Software APIs
dif_aes_unittest.cc
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #include "sw/device/lib/dif/dif_aes.h"
6 
7 #include "gtest/gtest.h"
8 #include "sw/device/lib/base/macros.h"
9 #include "sw/device/lib/base/mmio.h"
10 #include "sw/device/lib/base/mock_mmio.h"
11 #include "sw/device/lib/dif/dif_test_base.h"
12 
13 extern "C" {
14 #include "aes_regs.h" // Generated.
15 } // extern "C"
16 
17 namespace dif_aes_test {
18 namespace {
19 using mock_mmio::MmioTest;
20 using mock_mmio::MockDevice;
21 using testing::ElementsAreArray;
22 using testing::Test;
23 
24 // Base class for the rest fixtures in this file.
25 class AesTest : public testing::Test, public mock_mmio::MmioTest {
26  public:
27  void ExpectReadMultreg(const uint32_t reg, const uint32_t *data,
28  size_t size) {
29  for (uint32_t i = 0; i < size; ++i) {
30  ptrdiff_t offset = reg + (i * sizeof(uint32_t));
31  EXPECT_READ32(offset, data[i]);
32  }
33  }
34  void ExpectWriteMultreg(const uint32_t reg, const uint32_t *data,
35  size_t size) {
36  for (uint32_t i = 0; i < size; ++i) {
37  ptrdiff_t offset = reg + (i * sizeof(uint32_t));
38  EXPECT_WRITE32(offset, data[i]);
39  }
40  }
41  void ExpectKey(const dif_aes_key_share_t &key, uint32_t key_size) {
42  ExpectWriteMultreg(AES_KEY_SHARE0_0_REG_OFFSET, key.share0, key_size);
43  ExpectWriteMultreg(AES_KEY_SHARE1_0_REG_OFFSET, key.share1, key_size);
44  }
45 
46  void ExpectIv(const dif_aes_iv_t &iv, const uint32_t kIvSize = 4) {
47  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_IDLE_BIT, true}});
48  ExpectWriteMultreg(AES_IV_0_REG_OFFSET, iv.iv, kIvSize);
49  }
50 
51  struct ConfigOptions {
52  uint32_t key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128;
53  uint32_t mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB;
54  uint32_t operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC;
55  uint32_t mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1;
56  bool manual_op = false;
57  bool key_sideloaded = false;
58  };
59 
60  void ExpectConfig(const ConfigOptions &options) {
61  EXPECT_WRITE32_SHADOWED(
62  AES_CTRL_SHADOWED_REG_OFFSET,
63  {{AES_CTRL_SHADOWED_KEY_LEN_OFFSET, options.key_len},
64  {AES_CTRL_SHADOWED_MODE_OFFSET, options.mode},
65  {AES_CTRL_SHADOWED_OPERATION_OFFSET, options.operation},
66  {AES_CTRL_SHADOWED_PRNG_RESEED_RATE_OFFSET, options.mask_reseed},
67  {AES_CTRL_SHADOWED_MANUAL_OPERATION_BIT, options.manual_op},
68  {AES_CTRL_SHADOWED_SIDELOAD_BIT, options.key_sideloaded}});
69  }
70 
71  struct AuxConfigOptions {
72  bool reseed_on_key_change = false;
73  bool force_masks = false;
74  bool lock = false;
75  };
76  void ExpectAuxConfig(const AuxConfigOptions &options) {
77  EXPECT_READ32(AES_CTRL_AUX_REGWEN_REG_OFFSET,
78  {{AES_CTRL_AUX_REGWEN_CTRL_AUX_REGWEN_BIT, 1}});
79 
80  EXPECT_WRITE32_SHADOWED(
81  AES_CTRL_AUX_SHADOWED_REG_OFFSET,
82  {{AES_CTRL_AUX_SHADOWED_KEY_TOUCH_FORCES_RESEED_BIT,
83  options.reseed_on_key_change},
84  {AES_CTRL_AUX_SHADOWED_FORCE_MASKS_BIT, options.force_masks}});
85 
86  EXPECT_WRITE32(AES_CTRL_AUX_REGWEN_REG_OFFSET,
87  {{AES_CTRL_AUX_REGWEN_CTRL_AUX_REGWEN_BIT, !options.lock}});
88  }
89 };
90 
91 // Init tests
92 class AesInitTest : public AesTest {};
93 
94 TEST_F(AesInitTest, NullArgs) {
95  EXPECT_DIF_BADARG(dif_aes_init(dev().region(), nullptr));
96 }
97 
98 TEST_F(AesInitTest, Sucess) {
99  dif_aes_t aes;
100  EXPECT_DIF_OK(dif_aes_init(dev().region(), &aes));
101 }
102 
103 // Base class for the rest of the tests in this file, provides a
104 // `dif_aes_t` instance.
