ADSP 2141 SafeNet DSPUSER'S MANUAL PRELIMINARY DOCUMENT This
|
|
|
Top Searches for this datasheet
ADSP 2141 SafeNet DSPUSER'S MANUAL
PRELIMINARY DOCUMENT
This information pertains product under development. characteristics specifications subject change without notice. assumes responsibility this information.
Revision 1999
Secure Solutions, Inc. maintains site with up-to-date technical documentation customers. located http://www.ire-ma.com/ Contact Secure Solutions registration information password.
1999 Information Resource Engineering, Inc. RIGHTS RESERVED
Information furnished this document preliminary. responsibility assumed Information Resource Engineering Analog Devices use; infringement patents other rights third parties which result from use. license granted implication otherwise under patent rights Information Resource Engineering, Inc. Analog Devices Inc.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
TABLE CONTENTS
CHAPTER INTRODUCTION SCOPE GENERAL DESCRIPTION. 1.2.1 Core 1.2.2 Secure Kernel (Firmware). 1.2.3 Protection Mode Control. 1.2.4 Protected Kernel 1.2.5 Encrypt Block. 1.2.6 Hash Block. 1.2.7 Random Number Generator (RNG) Block. 1.2.8 Public Accelerator 1.2.9 PCI/Cardbus Interface 1.2.10 32-Bit Controller 1.2.11 Application Registers 1.2.12 External Memory Interface. 1.2.13 Serial EEPROM Interface 1.2.14 Interrupt Controller. 1.2.15 Laser Variable Storage. 1.2.16 Downloadable Secure Code. CHAPTER MEMORY CONFIGURATION
MEMORY REGISTER INTERFACES.
CHAPTER
HOST MODE SELECTION 2183 IDMA HOST PROCESSOR PCI/CARDBUS HOST PROCESSOR 3.3.1 Interface Specifications. 3.3.2 Address 3.3.3 Target Mode Transfers 3.3.4 Master Mode Transfers 3.3.5 Transfers Using IDMA
3.3.5.1 3.3.5.2 3.3.5.3 3.3.5.4 IDMA Latency. Access Program Memory. IDMA Indirect Address Register (IADDR). IDMA Configuration Register (IDMACFG)
3.3.6 Core Configuration Registers. EXTERNAL MEMORY INTERFACE 3.4.1 Data Memory Width 3.4.2 Arbitration (DMA/DSP) 3.4.3 Request/Grant. CHAPTER 32-BIT CONTROLLER.
OVERVIEW CONTROLLER FUNCTIONAL DESCRIPTION 4.2.1 Arbitration Master Target. 4.2.2 Arbitration Software Applications 4.2.3 Memory Arbitration. 4.2.4 Initiated Transfers (Master Mode)
4.2.4.1 Memory Map.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
4.2.4.2
Control Flow
4.2.5 Host Initiated Transfers (Target Mode) 4.2.6 Byte Enables (PCI). REGISTER 4.3.1 Host Address Register (DMAHAL). 4.3.2 Host Address High Register (DMAHAH). 4.3.3 Local Address Register (DMALAL). 4.3.4 Local Address High Register (DMALAH) 4.3.5 Command Register (DMACMD). 4.3.6 Status/Configuration Register (DMASC) 4.3.7 Core Status/Configuration Register (PCICSC) 4.3.8 External Memory Status Register (DMAEMS) 4.3.9 Target Page Register (TARGPAGE) 4.3.10 Target Read Count Register (TARGRDCNT) 4.3.11 Endian Register (PCIENDIAN) CHAPTER HASH/ENCRYPT SUBSYSTEM
