[hmac,dv] Wipe secret assertions

- add multiple assertions to ensure that the specified internal
variables are cleared when a wipe secret operation is triggered.

Signed-off-by: Martin Velay <[email protected]>

hw/ip/hmac/data/hmac.hjson

@@ -420,7 +420,7 @@
     { name: "WIPE_SECRET",
       desc: '''Clear internal secret registers.
 
-            If CPU writes a value into the register, the value is used to clear the internal variables such as the secret key, intermediate hash results, digest and the internal message scheduling array.
+            If the CPU writes a value into the register, the value is used to clear some internal variables such as the secret key, intermediate hash results, digest and internal message scheduling array.
             The clear secret operation overwrites the internal variables with the provided 32-bit value.
             For SHA-2 384/512 that work with 64-bit words, the 32-bit value is duplicated and concatenated to generate the 64-bit value.
             It is recommended to use a value extracted from an entropy source.

hw/ip/hmac/doc/registers.md

@@ -326,7 +326,7 @@ HMAC Error Code
 ## WIPE_SECRET
 Clear internal secret registers.
 
-If CPU writes a value into the register, the value is used to clear the internal variables such as the secret key, intermediate hash results, digest and the internal message scheduling array.
+If the CPU writes a value into the register, the value is used to clear some internal variables such as the secret key, intermediate hash results, digest and internal message scheduling array.
 The clear secret operation overwrites the internal variables with the provided 32-bit value.
 For SHA-2 384/512 that work with 64-bit words, the 32-bit value is duplicated and concatenated to generate the 64-bit value.
 It is recommended to use a value extracted from an entropy source.

hw/ip/hmac/rtl/hmac.sv

@@ -935,6 +935,11 @@ module hmac
   `ASSERT(ValidHmacEnConditionAssert,
           hmac_en != $past(hmac_en) |-> !in_process && !initiated)
 
+  // When wipe_secret is high, sensitive internal variables are cleared by extending the wipe
+  // value specifed in the register
+  `ASSERT(WipeSecretKeyAssert,
+          wipe_secret |=> (secret_key == {($bits(secret_key)/$bits(wipe_v)){$past(wipe_v)}}))
+
   // All outputs should be known value after reset
   `ASSERT_KNOWN(IntrHmacDoneOKnown, intr_hmac_done_o)
   `ASSERT_KNOWN(IntrFifoEmptyOKnown, intr_fifo_empty_o)

hw/ip/prim/rtl/prim_sha2.sv

@@ -178,6 +178,14 @@ module prim_sha2 import prim_sha2_pkg::*;
     // assign digest to output
     assign digest_o = digest_q;
 
+    // When wipe_secret is high, sensitive internal variables are cleared by extending the wipe
+    // value specifed in the register
+    `ASSERT(WipeHashAssert,
+            wipe_secret_i |=> (hash_q == {($bits(hash_q)/$bits(wipe_v_i)){$past(wipe_v_i)}}))
+    `ASSERT(WipeMsgSchArrAssert,
+            wipe_secret_i |=> (w_q == {($bits(w_q)/$bits(wipe_v_i)){$past(wipe_v_i)}}))
+    `ASSERT(WipeDigestAssert,
+            wipe_secret_i |=> (digest_q == {($bits(digest_q)/$bits(wipe_v_i)){$past(wipe_v_i)}}))
   end else begin : gen_256 // MultimodeEn = 0
     // datapath signal definitions for SHA-2 256 only
     sha_word32_t        shaf_rdata256;
@@ -264,6 +272,15 @@ module prim_sha2 import prim_sha2_pkg::*;
       assign digest_o[i][31:0]  = digest256_q[i];
       assign digest_o[i][63:32] = 32'b0;
     end
+
+    // When wipe_secret is high, sensitive internal variables are cleared by extending the wipe
+    // value specifed in the register
+    `ASSERT(WipeHashAssert,
+      wipe_secret_i |=> (hash256_q == {($bits(hash256_q)/$bits(wipe_v_i)){$past(wipe_v_i)}}))
+    `ASSERT(WipeMsgSchArrAssert,
+      wipe_secret_i |=> (w256_q == {($bits(w256_q)/$bits(wipe_v_i)){$past(wipe_v_i)}}))
+    `ASSERT(WipeDigestAssert,
+      wipe_secret_i |=> (digest256_q == {($bits(digest256_q)/$bits(wipe_v_i)){$past(wipe_v_i)}}))
   end
 
   // compute round counter (shared)