105 class AesTestInitialized : public AesTest {
106  protected:
107  dif_aes_t aes_;
108 
109  dif_aes_transaction_t transaction_ = {
110  .operation = kDifAesOperationEncrypt,
111  .mode = kDifAesModeEcb,
112  .key_len = kDifAesKey128,
113  .manual_operation = kDifAesManualOperationAuto,
114  .key_provider = kDifAesKeySoftwareProvided,
115  .mask_reseeding = kDifAesReseedPerBlock,
116  .reseed_on_key_change = false,
117  .force_masks = false,
118  .ctrl_aux_lock = false,
119  };
120 
121  const dif_aes_key_share_t kKey = {
122  .share0 = {0x59, 0x70, 0x33, 0x73, 0x36, 0x76, 0x39, 0x79},
123  .share1 = {0x4B, 0x61, 0x50, 0x64, 0x53, 0x67, 0x56, 0x6B}};
124 
125  const dif_aes_iv_t kIv = {0x50, 0x64, 0x53, 0x67};
126 
127  AesTestInitialized() { EXPECT_DIF_OK(dif_aes_init(dev().region(), &aes_)); }
128 };
129 
130 // ECB tests.
131 class EcbTest : public AesTestInitialized {
132  protected:
133  EcbTest() { transaction_.mode = kDifAesModeEcb; }
134 };
135 
136 TEST_F(EcbTest, start) {
137  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
138  ExpectConfig({
139  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
140  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB,
141  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
142  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
143  });
144  ExpectAuxConfig({});
145  ExpectKey(kKey, 8);
146 
147  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, nullptr));
148 }
149 
150 class CbcTest : public AesTestInitialized {
151  protected:
152  CbcTest() { transaction_.mode = kDifAesModeCbc; }
153 };
154 
155 TEST_F(CbcTest, start) {
156  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
157  ExpectConfig({
158  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
159  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_CBC,
160  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
161  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
162  });
163  ExpectAuxConfig({});
164  ExpectKey(kKey, 8);
165  ExpectIv(kIv);
166 
167  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, &kIv));
168 }
169 
170 // CFB tests.
171 class CFBTest : public AesTestInitialized {
172  protected:
173  CFBTest() { transaction_.mode = kDifAesModeCfb; }
174 };
175 
176 TEST_F(CFBTest, start) {
177  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
178  ExpectConfig({
179  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
180  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_CFB,
181  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
182  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
183  });
184  ExpectAuxConfig({});
185  ExpectKey(kKey, 8);
186  ExpectIv(kIv);
187 
188  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, &kIv));
189 }
190 
191 // OFB tests.
192 class OFBTest : public AesTestInitialized {
193  protected:
194  OFBTest() { transaction_.mode = kDifAesModeOfb; }
195 };
196 
197 TEST_F(OFBTest, start) {
198  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
199  ExpectConfig({
200  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
201  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_OFB,
202  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
203  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
204  });
205  ExpectAuxConfig({});
206  ExpectKey(kKey, 8);
207  ExpectIv(kIv);
208 
209  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, &kIv));
210 }
211 
212 // CTR tests.
213 class CTRTest : public AesTestInitialized {
214  protected:
215  CTRTest() { transaction_.mode = kDifAesModeCtr; }
216 };
217 
218 TEST_F(CTRTest, start) {
219  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
220  ExpectConfig({
221  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
222  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_CTR,
223  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
224  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
225  });
226  ExpectAuxConfig({});
227  ExpectKey(kKey, 8);
228  ExpectIv(kIv);
229 
230  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, &kIv));
231 }
232 
233 // Decrypt tests.
234 class DecryptTest : public AesTestInitialized {
235  protected:
236  DecryptTest() {
237  transaction_.mode = kDifAesModeEcb;
238  transaction_.operation = kDifAesOperationDecrypt;
239  }
240 };
241 
242 TEST_F(DecryptTest, start) {
243  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
244  ExpectConfig({
245  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
246  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB,
247  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_DEC,
248  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
249  });
250  ExpectAuxConfig({});
251  ExpectKey(kKey, 8);
252 
253  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, nullptr));
254 }
255 
256 // Key size test.