HASH ENCRYPT BLOCK OVERVIEW 5.1.1 Crypto Contexts 5.1.2 Padding. 5.1.3 Data Offsets 5.1.4 Black Loads ENCRYPT HASH DETAILED DESCRIPTION 5.2.1 Subsystem. 5.2.2 Modes 5.2.3 Automatic Updating. 5.2.4 Crypto Padding 5.2.5 Hash Subsystem. 5.2.6 Mutable Processing 5.2.7 Hash Padding. 5.2.8 HMAC Processing. 5.2.9 Hash/Encrypt Data Flow 5.2.10 Hash/Encrypt Endianness. 5.2.11 IPsec Data Ordering 5.2.12 Command Data Ordering 5.2.13 Hash/Encrypt Subsystem Notes. HASH/ENCRYPT REGISTERS 5.3.1 Hash/Encrypt Configuration Register (HECFG). 5.3.2 Control Register (HEPADCNTL). 5.3.3 Data Length Register (HEDATLEN). 5.3.4 Hash/Encrypt Offset Register (HEOFFSET) 5.3.5 Hash/Encrypt Control Register (HECNTL). 5.3.6 Consume Register (HECONSPAD). 5.3.7 Status Register (HEPADSTAT0) 5.3.8 Status Register (HEPADSTAT1) 5.3.9 General Status Register (HESTAT). 5.3.10 Hash/Encrypt Control Ready Register (HECTRLRDY) 5.3.11 Hash/Encrypt Data Ready Register (HEDATRDY) 5.3.12 FIFO Free Bytes Register (HEFREE). 5.3.13 FIFO Output Byte Count Register (HEOUT) 5.3.14 Key[1-3] Registers (KEYx_0) 5.3.15 Salt Registers (SALT_0). 5.3.16 Registers (IV_0)
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
5.3.17 5.3.18 5.3.19 CHAPTER
Hash Digest Registers (DIGEST_0) Outer Digest Registers (OUTERDIG_0) Hash Byte Count Register (HBYTECNT) APPLICATION REGISTERS.
OVERVIEW FUNCTIONAL DESCRIPTION APPLICATION REGISTERS REGISTER 6.3.1 Mailbox Data Register (MAILDAT). 6.3.2 AppRegs Status Register (DSPAPPSTAT) 6.3.3 Host AppRegs Status Register (HOSTAPPSTAT) 6.3.4 AppRegs Lock (APPLOCK) 6.3.5 (Host) Miscellaneous Semaphore Register (DSPSEMA, HOSTSEMA). 6.3.6 Select Delay Register (SELDEL) 6.3.7 Hash/Encrypt Byte Enable Register (HEBYTEEN) 6.3.8 Reset Reason/Instruction Register (RSTREASON) 6.3.9 External Memory Configuration Register (EXMEMCFG). CHAPTER INTERRUPT CONTROLLER
INTERRUPT CONTROLLER OVERVIEW INTERRUPT SOURCE DESCRIPTIONS INTERRUPT CONTROL REGISTERS (INTC) 7.3.1 Unmasked Status Register (DUSTAT) 7.3.2 Masked Status Register (DMSTAT). 7.3.3 Clear Interrupt Register (DICLR). 7.3.4 Mask Control Register (DIMASK) 7.3.5 Interrupt Configuration Register (DICFG) 7.3.6 Force Interrupt Register (DIFRC) 7.3.7 Host Errors Register (DSPHERR, HOSTHERR). 7.3.8 Host Unmasked Status Register (HUSTAT). 7.3.9 Host Masked Status Register (HMSTAT). 7.3.10 Host Clear Interrupt Register (HICLR). 7.3.11 Host Mask Control Register (HIMASK) 7.3.12 Host Interrupt Configuration Register (HICFG) 7.3.13 Force Host Interrupt Register (HIFRC) CHAPTER SERIAL EEPROM.
SERIAL EEPROM OVERVIEW `MANUAL' HOST CONFIGURATION EEPROM CONTROL REGISTERS 8.3.1 EEPROM Command/Status Register (EECMDSTAT) CHAPTER BOOT LOADING
BOOT LOADING OVERVIEW BYTE MEMORY BOOTING HOST BOOTING 9.3.1 Booting. 9.3.2 IDMA Booting LOCAL BOOTING CHAPTER ACRONYMS TERMS.
