MD301 CA95C68/18/09 CA20C03A 64-BITS CA95C09 CA95C68 CA95C18 -10CP -10CN -16CP - Datasheet Archive

 

commitment by Tundra Semiconductor Corporation. While reasonable precautions have been taken, Tundra Semiconductor Corporation

 

The information in this document is subject to change without notice and should not be construed as a commitment by Tundra Semiconductor Corporation. While reasonable precautions have been taken, Tundra Semiconductor Corporation assumes no responsibility for any errors that may appear in this document. No part of this document may be copied or reproduced in any form or by any means without the prior written consent of Tundra Semiconductor Corporation. The acceptance of this document will be construed as an acceptance of the foregoing conditions. Encryption Products Catalogue © Copyright 1997, Tundra Semiconductor Corporation All Rights Reserved Document: 90000.MD301 MD301.02 Printed in Canada ii Corporate Profile Tundra Semiconductor Corporation is an international, fabless semiconductor company providing standards compliant encryption and bus-bridge components. Each product is designed to meet designers' needs: addressing performance, functionality, ease of use, cost or flexibility. To ensure that we meet the needs of our customers, we use the lead customer model for chip development, inviting one or more customers to participate in the specification, design and test phases of the product. Our encryption products have been used in some of the following applications: automatic teller machines, secure fax machines, networking equipment, cable TV scramblers, satellite base station and computer security boards. 603 March Rd., Kanata, Ontario Canada, K2K 2M5 Tel: 613-592-0714 Fax: 613-592-1320 or from within North America Tel: 1-800-267-7231 email: support@tundra.com iii iv Table of Contents Introduction to Cryptography 1 Product Index and Ordering 2 Data Encryption Products 3 DES Evaluation Board Manual 4 Worldwide Sales Network 5 Encryption Products Catalogue 1 Table of Contents Introduction to Cryptography . 1-1 1.1 1.2 2 History of Cryptography . 1-1 Data Ciphering . 1-3 Product Index and Ordering. 2-1 2.1 2.2 Product Listing. 2-2 2.3 Encryption Product Index . 2-2 2.4 Ordering Information and Product Code . 2-3 2.5 Product Cross Reference. 2-4 2.6 3 How to Order . 2-1 Package Codes and Mechanicals . 2-5 Data Encryption Products . 3-1 3.1 3.2 CA95C68/18/09 CA95C68/18/09 . 3-25 3.3 RBG 1210 . 3-71 3.4 4 CA20C03A CA20C03A&W. 3-1 NM 810 RNG. 3-75 DES Evaluation Board Manual . 4-1 4.1 Getting Started . 4-3 4.3 DES Evaluation Program . 4-4 4.4 DES Library . 4-10 4.5 5 General Information. 4-1 4.2 Error Messages. 4-13 Worldwide Sales Network . Sales-1 vii Table of Contents Encryption Products Catalogue viii Section 1 Introduction to Cryptography 1 Product Index and Ordering 2 Data Encryption Products 3 DES Evaluation Board Manual 4 Worldwide Sales Network 5 Encryption Products Catalogue 1 Introduction to Cryptography 1.1 History of Cryptography Cryptography is almost as old as civilization. The human desire for privacy when communicating leads inevitably to cryptography. Webster's Dictionary describes cryptography as: "the art or practice of preparing messages in a form intended to prevent their being read by those not privy to secrets of the form; also: the science of devising methods and means for this". The word cryptography combines the Greek "kryptos" (secret) and "graphos" (writing). The Spartans established one of the first military cryptographic systems in the fifth century B.C. They developed a simple tool consisting of a strip of parchment wrapped around a staff of wood. The original message was written on the parchment down the length of the staff. Once unwrapped, the message becomes unreadable and can be transferred by messenger to the receiver, who decrypts the message by rewrapping it around a staff of the same thickness. The Spartans used it to transfer secret information during the Persian Wars. There are two basic kinds of encrypting or ciphering methods: transposition and substitution. Data ciphering by transposition takes the characters of the original message (the plain text) and scrambles them to form the encrypted message (the cipher text). The scrambling changes the position of characters in the text only and not the characters themselves. "CIPHER" written as "HCERPI" is an example of transposition ciphering. The substitution method replaces each character of the original text by another character, number or special symbol. Julius Caesar designed a cryptographic algorithm where the characters were shifted a fixed number of positions; for a shift of three positions, an "a" becomes a "d" and a "b" becomes and "e". His name is substituted as "Mxolxv Fdhvdu". He employed this algorithm to protect an exchange of letters with Cicero during the Gallic Wars. The fundamental weakness of Caesar's algorithm is that it always encrypts the same letter in the same manner. Codebreaking techniques introduced in the second half of the nineteenth century take advantage of the fact that each language has its own character frequency spectrum. The most common letter in the English language is the "e"; the most frequently recurring double letters are "th". Spectrum analysis can easily break Caesar's code. Tundra Semiconductor Corporation 1-1 History of Cryptography Encryption Products Catalogue More sophisticated algorithms developed in the Renaissance eliminated the weakness of Caesar's code. The encrypted character becomes a function of the original character and its position in the text. The same character in two different text locations is replaced by different encrypted characters. German intelligence in World War I employed a code where a list of words organized in a dictionary were linked to a set of numbers. The linkage was not organized in numerical or alphabetical order; it was a giant substitution. In January 1917, the German Foreign Minister, A. Zimmermann, sent a top-secret encrypted telegram to his ambassador in Washington. The British Post Office intercepted this wireless telegram and sent it to the codebreaking branch of British Naval Intelligence. The decoding of the "Zimmermann telegram" was probably the most important single codebreaking task in intelligence history. It caused the United States to join the war. Until the early Sixties, most cryptographic equipment was based on complicated machines consisting of many mechanical disks and gears. Today, the use of electronic devices increased the capabilities of cryptography. The algorithms are now more sophisticated; but, on the other hand, cryptoanalysts are also able to break more sophisticated codes using computers. The extensive use of data communication over radio or telephone lines makes it easy for someone to listen to masses of sensitive information without being detected. Great quantities of confidential data, stored on disks or transmitted over various communication links, need protection from unauthorized access. Using any home computer with a modem, an outsider can dial many phone numbers automatically to find a connection where a computer system answers. By trying random passwords he might then gain access to the system, but this access would be worthless if the sensitive data were stored in encrypted form. A U.S. government department, the National Bureau of Standards, developed an algorithm designed to protect sensitive computer data. Tundra Semiconductor Corporation implemented this algorithm into silicon. The result is a series of encryption products best suited for use in high-speed electronic data ciphering systems and certified by the National Bureau of Standards. The two major application areas of these devices are: · to protect mass data storage (files on tape or disk), · to protect data communication links to keep the transferred information private (voice encryption, home banking, bank tellers, satellite communication). The rest of this chapter gives the reader an overview about data ciphering in general and the DES algorithm supported by our encryption components in particular. Differences between two cryptography systems, the public and the private key system, are also discussed. 1-2 Tundra Semiconductor Corporation Encryption Products Catalogue 1.2 Data Ciphering Data Ciphering The data ciphering algorithm supported by our encryption line was tested and accepted by the US government. The technique works by passing original data through a circuit whose output is a complex, non-linear function of the data and a user-supplied, 56-bit key, involving XORing, substitution, block swapping, and key subset selection. The resultant encoded data is called "cipher text". It is virtually impossible to regenerate the original data without knowing the key. The DES specifies that the algorithm be implemented in hardware rather than software for maximum security. Our components can execute both encryption and decryption. The devices can hold up to three different keys: one for encryption, one to decrypt a received encoded message and a third one called Master Key to generate session keys or to transfer keys over the line. Each key is entered as a series of eight bytes, each byte consisting of seven key bits and one parity bit. The chips check the parity on each byte of the key as entered. To enhance system security, the keys cannot be read back. Our components support three data encryption modes to satisfy the requirements of most applications. Electronic Code Book (ECB) is best suited for high-speed disk applications. Chain Block Cipher (CBC) provides an extra degree of data security over ECB in that it detects any insertion or deletion in the cipher text. It also implements one of the basic cryptography rules: Never encode the same message the same way twice. Data ciphering in disk applications cannot follow this rule because it requires that records be decrypted randomly. The third data ciphering mode is Cipher Feedback (CFB). It is designed for medium-speed, character-based applications. Data is handled on a byte-by-byte or on a bitby-bit basis without waiting to form 64-bit blocks, as in the other two methods. 1.2.1 The Data Encryption Standard (DES) In January 1977, the National Bureau of Standards published a Data Encryption Standard (DES) in the Federal Information Processing Standards Publication (FIPS PUB 46). The DES specifies an algorithm to be implemented in electronic hardware devices to protect computer data cryptographically. That publication provides a complete description of the mathematical background of the DES algorithm. Although the DES encryption/decryption algorithm is public information, the individual privacy is insured with a private key. The user can chose any 56-bit key; thus, he can select one of 7.2 x 1016 possible keys. The same key is used for encryption and decryption. The DES is a private key system. Tundra Semiconductor Corporation 1-3 Data Ciphering Encryption Products Catalogue ECB ENCRYPTION ECB DECRYPTION PLAIN TEXT (64-BITS 64-BITS) CIPHER TEXT (64-BITS 64-BITS) INPUT BLOCK INPUT BLOCK DES ENCRYPT DES DECRYPT OUTPUT BLOCK OUTPUT BLOCK CIPHER TEXT (64-BITS 64-BITS) PLAIN TEXT (64-BITS 64-BITS) Figure 1.1 : Electronic Code Book (ECB) Mode TIME = 1 ENCRYPT IV TIME = 2 TIME = n D1 D2 Dn + + + I1 I2 In DES ENCRYPT DES ENCRYPT DES ENCRYPT C1 C2 Cn C1 DES ENCRYPT I1 I1 + + + D1 IV Cn DES ENCRYPT I1 DECRYPT C2 DES ENCRYPT D2 Dn LEGEND: DJ = DATA BLOCK AT TIME J IJ = ENCRYPTION INPUT BLOCK AT TIME J CJ = CIPHER BLOCK AT TIME J IV = INITIALIZATION VECTOR + = EXCLUSIVE·OR Figure 1.2 : Cipher Block Chaining (CBC) Mode 1-4 Tundra Semiconductor Corporation Encryption Products Catalogue Data Ciphering The DES algorithm takes a data block through 18 data-manipulation stages. Sixteen of these stages are identical. They execute complex series of bit manipulations depending on the key. The first and the last stage do only simple bit transpositions. This overview of the internal operation makes it obvious that this algorithm is well-suited for implementation in electronic hardware. The DES algorithm translates a 64 bit binary block into a unique 64-bit output block. It is important for some applications that this ciphering algorithm does not add information. Input and output blocks have the same length. Each bit of the result is a function of each and any bit of the input data as well as the key. In other words, a change of any single input bit has approximately equal probability of changing any output bit. The National Bureau of Standards has defined four implementations of the DES algorithm to be used in a wide variety of applications. These implementations are called Modes of Operation. 