Interoperable Encryption of HDL Intellectual Property

Introduction

Starting with Verilog 2005 and subsequent Hardware Description Language standards, the idea of using source level encryption for Intellectual Property protection was introduced to the design and verification flow. Although the solutions presented in Verilog, VHDL, and SystemVerilog standards are based on the same donation and bear strong resemblance, each language standard shows some shortcomings. Those issues may not be noticeable when only one tool is using the encryption, but threaten invalidation of the flow when the same IP is to be used in multiple tools created by multiple vendors. IEEE is currently (April 2013) working on the proposed standard 1735 (a.k.a. IEEE P1735) that promises unification and the extension of encryption and IP protection methods. ALDEC has joined the P1735 working group and all ALDEC simulators released in 2012 support so called Version 1 Recommendations established by members of the group. Since the recommendations are not published by the working group yet, we are only signaling the most important issues addressed there:

  • Unification of pragmas used in encryption and decryption process.

  • Clarification of symmetric encryption flow in CBC mode, especially the treatment of Initialization Vector.

  • Clarification of asymmetric encryption flow using RSA cipher, especially proper padding of the message.

Controlling Encryption/Decryption in Source Code

Version 1 Recommendations

Creators of IP can control both encryption and decryption of HDL source by adding specially marked commands (or pragmas) to the source. The general format of those commands is:

<prefix> <command> <optional arguments> ...

where the <prefix> is `pragma protect in Verilog and SystemVerilog or `protect in VHDL. To clearly mark code supporting P1735 enhancements to the existing standards, members of the P1735 working group agreed to implement and recognize encryption command version with its argument set to 1 for Version 1 Recommendations. That’s why VHDL code containing line:

`protect version = 1

or Verilog/SystemVerilog code containing line

`pragma protect version = 1

should compile in any tool supporting Version 1 Recommendations, no matter which encryption tool supporting the same recommendations created it.

Authorizing ALDEC Simulators While Encrypting with Other Vendor Tools

Encryption tools should be able to recognize and use public keys of tools/vendors authorized to use the IP placed directly in the code. To guarantee proper recognition by the target tool, public key should be clearly labeled with:

  • Key owner name – to let vendor tool know that this section was created for it.

  • Key name – to let the tool select proper private key (vendor may support more than one key).

  • Encryption method – while RSA is the most popular algorithm, others are also supported.

The example of properly marked ALDEC public key in VHDL code is shown below:

`protect key_keyowner = "Aldec"
`protect key_method = "rsa"
`protect key_keyname = "ALDEC15_001"
`protect key_public_key
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+Sho7wbmV55WteRlk1A
Wr9gdsSIWpH5Lq7YEbdyGUyUclNHckfaQysgbfh2qktqrhC9SKC+IDTJ83XfZUGZ
ZbXdlDcW3hC3eM7Wbr7ddZTPp7geXYjMt9XIQDdpXAmPwGylpIBD6+BGmUf+HiDm
0qoNa2vUbfx3PQDa5m3MK89AyMKmGumF54kDU/eYgXgi3TWrckqYokyDUD6r1Xea
Mtjvyi8oaI4bh6ewm2U+D700CLfeLP3+xgANjNZUfYevjo9xfKM9dnLx5EC7HyqT
kM4RFYqABQsbrinRqZespR3gtCVMoU8dIic440ORqPtIvQ8Kyc9zK8XV4gZAN3Et
bwIDAQAB

Figure 1: ALDEC public key in VHDL code

Equivalent section of Verilog/SystemVerilog code looks like this:

`pragma protect key_keyowner = "Aldec"
`pragma protect key_method = "rsa"
`pragma protect key_keyname = "ALDEC15_001"
`pragma protect key_public_key
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+Sho7wbmV55WteRlk1A
Wr9gdsSIWpH5Lq7YEbdyGUyUclNHckfaQysgbfh2qktqrhC9SKC+IDTJ83XfZUGZ
ZbXdlDcW3hC3eM7Wbr7ddZTPp7geXYjMt9XIQDdpXAmPwGylpIBD6+BGmUf+HiDm
0qoNa2vUbfx3PQDa5m3MK89AyMKmGumF54kDU/eYgXgi3TWrckqYokyDUD6r1Xea
Mtjvyi8oaI4bh6ewm2U+D700CLfeLP3+xgANjNZUfYevjo9xfKM9dnLx5EC7HyqT
kM4RFYqABQsbrinRqZespR3gtCVMoU8dIic440ORqPtIvQ8Kyc9zK8XV4gZAN3Et
bwIDAQAB

Figure 2: ALDEC public key in Verilog code

When IP creator is using the encryption tool provided by any vendor other than ALDEC, but wishes to support ALDEC simulators in the encrypted code, he or she should add snippets of code listed above to the source processed by the encryption tool. Please check the documentation of the encryption tool for detailed instructions how to use it. Please note that the ALDEC15_001 key will work only with ALDEC simulators available in Active-HDL 10.2 Update 2 (BUILD 3312.5682.02) and Riviera-PRO 2015.06 (BUILD 2015.06.92.5791) or newer. It may be revoked by ALDEC in the future if its security is ever compromised.

