This technical summary provides overview MPC185 Security Processor, in
|
|
|
Top Searches for this datasheet
MPC185TS/D Rev. 2.1, 2/2003 MPC185 Security Processor Technical Summary
This technical summary provides overview MPC185 Security Processor, including brief development history, target applications, features, typical system architecture, device architectural overview, performance summary.
Development History
MPC185 belongs Smart Networks platform's family security processors developed commercial networking market. This product family derived from security technologies Motorola developed over last years, primarily government applications. fifth-generation execution units (EU) have been proven Motorola semi-custom MPC180 MPC190, products Motorola's security processor line.
Typical Applications
MPC185 suited applications such following: Edge routers Broadband access equipment eCommerce servers Wireless base stations gateways
Features
MPC185 flexible powerful addition networking computing system using Motorola PowerQUICC line integrated communications processors, system supporting protocol. MPC185 designed offload computationally intensive security functions, such generation exchange, authentication, bulk encryption from host processor with PowerPC architecture. MPC185 optimized process algorithms associated with IPSec, IKE, WTLS/WAP, SSL/TLS 3GPP. addition, Motorola family security co-processors
More Information This Product, www.freescale.com
only devices market capable executing elliptic curve cryptography which especially important secure wireless communications.
MPC185 features include following:
Public Execution Units (PKEUs) that support following: Diffie-Hellman Programmable field size 2048-bits Elliptic curve cryptography F(p) modes Programmable field size 511-bits Data Encryption Standard Execution Units (DEUs) DES, 3DES (K1, Three (K1, modes both 3DES Advanced Encryption Standard Units (AESUs) Implements Rinjdael symmetric cipher ECB, CBC, counter modes 128, 192, lengths Four Execution Unit (AFEUs) Implements stream cipher compatible with algorithm 128-bit programmable Message Digest Execution Units (MDEUs) with 160-bit 256-bit message digest with 128-bit message digest HMAC with either algorithm Kasumi Execution Unit 3GPP systems (KEUs) Implements algorithm encryption algorithm authentication Random number generator (RNGs) compliant external interface, with master/slave logic 32-bit address/64 -bit data operation Crypto-channels, each supporting multi-command descriptor chains Static and/or dynamic assignment crypto-execution units integrated controller Buffer size bytes each execution unit, with flow control large data sizes 32KB internal scratchpad memory key, context storage 1.5V supply, 3.3V 2.5V BGA, 17mm package body size 1.5W power dissipation
Typical System Architecture
MPC185 designed integrate easily into system using protocol. ideal system using Motorola PowerQUICC communications processor shown Figure 4-1)
MPC185 Security Processor Technical Summary More Information This Product, www.freescale.com MOTOROLA
PowerPC-architectured processor memory controller. ability MPC185 master allows co-processor offload data movement bottleneck normally associated with slave devices. host processor accesses MPC185 through device drivers using system memory data storage. MPC185 resides memory processor, therefore when application requires cryptographic functions, simply creates descriptors MPC185 which define cryptographic function performed location data. MPC185's 60x-mastering capability permits host processor crypto-channel with short register writes, leaving MPC185 perform reads writes system memory complete required task.
EEPROM MPC185
MPC82xx
Local
Main Memory Network Interface
Figure 4-1. MPC185 Connected PowerQuicc 60xBus
Figure shows configuration with MPC185 communicating with host processor bridge, such MPC107.
MPC7xx, MPC74xx
MPC185
MPC107 Bridge Local
Main Memory
Network Interface Card
Application
Network Interface Card
Figure 4-2. MPC185 Connected host Bridge
MOTOROLA
MPC185 Security Processor Technical Summary More Information This Product, www.freescale.com
Architectural Overview
block diagram MPC185 internal architecture shown Figure 5-3. interface (60x/IF) module designed transfer 64-bit words between register inside MPC185. operation begins with write pointer crypto-channel fetch register which points data packet descriptor. channel requests descriptor decodes operation performed. channel then requests controller assign crypto execution units fetch keys, IV's data needed perform given operation. controller satisfies requests assigning execution units channel making requests master interface programmable priority scheme. data processed, written individual execution units output buffer then back system memory 60x/IF module.
