7.1 User Cryptoprocessor Features
(Ask a Question)The User Cryptoprocessor is an Athena TeraFire® EXP-F5200B cryptography microprocessor. It provides complete support for the Commercial National Security Algorithm (CNSA) Suite and beyond and includes Side-Channel Analysis (SCA) resistant cryptography using patented leakage reduction countermeasures. These countermeasures provide strong resistance against SCA attacks such as Differential Power Analysis (DPA) and Simple Power Analysis (SPA). The User Cryptoprocessor is available in the PolarFire family “S” devices.
| Algorithm | Mode | Key Size (bits) |
|---|---|---|
| AES | ECB/CBC/CFB/OFB/CTR/GCM | 128, 192, and 256 |
| Hash | SHA1 | NA |
| SHA-224 | ||
| SHA-256 | ||
| SHA-384 | ||
| SHA-512 | ||
| SHA-512/224 | ||
| SHA-512/256 | ||
| MAC | HMAC SHA1 | NA |
| HMAC SHA-224 | ||
| HMAC SHA-256 | ||
| HMAC SHA-384 | ||
| HMAC SHA-512 | ||
| AES-CMAC | 128, 192, and 256 | |
| KeyWrap | AES | 128, 192, and 256 |
| ECC | ECC Point Multiplication | NIST P-Curves – P-192, P-224, P-256, P-384, and P-521. Brainpool Curves – P-256, P-384, and P-521. Supports twisted elliptic curve |
| ECDSA Sign/Verify | ||
| ECC Point Addition | NIST P-Curves – P-192, P-224, P-256, P-384, and P-521. Brainpool Curves - P-256, P-384, and P-521. | |
| ECC Key Pair Generation | ||
| ECDH | ||
| RSA | RSA Decryption | 1024, 2048, and 3072 |
| RSA Sign/Verify | 1024, 2048, and 3072 | |
| DSA | DSA Sign/Verify | 1024, 2048, and 3072 |
| Modular Exponentiation | DH/Modular multiplication | 1024, 2048, and 3072 |
| True Random Number Generation (TRNG) | SP800-90A CTR_DRBG-256; SP800-90B (draft) NRBG | NA |
| Key Derivation Function | Key-Tree | 256 |
The User Cryptoprocessor is a hard block in the PolarFire family. The maximum operating frequency is 189 MHz in PolarFire FPGAs/RT PolarFire FPGAs and 200 MHz in PolarFire SoC FPGAs. When the cryptoprocessor is accessed from Fabric, if the frequency of the crypto block is greater than or equal to 125 MHz, select the Use embedded DLL in the fabric interface option for removing clock insertion delay. If the embedded DLL is not enabled, the maximum frequency is limited to 70 MHz.
The User Cryptoprocessor is accessible to MSS (PolarFire SoC FPGA only) or a soft processor in the fabric through the AHB-Lite slave interface for control and primary data input and output. The User Cryptoprocessor has built-in DMA to offload the main processor from doing data transfers between the User Cryptoprocessor and the user memory. The DMA functionality is accessible from fabric through an AMBA AHB-Lite master interface.
Microchip provides an Athena TeraFire Cryptographic Applications Library (CAL) to access the User Cryptoprocessor functions. TeraFire CAL is a C language library that provide functions to access symmetric key, elliptic curve, public key, hash, random number generation, and message authentication code algorithms. The user application running on the main processor must include CAL APIs to perform the cryptographic operations on the User Cryptoprocessor.
For Athena TeraFire CAL and their CAL API descriptions, email FPGA_marketing@microchip.com.