This document provides overview MPC190 security processor, including b
|
|
|
Top Searches for this datasheet
MPC190TS/D Rev. 0.2, 2/2003 MPC190 Security Processor Technical Summary
This document provides overview MPC190 security processor, including brief development history, target applications, features, typical system architecture, device architectural overview, performance summary.
Development History
MPC190 belongs Smart Networks platform's family security processors developed commercial networking market. This product family derived from security technologies Motorola developed over last years, primarily government applications. fourth-generation execution units (EU) have been proven Motorola semi-custom MPC180, first product Motorola's security processor line.
Typical Applications
MPC190 suited applications such following: Edge routers DSLAMS Broadband access equipment eCommerce severs Wireless base stations Gateways
Features
MPC190 flexible powerful addition networking computing system supporting PCI. MPC190 designed off-load computationally intensive security functions-such generation exchange, authentication, bulk encryption-from PowerQuicc IIcommunications processors with integrated (the MPC8265A MPC8266A) from processor through bridge chip. MPC190 optimized process algorithms associated with IPSec, IKE, WTLS/WAP SSL/TLS. addition, MPC190 only security processor market (other than MPC180) capable executing elliptic curve cryptography that especially important secure wireless communications.
More Information This Product, www.freescale.com
MPC190 features include following: Public execution units (PKEUs) that support following: Diffie-Hellman Programmable field size 2048-bits RSA-1024-64 exchange 2.0ms handshakes/second Elliptic curve operations either F(2) F(p) Programmable field size from 511-bits exchange (155 key) 5.7ms 1000 handshakes/second Data encryption standard execution units (DEUs) 3DES (K1, Three (K1, modes both 3DES Message digest execution units (MDEUs) SHA-1 with 160-bit message digest with 128-bit message digest HMAC with either algorithm four execution unit (AFEU) Implements stream cipher compatible with algorithm 128-bit programmable Random number generator (RNG) compliant external interface, with master/slave logic. 32-bit address/64 -bit data, 66MHz 32-bit address/32 -bit data mode Crypto-channels, each supporting multi-command descriptor chains Static and/or dynamic assignment crypto-execution units integrated controller Buffer size 2KBytes each crypto-channel 1.8v supply, 3.3v BGA, 2.0W power dissipation HiPerMOS4 0.25µm process
Typical System Architecture
MPC190 designed integrate easily into systems using PCI, including systems built with processors with integrated bridges, such Motorola MPC8265A, shown Figure 4-1. external processor accesses MPC190 through device drivers using system memory data storage. MPC190 resides address processor; therefore, when application requires cryptographic functions, creates descriptors MPC190, defining cryptographic function performed location data. MPC190's PCI-mastering capability permits host processor crypto-channel with short register writes, leaving MPC190 perform reads writes
MPC190 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
system memory complete required task. Alternatively, execution units' registers available direct read write through interface.
MPC190
EEPROM
MPC8265
Main Memory
SRAM Network Interface
Figure 4-1. MPC190 Connected PowerQuicc
Figure shows configuration with MPC190 communicating with host processor bridge, such MPC107.
MPC7xx, MPC74xx
Main Memory
MPC107 Bridge Local
MPC190
Network Interface Card
Figure 4-2. MPC190 Connected PowerPC Host Bridge
Architectural Overview
block diagram MPC190 internal architecture shown Figure 5-3. interface (PCI I/F) module designed transfer 32-bit 64-bit words between v2.2-compliant register inside MPC190. MPC190 controller decodes descriptor headers (See 6.6, "Crypto-Channels.") writes them appropriate crypto-channel input buffer. crypto-channel then processes data pointers within data packet descriptor and, PCI/IF module, initiates mastering transfer additional data instructions from memory, specified services
MOTOROLA
MPC190 Security Processor Technical Summary More Information This Product, www.freescale.com
Data Packet Descriptors
requested descriptor header. data processed, written individual execution units' output buffers then, PCI/IF module, processed data written back system memory.
cryptochannel cryptochannel cryptochannel cryptochannel Master/slave interface cryptochannel cryptochannel Control PKHA FIFO FIFO FIFO FIFO FIFO FIFO FIFO FIFO FIFO AuthenAuthentication Authentication tication FIFO FIFO FIFO FIFO ARC-4 FIFO FIFO
cryptochannel cryptochannel cryptochannel
Figure 5-3. MPC190 Block Diagram
Data Packet Descriptors
IPSec accelerator, MPC190's controller been designed easy integration with existing systems software. cryptographic functions accessible through data packet descriptors, some which have been defined multifunction facilitate IPSec applications. data packet descriptor diagrammed Table 6-1.