1.2.2 DES Modes of Operation The National Bureau of Standards has defined four implementations of the DES algorithm. Each of them is designed for specific applications. ECB The Electronic Code Book (Figure 1.1) is a direct implementation of the DES algorithm. The analogy to a code book arises because the same plain text always generates the same ciphered text for a given cryptographic key. The chips determine the codebook entries each time. A single bit error or change, in either the input text block or the key, causes an average bit error rate of 50% for its output block. However, an error in one text block will not affect any other block. In other words, there is no error extension between ECB blocks. The input and output block size is 64 bits. Since data blocks are independently ciphered, this mode is qualified for disk applications. The ECB mode has the weakness that identical blocks of plain text generate identical blocks of ciphered text. This violates one of the basic laws of encryption security: Never encrypt information the same way twice because this makes it easier for the opponent to break the code. This problem is solved by the CBC mode. Tundra Semiconductor Corporation 1-5 Data Ciphering Encryption Products Catalogue ENCRYPTION DECRYPTION SHIFT SHIFT INPUT BLOCK 56 BITS INPUT BLOCK 8 BITS 56 BITS 8 1 DES ENCRYPT 1 DES ENCRYPT OUTPUT BLOCK DISCARD 56 BITS SELECT 8 BITS DISCARD 56 BITS 1 8 CIPHER TEXT 8 BITS + 1 8 CIPHER TEXT K BITS 1 8 + 8 PLAIN TEXT 8 BITS PLAIN TEXT 8 BITS 1 8 1 FEEDBACK 8 BITS OUTPUT BLOCK SELECT 8 BITS 8 BITS 1 8 INPUT BLOCK INITIALLY CONTIANS AN INITIALIZATION VECTOR (IV) RIGHT JUSTIFIED. 8 Figure 1.3 : 8-Bit Cipher Feedback (CFB) Mode ENCRYPTION DECRYPTION SHIFT SHIFT INPUT BLOCK (64-K) BITS INPUT BLOCK K BITS (64-K) BITS K 1 DES ENCRYPT 1 DES ENCRYPT OUTPUT BLOCK DISCARD (64-K) BITS SELECT K BITS 1 K CIPHER TEXT K BITS + 1 K CIPHER TEXT K BITS 1 DISCARD (64-K) BITS K + K PLAIN TEXT K BITS PLAIN TEXT K BITS 1 K 1 FEEDBACK K BITS OUTPUT BLOCK SELECT K BITS K BITS K 1 K INPUT BLOCK INITIALLY CONTIANS AN INITIALIZATION VECTOR (IV) RIGHT JUSTIFIED. Figure 1.4 : K-Bit Output Feedback (OFB) Mode 1-6 Tundra Semiconductor Corporation Encryption Products Catalogue Data Ciphering CBC Chain Block Cipher (Figure 1.2) also operates on 64-bit data blocks. The input data block is EXORed with a 64-bit Initial Vector (IV) before being processed by the DES algorithm. The resulting ciphered-output block is loaded into the IV Register; to be EXORed with the next input block. This chaining of cipher text blocks provides different outputs for identical input blocks. It also gives an error extension characteristic which protects against fraudulent data insertion, deletion or alteration in a block sequence. A one-bit error in the input text block, the key or the Initial Vector causes an average error rate of 50% in all subsequent output blocks. These features make CBC best suited for high-speed data communications. CFB (CA95C68/18/09 CA95C68/18/09 only) Cipher Feedback (Figure 1.3) operates on n-bit data blocks, "n" being any valued from 1 to 64. The content of the IV Register is processed by the DES algorithm. The most significant n-bits of the result are EXORed with the n-bit input data block. The result is the n-bit ciphered output block. This output block is shifted into the "n" least significant bits of the IV Register. The CA95C68/18/09 CA95C68/18/09 product supports 1 and 8-bit CFB. Character-based, low-speed to medium-speed data communications is best done by 8-bit CFB. In CFB Mode, the throughput of the chip is lower than in CBC or ECB because each algorithm pass provides only 8 bits compared to 64 bits in the two high-speed modes. The error extension characteristic is the same as in CBC. OFB Under some circumstances, such as a noisy, narrowband digital signal in an encrypted speech application, it is best to use a data-independent stream cipher. Output Feedback (Figure 1.4) is the best technique in this environment. The advantage of OFB is that the output data is a function of only the input data and the number of preceding blocks. It is independent of the actual data contained in the blocks. An error in an input block causes a 50% bit error probability in its output block, but it does not influence subsequent outputs. There is no error extension. OFB differs from CFB in that the feedback path is data-independent; a part of the output of the DES algorithm is fed back directly. The DES algorithm operates like a pseudo-random number generator. Our encryption components do not support OFB directly, but with some external hardware 1-bit and 8-bit OFB can be implemented. No additional hardware is needed to perform 64-bit OFB. Tundra Semiconductor Corporation 1-7 Data Ciphering 1.2.3 Encryption Products Catalogue Public versus Private Key Cryptosystems The classical single-key cryptosystem, such as DES, operates on the premise that the sender and receiver of messages use the same key for the dual purpose of encryption and decryption. Although such a scheme is adequate for most purposes, it is deficient from the point of view of true "authentication". Authenticity assures that the message has not been tampered with during transmission, and also that the true identity of the sender (also called signature) can be extracted from the encrypted message. In schemes involving sharing of a secret key there is scope for "forgery" since the receiver of a message can generate authenticators that are indistinguishable from those generated by the sender. Furthermore, single-key systems require some form of key distribution prior to activation of the system. Public key cryptosystems have evolved as an answer to the needs of digital signatures and also to overcome some of the shortcomings of DES. They were first introduced by Diffie and Hellman in 1976. In contrast to DES, these systems use a matched pair of keys (one private and the other public) for the sender and the receiver. Both pairs are generated independently. The private keys are retained by the individual users while their respective public keys are maintained in a common directory possibly managed by a network key server. This scheme separates the encryption and decryption keys. It can transmit encryption messages without prior exchange of keys and can implement digital signatures that are legally binding. Public key cryptosystems are slow since they involve multiple-precision arithmetic on very large numbers (>100 digits). The functional advantages of a public key cryptosystem can, however, be combined with the advantages of a private key cryptosystem (speed and availability of dedicated VLSI circuits) to form a hybrid system. To transmit a secret text, the sender (A) first generates a random key for encrypting the clear text by means of the fast DES algorithm. The random key is then encrypted using the complicated and slow public key method. Both the encrypted key and text are then transmitted to the receiver. The receiver first decrypts the key and then uses the decrypted key to decrypt the ciphered text. The authenticity of the text can be checked in a second pass. Splitting the job between the public key and DES algorithm makes sense since the protection of a standard message requires many more DES encryptions than public key encryptions. 1-8 Tundra Semiconductor Corporation Section 2 Introduction to Cryptography 1 Product Index and Ordering 2 Data Encryption Products 3 DES Evaluation Board Manual 4 Worldwide Sales Network 5 Encryption Products Catalogue 2 Product Index and Ordering 2.1 How to Order This chapter is organized into the following sections: · "Product Listing" on page 2-2, lists our entire Encryption product family. · "Encryption Product Index" on page 2-2, shows you the valid option codes for each of our devices. It also points to related technical and mechanical information for each device. · "Ordering Information and Product Code" on page 2-3, lists Tundra Semiconductor Corporation' packaging, temperature and speed codes. · "Product Cross Reference" on page 2-4, compares our Encryption products with similar products of other companies. · "Package Codes and Mechanicals" on page 2-5, provides a mechanical drawing of each package type. To use this chapter effectively, determine which of our devices best suits your needs by using the Product Listing on the following page. Then, use the Ordering Information and Product Code tables to help you find the product that matches your system requirements. If you require any assistance call the nearest Representative, Distributor, or our factory to place an order. (See "Worldwide Sales Network" on page 5-1.) Tundra Semiconductor Corporation 2-1 Product Listing 2.2 Encryption Products Catalogue Product Listing Ordering Information Page Package Codes and Mechanicals Page Technical Information Page Data Encryption Products CA20C03A CA20C03A DES Encryption Processor 2-2 2-7, 2-8, 2-9 3-1 CA95C68/18/09 CA95C68/18/09 DES Data Ciphering Processors 2-2 2-7, 2-8, 2-9 3-25 RBG 1210 Random Bit Generator 2-2 2-5 3-71 NM 810 RNG Random Number Generator 2-2 2-6 3-75 NM 830 DES Evaluation Board 2-2 - 4-1 2.3 Encryption Product Index Temperature Package Codes and Lead Counts Range P N T Product Description Speed CA20C03A CA20C03A DES Encryption Processor 5,10,16,20,25 MHz C 28 28 44 CA95C68/18/09 CA95C68/18/09 DES Data Ciphering Processors 5,10,16,20,25 MHz C 40 44 44* RBG 1210 Random Bit Generator 20 kHz C - - - NM 810 RNG Random Number Generator 20 kHz C - - - NM 830 DES Evaluation Board 25 MHz C - - - *CA95C09 CA95C09 only Speed, Temperature Range and Package Codes are defined on the next page. This table shows only the most commonly available package options. Where a package lead count is not given, the device is either not available in that package, or is available by special order only. Please contact the factory directly for more information. 