S+22 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_4_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+23 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+24 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_4_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+25 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+26 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h100}; + + MLDSA_SIGN_VALID_S+27 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_5_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+28 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+29 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_5_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+30 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+31 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h140}; + + MLDSA_SIGN_VALID_S+32 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S1_6_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+33 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS1_BASE}; + MLDSA_SIGN_VALID_S+34 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_Y_6_BASE, operand2:MLDSA_CS1_BASE, operand3:MLDSA_Z_BASE}; + MLDSA_SIGN_VALID_S+35 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_Z, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+36 : data_o_rom <= '{opcode:MLDSA_UOP_SIGENCODE, imm:'h0000, length:'d00, operand1:MLDSA_Z_BASE, operand2:MLDSA_NOP, operand3:15'h180}; - MLDSA_SIGN_CLEAR_Y : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - - MLDSA_SIGN_VALID_S+38 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T0_BASE, operand3:MLDSA_CT_0_BASE}; - MLDSA_SIGN_VALID_S+39 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T1_BASE, operand3:MLDSA_CT_1_BASE}; - MLDSA_SIGN_VALID_S+40 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T2_BASE, operand3:MLDSA_CT_2_BASE}; - MLDSA_SIGN_VALID_S+41 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T3_BASE, operand3:MLDSA_CT_3_BASE}; - MLDSA_SIGN_VALID_S+42 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T4_BASE, operand3:MLDSA_CT_4_BASE}; - MLDSA_SIGN_VALID_S+43 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T5_BASE, operand3:MLDSA_CT_5_BASE}; - MLDSA_SIGN_VALID_S+44 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T6_BASE, operand3:MLDSA_CT_6_BASE}; - MLDSA_SIGN_VALID_S+45 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T7_BASE, operand3:MLDSA_CT_7_BASE}; - MLDSA_SIGN_VALID_S+46 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_0_BASE}; - MLDSA_SIGN_VALID_S+47 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_1_BASE}; - MLDSA_SIGN_VALID_S+48 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_2_BASE}; - MLDSA_SIGN_VALID_S+49 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_3_BASE}; - MLDSA_SIGN_VALID_S+50 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_4_BASE}; - MLDSA_SIGN_VALID_S+51 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_5_BASE}; - MLDSA_SIGN_VALID_S+52 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_6_BASE}; - MLDSA_SIGN_VALID_S+53 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_7_BASE}; - - MLDSA_SIGN_CHECK_W0_VLD : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_CLEAR_Y : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + + MLDSA_SIGN_VALID_S+38 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T0_BASE, operand3:MLDSA_CT_0_BASE}; + MLDSA_SIGN_VALID_S+39 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T1_BASE, operand3:MLDSA_CT_1_BASE}; + MLDSA_SIGN_VALID_S+40 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T2_BASE, operand3:MLDSA_CT_2_BASE}; + MLDSA_SIGN_VALID_S+41 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T3_BASE, operand3:MLDSA_CT_3_BASE}; + MLDSA_SIGN_VALID_S+42 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T4_BASE, operand3:MLDSA_CT_4_BASE}; + MLDSA_SIGN_VALID_S+43 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T5_BASE, operand3:MLDSA_CT_5_BASE}; + MLDSA_SIGN_VALID_S+44 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T6_BASE, operand3:MLDSA_CT_6_BASE}; + MLDSA_SIGN_VALID_S+45 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_T7_BASE, operand3:MLDSA_CT_7_BASE}; + MLDSA_SIGN_VALID_S+46 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_0_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_0_BASE}; + MLDSA_SIGN_VALID_S+47 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_1_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_1_BASE}; + MLDSA_SIGN_VALID_S+48 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_2_BASE}; + MLDSA_SIGN_VALID_S+49 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_3_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_3_BASE}; + MLDSA_SIGN_VALID_S+50 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_4_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_4_BASE}; + MLDSA_SIGN_VALID_S+51 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_5_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_5_BASE}; + MLDSA_SIGN_VALID_S+52 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_6_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_6_BASE}; + MLDSA_SIGN_VALID_S+53 