Symmetric Cryptographic Intel FPGA Hard IP User Guide

Download PDF
ID 714305
Date 10/02/2023
Public
Document Table of Contents
Document Table of Contents x
1. Introduction 2. Interface Overview 3. Parameters 4. Designing with the IP Core 5. Block Description 6. Cryptographic IP Data Profiles 7. Configuration Registers 8. Design Example 9. Symmetric Cryptographic Intel FPGA Hard IP User Guide Archives 10. Document Revision History for the Symmetric Cryptographic Intel FPGA Hard IP User Guide
1. Introduction x
1.1. Terminology 1.2. IP Core Overview 1.3. Release Information 1.4. Device Family Support 1.5. Resource Utilization
1.2. IP Core Overview x
1.2.1. IP Core Applications
2. Interface Overview x
2.1. Clock Signals 2.2. Reset Signals 2.3. AXI-ST Interface 2.4. AXI-Lite Interface
4. Designing with the IP Core x
4.1. Installing and Licensing Intel® FPGA IP Cores 4.2. Specifying the IP Core Parameters and Options 4.3. Generated File Structure 4.4. Symmetric Cryptographic IP Core Flow 4.5. Dynamically Disabling SM4 Capability 4.6. Error Handling 4.7. Error Reporting 4.8. Resetting the IP Core 4.9. Channel Definition and Allocation 4.10. Byte Ordering 4.11. AXI-ST Single Packet Mode 4.12. AXI-ST Multiple Packet Mode
4.1. Installing and Licensing Intel® FPGA IP Cores x
4.1.1. Intel® FPGA IP Evaluation Mode
4.6. Error Handling x
4.6.1. Detected Error Handling 4.6.2. Key RAM ECC Error Handling
5. Block Description x
5.1. Reset Sequencer 5.2. AXI-ST Ready Latency 5.3. AXI Adapter 5.4. Integrity Check Value Comparison 5.5. GCM Padding and Depadding
5.3. AXI Adapter x
5.3.1. MAC Packing 5.3.2. Data Last Indicator 5.3.3. Stream and Channel ID Buffering 5.3.4. TKEEP and LAST_SEGMENT Signals Generation 5.3.5. MAC Dropping on Decryption
5.5. GCM Padding and Depadding x
5.5.1. GCM Padding 5.5.2. GCM Depadding
6. Cryptographic IP Data Profiles x
6.1. MAC Security Profile (MACsec) 6.2. IP Security Profile (IPsec) 6.3. Generic GCM Profile (GCM) 6.4. Generic XTS Profile (XTS)
6.1. MAC Security Profile (MACsec) x
6.1.1. MACsec Flow 6.1.2. AXI-ST Interface Using MAC Security (MACsec) Profile Pattern
6.2. IP Security Profile (IPsec) x
6.2.1. AXI-ST Interface Using IP Security (IPsec) Profile Pattern
6.3. Generic GCM Profile (GCM) x
6.3.1. AXI- ST Interface Using Generic GCM Profile Pattern
6.4. Generic XTS Profile (XTS) x
6.4.1. AXI-ST Interface Using Generic XTS Profile Pattern
8. Design Example x
8.1. Functional Description 8.2. Crypto VSIP Top Block Descriptions 8.3. Test Configurations 8.4. Software Requirements 8.5. Simulation Requirements 8.6. Steps to Generate the Design Example 8.7. Running Simulation Tests 8.8. Running Hardware Tests
8.2. Crypto VSIP Top Block Descriptions x
8.2.1. Clock and Reset 8.2.2. Host Interface
8.7. Running Simulation Tests x
8.7.1. Steps to Simulate the Design Example
8.8. Running Hardware Tests x
8.8.1. Supported Boards 8.8.2. Steps to Compile the Design Example for Hardware 8.8.3. Steps to Run the Design Example on Hardware
1. Introduction
2. Interface Overview
3. Parameters
4. Designing with the IP Core
5. Block Description
6. Cryptographic IP Data Profiles
7. Configuration Registers
8. Design Example
9. Symmetric Cryptographic Intel FPGA Hard IP User Guide Archives
10. Document Revision History for the Symmetric Cryptographic Intel FPGA Hard IP User Guide

6.4.1. AXI-ST Interface Using Generic XTS Profile Pattern

This section describes the XTS-specific input and output signals.
Table 42.  Generic XTS Profile Pattern Interface Signals
Signal Name Direction Description
algorithm_type Input/Output Indicates the cryptographic operation mode for the corresponding cycle.
  • 0: AES
  • 1: SM4
encrypt_decrypt Input/Output Indicates the type of cryptographic operation for the corresponding cycle.
  • 0: Encrypt
  • 1: Decrypt
key_128b_256b Input/Output Indicates the key size. The signal is only valid when the key_en signal is set to 1.
  • 0: 128 bit key
  • 1: 256 bit key
Note: The SM4 algorithm only supports 128 bit key size.
pattern[2:0] Input/Output
Pattern ID: Indicates the pattern profile selected for the current clock cycle.
  • 3'b100 = GENERIC_XTS: Generic XTS profile
When the signal switches from the IDLE state to the GENERIC_XTS state, indicates that the data associated in the given clock cycle is related to the generic XTS.
TID[9:0] Input/Output Channel ID.

When pattern ID is set to generic XTS, the channel ID indicates to the logic which cryptographic channel or slot the data in this clock is associated with.

key_en Input When set and pattern[2:0] is set to the generic GCM profile, indicates that the data field contains keys to program in the key slots identified by TID[9:0]. You must set the key_128b_256b signal to specify the key size, 128 or 256 bit key.
  • If key_128b_256b = 0:
    • data[127:0] = data key
    • data[255:128] = padded with 0's
    • data[383:256] = tweak key
    • data[511:384] = padded with 0's
  • If key_128b_256b = 1:
    • data[127:0] = data key
    • data[255:128] = tweak key
    • data[511:256] = padded with 0's

This key_en is a standalone operation per clock. You can select to send the keys at one time or individually.

Asserting this signal while data is in process is not allowed.
data_en Input/Output When pattern[3:0] is set to the generic GCM profile, after one clock of key_en, the data_en indicates the rest of the AAD/Data till it reaches the corresponding lengths (Bypass data and AAD). The plaintext data or ciphertext data then follows until assertion of the data_last signal.
MAC_IV_tweak_en   When key_en is set and MAC_IV_Tweak_en is de-asserted, the logic assumes that the you intend to only program the key slot and not program the IV to start a new AES operation using that key.

When key_en is de-asserted and MAC_IV_Tweak_en is set, indicates the start of a new GCM stream using the IV associated with this cycle and using an existing key was programmed earlier into the key slot associated with this channel.

tlast Input/Output When set, indicates that the data ends (EOP) in the current clock cycle.
Note: The tkeep signal specifies the number of valid bytes in this cycle.
Figure 26. Generic XTS Profile: Input Signals
Figure 27. Generic XTS Profile: Output Signals
Level Two Title