chipsalliance · mojtaba-bisheh · Feb 3, 2025 · Feb 3, 2025 · Feb 3, 2025 · Feb 3, 2025
diff --git a/.github/workflow_metadata/pr_hash b/.github/workflow_metadata/pr_hash
@@ -1 +1 @@
-6e6558d646b5dc24fb796e483c332a606897007d7b9811ce6c6c22e4aae0ff960da63fb30ac96254380f4ee446929680
+6e6558d646b5dc24fb796e483c332a606897007d7b9811ce6c6c22e4aae0ff960da63fb30ac96254380f4ee446929680
diff --git a/.github/workflow_metadata/pr_timestamp b/.github/workflow_metadata/pr_timestamp
@@ -1 +1 @@
-1738876577
+1738876577
diff --git a/src/ecc/rtl/ecc_hmac_drbg_interface.sv b/src/ecc/rtl/ecc_hmac_drbg_interface.sv
@@ -28,11 +28,19 @@
 //      2.4. generate k from privkey and hashed_msg for signing
 //
 // To generate random values using IV, the hmac_drbg is continued by trigging 
-// next command (instead of init) which increases counter inside hmac_drbg component. 
-// It means:
-// lambda is generated from IV with counter equal to 0 and 1
-// scalar_rnd is generated from IV with counter equal to 2 and 3
-// masking_rnd is generated from IV with counter equal to 4 and 5
+// next command (instead of init). 
+// 
+//          - INIT: Instantiates HMAC-DRBG with entropy, nonce, (personalization string is empty).
+//                  Then, it calls HMAC_DRBG_Generate_algorithm (additional input string is empty)
+//                  to generate a 384-bit random value while it's in (0, prime) range.
+//                  if the random value is zero or >= prime, it is rejected and a new random value
+//                  is generated by calling HMAC_DRBG_Generate_algorithm.
+//                  There is NO RESEED process.
+//          - NEXT: it calls HMAC_DRBG_Generate_algorithm (additional input string is empty)
+//                  to generate a 384-bit random value while it's in (0, prime) range.
+//                  if the random value is zero or >= prime, it is rejected and a new random value
+//                  is generated by calling HMAC_DRBG_Generate_algorithm.
+//                  There is NO RESEED process.
 //
 //======================================================================
 

diff --git a/src/hmac_drbg/config/compile.yml b/src/hmac_drbg/config/compile.yml
@@ -15,13 +15,28 @@ provides: [hmac_drbg_tb]
 schema_version: 2.4.0
 requires: 
   - hmac_drbg
+  - hmac_drbg_coverage
 targets:
   tb:
     directories: 
       - $COMPILE_ROOT/tb
     files:
       - $COMPILE_ROOT/tb/hmac_drbg_tb.sv
     tops: [hmac_drbg_tb]
+  sim:
+    pre_exec: 'echo "[PRE-EXEC] Copying HMAC_DRBG vector generator to $(pwd)" && cp $COMPILE_ROOT/tb/hmac_drbg_ref.py .'
+---
+provides: [hmac_drbg_coverage]  
+schema_version: 2.4.0
+requires: 
+  - hmac_drbg
+targets:
+  tb:
+    directories: 
+      - $COMPILE_ROOT/coverage
+    files:
+      - $COMPILE_ROOT/coverage/hmac_drbg_cov_if.sv
+      - $COMPILE_ROOT/coverage/hmac_drbg_cov_bind.sv
 global:
   tool:
     vcs:

diff --git a/src/hmac_drbg/config/hmac_drbg_tb.vf b/src/hmac_drbg/config/hmac_drbg_tb.vf
@@ -2,6 +2,7 @@
 +incdir+${CALIPTRA_ROOT}/src/libs/rtl
 +incdir+${CALIPTRA_ROOT}/src/keyvault/rtl
 +incdir+${CALIPTRA_ROOT}/src/pcrvault/rtl
++incdir+${CALIPTRA_ROOT}/src/hmac_drbg/coverage
 +incdir+${CALIPTRA_ROOT}/src/hmac_drbg/tb
 +incdir+${CALIPTRA_ROOT}/src/sha512/rtl
 +incdir+${CALIPTRA_ROOT}/src/sha512_masked/rtl
@@ -24,6 +25,8 @@ ${CALIPTRA_ROOT}/src/keyvault/rtl/kv_macros.svh
 ${CALIPTRA_ROOT}/src/pcrvault/rtl/pv_defines_pkg.sv
 ${CALIPTRA_ROOT}/src/pcrvault/rtl/pv_macros.svh
 ${CALIPTRA_ROOT}/src/pcrvault/rtl/pv_gen_hash.sv
+${CALIPTRA_ROOT}/src/hmac_drbg/coverage/hmac_drbg_cov_if.sv
+${CALIPTRA_ROOT}/src/hmac_drbg/coverage/hmac_drbg_cov_bind.sv
 ${CALIPTRA_ROOT}/src/hmac_drbg/tb/hmac_drbg_tb.sv
 ${CALIPTRA_ROOT}/src/libs/rtl/ahb_to_reg_adapter.sv
 ${CALIPTRA_ROOT}/src/keyvault/rtl/kv_reg_pkg.sv

