1 / 32

Synopsys P1735 Proposals

Synopsys P1735 Proposals. Dave Graubart & Parminder Gill November 1, 2010. Agenda. Problem Statement Requirements Proposals Plan: Between now and next meeting: collect feedback and contribute to Twiki. Problem Statement. Interoperability needs not yet met Rights management

nairi
Download Presentation

Synopsys P1735 Proposals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Synopsys P1735 Proposals Dave Graubart & Parminder Gill November 1, 2010

  2. Agenda Problem Statement Requirements Proposals Plan: Between now and next meeting: collect feedback and contribute to Twiki

  3. Problem Statement • Interoperability needs not yet met • Rights management • More complex tool flows • EDA tool version control • These are essential for Synopsys FPGA synthesis in first version of 1735 • We’re now prepared to make contributions

  4. More Complex Tool Flow C or M High level synthesis RTL SDC Simulation RTL synthesis Netlist Formal Verification Place & Route PlacedNetlist

  5. Requirements Extensibility to any language Tool rights User rights IP creation tool Control of authorized tool versions

  6. Requirement 1: Extensibility to any language • Support existing envelope for Verilog and VHDL • Support envelope as header in any file • Useful for C, M (Matlab), Edif, SDC, and others

  7. Requirement 2: Tool Rights • Create rights/control block per key block • Plain text so end-user can view • Digest line that is tamper-proof and tightly associated with IP • Each right can be conditional • Narrow scope of public key: key for single tool or family of similar tools, not one key for a big EDA vendor

  8. Requirement 3: User Rights • Identical mechanism to Tool Rights • Use conditional syntax where condition varies by user • Condition can be satisfied in multiple ways such as • License requirement • Password • One-time activation • Arbitrary mechanism

  9. Requirement 4: Tool for IP Author • Lower barrier for IP author participation • Synopsys can contribute script that uses OpenSSL to process: • Encryption envelope or source plus commands • Key repository

  10. Requirement 5: Control of authorized tool versions • Allow IP author to specify minimum version of tool • After security fix • After functional enhancement • Avoid expensive introduction of new keys • Different than P1735 version

  11. Details and Proposed Solutions

  12. Encrypted Synthesis flow RTL Log file Graphical Views Compile Compiler log messages RTL view Map Mapper log messages Technology view Netlist

  13. Encrypted Synthesis flow RTL Log file Graphical Views Compile Compiler log messages RTL view Compiler log messages RTL view Map Mapper log messages Technology view Mapper log messages Technology view Mapper log messages Technology view Netlist Netlist Netlist Netlist

  14. Encrypted Synthesis flow RTL Log file Graphical Views Compile Compiler log messages RTL view Compiler log messages RTL view Map Mapper log messages Technology view Mapper log messages Technology view Mapper log messages Technology view Netlist Netlist None, No-name, No-restriction Netlist Log Messages None, Interfaces, No-restriction Netlist Visibility None, Encrypted, Obfuscated Plain-text Output Method

  15. Introducing Control Block Decryption Envelope (current) Key Block - Simulation User Key Block - Synthesis User Data Block

  16. Introducing Control Block Decryption Envelope (enhanced) Basic encryption Key Block - Simulation User Key Block - Synthesis User Encryption with fine grained controls Control Block - Synthesis User Data Block

  17. Enhancing Key Block Decryption Envelope (current) Key Block - Simulation User Session Key (for data-block) Key Block – Synthesis User Session Key (for data-block)

  18. Enhancing Key Block Decryption Envelope (enhanced) Key Block - Simulation User Session Key (for data-block) Key Block – Synthesis User Session Key (for data-block) Session Key (for control-block) Control Block – Synthesis User

  19. Enhancing Key Block Decryption Envelope (enhanced) Key Block - Simulation User Session Key (for data-block) Key Block – Synthesis User A Session Key (for data-block) Session Key (for control-block) Separate Control block for each tool Control Block – Synthesis User A Key Block – Synthesis User B Session Key (for data-block) Separate Control block session key for each tool Session Key (for control-block) Control Block – Synthesis User B

  20. Defining Control Block Decryption Envelope (enhanced) Key Block - Simulation User Key Block - Synthesis User Control Block Control Line: Right=value Control Line: Right=value, condition Control Digest

  21. Syntax Proposal – Key Block Decryption Envelope (current) `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block <session key> `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected encoded encrypted

  22. Syntax Proposal – Key Block Decryption Envelope (enhanced) `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key=<session key> control-session-key=<control session key> `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected encoded encrypted

  23. Syntax Proposal – Control Block Decryption Envelope (re-spaced) `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key=<session key> control-session-key=<control session key> `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected

  24. Syntax Proposal – Control Block Decryption Envelope (enhanced) `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key=<session key> control-session-key=<control session key> `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect <right>=<value> `protect <right>=<value>, <conditions> `protect encoding=(enctype=“base64”, …), control_digest encoded encrypted control digest `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected

  25. Control Block – Internal Details Decryption Envelope (enhanced) Key Block - Simulation User Control Block Control Line: Right=value Control Line: Right=value, condition Control Digest Data Block

  26. Syntax Example – Control Block Decryption Envelope (enhanced with examples) `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key=<session key> control-session-key=<new session key> `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect control_visibility=none `protect control_visibility=unrestricted, data_state=mapped `protect control_log_messages=noname `protect control_output_method=encrypted `protect control_output_method=plain-text, license=(…) `protect encoding=(enctype=“base64”, …), control_digest encoded encrypted control digest `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected

  27. Introducing Tool Version Decryption Envelope (enhanced) Key Block - Simulation User Session Key (for data-block) Key Block – Synthesis User Session Key (for data-block) Session Key (for control-block) Synthesis User Tool with version older than this is not allowed to read this IP Tool Version Control Block – Synthesis User

  28. Syntax – Tool Version Decryption Envelope (enhanced with examples) `protect begin_protected `protect key_keyowner=“IP User”, key_method=“rsa” `protect encoding=(enctype=“base64”, …), key_block data-session-key=<session key> control-session-key=<new session key> tool-version=<version number> `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect control_visibility=none `protect control_visibility=full, data_state=mapped `protect control_log_messages=noname `protect control_output_method=obfuscated `protect control_output_method=plain-text, license=(…) `protect encoding=(enctype=“base64”, …), control_digest encoded encrypted control digest `protect data_method=“des-cbc” `protect encoding=(enctype=“base64”, …), data_block encoded encrypted IP `protect end_protected

  29. Encryption Script (for IP Vendors) IP Source File Verilog source VHDL Source … Encrypted IP Source (Decryption Envelope) Encryption Tool/Script Key Repository IP User A = <Public Key> IP User B = <Public Key>

  30. Encryption Script – Enhancements(for non-HDL files) IP Source File C/EDIF source Design constraints … Encrypted IP Source (Decryption Envelope) Encryption Tool/Script IP Encryption Header `protect pragmas Key Repository IP User A = <Public Key> IP User B = <Public Key>

  31. Syntax Example – Encryption Header Encryption Header file `protect key_keyowner=“IP User”, key_method=“rsa”, key_block `protect control_keyowner=“IP User”, control_method=“des-cbc”, control_block `protect control_visibility=none `protect control_visibility=full, data_state=mapped `protect control_log_messages=noname `protect control_output_method=obfuscated `protect control_output_method=plain-text, license=(…) `protect data_method=“des-cbc”, begin <IP Source File>.c `protect end Optional. If present, ensures encryption header is linked to specified file only

  32. End Thank You

More Related