[sival,kmac] Add kmac_error_conditions_test

[nasahlpa]

This adds the new kmac_error_conditions_test test that is defined in the chip_sw_kmac_error_conditions chip level test.

[nasahlpa]

@vogelpi the test for the ErrWaitTimerExpired and ErrIncorrectEntropyMode is not working on the CW310 FPGA as we turn by default the masks off. I've marked the test as broken and referenced to #15530. Is this OK for you?

[engdoreis]

Nit.

Suggested change

	CHECK(res == kDifOk || res == kDifError);
	TRY_CHECK(res == kDifOk || res == kDifError);

[engdoreis]

Suggested change

	CHECK_DIF_OK(
	TRY(

[engdoreis]

This would apply to the others below.

Suggested change

	CHECK_DIF_OK(dif_kmac_get_error(&kmac, &err_status, &err_info));
	TRY(dif_kmac_get_error(&kmac, &err_status, &err_info));

[nasahlpa]

Thanks for your review, @engdoreis! As suggested, I've changed CHECK_DIF_OK to TRY.

[vogelpi]

Thanks for the PR @nasahlpa !

The test implementation looks mostly good.

Can you please elaborate on

ErrSwIssuedCmdInAppActive could not be implemented in SW as triggering a SW command while the app interface is active is not possible.

There are two error codes which we can't test related to this limitation. It would be good understand what the underlying issue is. I we agree to not test this, we should update the testplan accordingly.

Checking kmac_pkg.sv I noted there are some other currently untested error codes that we should actually be able to test:

• ErrSwHashingWithoutEntropyReady - triggering a hash operation without setting the entropy mode first. This probably doesn't work in ROM_EXT though.
• ErrShadowRegUpdate - triggering a shadow register update error. This should be super straight forward.

The remaining three are related to FI countermeasures and escalations. We probably can't test this using this test anyway.

[vogelpi]

Thanks for the comment, I think this is okay but maybe it would be good for someone from the SiVal team to confirm @luismarques , @engdoreis ?

[engdoreis]

Thanks @nasahlpa for the PR, You are using the mmio API on the test code to change the registers directly, isn't it worth creating DIFs to abstracts these registers access

[engdoreis]

This applies throughout this file.

Suggested change

	CHECK(error, "No error was triggered.");
	TRY_CHECK(error, "No error was triggered.");

[nasahlpa]

As far as I see, the difference between CHECK and TRY_CHECK is that the former aborts the test and the latter continues but returns a status_t? Wouldn't it be better to abort the test (so using CHECK)?

[nasahlpa]

Thanks for your review, @vogelpi and @engdoreis

I've made quite some significant changes to this PR to address your review, @vogelpi:

• Executed the test on CW340 - this works now and the test also gets executed in CI. Thanks @jwnrt for setting this up.
• Worked on testing ErrShadowRegUpdate. I've noticed that this ErrShadowRegUpdate (and the corresponding kDifErrorShadowRegisterUpdate) is never used in HW and SW. Instead, according to the documentation, a shadow register update error is indicated by a recoverable alert. I've added a test to test whether the HW complies to the documentation. Do we want to remove ErrShadowRegUpdate and kDifErrorShadowRegisterUpdate from the HW and software in a separate PR?
• Implemented the ErrSwIssuedCmdInAppActive test.
• Implemented the ErrSwPushedMsgFifo test according to the test plan.
• Implemented the ErrSwHashingWithoutEntropyReady test.

@engdoreis I just have one question regarding the difference CHECK <-> TRY_CHECK (please see in the comment above). Regarding the DIFs, I don't think that we should add these register writes to the DIF as they are only required to trigger an error behavior. Adding them could cause some unintended misuse by others, hence, I prefer leaving it as it is.

[vogelpi]

This sounds all great, excellent work @nasahlpa !

About the ErrShadowRegUpdate error code: I see the corresponding alert condition is also signaled via STATUS register. So software will learn about having done something wrong, even if it's not via ERR_CODE register. And your test checks this which is very nice! I agree that we should remove ErrShadowRegUpdate and kDifErrorShadowRegisterUpdate from the HW and SW in a separate PR.