APPENDIX
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
FIGURES
FIGURE ADSP 2141 FUNCTIONAL BLOCK DIAGRAM FIGURE PROGRAM MEMORY (MMAP 0).5 FIGURE PROGRAM MEMORY (MMAP 1).5 FIGURE DATA MEMORY FIGURE TARGET MODE MEMORY FIGURE REQUEST/GRANT FIGURE 32-BIT SUBSYSTEM FIGURE `LOCAL ADDRESS' MEMORY FIGURE MASTER FLOWCHART FIGURE HASH/ENCRYPT FUNCTIONAL BLOCK DIAGRAM FIGURE ACCESS HASH/ENCRYPT FIFOS FIGURE ACCESS HASH/ENCRYPT FIFOS FIGURE INTERRUPT CONTROLLER BLOCK DIAGRAM
TABLES
TABLE TABLE TABLE TABLE TABLE TABLE TABLE TABLE TABLE ADSP 2141 UNPROTECTED REGISTER ADSP 2141 PROTECTED REGISTER MODE SELECTION.11 CONFIGURATION REGISTERS CONTROLLER REGISTER HASH/ENCRYPT REGISTERS.44 APPLICATION REGISTER INTERRUPT SOURCES INTERRUPT REGISTER SET.64
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
CHAPTER INTRODUCTION
SCOPE
This User's Manual provides detailed information both hardware software developers. includes descriptions each major subsystems within ADSP 2141 SafeNet DSP, including complete register details. general information ADSP 2141, including Hardware interface details, please refer also ADSP 2141 SafeNet Datasheet, available
GENERAL DESCRIPTION
ADSP 2141 highly integrated Security System-on-a-Chip ASIC which incorporates sophisticated, general purpose DSP, along with number high-performance Cryptographic function blocks, well PCI, IDMA Serial EEPROM interface. fabricated .35µ CMOS triple-layer metal technology utilizing 3.3V Power Supply. initially available 208-pin MQFP package with Commercial 70°C) Temperature Range.
Kernel Protection Logic
Interrupts
Bus_Mode
2183 Mode
IDMA
Mode
Flags
ADSP 2183 Core
DMA-32 Controller
Cardbus Interface
Port
Serial Ports
Kernel
(DES, 3DES)
(MD5, SHA-1)
Port
Prog
16/24
Data
Interrupt Controller
Timer
INTHost
Laser Variable Store
External Memory Interface
26-bits addr. 32-bits data
Application Registers Mailbox
Serial EEPROM Interface
RAM/ROM
Figure ADSP 2141 Functional Block Diagram
Preliminary Information Copyright 1999
Bus_Mode Bus_Sel
Protected Kernel
Encrypt Block
Hash Block
Block
Public Accelerator
16/32-bit Host
IDMA Interface
Secure Solutions
ADSP 2141 User's Manual
1.2.1 Core
Core standard Analog Devices ADSP-2183 with full ADSP-2100 family compatibility. ADSP-2183 combines base components from ADSP-2100 family with addition serial ports, 16-bit Internal port, Byte port, programmable timer, Flag I/O, extensive interrupt capabilities, on-chip program data memory. External Memory Interface 2183 been extended support 64M-words addressing both Program Data memory. Some core enhancements have been added ADSP 2141 version, including on-chip Security Interrupt functions. Refer Analog Devices ADSP-2183 datasheet further information. (Available Adobe Acrobat format
1.2.2 Secure Kernel (Firmware)
Secure Kernel embodied firmware which mask-programmed into within DSP, thus rendering highly tamper-resistant. Kernel provides (Application Programming Interface) applications which require security services from ADSP 2141. Those applications software executing `User Mode' DSP, they external `Host' software accessing ADSP 2141 bus. Approximately Crypto commands called (CryptoGraphic eXtensions) provided simple Control Block structure used pass arguments into secure Kernel return Status. Secure Kernel firmware runs under `Protected Mode' state described below section 1.2.3. This guarantees security integrity system during execution Kernel processes and, example, prevents disclosure Cryptographic data tampering with security operation.
