From cd40367476e5c061a22500ad1ab73369004e5d2b Mon Sep 17 00:00:00 2001 From: Pirmin Vogel Date: Tue, 22 Oct 2024 23:20:46 +0200 Subject: [PATCH] [aes/pre_dv/aes_tb] Adapt for GCM support Signed-off-by: Pirmin Vogel --- hw/ip/aes/model/crypto.h | 2 +- .../pre_dv/aes_tb/cpp/aes_model_checker.cc | 63 +- .../aes/pre_dv/aes_tb/cpp/aes_model_checker.h | 1 + .../pre_dv/aes_tb/cpp/aes_tlul_interface.cc | 2 +- .../pre_dv/aes_tb/cpp/aes_tlul_sequence_1.h | 881 +++++++++++++++++- .../aes_tb/cpp/aes_tlul_sequence_common.h | 3 + hw/ip/aes/pre_dv/aes_tb/rtl/aes_sim.sv | 21 +- 7 files changed, 935 insertions(+), 38 deletions(-) diff --git a/hw/ip/aes/model/crypto.h b/hw/ip/aes/model/crypto.h index eb5a4f34db2e92..3be5633a3850d6 100644 --- a/hw/ip/aes/model/crypto.h +++ b/hw/ip/aes/model/crypto.h @@ -15,7 +15,7 @@ typedef enum crypto_mode { kCryptoAesOfb = 1 << 3, kCryptoAesCtr = 1 << 4, kCryptoAesGcm = 1 << 5, - kCryptoAesNone = 1 << 6 + kCryptoAesNone = 0x3f } crypto_mode_t; /** diff --git a/hw/ip/aes/pre_dv/aes_tb/cpp/aes_model_checker.cc b/hw/ip/aes/pre_dv/aes_tb/cpp/aes_model_checker.cc index dc25a6bcefa700..7b77c34e4985a2 100644 --- a/hw/ip/aes/pre_dv/aes_tb/cpp/aes_model_checker.cc +++ b/hw/ip/aes/pre_dv/aes_tb/cpp/aes_model_checker.cc @@ -11,6 +11,7 @@ AESModelChecker::AESModelChecker(Vaes_sim *rtl) : rtl_(rtl), state_model_{0}, state_rtl_{0} { state_model_.op = false; state_model_.mode = kCryptoAesEcb; + state_model_.gcm_text = false; state_model_.cipher_op = false; state_model_.key_expand_op = false; state_model_.key_len = 16; @@ -25,6 +26,7 @@ AESModelChecker::AESModelChecker(Vaes_sim *rtl) state_model_.rcon = 0; state_rtl_.op = false; state_rtl_.mode = kCryptoAesEcb; + state_rtl_.gcm_text = false; state_rtl_.cipher_op = false; state_rtl_.key_expand_op = false; state_rtl_.key_len = 16; @@ -206,33 +208,35 @@ int AESModelChecker::Compare() { } // call OpenSSL/BoringSSL to verify - unsigned char crypto_input[16]; - unsigned char crypto_output[16]; - unsigned char iv[16]; - memset(iv, 0, 16); - CopyBlock(crypto_input, state_model_.data_in); - if (state_model_.mode != kCryptoAesEcb) { - CopyBlock(iv, state_model_.iv); - } - if (!state_model_.cipher_op) { - crypto_encrypt(crypto_output, iv, crypto_input, 16, - state_model_.key_init, state_model_.key_len, - state_model_.mode); - } else { - crypto_decrypt(crypto_output, iv, crypto_input, 16, - state_model_.key_init, state_model_.key_len, - state_model_.mode); - } - status = CompareBlock(crypto_output, state_rtl_.data_out, 16); - if (status) { - printf("ERROR: mismatch between OpenSSL/BoringSSL and RTL:\n"); - printf("Output RTL\t\t\t"); - aes_print_block(&state_rtl_.data_out[0], 16); - printf("Output OpenSSL/BoringSSL\t"); - aes_print_block(&crypto_output[0], 16); - return status; - } else { - printf("SUCCESS: OpenSSL/BoringSSL matches RTL\n"); + if (state_model_.mode != kCryptoAesGcm) { + unsigned char crypto_input[16]; + unsigned char crypto_output[16]; + unsigned char iv[16]; + memset(iv, 0, 16); + CopyBlock(crypto_input, state_model_.data_in); + if (state_model_.mode != kCryptoAesEcb) { + CopyBlock(iv, state_model_.iv); + } + if (!state_model_.cipher_op) { + crypto_encrypt(crypto_output, iv, crypto_input, 16, + state_model_.key_init, state_model_.key_len, + state_model_.mode, NULL, 0, NULL, 0); + } else { + crypto_decrypt(crypto_output, iv, crypto_input, 16, + state_model_.key_init, state_model_.key_len, + state_model_.mode, NULL, 0, NULL, 0); + } + status = CompareBlock(crypto_output, state_rtl_.data_out, 16); + if (status) { + printf("ERROR: mismatch between OpenSSL/BoringSSL and RTL:\n"); + printf("Output RTL\t\t\t"); + aes_print_block(&state_rtl_.data_out[0], 16); + printf("Output OpenSSL/BoringSSL\t"); + aes_print_block(&crypto_output[0], 16); + return status; + } else { + printf("SUCCESS: OpenSSL/BoringSSL matches RTL\n"); + } } } } // op @@ -246,6 +250,7 @@ void AESModelChecker::UpdateModel() { // start state_model_.op = state_rtl_.op; state_model_.mode = state_rtl_.mode; + state_model_.gcm_text = state_rtl_.gcm_text; state_model_.cipher_op = state_rtl_.cipher_op; state_model_.key_expand_op = state_rtl_.key_expand_op; state_model_.key_len = state_rtl_.key_len; @@ -296,7 +301,8 @@ void AESModelChecker::UpdateModel() { CopyBlock(state_model_.data_out, state_model_.state_d); if (state_model_.mode == kCryptoAesCtr || state_model_.mode == kCryptoAesCfb || - state_model_.mode == kCryptoAesOfb) { + state_model_.mode == kCryptoAesOfb || + (state_model_.mode == kCryptoAesGcm && state_model_.gcm_text)) { // add the actual data input aes_add_round_key(state_model_.data_out, state_model_.data_in); } @@ -362,6 +368,7 @@ void AESModelChecker::GetInitRoundKey() { void AESModelChecker::MonitorSignals() { state_rtl_.op = rtl_->rootp->aes_sim__DOT__op; state_rtl_.mode = (crypto_mode_t)rtl_->rootp->aes_sim__DOT__mode; + state_rtl_.gcm_text = rtl_->rootp->aes_sim__DOT__gcm_text;; state_rtl_.cipher_op = rtl_->rootp->aes_sim__DOT__cipher_op; state_rtl_.key_expand_op = rtl_->rootp->aes_sim__DOT__key_expand_op; diff --git a/hw/ip/aes/pre_dv/aes_tb/cpp/aes_model_checker.h b/hw/ip/aes/pre_dv/aes_tb/cpp/aes_model_checker.h index c896eb89ce9773..262e900332c0b2 100644 --- a/hw/ip/aes/pre_dv/aes_tb/cpp/aes_model_checker.h +++ b/hw/ip/aes/pre_dv/aes_tb/cpp/aes_model_checker.h @@ -16,6 +16,7 @@ struct AESState { public: bool op; crypto_mode_t mode; + bool gcm_text; bool cipher_op; bool key_expand_op; int key_len; diff --git a/hw/ip/aes/pre_dv/aes_tb/cpp/aes_tlul_interface.cc b/hw/ip/aes/pre_dv/aes_tb/cpp/aes_tlul_interface.cc index 8284f6f732631e..434c147a9f3d3d 100644 --- a/hw/ip/aes/pre_dv/aes_tb/cpp/aes_tlul_interface.cc +++ b/hw/ip/aes/pre_dv/aes_tb/cpp/aes_tlul_interface.cc @@ -4,7 +4,7 @@ #include "aes_tlul_interface.h" -#define SEQ 2 +#define SEQ 1 #if (SEQ == 2) #include "aes_tlul_sequence_modes.h" diff --git a/hw/ip/aes/pre_dv/aes_tb/cpp/aes_tlul_sequence_1.h b/hw/ip/aes/pre_dv/aes_tb/cpp/aes_tlul_sequence_1.h index 4396f41b9bf051..d06e8e2c792a29 100644 --- a/hw/ip/aes/pre_dv/aes_tb/cpp/aes_tlul_sequence_1.h +++ b/hw/ip/aes/pre_dv/aes_tb/cpp/aes_tlul_sequence_1.h @@ -10,7 +10,24 @@ // Example 1 - encrypt/decrypt all key lenghts -static const int num_transactions_max = 1 + 3 * (21 + 8 + 8) + 6; +static const int num_transactions_max = 1 + 3 * (21 + 8 + 8) + 6 + // Test Case 1 + // setup // tag + + 26 + 12 + // Test Case 2 + // setup // 1 ciphertext block // tag + + 26 + 3 + 9 + 12 + // Test Case 4 + // setup // 2 AAD blocks - last incomplete + + 26 + 7 + 7 + // 4 C blocks - last incomplete // tag + + 3 + 3 + (4*9) + 12 + // Test Case 4 Decryption + + 27 + 7 + 7 + 3 + 3 + (4*9) + 12 + // Test Case 4 Save + + 27 + 7 + 3 + 5 + 2 + // Test Case 4 Restore + + 27 + 7 + 7 + 3 + 3 + (4*9) + 12; static const TLI tl_i_transactions[num_transactions_max] = { {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, // AES-128 @@ -191,7 +208,644 @@ static const TLI tl_i_transactions[num_transactions_max] = { {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, // Clear - {true, 0, 0, 2, 0, AES_TRIGGER, 0xF, 0x1E, 0, true}, // clear + {true, 0, 0, 2, 0, AES_TRIGGER, 0xF, 0xE, 0, true}, // clear + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + // GCM - Test Case 1 from + // https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_CONFIG, 0xF, + (0x0 << AES_CTRL_MANUAL_OPERATION_OFFSET) | + (0x1 << AES_CTRL_KEY_LEN_OFFSET) | + (kCryptoAesGcm << AES_CTRL_MODE_OFFSET) | 0x1, + 0, true}, // ctrl - encrypt, 128-bit + {true, 0, 0, 2, 0, AES_CONFIG, 0xF, + (0x0 << AES_CTRL_MANUAL_OPERATION_OFFSET) | + (0x1 << AES_CTRL_KEY_LEN_OFFSET) | + (kCryptoAesGcm << AES_CTRL_MODE_OFFSET) | 0x1, + 0, true}, // ctrl - encrypt, 128-bit + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x1, + 0, true}, // init, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x1, + 0, true}, // init, 16 bytes + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x00, 0xF, 0x03020100, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x04, 0xF, 0x07060504, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x08, 0xF, 0x0B0A0908, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x0C, 0xF, 0x0F0E0D0C, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x10, 0xF, 0x13121110, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x14, 0xF, 0x17161514, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x18, 0xF, 0x1B1A1918, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x1c, 0xF, 0x1F1E1D1C, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x00, 0xF, 0x03020100, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x04, 0xF, 0x07060504, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x08, 0xF, 0x0B0A0908, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x0C, 0xF, 0x0F0E0D0C, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x10, 0xF, 0x13121110, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x14, 0xF, 0x17161514, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x18, 0xF, 0x1B1A1918, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x1c, 0xF, 0x1F1E1D1C, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0xC, 0xF, 0x0, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x20, + 0, true}, // tag, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x20, + 0, true}, // tag, 16 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + // GCM - Test Case 2 from + // https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_CONFIG, 0xF, + (0x0 << AES_CTRL_MANUAL_OPERATION_OFFSET) | + (0x1 << AES_CTRL_KEY_LEN_OFFSET) | + (kCryptoAesGcm << AES_CTRL_MODE_OFFSET) | 0x1, + 0, true}, // ctrl - encrypt, 128-bit + {true, 0, 0, 2, 0, AES_CONFIG, 0xF, + (0x0 << AES_CTRL_MANUAL_OPERATION_OFFSET) | + (0x1 << AES_CTRL_KEY_LEN_OFFSET) | + (kCryptoAesGcm << AES_CTRL_MODE_OFFSET) | 0x1, + 0, true}, // ctrl - encrypt, 128-bit + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x1, + 0, true}, // init, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x1, + 0, true}, // init, 16 bytes + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x00, 0xF, 0x03020100, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x04, 0xF, 0x07060504, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x08, 0xF, 0x0B0A0908, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x0C, 0xF, 0x0F0E0D0C, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x10, 0xF, 0x13121110, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x14, 0xF, 0x17161514, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x18, 0xF, 