257 class Key192Test : public AesTestInitialized {
258  protected:
259  Key192Test() { transaction_.key_len = kDifAesKey192; }
260 };
261 
262 TEST_F(Key192Test, start) {
263  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
264  ExpectConfig({
265  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_192,
266  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB,
267  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
268  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
269  });
270  ExpectAuxConfig({});
271  ExpectKey(kKey, 8);
272 
273  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, nullptr));
274 }
275 
276 // Key size test.
277 class Key256Test : public AesTestInitialized {
278  protected:
279  Key256Test() { transaction_.key_len = kDifAesKey256; }
280 };
281 
282 TEST_F(Key256Test, start) {
283  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
284  ExpectConfig({
285  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_256,
286  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB,
287  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
288  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
289  });
290  ExpectAuxConfig({});
291  ExpectKey(kKey, 8);
292 
293  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, nullptr));
294 }
295 
296 // Manual operation
297 class ManualOperationTest : public AesTestInitialized {
298  protected:
299  ManualOperationTest() {
300  transaction_.manual_operation = kDifAesManualOperationManual;
301  }
302 };
303 
304 TEST_F(ManualOperationTest, start) {
305  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
306  ExpectConfig({
307  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
308  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB,
309  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
310  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
311  .manual_op = true,
312  });
313  ExpectAuxConfig({});
314  ExpectKey(kKey, 8);
315 
316  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, nullptr));
317 }
318 
319 // Alert test.
320 class AlertTest : public AesTestInitialized {};
321 
322 TEST_F(AlertTest, RecovCtrlUpdateErr) {
323  EXPECT_WRITE32(AES_ALERT_TEST_REG_OFFSET,
324  {{AES_ALERT_TEST_RECOV_CTRL_UPDATE_ERR_BIT, true},
325  {AES_ALERT_TEST_FATAL_FAULT_BIT, false}});
326 
327  EXPECT_DIF_OK(dif_aes_alert_force(&aes_, kDifAesAlertRecovCtrlUpdateErr));
328 }
329 
330 TEST_F(AlertTest, AlertFatalFault) {
331  EXPECT_WRITE32(AES_ALERT_TEST_REG_OFFSET,
332  {{AES_ALERT_TEST_RECOV_CTRL_UPDATE_ERR_BIT, false},
333  {AES_ALERT_TEST_FATAL_FAULT_BIT, true}});
334 
335  EXPECT_DIF_OK(dif_aes_alert_force(&aes_, kDifAesAlertFatalFault));
336 }
337 
338 // Data tests.
339 class DataTest : public AesTestInitialized {
340  protected:
341  const dif_aes_data_t data_ = {
342  .data = {0xA55AA55A, 0xA55AA55A, 0xA55AA55A, 0xA55AA55A}};
343 };
344 
345 TEST_F(DataTest, DataIn) {
346  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_INPUT_READY_BIT, true}});
347 
348  ExpectWriteMultreg(AES_DATA_IN_0_REG_OFFSET, data_.data,
349  ARRAYSIZE(data_.data));
350 
351  EXPECT_DIF_OK(dif_aes_load_data(&aes_, data_));
352 }
353 
354 TEST_F(DataTest, DataOut) {
355  EXPECT_READ32(AES_STATUS_REG_OFFSET, {
356  {AES_STATUS_INPUT_READY_BIT, true},
357  {AES_STATUS_OUTPUT_VALID_BIT, true},
358  });
359 
