The “S” grade devices include a dedicated cryptoprocessor (referred to as the User Cryptoprocessor) for data security applications. In PolarFire SoC FPGA, the user cryptoprocessor is integrated within the microcontroller subsystem (MSS). The user cryptoprocessor can be accessed from MSS or Fabric. The User Cryptoprocessor is an Athena TeraFire EXP-F5200B cryptography microprocessor. It provides complete support for the Commercial National Security Algorithm (CNSA) suite and beyond, and also includes side-channel analysis (SCA) resistant cryptographic countermeasures. These countermeasures provide strong resistance against SCA attacks such as SPA and DPA.
The User Cryptoprocessor also incorporates an NRBG. The User Cryptoprocessor specifically supports an NRBG combined with an AES counter mode-based DRBG, compliant with NIST SP800-90A.
Many of the commonly used cryptographic operations available are certified by an independent third-party NIST-accredited security laboratory under the NIST cryptographic algorithm validation program (CAVP) scheme. This includes the AES, SHA, HMAC, ECDSA, RSA, DSA, and DRBG implementations, providing a high level of assurance that they are implemented correctly. The following table lists the CAVP validation numbers, see the NIST CAVP website for details on the specific algorithms and modes that are certified.
| Algorithm | CAVP No. |
|---|---|
| AES | 3950 |
| SHA1/2 | 3258 |
| HMAC | 2573 |
| DSA | 1077 |
| RSA | 2018 |
| ECDSA | 867 |
| DRBG | 1153 |
For more information about User Cryptoprocessor, see Data Security.