User Cryptoprocessor Features

The User Cryptoprocessor is an Athena TeraFire® EXP-F5200B cryptography microprocessor. It provides complete support for the Commercial National Security Algorithm (CNSA) Suite and beyond and includes Side-Channel Analysis (SCA) resistant cryptography using patented leakage reduction countermeasures. These countermeasures provide strong resistance against SCA attacks such as Differential Power Analysis (DPA) and Simple Power Analysis (SPA). The User Cryptoprocessor is available in PolarFire FPGA and PolarFire SoC FPGA “S” devices.

Table 1. User Cryptoprocessor Algorithm Support
Algorithm Mode Key Size (bits)
AES ECB/CBC/CFB/OFB/CTR/GCM 128, 192, and 256
Hash SHA1 NA
SHA-224
SHA-256
SHA-384
SHA-512
SHA-512/224
SHA-512/256
MAC HMAC SHA1 NA
HMAC SHA-224
HMAC SHA-256
HMAC SHA-384
HMAC SHA-512
AES-CMAC 128, 192, and 256
KeyWrap AES 128, 192, and 256
ECC ECC Point Multiplication NIST P-Curves – P-192, P-224, P-256, P-384, and P-521.

Brainpool Curves – P-256, P-384, and P-521.

Supports twisted elliptic curve

ECDSA Sign/Verify
ECC Point Addition NIST P-Curves – P-192, P-224, P-256, P-384, and P-521.

Brainpool Curves - P-256, P-384, and P-521.

ECC Key Pair Generation
ECDH
RSA RSA Decryption 1024, 1536, 2048, 3072, and 4096
RSA Sign/Verify 1024, 1536, 2048, 3072, and 4096
DSA DSA Sign/Verify 1024, 1536, 2048, 3072, and 4096
Modular Exponentiation DH/Modular multiplication 1024, 1536, 2048, 3072, and 4096
True Random Number Generation (TRNG) SP800-90A CTR_DRBG-256; SP800-90B (draft) NRBG NA
Key Derivation Function Key-Tree 256

The User Cryptoprocessor is a hard block in both PolarFire FPGA and PolarFire SoC FPGAs. The maximum operating frequency is 189 MHz in PolarFire FPGAs and 200 MHz in PolarFire SoC FPGAs. When the cryptoprocessor is accessed from Fabric, if the frequency of the crypto block is greater than or equal to 125 MHz, select the Use embedded DLL in the fabric interface option for removing clock insertion delay. If the embedded DLL is not enabled, the maximum frequency is limited to 70 MHz.

The User Cryptoprocessor is accessible to MSS (PolarFire SoC FPGA only) or a soft processor in the fabric through the AHB-Lite slave interface for control and primary data input and output. The User Cryptoprocessor has built-in DMA to offload the main processor from doing data transfers between the User Cryptoprocessor and the user memory. The DMA functionality is accessible from fabric through an AMBA AHB-Lite master interface.

Microchip provides an Athena TeraFire Cryptographic Applications Library (CAL) to access the User Cryptoprocessor functions. TeraFire CAL is a C language library that provide functions to access symmetric key, elliptic curve, public key, hash, random number generation, and message authentication code algorithms. The user application running on the main processor must include CAL APIs to perform the cryptographic operations on the User Cryptoprocessor.

For Athena TeraFire CAL and their CAL API descriptions, email FPGA_marketing@microchip.com.