1.2.3 Protection Mode Control
Kernel Protection Mode subsystem responsible enforcing `Security Perimeter' around cryptographic functions ADSP 2141. device either operating `User Mode' (Kernel Space accessible) `Kernel Mode' (Kernel Space accessible) given time. When Kernel mode, Kernel certain protected Crypto registers functions (Kernel Space) accessible only Kernel firmware. Kernel executes Host-requested crypto functions then returns control calling application. Kernel Protection hardware subsystem will reset should security violation occur, such attempting access protected memory location while User mode. readable register reports memory address violation debug purposes.)
1.2.4 Protected Kernel
Kernel provides secure storage area ADSP 2141 sensitive data such keys intermediate calculations during Public operations. Kernel Protection subsystem (above) enforces protection only allowing internal Secure Kernel Mode accesses this RAM. Public Keyset cache Secret keys stored Kernel RAM. Secure storage expanded Secret Keys assigning segments ADSP2183 internal Data `Protected'. This accomplished CGX_INIT command argument.
1.2.5 Encrypt Block
Encrypt Block performs high-speed Triple encrypt/decrypt operations. standard modes supported: Electronic Code Book (ECB), Cipher Block Chaining (CBC), 64-bit Output Feedback (OFB) 1-bit, 8-bit 64-bit Cipher Feedback (CFB). encrypt/decrypt operations highly pipelined execute full 16-round only clock cycles. Hardware support Padding insertion, verification removal further accelerates encryption operation. Context Switching provided minimize overhead changing crypto Keys IV's nearly zero.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
1.2.6 Hash Block
Secure Hash Block tightly coupled with Encrypt Block provides hardware accelerated one-way Hash functions. Both MD-5 SHA-1 algorithms supported. Combined operations which chain both Hashing Encrypt/Decrypt functions provided order significantly reduce processing time data which needs both operations applied. Hash-then-Encrypt Hash-then-Decrypt operations, ADSP 2141 perform parallel execution both functions from same source destination buffers. Encrypt-then-Hash Decrypt-then-Hash operations, processing must sequential, however minimum latency still provided through pipeline chaining design. Offset specified between start Hashing start Encryption support certain protocols such IPsec, `Mutable bit' handling provided hardware.
1.2.7 Random Number Generator (RNG) Block
hardware Random Number Generator provides true, non-deterministic noise source purpose Generating Keys, Initialization Vectors (IV's), other random number requirements. Random numbers provided 16-bit words Kernel. Kernel requests Random Numbers needed perform commands such CGX_Gen_Key, also directly supply from 65,535 Random Bytes host application CGX_Random command.
1.2.8 Public Accelerator
Public Accelerator module works concert with Secure Kernel firmware provide full Public services host application. Kernel provides Macro-level library functions perform Diffie-Hellman Agreement, RSAEncrypt Decrypt, Calculate Verify Digital Signatures, etc. hardware accelerator block speeds computation-intensive operations such large-vector multiply, adds/subtracts, squaring, etc.
1.2.9 PCI/Cardbus Interface
full 66/33MHz v2.1 interface provides high-performance connection Host processor. 32-bit interface supports both Master Target modes. ADSP 2141 capable using directly access data other entities read write that data various registers within chip (including Hash/Encryption engine) external data memory.
1.2.10 32-Bit Controller
ADSP 2141 incorporates high-performance 32-bit controller which set-up efficiently move data between Host memory, Hash/Encrypt blocks, and/or External Memory. controller used with Master mode, thus autonomously moving 32-bit data with minimal intervention. long words (1020 bytes) moved time.
1.2.11 Application Registers
Application Registers memory-mapped registers which facilitate communications between ADSP 2141 Host processor bus. features byte mailbox which set-up hold command structure passed between Host processors. Application Registers also provide mechanism which allows arbitrate whether controller (Host) ownership External Memory interface.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
1.2.12 External Memory Interface
External Memory Interface (EMI) allows connecting various memories and/or peripheral devices ADSP 2141. supports asynchronous static RAM-style interface using control signals. Various memory spaces supported, including: Program Memory (PM), Data Memory (DM), Memory (IO), Byte Memory (BM). Separate chip selects used access each area Combined Memory Select (CMS) configured activate more than area.
