HMAC-SHA256 Accelerator

HMAC-SHA256 Accelerator

Adding to Chevin Technology’s exisiting Security Solutions, we are pleased to announce the release of the HMAC – SHA256 Accelerator, a cryptographic offload function that authenticates and verifies messages, and enables detection of unauthorised changes. Message authentication is increasingly required by corporations, government organisations, and individuals to secure communications between sender and receiver. The HMAC – SHA256 authentication feature is especially suited for cybersecurity, defence and aerospace applications, and can be added to existing products, or designed into prototypes. Contact us for more information, or to discuss source code and netlist licensing options for Intel and AMD FPGAs and ASICs.

Chevin Technology’s HMAC-SHA256 cryptographic accelerator function is used to securely generate and verify message authentication codes. The all-RTL solution provides a fast and secure way to calculate a SHA256 hash for any message of any length. When combined with a secret key, it can also construct a HMAC keyed-hash message authentication code, which can be used when protect messages that are sent and verify those that are received. The accelerator accepts multiple independent streaming messages/channels, and support any number of arbitrary length messages. Number of channels is limited only by the memory resources provided, embedded Block RAM or external DDR. Typical use cases include highly secure RTL solutions where a CPU is unable to meet the required throughput and security performance.

Key Features

  • HMAC-SHA256 Message Authentication
  • All-RTL security solution in Hardware
  • Secret Key Storage held securely in RTL
  • Multi-channel operation with AXI4_STREAM Securely generate & verify keyed-hash MAC
  • Securely generate & verify keyed-hash MAC
  • High Throughput >1M hashes /second @156MHz
  • Small footprint <2400 LUTs, 0..8 BRAMs
  • Seamless integration with AXI4_ST / AXI4_MM
  • NIST FIPS 180-4 Secure Hash Standard
  • RFC6234 SHA256 Secure Hash Algorithm
  • NIST FIPS 198-1 HMAC Keyed-Hash MAC
  • RFC2104 HMAC Keyed-Hash

The HMAC-SHA256 accelerator protects both the integrity and authenticity of the original message by combining a key and message with a cryptographic HMAC, keyed-hash message authentication code. A message is provided over the streaming or memory mapped interface along with the key, and the HMAC result is stored in memory. The accelerator works on multiple channels concurrently, which supports multiple arbitrary length messages HMAC calculations without causing head-of-line blocking or other scheduling constraints.
Easy Integration with IP-XACT – The HMAC-SHA256 accelerator is delivered as source code for ASIC or a targeted netlist for FPGA with an IP-XACT package that is recognised by FPGA vendor EDA tools making integration quick and accurate. Software drivers and examples are included to shorten the development time and effort.