User Guide: DSim IEEE 1735 Encryption (Verilog and VHDL)

Modified on Thu, 11 Jul at 11:43 AM

User Guide: DSim IEEE 1735 Encryption (Verilog and VHDL)

In order to protect source code, Metrics has developed tools to support IEEE1735 encryption. The encryption strength is similar to that provided by SSL, and is considered to be the strongest publicly available.

dvlencrypt works with Verilog or SystemVerilog code.

dvhencrypt works with VHDL code.

Usage:

DSim Cloud CLI

mdc dvlencrypt -a '<input_plain.sv> -i <recipe.sv> -o <output_encrypted.sv>'
mdc dvhencrypt -a '<input_plain.vhdl> -i <recipe.vhdl> -o <output_encrypted.vhdl>'

DSim

dvlencrypt <input_plain.sv> -i <recipe.sv> -o <output_encrypted.sv>
dvhencrypt <input_plain.vhdl> -i <recipe.vhdl> -o <output_encrypted.vhdl>

IMPORTANT: Always hand-inspect the output to ensure that all sections intended to be encrypted are actually encrypted. If you fail to specify the parameters for a section properly, it may not be encrypted.
Requirements:
- Every input file requires an encryption pragma protect pattern marking up the secret sections.
- Every instance within the file that needs to be encrypted, requires the encryption pragma protect pattern of each of the secret sections.

Verilog Example (IEEE1735 Version 1)

Take this SV code marked with the required pragma protect patterns for the secret sections.

input_plain.sv:

module top;
`pragma protect begin
    initial $display("this is secret stuff 1");
`pragma protect end

initial $display("this is not secret stuff");

`pragma protect begin
    initial $display("this is secret stuff 2");
`pragma protect end
endmodule

Save this common encryption recipe file, which has the public encryption key for DSim.

recipe.sv:

`pragma protect version=1
`pragma protect author="author-a", author_info="author-a-details"
`pragma protect data_method="aes256-cbc"
`pragma protect key_keyowner="Metrics Design Automation Inc.", key_keyname="DSim_4k"
`pragma protect key_method="rsa"
`pragma protect key_public_key
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5rZhQIBxpDal0XLnemb/
mzRLUO/c1pHR6rZVUAtkFZlr96Qjrn7cbWL/781kFAvloq5dyivePihvsLcVbdyD
CXdxIww6ilCLLCQ1h+vDboS6KZ0SnJAmSDW4IDaXIVPZ7XToBu1oQHPlunm9Rg53
kme8izqkX7+C0OPGVFghQ/17jjAt44QOvpDJEWYOjk3WUmCmvu443l6yrzZP2tmV
Tr8J/wjoUvunnD7ht3odMoQmj4G/LD9O2BxNsbEvahqT1fqttuheAcK6nWAbb0wp
4U6Gd0Y6NzqY0PIiJx9hyEDgExDobor9jnBX8bBlI5yZezGTT9T5CsVaThjTsU/p
0bW2nlPoGGNy+v9aY/zQci7pKJBeclZKrfjey9LuEXLrpvSSb3tHheV6S2z9IYqw
Kmx0Vk7u4gQjFooh96UCxsqV6Q6pv+l3QNC1wuiVKM4JK5+oH9NnF37ceaiW/eEv
AQK79WMkjqYRQeonjjdHapUGIm8Q+dWeh/2pMIQYctlVk6zGiPViqd3PzQbqOSI8
iX4oPtCG+c8pUVtBizApkEtyugXC7Ol2Lvy4Z3V6vztzuuWMgkDQlsSyCq7CnjU0
VGQJkIaYESyem4vXXC4/8aUc+3+YfWFJMVvMOcY3WCK+ACDzo7NU8Flh/FqKU/vq
4Ff1zwlyioQH08oe+eny+UUCAwEAAQ==

VHDL Example (IEEE1735 Version 3)

Take this VHDL code marked with the required protect patterns for the secret sections.

input_plain.vhdl:

entity test is
end entity;

architecture rtl of test is
begin
    process
    begin
`protect begin
        report "this is secret stuff" severity note;
`protect end

        report "this is not secret stuff" severity note;

`protect begin
        report "this is secret stuff 2" severity note;
`protect end

        wait;
    end process;
end rtl;

Save this common encryption recipe file, which has the public encryption key for DSim.

recipe.vhdl:

`protect version=3
`protect author="author-a", author_info="author-a-details"
`protect begin_toolblock
`protect key_keyowner="Metrics Design Automation Inc.", key_keyname="DSim_4k"
`protect key_public_key
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5rZhQIBxpDal0XLnemb/
mzRLUO/c1pHR6rZVUAtkFZlr96Qjrn7cbWL/781kFAvloq5dyivePihvsLcVbdyD
CXdxIww6ilCLLCQ1h+vDboS6KZ0SnJAmSDW4IDaXIVPZ7XToBu1oQHPlunm9Rg53
kme8izqkX7+C0OPGVFghQ/17jjAt44QOvpDJEWYOjk3WUmCmvu443l6yrzZP2tmV
Tr8J/wjoUvunnD7ht3odMoQmj4G/LD9O2BxNsbEvahqT1fqttuheAcK6nWAbb0wp
4U6Gd0Y6NzqY0PIiJx9hyEDgExDobor9jnBX8bBlI5yZezGTT9T5CsVaThjTsU/p
0bW2nlPoGGNy+v9aY/zQci7pKJBeclZKrfjey9LuEXLrpvSSb3tHheV6S2z9IYqw
Kmx0Vk7u4gQjFooh96UCxsqV6Q6pv+l3QNC1wuiVKM4JK5+oH9NnF37ceaiW/eEv
AQK79WMkjqYRQeonjjdHapUGIm8Q+dWeh/2pMIQYctlVk6zGiPViqd3PzQbqOSI8
iX4oPtCG+c8pUVtBizApkEtyugXC7Ol2Lvy4Z3V6vztzuuWMgkDQlsSyCq7CnjU0
VGQJkIaYESyem4vXXC4/8aUc+3+YfWFJMVvMOcY3WCK+ACDzo7NU8Flh/FqKU/vq
4Ff1zwlyioQH08oe+eny+UUCAwEAAQ==
`protect end_toolblock

Guidelines

The version field is required, and must specify a version of the IEEE1735 standard, from 1 to 3.
- Most tools support only version 1.
- DSim supports versions 1-3. However, DSim does not define any rights, nor does it support licensing.
The author or author_info can be provided at your discretion as they are not used in the encryption. The information there can serve to identify your copyright in a tamper proof manner.
For versions 1-2, the data_method should be aes128-cbc or aes256-cbc (stronger). DES/3DES is not recommended, as they are weak by modern standards. No other ciphers are standardized.
For version 3, leave the data_method as default (aes256-cbc-hmac-sha512).
Keep the key_owner, key_name and key_public_key exactly as shown in the default encryption shown above. This is exact information needed by DSim to decrypt the protected code. Any changes here will prevent decryption.
You can also add public keys for other vendors here as well. These would also be specified exactly as above with their own key_owner, key_name and key_public_key. Note that data_method is common to all vendors. You may need to verify with each vendor that they can handle your intended data method.
Note in the default encryption recipe above that everything inside the `pragma protect begin and `pragma protect end (SV) OR inside the `protect begin and `protect end` (VHDL) will be encrypted and everything outside will not be. This allows you to expose part of some code that allows users to be able to see unencrypted code within a file.
Each encryption directive in the input file and recipe must begin with `pragma protect (SV) or `protect (VHDL).

Using Encryption Recipes

dvlencrypt and dvhencrypt support IEEEv3-style encryption recipes, which work as follows:

The first encrypted block will have the contents of the -i recipe inserted immediately after the begin line.
Subsequent encrypted blocks can re-use specifications from earlier blocks as follows:
If an item such as data_method is not given, then it is re-used from the previous block.
If the version directive is given in a subsequent block, then nothing is re-used. This can be used to completely reset the recipe.
Tool blocks are re-used. A tool block can be replaced by giving another tool block with the same key name/owner as a previous block.
A tool block can be added by giving a new key name/owner.
Tool blocks cannot be removed except by resetting the full recipe.

Previous versions of the tools simply copied the recipe into each protected block. The new functionality should be compatible with this use case, as it is merely re-using the recipe without any modifications.

Sample Output

Verilog, Version 1

output_encrypted.sv:

module top;
`pragma protect begin_protected
`pragma protect version=1
`pragma protect encrypt_agent="dvlencrypt"
`pragma protect encrypt_agent_info="Metrics Design Automation Inc. P1735 encryptor tool"
`pragma protect author="author-a"
`pragma protect author_info="author-a-details"
`pragma protect data_method="aes256-cbc"
`pragma protect key_keyowner="Metrics Design Automation Inc."
`pragma protect key_keyname="DSim_4k"
`pragma protect key_method="rsa"
`pragma protect key_block
Znkt5PYcXKDvlXkBI2iUpCgWQ8j+/pjBaUUUfzepi+4juOA8ttbP33CBuaAxT6of
jJ1jai7/WwHxersEYA83jncZiUWPIQUy6yg3Adt+Jyi9nFatU7dmFD4vyhS3w60C
cluajax+2oUCFRgugp3hnyNWZNBs9PK8CGK3Kn7KFEvo2NU9JZq6uoulyop77pk9
7ooeyC0otBkys4O9ppIXxZNM+cJ/IA/ixThdJPuX9WIWghWHhJkkWw30uTF+EXso
HqmG+bCaz9TMfJ+4QbCGZEP/Mv89EAwrfVn7luthZKsXhH+E6gJOuradeC8r/jk6
9GgKAZr9hwA5IrwTH6Y2PAkWxVd9mt4tB7AYhyjDk8pexcf0ajCjf03l2UY13Y/g
sWAiRCLHxdqlQRPRuxmCwtjkBfcaWdQxLb+TmhCgfIVUs5mHRbyF2Mm553PDx9pX
FwSQY0V+rKT3QIKwJlWmXVOcEAOvwP23YUI1sVh6PYG2uCvOnQ1ysUS3+cqHMlvk
oarOcSKPsdQiAH9Q/6TYpPpZOuZUwdYHFI44lzNwwtaxmh/Agc5Vj7Auyona49ON
UzLLWbODo8L4NDccrB0zac8GtmS4gU45xboil1sRGi9kF2X0/+JB5AUMH5+1x8CJ
sed2wW1ASoBNc+H7FSC7IoVhzWF1EI8/BiDSIHDhmEM=
`pragma protect data_block
mj64VG/mcb8cUwiAD8E8p1EfjJe3ywBxcJwDaWnBsXZGonvAxjmydHp2uCBlk830
iZlr9KvHOSo5AxIXO60LrLGbpb9gyKEymTcl5N+LZ4s=
`pragma protect end_protected


initial $display("this is not secret stuff");

`pragma protect begin_protected
`pragma protect version=1
`pragma protect encrypt_agent="dvlencrypt"
`pragma protect encrypt_agent_info="Metrics Design Automation Inc. P1735 encryptor tool"
`pragma protect author="author-a"
`pragma protect author_info="author-a-details"
`pragma protect data_method="aes256-cbc"
`pragma protect key_keyowner="Metrics Design Automation Inc."
`pragma protect key_keyname="DSim_4k"
`pragma protect key_method="rsa"
`pragma protect key_block
ayjsNIH3w3JOvFyKHUlAq4uKQgmWnoLwlzedMaZ3uRSBwQpwRjCnOc4MWIwWkOUg
H7vs22YpFWiGeLot3tLS4tGPqFSooSwoZbrPdRJVoqxgNfBaeMiryoTnM5IcWlV0
lzinrmJU3GUq622S0AEr+2EGThh8w/xfvLaZI2NnWc1h8lpe9cExyz+tqT/lAp52
ReZs5xWQUBPZXseWIeGb4i1TvLxuW/qsdnJrtHRJzhLtDaeV8BCX51nFiePlyJc4
V7ShcOjwKXDGbaWn9yKrYHazRsGR/+uxpxFuGjFyp38uQ+M7clQsXwuoKFfiH6iQ
3nJ+HMWfsDmfXk7nMHl1zm5CBhrQyPhIzG2NDepPjj6GgLUdO/R+EOQGVJwu0Efv
3bNomlMWOfzwZXivSP20BE5cSMxgwcYhQ1fkTJdAmVPSo0wU5wSY0ZZXS+bSYFEm
GYgGGpVzS8mDFu7VFs4T9ORHGN4YskzUJTFJqPGbxis7e3KdAVCWTrTXjwnleFi3
vd5SOIgoATAfc2EAb4xvavI1uleAImLnXvZc9d5Ckk2AeBloVt8Q4lD4EyMjD8ZB
3tMPEcWdP+CKDgq93RNdhfmsVkuQA8PcX5A4BXiOFefclGI/7SOaF2k7QS0DYKSs
JLDUsAhFK4It9fJdmarq/UDX2XVtnGoxJKGtezN+Ihc=
`pragma protect data_block
VkJGfqQZxRpLZD0MMfE/pOFYfJWavgwcqcHT7YAFmcW0iIA7sg//1PlSIgk2eL8f
FagtwSUPjt1bMfTTFBtVquludI2/FZtawsVulDFBygU=
`pragma protect end_protected

endmodule

VHDL, Version 3

output_encrypted.vhdl:

entity test is
end entity;