2-2 Tundra Semiconductor Corporation Encryption Products Catalogue 2.4 Ordering Information and Product Code Ordering Information and Product Code CA NNNN- X Y Z Packaging N - Plastic Leaded Chip Carrier (PLCC) P - Plastic DIP (PDIP) T - Thin Quad Flat Pack (TQFP) Product Number Speed Temperature C - Commercial (0° to +70°C) E - Extended Temp (-55 °C to +125°C) I - Industrial (-40°C to +85°C) Tundra Semiconductor Corporation products are designated by a Product Code. When ordering, refer to products by their full code. For unusual, and/or specific packaging or processing requirements not covered by the standard product line, please contact our factory directly. Note that all products are not necessarily available in all packages. Tundra Semiconductor Corporation 2-3 Product Cross Reference 2.5 Product Cross Reference Tundra Semiconductor Corporation CA95C68 CA95C68 CA95C18 CA95C18 CA95C09 CA95C09 CA20C03A CA20C03A 2-4 Encryption Products Catalogue -5CP -5CN -10CP -10CP -10CN -10CN -16CP -16CP -16CN -16CN -20CP -20CP -20CN -20CN -25CP -25CP -25CN -25CN -5CP -5CN -10CP -10CP -10CN -10CN -16CP -16CP -16CN -16CN -20CP -20CP -20CN -20CN -25CP -25CP -25CN -25CN -5CP -5CN -10CP -10CP -10CN -10CN -16CP -16CP -16CN -16CN -20CP -20CP -20CN -20CN -25CP -25CP -25CN -25CN -5CP -5CN -10CP -10CP -10CN -10CN -16CP -16CP -16CN -16CN -20CP -20CP -20CN -20CN -25CP -25CP -25CN -25CN DES Data Ciphering Processor DES Data Ciphering Processor DES Data Ciphering Processor DES Encryption Processor AMD VLSI Western Digital AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9568-PC AM9518-PC AM9518-PC AMZ8068-PC AMZ8068-PC AM9518-PC AM9518-PC AMZ8068-PC AMZ8068-PC AM9518-PC AM9518-PC AMZ8068-PC AMZ8068-PC AM9518-PC AM9518-PC AMZ8068-PC AMZ8068-PC AM9518-PC AM9518-PC AMZ8068-PC AMZ8068-PC AM9518-PC AM9518-PC AMZ8068-PC AMZ8068-PC AM9518-PC AM9518-PC AMZ8068-PC AMZ8068-PC AM9518-PC AM9518-PC AMZ8068-PC AMZ8068-PC AM9518-PC AM9518-PC AMZ8068-PC AMZ8068-PC AM9518-PC AM9518-PC AMZ8068-PC AMZ8068-PC - VM009-A-86 VM009-A-86 VM009-A-86 VM009-A-86 VM009-A-86 VM009-A-86 VM009-A-86 VM009-A-86 VM009-A-86 VM009-A-86 VM009-A-80 VM009-A-80 VM009-A-80 VM009-A-80 VM009-A-80 VM009-A-80 VM009-A-80 VM009-A-80 VM009-A-80 VM009-A-80 - WD20C03A-05PH WD20C03A-05PH WD20C03A-05JH WD20C03A-05JH WD20C03A-08PH WD20C03A-08PH WD20C03A-08JH WD20C03A-08JH - VM009-B VM009-B VM009-B VM009-B VM009-B VM009-B VM009-B VM009-B VM009-B VM009-B - Tundra Semiconductor Corporation Encryption Products Catalogue Package Codes and Mechanicals 2.6 Package Codes and Mechanicals 2.6.1 RBG 1210 Hybrid A (inches) 35.05 1.38 B 8.13 0.32 C 27.94 1.10 D 0.38 0.02 E 20.32 0.80 F 5.08 0.20 G 15.24 0.60 RBG 1210 89XX E B (mm) A F Dimension C Tundra Semiconductor Corporation D G 2-5 Package Codes and Mechanicals 2.6.2 Encryption Products Catalogue NM 810 RNG (All dimensions in inches) 0.7 in .062 in 5.8 in NM 810 RNG Copyright 1989 Newbridge Microsystems Random Number Generator 4 x RBG 1210 4.2 in 306 304 300 302 4 x RBG 1210 2-6 Tundra Semiconductor Corporation Encryption Products Catalogue 2.6.3 Package Codes and Mechanicals PDIP (Package Code: P) 28 - pin PDIP (All dimensions in inches) 1.450 1.458 0.070 TYP 0.600 0.625 0.538 0.542 R. 0.060 0.0097 0.0103 0.625 0.670 0.080 TYP 0.020 TYP 0.172 0.176 0.128 0.130 0.016 0.020 0.098 0.102 0.058 0.062 40 - pin PDIP (All dimensions in inches) 2.050 2.058 0.600 0.625 0.536 0.540 R. 0.060 0.0097 0.0103 0.625 0.675 0.074 0.080 0.080 TYP 0.020 TYP 0.173 0.177 0.128 0.130 0.098 0.102 0.016 0.020 Tundra Semiconductor Corporation 0.048 0.052 2-7 Package Codes and Mechanicals 2.6.4 Encryption Products Catalogue PLCC (Package Code: N) 28 - pin PLCC (All dimensions in inches) 0.169 0.173° 0.492 0.496 0.444 0.448 0.045 x 45° 0.2255 0.045 x 45° 0.060 0.045 x 45° 0.048 0.052 0.492 0.496 0.444 0.448 0.018 TYP 0.026 0.030 0.0077 0.0083 0.071 0.073 0.067 0.069 0.148 0.152 44 - pin PLCC (All dimensions in inches) 0.692 0.696 0.170 0.174 0.644 0.648 0.045 x 45° 0.323 0.045 x 45° 0.045 x 45° 0.1036 0.048 0.052 0.692 0.696 0.018 TYP 0.644 0.648 0.026 0.030 0.0097 0.0103 0.066 0.072 0.068 0.074 0.148 0.152 2-8 Tundra Semiconductor Corporation Encryption Products Catalogue 2.6.5 Package Codes and Mechanicals TQFP (Package Code: T) 44 - Pin TQFP (All dimensions in inches) D D1 D2 44 1 E2 Dimensions INDEX MARK MIN. (mm) 44 TQFP TYP. (mm) A MAX (mm) 1.60 A1 E1 E 0.64 A2 A3 B D 0.30 11.85 9.95 0.64 1.40 0.35 12.00 10.00 11.85 0.80 12.00 12.15 9.95 10.00 10.05 D1 D2 e E E1 1.35 1.00 1.00 E2 G H L S 1.45 0.40 12.15 10.05 0.08 0.17 0.50 0.05 0.60 0.10 0.75 0.15 12° A1 A3 A2 Q e 0.15 RAD. TYP. 0.15 RAD. TYP. 6°± 4° S (standoff) G (lead coplanarity) A H 0°- 8° B L Detail Q Tundra Semiconductor Corporation 2-9 Package Codes and Mechanicals 2-10 Encryption Products Catalogue Tundra Semiconductor Corporation Section 3 Introduction to Cryptography 1 Product Index and Ordering 2 Data Encryption Products 3 DES Evaluation Board Manual 4 Worldwide Sales Network 5 CA20C03A CA20C03A DES ENCRYPTION PROCESSOR · The CA20C03A CA20C03A is an improved version of the DES encryption processor designed by Tundra Semiconductor Corporation. · Data transfer rates up to 3.85 Mbytes per second · Encrypt and decrypt using Data Encryption Standard (DES) adopted by the U.S. Department of Commerce, National Bureau of Standards (NBS) - publication FIPS PUB 46 (1-15-1977) · Validated by the National Institute for Standards and Technology (NIST) in accordance with the procedures specified in NBS publication 500-20 · Electronic Code Book (ECB) and Cipher Block Chaining (CBC) · Encrypt and decrypt 64-bit data words using 56bit key words · Parity check on key word loading · Key stored in device is not externally accessible · Standard 8-bit microprocessor interface · Battery Back-up capability of internal key register · Low power CMOS with TTL I/O compatibility · Available in PLCC, PDIP, and TQFP packages The Tundra Semiconductor Corporation CA20C03A CA20C03A DES Encryption Processor is designed to encrypt and decrypt 64bit blocks of data using the algorithm specified in the Federal Information Processing Data Encryption Standard publication FIPS PUB 46 (1-15-1977). DES is the standard data encryption algorithm used for file and communications encryption, and as such is widely established in the security, finance and banking industries. The CA20C03A CA20C03A encrypt 64bit clear text words using 56-bit, user-specified keys to produce 64-bit cipher text words. When reversed, the cipher text words are decrypted to produce the original clear text words. If your application requires strictly WD2001 WD2001 mode then please contact the factory for documentation. The CA20C03A CA20C03A is implemented in low power CMOS technologies with TTL compatible I/O. It is offered in 28-pin PDIP, 28-lead PLCC, and 44-pin TQFP packaging. Application areas for the CA20C03A CA20C03A DES chip spans a diverse industrial base of financial, information processing, telecommunications and data communications companies. · · · · · · · 3 3.1 Secure Brokerage transactions Electronic fund transfers Secure banking/business accounting Mainframe communications Remote and host computer communications Secure disk or magnetic tape data storage Secure packet-switching transmission Data Encryption Products CA20C03A CA20C03A&W Table 3-1 : CA20C03A CA20C03A Transfer Rates Product Code Data Transfer Rates - ECB Mode (Mbytes per Second) System Clock CA20C03A-5 CA20C03A-5 0.77 5 MHz CA20C03A-10 CA20C03A-10 1.54 10 MHz CA20C03A-16 CA20C03A-16 2.46 16 MHz CA20C03A-20 CA20C03A-20 3.08 20 MHz CA20C03A-25 CA20C03A-25 3.85 25 MHz Warning: These devices cannot be shipped outside North America without written authorization from Canadian External Affairs and Department of National Defence or the US State Department and Department of Defence. Tundra Semiconductor Corporation 3-1 CA20C03A CA20C03A Tundra Semiconductor Corporation TO SYSTEM BUS DAL 0 . . DAL 7 8­BIT DAL BUS (Bits 0 ­ 7) COMMAND REGISTER STATUS REGISTER PARITY DETECT KEY REGISTER (56 BITS) STATIC KEY REGISTER (56 BITS) MASTER CONTROL DATA REGISTER (64 BITS) STATIC DATA REGISTER (64 BITS) IV REGISTER (64 BITS) TEMP REGISTER (64 BITS) NBS ALGORITHM VDD VSS CLK MR INTERFACE CONTROL CS WE RE A1 A0 KPE KR IVIR SPIR DIR DOR ACT E/D BB CBC/ECB CRPS Figure 3-1 : CA20C03A CA20C03A Block Diagram 3-2 Tundra Semiconductor Corporation 8 9 10 11 22 21 20 19 18 12 17 13 16 14 15 A0, NK MR CRPS KPE 18 DAL6 DIR 27 17 DAL4 DOR 28 16 DAL2 BB1 1 15 DAL0 CBC/EBC 2 14 DAL7 IVIR 3 13 DAL5 SPIR 4 12 DAL3 CA20C03A CA20C03A 5 6 7 8 9 10 11 DAL1 7 23 26 CS 6 25 24 23 22 21 20 19 KR CLK 24 ACT 25 5 RE 26 4 E/D 3 DOR DIR KR VSS (GND) E/D ACT KPE MR CRPS A0, NK DAL6 DAL4 DAL2 DAL0 WE 27 VDD 28 2 A1,O/N 1 CA20C03A CA20C03A BB1 CBC/EBC IVIR SPIR VDD A1,O/N WE RE CLK CS DAL1 DAL3 DAL5 DAL7 CA20C03A CA20C03A VSS (GND) Tundra Semiconductor Corporation b) 28-pin PLCC N/C KR DIR N/C 44 43 42 41 40 39 38 DOR N/C N/C BB1 SPIR CBC/EBC IVIR a) 28-pin PDIP 37 36 35 34 VDD 1 33 VSS (GND) A1,O/N 2 32 N/C N/C 3 31 E/D N/C 4 30 N/C N/C 5 29 ACT N/C 6 28 KPE WE 7 27 N/C RE 8 26 MR CLK 9 25 CRPS CS 10 24 A0, NK DAL1 11 23 DAL6 CA20C03A CA20C03A N/C DAL4 N/C DAL2 DAL0 N/C DAL7 DAL5 N/C N/C DAL3 12 13 14 15 16 17 18 19 20 21 22 c) 44-pin TQFP Figure 3-2 : CA20C03A CA20C03A Pin Configuration Tundra Semiconductor Corporation 3-3 CA20C03A CA20C03A Tundra Semiconductor Corporation Table 3-2 : Pin Description Pin Symbol Type PLCC A0, NK PDIP 19 19 24 Name and Function TQFP I Address 0, New Key: When CRPS is logic 1 or open, a high on this input addresses the Command or Status Register (see Table 3-18). When CRPS and A1, O/ N are logic 0, a high on this input requests that a new key be loaded in the Key Register. Device responds by activating the KR pin. A1, O/ N 6 6 2 I Address 1, Old/New: When CRPS is logic 1 or open, and this input is logic 1, the Status Register is addressed ( CS = 0, A0 = 1). When this input is logic 0, the Command Register is addressed ( CS = 0, A0 = 1). This input is ignored when A0 = 0. Note that this input has an internal pull-up resistor. When CRPS is logic 0 (low) and this input is logic 0, the device is in CA20C03A CA20C03A mode. When this input is logic 1, the device is in WD2001 WD2001 mode. The only way to return to CA20C03A CA20C03A mode from WD2001 WD2001 mode is to reset the device. Caution: In WD2001 WD2001 mode, pin 6 of the CA20CO3A CA20CO3A device must not be connected to +12V as it will irreparably damage the device. ACT 23 23 29 I/O Activate: When CRPS is logic 1 or open, this pin is an output reflecting the status of the Activate bit (bit 1) of the Command Register. When CRPS is logic 0, this pin is an input that overrides the Activate bit of the Command Register. BB 1 1 40 I/O Battery Back-up Key: When CRPS is logic 1 (open), this pin is an output reflecting the status of the battery back-up key bit (bit 5) of the Command Register. When CRPS is logic 0 or low, this pin is an input that overrides the battery back-up key bit. CBC/ ECB 2 2 42 I/O Cipher Block Chaining/Electronic Code Book: When CRPS is logic 1 or open, this pin is an output pin reflecting the status of CBC/ ECB bit (bit 7) of the Command Register. When CRPS is logic 0, this pin is an input pin and overrides the CBC/ ECB bit of the Command Register. CLK 9 9 9 I Clock: System clock input. CRPS 20 20 25 I Command Register Pin Select: This input selects DAL bus or input pin programming of the Command Register. CRPS high or open selects DAL bus programming. CRPS low selects input pin programming.This input incorporates an internal pull-up resistor. CS 10 10 10 I Chip Select: DAL 7 - 0 11-18 11-18 11,12,15, I/O Data Lines: Eight active true, tri-state, bi-directional I/O lines used for information transfer to and from the DES device. All Command Register, Status Register, Key Word and Data Word transfers are via this bus. 16,18,19,2 1,23 CS is made low to access registers within the device. DIR 27 27 36 O Data-In Request: This output is active high when the DES device is requesting that byte of the Data Word be written into the Data Register (The Data Register is automatically addressed when DIR is active, unless overridden by A0). DOR 28 28 37 O Data-Out Request: This output is active high when the DES device is requesting that a byte of the Data Word be read from the Data Register (The Data Register is automatically addressed when the DOR is active, unless overridden by A0). E /D 24 24 31 I/O Encrypt/Decrypt: When CRPS is high or open, this pin is an output reflecting the status of the Encrypt/Decrypt bit (bit 3) of the Command Register. When CRPS is low, this pin is an input pin that overrides the Encrypt/Decrypt bit of the Command Register. 