AES256GCM 10G25G IP Demo Instruction
Rev1.03 25-Apr-2023
2. FPGA development board setup
4. Command detail and testing result
This document describes the instruction to demonstrate the operation of AES256GCM10G25GIP on FPGA development boards. In the demonstration, AES256GCM10G25GIP is used to encrypt and decrypt data between two memories in FPGA and provide authentication tag. User can fill memory with Additional Authenticated Data (AAD), DataIn patterns, set encryption/decryption key, Initialization Vector (IV), and control test operation via Nios II Command Shell.
To operate AES256GCM10G25GIP demo, please prepare following test environment.
1) FPGA development board
Agilex F-series development kit,
Arria10 SoC Development board
2) Test PC.
3) Micro USB cable for JTAG connection connecting between FPGA boards and Test PC.
4) Quartus programmer for programming FPGA and Nios II command shell, installed on PC.
5) SOF file named “AES256GCM10G25G.sof” (To download these files, please visit our web site at www.design-gateway.com)
Figure 1‑1 AES256GCM10G25GIP demo environment on Agilex F-series board
Figure 1‑2 AES256GCM10G25GIP demo environment on Arria10 SoC board
1) Make sure power switch is off and connect power supply to FPGA development board.
2) Connect USB cables between FPGA board and PC via micro-USB ports.
3) Turn on power switch for FPGA board.
4) Open Quartus Programmer to program FPGA through USB-1 by following step.
i) Click “Hardware Setup…” to select
AGF FPGA Development Kit [USB-1] for Agilex F-series
USB-BlasterII [USB-1] for Arria10 SoC
ii) Click “Auto Detect” and select FPGA number.
iii) Select FPGA device icon (Agilex or A10SoC).
iv) Click “Change File” button, select SOF file in pop-up window and click “open” button.
v) Check “program”.
vi) Click “Start” button to program FPGA.
vii) Wait until Progress status is equal to 100%.
Figure 2‑1 FPGA Programmer for Agilex
Figure 2‑2 FPGA Programmer for A10SoC
For A10SoC after program SOF file complete, Quartus Prime will show popup message of Intel FPGA IP Evaluation Mode Status as shown in Figure 2‑3. Please do not press cancel button.
Figure 2‑3 Intel FPGA IP Evaluation Mode Status
User can fill RAMs with plain or cipher data patterns, set encryption/decryption key and control test operation via Nios II Command Shell. When configuration is completed, AES256GCM10G25GIP demo command menu will be displayed as shown in Figure 3‑1. The detailed information of each menu is described in topic 4.
Figure 3‑1 Nios II Command Shell
Step to set key as follows
a) Select “KeyIn Setting”.
b) Current key will be displayed on Nios II Command Shell as shown in Figure 4‑1.
c) Set new key: User is allowed to input new key in hex format or press “enter” to skip setting new key. Then the current key is printed again.
Figure 4‑1 KeyIn setting example
Step to set IV as follows
a) Select “IvIn Setting”.
b) Current IV will be displayed on Nios II Command Shell as shown in Figure 4‑2.
c) Set new IV: User is allowed to input new IV in hex format or press “enter” to skip setting new IV. Then the current IV is printed again.
Figure 4‑2 IvIn setting example
To show data in memory, user can select “Show Data Memory”. User can input the desired length of data in byte to show. The data length will be aligned to 128 bits. DataIn and DataOut will be displayed in table-form as shown in Figure 4‑4. User can press “enter” to use 80 bytes as default value.
Figure 4‑3 Displayed data when input the desired length of data
Step to set AAD as follows
a) Select “Fill AAD Memory”.
b) Input the desired length of AAD in byte. In case of zero-length AAD operation, user can input “0” or press “enter” then end process of this menu. In case of non-zero-length AAD, user can select AAD pattern as shown in Figure 4‑3.
c) There are four pattern to fill AAD memory.
a. zero pattern
b. 8-bit counter
c. 16-bit counter
d. 32-bit counter
d) AAD memory will be filled with selected pattern by the number of AAD and zero-padding to become 128-bit padded data.
Figure 4‑4 Displayed data when set AAD pattern
Step to fill DataIn in memory as follows
a) Select “Fill DataIn Memory”.
b) Input the desired length of data in byte. In case of zero-length DataIn operation, user can input “0” or press “enter” on keyboard then end process of this menu. In case of non-zero-length DataIn, user can select data pattern.
c) There are four pattern to fill memory.
a. zero pattern
b. 8-bit counter
c. 16-bit counter
d. 32-bit counter
d) Whole DataIn memory is filled with selected pattern after AAD according to the number of input data length as displayed in Figure 4‑5.
Figure 4‑5 Displayed data when set DataIn length and data pattern
Select “Encrypt Data” to encrypt DataIn in memory. Current length of AAD and length of DataIn are printed on Nios II Command Shell. When the encryption process is finished, both DataIn and DataOut will be displayed in table-form and 128-bit encryption tag will be printed as shown in Figure 4‑6.
Figure 4‑6 Nios II Command Shell after finished encryption process
Select “Decrypt Data” to decrypt DataIn in memory. Current length of AAD and length of DataIn are printed on Nios II Command Shell. When the decryption process is finished, both DataIn and DataOut will be displayed in table-form and 128-bit decryption tag will be printed as shown in Figure 4‑7.
Figure 4‑7 Nios II Command Shell after finished decryption process
Select “Bypass Data” to Bypass DataIn in memory. Current length of AAD and length of DataIn are printed on Nios II Command Shell. When the Bypass process is finished, both DataIn and DataOut will be displayed in table-form as shown in Figure 4‑8.
Figure 4‑8 Nios II Command Shell after finished Bypass process
Select “Clone Memory” for copy DataOut memory to DataIn memory. When the process is finished, both DataIn and DataOut will be displayed in table-form as shown in Figure 4‑9.
Figure 4‑9 Nios II Command Shell after finished Clone Memory process
Select “Loop verification”, to check both encryption and decryption. In this menu, DataIn in memory will be encrypted/decrypted with all current parameters (key, IV, AAD and data in DataIn memory).
The function begins by read and store data from the DataIn memory as an original data and clear the DataOut memory before encryption, then start encryption process. After the encryption is completed, the data from the DataOut memory is cloned to the DataIn memory and decryption process is performed. Once the decryption is completed, the decrypted data is compared with the original data, and the encryption tag is compared with the decryption tag.
If the decrypted data and decryption tag match with original data and encryption tag, respectively, “Loop verification succeeded.” is printed on Nios II Command Shell as shown in Figure 4‑10.
Figure 4‑10 Nios II Command Shell after loop verification is succeeded
Revision |
Date |
Description |
1.00 |
17-Jun-2022 |
Initial version release |
1.02 |
27-Oct-2022 |
Update description for new design |
1.03 |
20-Jan-2023 |
- Add Bypass feature. - Improve performance. |