Table 6-1. Example Data Packet Descriptor
Field Name DPD_DES_CTX_CRYPT LEN_CTXIN PTR_CTXIN LEN_KEY PTR_KEY LEN_DATAIN PTR_DATAIN LEN_DATAOUT PTR_DATAOUT LEN_CTXOUT PTR_CTXOUT length pointer length pointer LEN_NEXT PTR_NEXT length pointer length pointer length pointer length pointer length pointer length pointer length pointer length pointer Value/Type Description Representative header "DES using Context Encrypt" Number bytes written Pointer context (IV) written into engine Number bytes Pointer block cipher Number bytes data ciphered Pointer data perform cipher upon Number bytes data after ciphering Pointer location where cipher output written Length output context (IV) Pointer location where altered context written Zeroes fixed length descriptor filter Zeroes fixed length descriptor filter Zeroes fixed length descriptor filter Zeroes fixed length descriptor filter Length next data packet descriptor (bytes) Pointer next data packet descriptor
MPC190 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
Interface
Each data packet descriptor contains following: Header-The header describes required services encodes information that indicates which which modes set. Seven data length/data pointer pairs-The data length indicates number contiguous bytes data transferred (not exceed 2048). data pointer indicates starting address data, key, context system memory.
data packet descriptor ends with pointer next data packet descriptor. Therefore, once descriptor processed value this pointer non-zero, used request burst read next descriptor. Processing next descriptor (and whether interrupt generated) determined programming crypto-channel's configuration register. modes operation supported:
Interrupt descriptor Interrupt descriptor chain
crypto-channel requests write-back descriptor header after processing data packet descriptor. value written back identical that header, with exception that DONE field set. Occasionally, descriptor field applicable requested service. example, using mode, contents field affect result computation. Therefore, when processing data packet descriptors, crypto-channel skips pointer that associated length zero.
Interface
interface manages communication between MPC190's internal execution units bus. interface memory mapped; therefore, target accesses initiator writes from MPC190 must addressed 32-bit double-word (DWORD) boundaries. MPC190 performs initiator reads byte boundaries assigns data DWORD boundaries appropriate. v2.2-compliant interface supports 32-bit address data transfers 64-bit data transfers. External support circuitry required voltage level conversion when connected bus. user should only concerned with external timing between interface external bus; internal timing maintained Interface.
MPC190 Controller
MPC190 controller manages on-chip resources, including individual execution units (EUs), FIFOs, Interface, internal buses that connect various modules. controller receives service requests from interface various crypto-channels, schedules required activities. controller configure each on-chip resources three modes: Host-controlled mode-The host directly responsible data movement into resource. Static mode-The user reserve specific execution unit specific crypto-channel. Dynamic mode-A crypto channel request particular service from available execution unit.
MOTOROLA
MPC190 Security Processor Technical Summary More Information This Product, www.freescale.com
Crypto-Channels
Host-Managed Register Access
used entirely through register read/write access. strongly recommended that read/write access only performed that statically assigned idle crypto-channel. Such assignment only method host inform controller that particular use.
Static Access
Controller configured reserve more particular crypto-channel. Doing permits locking particular context. When this mode, crypto-channel used multiple descriptors representing same context without unloading reloading context each descriptor. This mode presents considerable performance improvement over dynamic access, only when MPC190 supporting one) contexts. Static access also used reserve particular public execution unit (PKEU) type computation. example, PKEU could reserved private operations using prime other could reserved computations using prime Again, this presents performance improvement because fixed parameters remain within reserved PKEUs. This reduces overhead loading unloading contexts therefore improves performance. However, this only performance improvement lack dynamically available PKEUs does become bottleneck agreement protocols.
Dynamic Access
Processing begins when data packet descriptor pointer written next descriptor pointer register crypto-channels. Prior fetching data referred descriptor based services requested descriptor header descriptor buffer, controller dynamically reserves usage crypto-channel. appropriate units already dynamically reserved other crypto-channels, crypto-channel stalls waits fetch data until appropriate available. multiple crypto-channels simultaneously request same assigned round-robin basis. Once required been reserved, crypto-channel fetches loads appropriate data packets, operates unloads data system memory, releases another crypto-channel. crypto-channel attempts reserve statically-assigned (and appropriate available dynamic assignment), interrupt generated status indicates illegal access. When dynamic assignment used, each encryption/decryption packet must contain context that particular context being supported.
