Symmetric Cryptographic Intel FPGA Hard IP User Guide

Download PDF
ID 714305
Date 10/02/2023
Public
Document Table of Contents
Document Table of Contents x
1. Introduction 2. Interface Overview 3. Parameters 4. Designing with the IP Core 5. Block Description 6. Cryptographic IP Data Profiles 7. Configuration Registers 8. Design Example 9. Symmetric Cryptographic Intel FPGA Hard IP User Guide Archives 10. Document Revision History for the Symmetric Cryptographic Intel FPGA Hard IP User Guide
1. Introduction x
1.1. Terminology 1.2. IP Core Overview 1.3. Release Information 1.4. Device Family Support 1.5. Resource Utilization
1.2. IP Core Overview x
1.2.1. IP Core Applications
2. Interface Overview x
2.1. Clock Signals 2.2. Reset Signals 2.3. AXI-ST Interface 2.4. AXI-Lite Interface
4. Designing with the IP Core x
4.1. Installing and Licensing Intel® FPGA IP Cores 4.2. Specifying the IP Core Parameters and Options 4.3. Generated File Structure 4.4. Symmetric Cryptographic IP Core Flow 4.5. Dynamically Disabling SM4 Capability 4.6. Error Handling 4.7. Error Reporting 4.8. Resetting the IP Core 4.9. Channel Definition and Allocation 4.10. Byte Ordering 4.11. AXI-ST Single Packet Mode 4.12. AXI-ST Multiple Packet Mode
4.1. Installing and Licensing Intel® FPGA IP Cores x
4.1.1. Intel® FPGA IP Evaluation Mode
4.6. Error Handling x
4.6.1. Detected Error Handling 4.6.2. Key RAM ECC Error Handling
5. Block Description x
5.1. Reset Sequencer 5.2. AXI-ST Ready Latency 5.3. AXI Adapter 5.4. Integrity Check Value Comparison 5.5. GCM Padding and Depadding
5.3. AXI Adapter x
5.3.1. MAC Packing 5.3.2. Data Last Indicator 5.3.3. Stream and Channel ID Buffering 5.3.4. TKEEP and LAST_SEGMENT Signals Generation 5.3.5. MAC Dropping on Decryption
5.5. GCM Padding and Depadding x
5.5.1. GCM Padding 5.5.2. GCM Depadding
6. Cryptographic IP Data Profiles x
6.1. MAC Security Profile (MACsec) 6.2. IP Security Profile (IPsec) 6.3. Generic GCM Profile (GCM) 6.4. Generic XTS Profile (XTS)
6.1. MAC Security Profile (MACsec) x
6.1.1. MACsec Flow 6.1.2. AXI-ST Interface Using MAC Security (MACsec) Profile Pattern
6.2. IP Security Profile (IPsec) x
6.2.1. AXI-ST Interface Using IP Security (IPsec) Profile Pattern
6.3. Generic GCM Profile (GCM) x
6.3.1. AXI- ST Interface Using Generic GCM Profile Pattern
6.4. Generic XTS Profile (XTS) x
6.4.1. AXI-ST Interface Using Generic XTS Profile Pattern
8. Design Example x
8.1. Functional Description 8.2. Crypto VSIP Top Block Descriptions 8.3. Test Configurations 8.4. Software Requirements 8.5. Simulation Requirements 8.6. Steps to Generate the Design Example 8.7. Running Simulation Tests 8.8. Running Hardware Tests
8.2. Crypto VSIP Top Block Descriptions x
8.2.1. Clock and Reset 8.2.2. Host Interface
8.7. Running Simulation Tests x
8.7.1. Steps to Simulate the Design Example
8.8. Running Hardware Tests x
8.8.1. Supported Boards 8.8.2. Steps to Compile the Design Example for Hardware 8.8.3. Steps to Run the Design Example on Hardware
1. Introduction
2. Interface Overview
3. Parameters
4. Designing with the IP Core
5. Block Description
6. Cryptographic IP Data Profiles
7. Configuration Registers
8. Design Example
9. Symmetric Cryptographic Intel FPGA Hard IP User Guide Archives
10. Document Revision History for the Symmetric Cryptographic Intel FPGA Hard IP User Guide