3-4 Tundra Semiconductor Corporation Tundra Semiconductor Corporation CA20C03A CA20C03A Table 3-2 : Pin DescriptionCont'd Pin Symbol Type Name and Function 43 O Initial Vector-In Request: This output is active high when the device is requesting that a byte of the IV Word be written into the IV register (The IV register is automatically addressed when IVIR is active, unless overridden A0). 22 28 O Key Parity Error: This output is active low when enabled via the Command Register bit 2 (KEOE) and a parity error has been detected during loading of the Key Register. 26 26 34 O Key Request: This output is active high when the DES device is requesting that a byte of the Key Word be written into the Key Register. (The Key Register is automatically addressed when KR is active, unless overridden by A0.) MR 21 21 26 I Master Reset: MR active low resets the Command and Status Registers and resets internal circuitry. (Requires active clock for reset operation.) RE 8 8 8 I Read Enable: The contents of the selected register are placed on the DAL bus lines when and RE are made low. SPIR 4 4 44 O Special Pattern-In: This output is active high during battery back-up mode, when the device is requesting that a byte of the Special Pattern Word be written into the Data Register (The Data Register is automatically addressed when SPIR is active, unless overridden by A0). VDD 5 5 1 - Power Supply: +5 V ±10% VSS 25 25 33 - Ground: Ground WE 7 7 7 I Write Enable: Information on the DAL bus lines is written into the selected register when and WE are made low. PLCC PDIP TQFP IVIR 3 3 KPE 22 KR Tundra Semiconductor Corporation CS CS 3-5 CA20C03A CA20C03A Tundra Semiconductor Corporation Table 3-3a : AC Characteristics For CA20C03A CA20C03A (5, 10, 16 MHz) TA = 0 to 70 °C, VDD = +5.0V ± 10%, VSS = 0V Symbol Parameter Limits 5MHz Test Condition MIn Max Limits 10MHz MIn Max Limits 16MHz Min Unit Max tBR RE to next RE 2CLK 2CLK 2CLK ns tBW WE to next WE 2CLK 2CLK 2CLK ns tCY Clock cycle time tDAR DOR from 200 tDAW KR, DIR, IVIR, and SPIR from WE tDDR DOR from tDDW KR, DIR, IVIR, SPIR from WE tDF RE tDH DAL hold from tDVW DAL setup WE tMR Master reset pulse width tRACH A0, A1, CS hold from tRACS A0, A1, CS setup to tRD RE tRDV RE tWACH A0, A1, CS hold from tWACS A0, A1,CS setup to tWR WE to DAL float 2CLK+30 2CLK+30 ns 80 50 ns 80 50 ns 100 20 10 50 15 5 35 10 ns ns 80 RE 40 30 ns 2CLK 2CLK 2CLK µs 0 0 0 ns 25 RE pulse width 15 5 ns 200 to DAL valid Pulse Width ns 150 10 WE ns 2CLK+30 150 CLOAD = 50 pF 62.5 2CLK+30 2CLK+30 RE 100 2CLK+30 RE CLOAD = 50pF WE WE 100 150 60 90 0 0 25 125 ns 50 ns 0 ns 15 5 ns 95 60 ns Notes for Tables 3a, 3b, and 3c: 1. All output timing specifications reflect the following: High Output 2.0V, Low Output 0.8V 2. Clock Input: Clock signal duty cycle is 50% ±10%. There is no minimum frequency. 3. tMR is 2 CLKS in all cases for the CA20C03A CA20C03A device. 4. Time between consecutive RE or WE pulses: tBR = tBW = 2 Clock periods minimum. 5. ACT, E /D, and CBC/ ECB are valid 2CLK + 450 ns from WE of a Command Register write operation. 6. KPE output is valid within 2CLK + 450 ns from WE of a write of a Key Word byte that results in a parity error. 7. ACT, E /D, BB and CBC/ ECB are valid 2CLK + 30 ns from WE of a Command Register write operation (for CA20C03A CA20C03A). 8. KPE output is valid within 1CLK + 30 ns from WE of a write of a Key Word byte that results in a parity error (for CA20C03A CA20C03A). 3-6 Tundra Semiconductor Corporation Tundra Semiconductor Corporation CA20C03A CA20C03A Table 3-3b : AC Characteristics For CA20C03A CA20C03A (20, 25 MHz) TA = 0 to 70 °C, VDD = +5.0V ± 10%, VSS = 0V Symbol Parameter Limits 20MHz Test Condition Min Max Limits 25MHz Min Unit Max tBR RE to next RE 2CLK 2CLK ns tBW WE to next WE 2CLK 2CLK ns tCY Clock cycle time tDAR DOR from 50 2CLK+30 tDDR DOR from RE tDDW KR, DIR, IVIR, SPIR from WE tDF RE CLOAD = 50 pF 5 to DAL float DAL setup WE tMR A0, A1, CS hold from tRD RE RE A0, A1, CS hold from to DAL valid WE 20 ns ns 20 ns 2CLK µs 0 ns 5 ns 50 tRDV tWR 5 5 5 RE tWACH A0, A1,CS setup to 25 0 RE pulse width tWACS ns 2CLK Master reset pulse width A0, A1, CS setup to ns 35 20 tRACH tRACS 35 5 WE DAL hold from ns ns 40 KR, DIR, IVIR and SPIR from WE 2CLK+30 2CLK+30 40 tDAW tDH ns 2CLK+30 RE tDVW 40 CLOAD = 50pF WE WE Pulse Width 40 45 ns 35 ns 0 0 ns 5 5 ns 45 35 ns Notes for Tables 3a, 3b, and 3c continued: 9. KR activation is valid within 2CLK + 30 ns from WE (for CA20C03A CA20C03A) and 3CLK + 450 ns from WE of a write operation that programs a 1 into the COMMAND REGISTER ACTIVATE bit (or from a ACT input, if CRPS = 0). 10. Initial DIR activation is valid within 20CLK 20CLK + 30 ns from WE of the 8th write into the Key Register. 11. Initial DOR activation is valid within 20CLK 20CLK + 30 ns from WE of the 8th write into the Data Register. 12. When reading the Data Register (in response to DOR), subsequent data bytes are made available internally to the DAL output buffers within 2CLK + 30 ns from RE . 13. After reading the Data Register in response to DORs, DIR is activated and valid within 2CLK + 30 ns from RE of the 8th read from the Data Register. 14. All output timings assume CLOAD = 50pF. Tundra Semiconductor Corporation 3-7 CA20C03A CA20C03A Tundra Semiconductor Corporation Figure 3-3 : Typical Key or Data Register Load Timing KR, DIR, IVIR, SPIR tDAW tDH CS tDVW tBW WE tDDW DAL tWR Figure 3-4 : Typical Register Read Timing DOR tDAR CS tDDR tDF RE tRDV tBR DAL tRD Figure 3-5 : Read Timing A0, A1 CS tRACS tRACH RE tRDV tDF DAL tRD 3-8 Tundra Semiconductor Corporation Tundra Semiconductor Corporation CA20C03A CA20C03A Figure 3-6 : Write Timing A0, A1 CS tWACS tWACH WE tDVW DAL tWR tDH Tundra Semiconductor Corporation 3-9 CA20C03A CA20C03A Tundra Semiconductor Corporation USING THE CA20C03A CA20C03A TO ATTAIN MAXIMUM THROUGHPUT In order to obtain maximum throughput from the CA20C03A CA20C03A, the number of cycles used to perform I/O operations is minimized. The throughput is dictated by eight bytes written to the device plus 20 cycles for processing, plus eight bytes read from the device for each 64-bit block. If the data sheet is followed explicitly, it would take 24 cycles per I/O operation for a total of 48 cycles (i.e. three cycles for each byte written to or read from the device as dictated by tBW timing parameters). So for each 64-bit block, 48 plus 20, or 68 cycles are required, giving a maximum throughput of: 8bytes/(68 cycles x (40ns/cycle) = 2.95 MBytes/s. tBW and tBR specify two cycles between the rising edge of a read or write and the falling edge of the next read or write. Figure 3-7 shows this timing and hence the three clock cycles per byte. In actual fact, two falling edges of the clock are required between the rising edge of a read or write and the falling edge of the next read or write. Figure 3-8 shows how two cycles are achieved in this case. So for each 64-bit block, 32 plus 20, or 52 cycles are required, giving a maximum throughput of: 8bytes/(52 cycles x (40ns/cycle) = 3.85 MBytes/s Two new timing parameters, t1 and t2, are introduced (see Figure 3-8), and modifications are made to WR and RD (see Table 3-5 below). The number of cycles per byte can be reduced to two by following a few simple timing rules. The timing parameters Table 3-4 : Maximum Throughput I/0 Timing For The CA20C03A CA20C03A Device 5 MHz 10 MHz 16 MHz 20 MHz 25 MHz Symbol Unit Min Max Min Max Min Max Min Max Min Max tWR 125 185 65 85 30 45 25 35 20 25 ns tRD 125 185 65 85 30 45 25 35 20 25 ns tRDV 125 65 30 t1 2 2 2 2 2 ns t2 13 13 13 13 13 ns 25 25 ns Note: The following timing parameters only apply when the timing of Figure 8 is used. Figure 3-7 : Typical I/O Timing CLOCK RD or WR 3 CYCLES Figure 3-8 : Maximum Throughput Timing For The CA20C03A CA20C03A Device 2 CYCLES CLOCK t2 RD or WR t1 3-10 Tundra Semiconductor Corporation Tundra Semiconductor Corporation CA20C03A CA20C03A Table 3-5 : DC Characteristics (TA = 0 to 70 °C, VDD = +5.0V ± 10%, VSS = 0V) Limits Symbol Parameter Test Conditions Unit Min Max Input leakage current VIH = 5.5 V -10 +10 µA VIL = 0 V IIL -10 +10 µA 1 mA ILL Input low current on CA20C03A CA20C03A CRPS , A1, O/ N pins. VIL = 0 V IOL Output leakage current 0 V VIN VDD IDDOP Operating current VIN = VDD or VSS IDDSB Standby current VIN = VDD or VSS VDD = 5.5 V, Outputs open VIH Voltage input high VIL Voltage input low (all inputs) VOH Voltage output high IOH = -100 µA VOL Voltage output low IOL = +1.6 mA VBB Min. battery back-up voltage IDR Data retention current in battery back-up mode Notes: 1. 2. 10 µA 2 mA/MHz 1.0 (0.1 Typ) -10 µA 2.4 V 0.8 2.8 0.4 2.0 VBB = 2.0 V V V V V 15.0 µA IIL applies only to inputs without pull-up resistors. ILL applies only to inputs with pull-up resistors. Table 3-6 : Recommended Operating Conditions DC Supply Voltage (VDD) Power Dissipation (PDD) Ambient Operating Temperature (TA Commercial) +4.5 V to +5.5 V 0.5 W 0° to +70°C The power dissipation figure is based on typical internal logic dissipation plus the worst case set of outputs simultaneously active with maximum rated loads. Table 3-7 : Absolute Maximum Ratings DC Supply Voltage (VDD) Input Voltage (VIN) -0.3 to +7.0 V -0.3 to VDD +0.3 V DC Input Current (IIN) -10 to +10 mA Storage Temperature, plastic (TSTG) -40° to +125°C Stresses beyond those listed above may cause permanent damage to the device. These are stress ratings only, and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of this specification is not implied. Exposure to maximum rating conditions for extended periods may affect device reliability. Tundra Semiconductor Corporation 3-11 CA20C03A CA20C03A Tundra Semiconductor Corporation FUNCTIONAL DESCRIPTION The CA20C03A CA20C03A Data Encryption Standard (DES) device consists of eight registers, two ciphering options, the DES algorithm and key parity checking. The CA20C03A CA20C03A also contains the necessary logic to implement a Battery Back-up Key option. The eight registers include a 56-bit Key Register, a 64-bit Data Register, a 64-bit Initial Vector Register, a 64-bit Temp Register, two 8-bit registers for both command and status, a 56-bit Static Key Register, and a 64-bit Static Data Register. A block diagram of the CA20C03A CA20C03A is shown in Figure 1. The CA20C03A CA20C03A devices can be programmed for encryption or decryption using either the Electronic Code Book (ECB) or Cipher Block Chaining (CBC) modes with or without a Battery Back-up Key. Data is encrypted or decrypted with a 64-bit, user-defined Key Word. Data encrypted with a given Key Word can be decrypted only using the same Key Word. The Key Register is loaded by the system with eight successive bytes beginning with the most significant byte of the key. Parity is checked on each byte of the Key Word as it is loaded into the Key Register. The least significant bit (DAL0) of each 8-bit byte is reserved for odd parity for that byte and is not used in the algorithm calculation (see Table 3-8 and Table 3-9 below for Key Word loads and Data loads and reads). Table 3-8 : Format for Key Word Loads 7 6 5 4 3 2 1 Parity DAL7 DAL6 DAL5 DAL4 DAL3 DAL2 DAL1 DAL0 the