360  ExpectReadMultreg(AES_DATA_OUT_0_REG_OFFSET, data_.data,
361  ARRAYSIZE(data_.data));
362 
363  dif_aes_data_t out;
364  EXPECT_DIF_OK(dif_aes_read_output(&aes_, &out));
365 
366  EXPECT_THAT(out.data, ElementsAreArray(data_.data));
367 }
368 
369 class DataProcessTest : public AesTestInitialized {
370  protected:
371  static constexpr size_t kBlockCount = 3;
372  static constexpr size_t kBlockSize = 4;
373  static constexpr dif_aes_data_t kDataIn[kBlockCount] = {
374  {.data = {0xA55AA55A, 0xA55AA55A, 0xA55AA55A, 0xA55AA55A}},
375  {.data = {0x5AA5A55A, 0x5AA5A55A, 0x5AA5A55A, 0x5AA5A55A}},
376  {.data = {0xA55AA55A, 0xA55AA55A, 0xA55AA55A, 0xA55AA55A}},
377  };
378 
379  static constexpr dif_aes_data_t kDataOut[kBlockCount] = {
380  {.data = {0xB44BB44B, 0xB44BB44B, 0xB44BB44B, 0xB44BB44B}},
381  {.data = {0x4BB4B44B, 0x4BB4B44B, 0x4BB4B44B, 0x4BB4B44B}},
382  {.data = {0xB44BB44B, 0xB44BB44B, 0xB44BB44B, 0xB44BB44B}},
383  };
384 };
385 constexpr size_t DataProcessTest::kBlockCount;
386 constexpr size_t DataProcessTest::kBlockSize;
387 constexpr dif_aes_data_t DataProcessTest::kDataIn[kBlockCount];
388 constexpr dif_aes_data_t DataProcessTest::kDataOut[kBlockCount];
389 
390 TEST_F(DataProcessTest, ThreeBlocksSuccess) {
391  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_INPUT_READY_BIT, true},
392  {AES_STATUS_OUTPUT_VALID_BIT, true}});
393 
394  ExpectWriteMultreg(AES_DATA_IN_0_REG_OFFSET, kDataIn[0].data, kBlockSize);
395  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_INPUT_READY_BIT, true}});
396 
397  ExpectWriteMultreg(AES_DATA_IN_0_REG_OFFSET, kDataIn[1].data, kBlockSize);
398  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_OUTPUT_VALID_BIT, true}});
399  ExpectReadMultreg(AES_DATA_OUT_0_REG_OFFSET, kDataOut[0].data, kBlockSize);
400 
401  ExpectWriteMultreg(AES_DATA_IN_0_REG_OFFSET, kDataIn[2].data, kBlockSize);
402  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_OUTPUT_VALID_BIT, true}});
403  ExpectReadMultreg(AES_DATA_OUT_0_REG_OFFSET, kDataOut[1].data, kBlockSize);
404 
405  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_OUTPUT_VALID_BIT, true}});
406  ExpectReadMultreg(AES_DATA_OUT_0_REG_OFFSET, kDataOut[2].data, kBlockSize);
407 
408  dif_aes_data_t out[kBlockCount];
409  EXPECT_DIF_OK(dif_aes_process_data(&aes_, kDataIn, out, kBlockCount));
410 
411  for (size_t i = 0; i < kBlockCount; ++i) {
412  EXPECT_THAT(out[i].data, ElementsAreArray(kDataOut[i].data));
413  }
414 }
415 
416 TEST_F(DataProcessTest, OneBlockSuccess) {
417  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_INPUT_READY_BIT, true}});
418  ExpectWriteMultreg(AES_DATA_IN_0_REG_OFFSET, kDataIn[0].data, kBlockSize);
419 
420  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_OUTPUT_VALID_BIT, true}});
421  ExpectReadMultreg(AES_DATA_OUT_0_REG_OFFSET, kDataOut[0].data, kBlockSize);
422 
423  dif_aes_data_t out[kBlockCount];
424  EXPECT_DIF_OK(dif_aes_process_data(&aes_, kDataIn, out, 1));
425  EXPECT_THAT(out[0].data, ElementsAreArray(kDataOut[0].data));
426 }
427 
428 TEST_F(DataProcessTest, OneBlockUnavailable) {
429  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_INPUT_READY_BIT, false}});
430 
431  dif_aes_data_t out[kBlockCount];
432  EXPECT_EQ(dif_aes_process_data(&aes_, kDataIn, out, 1), kDifUnavailable);
433 }
434 // Read the IV tests.