32KB gpRAM
Master/Slave Interface
cryptochannel cryptochannel cryptochannel cryptochannel Control PKEU
FIFO FIFO
FIFO AESU FIFO
FIFO MDEU
FIFO AFEU FIFO
FIFO FIFO FIFO
Figure 5-3. MPC185 Functional Blocks
Data Packet Descriptors
crypto accelerator, MPC185 controller been designed easy integration with existing systems software. cryptographic functions accessible through data packet descriptors, some which have been defined multifunction facilitate IPSec applications. data packet descriptor diagrammed Table 6-1.
Table 6-1. Example Data Packet Descriptor
Field Name DPD_DES_CTX_CRYPT LEN_CTXIN PTR_CTXIN LEN_KEY PTR_KEY LEN_DATAIN PTR_DATAIN Value/Type Length Pointer Length Pointer Length Pointer Description Representative header using Context Encrypt Number bytes written Pointer Context (IV) written into engine Number bytes Pointer block cipher Number bytes data ciphered Pointer data perform cipher upon
MPC185 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
Table 6-1. Example Data Packet Descriptor
Field Name LEN_DATAOUT PTR_DATAOUT LEN_CTXOUT PTR_CTXOUT length pointer length pointer PTR_NEXT Value/Type Length Pointer Length Pointer Length Pointer Length Pointer Pointer Description Number bytes data after ciphering Pointer location where cipher output written Length output Context (IV) Pointer location where altered Context written Zeroes fixed length descriptor filter Zeroes fixed length descriptor filter Zeroes fixed length descriptor filter Zeroes fixed length descriptor filter Pointer next data packet descriptor
Each data packet descriptor contains following: Header-The header describes required services encodes information that indicates which which modes set. Seven data length/data pointer pairs-The data length indicates number contiguous bytes data transferred. data pointer indicates starting address data, key, context system memory. Next descriptor pointer
data packet descriptor ends with pointer next data packet descriptor. Upon completion current descriptor, this field checked and, non-zero, channel instructed request burst read next descriptor. Processing next descriptor (and whether done signal generated) determined programming crypto-channel's configuration register. modes operation supported: Signal done descriptor Signal done descriptor chain
crypto-channel signal done interrupt write-back descriptor header after processing data packet descriptor. value written back identical that header, with exception that DONE field set. Occasionally, descriptor field applicable requested service. example, using mode, contents field affect result computation. Therefore, when processing data packet descriptors, crypto-channel skips pointer that associated length zero.
Interface
interface manages communication between MPC185 internal execution units bus. interface uses master/slave protocols. on-chip resources memory mapped, target accesses initiator writes from MPC185 must addressed word boundaries. MPC185 will perform initiator reads byte boundaries will adjust data place word boundaries appropriate. Access system memory critical factor co-processor performance, native interface MPC185 allows achieve performance unattainable secondary busses.
MOTOROLA
MPC185 Security Processor Technical Summary More Information This Product, www.freescale.com
MPC185 Controller
MPC185 controller manages on-chip resources, including individual execution units (EUs), FIFOs, Interface, internal buses that connect various modules. controller receives service requests from interface various crypto-channels, schedules required activities. controller configure each on-chip resources three modes: Host-controlled mode-The host directly responsible data movement into resource. Static mode-The user reserve specific execution unit specific crypto-channel. Dynamic mode-A crypto channel request particular service from available execution unit.
Host-Managed Register Access
used entirely through register read/write access. strongly recommended that read/write access only performed that statically assigned idle crypto-channel. Such assignment only method host inform controller that particular use.
