Symmetric Cryptographic Intel FPGA Hard IP User Guide

ID 714305
Date 10/31/2022
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

4.9. Channel Definition and Allocation

The Symmetric Cryptographic IP core supports up to 1,024 key slots to store the keys. A single key slot can store a single 256 bit or a single 128 bit key for GCM operations. Alternatively, a single key slot can store two keys each of size 128 bits or 256 bits for the XTS operations.

The Symmetric Cryptographic IP core can also store up to 1,024 AES intermediate states. Each state is associated with a cryptographic stream.

A cryptographic stream starts with a new IV or a tweak value followed by data. The data_last signal assertion indicates the end of the stream (plaintext or ciphertext). A cryptographic channel is a logical 1:1 mapping between the key slots and AES streams created by the AES/SM4 Inline Cryptographic Accelerator. You must manage the allocation of the channels to ensure the use cases do not overwrite each other's channels, keys or state.

Table 21.  Channel Allocation ExampleThe table depicts two cycles of channel allocation on channel 0 and channel 1.
AXI-ST Interface Events
TID[9:0] 0 1
tkeep 00000000_00000000_00000000_00000000 11111111_11111111_11111111_11111111 00000000_00000000_00000000_00000000 00000000_00000000_11111111_11111111
tuser Channel key allocation Channel key allocation
tuser.algorithm_types 0 0
tuser.encrypt_decrypt 0 0
tuser.key_128b_256b 1 0
tuser.pattern[2:0] MACsec MACsec
DATA
tdata[511:384]
tdata[383:256]
tdata[255:128] Key1[255:128]
tdata[127:0] Key1[127:0] Key2[127:0]