Design and implementation of an UVM functional verification environment for IEEE 802.1AE-compliant MAC Security IPs in automotive applications

Contents

Introduction 1 1 Verication Overview 3 1.1 Verication Techniques . . . 4 1.1.1 Direct Testing . . . 4 1.1.2 Formal Verication . . . 5 1.1.3 Constrained-Random Testing . . . 5 1.2 Verication Approaches . . . 6 1.3 Verication Languages . . . 8

1.4 Universal Verication Methodology (UVM) . . . 9

1.4.1 Components and data . . . 10

1.4.2 Object Factory . . . 10

1.4.3 Conguration database . . . 11

2 IEEE 802.1AE MAC Security Standard 12 2.1 IEEE 802.1AE MAC Security Standard . . . 12

2.1.1 The Cipher Suite . . . 13

2.1.2 MAC Security Protocol . . . 13

2.2 Advanced Encryption Standard . . . 16

2.2.1 Mathematical Preliminaries . . . 18

2.2.2 AES encryption algorithm . . . 22

2.2.3 Key Expansion . . . 28

2.3 Galois/Counter Mode of operation . . . 32

2.4 Overview of MACsec-compliant IP . . . 36

2.4.1 Interface Signals . . . 38

CONTENTS

3 AES-GCM-128 Software Implementation 47

3.1 gcm_dpi.sv . . . 48 3.2 gcm_dpi.cpp . . . 49 3.3 gcm class . . . 52 3.3.1 set_key () . . . 52 3.3.2 packet_init () . . . 53 3.3.3 add_auth () . . . 53 3.3.4 auth_nalize () . . . 53 3.3.5 encrypt () . . . 54 3.3.6 decrypt () . . . 54 3.3.7 get_tag () . . . 54 3.3.8 auth_ver () . . . 55 3.4 aes class . . . 55 3.5 gfvec class . . . 56 3.5.1 operator+() . . . 57 3.5.2 operator*() . . . 57 3.5.3 rightshift() . . . 58 3.5.4 add() . . . 58

4 UVM environment implementation for the MACsec IP 59 4.1 UVM testbench general overview . . . 59

4.1.1 Phases . . . 60 4.1.2 Messages . . . 61 4.1.3 Functional Coverage . . . 61 4.2 MACsec Test-plan . . . 63 4.2.1 Features testing . . . 63 4.2.2 Error injection . . . 67 4.3 Top_TB_MACsec . . . 69 4.4 Test_library_MACsec . . . 69 4.5 Environment_MACsec . . . 70 4.6 Scoreboard_MACsec . . . 71 4.7 Agent_MACsec . . . 74 4.8 Driver_MACsec . . . 74 4.8.1 Driver_MACsec_TX . . . 74 ii

CONTENTS 4.8.2 Driver_MACsec_RX . . . 77 4.9 Monitor_MACsec . . . 77 4.9.1 Coverage . . . 78 4.9.2 Monitor_input_MACsec_TX . . . 79 4.9.3 Monitor_output_MACsec_TX . . . 80 4.9.4 Monitor_input_MACsec_RX . . . 81 4.9.5 Monitor_output_MACsec_RX . . . 81 4.10 Sequencer_MACsec . . . 81 4.11 Sequence_library_MACsec . . . 82 4.11.1 Sequence_library_MACsec_TX . . . 82 4.11.2 Sequence_library_MACsec_RX . . . 84 4.12 Transaction_MACsec . . . 85 4.12.1 Transaction_MACsec_TX . . . 86 4.12.2 Transaction_MACsec_RX . . . 86 4.13 Interface_MACsec . . . 87 5 Test results 88 5.1 TX Module test results . . . 88

5.1.1 Back-to-back tests . . . 89

5.1.2 Interleaved frames . . . 89

5.1.3 Ethernet speed or Security service manipulation . . . . 90

5.2 RX Module test results . . . 91

5.2.1 MACsec frame handling . . . 92

5.3 Coverage . . . 93

5.4 Performance . . . 94

5.5 Tips to design team . . . 95

6 Conclusions 97