diff --git a/src/hmac_drbg/coverage/config/hmac_drbg_cm_hier.cfg b/src/hmac_drbg/coverage/config/hmac_drbg_cm_hier.cfg
@@ -0,0 +1,3 @@
+begin line+tgl+fsm+cond+branch
+    +tree hmac_drbg_tb.dut 0
+end
diff --git a/src/hmac_drbg/coverage/hmac_drbg_cov_bind.sv b/src/hmac_drbg/coverage/hmac_drbg_cov_bind.sv
@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+module hmac_drbg_cov_bind;
+    `ifdef FCOV
+    bind hmac_drbg hmac_drbg_cov_if i_hmac_drbg_cov_if(.*);
+    `endif
+endmodule
diff --git a/src/hmac_drbg/coverage/hmac_drbg_cov_if.sv b/src/hmac_drbg/coverage/hmac_drbg_cov_if.sv
@@ -0,0 +1,94 @@
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+`ifndef VERILATOR
+
+interface hmac_drbg_cov_if     
+    (
+    input logic           clk,
+    input logic           reset_n
+);
+
+    logic init;
+    logic next;
+    logic zeroize;
+    logic ready;
+    logic valid;
+
+    logic [1 : 0] hmac_drbg_cmd;
+    logic [4 : 0] drbg_state;
+    logic [383 : 0] prime;
+    logic [383 : 0] drbg;
+
+    parameter logic [383:0] HMAC_DRBG_PRIME = hmac_drbg.HMAC_DRBG_PRIME;
+
+    assign init = hmac_drbg.init_cmd;
+    assign next = hmac_drbg.next_cmd;
+    assign zeroize = hmac_drbg.zeroize;
+    assign ready = hmac_drbg.ready_reg;
+    assign valid = hmac_drbg.valid_reg;
+
+    assign hmac_drbg_cmd = {next, init};
+
+    assign drbg_state = hmac_drbg.drbg_st_reg;
+    assign drbg = hmac_drbg.drbg;
+
+    covergroup hmac_drbg_control_cg @(posedge clk);
+        reset_cp: coverpoint reset_n;
+
+        init_cp: coverpoint init;
+        next_cp: coverpoint next;
+        zeroize_cp: coverpoint zeroize;
+        ready_cp: coverpoint ready;
+        valid_cp: coverpoint valid;
+
+        hmac_cmd_cp: coverpoint hmac_drbg_cmd  {bins cmd[]   = (0, 0 => 1, 2 => 0, 0);}
+
+        init_ready_cp: cross ready, init {
+            illegal_bins illegal_init_when_ready_low = binsof(init) intersect {1} && binsof(ready) intersect {0};
+        }
+
+        next_ready_cp: cross ready, next {
+            illegal_bins illegal_next_when_ready_low = binsof(next) intersect {1} && binsof(ready) intersect {0};
+        }
+        zeroize_ready_cp: cross ready, zeroize;
+        zeroize_init_cp: cross zeroize, init;
+        zeroize_next_cp: cross zeroize, next;
+
+    endgroup
+
+    covergroup hmac_drbg_state_cg @(posedge clk);
+        drbg_state_cp: coverpoint drbg_state {
+            bins all_states[] = {[0:14]};
+        }
+    endgroup
+
+    covergroup hmac_drbg_output_cg @(posedge clk);
+        drbg_cp: coverpoint drbg iff (valid) {
+            bins zero = {384'h0};
+            bins max_value = {HMAC_DRBG_PRIME - 1};
+            bins others = default;
+
+            illegal_bins illegal_zero = {384'h0};
+            illegal_bins illegal_above_prime = {[HMAC_DRBG_PRIME:$]};
+        }
+    endgroup
+
+    hmac_drbg_state_cg hmac_drbg_state_cov = new();
+    hmac_drbg_control_cg hmac_drbg_control_cov = new();
+    hmac_drbg_output_cg hmac_drbg_output_cov = new();
+
+endinterface
+
+`endif
diff --git a/src/hmac_drbg/rtl/hmac_drbg.sv b/src/hmac_drbg/rtl/hmac_drbg.sv
@@ -14,7 +14,7 @@
 //
 //======================================================================
 //
-// hmac_drbg.v
+// hmac_drbg.sv
 // ------
 // HMAC384-drbg top-level wrapper with 384 bit data access.
 //
@@ -28,6 +28,26 @@
 // Functionality:
 //         Using the given "entropy" and "nonce", the module  
 //         generates a random number with 384-bit. 
+//         the parameter is :
+//            - [SHA-384]
+//            - [PredictionResistance = False]
+//            - [EntropyInputLen = 384]
+//            - [NonceLen = 384]
+//            - [PersonalizationStringLen = 0]
+//            - [AdditionalInputLen = 0]
+//            - [ReturnedBitsLen = 384]
+//
+//          - INIT: Instantiates HMAC-DRBG with entropy, nonce, (personalization string is empty).
+//                  Then, it calls HMAC_DRBG_Generate_algorithm (additional input string is empty)
+//                  to generate a 384-bit random value while it's in (0, prime) range.
+//                  if the random value is zero or >= prime, it is rejected and a new random value
+//                  is generated by calling HMAC_DRBG_Generate_algorithm.
+//                  There is NO RESEED process.
+//          - NEXT: it calls HMAC_DRBG_Generate_algorithm (additional input string is empty)
+//                  to generate a 384-bit random value while it's in (0, prime) range.
+//                  if the random value is zero or >= prime, it is rejected and a new random value
+//                  is generated by calling HMAC_DRBG_Generate_algorithm.
+//                  There is NO RESEED process.
 //======================================================================
 
