

# *HardAES Data Sheet*

DPA Resistant FIPS 197 Implementation

#### WARNING

This document was derived in conjunction with, and may contain, technical data whose export, including release to foreign nationals within the United States, is restricted by the Arms Export Control Act (Title 22, U.S.C., Sec 2751, et seq.) or the Export Administration Act of 1979 (Title 50, U.S.C., App. 2401 et seq), as amended. Violations of these export laws are subject to severe criminal penalties including fine and imprisonment.

#### Handling and Destroying Unclassified/Limited Distribution Documents

Unclassified/Limited Distribution documents shall be handled using the same standard as "For Official Use Only (FOUO)" material, and will be destroyed by any method that will prevent disclosure of contents or reconstruction of the document. When local circumstances or experience indicates that this destruction method is not sufficiently protective of unclassified limited information, local authorities may prescribe other methods but must give due consideration to the additional expense balanced against the degree of sensitivity

Copyright © 2014

Microsemi Corporation Security Solutions 1281 Win Hentschel Blvd West Lafayette, IN 47906 Phone: (765) 775-1800

Fax: (765) 775-1700

For help, please email us at: <a href="mailto:support@microsemi-wl.com">support@microsemi-wl.com</a>

For information about Microsemi Corporation, please go to our web site at: <a href="https://www.microsemi.com">www.microsemi.com</a>

All rights reserved. No part of this document may be photocopied or reproduced without the prior written consent of Microsemi Corporation. Microsemi Corporation makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Microsemi shall not be liable for errors contained herein or for incidental, consequential, or other indirect damages in connection with the furnishing, performance, or use of this material. This document is confidential material and is subject to both restricted use and distribution pursuant to a written agreement.

Restricted Rights Legend. Use, duplication, or disclosure by the US Government is subject to restrictions as set forth in FAR 52.227-19, subparagraph (c)(i)(ii) of DOD FAR SUPP 252.227-7013, or equivalent government clause for other agencies.

Patents Notice. The product described in this document is protected by U.S. Patent No. 6,941,463, U.S. Patent No. 6,957,341, US Patent 7,287,166, and Patents Pending.

Microsemi, the Microsemi logo, EnforcIT, SmartFusion, Igloo, Active Defense for Software, Securing Critical Assets, and Guarding your IP are either registered trademarks or trademarks of Microsemi Corporation in the United States and/or other countries. Xilinx, Virtex, ISE, and Chipscope are registered trademarks of Xilinx, Inc. Altera, Cyclone, and Quartus are registered trademarks of Altera Corporation. PowerPC is a registered trademark of IBM Corporation. All trademarks are applicable in the United States and/or other countries.

## **Overview**

## Scope

This document is intended to provide the reader with sufficient knowledge to correctly interface the BAC with the Key Module component and to understand how to configure both to execute the FIPS 197 Advanced Encryption Standard algorithm. The interfaces for the BAC will be described, as well as some module use cases. For more information concerning the Key Module component, please reference the Key Module User Guide. Additionally, this document will provide recommended configurations for the Key Module component for use with the BAC.

#### **HardAES Overview**

HardAES is a Differential Power Analysis (DPA) resilient implementation of the FIPS 197 Advanced Encryption Standard algorithm by the application of the firmware BAC component, the HardAES Software application, and a Key Module compatible storage component.

#### **Features**

The HardAES implementation provides the following:

- DPA resistant execution of the FIPS 197 Advanced Encryption Standard algorithm
- Key length agnostic algorithm execution capable of executing AES 128, 192 or 256 with the same design
- Runtime key update
- Support for unique execution variation
- Support for Key Module PUF implementation for key modifier data

# **Operation**



Figure 1: HardAES Interface

HardAES can utilize the BAC to parse a key generated by the HardAES software application to perform FIPS 197 AES.

# **Generic Parameters**

The BAC has several options that are user configurable via HDL generics.

| Generic                 | Туре         | Definition                                                                  |
|-------------------------|--------------|-----------------------------------------------------------------------------|
| ENFORCIT_DEVICE_FAMILY  | deviceFamily | Cyclone3LS, Virtex4, Virtex5,<br>Virtex6, Spartan6, SmartFusion2,<br>Igloo2 |
| KEY_MODIFIER_DATA_WIDTH | Integer      | The width of the key modifier supplied to the BAC                           |
| KEY_DATA_WIDTH          | Integer      | The width of the key data port supplied to the BAC                          |
| DATA_WIDTH              | Integer      | The width of the data port supplied to the BAC                              |

Table 1: Generic Descriptions

## **Interfaces**

### **Hardware Interface**

Signals are synchronous to the rising edge of clock and are active high unless otherwise noted.

| Port Name           | Input/Output | Width          | Description                                                                      |
|---------------------|--------------|----------------|----------------------------------------------------------------------------------|
| clock               | in           | 1              | Clock signal                                                                     |
| reset_n             | in           | 1              | Active low: reset signal                                                         |
| ready_for_input     | out          | 1              | Indicates the module is ready to capture data on data_in                         |
| input_valid         | in           | 1              | Indicates valid data on data_in                                                  |
| data_in             | in           | DATA_WIDTH     | Data input port                                                                  |
| data_out            | out          | DATA_WIDTH     | Data output port                                                                 |
| output_valid        | out          | 1              | Indicates valid data on data_out                                                 |
| ready_for_output    | in           | 1              | Indicates the user is ready to capture data on data_out                          |
| key_data_in         | in           | KEY_DATA_WIDTH | Key data input port                                                              |
| key_data_valid      | in           | 1              | Indicates valid data on key_data_in                                              |
| key_ready_for_input | out          | 1              | Indicates the module is ready to capture data on key_data_in                     |
| key_initialize_read | out          | 1              | Indicates the module is requesting that key data be restarted from the beginning |
| key_modifier_data   | in           | Configurable   | Input port for unique execution data                                             |
| key_modifier_valid  | in           | 1              | Indicates valid data on key_modifier_data                                        |

Table 2: Port Descriptions

## **Special Consideration**

- Note on configuration of Key Module
  - For space savings, we recommend leveraging the Key Module as the key storage mechanism, implementing it using the EmbeddedRam storage type. The underlying RAM within the Key Module may or may not be secured.
  - If the Key Module must store generated keys of different lengths, keys that are not the same length as the largest key must be padded with zeros for proper operation.
- Note on interoperability of Key Module and key modifier data interface
  - The key modifier data interface is compatible with the Key Module: you must initialize read according to the Key Module interface specification to retrieve the key modifier data.
  - You may use the Key Module with PUF storage to enable per device unique execution.
- Note on Key Data
  - o This data should be protected as if it were the original key.

# **Component Declaration**

A VHDL package file will be delivered containing the component declaration of the BAC.

## **Use Cases**

**Use Case: DPA Resistant AES** 

The BAC is designed to mitigate DPA vulnerabilities with a security versus performance tradeoff.

## References

NIST FIPS-197, November 2001, Advanced Encryption Standard, <a href="http://csrc.nist.gov/publications/fips/fips-197.pdf">http://csrc.nist.gov/publications/fips/fips-197.pdf</a>