435 class IVTest : public AesTestInitialized {};
436 
437 TEST_F(IVTest, Read) {
438  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_IDLE_BIT, true}});
439 
440  ExpectReadMultreg(AES_IV_0_REG_OFFSET, kIv.iv, ARRAYSIZE(kIv.iv));
441  dif_aes_iv_t iv;
442  EXPECT_DIF_OK(dif_aes_read_iv(&aes_, &iv));
443 
444  EXPECT_THAT(iv.iv, ElementsAreArray(kIv.iv));
445 }
446 
447 // Trigger
448 class TriggerTest : public AesTestInitialized {};
449 
450 TEST_F(TriggerTest, Start) {
451  EXPECT_WRITE32(AES_TRIGGER_REG_OFFSET, {{AES_TRIGGER_START_BIT, true}});
452 
453  EXPECT_DIF_OK(dif_aes_trigger(&aes_, kDifAesTriggerStart));
454 }
455 
456 TEST_F(TriggerTest, KeyIvDataInClear) {
457  EXPECT_WRITE32(AES_TRIGGER_REG_OFFSET,
458  {
459  {AES_TRIGGER_KEY_IV_DATA_IN_CLEAR_BIT, true},
460  });
461 
462  EXPECT_DIF_OK(dif_aes_trigger(&aes_, kDifAesTriggerKeyIvDataInClear));
463 }
464 
465 TEST_F(TriggerTest, DataOutClear) {
466  EXPECT_WRITE32(AES_TRIGGER_REG_OFFSET,
467  {
468  {AES_TRIGGER_DATA_OUT_CLEAR_BIT, true},
469  });
470 
471  EXPECT_DIF_OK(dif_aes_trigger(&aes_, kDifAesTriggerDataOutClear));
472 }
473 
474 TEST_F(TriggerTest, PrngReseed) {
475  EXPECT_WRITE32(AES_TRIGGER_REG_OFFSET,
476  {
477  {AES_TRIGGER_PRNG_RESEED_BIT, true},
478  });
479 
480  EXPECT_DIF_OK(dif_aes_trigger(&aes_, kDifAesTriggerPrngReseed));
481 }
482 
483 // Status
484 class Status : public AesTestInitialized {};
485 
486 TEST_F(Status, True) {
487  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_IDLE_BIT, true}});
488  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_STALL_BIT, true}});
489  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_OUTPUT_LOST_BIT, true}});
490  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_OUTPUT_VALID_BIT, true}});
491  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_INPUT_READY_BIT, true}});
492  EXPECT_READ32(AES_STATUS_REG_OFFSET,
493  {{AES_STATUS_ALERT_FATAL_FAULT_BIT, true}});
494  EXPECT_READ32(AES_STATUS_REG_OFFSET,
495  {{AES_STATUS_ALERT_RECOV_CTRL_UPDATE_ERR_BIT, true}});
496 
497  bool set;
498  EXPECT_DIF_OK(dif_aes_get_status(&aes_, kDifAesStatusIdle, &set));
499  EXPECT_TRUE(set);
500 
501  EXPECT_DIF_OK(dif_aes_get_status(&aes_, kDifAesStatusStall, &set));
502  EXPECT_TRUE(set);
503 
504  EXPECT_DIF_OK(dif_aes_get_status(&aes_, kDifAesStatusOutputLost, &set));
505  EXPECT_TRUE(set);
506 
507  EXPECT_DIF_OK(dif_aes_get_status(&aes_, kDifAesStatusOutputValid, &set));
508  EXPECT_TRUE(set);
509 
510  EXPECT_DIF_OK(dif_aes_get_status(&aes_, kDifAesStatusInputReady, &set));
511  EXPECT_TRUE(set);
512 
513  EXPECT_DIF_OK(dif_aes_get_status(&aes_, kDifAesStatusAlertFatalFault, &set));
514  EXPECT_TRUE(set);
515 
516  EXPECT_DIF_OK(
517  dif_aes_get_status(&aes_, kDifAesStatusAlertRecovCtrlUpdateErr, &set));
518  EXPECT_TRUE(set);
519 }
520 
521 TEST_F(Status, False) {
522  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_IDLE_BIT, false}});
523  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_STALL_BIT, false}});
524  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_OUTPUT_LOST_BIT, false}});
525  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_OUTPUT_VALID_BIT, false}});
526  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_INPUT_READY_BIT, false}});
527  EXPECT_READ32(AES_STATUS_REG_OFFSET,
528  {{AES_STATUS_ALERT_FATAL_FAULT_BIT, false}});
529  EXPECT_READ32(AES_STATUS_REG_OFFSET,
530  {{AES_STATUS_ALERT_RECOV_CTRL_UPDATE_ERR_BIT, false}});
531 
532  bool set;
533  EXPECT_DIF_OK(dif_aes_get_status(&aes_, kDifAesStatusIdle, &set));
534  EXPECT_FALSE(set);
535 
536  EXPECT_DIF_OK(dif_aes_get_status(&aes_, kDifAesStatusStall, &set));
537  EXPECT_FALSE(set);
538 
539  EXPECT_DIF_OK(dif_aes_get_status(&aes_, kDifAesStatusOutputLost, &set));
540  EXPECT_FALSE(set);
541 
542  EXPECT_DIF_OK(dif_aes_get_status(&aes_, kDifAesStatusOutputValid, &set));
543  EXPECT_FALSE(set);
544 
545  EXPECT_DIF_OK(dif_aes_get_status(&aes_, kDifAesStatusInputReady, &set));
546  EXPECT_FALSE(set);
547 
548  EXPECT_DIF_OK(dif_aes_get_status(&aes_, kDifAesStatusAlertFatalFault, &set));
549  EXPECT_FALSE(set);
550 
551  EXPECT_DIF_OK(
552  dif_aes_get_status(&aes_, kDifAesStatusAlertRecovCtrlUpdateErr, &set));
553  EXPECT_FALSE(set);
554 }
555 
556 // Sideloaded key.
