在跑仿真的时候,如果使用第三方IP,经常会遇到第三方IP中有加密代码,有时又会遇到同样的环境既可以用VCS跑,也可以用XRUN跑,我就好奇第三方IP如何支持两个公司的加解密方式的。
以前只是知道VCS使用`protect-`endprotect 来加密代码,XRUN使用如下格式
// pragma protect
// pragma protect begin
需要加密的代码
// pragma protect end两家好像是不兼容的,经过查阅VCS和XRUN的文档,最终发现了端倪,他们可以使用IEEE-1735 加密格式(具体语法这里不做介绍)。
The syntax of header_file is as follows:
`protect data_method = "data_method"
`protect key_keyowner="owner_name"
`protect key_keyname="owner_key_name"
`protect key_method="encryption_method_name"
`protect key_public_key
<content_representing_the_public_encryption_key>
VCS 官方给出如下步骤:
- 不是 VCS 用户(或没有 VCS 许可证)的 IP 供应商或团队希望提供 IEEE-1735 加密格式的 IP 用于 VCS 仿真。
- 已成为 VCS 用户的 IP 供应商或团队希望为 VCS 仿真提供 IEEE-1735 加密格式的 IP。
在这两种情况下,建议执行加密的 IP 供应商/团队遵循以下步骤,以提高最终用户的可用性。
- 联系 Synopsys (vcs_support@synopsys.com) 获取 VCS 公共加密密钥
- 使用获取的 VCS 公共加密密钥加密文件
- 将加密文件提供给客户/同行团队--VCS 终端用户
最终用户应能编译这些加密文件,而无需担心公开密钥或解密。
通过上述流程,(VCS)最终用户无需从 IP 提供商处获取任何密钥,IP 提供商也无需担心与所有客户共享 VCS 公钥。
因为他们使用的RSA加密算法,由公钥加密,私钥解密,公钥是公开的,私钥应该是内置在仿真器中,例如Synopsys有如下可以查到如下公钥:
`pragma protect data_method = "AES128-CBC"
`pragma protect key_keyowner="Synopsys"
`pragma protect key_method="rsa"
`pragma protect key_keyname="SNPS-VCS-RSA-1"
`pragma protect key_public_key
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjJMv7PI1V+DJDaHZuV
IFbAXvr6/tEpuM8cAKFuvpIoO6PE3DRqEwaHEJRyIsFnJnavVJ33+Kub54
Cr/9JCh6fnQhtAmKt/nAznESOLExCKO1tmjYNCXLJ+QqWFoCuDuI4QS8Ru
y1u3RwABCw7ESQwwIuVSZpOghOvjrPHzvlc0QIDAQAB
`pragma protect key_blockCadence 有如下公钥:
`pragma protect key_keyowner = "Cadence Design Systems.", key_method = "rsa", key_keyname = "CDS_RSA_KEY_VER_2"
`pragma protect key_public_key
MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQADgA/y8ZoT7v4vKFrwcdrL/Tc2V+2Dczr6
oNnZchFp8c1O+Ja4bHceMRSqm8+N0d98q4nu6FW1ipNNaB4UlxbVvv4vNkXixb9CaenedZA/K2uA
uWZD+daC9QroUm8o8OIft0evdGfXQpy4WFA1Vs44WeHU5hO15F8ZzUxXINR/HXNZdeX4hfaTFhTE
uebeoBx9CwQII6o194UzBr/R35c4n8EwXuRLgjuY6gnirkRdI/fhhUDsvwNdruEJ03bYc91nHEhz
HarHnXt58KYZhjgCbgXlk0bPwQGMiSV+MQvcd0k1emyhsLc9ylLuIZJkv2zE3BNyXTCjaLqyuNwx
xtn1AgMBAAE=我们将上面的内容添加在自己的代码中:
module test();
`pragma protect version = 1
`pragma protect data_method = "AES128-CBC"
`pragma protect key_keyowner="Synopsys"
`pragma protect key_method="rsa"
`pragma protect key_keyname="SNPS-VCS-RSA-1"
`pragma protect key_public_key
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjJMv7PI1V+DJDaHZuV
IFbAXvr6/tEpuM8cAKFuvpIoO6PE3DRqEwaHEJRyIsFnJnavVJ33+Kub54
Cr/9JCh6fnQhtAmKt/nAznESOLExCKO1tmjYNCXLJ+QqWFoCuDuI4QS8Ru
y1u3RwABCw7ESQwwIuVSZpOghOvjrPHzvlc0QIDAQAB
`pragma protect key_block
`pragma protect key_keyowner = "Cadence Design Systems.", key_method = "rsa", key_keyname = "CDS_RSA_KEY_VER_2"
`pragma protect key_public_key
MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQADgA/y8ZoT7v4vKFrwcdrL/Tc2V+2Dczr6
oNnZchFp8c1O+Ja4bHceMRSqm8+N0d98q4nu6FW1ipNNaB4UlxbVvv4vNkXixb9CaenedZA/K2uA
uWZD+daC9QroUm8o8OIft0evdGfXQpy4WFA1Vs44WeHU5hO15F8ZzUxXINR/HXNZdeX4hfaTFhTE