0x1B1A1918, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x1c, 0xF, 0x1F1E1D1C, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x00, 0xF, 0x03020100, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x04, 0xF, 0x07060504, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x08, 0xF, 0x0B0A0908, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x0C, 0xF, 0x0F0E0D0C, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x10, 0xF, 0x13121110, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x14, 0xF, 0x17161514, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x18, 0xF, 0x1B1A1918, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x1c, 0xF, 0x1F1E1D1C, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0xC, 0xF, 0x0, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 16 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x20, + 0, true}, // tag, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x20, + 0, true}, // tag, 16 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x80000000, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + // GCM - Test Case 4 from + // https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_CONFIG, 0xF, + (0x0 << AES_CTRL_MANUAL_OPERATION_OFFSET) | + (0x1 << AES_CTRL_KEY_LEN_OFFSET) | + (kCryptoAesGcm << AES_CTRL_MODE_OFFSET) | 0x1, + 0, true}, // ctrl - encrypt, 128-bit + {true, 0, 0, 2, 0, AES_CONFIG, 0xF, + (0x0 << AES_CTRL_MANUAL_OPERATION_OFFSET) | + (0x1 << AES_CTRL_KEY_LEN_OFFSET) | + (kCryptoAesGcm << AES_CTRL_MODE_OFFSET) | 0x1, + 0, true}, // ctrl - encrypt, 128-bit + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x1, + 0, true}, // init, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x1, + 0, true}, // init, 16 bytes + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x00, 0xF, 0x92e9fffe, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x04, 0xF, 0x1c736586, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x08, 0xF, 0x948f6a6d, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x0C, 0xF, 0x08833067, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x10, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x14, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x18, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x1c, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x00, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x04, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x08, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x0C, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x10, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x14, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x18, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x1c, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x0, 0xF, 0xbebafeca, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x4, 0xF, 0xaddbcefa, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x8, 0xF, 0x88f8cade, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0xC, 0xF, 0x0, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x04, + 0, true}, // aad, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x04, + 0, true}, // aad, 16 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0xcefaedfe, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0xefbeadde, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0xcefaedfe, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0xefbeadde, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x4 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x04, + 0, true}, // aad, 4 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x4 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x04, + 0, true}, // aad, 4 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0xd2daadab, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x01020304, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x05060708, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x090a0b0c, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 16 bytes + + // text, 16 bytes + // d9313225 f88406e5 a55909c5 aff5269a + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x253231d9, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0xe50684f8, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0xc50959a5, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x9a26f5af, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + // text, 16 bytes + // 86a7a953 1534f7da 2e4c303d 8a318a72 + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x53a9a786, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0xdaf73415, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x3d304c2e, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x728a318a, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + // text, 16 bytes + // 1c3c0c95 95680953 2fcf0e24 49a6b525 + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x950c3c1c, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x53096895, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x240ecf2f, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x25b5a649, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0xC << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 12 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0xC << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 