Symmetric Cryptographic Accelerator Hard IP User Guide

Download PDF
ID 714305
Date 11/28/2025
Public
Document Table of Contents
Document Table of Contents x
1. Introduction 2. Interface Overview 3. Parameters 4. Designing with the IP 5. Block Description 6. Cryptographic IP Data Profiles 7. Configuration Registers 8. Design Example 9. Document Revision History for the Symmetric Cryptographic Accelerator Hard IP User Guide
1. Introduction x
1.1. Terminology 1.2. IP Overview 1.3. Release Information 1.4. Device Family Support 1.5. Resource Utilization
1.2. IP Overview x
1.2.1. IP Applications
2. Interface Overview x
2.1. Clock Signals 2.2. Reset Signals 2.3. AXI-ST Interface 2.4. AXI-Lite Interface
4. Designing with the IP x
4.1. Installing and Licensing IP Cores 4.2. Specifying the IP Parameters and Options 4.3. Generated File Structure 4.4. Symmetric Cryptographic Accelerator Hard IP Flow 4.5. Dynamically Disabling the SM4 Capability 4.6. Error Handling 4.7. Error Reporting 4.8. Resetting the IP 4.9. Channel Definition and Allocation 4.10. Byte Ordering 4.11. AXI-ST Single Packet Mode 4.12. AXI-ST Multiple Packet Mode
4.1. Installing and Licensing IP Cores x
4.1.1. IP Evaluation Mode
4.6. Error Handling x
4.6.1. Steps to Record and Report the Received Errors to the Soft Logic 4.6.2. Detected Error Handling 4.6.3. Key RAM ECC Error Handling
4.6.2. Detected Error Handling x
4.6.2.1. Recovering from a Recoverable Error 4.6.2.2. Recovering from an Internal Error
5. Block Description x
5.1. Reset Sequencer 5.2. AXI-ST Ready Latency 5.3. AXI Adapter 5.4. Integrity Check Value Comparison 5.5. GCM Padding and Depadding
5.3. AXI Adapter x
5.3.1. MAC Packing 5.3.2. Data Last Indicator 5.3.3. Stream and Channel ID Buffering 5.3.4. TKEEP and LAST_SEGMENT Signals Generation 5.3.5. MAC Dropping on Decryption
5.5. GCM Padding and Depadding x
5.5.1. GCM Padding 5.5.2. GCM Depadding
6. Cryptographic IP Data Profiles x
6.1. MAC Security Profile (MACsec) 6.2. IP Security Profile (IPsec) 6.3. Generic GCM Profile (GCM) 6.4. Generic XTS Profile (XTS)
6.1. MAC Security Profile (MACsec) x
6.1.1. MACsec Flow 6.1.2. AXI-ST Interface Using MAC Security (MACsec) Profile Pattern
6.2. IP Security Profile (IPsec) x
6.2.1. AXI-ST Interface Using IP Security (IPsec) Profile Pattern
6.3. Generic GCM Profile (GCM) x
6.3.1. AXI- ST Interface Using Generic GCM Profile Pattern
6.4. Generic XTS Profile (XTS) x
6.4.1. AXI-ST Interface Using Generic XTS Profile Pattern
8. Design Example x
8.1. Functional Description 8.2. Crypto VSIP Top Block Descriptions 8.3. Test Configurations 8.4. Software Requirements 8.5. Simulation Requirements 8.6. Steps to Generate the Design Example 8.7. Running Simulation Tests 8.8. Running Hardware Tests
8.2. Crypto VSIP Top Block Descriptions x
8.2.1. Clock and Reset 8.2.2. Host Interface
8.7. Running Simulation Tests x
8.7.1. Steps to Simulate the Design Example
8.8. Running Hardware Tests x
8.8.1. Supported Boards 8.8.2. Steps to Compile the Design Example for Hardware 8.8.3. Steps to Run the Design Example on Hardware
1. Introduction
2. Interface Overview
3. Parameters
4. Designing with the IP
5. Block Description
6. Cryptographic IP Data Profiles
7. Configuration Registers
8. Design Example
9. Document Revision History for the Symmetric Cryptographic Accelerator Hard IP User Guide

