1 User Cryptoprocessor
(Ask a Question)The User Cryptoprocessor is an Athena TeraFire® EXP-F5200B cryptography microprocessor. It provides complete support for the Commercial National Security Algorithm (CNSA) Suite and beyond and includes Side-Channel Analysis (SCA) resistant cryptography using patented leakage reduction countermeasures. These countermeasures provide strong resistance against SCA attacks such as Differential Power Analysis (DPA) and Simple Power Analysis (SPA). The User Cryptoprocessor is available in PolarFire® “S” grade devices.
The User Cryptoprocessor supports numerous cryptographic algorithms, including the following:
- AES with 128-bit, 192-bit, and 256-bit key sizes in ECB, CBC, CFB, OFB, CTR, and GCM modes
- AES key wrap and unwrap
- SHA1, SHA2-224, SHA2-256, SHA2-384, and SHA2-512
- AES-CMAC and AES-GMAC
- HMAC-SHA
- True random number generation (non-deterministic random bit generator plus NIST SP800-90A deterministic random bit generator)
- RSA, DSA, and modular exponentiation (Diffie-Hellman) with key sizes up to 3072-bits
- EC key pair generation, point validation, point multiplication (EC Diffie-Hellman), and ECDSA for
- NIST P-curves: P-192, P-224, P-256, P-384, and P-521
- Brainpool curves: P-256, P-384, and P-512
- Key-tree function
The User Cryptoprocessor is a hard block in PolarFire FPGAs, and its maximum operating frequency is 189 MHz. It is accessible to a soft processor in the FPGA fabric through the AHB-Lite slave interface for control and primary data input and output. The User Cryptoprocessor has built-in DMA to offload the main processor from data transfers between the User Cryptoprocessor and the user memory. The DMA functionality is accessible through an AMBA AHB-Lite master interface. The Libero® SoC design suite provides a PF_CRYPTO macro in Catalog, which must be integrated with the user design to use the User Cryptoprocessor. The following figure shows the input and output ports of the PF_CRYPTO macro.
The following figure shows the crypto configurator used to enable Complete interrupt, Alarm interrupt, BusError interrupt, and DRI. If the frequency of the crypto block is greater than or equal to 125 MHz, select the Use embedded DLL in the fabric interface option for removing clock insertion delay. The Embedded DLL Jitter Range can be set to Low, Medium_Low, Medium_High, or High according to the crypto clock jitter specification. For more information, see PolarFire FPGA Datasheet for embedded DLL jitter tolerance ranges.
The following table lists and describes the PF_CRYPTO ports. The control and status signals initiate action and obtain status. Corresponding control and status signals are also accessible through the dynamic reconfiguration interface (DRI). Contact Microchip technical support for information on how to use DRI.
| Port Name | Direction | Description |
|---|---|---|
| AHB_SLAVE | — | AHB-Lite slave interface. |
| AHB_MASTER | — | AHB-Lite master interface. |
| DRI_SLAVE | — | Control and status signals are accessible through the DRI. |
| HCLK | Input | AHB bus clock. |
| HRESETN | Input | AHB bus reset. Asserts the functional reset of the User Cryptoprocessor block and zeroizes all the internal RAM and registers as PURGE signal. |
| PURGE | Input | When the signal is set to '1', it initializes the Zeroization of User Cryptoprocessor internal RAM and registers. For normal operation, this signal must be tied low. The PURGE input is level sensitive, and if the PURGE pin is still asserted when a purge operation completes, another purge operation is initiated. |
| START | Input | External execution initiation input when the User Cryptoprocessor operates in the stand-alone configuration without a host processor connected to the bus interface. Asserting the START signal causes the User Cryptoprocessor to initiate execution. During execution, the status of the User Cryptoprocessor is reflected by the BUSY and DLL_LOCK ports. This signal must be tied low when the User Cryptoprocessor is used as a coprocessor. |
| STALL | Input | Stalls the User Cryptoprocessor for a clock cycle to introduce variance in the external signatures. The STALL input is expected to be generated by an LFSR circuit in the fabric and asserted randomly for a single cycle to achieve the required stall rates. The STALL input must not be asserted until at least three clock cycles after the HRESETN is de-asserted and the DLL has indicated LOCK for three cycles. |
| BUSY | Output | Execution status signal. |
| COMPLETE | Output | Asserted to indicate that the User Cryptoprocessor has completed an operation. This signal can be connected to the host microprocessor as an interrupt request signal, enabling the User Cryptoprocessor to interrupt the processor when it completes an operation. |
| ALARM | Output | Asserted to indicate an uncorrectable memory error condition. An uncorrectable memory error causes the crypto core to perform a reset and purge. This reset terminates any in-progress operation. For most CAL operations, the CALPKTrfRes() function is used to complete the operation and generates a hardware Fault code in the event of an alarm. |
| BUS_ERROR | Output | Asserted when a HRESP response error is detected by the User Cryptoprocessor AHB master. Once set, a reset is required to clear. |
| DLL_LOCK | Output | DLL lock status. |
Microchip provides an Athena TeraFire Cryptographic Applications Library (CAL) to access User Cryptoprocessor functions. TeraFire CAL offers functionalities for accessing symmetric key, elliptic curve, public key, hash, random number generation, and message authentication code algorithms. For CAL project access and download, refer to the Steps to Access PolarFire Security CAL and Documentation section. The user application running on the main processor must include CAL APIs to perform the cryptographic operations on the User Cryptoprocessor.