The incorrect thing happens when xc.gather.b instructions are used to perform SBOX operation in AES encode.
The code snippet is as follows:
xc.gather.b c4, c0, a1
xc.gather.b c5, c1, a1
xc.gather.b c6, c2, a1
xc.gather.b c7, c3, a1
where c0-c3 consist of 16 bytes data, a1 points to SBOX array, c4-c7 are results of SBOX operation.
The incorrect thing happens when xc.gather.b instructions are used to perform SBOX operation in AES encode. The code snippet is as follows: xc.gather.b c4, c0, a1 xc.gather.b c5, c1, a1 xc.gather.b c6, c2, a1 xc.gather.b c7, c3, a1 where c0-c3 consist of 16 bytes data, a1 points to SBOX array, c4-c7 are results of SBOX operation.
Simulator command: ./work/verilator/scarv_prv_xcrypt_top +q +TIMEOUT=300000 +IMEM=work/examples/aes-test.srec +WAVES=work/verilator/vl_waves.vcd +PASS_ADDR=0xC000001C +FAIL_ADDR=0xC0000010
Output:
0014131211100F0E9686765646362616 // test-data1 0014131211100F0E9686765646362616 // test-data2
63FA7DC982CA76AB904438B15A05F747 // aes_enc_sub (test-data1) 63FA7DC982CA76AB9044B1B15A054747 // aes_enc_sub_gather (test-data2)