6.4. Generic XTS Profile (XTS)

This profile is a non-optimized generic XTS usage pattern. To select the XTS profile, you set tuser.pattern[2:0] to 3'd4.
You must specify the following inputs when using the XTS profile.
  • Key: Two keys, each either 256 bit or a 128 bit keys. The first key is used for XTS encryption or decryption. The second key is used to generate the XTS tweak value.
  • Data/Text: Contains the plaintext or ciphertext data requiring the encryption or decryption. The data size range is up to 220 AES blocks, each 128 bits in size.
  • Tweak: 128 bit tweak or a sector number or an address. Every XTS operation requires a tweak value.

The following output information is identified when using the XTS profile:
  • Data/Text: Contains the plaintext or ciphertext data which requires the encryption or decryption.
  • Key: The key size is for both, the tweak value and the data key:
    • 128 or 256 bit key for AES XTS mode
    • 128 bit key for SM4 XTS mode
  • The packet size supports a text size of any length.
  • Supports a new tweak every 256 bytes.
  • Supports CTS mode for XTS at a 256-byte granularity which is not more than 3 CTS requests every 20 clock cycles.
    Note: The Symmetric Cryptographic IP core implements counters to monitor the number of XTS tweaks, CTS within 20 cycles, and a decryption key cycle within 16 clock cycles. If any of these counters reaches the limit within the specified window, the soft IP injects a key cycle with an XTS profile using channel 1,023 into the AES/SM4 Inline Cryptographic Accelerator for 12 clock cycles. The limit value depends on the operation; use the limit value of 4 for tweak and decryption key and the limit value of 3 for the CTS mode.

    During this period, the AXI-ST tready signal is deasserted, and you cannot send any request into the Symmetric Cryptographic IP core. Once the key injection cycles are completed, the AXI-ST tready signal asserts, and you can resume the operation as usual.

    The XTS traffic must not exceed the limits within specified windows.

    Note: The CTS has a restriction in this pattern where the last two blocks should either be sent in the same clock or back-to-back clocks. If the last two blocks are not in the same clock cycle, you cannot interleave other pattern cycles in between. Both cycles should be sent back-to-back.
    Note: Due to the counter logic outlined above, the IP deasserts AXI-ST tready if the limits are reached. In this event, performance degradation is observed if interleaving the XTS profile and the XTS packet size sent is less than 256 bytes.
  • Supports multiple channels.
  • The keys must be streamed along with the data operating on those keys. Alternatively, you can use the concept shown in Generic XTS Profile Traffic Flow to preload the keys except in the case where you are interleaving an XTS profile with a GCM profile. In that situation, you must send in the key followed by at least one cycle of data.
    Note: The XTS mode only loads a decryption key once every 16 clock cycles. The decrypt key loading operation blocks the AXI-ST interface and prevents usage of the Symmetric Cryptographic IP core for other use cases for 16 AXI-ST clocks.
  • MACSec and XTS profile interleaving is not supported.
  • When "XTS protection" logic is enabled, XTS+Generic GCM channel interleaving is supported; When it is disabled, only the frame-based interleaving with minimum text size of 241 bytes can be supported.
The following example depicts the traffic flow for the generic XTS profile. The example depicts the usage of two channels for two XTS key operations. The example programs two keys followed by a tweak value and corresponding data.
Table 41.  Generic XTS Profile Traffic Flow
Clock Cycle 1 2 3 4 5 6
Channel ID 1 2 1 1 2 1
DATA
data[127:0] Key Key Tweak Text Tweak Text
data[255:128] Key Key Text Text Text Text
data[383:256] Key Key Text Text Text Text
data[511:384] Key Key Text Text Text Text

Section Content
AXI-ST Interface Using Generic XTS Profile Pattern

Level Two Title