This technical summary provides overview MPC184 security processor, in
|
|
|
Top Searches for this datasheet
MPC184TS/D Rev. 1.1, 2/2003 MPC184 Security Processor Technical Summary
This technical summary provides overview MPC184 security processor, including brief development history, target applications, features, typical system architecture, device architectural overview, performance summary.
Development History
MPC184 belongs Smart Networks platform's family security processors developed commercial networking market. This product family derived from security technologies Motorola developed over last years, primarily government applications. fifth-generation execution units (EU) have been proven Motorola semi-custom other members family, including MPC180, MPC190, MPC185.
Typical Applications
MPC184 suited applications such following: SOHO routers Customer Premise Equipment Wireless Access Points eCommerce servers Dedicated Encryption Modules
Features
MPC184 flexible powerful addition networking computing system using Motorola PowerQUICCline integrated communications processors, system supporting 32-bit PCI. MPC184 designed load computationally intensive security functions, such generation exchange, authentication, bulk encryption from host processor. MPC184 optimized process algorithms associated with IPSec, IKE, WTLS/WAP, SSL/TLS, DOCSIS BPI+, 802.16, 802.11(WEP). addition, Motorola family security co-processors only devices market capable executing
More Information This Product, www.freescale.com
Elliptic Curve Cryptography which especially important secure wireless communications. MPC184 features include following: Public execution units (PKEU) that supports following: Diffie-Hellman Programmable field size 2048-bits Elliptic curve cryptography F(p) modes Programmable field size 511-bits Data Encryption Standard execution units (DEU) DES, 3DES (K1, Three (K1, modes both 3DES Advanced Encryption Standard unit (AESU) Implements Rinjdael symmetric cipher lengths 128, 192, bits.Two ECB, CBC, Counter modes Four execution unit (AFEU) Implements stream cipher compatible with algorithm 128-bit programmable Message digest execution units (MDEU) with 160-bit 256-bit message digest with 128-bit message digest HMAC with either algorithm Random number generator (RNG) compliant external interface, with master/slave logic. 32-bit address/32 -bit data 66MHz operation Optional compliant external interface with master/slave logic. 32-bit address/data 66MHz operation Crypto-channels, each supporting multi-command descriptor chains Static and/or dynamic assignment crypto-execution units integrated controller Buffer size Bytes each execution unit, with flow control large data sizes internal scratchpad memory key, context storage 1.5V supply, 3.3V 252MAP BGA, 21mm package body size 1.0W power dissipation
Typical System Architecture
MPC184 designed integrate easily into system using protocol.
MPC184 ideal system using Motorola PowerQUICC communications processor shown
MPC184 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
Figure 4-1) system using PCI. ability MPC184 master allows co-processor offload data movement bottleneck normally associated with slave devices. external processor accesses MPC184 through device drivers using system memory data storage. MPC184 resides memory processor, therefore when application requires cryptographic functions, simply creates descriptors MPC184 which define cryptographic function performed location data. MPC184's mastering capability permits host processor crypto-channel with short register writes, leaving MPC184 perform reads writes system memory complete required task.
MPC184
EEPROM
MPC860
Main Memory Network Interface
Figure 4-1. MPC184 Connected PowerQuicc
Figure shows configuration with MPC184 communicating with MPC824x host processor integrated bus.
Main Memory Memory
MPC8245 Local
MPC184
Network Interface Card
Network Interface Card
Figure 4-2. MPC184 Connected host
MOTOROLA
MPC184 Security Processor Technical Summary More Information This Product, www.freescale.com
Architectural Overview
block diagram MPC184 internal architecture shown Figure 5-3. mode selectable 8xx/PCI interface module designed transfer 32-bit words between external register inside MPC184. operation begins with write pointer crypto-channel fetch register which points data packet descriptor. channel then requests descriptor decodes operation performed. channel then makes requests controller assign crypto execution units fetch keys, IV's data needed perform given operation. controller satisfies requests assigning execution units channel making requests master interface programmable priority scheme. data processed, written individual execution units output buffer then back system memory interface module.
gpRAM
cryptochannel Master/slave interface cryptochannel cryptochannel cryptochannel Control PKEU
FIFO FIFO
FIFO MDEU FIFO
FIFO AESU FIFO
FIFO AFEU-4 FIFO FIFO
Figure 5-3. MPC184 Functional Blocks
Data Packet Descriptors
IPSec accelerator, MPC184's controller been designed easy integration with existing systems software. cryptographic functions accessible through data packet descriptors, some which have been defined multifunction facilitate IPSec applications. data packet descriptor diagrammed Table 6-1.
