This project aims to develop reconfigurable open-source cryptographic hardware IP cores for Next Generation Internet. With the Internet of Things upon us, security and privacy are more important than ever. On the one hand, the risks are high if the security and privacy features are exclusively implemented in software. On the other hand, if implemented solely in hardware, it is impossible to fix bugs or deploy critical updates, a threat to security and privacy. Hence, we propose to use reconfigurable hardware, providing the flexibility of software and the trustworthiness of hardware. There have been proposals to implement cryptographic IP cores using Field Programmable Gate Array (FPGAs). However, the FPGA configuration infrastructure is cumbersome and proprietary, increasing device cost and compromising safety. Hacking into it requires first hacking the device’s configuration infrastructure and then hacking the algorithm itself, which is way more complicated. Therefore, we propose to use open-source Coarse-Grained Reconfigurable Arrays (CGRAs) instead of FPGAs. CGRAs have much lighter configuration circuits and are not controlled by any private entity.
Clone the repository and the submodules with:
git clone --recursive git@github.com:IObundle/IOb-SoC-OpenCryptoHW.git
or using the url:
git clone --recursive https://github.com/IObundle/IOb-SoC-OpenCryptoHW.git
The IOb-SoC-OpenCryptoHW system can build and run an environment for PC with:
make pc-emul-run
This target performs the Short Message Test for Byte-Oriented sha256()
implementations from the
NIST Cryptograpphic Algorithm Validation
Program.
The test vectors are a set of 65 messages from 0 to 64 byte length. The implementation program only receives the messages and outputs the corresponding message digests (MD). An external script compares the implementation output with the expected MD from the test vectors.
The implementation output can be checked manually from terminal and
software/pc-emul/ethernet.log
To clean the workspace after PC emulation:
make pc-emul-clean
PC emulation program requires:
- Git
- Make
- gcc
- Python 3.6+
The IOb-SoC-OpenCryptoHW system can be emulated using a verilog simulator like icarus with:
# Test with all supported simulators
make test-sim
# Test with a specific simulator
make sim-test SIMULATOR=icarus
make sim-test SIMULATOR=verilator
To clean the workspace after the RISCV emulation:
make test-sim-clean
RISCV emulation requires:
- PC Emulation requirements
- RISCV toolchain
- Add the RISCV toolchain to you
PATH
variable in$HOME/.bashrc
:
export RISCV=/path/to/riscv/bin export PATH=$RISCV:$PATH
- Add the RISCV toolchain to you
- Verilog simulator, for example:
The system can be tested on FPGA with:
make test-fpga
The results can be manually checked in the terminal and in
hardware/fpga/<tool>/<board>/ethernet.log
, where <tool>
is the tool used
for synthesis and <board>
is the board directory name.
The system has been tested with the AES-KU040-DB-G
board from Xilinx. In that
case the results can be found in: hardware/fpga/vivado/AES-KU040-DB-G
.
To clean the workspace after the FPGA execution:
make test-fpga-clean
FPGA execution requires:
- Supported FPGA board
- Setup environment for FPGA execution
- Add the executable paths and license servers in
$HOME/.bashrc
:
export VIVADOPATH=/path/to/vivado ... export LM_LICENSE_FILE=port@licenseserver.myorg.com;lic_or_dat_file
- Follow IOb-soc's README for more installation details.
- Add the executable paths and license servers in
The system can be profiled using a Timer core, a software controlled counter.
The pc-emul
version simulates the counter behaviour by calling the C standard
<timer.h>
library.
The profiling is available for pc-emul
using the following command:
make pc-emul-profile
The pc-emul-profile
target outputs an emul_profile.log
file with the
profiling information.
For fpga
profiling run the following command:
make fpga-run-profile
The fpga-run-profile
target outputs a fpga_profile.log
file with the
profiling information.
The system supports ethernet communication using the IOb-Eth core.
Check IO-Eth's README for setup instructions and further details.
The acceleration of SHA application requires the design of custom functional units (FUs). These FUs can be validated with unit tests by running the command:
make test-versat-fus
The custom FUs are in hardware/src/units/
.
Alternatively, the same FUs can be generated from SpinalHDL using the command:
make test-versat-fus SPINAL=1
The SpinalHDL sources are in hardware/src/spinalHDL
.
Check hardware/src/spinalHDL/README.md
for more details to setup the
requirements to use SpinalHDL.
This project is funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.