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CT_7_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CT_7_BASE}; + + MLDSA_SIGN_CHECK_W0_VLD : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; //Make R0, CT0 and Hint_r - MLDSA_SIGN_VALID_S+55 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_0_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+56 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+57 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_0_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+58 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+59 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+60 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_0_BASE, operand3:MLDSA_HINT_R_0_BASE}; - - MLDSA_SIGN_VALID_S+61 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_1_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+62 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+63 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_1_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+64 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+65 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_1_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+66 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_1_BASE, operand3:MLDSA_HINT_R_1_BASE}; - - MLDSA_SIGN_VALID_S+67 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_2_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+68 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+69 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_2_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+70 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+71 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_2_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+72 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_2_BASE, operand3:MLDSA_HINT_R_2_BASE}; - - MLDSA_SIGN_VALID_S+73 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_3_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+74 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+75 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_3_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+76 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+77 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_3_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+78 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_3_BASE, operand3:MLDSA_HINT_R_3_BASE}; - - MLDSA_SIGN_VALID_S+79 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_4_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+80 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+81 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_4_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+82 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+83 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_4_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+84 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_4_BASE, operand3:MLDSA_HINT_R_4_BASE}; - - MLDSA_SIGN_VALID_S+85 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_5_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+86 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+87 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_5_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+88 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+89 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_5_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+90 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_5_BASE, operand3:MLDSA_HINT_R_5_BASE}; - - MLDSA_SIGN_VALID_S+91 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_6_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+92 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+93 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_6_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+94 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+95 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_6_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+96 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_6_BASE, operand3:MLDSA_HINT_R_6_BASE}; - - MLDSA_SIGN_VALID_S+97 : data_o <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_7_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+98 : data_o <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; - MLDSA_SIGN_VALID_S+99 : data_o <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_7_BASE, operand3:MLDSA_R0_BASE}; - MLDSA_SIGN_VALID_S+100 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+101 : data_o <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_7_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+102 : data_o <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_7_BASE, operand3:MLDSA_HINT_R_7_BASE}; + MLDSA_SIGN_VALID_S+55 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_0_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+56 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+57 