Table 6-1. Example Data Packet Descriptor
Field Name DPD_DES_CTX_CRYPT LEN_CTXIN PTR_CTXIN LEN_KEY PTR_KEY LEN_DATAIN PTR_DATAIN LEN_DATAOUT PTR_DATAOUT Value/Type length pointer length pointer length pointer length pointer Description Representative header using Context Encrypt Number bytes written Pointer Context (IV) written into engine Number bytes Pointer block cipher Number bytes data ciphered Pointer data perform cipher upon Number bytes data after ciphering Pointer location where cipher output written
MPC184 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
Table 6-1. Example Data Packet Descriptor
Field Name LEN_CTXOUT PTR_CTXOUT length pointer length pointer PTR_NEXT Value/Type length pointer length pointer length pointer pointer Description Length output Context (IV) Pointer location where altered Context written Zeroes fixed length descriptor filter Zeroes fixed length descriptor filter Zeroes fixed length descriptor filter Zeroes fixed length descriptor filter Pointer next data packet descriptor
Each data packet descriptor contains following: Header-The header describes required services encodes information that indicates which which modes set. Seven data length/data pointer pairs-The data length indicates number contiguous bytes data transferred. data pointer indicates starting address data, key, context system memory. Next descriptor pointer data packet descriptor ends with pointer next data packet descriptor. Therefore, once descriptor processed value this pointer non-zero, used request burst read next descriptor. Processing next descriptor (and whether done signal generated) determined programming crypto-channel's configuration register. modes operation supported: Signal done descriptor Signal done descriptor chain crypto-channel signal done interrupt write-back descriptor header after processing data packet descriptor. value written back identical that header, with exception that DONE field set. Occasionally, descriptor field applicable requested service. example, using mode, contents field affect result computation. Therefore, when processing data packet descriptors, crypto-channel skips pointer that associated length zero.
External Interface
External Interface (EBI) manages communication between MPC184's internal execution units external bus. interface mode selectable between protocols, used PowerQuicc family integrated communications processors, protocol. MPC184 unique ability master bus. on-chip resources memory mapped, target accesses initiator writes from MPC184 must addressed word boundaries. MPC184 will perform initiator reads byte boundaries will adjust data place word boundaries appropriate. mastering interface allows MPC184 off-load both crypto processing data movement from PowerQuicc processor, freeing other networking system functions, allowing chipset achieve best class performance levels
MOTOROLA
MPC184 Security Processor Technical Summary More Information This Product, www.freescale.com
MPC184 Controller
MPC184 controller manages on-chip resources, including individual execution units (EUs), FIFOs, EBI, internal buses that connect various modules. controller receives service requests from various crypto-channels, schedules required activities. controller configure each on-chip resources three modes: Host-controlled mode-The host directly responsible data movement into resource. Static mode-The user reserve specific execution unit specific crypto-channel. Dynamic mode-A crypto channel request particular service from available execution unit.
Host-Managed Register Access
used entirely through register read/write access. strongly recommended that read/write access only performed that statically assigned idle crypto-channel. Such assignment only method host inform controller that particular use.
Static Access
Controller configured reserve more particular crypto-channel. Doing permits locking particular context. When this mode, crypto-channel used multiple descriptors representing same context without unloading reloading context each descriptor. This mode presents considerable performance improvement over dynamic access, only when MPC184 supporting single context single session being streamed.)
Dynamic Access
Processing begins when data packet descriptor pointer written next descriptor pointer register crypto-channels. Prior fetching data referred descriptor based services requested descriptor header descriptor buffer, controller dynamically reserves usage crypto-channel. appropriate already dynamically reserved other crypto-channels, crypto-channel stalls waits fetch data until appropriate available. multiple crypto-channels simultaneously request same assigned round-robin basis. Once required been reserved, crypto-channel fetches loads appropriate data packets, operates unloads data system memory, releases another crypto-channel. crypto-channel attempts reserve statically-assigned (and appropriate available dynamic assignment), interrupt generated status indicates illegal access. When dynamic assignment used, each encryption/decryption packet must contain context that particular context being supported.
Crypto-Channels
MPC184 includes four crypto-channels that manage data function. Each crypto-channel consists following: Control registers containing information about transaction process status register containing indication last unfulfilled request pointer register indicating location descriptor fetch Buffer memory used store active data packet descriptor
MPC184 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
Crypto-channels analyze data packet descriptor header request from controller first required cryptographic service. controller implements programmable prioritization scheme that allows user dictate order which four crypto-channels serviced. After controller grants access required crypto-channel controller perform following steps: appropriate Mode bits available required service. Fetch context other parameters indicated data packet descriptor buffer these program Fetch data indicated place either EU's input FIFO itself appropriate). Wait complete processing. Upon completion, unload results context write them external memory indicated data packet descriptor buffer. multiple services requested, back step Reset appropriate dynamically assigned. Note that statically assigned, reset only upon direct command written MPC184. Perform descriptor completion notification appropriate. This notification comes forms-interrupt header writeback modification-and occur either every descriptor descriptor chain.
