BulkCrypto Mode - 1.0 English

Versal Adaptive SoC Integrated 400G High Speed Channelized Cryptography Engine Subsystem Product Guide (PG372)
Document ID
PG372
Release Date
2024-01-30
Version
1.0 English

The HSC Subsystem can be set to a protocol independent BulkCrypto mode, where all packets are encrypted/decrypted (or authenticated only) using the corresponding key and Initialization Vector (IV). The HSC Subsystem receives each frame on its encryption/decryption ingress interface. User logic is expected to provide the following parameters:

  • Secure Association (SA) index associated with the packet
  • SA Key
    • Alternatively, the core will lookup a key from internal table, based on the SA index
  • Cipher suite
    • GCM-AES-128
    • GCM-AES-256
  • Confidentiality offset (0 to 63 bytes)
  • Initialization Vector (IV)
  • Authentication-only selection
  • Integrity check value (ICV) on decryption path
  • Bypass selection

On the encryption path, the SA index is set using the enc_igr_prtif_crypto_sa_index_p0 through enc_igr_prtif_crypto_sa_index_p3 input ports, which are sampled during the first cycle of the packet. Similarly, dec_igr_prtif_crypto_sa_index_p0 through dec_igr_prtif_crypto_sa_index_p3 are used on the decryption path.

The SA key may be provided by user logic that is external to the HSC Subsystem. In the encryption path, the SA key is set using the enc_igr_prtif_ext_key_p0 through enc_igr_prtif_ext_key_p3 input ports, which are sampled during the first cycle of the packet. Similarly, dec_igr_prtif_ext_key_p0 through dec_igr_prtif_ext_key_p3 are used on the decryption path. Alternatively, the core retrieves the key from its internal table based on the SA index. Internal keys use SA index value of 0 to 1023, while external keys use the remaining SA index values.

In the encryption path, the cipher suite is selected using the enc_igr_prtif_crypto_cipher_suite_p0 through enc_igr_prtif_crypto_cipher_suite_p3 input ports, which are sampled during the first cycle of the packet. Similarly, dec_igr_prtif_crypto_cipher_suite_p0 through dec_igr_prtif_crypto_cipher_suite_p3 are used on the decryption path.

The confidentiality offset determines the length of the ‘A’ portion (or Additional Authenticated Data, AAD) of the packet. This portion of the packet is not encrypted. In BulkCrypto mode the offset can be set to any value from 0 to 63 bytes, counting from the start of the packet. In the encryption path, the confidentiality offset is set using the enc_igr_prtif_crypto_conf_offset_p0 through enc_igr_prtif_crypto_conf_offset_p3 input ports, which are sampled during the first cycle of the packet. Similarly, dec_igr_prtif_crypto_conf_offset_p0 through dec_igr_prtif_crypto_conf_offset_p3 are used on the decryption path.

Note: The minimum size of a BulkCrypto packet is one byte. If the confidentiality offset value is greater than the packet size, the HSC Subsystem only performs authentication on the packet.

The Initialization Vector (IV[95:0]) for the encryption path is set using the enc_igr_prtif_crypto_iv_salt_p0 through enc_igr_prtif_crypto_iv_salt_p3 input ports, which are sampled during the first cycle of the packet. Similarly, dec_igr_prtif_crypto_iv_salt_p0 through dec_igr_prtif_crypto_iv_salt_p3 are used on the decryption path.

The bypass indication signal is used to indicate that the corresponding packet must bypass the encryption and authentication functions and path through the HSC Subsystem unchanged. On the encryption path, the bypass indication is set using enc_igr_prtif_crypto_byp_p0 through enc_igr_prtif_crypto_byp_p3 inputs, which are sampled during the first cycle of the packet. Similarly, dec_igr_prtif_crypto_byp_p0 through dec_igr_prtif_crypto_byp_p3 inputs are used ion the decryption path.

The authentication-only selection signal is used to indicate that only the authentication function (AES-GMAC) must be performed on the corresponding packet. On the encryption path, the authentication-only selection is set using enc_igr_prtif_crypto_auth_only_p0 through enc_igr_prtif_crypto_auth_only_p3 inputs, which are sampled during the first cycle of the packet. Similarly, dec_igr_prtif_crypto_auth_only_p0 through dec_igr_prtif_crypto_auth_only_p3 inputs are used ion the decryption path.

For the encryption path, after the payload (non ‘A’ portion of the packet) is encrypted, the authentication tag (ICV[127:0) is calculated and provided on the enc_egr_prtif_crypto_icv_p0 through enc_egr_prtif_crypto_icv_p3 output port(s) that correspond to the EOP segment. The ICV is provided in the same clock cycle that the EOP segment(s) is valid on the AXI4-Stream interface. Note that there are two segments for each of these ICV output ports. Also, note that not all ICV ports will contain an ICV in a given cycle as the core has a maximum of two SOPs and three EOPs in a given cycle on the egress AXI4-Stream interface of the encryption path.

For the decryption path, user logic provides the received ICV value on the dec_igr_prtif_crypto_icv_p0 through dec_igr_prtif_crypto_icv_p3 input port(s) that correspond to the EOP segment. The ICV must be present in the same clock cycle that the EOP segment(s) is valid on the AXI4-Stream interface. The core processes the BulkCrypto packets and compares the received ICV against its calculated ICV. Note that it is possible for all ICV ports to contain an ICV in a single cycle as the core supports up to four SOPs and four EOPs in a given cycle on the ingress AXI4-Stream interface of the decryption path.