Static Key Register during the key verification process. When the CA20C03A CA20C03A is programmed for the Cipher Block Chaining (CBC) mode, the Initial Vector (IV) is requested by the device after the Key Word is loaded into the Key Register and is ready to be used for encryption or decryption. The Initial Vector Register is loaded with eight successive bytes (most significant byte first) of Initial Vector data at the start of each encryption or decryption process. To encrypt plain data, the Data Register is loaded with eight successive bytes (most significant byte first) of the first plain text block. The contents of the Data Register are then added (modulo 2) to the contents of the Initial Vector Register one bit at a time. The modified text is then encrypted to the DES algorithm and the resulting encrypted (cipher) text is loaded into the Initial Vector Register for the next block of plain text to be modified, as well as being ready to be read out. This cycle is repeated until all required data is encrypted. To decrypt encrypted data, the Data Register is loaded with eight successive bytes (8-bit) of the first cipher text block. The contents of the Data Register are loaded into the Temp Register and at the same time they are decrypted to the DES algorithm. The resulting text in the Data Register is added (modulo 2) with the contents of the Initial Vector Register. The contents of the Initial Vector Register becomes plain text and are loaded into the Data Register, ready to be read out. The contents of the Temp Register are then loaded into the Initial Vector Register to allow for the next block of cipher text to be decrypted. This cycle is repeated until all required data is decrypted. In a mode without a Battery Back-up Key, the Key Word is requested after each activation and should be loaded into the Key Register. The Static Key Register and Static Data Register are not used in this mode. When the CA20C03A CA20C03A is programmed for Electronic Code Book (ECB) mode, neither the Initial Vector Register nor the Temp Register are used. The Data Word is requested by the device after the Key Word is loaded in the Key Register and ready to be used for encryption or decryption. In both encryption and decryption, the Data Register is loaded with eight successive bytes (8-bit) of text, then the contents of the Data Register go through the DES algorithm calculation. The resulting text in the Data Register is ready to be read out. It is read by reading eight successive bytes (8-bit). In a mode with a Battery Back-up Key, the Key Word is requested only when the user requests a new key by programming the Command Register, or when the Key Word stored in the Static Key Register is found no longer valid after power-up key verification. In this mode, the Key Word is loaded into the Static Key Register, and a special 64-bit pattern is requested and encrypted by the CA20C03A CA20C03A. The encrypted pattern is loaded in the Static Data Register. The data transfer into or out of the device's registers (Key Register, Data Register, IV Register) through the DAL bus is accomplished by loading or reading out eight successive bytes (8-bit). The first byte written to or read from these registers is always the most significant byte. The data transfer between registers (Key Register, Static Key Register, Data Register, Static Data Register, IV Register and Temp Register) is performed internally and automatically by this device. Table 3-9 : Format for Data Loads and Reads 7 6 5 4 3 2 1 0 DAL7 DAL6 DAL5 DAL4 DAL3 DAL2 DAL1 DAL0 During power-down or power failure, the contents of these two Static Registers are retained by the battery back-up power. As soon as the power is up again, the contents in the Static Data Register are used to verify and validate the contents in 3-12 Tundra Semiconductor Corporation Tundra Semiconductor Corporation CA20C03A CA20C03A REGISTER DESCRIPTIONS Table 3-10 : Command Register This 8-bit read/write register controls the operation of the CA20C03A CA20C03A. It is normally loaded only once for an entire encryption or decryption process. Bits 7-0 Function CBC/ ECB NK BB n/u E /D Name KEOE ACT N/O Description NEW/OLD (N/O) When logic 0, the DES device is backward compatible with the WD2001 WD2001 device in both hardware & software. When logic 1, the DES device is in CA20C03A CA20C03A mode. ACTIVATE (ACT) This bit must be logic 1 for encrypt/decrypt operation. When this bit is set from logic 0 to logic 1, one of the following events happen: · Initiates loading the Key Register in non-battery back-up key mode. · Initiates loading the Key Register in Battery Back-up Key mode while NK (command bit) is logic 1 · Initiates Special Pattern-in Request in Battery Back-up Key mode while NK = 0 and KV (status bit) is logic 1. · Initiates a Data-in Request in Battery Back-up Key mode while NK = 0, KV = 0, and CBC/ ECB (command bit) is logic 0. · Initiates an Initial Vector-in Request in Battery Back-up Key mode while NK = 0, KV = 0 and CBC/ ECB = 1. KEY ERROR OUTPUT When logic 0, the KEY PARITY ERROR output pin ( KPE ) remains inactive regardless of the status of the KEY PARITY ERROR bit (status bit 5). When logic 1, the KEY PARITY ERROR output pin is active when the KPE bit (status bit 5) is logic 1. This bit set to logic 1 upon a MASTER RESET . ENCRYPT/DECRYPT ( E /D) When logic 0, data is to be encrypted. When logic 1, data is to be decrypted. n/u Not used. BATTERY BACK-UP KEY (BB) When logic 0, the DES device is in non-battery back-up key mode. When logic 1, the DES device is in Battery Back-up Key mode. This bit is only used in the CA20C03A CA20C03A device. NEW KEY REQUEST (NK) This bit is ignored in non-battery back-up key mode. While in Battery Back-up Key mode, a key request is initiated when NK = 1, or the device skips the key loading process and does either the Cipher Block Chaining process or the Electronic Code process when NK = 0. This bit is only used in the CA20C03A CA20C03A device. CIPHER BLOCK CHAINING/ ELECTRONIC CODE BOOK (CBC/ EBC ) When logic 0, the DES device encrypts/decrypts data using the Electronic Code Book method. When logic 1, the DES device encrypts/decrypts data using the Cipher Block Chaining method. Note: All bits of the Command Register are reset to logic 0 upon = 0, this register is disregarded after MASTER RESET . Tundra Semiconductor Corporation MASTER RESET when CRPS = 1, except bit 2 (KEOE) which is set to 1. When CRPS 3-13 CA20C03A CA20C03A Tundra Semiconductor Corporation Table 3-11 : Status Register This 8-bit read-only register monitors the status of the device. Bits Function 7-0 DOR DIR Name KPE KR IVIR SPIR RLK KV Description KEY VERIFICATION REQUEST (KV) If the CRPS pin is logic 1, this bit is set each time the N/O bit of the Command request (KV) Register is set from logic 0 to logic 1. If the CRPS pin is logic 0 and N/O is logic 0, this bit is set upon each MASTER RESET . It is reset at the end of the Key Verification process while the Key is valid, or at the end of the Key Reloading process. This bit is only used in the CA20C03A CA20C03A device. RELOAD KEY REQUEST (RLK) This bit is set when the user requests a new Key (NK = 1) in Battery Back-up Key mode (BB = 1) or at the end of the Key Verification process when the Key is found not valid. When this bit is set, the Key Reloading process starts. This bit is reset at the end of the Key Reloading process. The reset occurs when the encrypted Special Pattern (encrypted by the new loaded Key) is loaded into the Static Data Register from the Data Register. If this bit becomes set, it can only be cleared through the Key Reloading process or by performing a Master Reset (i.e. deactivating the device by writing to the command registers will not reset this bit). This bit is only used in the CA20C03A CA20C03A device. SPECIAL PATTERN-IN REQUEST (SPIR) This bit is set to logic 1 when the ACT bit is programmed from logic 0 to logic 1, BB = 1, NK = 0, and KV = 1, or when KR is reset from logic 1 to logic 0 and RLK = 1. It is reset upon loading of the last (8th) byte of the Special Pattern into the Data Register. This bit is only used in the CA20C03A CA20C03A device. INITIAL VECTOR-IN REQUEST (IVIR) This bit is set to logic 1 upon one of the following conditions: · Completion of Key Register loading while BB = 0 and CBC/ ECB = 1. · Completion of Key Reloading process while BB = 1 and CBC/ ECB = 1 (CA20C03A CA20C03A device only). · Completion of Key Verification process and the Key being found valid while BB = 1 and CBC/ ECB = 1 (CA20C03A CA20C03A device only). · The ACT bit is set from logic 0 to logic 1 while BB = 1, NK = 0, KV = 0 and CBC/ ECB = 1 (CA20C03A CA20C03A device only). This bit is reset upon loading of the last (8th) byte of the Initial Vector. KEY REQUEST (KR) This bit is set to logic 1 when ACT is programmed from logic 0 to logic 1 and BB = 0 or, when RLK is set internally from logic 0 to logic 1 (CA20C03A CA20C03A device only). It is reset upon loading of the last (8th) byte of the Key Register. KEY PARITY ERROR (KPE) This bit is set internally upon detection of a parity error during loading of the Key Register. It is reset when ACT is programmed from logic 1 to logic 0 (i.e., the device is deactivated). DATA-IN REQUEST (DIR) This bit is set to logic 1 upon one of the following conditions: · Completion of Key Register loading while BB = 0 and CBC/ ECB = 0. · Completion of the Key Reloading process while BB = 1 and CBC/ ECB = 0 (CA20C03A CA20C03A device only). · Completion of the Key Verification process and the Key being found valid while BB = 1 and CBC/ ECB = 0 (CA20C03A CA20C03A device only). · The ACT bit is set from logic 0 to logic 1 while BB = 1, NK = 0, KV = 0 and CBC/ ECB = 0 (CA20C03A CA20C03A device only). · Completion of IV Register loading while BB = 1 and CBC/ ECB = 1 (CA20C03A CA20C03A device only). · Completion of Data Register reading (i.e.: the last Data-out Request has been serviced by an 8-byte read and the Data Register is now emptied and ready to be loaded with the next Data Word). This bit is reset upon loading of the last (8th) byte of the Data Register. DATA-OUT REQUEST (DOR) This bit is set upon completion of the internal encrypt/decrypt calculation of a Data Word. It is reset upon reading the last (8th) byte of the Data Register. Note: Upon MASTER RESET and CPRS is logic 1, the Status Register is not addressable because the device comes up in the WD2001 WD2001 mode. Once the Command Register is programmed into the new mode (write 1 to the N/O bit) the Status Register is addressable and will have all bits reset to 0, except the KV bit which is set to a logic 1. When CPRS = 0 and A1, O/ N = 0, all bits are reset to 0 except KV (bit 0) which is set to logic 1. 