uebeoBx9CwQII6o194UzBr/R35c4n8EwXuRLgjuY6gnirkRdI/fhhUDsvwNdruEJ03bYc91nHEhz
HarHnXt58KYZhjgCbgXlk0bPwQGMiSV+MQvcd0k1emyhsLc9ylLuIZJkv2zE3BNyXTCjaLqyuNwx
xtn1AgMBAAE=
`pragma protect key_block
`pragma protect begin
要加密的代码
`pragma protect end
endmodule然后使用Synopsys或者Cadence提供的工具,就可以对代码就行加密了,加密后的代码就同时支持VCS和XRUN仿真了。
下面就Synopsys和Cadence的加密方法简单介绍:
有如下RTL代码:
module m ();
wire r;
assign r = 1'b0;
`pragma protect begin
logic l;
assign l = 1'b1;
`pragma protect end
initial #10 $finish();
endmoduleVCS加密方式:
创建toolkeys文件
//`pragma protect version = 1
`pragma protect data_method = "AES128-CBC"
`pragma protect key_keyowner="Synopsys"
`pragma protect key_method="rsa"
`pragma protect key_keyname="SNPS-VCS-RSA-1"
`pragma protect key_public_key
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjJMv7PI1V+DJDaHZuV
IFbAXvr6/tEpuM8cAKFuvpIoO6PE3DRqEwaHEJRyIsFnJnavVJ33+Kub54
Cr/9JCh6fnQhtAmKt/nAznESOLExCKO1tmjYNCXLJ+QqWFoCuDuI4QS8Ru
y1u3RwABCw7ESQwwIuVSZpOghOvjrPHzvlc0QIDAQAB执行如下命令
vcs -full64 -lca test.sv -ipprotect toolkeys -ipopt=overwrite -ipopt=partialprotect命令执行完会生成test.svp的文件
Cadence加密方式:
有如下RTL代码:
module m ();
wire r;
assign r = 1'b0;
`pragma protect version = 1
`pragma protect data_method = "AES128-CBC"
`pragma protect key_keyowner="Synopsys"
`pragma protect key_method="rsa"
`pragma protect key_keyname="SNPS-VCS-RSA-1"
`pragma protect key_public_key
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjJMv7PI1V+DJDaHZuV
IFbAXvr6/tEpuM8cAKFuvpIoO6PE3DRqEwaHEJRyIsFnJnavVJ33+Kub54
Cr/9JCh6fnQhtAmKt/nAznESOLExCKO1tmjYNCXLJ+QqWFoCuDuI4QS8Ru
y1u3RwABCw7ESQwwIuVSZpOghOvjrPHzvlc0QIDAQAB
`pragma protect key_block
`pragma protect version = 1
//`pragma protect data_method = "AES128-CBC"
`pragma protect key_keyowner = "Mentor Graphics Corporation"
`pragma protect key_method = "rsa"
`pragma protect key_keyname = "MGC-VERIF-SIM-RSA-1"
`pragma protect key_public_key
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnJfQb+LLzTMX3NRARsv7A8+LV5SgMEJCvI
f9Tif2emi4z0qtp8E+nX7QFzocTlClC6Dcq2qIvEJcpqUgTTD+mJ6grJSJ+R4AxxCgvHYUwoT
80Xs0QgRqkrGYxW1RUnNBcJm4ZULexYz8972Oj6rQ99n5e1kDa/eBcszMJyOkcGQIDAQAB
`pragma protect key_block
`pragma protect version = 1
`pragma protect key_keyowner = "Cadence Design Systems.", key_method = "rsa", key_keyname = "CDS_RSA_KEY_VER_2"
`pragma protect key_public_key
MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQADgA/y8ZoT7v4vKFrwcdrL/Tc2V+2Dczr6
oNnZchFp8c1O+Ja4bHceMRSqm8+N0d98q4nu6FW1ipNNaB4UlxbVvv4vNkXixb9CaenedZA/K2uA
uWZD+daC9QroUm8o8OIft0evdGfXQpy4WFA1Vs44WeHU5hO15F8ZzUxXINR/HXNZdeX4hfaTFhTE
uebeoBx9CwQII6o194UzBr/R35c4n8EwXuRLgjuY6gnirkRdI/fhhUDsvwNdruEJ03bYc91nHEhz
HarHnXt58KYZhjgCbgXlk0bPwQGMiSV+MQvcd0k1emyhsLc9ylLuIZJkv2zE3BNyXTCjaLqyuNwx
xtn1AgMBAAE=
`pragma protect key_block
`pragma protect begin
logic l;
assign l = 1'b1;
`pragma protect end
initial #10 $finish();
endmodule执行如下命令:
xmprotect simple_3vendor_keys.v -lang vlog -overwrite -messages命令执行完会生成test.svp的文件