 module hmac_drbg  
@@ -61,7 +81,6 @@ module hmac_drbg
   localparam [REG_SIZE-1 : 0] V_init = 384'h010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101;
   localparam [REG_SIZE-1 : 0] K_init = 384'h000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000;
 
-  localparam CNT_SIZE = 8;
   localparam [(((1024-REG_SIZE)-1)-12)-1 : 0] ZERO_PAD_V         = '0; // 1 for header and 12 bit for message length  
 
   localparam [11 : 0] V_SIZE        = {1'b0, 11'd1024 + 11'(REG_SIZE)};
@@ -95,7 +114,6 @@ module hmac_drbg
   reg                   ready_reg;
   reg                   valid_reg;
   reg [REG_SIZE-1 : 0]  drbg_reg;
-  reg [CNT_SIZE-1 : 0]  cnt_reg;
   reg                   first_round;
   reg                   HMAC_tag_valid_last;
   reg                   HMAC_tag_valid_edge;
@@ -272,34 +290,18 @@ module hmac_drbg
   begin : hmac_block_update
     HMAC_key = K_reg;
     unique case(drbg_st_reg)
-      K10_ST:         HMAC_block  = {V_reg, cnt_reg, entropy, nonce[383:136]};
+      K10_ST:         HMAC_block  = {V_reg, 8'h0, entropy, nonce[383:136]};
       K11_ST:         HMAC_block  = {nonce[135:0], 1'h1, 875'b0, 12'h888};
       V1_ST:          HMAC_block  = {V_reg, 1'h1, ZERO_PAD_V, V_SIZE};
-      K20_ST:         HMAC_block  = {V_reg, cnt_reg, entropy, nonce[383:136]};
+      K20_ST:         HMAC_block  = {V_reg, 8'h1, entropy, nonce[383:136]};
       K21_ST:         HMAC_block  = {nonce[135:0], 1'h1, 875'b0, 12'h888};
       V2_ST:          HMAC_block  = {V_reg, 1'h1, ZERO_PAD_V, V_SIZE};
       T_ST:           HMAC_block  = {V_reg, 1'h1, ZERO_PAD_V, V_SIZE};
-      K3_ST:          HMAC_block  = {V_reg, 8'h00, 1'h1, 619'b0, 12'h578};
+      K3_ST:          HMAC_block  = {V_reg, 8'h0, 1'h1, 619'b0, 12'h588};
       V3_ST:          HMAC_block  = {V_reg, 1'h1, ZERO_PAD_V, V_SIZE};
       default:        HMAC_block  = '0;
     endcase
   end // hmac_block_update
-
-  always_ff @ (posedge clk or negedge reset_n) 
-  begin : cnt_reg_update
-    if (!reset_n)
-      cnt_reg    <= '0;
-    else if (zeroize)
-      cnt_reg    <= '0;
-    else begin
-      unique case (drbg_st_reg)
-        INIT_ST:      cnt_reg    <= '0;
-        NEXT_ST:      cnt_reg    <= cnt_reg + 1;
-        K2_INIT_ST:   cnt_reg    <= cnt_reg + 1;
-        default:      cnt_reg    <= cnt_reg;
-      endcase
-    end
-  end // cnt_reg_update
 
