| // Copyright lowRISC contributors. |
| // Licensed under the Apache License, Version 2.0, see LICENSE for details. |
| // SPDX-License-Identifier: Apache-2.0 |
| { |
| name: "aes" |
| import_testplans: ["hw/dv/tools/dvsim/testplans/csr_testplan.hjson", |
| "hw/dv/tools/dvsim/testplans/shadow_reg_errors_testplan.hjson", |
| "hw/dv/tools/dvsim/testplans/alert_test_testplan.hjson", |
| "hw/dv/tools/dvsim/testplans/tl_device_access_types_testplan.hjson", |
| "aes_sec_cm_testplan.hjson"] |
| testpoints: [ |
| // { |
| // name: default_setting |
| // desc: ''' |
| // ''' |
| // stage: V1 |
| // tests: [] |
| // } |
| { |
| name: wake_up |
| desc: ''' |
| Basic hello world, encrypt a plain text read it back - decrypt and compare to input.''' |
| stage: V1 |
| tests: ["aes_wake_up"] |
| } |
| { |
| name: smoke |
| desc: ''' |
| Encrypt a plain text read it back - decrypt and compare to input but use reference model to compare after both encryption and decryption.''' |
| stage: V1 |
| tests: ["aes_smoke"] |
| } |
| { |
| name: algorithm |
| desc: ''' |
| Compare cypher text from DUT with the output of a C model using same key and data.''' |
| stage: V2 |
| tests: ["aes_smoke", "aes_stress", "aes_config_error"] |
| } |
| { |
| name: key_length |
| desc: ''' |
| Randomly select key length to verify all supported key lengths are working.''' |
| stage: V2 |
| tests: ["aes_stress", "aes_smoke", "aes_config_error"] |
| } |
| { |
| name: back2back |
| desc: ''' |
| Back to back Messages are not possible as the DUT need to be idle before writing a new configuration. |
| But Back2back verifies that DUT can handle back to back data blocks and other spacings.''' |
| stage: V2 |
| tests: ["aes_b2b", "aes_stress"] |
| } |
| { |
| name: backpressure |
| desc: ''' |
| Try to write data to registers without offloading the DUT output to verify Stall functionality.''' |
| stage: V2 |
| tests: ["aes_stress"] |
| } |
| { |
| name: multi_message |
| desc: ''' |
| Run multiple messages in a random mix of encryption / decryption. |
| Each message should select its mode randomly.''' |
| stage: V2 |
| tests: ["aes_stress", "aes_smoke", "aes_config_error", "aes_alert_reset"] |
| } |
| { |
| name: failure_test |
| desc: ''' |
| - Tests what happens if a register is written a the wrong time? |
| If a key does not match the key setting etc. |
| Will the DUT ignore or fail gracefully. |
| - Enter a 256bit key but set DUT to use 128bit for encryption. |
| Then enter the 128bit of the key and use for decryption. |
| Will result match plain text and vice. |
| - Write unsupported configurations (Key length and mode are 1 hot, what happens if more than one bit is set.)''' |
| stage: V2 |
| tests: ["aes_config_error", "aes_alert_reset", "aes_man_cfg_err"] |
| } |
| { |
| name: trigger_clear_test |
| desc: ''' |
| Exercise trigger and clear registers at random times to make sure we handle the different cornercases correctly. |
| Example of a cornercases clearing data input or data output before the data is consumed or the DUT finishes an operation.''' |
| stage: V2 |
| tests: ["aes_clear"] |
| } |
| { |
| name: nist_test_vectors |
| desc: ''' |
| Verify that the DUT handles the NIST test vectors correctly.''' |
| stage: V2 |
| tests: ["aes_nist_vectors"] |
| } |
| { |
| name: reset_recovery |
| desc: ''' |
| Pull reset at random times, make sure DUT recover/resets correctly and there is no residual data left in the registers.''' |
| stage: V2 |
| tests: ["aes_alert_reset"] |
| } |
| { |
| name: stress |
| desc: ''' |
| This will combine the other individual testpoints to ensure we stress test everything across the board.''' |
| stage: V2 |
| tests: ["aes_stress"] |
| } |
| { |
| name: sideload |
| desc: ''' |
| Verify that DUT uses sideload correctly when sideload is enabled. |
| and that it ignores any valid on the bus when disabled.''' |
| stage: V2 |
| tests: ["aes_stress", "aes_sideload"] |
| } |
| { |
| name: deinitialization |
| desc: ''' |