4.6. Error Handling

The Symmetric Cryptographic Accelerator Hard IP does not hang when it encounters an error. However, the incorrect inputs may cause the IP to enter an incorrect state. In this event, the IP generates an error.
The Symmetric Cryptographic Accelerator Hard IP sends the following signals to identify the error type and logs them in the IP log registers. The registers can log up to eight unique errors.
  • tuser.error_status
  • tuser.internal_error—If set, indicates unrecoverable error. You must toggle the subsystem_cold_reset_n reset to recover the IP from this error.
  • tuser.err_code[4:0]—A five bit signal indicating the error type. Asserting the tuser.error_clear signal clears the error for a selected profile.
  • tuser.auth_error—If set, the ICV detected a mismatch when comparing the received authentication tag with the calculated authentication tag on the decryption request. If set, discard the data.
Figure 7. Error Handling
Table 19.  Detected Errors by the Symmetric Cryptographic Accelerator Hard IP
Error Code [4:0] Name Description
Cryptographic Code Errors
0x00 IV/Tweak Core unavailable

Attempt to load IV or Tweak with first input word while IV/Tweak core is not available.

This error occurs in XTS mode when you try to send in more than 4 tweaks in 16 clocks.
0x01 Transfer without SOB.

Started the data transfer but did not receive the start of the block (SOB).
0x02 EOB without SOB. Received the end of the block (EOB) without the start of the block (SOB).
0x03 Reserved  
0x04 Key RAM uncorrectable error  
0x05 Invalid CTS request The IP received a CTS request when the CTS mode is disabled in hardware.
0x06 AES counter overflow

The AES counter rolled over AES GCM allowed limit.
0x07 Invalid XTS key request Loaded XTS key for decryption but no decrypt key scheduler core is available.
0x08 Invalid SM4 request The IP received a SM4 request when the SM4 mode is disabled in hardware.
0x09 Invalid CTS request The IP received a CTS request when no CTS core is available. You sent in more than 4 CTS requests per 16 blocks.
Mode Errors
0x12 Invalid SM4 request The IP received a SM4 request when the SM4 mode is disabled in hardware.
0x13 Invalid AES request The IP received an AES request when the AES mode is disabled in hardware.
0x14 Invalid XTS request The IP received an XTS request when the XTS is mode disabled in hardware.
Packet Processing Errors
0x17 No key. You tried to initiate the data authentication, encryption or decryption, without sending a key earlier.

Applicable to MACsec, IPsec, generic GCM, and generic XTS patterns.
0x18 No IV or tweak value. You did not send any IV or tweak value at the beginning of the packets.

Applicable for generic GCM and generic XTS patterns.
0x19 No IV or tweak value.

Applicable for the MACsec pattern.

 You did not send any IV or tweak value at the beginning of the packets.
0x1A No data end of packet (EOP).

Applicable for IPsec, generic GCM, and generic XTS patterns.

 You initiated encryption or decryption but did not toggle end of packet indicator. The transfer reached maximum length limit.
0x1B No data end of packet (EOP).

Applicable for MACsec.

 You initiated encryption or decryption but did not toggle end of packet indicator. The transfer reached maximum length limit.
0x1C No data last indicator. You did not indicate the data_last_indicator for XTS and CTS modes.
0x1F Other errors Miscellaneous errors
Important: The SM4 algorithm only supports 128 bit key size. If you specify a 256 bit key, the Symmetric Cryptographic Accelerator Hard IP considers only 128 bits of a 256-bit key and completes the request without any error.

Section Content
Steps to Record and Report the Received Errors to the Soft Logic
Detected Error Handling
Key RAM ECC Error Handling

Level Two Title