Extending a Codasip RISC-V Core with CodAL

Author: Trenton J. Grale, PhD and Principal Engineer

XtremeEDA has a proven track record of integrating IPs from multiple vendors and delivering rock solid solutions to our customers. To fulfill our new mission of securing public safety, we are building on that expertise to deliver hardware security solutions. This post describes a project in which we enhanced a RISC-V core to accelerate the AES cryptographic application.

An important partner is Codasip. Codasip offers multiple lines of RISC-V processor cores, and makes it possible for users and partners to customize them. Such customization capability includes augmenting the instruction set architecture. Using the Codasip Studio tool and CodAL CPU specification language, it is possible to add support for new instructions.

The RISC-V specification includes various instruction set extensions. Some of these extensions consist of instructions that accelerate certain parts of various cryptographic functions. The Zkne and Zknd extensions consist of instructions to support AES encryption and decryption respectively [1].

In the 32-bit architecture (RV32), the AES extensions consist of four instructions. These instructions facilitate performing the AES ShiftRows, S-Box, and MixColumns functions on blocks of the AES state. The instructions are:

  • aes32esmi – middle round encrypt – ShiftRows, S-Box, and MixColumns on one byte
  • aes32esi – final round encrypt – ShiftRows and S-Box on one byte
  • aes32dsmi – middle round decrypt – Inverse ShiftRows, S-Box, and MixColumns on one byte
  • aes32dsi – final round decrypt – Inverse ShiftRows and S-Box on one byte

Employing Codasip Studio [2], XtremeEDA specified these instructions in CodAL and generated a Codasip 3-Series RISC-V core [3]. Figure 1 shows CodAL code defining the instruction opcodes.

Figure 1: RV32 CodAL AES opcode definition in Codasip Studio.

Figure 2 shows the functional definition of the aes32esi and aes32esmi instructions. The forward S-Box operation is applied to the source register rs2. If the instruction is aes32esmi, the decode logic ensures that mix equals 1, causing the MixColumns operation to be applied in the switch statement.

Figure 2: RV32 CodAL aes32esi and aes32esmi instruction functional definition.

Our firmware engineers have written a proof-of-concept suite of AES applications that employ the instruction extensions to perform encryption and decryption with all three key sizes (AES128, AES192, and AES256). The applications are written in C, and employ lower level AES functions written in RISC-V assembly language. Fig. 3 shows a sample of the assembly code for performing an AES middle round of operations on the state: ShiftRows, Substitution (S-Box), and MixColumns. Observe that the ShiftRows operation is performed not inside the aes32esmi instruction itself, but by the selection of rs2, a byte select value, and the instruction ordering. In this case the full encryption and decryption functions are written in RISC-V assembly code and then called via function call from the application written in C. As an alternative approach, the compiler can accommodate instructions included inline in the C code directly.

Figure 3: AES middle round encrypt assembly code.

Working closely with firmware, our design verification engineers have developed a comprehensive suite of regressions to verify the core modifications. The regression suite includes test cases that employ the recommended test data published by the National Institute of Standards and Technology (NIST) in NIST Special Publication 800-38A [4]. These tests thoroughly test both encryption and decryption for AES128, AES192, and AES256.

In conclusion, XtremeEDA has successfully demonstrated its core competencies in several areas. We have configured and built a customized RISC-V core using the tool suite provided by Codasip. In only the first of many instances to come, we have added a hardware security feature to a Codasip core. Our firmware team has demonstrated its agility in developing microcontroller applications that implement security functions (in this case, confidentiality through encryption). Finally, our design verification team has successfully used its expertise to fully verify the architectural modifications for AES, including validating them against a national standard.

Going forward, XtremeEDA is dedicated to providing a plethora of security solutions in order to fulfill our mission of securing public safety. Just within the realm of augmenting the RISC-V instruction set architecture, there are various other security extensions that can be deployed. These include the following official RISC-V extensions: Zbkb (bit-manipulation instructions for cryptography), Zbkc (carryless multiplication instructions for GF(2n)), Zbkx (crossbar permutation for implementing arbitrary S-boxes), Zknh (SHA2 hash extensions), and Zkr (entropy source instructions) [1]. Building on our experience with the AES extensions, we anticipate being able to add, employ, and verify other extensions from the preceding list without much difficulty.