Static Access
controller configured reserve more particular crypto-channel. Doing permits locking particular context. When this mode, crypto-channel used multiple descriptors representing same context without unloading reloading context each descriptor. This mode presents considerable performance improvement over dynamic access, only when MPC185 supporting one) contexts. Static access also used reserve particular Public Execution Unit (PKEU) type computation. example, PKEU could reserved private operations using prime other could reserved computations using prime Again, this presents performance improvement because fixed parameters remain within reserved PKEUs. This reduces overhead loading unloading contexts therefore improves performance. However, this only performance improvement lack dynamically available PKEUs does become bottleneck agreement protocols.
Dynamic Access
Processing begins when data packet descriptor pointer written Next Descriptor Pointer Register crypto-channels. Prior fetching data referred descriptor based services requested descriptor header descriptor buffer, controller dynamically reserves usage crypto-channel. appropriate already dynamically reserved other crypto-channels, crypto-channel stalls waits fetch data until appropriate available. multiple crypto-channels simultaneously request same assigned weighted priority round-robin basis. Once required been reserved, crypto-channel fetches loads appropriate data packets, operates unloads data system memory, releases another crypto-channel. crypto-channel attempts reserve statically-assigned (and appropriate available dynamic assignment), interrupt generated status indicates illegal access. When dynamic assignment used, each encryption/decryption packet must contain context that particular context being supported.
MPC185 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
Crypto-Channels
MPC185 includes four crypto-channels that manage data function. Each crypto-channel consists following: Control registers containing information about transaction process status register containing indication last unfulfilled request pointer register indicating location descriptor fetch Buffer memory used store active data packet descriptor
Crypto-channels analyze data packet descriptor header requests first required cryptographic service from controller. controller implements programmable prioritization scheme that allows user dictate order which four crypto-channels serviced. After controller grants access required crypto-channel controller perform following steps:
appropriate mode bits available required service. Fetch context other parameters indicated data packet descriptor buffer these program Fetch data indicated place either input FIFO itself appropriate). Wait complete processing. Upon completion, unload results context write them external memory indicated data packet descriptor buffer. multiple services requested, back step Reset appropriate dynamically assigned. Note that statically assigned, reset only upon direct command written MPC185. Perform descriptor completion notification appropriate. This notification comes forms-interrupt header writeback modification-and occur every descriptor, descriptor chain, specially designated descriptors within chain.
Execution Units (EUs)
`Execution unit' generic term functional block that performs mathematical permutations required protocols used cryptographic processing. compatible with IPsec, WAP/WTLS, IKE, SSL/TLS 3GPP processing, work together perform high level cryptographic tasks. MPC185 execution units follows: PKEU computing asymmetric operations, including Modular Exponentiation (and other Modular Arithmetic functions) Point Arithmetic performing block cipher, symmetric cryptography using 3DES AFEU performing RC-4 compatible stream cipher symmetric cryptography AESU performing Advanced Encryption Standard algorithm performing encryption authentication MDEU performing security hashing using MD-3, SHA-1, SHA-256 random number generation
Public Execution Unit (PKEU)
PKEU capable performing many advanced mathematical functions support both public cryptographic algorithms. supported both F(2)m (polynomial-basis) F(p) modes. This supports levels functions assist host microprocessor perform desired
MOTOROLA MPC185 Security Processor Technical Summary More Information This Product, www.freescale.com
cryptographic function. example, highest level, accelerator performs modular exponentiations support performs point multiplies support ECC. lower levels, PKEU perform simple operations such modular multiplies.
7.1.1 Elliptic Curve Operations
PKEU data control units, including general-purpose register file programmable-size arithmetic unit. field modulus size programmed value between bits bits programmable increments with each programmable value supporting actual field sizes from i*8. result hardware supporting wide range cryptographic security. Larger field modulus sizes result greater security lower performance; processing time determined field modulus size. example, field size roughly equivalent security provided 1024 RSA. field size roughly equates 2048 bits security.
