[keccak] Masked/Unmasked Keccak single round

This commit adds parameterized Keccak single round module.
`En2Share` parameter chooses the module to be secured against 1st order
SCA or unsecured version. If masked version is used, phase2 (sel_i ==
1) shall be maintained for two cycles as Masked AND logic has internal
FF only on one path.

FPV testbench is added. It runs unmasked Keccak and masked Keccak at the
same time and compare the output when a round is completed.

Signed-off-by: Eunchan Kim <eunchan@opentitan.org>

hw/ip/prim/rtl/prim_dom_and_2share.sv

diff --git a/hw/ip/prim/rtl/prim_dom_and_2share.sv b/hw/ip/prim/rtl/prim_dom_and_2share.sv
index 391bc2f..d6f9d1c 100644
--- a/hw/ip/prim/rtl/prim_dom_and_2share.sv
+++ b/hw/ip/prim/rtl/prim_dom_and_2share.sv
@@ -30,6 +30,7 @@
   parameter int EnNegedge  = 0 // Enable negedge of clk for register
 ) (
   input clk_i,
+  input rst_ni,
 
   input [DW-1:0] a0_i, // share0 of a
   input [DW-1:0] a1_i, // share1 of a
@@ -56,14 +57,24 @@
   assign t1_d = t_a1b0 ^ c1_i;
 
   if (EnNegedge == 1) begin: gen_negreg
-    always_ff @(negedge clk_i) begin
-      t0_q <= t0_d;
-      t1_q <= t1_d;
+    always_ff @(negedge clk_i or negedge rst_ni) begin
+      if (!rst_ni) begin
+        t0_q <= '0;
+        t1_q <= '0;
+      end else begin
+        t0_q <= t0_d;
+        t1_q <= t1_d;
+      end
     end
   end else begin: gen_posreg
-    always_ff @(posedge clk_i) begin
-      t0_q <= t0_d;
-      t1_q <= t1_d;
+    always_ff @(posedge clk_i or negedge rst_ni) begin
+      if (!rst_ni) begin
+        t0_q <= '0;
+        t1_q <= '0;
+      end else begin
+        t0_q <= t0_d;
+        t1_q <= t1_d;
+      end
     end
   end
 
@@ -74,7 +85,7 @@
 
   // DOM AND should be same as unmasked computation
   if ( !(EnNegedge == 0)) begin: gen_andchk
-    `ASSERT(UnmaskedValue_A, q0_o ^ q1_o == (a0_i ^ a1_i) & (b0_i & b1_i), clk_i, 1'b0)
+    `ASSERT(UnmaskedValue_A, q0_o ^ q1_o == (a0_i ^ a1_i) & (b0_i & b1_i), clk_i, !rst_ni)
   end
 
 endmodule