   always_ff @ (posedge clk or negedge reset_n) 
   begin : state_update
@@ -345,7 +347,7 @@ module hmac_drbg
       end
 
       INIT_ST:    drbg_next_st      = K10_ST;
-      NEXT_ST:    drbg_next_st      = K10_ST;
+      NEXT_ST:    drbg_next_st      = K3_ST;
       K10_ST:     drbg_next_st      = (HMAC_tag_valid_edge)? K11_ST : K10_ST;
       K11_ST:     drbg_next_st      = (HMAC_tag_valid_edge)? V1_ST : K11_ST;
       V1_ST:      drbg_next_st      = (HMAC_tag_valid_edge)? K2_INIT_ST : V1_ST;

diff --git a/src/hmac_drbg/stimulus/tests/directed/hmac_drbg_directed_test.yml b/src/hmac_drbg/stimulus/tests/directed/hmac_drbg_directed_test.yml
@@ -0,0 +1,21 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+---
+plusargs:
+  - +HMAC_DRBG_TEST_VECTOR_FILE='${CALIPTRA_ROOT}/src/hmac_drbg/tb/test_vectors/hmac_drbg_tb.hex'
+  - +HMAC_DRBG_TEST='HMAC_DRBG_directed_test'
+
+testname: hmac_drbg_directed_test
+seed: 1
diff --git a/src/hmac_drbg/stimulus/tests/randomized/hmac_drbg_randomized_test.yml b/src/hmac_drbg/stimulus/tests/randomized/hmac_drbg_randomized_test.yml
@@ -0,0 +1,20 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+---
+plusargs:
+  - +HMAC_DRBG_TEST='HMAC_DRBG_randomized_test'
+
+testname: hmac_drbg_randomized_test
+seed: ${PLAYBOOK_RANDOM_SEED}
diff --git a/src/hmac_drbg/stimulus/testsuites/hmac_drbg_nightly_directed_regression.yml b/src/hmac_drbg/stimulus/testsuites/hmac_drbg_nightly_directed_regression.yml
@@ -0,0 +1,8 @@
+document:
+  schema: 1.0
+
+contents:
+  - tests:
+      tags: ["L0", "directed", "nightly", "HMAC_DRBG"]
+      paths:
+        - ${CALIPTRA_ROOT}/src/hmac_drbg/stimulus/tests/directed/hmac_drbg_directed_test.yml
diff --git a/src/hmac_drbg/stimulus/testsuites/hmac_drbg_nightly_random_regression.yml b/src/hmac_drbg/stimulus/testsuites/hmac_drbg_nightly_random_regression.yml
@@ -0,0 +1,14 @@
+document:
+  schema: 1.0
+
+contents:
+  - generator:
+      tags: ["L1", "HMAC_DRBG",  "random"]
+      path: ""
+      weight: 100
+      generations: 100
+      formats: 
+        generate: "reseed {template}.yml -seed {seed}"
+        path: "{template_basename}__{seed}.yml"
+      templates:
+        ${CALIPTRA_ROOT}/src/hmac_drbg/stimulus/tests/randomized/hmac_drbg_randomized_test : { weight 100 }
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		6e6558d646b5dc24fb796e483c332a606897007d7b9811ce6c6c22e4aae0ff960da63fb30ac96254380f4ee446929680
		6e6558d646b5dc24fb796e483c332a606897007d7b9811ce6c6c22e4aae0ff960da63fb30ac96254380f4ee446929680