3-14 Tundra Semiconductor Corporation Tundra Semiconductor Corporation CA20C03A CA20C03A Table 3-12 : KEY Register (Load Only) Table 3-15 : STATIC DATA Register This 56-bit register contains the Key which is used to encrypt or decrypt the data with the DES algorithm. The Key Register can be loaded with eight successive bytes only when there is a Key Request (status bit and output). The Key Register can also be parallel loaded from Static Key Register in Battery Back-up Key mode. This is a write-only register. This 64-bit register contains the encrypted special pattern for key verification. When the device is programmed for a mode with a Battery Back-up, the Static Data Register is updated whenever a new key is loaded in. The special pattern is loaded in the Data Register and encrypted by the new key, then the new encrypted special pattern is loaded into the Static Data Register. The contents of this register are retained by battery power during power-down or power failure. If the device is programmed for a mode without a Battery Back-up Key, the Register is not used. This register is not accessible to the user. DATA Reg. Bits 55.49 DAL Bits 7.1 Byte Loaded 1st 48.42 ··· 15.07 06.00 7.1 ··· 7.1 7.1 2nd ··· 7th 8th DATA Reg. Bits Table 3-13 : STATIC KEY Register This 56-bit register contains the current Key for data encryption and decryption using the DES algorithm. The Static Key Register is updated when a new Key is loaded into the Key Register and when the device is programmed for Battery Backup mode. The contents of this register are retained by battery power during power-down or power failure. If the device is programmed for a mode without a Battery Back-up Key, this register is not used. The register is not accessible to the user. DATA Reg. Bits 55.49 48.42 ··· 15.07 06.00 DAL Bits 7.1 7.1 ··· 7.1 7.1 Byte Loaded 1st 2nd ··· 7th 8th Table 3-14 : DATA Register This 64-bit register contains the plain or cipher text either to be read out or that has been loaded in. During encryption, the Data Register is loaded with plain text and contains cipher text to be read out. During decryption, the Data Register is loaded with cipher text and contains plain text to be read out. The Data Register is always read or loaded with eight successive bytes (8-bit). The Data Register can only be loaded when there is a Data-in Request or Special Pattern-in Request (Status bit and Output). Similarly, the Data Register can only be read when there is a Data-out Request (Status bit and Output). However, when the device is programmed for a mode with Battery Back-up, the contents of this register can be parallel loaded into the Static Data Register when the special pattern for key verification is encrypted. 63.56 55.48 ··· 15.8 07.00 DAL Bits 7.0 7.0 ··· 7.0 7.0 Byte Loaded 1st 2nd ··· 7th 8th Table 3-16 : INITIAL VECTOR (IV) Register This 64-bit register contains the initial vector or cipher text for the Cipher Block Chaining mode. This register is first loaded with the eight successive bytes (8-bit) of the Initial Vector Register for the first block of plain or cipher text. After the current text in the Data Register (plain or cipher) has been processed (encrypted or decrypted), this register is loaded with the current cipher text from the Data Register (encrypt) or the next block of text from the Temp Register (decrypt). This register is not used in the Electronic Code Book mode. DATA Reg. Bits 63.56 55.48 ··· 15.8 07.00 DAL Bits 7.0 7.0 ··· 7.0 7.0 Byte Loaded 1st 2nd ··· 7th 8th Table 3-17 : TEMP Register This 64-bit register is a temporary storage place used in the Cipher Block Chaining mode. This register temporarily stores the current cipher text, before this text is loaded into the IV Register during the decryption process. This register is loaded with the eight bytes of cipher text from the Data Register. It is not used in the Electronic Code Book mode and is not accessible to the user. DATA Reg. Bits 63.56 55.48 ··· 15.8 07.00 DATA Reg. Bits 63.56 55.48 ··· 15.8 07.00 DAL Bits 7.0 7.0 ··· 7.0 7.0 DAL Bits 7.0 7.0 ··· 7.0 7.0 Byte Loaded 1st 2nd ··· 7th 8th Byte Loaded 1st 2nd ··· 7th 8th Tundra Semiconductor Corporation 3-15 CA20C03A CA20C03A Tundra Semiconductor Corporation DES ENCRYPTION MODES Electronic Code Book (ECB) Mode Overview Cipher Block Chaining (CBC) Mode Overview The Electronic Code Book is a direct implementation of the DES algorithm in which the same plain text always generates the same ciphered text for a given cryptographic key. The CA20C03A CA20C03A determines the codebook entries each time. A single bit error or change, in either the input text block or the key, causes an average bit error rate of 50% for its output block. However, an error in one text block does not affect any other block. In other words, there is no error extension between blocks generated using the ECB mode. The Cipher Block Chaining mode also operates on 64 bit data blocks, but preprocesses the information before passing it to the DES algorithm. An input data block is first EXORed with a 64 bit Initial Vector (IV), then processed by the DES algorithm. The resulting ciphered-output block is loaded into the IV Register, to be EXORed with the next input block. This chaining of cipher text blocks provides different outputs for identical input blocks. It also gives an error extension characteristic which protects against fraudulent data insertion, deletion or alteration in a block sequence (see Figure10). A one-bit error in the input text block, the key or the Initial Vector causes an average error rate of 50% in all subsequent output blocks. Thus, the CBC mode is far better suited to high-speed data communications applications. The input and output block size is fixed at 64 bits. Since data blocks are independently ciphered, this mode is suitable for disk applications (see Figure 9). The ECB mode has the weakness that identical block of plain text generate identical blocks of ciphered text. This violates one of the basic laws of encryption security, namely: never encrypt a given piece of information the same way twice as it makes it easier for an attacker to break the code. This shortcoming in the ECB mode is resolved by the Cipher Block Chaining mode. Cipher Feedback (CFB) and Output Feedback (OFB) These two DES modes can be implemented with the CA20C03A CA20C03A using the ECB mode with additional software overhead. For more information refer to the publication: Cryptography and Data Security, by D. Denning, AddisonWesley Publishing Company, Inc., 1982. ECB ENCRYPTION ECB DECRYPTION PLAIN TEXT (64 BITS) CIPHER TEXT (64 BITS) INPUT BLOCK INPUT BLOCK DES ENCRYPT DES DECRYPT OUTPUT BLOCK OUTPUT BLOCK CIPHER TEXT (64 BITS) PLAIN TEXT (64 BITS) Figure 3-9 : Electronic Codebook (ECB) Mode 3-16 Tundra Semiconductor Corporation Tundra Semiconductor Corporation CA20C03A CA20C03A TIME = 1 TIME = 2 TIME = n D1 D2 Dn + + + I1 I2 In DES ENCRYPT DES ENCRYPT DES ENCRYPT C1 C2 Cn C1 C2 Cn DES DECRYPT DES DECRYPT DES DECRYPT I1 I2 In + + + D1 D2 Dn INITIALIZATION VECTOR (IV) ENCRYPT DECRYPT INITIALIZATION VECTOR (IV) LEGEND DJ = DATA BLOCK AT TIME J = ENCRYPTION INPUT BLOCK AT TIME J IJ CJ = CIPHER BLOCK AT TIME J + = EXCLUSIVE-OR Figure 3-10 : Cipher Block Chaining (CBC) Mode Tundra Semiconductor Corporation 3-17 CA20C03A CA20C03A Tundra Semiconductor Corporation CA20C03A CA20C03A MODES of OPERATION The CA20C03A CA20C03A can operate in two major encryption modes: Electronic Code Book (ECB) mode and Cipher Block Chaining (CBC) mode (each an implementation of the DES algorithm). Each of these two modes can be selected with or without Battery Back-up, giving a total of four operational modes (for the CA20C03A CA20C03A): · Electronic Code Book without a Battery Back-up Key Key Word into the Key Register. The Key Register is loaded with eight successive bytes (8-bit) by activating WE eight times (with CS active). When WE is activated, the CA20C03A CA20C03A deactivates the KEY REQUEST (KR) output. When WE is deactivated, the CA20C03A CA20C03A activates the KR output. The CA20C03A CA20C03A activates eight Key Requests to fill up the Key Register. · Cipher Block Chaining without a Battery Back-up Key · Electronic Code Book with a Battery Back-up Key · Cipher Block Chaining with a Battery Back-up Key The CA20C03A CA20C03A can also be programmed to operate in a WD2001 WD2001 mode, which offers ECB type encryption only. When the N/O bit is programmed to logic 1, the device is in the CA20C03A CA20C03A mode, and either ECB or CBC type encryption modes can be selected. When the N/O bit is logic 0, the device is in WD2001 WD2001 mode. All modes are described in more detail below. WD2001 WD2001 Compatibility Mode To ensure backward compatibility with the WD2001 WD2001 device, the CA20C03A CA20C03A can also be programmed to emulate functions in the WD2001 WD2001 (ECB mode only). This is determined by the setting of bit 0 (N/O) in the Command Register, which indicates whether the CA20C03A CA20C03A is in WD2001 WD2001 mode (ECB) or in CA20C03A CA20C03A mode (ECB or CBC). When the N/O bit is programmed to logic 0, the device is in the WD2001 WD2001 mode (ECB) and only the Command/Status, Data, and Key Registers are then available. The pinouts and the operation of the device and the functions of the three registers in this mode are exactly the same as in the WD2001 WD2001 (refer to CA20C01 CA20C01 data sheet for detailed operational information). If WD2001 WD2001 mode is in use in a CA20C03A CA20C03A device, pin 6 of the device can be connected to +5 V, or left unconnected. Caution: Pin 6 of a CA20C03A CA20C03A device must not be connected to +12 V as it will irreparably damage the device. Electronic Code Book without a Battery Back-up Key Table 3-18 : CA20C03A CA20C03A Register Select Register CS A0 A1 Status 0 1 1 1 Command 0 1 0 1 Key, IV and Data 0 0 X 1 CRPS X = Don't care The KR output can either be used for asynchronous handshaking (as in DMA control) or, after the first activated KR, further activations can be ignored and the Key Register can be loaded synchronously (as in programmed I/O) by eight successive activations of WE . Each byte of the Key Word is checked for odd parity when it is loaded into the Key Register (see Figure 3-11). If a parity error is detected, the CA20C03A CA20C03A sets bit 5 (KPE, KEY PARITY ERROR) in the Status Register to logic 1. If bit 2 (KEOE, KEY ERROR OUTPUT ENABLE) in the Command Register has been set, the device also activates the KPE (pin 22) output. Bit 5 (KPE, KEY PARITY ERROR) in the Status Register is reset to logic 0 when bit 1 (ACT, ACTIVATE) in the Command Register is reset to logic 0. After loading the eighth byte of the Key Word into the Key Register, the CA20C03A CA20C03A sets DIR, DATA-IN REQUEST in the Status Register and activates the DATA-IN REQUEST (DIR, pin 27) output (see Figure 3-12). The 64-bit Data Word should then be loaded into the Data Register, which is loaded in the same manner as the Key Register by eight successive activations of DATA-IN REQUEST (DIR, pin 27) output and WE input. The CA20C03A CA20C03A operates in this mode when bit 5 (BB), and bit 7 (CBC/ ECB ) in the Command Register are set to logic 0. After the device is selected to be in this mode, it is initiated by setting bit 1 (ACT) in the Command Register to logic 1. The CA20C03A CA20C03A responds by activating the KEY REQUEST (KR, pin 26) output. After the eighth (last) byte of the Data Word has been loaded, the CA20C03A CA20C03A starts its operation internally by encrypting or decrypting the data to the DES algorithm. Upon completion of this operation, the encrypted or decrypted data is loaded into the Data Register, the CA20C03A CA20C03A sets bit 7 (DOR, DATA-OUT REQUEST) in the Status Register and activates the DATA-OUT REQUEST (DOR, pin 28) output (see Figure 3-13). A0 must be deactivated (to allow the CA20C03A CA20C03A to internally address the Key Register) before loading the 64-bit The Data Word must then be read from the Data Register in the same manner as it was loaded (by eight successive 3-18 Tundra Semiconductor Corporation Tundra Semiconductor Corporation activations of DATA-OUT REQUEST output and RE input). After the first request, further activations of the DIR and DOR outputs can be ignored and the Data Register can be loaded or read by eight successive activations of WE or RE . After the eighth (last) byte of the Data Register has been read, the CA20C03A CA20C03A reactivates the DATA-IN-REQUEST. The cycle of loading the