From 3707d0b36c0df11c65b0681bf29faa40ec9c541a Mon Sep 17 00:00:00 2001
From: Matt Lawson <128844552+mlawson-tt@users.noreply.github.com>
Date: Thu, 19 Dec 2024 06:14:41 -0500
Subject: [PATCH] Fix aes_shift_rows_fwd and aes_shift_rows_inv functions from
 latest vector spec

This PR updates the aes_shift_rows_fwd and aes_shift_rows_inv functions to match the versions defined in the latest vector crypto spec after this fix: riscv/riscv-crypto@a19ae20.

These functions are not used in any scalar instructions and are not currently called anywhere, so no existing functionality should be affected, but this change is necessary for the upcoming vector crypto implementation and ensures the versions in the scalar spec match the vector crypto spec (as the Sail versions are used directly in the scalar spec).
---
 model/riscv_types_kext.sail | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/model/riscv_types_kext.sail b/model/riscv_types_kext.sail
index 0ae260cb0..7390be93d 100644
--- a/model/riscv_types_kext.sail
+++ b/model/riscv_types_kext.sail
@@ -287,10 +287,10 @@ function aes_shift_rows_fwd(x) = {
   let ic2 : bits(32) = aes_get_column(x, 2);
   let ic1 : bits(32) = aes_get_column(x, 1);
   let ic0 : bits(32) = aes_get_column(x, 0);
-  let oc0 : bits(32) = ic0[31..24] @ ic1[23..16] @ ic2[15.. 8] @ ic3[ 7.. 0];
-  let oc1 : bits(32) = ic1[31..24] @ ic2[23..16] @ ic3[15.. 8] @ ic0[ 7.. 0];
-  let oc2 : bits(32) = ic2[31..24] @ ic3[23..16] @ ic0[15.. 8] @ ic1[ 7.. 0];
-  let oc3 : bits(32) = ic3[31..24] @ ic0[23..16] @ ic1[15.. 8] @ ic2[ 7.. 0];
+  let oc0 : bits(32) = ic3[31..24] @ ic2[23..16] @ ic1[15.. 8] @ ic0[ 7.. 0];
+  let oc1 : bits(32) = ic0[31..24] @ ic3[23..16] @ ic2[15.. 8] @ ic1[ 7.. 0];
+  let oc2 : bits(32) = ic1[31..24] @ ic0[23..16] @ ic3[15.. 8] @ ic2[ 7.. 0];
+  let oc3 : bits(32) = ic2[31..24] @ ic1[23..16] @ ic0[15.. 8] @ ic3[ 7.. 0];
   (oc3 @ oc2 @ oc1 @ oc0) /* Return value */
 }
 
@@ -304,10 +304,10 @@ function aes_shift_rows_inv(x) = {
   let ic2 : bits(32) = aes_get_column(x, 2);
   let ic1 : bits(32) = aes_get_column(x, 1);
   let ic0 : bits(32) = aes_get_column(x, 0);
-  let oc0 : bits(32) = ic0[31..24] @ ic3[23..16] @ ic2[15.. 8] @ ic1[ 7.. 0];
-  let oc1 : bits(32) = ic1[31..24] @ ic0[23..16] @ ic3[15.. 8] @ ic2[ 7.. 0];
-  let oc2 : bits(32) = ic2[31..24] @ ic1[23..16] @ ic0[15.. 8] @ ic3[ 7.. 0];
-  let oc3 : bits(32) = ic3[31..24] @ ic2[23..16] @ ic1[15.. 8] @ ic0[ 7.. 0];
+  let oc0 : bits(32) = ic1[31..24] @ ic2[23..16] @ ic3[15.. 8] @ ic0[ 7.. 0];
+  let oc1 : bits(32) = ic2[31..24] @ ic3[23..16] @ ic0[15.. 8] @ ic1[ 7.. 0];
+  let oc2 : bits(32) = ic3[31..24] @ ic0[23..16] @ ic1[15.. 8] @ ic2[ 7.. 0];
+  let oc3 : bits(32) = ic0[31..24] @ ic1[23..16] @ ic2[15.. 8] @ ic3[ 7.. 0];
   (oc3 @ oc2 @ oc1 @ oc0) /* Return value */
 }