Crypto-Channels
MPC190 includes nine crypto-channels that manage data function. Each crypto-channel consists following: Control registers containing information about transaction process status register containing indication last unfulfilled request pointer register indicating location descriptor fetch Buffer memory used store active data packet descriptor (See "Data Packet Descriptors.")
Crypto-channels analyze data packet descriptor header request from controller first required cryptographic service. After controller grants access required crypto-channel controller perform following steps: appropriate Mode bits available required service.
MPC190 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
Execution Units (EUs)
Fetch context other parameters indicated data packet descriptor buffer these program Fetch data indicated place either EU's input FIFO itself appropriate). Wait complete processing. Upon completion, unload results context write them external memory indicated data packet descriptor buffer. multiple services requested, back step Reset appropriate dynamically assigned. Note that statically assigned, reset only upon direct command written MPC190. Perform descriptor completion notification appropriate. This notification comes forms-interrupt header writeback modification-and occur either every descriptor descriptor chain.
Execution Units (EUs)
"Execution unit" generic term functional block that performs mathematical permutations required protocols used cryptographic processing. compatible with IPsec, WAP/WTLS, IEEE 1363, Java Security processing, work together perform high level cryptographic tasks.The MPC190's execution units follows: PKEU computing asymmetric mathematics, including Modular Exponentiation (and other Modular Arithmetic functions) Point Arithmetic performing block symmetric cryptography AFEU performing RC-4 compatible stream symmetric cryptography MDEU hashing data random number generation
Public Execution Unit (PKEU)
PKEU capable performing many advanced mathematical functions support both public cryptographic algorithms. supported both F(2)m (polynomial-basis) F(p) modes. This supports levels functions assist host microprocessor perform desired cryptographic function. example, highest level, accelerator performs modular exponentiations support performs point multiplies support ECC. lower levels, PKEU perform simple operations such modular multiplies.
7.1.1 Elliptic Curve Operations
PKEU data control units, including general-purpose register file programmable-size arithmetic unit. field modulus size increments between bits, supporting wide range cryptographic security levels. Because processing time determined field modulus size, larger field modulus sizes results greater security lower performance. example, field size roughly equivalent security provided 1024 RSA. field size roughly equates 2048 bits security. PKEU block contains routines implementing atomic functions elliptic curve processing-point arithmetic finite field arithmetic. point operations (multiplication, addition, doubling) involve more finite field operations, which addition, multiplication, inverse, squaring. Point double each four finite field operations. Similarly, point multiplication uses point operations well finite field operations. these functions supported both modular arithmetic well
MOTOROLA
MPC190 Security Processor Technical Summary More Information This Product, www.freescale.com
Execution Units (EUs)
polynomial basis finite fields. local control unit makes necessary calls finite field blocks such that either point operations executed properly.
7.1.2 Modular Exponentiation Operations
PKEU also capable performing ordinary integer modulo arithmetic. This arithmetic integral part public algorithm; however, also play role generation digital signatures Diffie-Hellman exchanges. Modular arithmetic functions supported MPC190's PKEU include following: (A+B) (A-B) modulus vector input vectors, exponent vector where length vector rounded nearest multiple
Where following variable definitions:
PKEU perform modular arithmetic operands 2048 bits length. modulus must larger than equal bits. PKEU uses Montgomery modular multiplication algorithm perform core functions. addition subtraction functions exist help support known methods Chinese Remainder Theorem (CRT) efficient exponentiation.
Data Encryption Standard Execution Unit (DEU)
execution unit (DEU) performs bulk data encryption/decryption, compliance with Data Encryption Standard algorithm (ANSI x3.92). also compute 3DES extension algorithm which each 64-bit input block processed three times. MPC190 supports (K1=K3) 3DES. operates permuting 64-bit data blocks with shared 56-bit initialization vector (IV). MPC190 supports modes operation: (Electronic Code Book) (Cipher Block Chaining).
Four Execution Unit (AFEU)
AFEU accelerates bulk encryption algorithm compatible with stream cipher from Security, Inc. algorithm byte-oriented, meaning byte plain text encrypted with produce byte ciphertext. variable length AFEU supports lengths from bits byte increments), providing wide range security strengths. symmetric algorithm, meaning each communicating parties share same key.
MPC190 Security Processor Technical Summary More Information This Product, www.freescale.com
MOTOROLA
Performance Estimates
Message Digest Execution Unit (MDEU) Module
MDEU computes single message digest hash integrity check) value data presented input bus, using either MD4, SHA-1 algorithms bulk data hashing. SHA-1 hash function, specified ANSI X9.30-2 FIPS 180-1 standards. MD4/MD5 generates hash, algorithm specified 1321. MDEU also supports HMAC computations, specified 2104.