12 bytes + + // text, 12 bytes + // b16aedf5 aa0de657 ba637b39 + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0xf5ed6ab1, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x57e60daa, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x397b63ba, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x01020304, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x20, + 0, true}, // tag, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x20, + 0, true}, // tag, 16 bytes + // 00000000 000000a0 00000000 000001e0 + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0xa0000000, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0xe0010000, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + // GCM - Test Case 4 Decryption + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_CONFIG, 0xF, + (0x0 << AES_CTRL_MANUAL_OPERATION_OFFSET) | + (0x1 << AES_CTRL_KEY_LEN_OFFSET) | + (kCryptoAesGcm << AES_CTRL_MODE_OFFSET) | 0x2, + 0, true}, // ctrl - decrypt, 128-bit + {true, 0, 0, 2, 0, AES_CONFIG, 0xF, + (0x0 << AES_CTRL_MANUAL_OPERATION_OFFSET) | + (0x1 << AES_CTRL_KEY_LEN_OFFSET) | + (kCryptoAesGcm << AES_CTRL_MODE_OFFSET) | 0x2, + 0, true}, // ctrl - decrypt, 128-bit + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x1, + 0, true}, // init, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x1, + 0, true}, // init, 16 bytes + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x00, 0xF, 0x92e9fffe, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x04, 0xF, 0x1c736586, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x08, 0xF, 0x948f6a6d, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x0C, 0xF, 0x08833067, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x10, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x14, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x18, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x1c, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x00, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x04, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x08, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x0C, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x10, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x14, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x18, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x1c, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x0, 0xF, 0xbebafeca, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x4, 0xF, 0xaddbcefa, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x8, 0xF, 0x88f8cade, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0xC, 0xF, 0x0, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x04, + 0, true}, // aad, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x04, + 0, true}, // aad, 16 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0xcefaedfe, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0xefbeadde, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0xcefaedfe, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0xefbeadde, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x4 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x04, + 0, true}, // aad, 4 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x4 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x04, + 0, true}, // aad, 4 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0xd2daadab, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x01020304, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x05060708, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x090a0b0c, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 16 bytes + + // text, 16 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0xc21e8342, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x24747721, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0xb721724b, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x9cd4d084, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + // text, 16 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x2f21aae3, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0xe0a4022c, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x237ec135, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x2ea1ac29, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + // text, 16 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0xb214d521, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x1c936654, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x5a6a8f7d, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x05aa84ac, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0xC << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 12 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0xC << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 12 bytes + + // text, 12 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x390ba31b, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x97ac0a6a, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x91e0583d, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x01020304, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x20, + 0, true}, // tag, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x20, + 0, true}, // tag, 16 bytes + // 00000000 000000a0 00000000 