A newer version of this document is available. Customers should click here to go to the newest version.
4.1. Installing and Licensing Intel® FPGA IP Cores
4.2. Specifying the IP Core Parameters and Options
4.3. Generated File Structure
4.4. Symmetric Cryptographic IP Core Flow
4.5. Dynamically Disabling SM4 Capability
4.6. Error Handling
4.7. Error Reporting
4.8. Resetting the IP Core
4.9. Channel Definition and Allocation
4.10. Byte Ordering
4.11. AXI-ST Single Packet Mode
4.12. AXI-ST Multiple Packet Mode
7.1. Cryptographic Primary Control Register
7.2. Cryptographic Secondary Control Register
7.3. Cryptographic Primary Status Register
7.4. Cryptographic Error Status Register
7.5. Cryptographic Error Control Register
7.6. Cryptographic Packet Error Control 1 Register
7.7. Cryptographic Packet Error Control 2 Register
7.8. Cryptographic Error Code Control 1 Register
7.9. Cryptographic Error Code Control 2 Register
7.10. Cryptographic Error Code Internal Control Register
7.11. Cryptographic Internal Error Control Register
7.12. Cryptographic First Error Log Register
7.13. Cryptographic Packet Error Log 1 Register
7.14. Cryptographic Packet Error Log 2 Register
7.15. Cryptographic Internal Error Log Register
7.16. Cryptographic Wall Clock LSB Register
7.17. Cryptographic Wall Clock MSB Register
7.18. Ternary Control Register
4.6. Error Handling
When the Symmetric Cryptographic IP core encounters an error, it does not hang. However, the incorrect inputs may cause the IP core enter an incorrect state. In this event, the IP core generates an error.
The Symmetric Cryptographic IP core sends the following signals to identify the error type and logs them in the IP cores log registers. The registers can log up to 8 unique errors.
- tuser.error_status
- tuser.internal_error: When set, indicates unrecoverable error. You must toggle the subsystem_cold_reset_n reset to recover the IP from this error.
- tuser.err_code[4:0]: 5 bit signal indicating the error type. Asserting the tuser.error_clear signal clears the error for a selected profile. Refer to Table 18 for error description.
- tuser.auth_error: When set, the ICV detected a mismatch when comparing the received authentication tag with the calculated authentication tag on the decryption request. When set, you must discard the data.
Figure 7. Error Handling
Error Code [4:0] | Name | Description |
---|---|---|
Cryptographic Code Errors | ||
0x00 | Reserved | |
0x01 | Transfer without SOB. | Started the data transfer but did not receive the start of the block (SOB). |
0x02 | EOB with SOB. | Received the end of the block (EOB) without the start of the block (SOB). |
0x03 | Stream RAM uncorrectable error | |
0x04 | Key RAM uncorrectable error | |
0x05 | Invalid CTS request | The IP received a CTS request when the CTS mode is disabled in hardware. |
0x06 | AES counter overflow | The AES counter rolled over AES GCM allowed limit. |
0x07 | Invalid XTS key request | Loaded XTS key for decryption but no decrypt key scheduler core is available. |
0x08 | Invalid SM4 request | The IP received a SM4 request when the SM4 mode is disabled in hardware. |
0x09 | Invalid CTS request | The IP received a CTS request when no CTS core is available. You sent in more than 4 CTS requests per 16 blocks. |
Mode Errors | ||
0x12 | Invalid SM4 request | The IP received a SM4 request when the SM4 mode is disabled in hardware. |
0x13 | Invalid AES request | The IP received an AES request when the AES mode is disabled in hardware. |
0x14 | Invalid XTS request | The IP received an XTS request when the XTS is mode disabled in hardware. |
Packet Processing Errors | ||
0x17 | No key. | You tried to initiate the data authentication, encryption or decryption, without sending a key earlier. Applicable to MACsec, IPsec, generic GCM, and generic XTS patterns. |
0x18 | No IV or tweak value. | You did not send any IV or tweak value at the beginning of the packets. Applicable for generic GCM and generic XTS patterns. |
0x19 | No IV or tweak value. Applicable for MACsec and IPsec patterns. |
You did not send any IV or tweak value at the beginning of the packets. |
0x1A | No data end of packet (EOP). Applicable for IPsec, generic GCM, and generic XTS patterns. |
You initiated encryption or decryption but did not toggle end of packet indicator. The transfer reached maximum length limit. |
0x1B | No data end of packet (EOP). Applicable for MACsec. |
You initiated encryption or decryption but did not toggle end of packet indicator. The transfer reached maximum length limit. |
0x1C | No data last indicator. | You did not indicate the data_last_indicator for XTS and CTS modes. |
0x1F | Other errors | Miscellaneous errors |
Important:
The SM4 algorithm only supports 128 bit key size. If you specify a 256 bit key, the Symmetric Cryptographic IP core considers only 128 bits of a 256-bit key and completes the request without any error.
Follow these steps to record and report the received errors to the soft logic:
- Deassert the subsystem_cold_rst_n reset.
- Enable the recoverable error mask.
- Enable the masks for the packet processing errors using the packer_ctrl1 and packer_ctrl2 registers to log the error in the ferr_log register.
- Enable which errors are forwarded by writing to the err_code_ctrl1 and err_code_ctrl2 registers. These register values are forwarded to soft logic via AXI-ST tuser.error_code bits.
- Enable the internal error mask.
- Enable the internal errors to log in the ferr_log file by writing the interr_ctrl register.
- Enable with errors are forwarded by writing to the err_code_int register. The register value is forwarded to soft logic via AXI-ST tuser.error_code bits.
- Start streaming the new data into the Symmetric Cryptographic IP core.