557 class SideloadedKeyTest : public AesTestInitialized {
558  protected:
559  SideloadedKeyTest() { transaction_.key_provider = kDifAesKeySideload; }
560 };
561 
562 TEST_F(SideloadedKeyTest, start) {
563  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
564  ExpectConfig({.key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
565  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB,
566  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
567  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
568  .key_sideloaded = true});
569 
570  ExpectAuxConfig({});
571  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, nullptr, nullptr));
572 }
573 // Mask reseeding.
574 class MaskReseedingTest : public AesTestInitialized {};
575 
576 TEST_F(MaskReseedingTest, ReseedPer64Block) {
577  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
578  ExpectConfig({
579  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
580  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB,
581  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
582  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_64,
583  });
584  ExpectAuxConfig({});
585  ExpectKey(kKey, 8);
586  transaction_.mask_reseeding = kDifAesReseedPer64Block;
587  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, nullptr));
588 }
589 
590 TEST_F(MaskReseedingTest, ReseedPer8kBlock) {
591  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
592  ExpectConfig({
593  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
594  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB,
595  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
596  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_8K,
597  });
598  ExpectAuxConfig({});
599  ExpectKey(kKey, 8);
600  transaction_.mask_reseeding = kDifAesReseedPer8kBlock;
601  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, nullptr));
602 }
603 
604 // Reseed on key change.
605 class CtrlAuxTest : public AesTestInitialized {};
606 
607 TEST_F(CtrlAuxTest, Unlock) {
608  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
609  ExpectConfig({
610  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
611  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB,
612  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
613  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
614  });
615 
616  transaction_.reseed_on_key_change = true;
617  transaction_.force_masks = true;
618  ExpectAuxConfig({
619  .reseed_on_key_change = true,
620  .force_masks = true,
621  });
622  ExpectKey(kKey, 8);
623  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, nullptr));
624 }
625 
626 TEST_F(CtrlAuxTest, Lock) {
627  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
628  ExpectConfig({
629  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
630  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB,
631  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
632  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
633  });
634 
635  transaction_.reseed_on_key_change = true;
636  transaction_.ctrl_aux_lock = true;
637  ExpectAuxConfig({.reseed_on_key_change = true, .lock = true});
638  ExpectKey(kKey, 8);
639  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, nullptr));
640 }
641 
642 TEST_F(CtrlAuxTest, LockedSuccess) {
643  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
644  ExpectConfig({
645  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
646  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB,
647  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