Authorizing Other Tools While Encrypting with ALDEC Tool

ALDEC provides the encryption tool with executable called protectip and located in the bin folder of the simulator installation. While using the ALDEC encryption tool, specifying the ALDEC public key in code is not needed, since the tool adds it automatically. For example, elementary encryption envelopes seen in Figure 6 and Figure 7 will generate a block encrypted with ALDEC public key. If the code encrypted by the ALDEC tool is to be used also by some other tool, the appropriate section containing the other tool public key and matching labels should be added to the source prior to the encryption by the ALDEC utility. Since ALDEC is not authorized to distribute public keys belonging to other vendors and tools, the IP creator should retrieve them from the current documentation of those tools or contact the tool vendor to obtain them. The code listing shown below (Figure 3) uses a dummy vendor name Acme to show how the vendor key section should look.

`pragma protect key_keyowner = "Acme"
`pragma protect key_method = "rsa"
`pragma protect key_keyname = "ACME_KEY7_11"
`pragma protect key_public_key
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCh/TyTxv6yTpGxBRQ0RBuTNc05
gcwndTBEOgJVKinj9bNiUCLoFU3YTGa/L+M0pTfR/eetiIu1AnFg9Y4sKXYmaCjx
1/7hOB07hUK+vl0xNXk701/Q0wwoQfVsHctTbwRP8NGVKbqlP//QL+o1UC1FPixy
FZy6oMnRULLoBy0s8QIDAQAB
`pragma protect begin
// Verilog code to be encrypted
module top;
 . . . 

Figure 3: Code with Acme key prepared for encryption

Prefix of the encryption commands should be changed to `protect while modifying a VHDL source. If the vendor public key is not available in the format shown above, it may be delivered in the .PEM file format shown below:

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCh/TyTxv6yTpGxBRQ0RBuTNc05
gcwndTBEOgJVKinj9bNiUCLoFU3YTGa/L+M0pTfR/eetiIu1AnFg9Y4sKXYmaCjx
1/7hOB07hUK+vl0xNXk701/Q0wwoQfVsHctTbwRP8NGVKbqlP//QL+o1UC1FPixy
FZy6oMnRULLoBy0s8QIDAQAB
-----END PUBLIC KEY-----

Figure 4: Public key sample in .PEM format

The encoded public key located between “-----BEGIN PUBLIC KEY-----” and “-----END PUBLIC KEY-----” anchors can be copied to the template presented earlier. Prefixed commands identifying the key and its owner should be adjusted to reflect the data provided by the vendor. If the encryption envelope in the IP source contained a non-ALDEC public key, the source encrypted by the ALDEC tool will contain two decryption envelopes:

  • One containing session key encrypted using ALDEC public key.

  • One containing session key encrypted using public key specified in the encryption envelope.

For example, if the code shown in Figure 3 is encrypted using the protectip.pl tool provided by ALDEC, the code similar to the one shown in Figure 5 will be generated. The decryption envelope with two key blocks is highlighted with different background colors in Figure 5. The ALDEC tool or the other vendor tool are able to recognize their decryption envelope using key owner and key name fields inside the envelope.

Figure 5: Encrypted code with the decryption envelope

Marking Code to Be Encrypted

While it is possible to encrypt the entire source by specifying the appropriate options of the encryption tool, some portions of the IP file may work better while left unencrypted. Typical examples include wrappers that simplify instantiation of the IP or auxiliary blocks that have to be modified by the end user of the IP. The IP creator can precisely control which areas of the source code will be encrypted by placing encryption commands begin and end around them. Placing those two commands creates an elementary encryption envelope in the IP source. Extending elementary encryption envelopes is possible, e.g. by adding the public key specifications before the begin command (see Figure 3 above for quick example). After successful encryption, each encryption envelope is converted to a decryption envelope

`pragma protect begin
module A; // this module will be encrypted
  ...
endmodule
`pragma protect end
module B; // this module will not be encrypted
  ...
endmodule

Figure 6: Verilog code with elementary encryption envelope

Similar example of partially protected VHDL source:

package my_pack is  -- this portion will not be encrypted
	function magic (arg : integer) return integer;
end package my_pack;

`protect begin
package body my_pack is -- this portion will be encrypted
	function magic (arg : integer) return integer is
	begin
		report "Magic function was called!";
		return arg * arg + 777;
	end function magic;
end package body my_pack;
`protect end