Random Number Generator (RNG)
digital integrated circuit capable generating 32-bit random numbers. designed comply with FIPS 140-1 standards randomness non-determinism.
Because many cryptographic algorithms random numbers source generating secret value nonce), desirable have private MPC190. anonymity each random number must maintained, well unpredictability next random number. FIPS-140 compliant private allows system develop random challenges random secret keys. secret thus remain hidden from even high-level application code, providing added measure physical security.
Performance Estimates
Bulk encryption/authentication performance estimates shown Table include data/key/context reads (from memory MPC190), security processing (internal MPC190), writes completed data/context memory MPC190, using typical 64-bit, 66MHz system overhead.
Table 8-1. Estimated Bulk Data Encryption Performance (Mbps)
byte byte byte byte 1024 byte 1536 byte 1026 1139 3DES ARC4 SHA-1 3DES/ HMAC-MD5
MPC190 supports single pass processing encryption/message authentication.
Revision History
Table summarizes revision history this document.
MOTOROLA
MPC190 Security Processor Technical Summary More Information This Product, www.freescale.com
Performance Estimates Table 9-1. Revision History
Revision Initial release. Added revision history. Updated with template Substantive Change(s)
MOTOROLA
MPC190 Security Processor Technical Summary More Information This Product, www.freescale.com
THIS PAGE INTENTIONALLY LEFT BLANK
More Information This Product, www.freescale.com
REACH USA/EUROPE/LOCATIONS LISTED: Motorola Literature Distribution P.O. 5405, Denver, Colorado 80217 1-303-675-2140 (800) 441-2447 JAPAN: Motorola Japan Ltd. SPS, Technical Information Center 3-20-1, Minami-Azabu Minato-ku Tokyo 106-8573 Japan 81-3-3440-3569
Information this document provided solely enable system software implementers Motorola products. There express implied copyright licenses granted hereunder design fabricate integrated circuits integrated circuits based information this document. Motorola reserves right make changes without further notice products herein. Motorola makes warranty, representation guarantee regarding suitability products particular purpose, does Motorola assume liability arising application product circuit, specifically disclaims liability, including without
ASIA/PACIFIC: Motorola Semiconductors H.K. Ltd. Silicon Harbour Centre, King Street Industrial Estate, N.T., Hong Kong 852-26668334 TECHNICAL INFORMATION CENTER: (800) 521-6274 HOME PAGE: www.motorola.com/semiconductors
limitation consequential incidental damages. "Typical" parameters which provided Motorola data sheets and/or specifications vary different applications actual performance vary over time. operating parameters, including "Typicals" must validated each customer application customer's technical experts. Motorola does convey license under patent rights rights others. Motorola products designed, intended, authorized components systems intended surgical implant into body, other applications intended support sustain life, other application which failure Motorola product could create situation where personal injury death occur. Should Buyer purchase Motorola products such unintended unauthorized application, Buyer shall indemnify hold Motorola officers, employees, subsidiaries, affiliates, distributors harmless against claims, costs, damages, expenses, reasonable attorney fees arising directly indirectly, claim personal injury death associated with such unintended unauthorized use, even such claim alleges that Motorola negligent regarding design manufacture part.
Motorola Stylized Logo registered U.S. Patent Trademark Office. digital trademark Motorola, Inc. other product service names property their respective owners. Motorola, Inc. Equal Opportunity/Affirmative Action Employer. Motorola, Inc. 2003
MPC190TS/D
More Information This Product, www.freescale.com
Other recent searches
W9923QF - W9923QF W9923QF Datasheet
W9925QF - W9925QF W9925QF Datasheet
TPS2030 - TPS2030 TPS2030 Datasheet
TPS2031 - TPS2031 TPS2031 Datasheet
TPS2032 - TPS2032 TPS2032 Datasheet
TPS2033 - TPS2033 TPS2033 Datasheet
TPS2034 - TPS2034 TPS2034 Datasheet
SMBTA06UPN - SMBTA06UPN SMBTA06UPN Datasheet
GL5UR64 - GL5UR64 GL5UR64 Datasheet
CFAG19264A-STI-TN - CFAG19264A-STI-TN CFAG19264A-STI-TN Datasheet
AS1730A - AS1730A AS1730A Datasheet
Privacy Policy | Disclaimer
© 2012 Datasheet Archive