648  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
649  });
650 
651  transaction_.reseed_on_key_change = true;
652  transaction_.ctrl_aux_lock = true;
653 
654  EXPECT_READ32(AES_CTRL_AUX_REGWEN_REG_OFFSET,
655  {{AES_CTRL_AUX_REGWEN_CTRL_AUX_REGWEN_BIT, 0}});
656  EXPECT_READ32(AES_CTRL_AUX_SHADOWED_REG_OFFSET,
657  {{AES_CTRL_AUX_SHADOWED_KEY_TOUCH_FORCES_RESEED_BIT, true},
658  {AES_CTRL_AUX_SHADOWED_FORCE_MASKS_BIT, false}});
659  ExpectKey(kKey, 8);
660  EXPECT_DIF_OK(dif_aes_start(&aes_, &transaction_, &kKey, nullptr));
661 }
662 
663 TEST_F(CtrlAuxTest, LockedErrorReseedOnKeyChange) {
664  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
665  ExpectConfig({
666  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
667  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB,
668  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
669  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
670  });
671 
672  transaction_.reseed_on_key_change = true;
673  transaction_.ctrl_aux_lock = true;
674 
675  EXPECT_READ32(AES_CTRL_AUX_REGWEN_REG_OFFSET,
676  {{AES_CTRL_AUX_REGWEN_CTRL_AUX_REGWEN_BIT, 0}});
677  EXPECT_READ32(AES_CTRL_AUX_SHADOWED_REG_OFFSET,
678  {{AES_CTRL_AUX_SHADOWED_KEY_TOUCH_FORCES_RESEED_BIT, false},
679  {AES_CTRL_AUX_SHADOWED_FORCE_MASKS_BIT, false}});
680 
681  EXPECT_EQ(dif_aes_start(&aes_, &transaction_, &kKey, nullptr), kDifError);
682 }
683 
684 TEST_F(CtrlAuxTest, LockedErrorForceMasks) {
685  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
686  ExpectConfig({
687  .key_len = AES_CTRL_SHADOWED_KEY_LEN_VALUE_AES_128,
688  .mode = AES_CTRL_SHADOWED_MODE_VALUE_AES_ECB,
689  .operation = AES_CTRL_SHADOWED_OPERATION_VALUE_AES_ENC,
690  .mask_reseed = AES_CTRL_SHADOWED_PRNG_RESEED_RATE_VALUE_PER_1,
691  });
692 
693  transaction_.reseed_on_key_change = true;
694  transaction_.ctrl_aux_lock = true;
695 
696  EXPECT_READ32(AES_CTRL_AUX_REGWEN_REG_OFFSET,
697  {{AES_CTRL_AUX_REGWEN_CTRL_AUX_REGWEN_BIT, 0}});
698  EXPECT_READ32(AES_CTRL_AUX_SHADOWED_REG_OFFSET,
699  {{AES_CTRL_AUX_SHADOWED_KEY_TOUCH_FORCES_RESEED_BIT, true},
700  {AES_CTRL_AUX_SHADOWED_FORCE_MASKS_BIT, true}});
701 
702  EXPECT_EQ(dif_aes_start(&aes_, &transaction_, &kKey, nullptr), kDifError);
703 }
704 
705 // Dif functions.
706 class DifFunctionsTest : public AesTestInitialized {
707  protected:
708  DifFunctionsTest() {}
709 };
710 
711 TEST_F(DifFunctionsTest, Reset) {
712  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
713  EXPECT_WRITE32_SHADOWED(AES_CTRL_SHADOWED_REG_OFFSET,
714  {{AES_CTRL_SHADOWED_MANUAL_OPERATION_BIT, true}});
715 
716  EXPECT_WRITE32(AES_TRIGGER_REG_OFFSET,
717  {
718  {AES_TRIGGER_KEY_IV_DATA_IN_CLEAR_BIT, true},
719  {AES_TRIGGER_DATA_OUT_CLEAR_BIT, true},
720  });
721 
722  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
723 
724  EXPECT_WRITE32_SHADOWED(
725  AES_CTRL_SHADOWED_REG_OFFSET,
726  {{AES_CTRL_SHADOWED_OPERATION_OFFSET, AES_CTRL_SHADOWED_OPERATION_MASK},
727  {AES_CTRL_SHADOWED_MODE_OFFSET, AES_CTRL_SHADOWED_MODE_VALUE_AES_NONE},
728  {AES_CTRL_SHADOWED_KEY_LEN_OFFSET, AES_CTRL_SHADOWED_KEY_LEN_MASK}});
729 
730  EXPECT_DIF_OK(dif_aes_reset(&aes_));
731 }
732 
733 TEST_F(DifFunctionsTest, End) {
734  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
735  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
736  EXPECT_WRITE32_SHADOWED(AES_CTRL_SHADOWED_REG_OFFSET,
737  {{AES_CTRL_SHADOWED_MANUAL_OPERATION_BIT, true}});
738 
739  EXPECT_WRITE32(AES_TRIGGER_REG_OFFSET,
740  {
741  {AES_TRIGGER_KEY_IV_DATA_IN_CLEAR_BIT, true},
