CAVP Error Handling - 1.0 English

Versal Adaptive SoC Integrated 400G High Speed Channelized Cryptography Engine Subsystem Product Guide (PG372)
Document ID
PG372
Release Date
2024-01-30
Version
1.0 English

Errors can occur during CAVP mode for various reasons. Some types of errors are expected in GCM/XPN Decryption testing. Other errors are a result of configuration problems.

Response Errors

Response errors occur when the algorithm detects an error during the operation. In the case of GCM/XPN Decryption, the GCMVS intentionally introduces errors in to the data, so these types of errors are expected. In addition to the cavp_tx_enc_resp_done (cavp_rx_dec_resp_done) bit in the CAVP_TX_ENC_RESP_STAT_REG (CAVP_RX_DEC_RESP_STAT_REG) register, the cavp_tx_enc_resp_err (cavp_rx_dec_resp_err) bit in the CAVP_TX_ENC_RESP_STAT_REG (CAVP_RX_DEC_RESP_STAT_REG) register is also set. Software uses this bit to determine when this type of error has occurred and to generate the proper response file.

For other tests, assertion of the response error bit indicates an issue with the transaction and is not expected. The response results are likely incorrect, but the values may be used to generate the response file and compare against the VS values.

In either case, no special action is taken by the CAVP logic when this type of error is detected. The error is reported in the register and the transaction completes normally.

Configuration Errors

Configuration errors occur when the CAVP logic is configured in an invalid mode or the configuration is changed during operation. Examples of configuration errors are:
  • The selected port for CAVP testing is not available based on the HSC Subsystem configuration.
    • In 1x400G mode, ports 1,2,3 are not available.
    • In 2x200G mode, ports 1 and 3 are not available.
  • The specified length of AAD plus text exceeds the number of text registers available for requests.
  • The selected mode is invalid per the register definition.
  • The HSC Subsystem is configured in channelized mode.
  • The AAD length specified is greater than 63 bytes with PT/CT length other than 0. An AAD length greater than 63 bytes requires authenticate-only mode, which means the PT/CT must be 0.
  • The cavp_tx_enc_req_en (cavp_rx_dec_req_en) bit was cleared during a transaction.

If a configuration error is detected before a transaction is initiated, the CAVP logic does not initiate the transaction. Instead it flags the error by setting the cavp_tx_enc_resp_config_err (cavp_rx_dec_resp_config_err) bit in the CAVP_TX_ENC_RESP_STAT_REG (CAVP_RX_DEC_RESP_STAT_REG) register and the cavp_tx_enc_resp_done (cavp_rx_dec_resp_done) bit in the CAVP_TX_ENC_RESP_STAT_REG (CAVP_RX_DEC_RESP_STAT_REG) register, the encryption (decryption) core does not receive any transaction, and the CAVP FSMs return to IDLE.

If a configuration error is detected in a paused transaction which has previously started, or the cavp_tx_enc_req_en (cavp_rx_dec_req_en) bit is cleared while a transaction is in progress, the CAVP logic terminates the transaction by providing the EOP to the core. This ensures that the encryption (decryption) core is ready to accept the next transaction. It then flags the error as described above and all CAVP FSMs return to their IDLE state. With this sequence, a good CAVP transaction can be initiated without being impacted by the previous error.