In a subsequent post, we will share performance results comparing the AES application both with and without the instruction extensions.


[1] RISC-V International, RISC-V Cryptography Extensions, Volume I: Scalar & Entropy Source Instructions, rev. 1.0.1. https://github.com/riscv/riscv-crypto/releases/tag/v1.0.1-scalar.

[2] https://codasip.com/products/codasip-studio/technology/.

[3] https://codasip.com/products/codasip-risc-v-processors/.

[4] National Institute of Standards and Technology, Special Publication SP 800-38A, Recommendation for Block Cipher Modes of Operation: Methods and Techniques. https://csrc.nist.gov/publications/detail/sp/800-38a/final.

XtremeEDA is an experienced partner you can trust!!

Cadence Design Systems helps engineers pick up the development tempo. A leader in the market for electronic design automation (EDA) software, Cadence sells and leases software and hardware products used to design integrated circuits (ICs), printed circuit boards (PCBs), and other electronic systems. Semiconductor and electronics systems manufacturers use its products to build components for wireless devices, networking equipment, and other applications. The company also provides maintenance and support, and offers design and methodology consulting services. Customers have included Pegatron, Silicon Labs, and Texas Instruments. Cadence gets more than half of its sales from customers outside the US.

Synopsys, Inc. (Nasdaq:SNPS) provides products and services that accelerate innovation in the global electronics market. As a leader in electronic design automation (EDA) and semiconductor intellectual property (IP), Synopsys’ comprehensive, integrated portfolio of system-level, IP, implementation, verification, manufacturing, optical and field-programmable gate array (FPGA) solutions help address the key challenges designers face such as power and yield management, system-to-silicon verification and time-to-results. These technology-leading solutions help give Synopsys customers a competitive edge in quickly bringing the best products to market while reducing costs and schedule risk. For more than 25 years, Synopsys has been at the heart of accelerating electronics innovation with engineers around the world having used Synopsys technology to successfully design and create billions of chips and systems. The company is headquartered in Mountain View, California, and has approximately 90 offices located throughout North America, Europe, Japan, Asia and India.

asicNorth was established in January 2000 with one purpose in mind: deliver the highest quality design services possible. In an industry that can be quite volatile at times, it is important to have a design partner that you can depend upon to deliver the skills you need when you need them. A project can only be successful if there are:

Top quality skills on the team
Communication with the customer
Attention to detail
Cost sensitivity
Focus on the schedule

Today, asicNorth is enabling high-tech industry leaders and startups alike with a combination of digital, analog, and mixed-signal design capabilities. Driven to produce successful results, asicNorth is Making Chips Happen™.

Codasip delivers leading-edge RISC-V processor IP and high-level processor design tools, providing IC designers with all the advantages of the RISC-V open ISA, along with the unique ability to customize the processor IP. As a founding member of RISC-V International and a long-term supplier of LLVM and GNU-based processor solutions, Codasip is committed to open standards for embedded and application processors. Formed in 2014 and headquartered in Munich, Germany, Codasip currently has R&D centers in Europe and sales representatives worldwide. For more information about our products and services, visit www.codasip.com. For more information about RISC-V, visit www.riscv.org.

Founded in 1999, Avery Design Systems, Inc. enables system and SOC design teams to achieve dramatic functional verification productivity improvements through the use of

Formal analysis applications for RTL and gate-level X verification;

Robust Verification IP for PCI Express, USB, AMBA, UFS, MIPI, DDR/LPDDR, HBM, HMC, ONFI/Toggle, NVM Express, SCSI Express, SATA Express, eMMC, SD/SDIO, Unipro, CSI/DSI, Soundwire, and CAN FD standards.

Siemens EDA
The pace of innovation in electronics is constantly accelerating. To enable our customers to deliver life-changing innovations to the world faster and to become market leaders, we are committed to delivering the world’s most comprehensive portfolio of electronic design automation (EDA) software, hardware, and services.