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_0_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+58 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+59 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+60 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_0_BASE, operand3:MLDSA_HINT_R_0_BASE}; + + MLDSA_SIGN_VALID_S+61 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_1_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+62 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+63 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_1_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+64 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+65 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_1_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+66 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_1_BASE, operand3:MLDSA_HINT_R_1_BASE}; + + MLDSA_SIGN_VALID_S+67 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_2_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+68 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+69 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_2_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+70 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+71 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_2_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+72 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_2_BASE, operand3:MLDSA_HINT_R_2_BASE}; + + MLDSA_SIGN_VALID_S+73 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_3_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+74 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+75 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_3_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+76 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+77 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_3_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+78 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_3_BASE, operand3:MLDSA_HINT_R_3_BASE}; + + MLDSA_SIGN_VALID_S+79 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_4_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+80 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+81 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_4_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+82 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+83 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_4_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+84 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_4_BASE, operand3:MLDSA_HINT_R_4_BASE}; + + MLDSA_SIGN_VALID_S+85 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_5_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+86 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+87 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_5_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+88 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+89 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_5_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+90 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_5_BASE, operand3:MLDSA_HINT_R_5_BASE}; + + MLDSA_SIGN_VALID_S+91 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_6_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+92 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+93 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_6_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+94 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+95 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_6_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+96 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_6_BASE, operand3:MLDSA_HINT_R_6_BASE}; + + MLDSA_SIGN_VALID_S+97 : data_o_rom <= '{opcode:MLDSA_UOP_PWM, imm:'h0000, length:'d00, operand1:MLDSA_C_NTT_BASE, operand2:MLDSA_S2_7_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+98 : data_o_rom <= '{opcode:MLDSA_UOP_INTT, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_TEMP0_BASE, operand3:MLDSA_CS2_BASE}; + MLDSA_SIGN_VALID_S+99 : data_o_rom <= '{opcode:MLDSA_UOP_PWS, imm:'h0000, length:'d00, operand1:MLDSA_CS2_BASE, operand2:MLDSA_W0_7_BASE, operand3:MLDSA_R0_BASE}; + MLDSA_SIGN_VALID_S+100 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_R0, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+101 : data_o_rom <= '{opcode:MLDSA_UOP_NORMCHK, imm:MLDSA_NORMCHK_CT0, length:'d00, operand1:MLDSA_CT_7_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+102 : data_o_rom <= '{opcode:MLDSA_UOP_PWA, imm:'h0000, length:'d00, operand1:MLDSA_R0_BASE, operand2:MLDSA_CT_7_BASE, operand3:MLDSA_HINT_R_7_BASE}; - MLDSA_SIGN_CLEAR_W0 : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_CLEAR_W0 : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_VALID_S+104 : data_o <= '{opcode:MLDSA_UOP_MAKEHINT, imm:'h0000, length:'d00, operand1:MLDSA_HINT_R_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_VALID_S+104 : data_o_rom <= '{opcode:MLDSA_UOP_MAKEHINT, imm:'h0000, length:'d00, operand1:MLDSA_HINT_R_0_BASE, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_GEN_S : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_CLEAR_C : data_o <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - MLDSA_SIGN_GEN_E : data_o <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; - default : data_o <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_GEN_S : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_CLEAR_C : data_o_rom <= '{opcode:MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + MLDSA_SIGN_GEN_E : data_o_rom <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; + default : data_o_rom <= '{opcode: MLDSA_UOP_NOP, imm:'h0000, length:'d00, operand1:MLDSA_NOP, operand2:MLDSA_NOP, operand3:MLDSA_NOP}; endcase end end -end endmodule \ No newline at end of file diff --git a/src/mldsa_top/rtl/mldsa_top.sv b/src/mldsa_top/rtl/mldsa_top.sv index c9470ca..0801e05 100644 --- a/src/mldsa_top/rtl/mldsa_top.sv +++ b/src/mldsa_top/rtl/mldsa_top.sv @@ -14,6 +14,7 @@ //Initial top level module `include "config_defines.svh" +`include "abr_prim_assert.sv" module mldsa_top import abr_prim_alert_pkg::*; @@ -34,6 +35,13 @@ module mldsa_top input logic clk, input logic rst_b, +`ifdef RV_FPGA_SCA + output wire NTT_trigger, + output wire PWM_trigger, + output wire PWA_trigger, + output wire INTT_trigger, +`endif + //ahb input input logic [AHB_ADDR_WIDTH-1:0] haddr_i, input logic [AHB_DATA_WIDTH-1:0] hwdata_i, @@ -259,6 +267,13 @@ mldsa_ctrl mldsa_control_inst .rst_b(rst_b), .zeroize(zeroize_reg), +`ifdef RV_FPGA_SCA + .NTT_trigger(NTT_trigger), + .PWM_trigger(PWM_trigger), + .PWA_trigger(PWA_trigger), + .INTT_trigger(INTT_trigger), +`endif + //control interface .mldsa_reg_hwif_in_o(mldsa_reg_hwif_in), .mldsa_reg_hwif_out_i(mldsa_reg_hwif_out), diff --git a/src/sample_in_ball/rtl/sample_in_ball_ctrl.sv b/src/sample_in_ball/rtl/sample_in_ball_ctrl.sv index 28c9d89..a0cec2b 100644 --- a/src/sample_in_ball/rtl/sample_in_ball_ctrl.sv +++ b/src/sample_in_ball/rtl/sample_in_ball_ctrl.sv @@ -105,11 +105,11 @@ module sample_in_ball_ctrl sib_done_o = 0; unique case (sib_fsm_ps) SIB_IDLE: begin - sign_buffer_en = 1; + sign_buffer_en = data_valid_i; sign_buffer_ph = 0; end SIB_SIGN_BUFFER: begin - sign_buffer_en = 1; + sign_buffer_en = data_valid_i; sign_buffer_ph = 1; end SIB_ACTIVE: begin @@ -242,4 +242,4 @@ module sample_in_ball_ctrl .rddata_i(rddata_i) ); -endmodule +endmodule \ No newline at end of file From f8f2f788cdee906d91cf8161dbc90286ece7b95b Mon Sep 17 00:00:00 2001 From: Emre Karabulut Date: Mon, 30 Sep 2024 11:53:52 -0700 Subject: [PATCH 08/10] sample_in_ball_ctrl.sv and abr_piso.sv have been merged with Mike's updates --- src/abr_libs/rtl/abr_piso.sv | 2 +- src/sample_in_ball/rtl/sample_in_ball_ctrl.sv | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/abr_libs/rtl/abr_piso.sv b/src/abr_libs/rtl/abr_piso.sv index d0d9b7e..8ee6c8d 100644 --- a/src/abr_libs/rtl/abr_piso.sv +++ b/src/abr_libs/rtl/abr_piso.sv @@ -110,4 +110,4 @@ module abr_piso end // {{PISO_BUFFER_W - PISO_INPUT_RATE[mode]{1'b0}}, -endmodule \ No newline at end of file +endmodule diff --git a/src/sample_in_ball/rtl/sample_in_ball_ctrl.sv b/src/sample_in_ball/rtl/sample_in_ball_ctrl.sv index a0cec2b..b9e252e 100644 --- a/src/sample_in_ball/rtl/sample_in_ball_ctrl.sv +++ b/src/sample_in_ball/rtl/sample_in_ball_ctrl.sv @@ -242,4 +242,4 @@ module sample_in_ball_ctrl .rddata_i(rddata_i) ); -endmodule \ No newline at end of file +endmodule From 452df6781d8eb30c4e0feab16f73f2c54bb924fc Mon Sep 17 00:00:00 2001 From: Emre Karabulut Date: Mon, 30 Sep 2024 12:22:46 -0700 Subject: [PATCH 09/10] added missing parts to the top file --- src/mldsa_top/rtl/mldsa_top.sv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mldsa_top/rtl/mldsa_top.sv b/src/mldsa_top/rtl/mldsa_top.sv index 0801e05..585a029 100644 --- a/src/mldsa_top/rtl/mldsa_top.sv +++ b/src/mldsa_top/rtl/mldsa_top.sv @@ -1123,4 +1123,4 @@ mldsa_ram_inst3 `ABR_ASSERT_PRIM_COUNT_ERROR_TRIGGER_ALERT(RoundCountCheck_A, sampler_top_inst.sha3_inst.u_keccak.u_round_count, alert_tx_o[1]) -endmodule +endmodule \ No newline at end of file From 42ca139eb0558261bce4243095e19a7c8841b23c Mon Sep 17 00:00:00 2001 From: Emre Karabulut Date: Thu, 10 Oct 2024 11:19:16 -0700 Subject: [PATCH 10/10] license was added --- src/abr_libs/rtl/abr_1r1w_be_ram.sv | 1 + src/abr_libs/rtl/abr_1r1w_ram.sv | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/src/abr_libs/rtl/abr_1r1w_be_ram.sv b/src/abr_libs/rtl/abr_1r1w_be_ram.sv index 6c77299..faa0118 100644 --- a/src/abr_libs/rtl/abr_1r1w_be_ram.sv +++ b/src/abr_libs/rtl/abr_1r1w_be_ram.sv @@ -11,6 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. + `include "config_defines.svh" module abr_1r1w_be_ram #( parameter DEPTH = 64 diff --git a/src/abr_libs/rtl/abr_1r1w_ram.sv b/src/abr_libs/rtl/abr_1r1w_ram.sv index 81f90d5..f831450 100644 --- a/src/abr_libs/rtl/abr_1r1w_ram.sv +++ b/src/abr_libs/rtl/abr_1r1w_ram.sv @@ -1,3 +1,17 @@ +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + `include "config_defines.svh" `ifndef RV_FPGA_OPTIMIZE module abr_1r1w_ram #(