PKEU contains routines implementing atomic functions elliptic curve processing-point arithmetic finite field arithmetic. point operations (multiplication, addition doubling) involve more finite field operations which addition, multiplication, inverse, squaring. Point double each four finite field operations. Similarly, point multiplication uses point operations well finite field operations. these functions supported both modular arithmetic well polynomial basis finite fields.
7.1.2 Modular Exponentiation Operations
PKEU also capable performing ordinary integer modulo arithmetic. This arithmetic integral part public algorithm; however, also play role generation digital signatures Diffie-Hellman exchanges. Modular arithmetic functions supported MPC185's PKEU include following: Where following variable definitions: modulus vector, input vectors, exponent vector, where length vector rounded nearest multiple PKEU perform modular arithmetic operands 2048 bits length. modulus must larger than equal bits. PKEU uses Montgomery modular multiplication algorithm perform core functions. addition subtraction functions exist help support known methods Chinese Remainder Theorem (CRT) efficient exponentiation.
Data Encryption Standard Execution Unit (DEU)
Execution Unit (DEU) performs bulk data encryption/decryption, compliance with Data Encryption Standard algorithm (ANSI x3.92). also compute 3DES extension
MPC185 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
algorithm which each 64-bit input block processed three times. MPC185 supports (K1=K3) 3DES. operates permuting 64-bit data blocks with shared 56-bit initialization vector (IV). MPC185 supports modes operation: Electronic Code Book (ECB) Cipher Clock Chaining (CBC).
Four Execution Unit (AFEU)
AFEU accelerates bulk encryption algorithm compatible with stream cipher from Security, Inc. algorithm byte-oriented, meaning byte plain text encrypted with produce byte ciphertext. variable length AFEU supports lengths from bits byte increments), providing wide range security strengths. symmetric algorithm, meaning each communicating parties share same key.
Advanced Encryption Standard Execution Unit (AESU)
AESU used accelerate bulk data encryption/decryption compliance with Advanced Encryption Standard algorithm Rinjdael. AESU executes blocks with choice sizes: 128, 192, bits. AESA symmetric algorithm, sender receiver same both encryption decryption. session IV(CBC mode) supplied AESU module prior encryption. processor supplies data module that processed input. AESU operates ECB, CBC, counter modes.
Kasumi Execution Unit (KEU)
used accelerate algorithms defined 3GPP architecture, confidentiality algorithm (f8) integrity algorithm (f9). Each these algorithms based Kasumi algorithm. Kasumi block cipher that produces 64-bit output from 64-bit input under control 128-bit key. confidentiality algorithm stream cipher that used encrypt/decrypt blocks data under confidentiality key. block data between 5114 bits long. algorithm uses Kasumi form output-feedback mode keystream generator. integrity algorithm computes 32-bit message authentication code (MAC) given input message using integrity key. approach adopted uses Kasumi form CBC-MAC mode.
Message Digest Execution Unit (MDEU)
MDEU computes single message digest hash integrity check) value data presented input bus, using either MD5, SHA-1 SHA-256 algorithms bulk data hashing. With hash algorithm, larger message mapped onto smaller output space, therefore collisions potential, albeit probable. 160-bit hash value sufficiently large space such that collisions extremely rare. security hash function based difficulty locating collisions. That computation infeasible construct distinct similar messages that produce same hash output. generates 128-bit hash, algorithm specified 1321. SHA-1 160-bit hash function, specified ANSI X9.30-2 FIPS 180-1 standards. SHA-256 256-bit hash function that provides bits security against collision attacks. MDEU also supports HMAC computations, specified 2104.
MPC185 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
Random Number Generator (RNG)
digital integrated circuit capable generating 32-bit random numbers. designed comply with FIPS 140-1 standards randomness non-determinism. Because many cryptographic algorithms random numbers source generating secret value nonce), desirable have private MPC185. anonymity each random number must maintained, well unpredictability next random number. FIPS-140 `common criteria' compliant private allows system develop random challenges random secret keys. secret thus remain hidden from even high-level application code, providing added measure physical security.