Data Register, encrypting or decrypting of the data to the DES algorithm, and reading the new data from the Data Register is repeated until all required data has been encrypted or decrypted with the current Key Word. Figures 3-11 to 3-13 are flowcharts which will aid in the understanding of the device operation in this mode. When this is completed, bit 1 (ACT, ACTIVATE) in the Command Register should be reset to logic 0 to lock the last Key Word loaded into the CA20C03A CA20C03A. This prevents the access and use by an unauthorized user. To resume operation, the Activate bit must be reset to logic 1. This activates the Key Request and a new Key must be loaded before the Data Register can be accessed. Plain data is encrypted by loading it into the Data Register, and encrypted data is read from the Data Register after E /D, ENCRYPT /DECRYPT in the Command Register has been set to logic 0. Data is decrypted by loading it into the Data Register, and plain data is read from the Data Register after E /D, ENCRYPT /DECRYPT in the Command Register has been set to logic 1. Caution: To accomplish switching from encryption to decryption (or vice versa) with the same Key Word before a Data Word transfer is initiated, A0 must be set to 1 and A1 to 0. The CA20C03A CA20C03A then overrides the internal addressing of the Data Register and addresses the Command Register, which can now be reprogrammed. When A0 is deactivated, the device then internally addresses the Data Register, while awaiting the loading of the next Data Word. CA20C03A CA20C03A Key Register, the CA20C03A CA20C03A sets bit 3 (IV-IN REQUEST) in the Status Register and activates the IV-IN REQUEST (IVIR) output. The 64-bit Initial Vector Word must then be loaded into the IV Register in the same manner as the Key Register was loaded, that is, by eight successive activations of IV-IN REQUEST output and WE input. After the eighth (last) byte of the Initial Vector Word has been loaded, the CA20C03A CA20C03A sets bit 6 (DATA-IN REQUEST) in the Status Register and activates the DATA-IN REQUEST (DIR) output. The 64-bit Data Word must then be loaded into the Data Register in the same manner as the Key Register was loaded, that is, by eight successive activations of DATA-IN REQUEST output and WE input. The plain text is loaded into the Data Register when the ENCRYPT /DECRYPT bit has been set to logic 0. When this is completed, that is, after the eighth (last) byte of the plain Data Word has been loaded into the device, the contents of the IV Register are added to the plain text consecutively bit by bit with modulo 2 arithmetic and the CA20C03A CA20C03A begins the internal calculation of the DES algorithm for the cipher text. ENTER A D MASTER RESET LOAD (READ) COMMAND (STATUS) REGISTER NO YES KEY REQUEST IS ACTIVATED SET KEY PARITY ERROR BIT LOAD BYTE OF KEY WORD Cipher Block Chaining without a Battery Back-up Key The CA20C03A CA20C03A operates in this mode when bit 5 (BB) and bit 7 (CBC/ EBC ) in the Command Register are set respectively to logic 0 and logic 1. Once the device is programmed in this mode, it can be initiated by setting bit 1 (ACT) in the Command Register to logic 1. The CA20C03A CA20C03A now responds by activating the KEY REQUEST (KR) output. Refer to Table 3-18 for register selection. ACTIVATED ? A0? KEY PARITY ERROR? YES NO NO 1 0 LOAD (READ) COMMAND (STATUS) REGISTER 8th BYTE? YES IS ACTIVATE RESET? NO B A A0 must be deactivated (to address the Key Register internally), and the Key Register must be loaded with the 64bit Key Word in the same manner as performed in the Electronic Code Book mode without a Battery Back-up Key. Figure 3-11 : Key Word Loading Procedure (ECB Mode Only) When the eighth (last) byte of the Key Word is loaded in the Tundra Semiconductor Corporation 3-19 CA20C03A CA20C03A Tundra Semiconductor Corporation When completed, this data is loaded into both the Data Register and the IV Register (where it overrides the original Initial Vector Word). After (parallel) loading the new data into these two registers, the CA20C03A CA20C03A sets bit 7 (DATA-OUT REQUEST) in the Status Register and activates the DATA-OUT REQUEST (DOR) output. B DATA-IN REQUEST IS ACTIVATED A0? 1 LOAD (READ) COMMAND (STATUS) REGISTER 0 LOAD BYTE OF DATA WORD IS ACTIVATE RESET? NO YES NO 8th BYTE? · Adding the (previous) cipher text contents of the IV Register to the contents of the Data Register ALGORITHM IS EXECUTED · Calculating the DES algorithm for cipher text · Loading it into the IV Register for operation (addition) to the 64-bit (plain) Data Word C Figure 3-12 : Activating DIR Output Procedure (ECB Mode Only) C DATA-OUT REQUEST IS ACTIVATED A0? 1 LOAD (READ) COMMAND (STATUS) REGISTER 0 READ BYTE OF DATA WORD IS ACTIVATE RESET? NO YES 8th After the eighth (last) byte of the Data Register contents have been read, the CA20C03A CA20C03A reactivates the DATA-IN REQUEST and the next cycle can begin. This continues until all required (plain) data has been encrypted with the current Key Word in the manner previously described, that is, by: · Loading the Data Register with plain text D YES NO The new cipher Data Word must then be read from the Data Register in the same manner as it was loaded, that is, by eight successive activations of DATA-OUT REQUEST output and RE input. BYTE? D YES B · Reading it (cipher text) from the Data Register. When decrypting, bits 1 (ACT) and bit 3 ( ENCRYPT /DECRYPT) in the Command Register are set to 1 respectively. This activates the KEY REQUEST output indicating that the original key must now be loaded into the Key Register. After the key is loaded, the CA20C03A CA20C03A requests that the initial vector be loaded into the IV Register. When this is completed, the data request input pin is activated and the first eight bytes of cipher data need to be loaded into the Data Register. After the eight bytes of the cipher Data Word have been loaded into the device, the contents of the Data Register are transferred into the Temp Register and the CA20C03A CA20C03A begins the internal calculation of the DES algorithm for clear data. When completed, this data is added consecutively bit by bit to the contents of the IV Register using modulo 2 arithmetic. The modified plain text data is then loaded into the Data Register while the contents of the Temp Register are loaded into the IV Register, overriding the existing Initial Vector. After completion of these operations, bit 7 (DATA-OUT Status Register is set and the DATA-OUT output is activated. The plain Data Word must then be read from the Data Request in the same manner as it was loaded, that is, by eight successive activations of DATA-OUT REQUEST output and RE input. REQUEST) in the REQUEST (DOR) Figure 3-13 : Activating DOR Output Procedure (ECB Mode Only) 3-20 Tundra Semiconductor Corporation Tundra Semiconductor Corporation After the eighth (last) byte of the Data Register contents have been read, the CA20C03A CA20C03A reactivates the DATA-IN REQUEST and the next cycle can begin. This continues until all required (cipher) data has been decrypted with the current Key Word in the manner previously described: · Load the Data Register with cipher text · Load the contents of the Data Register into the Temp Register · Calculate the DES algorithm for clear text · Add the clear text contents in the Temp Register to the (previous) cipher text contents in the IV Register · Load plain text into the Data Register · Transfer the contents of the Temp Register to the IV Register for the next 64-bit cipher Data Word · Read plain text from the Data Register. As previously explained, for DATA-IN, IV-IN, and DATA-OUT, after the first request, further activations of DIR, IVIR, and DOR outputs aren't necessary. Loading the IV Register and the Data Register is performed by eight successive activations of WE and reading the Data Register is performed by eight successive activations of RE . When all required data has been encrypted or decrypted with the current Key Word, bit 1 (ACTIVATE) in the Command Register should be programmed to logic 0 to lock the last Key loaded into the CA20C03A CA20C03A. This prevents the access and use of it by an unauthorized user. To resume operation, the activate bit must be programmed to logic 1. This activates the Key Request and a new Key must be loaded before the Data Register can be accessed. Caution: At the end of each encrypted or decrypted file (or message), the CA20C03A CA20C03A is waiting for the Data Word, not for the reloading of the Initial Vector: that is, DIR output is active. In order to activate the IVIR output and re-load the Initial Vector, the device has to be restarted. This can be accomplished by deactivating the CA20C03A CA20C03A and then reactivating it once more. This forces the re-loading of the Key Word. This procedure should be followed even when it is desired to use the same Key Word for the encryption or decryption of the next file (or message). Tundra Semiconductor Corporation CA20C03A CA20C03A Electronic Code Book with a Battery Back-up Key The CA20C03A CA20C03A operates in this mode when bit 5 (BB) and bit 7 (CBC/ ECB ) in the Command Register are set respectively to logic 1 and logic 0. After the device is programmed for this mode, it is initiated by setting the ACT bit in the Command Register to logic 1. The CA20C03A CA20C03A responds in one of the following ways: · When bit 6 (NK, NEW KEY) in the Command Register is set to logic 1, the CA20C03A CA20C03A responds by setting bit 1 (RLK, RELOAD KEY) and bit 4 (KR, KEY REQUEST) in the Status Register. It also sets the KEY REQUEST output in the Key Reloading state. Caution: The RLK bit can only be reset by the Key Reloading process or by performing a Master Reset. Deactivating the device by writing to the Command Register will not reset this bit. A0 needs to be deactivated to allow the CA20C03A CA20C03A to select the Key Register internally and load it with the 64bit Key Word (in the same manner as in the Electronic Code Book mode without a Battery Back-up Key). Refer to Table 16 for register selection. When the eighth (last) byte of the Key Word has been loaded into the Static Key Register then bit 2 (SPECIAL PATTERN-IN REQUEST) in the Status Register is set and the SPECIAL PATTERN-IN REQUEST (SPIR, pin 4) output is activated. The 64-bit Special Pattern must now be loaded into the Data Register in the same manner as the Key Register, that is, by eight successive activations of SPECIAL PATTERN-IN REQUEST input and WE input. When the eighth byte of the Special Pattern has been loaded into the Data Register, the device starts to encrypt the Special Pattern Word in Electronic Code Book mode. Upon completion of the DES algorithm calculation, the cipher data is then loaded into the Static Data Register, and the CA20C03A CA20C03A resets RELOAD KEY bit and the KEY VERIFICATION bit in the Status Register. The device is now out of the Key Reloading state and continues in Electronic Code Book mode by setting bit 6 (DATA-IN REQUEST) in the Status Register and activating the DATA-IN REQUEST (DIR, pin 27) output. 