[aes,sw/dv] Test AES-GCM save&restore feature

[nasahlpa]

This PR tests the AES-GCM save & restore feature.

[nasahlpa]

@vogelpi FYI you can start the test with: ./bazelisk.sh test --test_tag_filters=verilator --test_output=streamed //sw/device/tests:aes_gcm_test

To speed-up the execution, you can comment:

//EXECUTE_TEST(result, execute_test, false, false);
//EXECUTE_TEST(result, execute_test, true, false);

[vogelpi]

This is going in the right direction. But before writing the IV, the code should check for the module to be idle. Because updates to the IV register while being busy are ignored.

[vogelpi]

That needs to be changed: the IV is only writable if AES is idle. So we need to check for the IDLE bit here, not the INPUT_READY bit. The input maybe writable while AES is busy...

[vogelpi]

...must be idle, and...

[nasahlpa]

This needs to be removed before merging this PR.

However, in the new aes_gcm_save_restore test I am encountering the following issue when setup_mode = 0.

Then, we are configuring the AES using the following functions:

opentitan/hw/ip/aes/dv/env/seq_lib/aes_base_vseq.sv

Lines 267 to 272 in 925de96

	set_operation(item.operation);
	set_mode(item.aes_mode);
	set_key_len(item.key_len);
	set_manual_operation(item.manual_op);
	set_prng_reseed_rate(prs_rate_e'(item.reseed_rate));
	set_sideload(item.sideload_en);

Inside these functions, e.g., the set_operation() function, we first check whether the value we want to write is actually different to the value stored in the mirrored shadow register:

opentitan/hw/ip/aes/dv/env/seq_lib/aes_base_vseq.sv

Lines 132 to 137 in 925de96

	virtual task set_operation(bit [1:0] operation);
	if (ral.ctrl_shadowed.operation.get_mirrored_value() != operation) begin
	ral.ctrl_shadowed.operation.set(operation);
	csr_update(.csr(ral.ctrl_shadowed), .en_shadow_wr(1'b1), .blocking(1));
	end
	endtask // set_operation

When I have the following two messages:

op: AES_DEC
op: AES_ENC

In the second message the operation field gets not updated and stays at AES_DEC instead of going to AES_ENC. The reason is because the result of the check in the function shown above is that
ral.ctrl_shadowed.operation.get_mirrored_value() == AES_ENC
for the second message.

As I have now spend a lot of time debugging this issue, could you please have a look @vogelpi?

[nasahlpa]

Note that this is independent of the save and restore - I have commented it out in the aes_gcm_save_restore_vseq.

To visualize the issue, I have expanded the set_operation() function as followed:

  virtual task set_operation(bit [1:0] operation);
    `uvm_info(`gfn, $sformatf("Trying to set op = %b", operation), UVM_LOW)
    if (ral.ctrl_shadowed.operation.get_mirrored_value() != operation) begin
      ral.ctrl_shadowed.operation.set(operation);
      csr_update(.csr(ral.ctrl_shadowed), .en_shadow_wr(1'b1), .blocking(1));
      `uvm_info(`gfn, $sformatf("Set op = %b", operation), UVM_LOW)
    end else begin
      `uvm_info(`gfn, $sformatf("Op is alreay %b", operation), UVM_LOW)
    end
  endtask // set_operation

When sending

op: AES_DEC - 10
op: AES_ENC - 01

I get the following output:

UVM_INFO @   7529006 ps: (aes_base_vseq.sv:133) uvm_test_top.env.virtual_sequencer [uvm_test_top.env.virtual_sequencer.aes_gcm_save_restore_vseq] Trying to set op = 10
UVM_INFO @   7689006 ps: (aes_base_vseq.sv:137) uvm_test_top.env.virtual_sequencer [uvm_test_top.env.virtual_sequencer.aes_gcm_save_restore_vseq] Set op = 10
...
UVM_INFO @  26889006 ps: (aes_base_vseq.sv:133) uvm_test_top.env.virtual_sequencer [uvm_test_top.env.virtual_sequencer.aes_gcm_save_restore_vseq] Trying to set op = 01
UVM_INFO @  26889006 ps: (aes_base_vseq.sv:139) uvm_test_top.env.virtual_sequencer [uvm_test_top.env.virtual_sequencer.aes_gcm_save_restore_vseq] Op is alreay 01

As shown in the waveform, the operation stays at AES_DEC although we want to switch to the AES_ENC mode for the second message.