Execution Units (EUs)
"Execution unit" generic term functional block that performs mathematical permutations required protocols used cryptographic processing. compatible with IPsec, WAP/WTLS, IKE, SSL/TLS 802.11i processing, work together perform high level cryptographic tasks.The MPC184's execution units follows: PKEU computing asymmetric mathematics, including Modular Exponentiation (and other Modular Arithmetic functions) Point Arithmetic performing block symmetric cryptography using 3DES AFEU performing RC-4 compatible stream symmetric cryptography AESU performing Advanced Encryption Standard algorithm MDEU hashing data random number generation
Public Execution Unit (PKEU)
PKEU capable performing many advanced mathematical functions support both public cryptographic algorithms. supported both F(2)m (polynomial-basis) F(p) modes. This supports levels functions assist host microprocessor perform desired cryptographic function. example, highest level, accelerator performs modular exponentiations support performs point multiplies support ECC. lower levels, PKEU perform simple operations such modular multiplies.
7.1.1 Elliptic Curve Operations
PKEU data control units, including general-purpose register file programmable-size arithmetic unit. field modulus size programmed value between bits bits programmable increments with each programmable value supporting actual field sizes from i*8. result hardware supporting wide range cryptographic security. Larger field modulus sizes result greater security lower performance; processing time determined
MOTOROLA
MPC184 Security Processor Technical Summary More Information This Product, www.freescale.com
field modulus size. example, field size roughly equivalent security provided 1024 RSA. field size roughly equates 2048 bits security. PKEU contains routines implementing atomic functions elliptic curve processing-point arithmetic finite field arithmetic. point operations (multiplication, addition doubling) involve more finite field operations which addition, multiplication, inverse, squaring. Point double each four finite field operations. Similarly, point multiplication uses point operations well finite field operations. these functions supported both modular arithmetic well polynomial basis finite fields.
7.1.2 Modular Exponentiation Operations
PKEU also capable performing ordinary integer modulo arithmetic. This arithmetic integral part public algorithm; however, also play role generation digital signatures Diffie-Hellman exchanges.
Modular arithmetic functions supported MPC184's PKEU include following: (A+B) (A-B) Where following variable definitions: modulus vector, input vectors, exponent vector, where length vector rounded nearest multiple PKEU perform modular arithmetic operands 2048 bits length. modulus must larger than equal bits. PKEU uses Montgomery modular multiplication algorithm perform core functions. addition subtraction functions exist help support known methods Chinese Remainder Theorem (CRT) efficient exponentiation.
Data Encryption Standard Execution Unit (DEU)
execution unit (DEU) performs bulk data encryption/decryption, compliance with Data Encryption Standard algorithm (ANSI x3.92). also compute 3DES extension algorithm which each 64-bit input block processed three times. MPC184 supports (K1=K3) 3DES. operates permuting 64-bit data blocks with shared 56-bit initialization vector (IV). MPC184 supports modes operation: (Electronic Code Book) (Cipher Block Chaining).
Four Execution Unit (AFEU)
AFEU accelerates bulk encryption algorithm compatible with stream cipher from Security, Inc. algorithm byte-oriented, meaning byte plain text encrypted with produce byte ciphertext. variable length AFEU supports lengths from bits byte increments), providing wide range security strengths. symmetric algorithm, meaning each communicating parties share same key.
MPC184 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
Advanced Encryption Standard Execution Unit (AESU)
AESU used accelerate bulk data encryption/decryption compliance with Advanced Encryption Standard algorith Rinjdael. AESU executes blocks with choice sizes: 128, 192, bits. AESA symmetric algorithm, sender receiver same both encryption decryption. session IV(CBC mode) supplied AESU module prior encryption. processor supplies data module that processed input. AESU operates ECB, CBC, counter modes.
Message Digest Execution Unit (MDEU) Module
MDEU computes single message digest hash integrity check) value data presented input bus, using either MD5, SHA-1 SHA-256 algorithms bulk data hashing. With hash algorithm, larger message mapped onto smaller output space, therefore collisions potential, albeit probable. 160-bit hash value sufficiently large space such that collisions extremely rare. security hash function based difficulty locating collisions. That computationally infeasible construct distinct similar messages that produce same hash output. SHA-1 hash function, specified ANSI X9.30-2 FIPS 180-1 standards. generates hash, algorithm specified 1321. MDEU also supports HMAC computations, specified 2104. SHA-256 256-bit hash function that provides bits security against collision attacks.
