-
Notifications
You must be signed in to change notification settings - Fork 777
/
hmac_testplan.hjson
222 lines (220 loc) · 8.39 KB
/
hmac_testplan.hjson
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
// Copyright lowRISC contributors (OpenTitan project).
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
{
name: "hmac"
import_testplans: ["hw/dv/tools/dvsim/testplans/csr_testplan.hjson",
"hw/dv/tools/dvsim/testplans/alert_test_testplan.hjson",
"hw/dv/tools/dvsim/testplans/intr_test_testplan.hjson",
"hw/dv/tools/dvsim/testplans/stress_all_with_reset_testplan.hjson",
"hw/dv/tools/dvsim/testplans/tl_device_access_types_testplan.hjson",
"hmac_sec_cm_testplan.hjson"]
testpoints: [
{
name: smoke
desc: '''HMAC smoke test performs a few round of HMAC or SHA256-ONLY transactions with the
prodecures below:
- Set configuration register to randomly enable SHA256, hmac, endian_swap, and digest_swap
- Set interrupt enable register to randomly enable fifo_full, hmac_done, and err_code
interupts
- Randomly read previous digest result
- Write key
- Trigger HMAC hash_start
- Write HMAC message fifo with message length between 0 and 64 bytes
- check status and interrupt
- Trigger HMAC hash_process
- After hmac_done interrupt, read and check digest data'''
stage: V1
tests: ["hmac_smoke"]
}
{
name: long_msg
desc: '''Long_msg test is based on the smoke test. The message length is between 0 and
10,000 bytes.'''
stage: V2
tests: ["hmac_long_msg"]
}
{
name: back_pressure
desc: '''Back_pressure test is based on the long_msg test. The test disabled all the protocol
delays to make sure to have high chance of hitting the FIFO_FULL status.'''
stage: V2
tests: ["hmac_back_pressure"]
}
{
name: test_vectors
desc: '''From [NIST](https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing#shavs)
and [IETF](https://tools.ietf.org/html/rfc4868) websites, this test intends to use HMAC
and SHA test vectors to check if the reference model predicts correct data, and check if
DUT returns correct data.'''
stage: V2
tests: ["hmac_test_sha256_vectors", "hmac_test_sha384_vectors",
"hmac_test_sha512_vectors", "hmac_test_hmac256_vectors",
"hmac_test_hmac384_vectors", "hmac_test_hmac512_vectors"]
}
{
name: burst_wr
desc: '''Burst_wr test is based on the long_msg test. The test intends to test burst write a
pre-defined size of message without any status or interrupt checking.'''
stage: V2
tests: ["hmac_burst_wr"]
}
{
name: datapath_stress
desc: '''Datapath_stress test is based on the long_msg test. It enabled HMAC and message length
is set to N*64+1 in order to stress the datapath.'''
stage: V2
tests: ["hmac_datapath_stress"]
}
{
name: error
desc: '''This error case runs sequences that will cause interrupt bit hmac_err to set.
This sequence includes:
- Write msg_fifo or set hash_start when sha is disabled
- Update secret key when hash is in process
- Set hash_start when hash is active
- Write msg before hash_start is set'''
stage: V2
tests: ["hmac_error"]
}
{
name: wipe_secret
desc: '''This test issues wipe_secret on hmac process datapath.
Based on the smoke sequence, this sequence increases the message length, and randomly
issues wipe_secret in one of the following scenarios:
- Before entering HMAC secret keys.
This scenario represents wiping secrets when HMAC is idle.
- Before issuing HMAC start command.
This scenario represents wiping secrets when HMAC entered secret keys.
- Before issuing HMAC process command.
This scenario represents wiping secrets when HMAC is streaming in message data.
- Before HMAC finishes hashing process.
This scenario represents wiping secrets when HMAC is hashing messages and keys.
**Checks**:
The scoreboard will check if digest data are corrupted.
'''
stage: V2
tests: ["hmac_wipe_secret"]
}
{
name: save_and_restore
desc: '''Verify save & restore, which allows SW to switch between different parallel message streams.
- This feature is randomly exercised during most of the tests.
- When triggered it could go into 3 different scenarios:
- Stop and Continue without Saving and Restoring
- Save and Restore with same context
- Save and Restore with different contexts
'''
stage: V2
tests: ["hmac_smoke", "hmac_long_msg", "hmac_back_pressure", "hmac_burst_wr",
"hmac_stress_all", "hmac_datapath_stress"]
}
{
name: fifo_empty_status_interrupt
desc: '''Verify the FIFO empty status interrupt.
'''
stage: V2
tests: ["hmac_smoke",
"hmac_test_sha256_vectors",
"hmac_test_sha384_vectors",
"hmac_test_sha512_vectors",
"hmac_test_hmac256_vectors",
"hmac_test_hmac384_vectors",
"hmac_test_hmac512_vectors",
"hmac_datapath_stress",
"hmac_back_pressure",
"hmac_long_msg",
"hmac_wipe_secret",
]
}
{
name: wide_digest_configurable_key_length
desc: '''Verify wider (SHA-384 and SHA-512) digests as well as configurable key lengths.
- This feature is randomly exercised during most of the tests.
'''
stage: V2
tests: ["hmac_smoke", "hmac_long_msg", "hmac_back_pressure", "hmac_burst_wr",
"hmac_stress_all", "hmac_datapath_stress", "hmac_error", "hmac_wipe_secret",
"hmac_test_sha256_vectors", "hmac_test_sha384_vectors", "hmac_test_sha512_vectors",
"hmac_test_hmac256_vectors", "hmac_test_hmac384_vectors", "hmac_test_hmac512_vectors"]
}
{
name: stress_all
desc: "Stress_all test is a random mix of all the test above except csr tests."
stage: V2
tests: ["hmac_stress_all"]
}
{
name: write_config_and_secret_key_during_msg_wr
desc: "Change config registers and secret keys during msg write, make sure access is blocked."
stage: V3
tests: ["hmac_smoke"]
}
]
covergroups: [
{
name: cfg_cg
desc: '''Covers the cfg configurations below and their cross:
- hmac_en
- endian_swap
- digest_swap
'''
}
{
name: status_cg
desc: '''Covers the status bits below and cross them with different configurations above:
- fifo_empty
- fifo_full
- fifo_depth
'''
}
{
name: err_code_cg
desc: '''Covers the error scenarios below:
- No error.
- Push message when sha is disabled.
- Hash starts when sha is disabled.
- Update secret key when hash is in progress.
- Issue hash start again when hash in progress.
- Push message when hmac is idle.
'''
}
{
name: msg_len_cg
desc: "Covers the length of the streamed in message."
}
{
name: wr_config_during_hash_cg
desc: "Covers writing CFG register during ongoing HASH"
}
{
name: wr_key_during_hash_cg
desc: "Covers writing KEY register during ongoing HASH"
}
{
name: wr_key_during_sha_only_cg
desc: "Covers writing key length should be seamless while HMAC is disabled"
}
{
name: wr_msg_during_hash_cg
desc: "Covers writing a message while HASH is ongoing"
}
{
name: trig_rst_during_hash_cg
desc: "Covers triggering a reset during HASH is ongoing"
}
{
name: rd_digest_during_hmac_en_cg
desc: "Covers read and check DIGEST while HMAC is enabled/disabled"
}
{
name: save_and_restore_cg
desc: '''Covers Save and Restore with:
- same context
- different contexts
- only stop/continue without saving and restoring
- Cross all those types with digest sizes
'''
}
]
}