000001e0 + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0xa0000000, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0xe0010000, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + // GCM - Test Case 4 Save + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_CONFIG, 0xF, + (0x0 << AES_CTRL_MANUAL_OPERATION_OFFSET) | + (0x1 << AES_CTRL_KEY_LEN_OFFSET) | + (kCryptoAesGcm << AES_CTRL_MODE_OFFSET) | 0x1, + 0, true}, // ctrl - encrypt, 128-bit + {true, 0, 0, 2, 0, AES_CONFIG, 0xF, + (0x0 << AES_CTRL_MANUAL_OPERATION_OFFSET) | + (0x1 << AES_CTRL_KEY_LEN_OFFSET) | + (kCryptoAesGcm << AES_CTRL_MODE_OFFSET) | 0x1, + 0, true}, // ctrl - encrypt, 128-bit + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x1, + 0, true}, // init, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x1, + 0, true}, // init, 16 bytes + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x00, 0xF, 0x92e9fffe, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x04, 0xF, 0x1c736586, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x08, 0xF, 0x948f6a6d, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x0C, 0xF, 0x08833067, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x10, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x14, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x18, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x1c, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x00, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x04, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x08, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x0C, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x10, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x14, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x18, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x1c, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x0, 0xF, 0xbebafeca, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x4, 0xF, 0xaddbcefa, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x8, 0xF, 0x88f8cade, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0xC, 0xF, 0x0, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x04, + 0, true}, // aad, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x04, + 0, true}, // aad, 16 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0xcefaedfe, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0xefbeadde, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0xcefaedfe, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0xefbeadde, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x10, + 0, true}, // save + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x10, + 0, true}, // save + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + // Clear and reseed + {true, 0, 0, 2, 0, AES_TRIGGER, 0xF, 0xE, 0, true}, // clear + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + + // GCM - Test Case 4 Restore + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_CONFIG, 0xF, + (0x0 << AES_CTRL_MANUAL_OPERATION_OFFSET) | + (0x1 << AES_CTRL_KEY_LEN_OFFSET) | + (kCryptoAesGcm << AES_CTRL_MODE_OFFSET) | 0x1, + 0, true}, // ctrl - encrypt, 128-bit + {true, 0, 0, 2, 0, AES_CONFIG, 0xF, + (0x0 << AES_CTRL_MANUAL_OPERATION_OFFSET) | + (0x1 << AES_CTRL_KEY_LEN_OFFSET) | + (kCryptoAesGcm << AES_CTRL_MODE_OFFSET) | 0x1, + 0, true}, // ctrl - encrypt, 128-bit + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x1, + 0, true}, // init, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x1, + 0, true}, // init, 16 bytes + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x00, 0xF, 0x92e9fffe, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x04, 0xF, 0x1c736586, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x08, 0xF, 0x948f6a6d, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x0C, 0xF, 0x08833067, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x10, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x14, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x18, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE0_0 + 0x1c, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x00, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x04, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x08, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x0C, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x10, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x14, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x18, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_KEY_SHARE1_0 + 0x1c, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x0, 0xF, 0xbebafeca, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x4, 0xF, 0xaddbcefa, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0x8, 0xF, 0x88f8cade, 0, true}, + {true, 0, 0, 2, 0, AES_IV_0 + 0xC, 0xF, 0x0, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x2, + 0, true}, // restore, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x2, + 0, true}, // restore, 16 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0xf8aa56ed, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x04672da7, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x2892db9f, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x2213baed, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x4 