Random Number Generator (RNG)
digital integrated circuit capable generating 32-bit random numbers. designed comply with FIPS 140-1 standards randomness non-determinism. Because many cryptographic algorithms random numbers source generating secret value nonce), desirable have private MPC184. anonymity each random number must maintained, well unpredictability next random number. FIPS-140 compliant private allows system develop random challenges random secret keys. secret thus remain hidden from even high-level application code, providing added measure physical security.
General Purpose (gpRAM)
MPC184 contains internal general purpose that used store keys, IV's data. internal scratchpad allows user store frequently used context chip which increases system performance minimizing setup time. This feature especially important when dealing with small packets systems where bandwidth limited.
Performance Estimates
Bulk encryption/authentication performance estimates shown Table 8-1. include data/key/context reads (from memory MPC184), security processing (internal MPC184), writes completed data/context memory MPC184, using typical overhead.
MOTOROLA
MPC184 Security Processor Technical Summary More Information This Product, www.freescale.com
Table 8-1. Estimated Bulk Data Encryption Performance (Mbps)
byte byte byte byte 1024 byte 1536 byte 3DES ARC4 SHA-1 3DES/ HMACSHA-1(Rx)
MPC184 supports single pass processing encryption/message authentication. performance measurements assume descriptor generation availability (66Mhz, 32bit with typical SDRAM read/write latency) constraints.
Document Revision History
Table summarizes revision history this document.
Table 9-1. Revision History
Revision 0-0.1 Initial release. Added Counter mode. Added revision history. Updated with template Substantive Change(s)
MPC184 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
THIS PAGE INTENTIONALLY LEFT BLANK
MOTOROLA
MPC184 Security Processor Technical Summary More Information This Product, www.freescale.com
REACH USA/EUROPE/LOCATIONS LISTED: Motorola Literature Distribution P.O. 5405, Denver, Colorado 80217 1-303-675-2140 (800) 441-2447 JAPAN: Motorola Japan Ltd. SPS, Technical Information Center 3-20-1, Minami-Azabu Minato-ku Tokyo 106-8573 Japan 81-3-3440-3569
Information this document provided solely enable system software implementers Motorola products. There express implied copyright licenses granted hereunder design fabricate integrated circuits integrated circuits based information this document. Motorola reserves right make changes without further notice products herein. Motorola makes warranty, representation guarantee regarding suitability products particular purpose, does Motorola assume liability arising application product circuit, specifically disclaims liability, including without
ASIA/PACIFIC: Motorola Semiconductors H.K. Ltd. Silicon Harbour Centre, King Street Industrial Estate, N.T., Hong Kong 852-26668334 TECHNICAL INFORMATION CENTER: (800) 521-6274 HOME PAGE: www.motorola.com/semiconductors
limitation consequential incidental damages. "Typical" parameters which provided Motorola data sheets and/or specifications vary different applications actual performance vary over time. operating parameters, including "Typicals" must validated each customer application customer's technical experts. Motorola does convey license under patent rights rights others. Motorola products designed, intended, authorized components systems intended surgical implant into body, other applications intended support sustain life, other application which failure Motorola product could create situation where personal injury death occur. Should Buyer purchase Motorola products such unintended unauthorized application, Buyer shall indemnify hold Motorola officers, employees, subsidiaries, affiliates, distributors harmless against claims, costs, damages, expenses, reasonable attorney fees arising directly indirectly, claim personal injury death associated with such unintended unauthorized use, even such claim alleges that Motorola negligent regarding design manufacture part.
Motorola Stylized Logo registered U.S. Patent Trademark Office. digital trademark Motorola, Inc. other product service names property their respective owners. Motorola, Inc. Equal Opportunity/Affirmative Action Employer. Motorola, Inc. 2003
MPC184TS/D
More Information This Product, www.freescale.com
Other recent searches
NJT1969 - NJT1969 NJT1969 Datasheet
GBPC12005W - GBPC12005W GBPC12005W Datasheet
GBPC1208W - GBPC1208W GBPC1208W Datasheet
DAC7617 - DAC7617 DAC7617 Datasheet
B048F240T30 - B048F240T30 B048F240T30 Datasheet
B048F240M30 - B048F240M30 B048F240M30 Datasheet
AN3962 - AN3962 AN3962 Datasheet
AME9172 - AME9172 AME9172 Datasheet
ADS1230 - ADS1230 ADS1230 Datasheet
2SC5376 - 2SC5376 2SC5376 Datasheet
Privacy Policy | Disclaimer
© 2012 Datasheet Archive