3-21 CA20C03A CA20C03A · When bit 6 (NEW KEY) in the Command Register is set to logic 0 and bit 0 (KEY VERIFICATION) in the Status Register is set to logic 1, the CA20C03A CA20C03A responds by setting bit 2 (SPECIAL PATTERN-IN) in the Status Register. The device also activates the SPECIAL PATTERN-IN (SPIR) output, loads the contents of the Static Key Register into the Key Register in order to encrypt the Special Pattern, and enters the Key Verification state. A0 must be deactivated (to allow the CA20C03A CA20C03A to address the Data Register internally) and the Data Register must be loaded with the 64-bit Special Pattern Word in the same manner as the Key Register was loaded, that is, by eight successive activations of SPECIAL PATTERN-IN REQUEST output and WE input. When the eighth byte of the Special Pattern has been loaded into the Data Register, the CA20C03A CA20C03A starts to encrypt the Special Pattern Word in the Electronic Code Book mode. Upon the completion of the DES algorithm calculation, the cipher data is compared with the contents of the Static Data Register. If they are not the same, the CA20C03A CA20C03A sets bit 1 (RELOAD KEY) and bit 4 (KEY REQUEST) in the Status Register and activates the KEY REQUEST (pin 26) output to start the Key Reloading process as was previously described. Upon the completion of the Key Reloading operation, the device sets bit 6 (DATA-IN REQUEST) in the Status Register and activate the DATA-IN REQUEST (DIR, pin 27) output to start the Electronic Code Book mode. If the new cipher data and contents of the Static Data Register are the same, the CA20C03A CA20C03A resets bit 0 (KEY VERIFICATION), sets bit 6 (DATA-IN REQUEST) in the Status Register, and activates the DATA-IN REQUEST (DIR, pin 27) output to start the Electronic Code Book mode. · When bit 6 (NEW KEY) in the Command Register is set to logic 0 and bit 0 (KEY VERIFICATION) in the Status Register is set to logic 0, the CA20C03A CA20C03A loads the contents of the Static Key Register into the Key Register, sets bit 6 (DATA-IN REQUEST) in the Status Register and activates the DATA-IN REQUEST (DIR, pin 27) output to start the Electronic Code Book mode. The operation is the same as previously described in the Electronic Code Book mode without a Battery Back-up Key. 3-22 Tundra Semiconductor Corporation Note that to accomplish switching from encryption to decryption (or vice versa) without deactivating the CA20C03A CA20C03A, and before a Data Word transfer is initiated, A0 must be set to 1 and A1 to 0 to address the Command Register and override the addressing of the Data Register internally. The Command Register can now be re-programmed. When A0 is reset to logic 0, the CA20C03A CA20C03A will now address the Data Register internally while awaiting the loading of the next Data Word. Cipher Block Chaining with a Battery Back-up Key The CA20C03A CA20C03A operates in this mode when the BB and CBC/ ECB bits in the Command Register are set to logic 1. After the device is programmed for this mode, it is initiated by setting the ACT bit in the Command Register to logic1. The CA20C03A CA20C03A responds in one of the three ways previously described in the section Electronic Code Book with a Battery Back-up Key. However, after completion of the Key Reload or Key Verification operations, the device starts operating in the Cipher Block Chaining mode instead of the Electronic Code Book mode. It sets INITIAL VECTOR-IN REQUEST in the Status Register and activates the INITIAL VECTOR-IN REQUEST (IVIR) output. When the CA20C03A CA20C03A is in the Cipher Block Chaining mode, its operation is the same as previously described in Cipher Block Chaining without a Battery Back-up Key. A sample battery back-up circuit is shown in Figure 14. Note that at the end of each encrypted or decrypted file (or message), the CA20C03A CA20C03A is waiting for the Data Word, not for the reloading of the Initial Vector; that is, DIR output is active. In order to activate the IVIR output and re-load the Initial Vector, the device has to be re-started by deactivating and then reactivating it. This restart procedure forces the reloading of the Key Word and should be followed even when the same Key Word is desired for the encryption or decryption of the next file (or message). Tundra Semiconductor Corporation Tundra Semiconductor Corporation CA20C03A CA20C03A Command Select Option The CA20C03A CA20C03A can be programmed through the DAL bus lines or through the input pins. When the COMMAND REGISTER PIN SELECT ( CRPS , pin 20) input is set to logic 0, the (A1,O/ N ), ACT, E /D, BB, (A0,NK), and CBC/ ECB pins are enabled as inputs which override bits 0, 1, 3, 5, 6, and 7 in the Command Register. This override allows input pins to control the CA20C03A CA20C03A. Bit 2 (KEOE) in the Command Register remains at logic 1. The A1 and A0 bits are disregarded in this option, and the Command and Status Registers cannot be accessed using the DAL bus lines. Note that the ACT pin must be toggled from logic 1 to logic 0 to clear a parity error detection when operating in this mode. All other operations are the same as described previously. Caution: Upon MASTER RESET , while CRPS and A1,O/ N pins are logic 0, the CA20C03A CA20C03A does not return to the 2001 mode, but stays in the CA20C03A CA20C03A mode and sets bit 0 (KV) in the Status Register. +5 V 8 1 VCCO VSS DS1210 DS1210 CE (FROM DECODER) VDD (Note 2) VBAT1 2 VBAT2 (Note 1) 7 5 6 4 CA20C03A CA20C03A DES PROCESSOR 3 CS + 3V + 3V Notes: 1. VBAT2 is optional (use if double redundant back-up is required for failsoft operation). 2. Dallas Semiconductor DS1210 DS1210 Non-volatile Controller. Figure 3-14 : CA20C03A CA20C03A Battery Back-up Circuit Example Tundra Semiconductor Corporation 3-23 CA20C03A CA20C03A Tundra Semiconductor Corporation Table 3-19 : Test Data For Electronic Codebook (ECB) Mode E-Key=D-Key= 0123456789ABCDEF 0123456789ABCDEF Encryption Time Plain Text Cipher Text 1 4E6F772069732074 4E6F772069732074 3FA40E8A984D4815 3FA40E8A984D4815 2 68652074696D6520 68652074696D6520 6A271787AB8883F9 6A271787AB8883F9 3 666F7220616C6C20 666F7220616C6C20 893D51EC4B563B53 893D51EC4B563B53 Decryption Time Cipher Text Plain Text 1 3FA40E8A984D4815 3FA40E8A984D4815 4E6F772069732074 4E6F772069732074 2 6A271787AB8883F9 6A271787AB8883F9 68652074696D6520 68652074696D6520 3 893D51EC4B563B53 893D51EC4B563B53 666F7220616C6C20 666F7220616C6C20 Table 3-20 : Test Data For Cipher Block Chaining (CBC) Mode E-Key = D-Key = 0123456789ABCDEF 0123456789ABCDEF IVE = IVD = 1234567890ABCDEF 1234567890ABCDEF Encryption Time Plain Text Cipher Text 1 4E6F772069732074 4E6F772069732074 E5C7CDDE872BF27C E5C7CDDE872BF27C 2 68652074696D6520 68652074696D6520 43E934008C389C0F 43E934008C389C0F 3 666F7220616C6C20 666F7220616C6C20 683788499A7C05F6 683788499A7C05F6 Time Cipher Text Plain Text 1 E5C7CDDE872BF27C E5C7CDDE872BF27C 4E6F772069732074 4E6F772069732074 2 43E934008C389C0F 43E934008C389C0F 68652074696D6520 68652074696D6520 3 683788499A7C05F6 683788499A7C05F6 666F7220616C6C20 666F7220616C6C20 Decryption Note for Table 3-19 and Table 3-20: The plain text in both cases is the ASCII code for "Now is the time for all .". These seven-bit characters are written in hexadecimal notation: 0, b6, b5, b4, b3, b2, b1, b0. 3-24 Tundra Semiconductor Corporation CA95C68/18/09 CA95C68/18/09 DES DATA CIPHERING PROCESSORS (DCP) · Encrypts/Decrypts data using National Bureau of Standards Data Encryption Standard (DES) · High speed, pin and function compatible version of industry standard AMD AM9568 AM9568, AM9518 AM9518 and VLSI VM009 VM009 · Supports four standard ciphering modes: Electronic Code Book (ECB), Cipher Block Chaining (CBC), as well as 1 and 8 bit Cipher Feedback (CFB) · Data rates greater than 11 Mbytes per second (25 MHz) in ECB or CBC modes · Three separate registers for encryption, decryption and master keys improve system security and throughput by eliminating the need to reload keys frequently · Fully static CMOS, TTL I/O compatible device, operates at up to 33MHz · Low power consumption allows battery back-up of internal key registers · Three separate programmable ports (master, slave and key data) · Available in 44 pin PLCC and 40 pin PDIP and 44 pin TQFP packages The Tundra Semiconductor Corporation CA95C68/18/09 CA95C68/18/09 DES Data Ciphering Processors (DCPs) implement the National Bureau of Standards Data Encryption Standard (DES), FIPS PUB 46 (1-15-1977). The DCPs were designed to be used in a variety of environments where computer and communications security is essential. 3 3.2 The CA95C09 CA95C09 may be configured to behave as either the CA95C68 CA95C68 or the CA95C18 CA95C18 (see OPTION pin in Table 3-2), the only difference being the order of the signal names on the device package. CA95C68/18/09 CA95C68/18/09 The DCPs provide a high throughput rate (up to 14 Mbytes per second) using ECB or CBC modes of operation. The DCPs provide a unique 1 bit CFB mode as well as the standard 8 bit mode. Separate ports for key input, clear data and enciphered data enhance security for your application. The system communicates with the DCP using commands entered in the Master Port or through auxiliary control lines. Once the DCP is set up, data can flow through at high speeds since input, output and ciphering activities are performed concurrently. External DMA control can easily be used to enhance throughput in many system configurations. The CA95C68 CA95C68 is designed to interface directly to the iAPX86, 88 CPU bus, and with a minimum of external logic, to the 2900 and 8051 families of processors. The CA95C18 CA95C18 is designed to interface directly with Z8000 Z8000, 68000 type bus interfaces. Table 3-1 : CA95C68/18/09 CA95C68/18/09 Data Transfer Rates Data Transfer Rates Product Code CA95Cxx ­ 5 ECB or CBC Mode (Mbytes/s) CFB-8 Mode (Mbytes/s) CFB-1 Mode (Mbits/s) 2.22 0.27 0.27 System Clock (MHz) 5 CA95Cxx ­ 10 4.44 0.55 0.55 10 CA95Cxx ­ 16 7.10 0.88 0.88 16 CA95Cxx ­ 20 8.88 1.11 1.11 20 CA95Cxx ­ 25 11.11 1.38 1.38 25 CA95Cxx-33 14.81 1.85 1.85 33 Tundra Semiconductor Corporation 3-25 CA95C68/18/09 CA95C68/18/09 PARITY BIT KEY OR CONTROL AUXILIARY PORT CONTROL I/O Tundra Semiconductor Corporation PAR AUX7-AUX0 AUXILIARY PORT PARITY CHECK INPUT BUS (8-BITS) AFLG ASTB AUXILIARY PORT CONTROL MODE REGISTER COMMAND REGISTER MASK REGISTER INPUT REGISTER (64-BITS 64-BITS) M KEY REGISTER (56-BITS 56-BITS) E KEY REGISTER (56-BITS 56-BITS) D KEY REGISTER (56-BITS 56-BITS) (56-BITS 56-BITS) MUX/DIRECT CONTROL C/K MASTER CONTROL DES ALGORITHM PROCESSING UNIT CLK CA95C18 CA95C18 CA95C68 CA95C68 MCS MWR MDS MRD MAS MALE MFLG MASTER PORT CONTROL I/O (64-BITS 64-BITS) MCS MR/W MFLG KEY OR DATA MASTER PORT CONTROL SFLG STATUS REGISTER OUTPUT REGISTER (64-BITS 64-BITS) IVE REGISTER (64-BITS 64-BITS) IVD REGISTER (64-BITS 64-BITS) SLAVE PORT CONTROL C BUS (8-BITS) MP7-MP0 SDS SP7-SP0 OUTPUT BUS (8-BITS) MASTER PORT SCS SLAVE PORT INPUT BUS (8-BITS) SLAVE PORT CONTROL I/O DATA Figure 3-1 : CA95C68/18/09 CA95C68/18/09 Block Diagrams 3-26 Tundra Semiconductor Corporation AUX0 6 35 AUX4 AUX1 AUX1 7 34 AUX5 (S/S) (BSY) AUX2 (BSY) AUX2 8 33 AUX6 (E/D) (CP) AUX3 9 (CP) AUX3 32 AFLG 31 AUX7 (K/D) SFLG 30 SCS 1 4 4 43 42 41 40 SP6 SP7 SP7 AUX0 10 ASTB 11 PAR 12 29 SDS C/K 13 28 MWR PAR C/K 14 MALE 15 26 MRD MP0 MP1 16 25 17 24 18 23 19 22 20 21 AUX5 (S/S) 37 AUX6 (E/D) 36 AUX7 (K/D) 35 NC 34 SFLG 33 SCS 32 SDS 31 MWR 30 MALE 29 MRD CA95C68 CA95C68 DCP MP4 MP5 VSS NC MCS MP2 MP3 MFLG AUX4 38 NC MCS MP4 MP5 MP6 MP7 VDD 36 SP7 AUX0 6 35 AUX4 AUX1 7 34 AUX5 (S/S) (BSY) AUX2 8 33 AUX6 (E/D) (CP) AUX3 9 32 AUX7 (K/D) SFLG 3 2 1 4 4 43 42 41 40 SP7 5 SP6 SP6 SP3 SP5 37 4 SP5 4 5 SP4 38 AFLG CA95C18 CA95C18 DCP 10 ASTB 11 31 30 AUX0 7 39 AUX4 AUX1 (BSY) AUX2 8 38 AUX5 (S/S) 9 37 AUX6 (E/D) (CP) AUX3 10 36 AUX7 (K/D) AFLG 11 35 NC ASTB 12 34 SFLG PAR 13 33 SCS C/K 14 32 SDS SCS PAR 12 29 SDS C/K 13 28 · VDD 39 SP4 6 40 VSS SP2 · 3 NC 2 SP1 SP0 1 SP0 SP1 VSS Figure 3-5 : CA95C68 CA95C68 44-Pin PLCC SP3 Figure 3-2 : CA95C68 CA95C68 40-Pin PDIP VSS MP0 MP6 MP7 MP3 18 19 20 21 22 23 24 25 26 27 28 MP2 MFLG 27 CLK 39 MP1 CLK ASTB 3 SP2 CA95C68 CA95C68