architecture rtl of test is
begin
    process
    begin
`protect begin_protected
`protect version=3
`protect encrypt_agent="dvhencrypt"
`protect encrypt_agent_info="Metrics Design Automation Inc. P1735 encryptor tool"
`protect author="author-a"
`protect author_info="author-a-details"
`protect data_method="aes256-cbc-hmac-sha512"
`protect begin_toolblock
`protect key_keyowner="Metrics Design Automation Inc."
`protect key_keyname="DSim_4k"
`protect key_block
mzaR3oay4EUsXgJqOqnQ0AxT447m0JPKu+Ds7JrFPihyKodOJHi0Tm8GQIc44fNl
6Ed9KzlrkibxwKTyR4GJq0J6K8u4EWs7rxLslT7UHnmHBCgWfvOh/3ONwWZ0BtwP
OE/2NNg+XMcXduJ7rx1F3uZWG7FoIoF5uRVKFLP51bTaMDzyjl4XGVVdLPyj2c+E
v/2rDFnikfdi/JYiYRH0Cvv3NzJc+qU5XDN+rlZOIqWeFJdRWWzPCVjio+xz1IMB
w/rFZoeE8zS81KnLrrC0suzoJkvTtsQ1MDVSHRNRGVqEXp+c13EnrVD3n12qCa2R
A5qoHFOjrZ6pOzJcGZVcFTIg5ZvZp3FP3BgyNfdUoPhiVNBDdNh2gLfLGwnLzyuB
o6LnusL6gI2XWLhkGdPG4ndunfL0/t0hI2EcSKLKa/wuXm/2Jefxm8VjdGkJAKqm
Db5RsezS+IxWSO3zAa9SsC3uaow3DN2brATXHEbCzhzGMnY1ynGcHJG4O3ThHV7F
cpLWe7JtS8IEkKtT0l/FwJ8WVepyySh7wTdnal7MBuWKTUxbs7Z9PX4rMsgMtX8K
oKph1h7Q8o1fO9t1GDcNEX4im1l+yxnqa2SKT50hAW0z/qGrMeWKwboDCKI37yW6
JHjafydbKZFavLd+m2LbY8fDaOf0qsxHSucyK5kbRjc=
`protect end_toolblock
`protect data_block
UClmb6uQvLXbmTn04usdJBHKx2ipIHXfzno/Qo5h+2ndwmuYaQIpIRG95WM9WYEc
zfEROshAudnHyXaWyXak/0Iazt3zO9FS9b3dLP6GIxk=
`protect end_protected="Eoinafs2jDfr/sNYQJkv/cRSFeON+1k4TODlaHGAuXYgJIb75j3YA2ba/4DNT8NJKlztiOntgqRszDI50SE8Lg=="


        report "this is not secret stuff" severity note;

`protect begin_protected
`protect version=3
`protect encrypt_agent="dvhencrypt"
`protect encrypt_agent_info="Metrics Design Automation Inc. P1735 encryptor tool"
`protect author="author-a"
`protect author_info="author-a-details"
`protect data_method="aes256-cbc-hmac-sha512"
`protect begin_toolblock
`protect key_keyowner="Metrics Design Automation Inc."
`protect key_keyname="DSim_4k"
`protect key_block
cwsZl3sfuzaRgwFhrGJIBhJRYbox9fXTbKpbn4PFxY1SJJN0h4T7tEqrehp7f/c3
sVQvCyYaRKL6l0M+hN0/Zr6ZAG/mKifJ36vSbnU3CaWg8SkOAHB8HrTqs5wrLd9T
Pq4VGE0MsL1ELFjVh7vkgRsEJgwVAn7dmm1AYrBFkWw3IUvDKy4lcwzHxhkdX7F7
JBsIxXsA6j6o8mgXrwIzd23BpFnU88Nf76oPMsI8j9CSupu+TZ+jI9k0tv1v/H29
PBhCDhb51IljrZb1nZh/Zyv9dmn01/uvb3vqmQbhRyEFFLHD7RgQmQla25tiZike
AJ30oFQrplzqDp/iZA1gczx/gontAW0BCCGoq2xylAaD5f4nQ9ZFD2+dvS5Pcu5f
TR+3rmkVWCq7s/oKIMyqwEXSupdgQ9lFTELKQ02J+iO9Ezbrcx+QRxTJimI2at2A
tjoNzSzHLDC6WPZ7SRAtT8ELI+pT8wFcFaGjBfIiKdxOwbDuqJdd27ss3BceFUhi
US5QgQG/N08d01q6UanIptDzzuDRunsqcwZe4XCwFzWumJitaN9Qxuh5GUianRb8
i0qa7S5zhw6Zy2+TAHLnoRpyIdIZJea5mI15FeF/t6YG46vvSEBzn60cTy5KXrUb
UiV+6S0Qo/6q4MgA48VYEjFXtHT4xHR5wfVhfhe+VR8=
`protect end_toolblock
`protect data_block
IjkaTmeeJ70X+Q4iFhlBCnt+yevW15xtrD3W1lNRLKE1EMAEuCNOcmISvnVkc5z0
jtIMcf9sQBx7ifA4pe0s+pfn9Ze0gtI+jwmNXZ3fbHU=
`protect end_protected="OR6fxwch9aTvwjwTECVGcvWGswVzAz5mn/BfE6bZwQ1GEZucJpAvIFHpijqbKtqVupD2r8dK0tHKfVLQazNy4Q=="


        wait;
    end process;
end rtl;