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x04, + 0, true}, // aad, 4 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x4 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x04, + 0, true}, // aad, 4 bytes + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0xd2daadab, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x01020304, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x05060708, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x090a0b0c, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 16 bytes + + // text, 16 bytes + // d9313225 f88406e5 a55909c5 aff5269a + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x253231d9, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0xe50684f8, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0xc50959a5, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x9a26f5af, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + // text, 16 bytes + // 86a7a953 1534f7da 2e4c303d 8a318a72 + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x53a9a786, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0xdaf73415, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x3d304c2e, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x728a318a, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + // text, 16 bytes + // 1c3c0c95 95680953 2fcf0e24 49a6b525 + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x950c3c1c, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x53096895, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x240ecf2f, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x25b5a649, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0xC << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 12 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0xC << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x08, + 0, true}, // text, 12 bytes + + // text, 12 bytes + // b16aedf5 aa0de657 ba637b39 + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0xf5ed6ab1, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0x57e60daa, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x397b63ba, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0x01020304, 0, true}, + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, + + {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x20, + 0, true}, // tag, 16 bytes + {true, 0, 0, 2, 0, AES_GCM_CONFIG, 0xF, + (0x10 << AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET) | 0x20, + 0, true}, // tag, 16 bytes + // 00000000 000000a0 00000000 000001e0 + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x0, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x4, 0xF, 0xa0000000, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0x8, 0xF, 0x0, 0, true}, + {true, 0, 0, 2, 0, AES_DATA_IN_0 + 0xC, 0xF, 0xe0010000, 0, true}, {true, 4, 0, 2, 0, AES_STATUS, 0xF, 0x0, 0, true}, {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x0, 0xF, 0x0, 0, true}, {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0x4, 0xF, 0x0, 0, true}, @@ -199,7 +853,21 @@ static const TLI tl_i_transactions[num_transactions_max] = { {true, 4, 0, 2, 0, AES_DATA_OUT_0 + 0xC, 0xF, 0x0, 0, true}, }; -static const int num_responses_max = 1 + 18 + 18 + 5; +static const int num_responses_max = 1 + 18 + 18 + 5 + // Test Case 1 + + 2 + 6 + // Test Case 2 + + 2 + 1 + 5 + 6 + // Test Case 4 + + 2 + 2 + 1 + 1 + 4*5 + 6 + // Test Case 4 Decryption + + 2 + 2 + 1 + 1 + 4*5 + 6 + // Test Case 4 Save + + 2 + 1 + 1 + 1 + 4 + // Clear + + 1 + // Test Case 4 Restore + + 2 + 2 + 1 + 1 + 4*5 + 6; static const EXP_RESP tl_o_exp_resp[num_responses_max] = { {1 << AES_STATUS_IDLE_OFFSET, 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle @@ -263,6 +931,213 @@ static const EXP_RESP tl_o_exp_resp[num_responses_max] = { {0x0, 0x0}, // data_out1 cleared to random value {0x0, 0x0}, // data_out2 cleared to random value {0x0, 0x0}, // data_out3 cleared to random value + + // GCM - Test Case 1 from + // https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xCEFCE258}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x61307EFA}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x571D7F36}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x5A45E7A4}, + + // GCM - Test Case 2 from + // https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xceda8803}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x92a3b660}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xb9c228f3}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x78feb271}, + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xd4476eab}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xbd13ec2c}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xb2673af5}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xdfbd5712}, + + // GCM - Test Case 4 from + // https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - setup + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - iv + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - aad 1 + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - aad 2 + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - text 1 + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + // 42831ec2 21777424 4b7221b7 84d0d49c + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xc21e8342}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x24747721}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xb721724b}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x9cd4d084}, + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + // e3aa212f 2c02a4e0 35c17e23 29aca12e + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x2f21aae3}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xe0a4022c}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x237ec135}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x2ea1ac29}, + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + // 21d514b2 5466931c 7d8f6a5a ac84aa05 + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xb214d521}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x1c936654}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x5a6a8f7d}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x05aa84ac}, + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - text 4 + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + // 1ba30b39 6a0aac97 3d58e091 + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x390ba31b}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x97ac0a6a}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x91e0583d}, + {CHECK_DATA_OUT ? 0x0 : 0x0, 0x01020304}, + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - tag + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + // 5bc94fbc 3221a5db 94fae95a e7121a47 + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xbc4fc95b}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xdba52132}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x5ae9fa94}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x471a12e7}, + + // GCM - Test Case 4 Decryption + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - setup + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - iv + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - aad 1 + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - aad 2 + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - text 1 + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x253231d9}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xe50684f8}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xc50959a5}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x9a26f5af}, + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x53a9a786}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xdaf73415}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x3d304c2e}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x728a318a}, + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x950c3c1c}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x53096895}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x240ecf2f}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x25b5a649}, + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - text 4 + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xf5ed6ab1}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x57e60daa}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x397b63ba}, + {CHECK_DATA_OUT ? 0x0 : 0x0, 0x01020304}, + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - tag + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + // 5bc94fbc 3221a5db 94fae95a e7121a47 + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xbc4fc95b}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xdba52132}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x5ae9fa94}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x471a12e7}, + + // GCM - Test Case 4 Save + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - setup + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - iv + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - aad 1 + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - save + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xf8aa56ed}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x04672da7}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x2892db9f}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x2213baed}, + + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - clear + + // GCM - Test Case 4 Restore + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - setup + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - iv + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - restore + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - aad 2 + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - text 1 + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + // 42831ec2 21777424 4b7221b7 84d0d49c + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xc21e8342}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x24747721}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xb721724b}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x9cd4d084}, + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + // e3aa212f 2c02a4e0 35c17e23 29aca12e + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x2f21aae3}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xe0a4022c}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x237ec135}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x2ea1ac29}, + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + // 21d514b2 5466931c 7d8f6a5a ac84aa05 + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xb214d521}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x1c936654}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x5a6a8f7d}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x05aa84ac}, + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - text 4 + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + // 1ba30b39 6a0aac97 3d58e091 + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x390ba31b}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x97ac0a6a}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x91e0583d}, + {CHECK_DATA_OUT ? 