742  {AES_TRIGGER_DATA_OUT_CLEAR_BIT, true},
743  });
744 
745  EXPECT_READ32(AES_STATUS_REG_OFFSET, 1);
746 
747  EXPECT_DIF_OK(dif_aes_end(&aes_));
748 }
749 
750 // Dif errors
751 class DifBadArgError : public AesTestInitialized {
752  protected:
753  DifBadArgError() {
754  transaction_.key_provider = kDifAesKeySoftwareProvided;
755  transaction_.mode = kDifAesModeCbc;
756  }
757 };
758 
759 TEST_F(DifBadArgError, start) {
760  EXPECT_DIF_BADARG(dif_aes_start(nullptr, &transaction_, &kKey, &kIv));
761  EXPECT_DIF_BADARG(dif_aes_start(&aes_, nullptr, &kKey, &kIv));
762  EXPECT_DIF_BADARG(dif_aes_start(&aes_, &transaction_, nullptr, &kIv));
763  EXPECT_DIF_BADARG(dif_aes_start(&aes_, &transaction_, &kKey, nullptr));
764 }
765 
766 TEST_F(DifBadArgError, reset) { EXPECT_DIF_BADARG(dif_aes_reset(nullptr)); }
767 
768 TEST_F(DifBadArgError, end) { EXPECT_DIF_BADARG(dif_aes_end(nullptr)); }
769 
770 TEST_F(DifBadArgError, LoadData) {
771  dif_aes_data_t data = {};
772  EXPECT_DIF_BADARG(dif_aes_load_data(nullptr, data));
773 }
774 
775 TEST_F(DifBadArgError, ReadOutput) {
776  dif_aes_data_t data = {};
777  EXPECT_DIF_BADARG(dif_aes_read_output(nullptr, &data));
778  EXPECT_DIF_BADARG(dif_aes_read_output(&aes_, nullptr));
779 }
780 
781 TEST_F(DifBadArgError, Trigger) {
782  EXPECT_DIF_BADARG(dif_aes_trigger(nullptr, kDifAesTriggerPrngReseed));
783 }
784 
785 TEST_F(DifBadArgError, GetStatus) {
786  bool set;
787  EXPECT_DIF_BADARG(dif_aes_get_status(nullptr, kDifAesStatusIdle, &set));
788  EXPECT_DIF_BADARG(dif_aes_get_status(&aes_, kDifAesStatusIdle, nullptr));
789 }
790 
791 TEST_F(DifBadArgError, ReadIV) {
792  dif_aes_iv_t iv = {};
793  EXPECT_DIF_BADARG(dif_aes_read_iv(nullptr, &iv));
794  EXPECT_DIF_BADARG(dif_aes_read_iv(&aes_, nullptr));
795 }
796 
797 TEST_F(DifBadArgError, ProcessData) {
798  dif_aes_data_t data[1] = {};
799  dif_aes_data_t out[1] = {};
800  EXPECT_DIF_BADARG(dif_aes_process_data(nullptr, data, out, 1));
801  EXPECT_DIF_BADARG(dif_aes_process_data(&aes_, nullptr, out, 1));
802  EXPECT_DIF_BADARG(dif_aes_process_data(&aes_, data, nullptr, 1));
803  EXPECT_DIF_BADARG(dif_aes_process_data(&aes_, data, out, 0));
804 }
805 
806 class DifUnavailableError : public AesTestInitialized {
807  protected:
808  DifUnavailableError() {
809  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_IDLE_BIT, false}});
810  }
811 };
812 
813 TEST_F(DifUnavailableError, start) {
814  EXPECT_EQ(dif_aes_start(&aes_, &transaction_, &kKey, nullptr),
815  kDifUnavailable);
816 }
817 
818 TEST_F(DifUnavailableError, end) {
819  EXPECT_EQ(dif_aes_end(&aes_), kDifUnavailable);
820 }
821 
822 TEST_F(DifUnavailableError, LoadData) {
823  dif_aes_data_t data = {{0}};
824  EXPECT_EQ(dif_aes_load_data(&aes_, data), kDifUnavailable);
825 }
826 
827 TEST_F(DifUnavailableError, ReadIV) {
828  dif_aes_iv_t iv = {{0}};
829  EXPECT_EQ(dif_aes_read_iv(&aes_, &iv), kDifUnavailable);
830 }
831 
832 TEST_F(DifUnavailableError, ProcessData) {
833  dif_aes_data_t data[2] = {};
834  dif_aes_data_t out[2] = {};
835  EXPECT_EQ(dif_aes_process_data(&aes_, data, out, ARRAYSIZE(data)),
836  kDifUnavailable);
837 }
838 
839 class DifError : public AesTestInitialized {
840  protected:
841  DifError() {}
842 };
843 
844 TEST_F(DifError, ReadOutput) {
845  EXPECT_READ32(AES_STATUS_REG_OFFSET, {{AES_STATUS_OUTPUT_VALID_BIT, false}});
846  dif_aes_data_t data = {{0}};
847  EXPECT_EQ(dif_aes_read_output(&aes_, &data), kDifError);
848 }
849 } // namespace
850 } // namespace dif_aes_test
Return to OpenTitan Documentation