Figure 7: VHDL code with elementary encryption envelope

In both cases of sources with encryption envelopes protecting only a portion of the code, the encryption tool will leave the unprotected code ‘as is’ and replace the encryption envelope with the decryption envelopes we see in Figure 8 below.

package my_pack is  -- this portion will not be encrypted
	function magic (arg : integer) return integer;
end package my_pack;

`protect begin_protected
`protect version = 1
`protect encrypt_agent= "Aldec protectip.EXE", encrypt_agent_info= "Riviera-PRO <version>"
`protect key_keyowner= "Aldec", key_keyname= "ALDEC15_001", key_method= "rsa"
`protect encoding= (enctype="base64", line_length= 76, bytes= 256)
`protect key_block
tZn7yT+LkIkXqQ6lJSKmhadLXsPeUqm6aCG6QfAhlZ1GabzBjZrvvUNKPR9AaY81UGqwMpTQDByK
lLdAxX/5JJ9k1AtAs4tHbJ9dngdBFvhdP6uTtl7f1sYw/hAYmpZ3MMymaOgf0jkzyG6Fzkie+f2c
OOtIZKSBR3oy5plVENHq8xVZ5doCBu3RKGr7t0Bnk3mcm0iWuAdg7XAaPp2boNlFSP2hUOe87XIZ
pIax/SLYA/wVwJfScU/rg6BnUJL/uFIelxy5dwZ7PEL5kGFaaBRxDStfbdnsmiekzhLu8TUA3tz0
cWZrV/csNozicvoqRBH//5Rn63Wxgxa96qnYyA==

`protect data_method= "aes128-cbc"
`protect encoding= (enctype="base64", line_length= 76, bytes= 256)
`protect data_block
+U8qeYNCk+5gj/tbATIYK2yDzbq3fRffL+Qfg1LHdiXCDlOM40DuKqCdjfx8gHd2NGvKUzYIdW1m
zijtJvFck2oLWVilm5V5W87h78D3IdDMTscN+OyRwG1j1zVGb21zSnYWpG5M38bjSBrxyL5LZRwf
tNvLjbhekjlNZF4at140jqNMcrqU/PGBgEkACJs0AO1EtrCyC4a+OQD0VF4OO3VcGOEnitt8qW/4
t9znhCAfgiRKf12N2Vj//7XwSMzP8kqGIB2V76SwKYrrdGPwlbwnciYynW0sr1rW0vp+ZLYz1cGN
2MZ8GtFiVHTq/xju5KxSeM64FxLahM3P+9nPUg==
`protect end_protected

Figure 8: Partially protected source after encryption of code from Figure 7

Symmetric Key Recommendation

It is possible to manually specify a symmetric key (session key) used for source encryption and then encrypt using public keys of authorized tools/vendors. This practice is strongly discouraged due to the increased risk of breaking the entire protection scheme. Using explicitly specified symmetric keys should be restricted to in-house testing of the encryption/decryption flow and should never be used in production IP. In the absence of an explicitly specified symmetric key, the ALDEC encryption tool generates a random key of the suitable length. This method of generating symmetric keys should be required in production IP and highly recommended in all other cases.

Useful Options of ALDEC Encryption Tool

The table shown below lists the most useful options that can be specified while executing the protectip encryption tool.

Option

Explanation

-out <name>

Encrypted output file name (can contain path).

-vhd

VHDL 2008 style of encryption.

-v2k5

Verilog 2005 style of encryption (also applies to SystemVerilog).

-a

IP author identification (e.g. “johnd@acme.com”).

-dko

Symmetric encryption key owner (e.g. “Acme”).

-dkn

Symmetric encryption key name (e.g. “Random”).

-c

Symmetric cipher to be used: des-cbc, 3des-cbc, aes128-cbc, aes256-cbc or bf-cbc; key will be generated randomly.

While executed from the Riviera-PRO GUI, the name of the encryption tool should be preceded with the sh command, like in the example of the Verilog encryption shown below:

sh protectip top.v -out top_ip.v -v2k5 -a "johnd@iphouse.com" -dko "IP_House" -dkn "Random" -c aes128-cbc 

While executed from the Active-HDL GUI, the name of the encryption tool should be preceded with the ! command, like in the example of VHDL encryption shown below:

! protectip top.vhd -out top_ip.vhd -vhd -a "johnd@iphouse.com" -dko "IP_House" -dkn "Random" -c aes128-cbc 

The examples shown above are compatible with scripts used in the ALDEC simulators. Users are encouraged to check the online documentation of their current simulator release for additional options that may be useful for their particular applications.

NOTE: The –ef option of the encryption tool is provided for backwards compatibility and should not be used for interoperable encryption.

Ask Us a Question
x

Ask Us a Question

x
Captcha ImageReload Captcha
Incorrect data entered.
Thank you! Your question has been submitted. Please allow 1-3 business days for someone to respond to your question.
Internal error occurred. Your question was not submitted. Please contact us using Feedback form.