32KB General Purpose (gpRAM)
MPC185 contains 32KB internal general purpose that used store keys, data. internal scratchpad allows user store frequently used context chip which increases system performance minimizing setup time. This feature especially important when dealing with small packets systems where bandwidth limited.
Performance Estimates
Bulk encryption/authentication performance estimates shown Table include data/key/context reads (from memory MPC185), security processing (internal MPC185), writes completed data/context memory MPC185, using typical system overhead.
Table 8-1. Estimated Bulk Data Encryption Performance (Mbps)
byte byte byte byte 1024 byte 1536 byte 1051 1164 3DES ARC4 SHA-1 Kasumi 3DES/ HMACSHA-1(Rx)
MPC185 supports single pass processing encryption/message authentication. performance measurements assume standard memory latency, unconstrained 83Mhz, 64-bit utilizing protocol.
Revision History
Table summarizes revision history this document.
MPC185 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
Table 9-1. Revision History
Revision 0-0.1 Initial release. Added Counter Mode. Added revision history. Revised performance estimates ARC4 Kasumi. Updated with template Substantive Change(s)
More Information This Product, www.freescale.com
REACH USA/EUROPE/LOCATIONS LISTED: Motorola Literature Distribution P.O. 5405, Denver, Colorado 80217 1-303-675-2140 (800) 441-2447 JAPAN: Motorola Japan Ltd. SPS, Technical Information Center 3-20-1, Minami-Azabu Minato-ku Tokyo 106-8573 Japan 81-3-3440-3569
Information this document provided solely enable system software implementers Motorola products. There express implied copyright licenses granted hereunder design fabricate integrated circuits integrated circuits based information this document. Motorola reserves right make changes without further notice products herein. Motorola makes warranty, representation guarantee regarding suitability products particular purpose, does Motorola assume liability arising application product circuit, specifically disclaims liability, including without
ASIA/PACIFIC: Motorola Semiconductors H.K. Ltd. Silicon Harbour Centre, King Street Industrial Estate, N.T., Hong Kong 852-26668334 TECHNICAL INFORMATION CENTER: (800) 521-6274 HOME PAGE: www.motorola.com/semiconductors
limitation consequential incidental damages. "Typical" parameters which provided Motorola data sheets and/or specifications vary different applications actual performance vary over time. operating parameters, including "Typicals" must validated each customer application customer's technical experts. Motorola does convey license under patent rights rights others. Motorola products designed, intended, authorized components systems intended surgical implant into body, other applications intended support sustain life, other application which failure Motorola product could create situation where personal injury death occur. Should Buyer purchase Motorola products such unintended unauthorized application, Buyer shall indemnify hold Motorola officers, employees, subsidiaries, affiliates, distributors harmless against claims, costs, damages, expenses, reasonable attorney fees arising directly indirectly, claim personal injury death associated with such unintended unauthorized use, even such claim alleges that Motorola negligent regarding design manufacture part.
Motorola Stylized Logo registered U.S. Patent Trademark Office. digital trademark Motorola, Inc. other product service names property their respective owners. Motorola, Inc. Equal Opportunity/Affirmative Action Employer. Motorola, Inc. 2003
MPC185TS/D
More Information This Product, www.freescale.com
Other recent searches
RH1185MK - RH1185MK RH1185MK Datasheet
LL4148 - LL4148 LL4148 Datasheet
LL4448 - LL4448 LL4448 Datasheet
IRG4RC10KD - IRG4RC10KD IRG4RC10KD Datasheet
BR3500 - BR3500 BR3500 Datasheet
BR3510 - BR3510 BR3510 Datasheet
ASP045 - ASP045 ASP045 Datasheet
Privacy Policy | Disclaimer
© 2012 Datasheet Archive