| Make sure that there is no residual data from latest operation. ''' |
| stage: V2 |
| tests: ["aes_deinit"] |
| } |
| { |
| name: reseeding |
| desc: ''' |
| excercise the different PRNG reseeding configurations |
| for reseeding every 8k blocks the DUT internal block counter will be manually changed to something close to 8k. |
| to provoke the reseeding within reasonable simulation time ''' |
| stage: V2S |
| tests: ["aes_reseed"] |
| } |
| { |
| name:fault_inject |
| desc: ''' |
| Verify that injecting bit errors in one of the state machines or the round counter triggers an error ''' |
| stage: V2S |
| tests: ["aes_fi", "aes_control_fi", "aes_cipher_fi"] |
| } |
| ] |
| |
| |
| covergroups: [ |
| { |
| name: key_iv_data_cg |
| desc: ''' |
| Covers that these registers have been written in random order and interleaved and that it has triggered an operation. |
| - the individual registers (KEY/IV/DATA) can be written in random order |
| - The writes to these registers can also be interleaved |
| - Data out can be read in random order |
| ''' |
| } |
| { |
| name: ctrl_reg_cg |
| desc: ''' |
| Covers that all valid settings have been tested. |
| Further more it covers that also illegal values have been tested. |
| Individual control settings that are covered includes: |
| - operation (encode/decode/illegal) |
| - mode (all modes + illegal/aes_none) |
| - key_len (128/192/256 + illegal) |
| - sideload |
| - prng_reseed_rate(all + illegal) |
| - manual operation |
| |
| All valid combinations of these will be crossed. |
| ''' |
| } |
| { |
| name: ctrl_aux_cg |
| desc: ''' |
| Covers when enabled a complete write forces a reseed. |
| this is done by checking the DUT goes out of idle state after a full key has been provided. |
| also covers that this is not the case then key_touch_forces_reseed = 0. |
| ''' |
| } |
| { |
| name: trigger_cg |
| desc: ''' |
| This covergroup has two very different cover points. |
| - start covers that a start initiates an operation in manual mode. |
| and that it does not when not in manual mode |
| - that a write to key_iv_data_in/data_out_clear clear clears the data from the register |
| Additionally it covers that going from automatic mode to manual mode it is not possible to trigger a start without configuring the DUT (writing to CTRL should trigger a need for new configuration) |
| The prng reseed is covered by the reseed_cg |
| ''' |
| } |
| { |
| name: status_cg |
| desc: ''' |
| Covers the different status bits was seen |
| ''' |
| } |
| { |
| name: reseed_cg |
| desc: ''' |
| Cover that the different reseed configurations has been used. |
| - reseed_rate (per_1, per_64, per_8k) |
| ''' |
| } |
| { |
| name: fault_inject_cg |
| desc: ''' |
| Cover that a recoverable error has been seen: |
| - When the DUT is idle but just about to start |
| - When the DUT is busy |
| ''' |
| } |
| { |
| name: self_clearing_cg |
| desc: ''' |
| Cover that the DUT self clearing is working correctly. |
| An attack could be made by triggering an operation after a reset without configuring the DUT. |
| The self clearing mechanism should prevent the DUT from starting. |
| This mechanism should also clear any data in the output register with random data |
| After a reset is pulled two things will be covered |
| - manually write trigger.start and poll status.idle and make sure the DUT stays in idle. |
| - read output registers make sure output is no longer present |
| ''' |
| } |
| { |
| name: dut_busy_cg |
| desc: ''' |
| Cover that a busy DUT cannot be manipulated. |
| This includes: |
| - Trying to change the configuration (CTRL) |
| - Trying to change the key |
| - Trying to change the IV |
| ''' |
| } |
| { |
| name: sideload_cg |
| desc: ''' |
| Cover sideload functionality |
| This includes: |
| - That an operation does not start before a valid key is present at the sideload interface with sideload enabled. |
| - That a key on the sideload interface is not consumed when sideload is disabled. |
| ''' |
| } |
| |
| ] |
| } |