0x0 : 0x0, 0x01020304}, + {1 << AES_STATUS_IDLE_OFFSET, + 1 << AES_STATUS_IDLE_OFFSET}, // status shows idle - tag + {1 << AES_STATUS_OUTPUT_VALID_OFFSET, + 1 << AES_STATUS_OUTPUT_VALID_OFFSET}, // status shows output valid + // 5bc94fbc 3221a5db 94fae95a e7121a47 + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xbc4fc95b}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0xdba52132}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x5ae9fa94}, + {CHECK_DATA_OUT ? 0xFFFFFFFF : 0x0, 0x471a12e7}, }; #endif // OPENTITAN_HW_IP_AES_PRE_DV_AES_TB_CPP_AES_TLUL_SEQUENCE_1_H_ diff --git a/hw/ip/aes/pre_dv/aes_tb/cpp/aes_tlul_sequence_common.h b/hw/ip/aes/pre_dv/aes_tb/cpp/aes_tlul_sequence_common.h index 976562e7c03ce0..851b2bdfebc2ac 100644 --- a/hw/ip/aes/pre_dv/aes_tb/cpp/aes_tlul_sequence_common.h +++ b/hw/ip/aes/pre_dv/aes_tb/cpp/aes_tlul_sequence_common.h @@ -17,6 +17,7 @@ #define AES_AUX_CONFIG_REGWEN 0x7c #define AES_TRIGGER 0x80 #define AES_STATUS 0x84 +#define AES_GCM_CONFIG 0x88 #define AES_CTRL_MODE_OFFSET 2 #define AES_CTRL_KEY_LEN_OFFSET 8 @@ -33,4 +34,6 @@ #define AES_STATUS_OUTPUT_VALID_OFFSET 3 #define AES_STATUS_INPUT_READY_OFFSET 4 +#define AES_GCM_CTRL_NUM_VALID_BYTES_OFFSET 6 + #endif // OPENTITAN_HW_IP_AES_PRE_DV_AES_TB_CPP_AES_TLUL_SEQUENCE_COMMON_H_ diff --git a/hw/ip/aes/pre_dv/aes_tb/rtl/aes_sim.sv b/hw/ip/aes/pre_dv/aes_tb/rtl/aes_sim.sv index 839cb908bea327..5bae4db9f39ab5 100644 --- a/hw/ip/aes/pre_dv/aes_tb/rtl/aes_sim.sv +++ b/hw/ip/aes/pre_dv/aes_tb/rtl/aes_sim.sv @@ -7,10 +7,11 @@ module aes_sim import aes_pkg::*; #( parameter bit AES192Enable = 1, + parameter bit AESGCMEnable = 1, parameter bit SecMasking = 1, parameter sbox_impl_e SecSBoxImpl = SBoxImplDom, - parameter int unsigned SecStartTriggerDelay = 40, - parameter bit SecAllowForcingMasks = 1, + parameter int unsigned SecStartTriggerDelay = 0, + parameter bit SecAllowForcingMasks = 0, parameter bit SecSkipPRNGReseeding = 0 ) ( input clk_i, @@ -46,6 +47,7 @@ module aes_sim import aes_pkg::*; // Instantiate top-level aes #( .AES192Enable ( AES192Enable ), + .AESGCMEnable ( AESGCMEnable ), .SecMasking ( SecMasking ), .SecSBoxImpl ( SecSBoxImpl ), .SecStartTriggerDelay ( SecStartTriggerDelay ), @@ -93,9 +95,15 @@ module aes_sim import aes_pkg::*; assign aes_cipher_ctrl_cs = u_aes.u_aes_core.u_aes_cipher_core.u_aes_cipher_control.gen_fsm[0].gen_fsm_p.u_aes_cipher_control_fsm_i.u_aes_cipher_control_fsm.aes_cipher_ctrl_cs; assign aes_cipher_ctrl_ns = u_aes.u_aes_core.u_aes_cipher_core.u_aes_cipher_control.gen_fsm[0].gen_fsm_p.u_aes_cipher_control_fsm_i.u_aes_cipher_control_fsm.aes_cipher_ctrl_ns; + logic ghash; + assign ghash = u_aes.u_aes_core.u_aes_control.gen_fsm[0].gen_fsm_p.u_aes_control_fsm_i.u_aes_control_fsm.doing_gcm_save_q | + u_aes.u_aes_core.u_aes_control.gen_fsm[0].gen_fsm_p.u_aes_control_fsm_i.u_aes_control_fsm.doing_gcm_tag_q | + u_aes.u_aes_core.u_aes_control.gen_fsm[0].gen_fsm_p.u_aes_control_fsm_i.u_aes_control_fsm.doing_gcm_hsk | + u_aes.u_aes_core.u_aes_control.gen_fsm[0].gen_fsm_p.u_aes_control_fsm_i.u_aes_control_fsm.doing_gcm_s; + assign start = (aes_cipher_ctrl_cs == IDLE) && (aes_cipher_ctrl_ns == INIT); // IDLE -> INIT assign init = (aes_cipher_ctrl_cs == INIT); // INIT - assign done = (aes_cipher_ctrl_cs == FINISH) && (aes_cipher_ctrl_ns == IDLE); // FINISH -> IDLE + assign done = (aes_cipher_ctrl_cs == FINISH) && (aes_cipher_ctrl_ns == IDLE) && !ghash; // FINISH -> IDLE assign busy = (u_aes.u_aes_core.u_aes_control.cipher_crypt_i == SP2V_HIGH) | (u_aes.u_aes_core.u_aes_control.cipher_crypt_o == SP2V_HIGH) | (u_aes.u_aes_core.u_aes_control.cipher_dec_key_gen_i == SP2V_HIGH) | @@ -113,14 +121,17 @@ module aes_sim import aes_pkg::*; // Make internal signals directly accessible // control logic op /*verilator public_flat*/; - logic [4:0] mode /*verilator public_flat*/; + logic [5:0] mode /*verilator public_flat*/; + logic gcm_text /*verilator public_flat*/; logic cipher_op /*verilator public_flat*/; logic key_expand_op /*verilator public_flat*/; logic [2:0] key_len /*verilator public_flat*/; logic [3:0] round /*verilator public_flat*/; assign op = u_aes.u_aes_core.aes_op_q == AES_DEC; - assign mode = {u_aes.u_aes_core.aes_mode_q[4:0]}; + assign mode = {u_aes.u_aes_core.aes_mode_q[5:0]}; + assign gcm_text = u_aes.u_aes_core.aes_mode_q == AES_GCM && + u_aes.u_aes_core.gcm_phase_q == GCM_TEXT; assign cipher_op = u_aes.u_aes_core.u_aes_cipher_core.op_i == CIPH_INV; assign key_expand_op = u_aes.u_aes_core.u_aes_cipher_core.u_aes_key_expand.op_i == CIPH_INV; assign key_len = {u_aes.u_aes_core.u_aes_cipher_core.key_len_i};