1.2.13 Serial EEPROM Interface
Serial EEPROM interface used allow external non-volatile memory connected ADSP 2141 purpose storing Cardbus configuration information (Plug Play), well generalpurpose non-volatile storage. example, encrypted (Black) Keys digital certificate could stored into EEPROM fast recovery after power outage.
1.2.14 Interrupt Controller
Security Block Interrupt Controller provides enhancements existing Interrupt Functions ADSP 2183 core. Primarily, Interrupt Controller provides Interrupt Generation capability external Host Processor. Under programmable configuration control, `Crypto Interrupt' generated completion certain operations such Encrypt Complete, Hash Complete, etc. interrupt directed either core, provided output line (PF7/INTHost) Host subsystem.
1.2.15 Laser Variable Storage
Laser Variable Storage consists bits Factory programmed data which only accessible internal function blocks Security Kernel. Included these Laser Variable bits are: Triple-DES Local Storage Variable (Master Key-Encryption-Key) Randomizer Seed Program Control Data Bits (Enables/Disables various features configures Laser Data
Program Control Data Bits (PCDBs) include configuration permitted Lengths, Algorithm Enables, loading, Internal Pulse Shaping Characteristics, etc. Some PCDB settings overridden with Digitally Signed Token which loaded into ADSP 2141 when boots. These Tokens created each targeted specific ADSP 2141 using chip-unique serial number.
1.2.16 Downloadable Secure Code
ADSP 2141 designed allow additional Security Functions added device through Secure Download feature. words code downloaded into internal memory within this code given security privileges Kernel firmware. downloaded firmware authenticated with Digital Signature verified with on-chip Public Key. Additional functions could include Encryption, Hash Public algorithms such IDEA, RC-4, RIPEMD, Elliptic Curve, etc.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
CHAPTER MEMORY CONFIGURATION
ADSP 2141 provides large amount on-chip zero wait-state RAM, block mask-programmed also provides external memory interface order allow considerable expansion using off-chip devices. on-chip consists three separate groups: Internal Program RAM, Internal Data RAM, Kernel RAM.
Memory
ADSP 2141 memory very similar that ADSP 2183, except that includes significantly more Off-Chip memory addressing, additional Crypto Registers which accessible User.
0x3FFF
Kernel Kernel Mode
(PMOVLAYL=C) (PMOVLAYH=000)
Kernel Base Kernel Mode
(PMOVLAYL=F) (PMOVLAYH=000)
Internal Page
(PMOVLAYL=0) (PMOVLAYH=000)
External Page
(PMOVLAYL=1) (PMOVLAYH=000)
External Page
(PMOVLAYL=2) (PMOVLAYH=000)
External Page 8191
(PMOVLAYL=2) (PMOVLAYH=FFF)
0x2000 0x1FFF
PMOVLAYL nibble PMOVLAY PMOVLAYH nibbles PMOVLAY
Internal (Common Bank)
Megawords External Program Memory
(PMOVLAYL alternates
0x0000
Shaded Kernel Space
Figure Program Memory (MMAP
0x3FFF
Kernel Kernel Mode
(PMOVLAYL=C) (PMOVLAYH=000)
Kernel Kernel Mode
(PMOVLAYL=D) (PMOVLAYH=000)
Kernel Kernel Mode
Kernel Base Kernel Mode
Internal
(PMOVLAYL=0) (PMOVLAYH=000)
(PMOVLAYL=E) (PMOVLAYL=F) (PMOVLAYH=000) (PMOVLAYH=000)
0x2000 0x1FFF
External (Boot From External Program Memory)
0x0000
Figure Program Memory (MMAP
(See ADSP 2183 documentation)
0x3FFF Memory-mapped 0x3FE0 Registers 0x3FDF
8160 words Internal (Common Bank)
Megawords External Data Memory
(DMOVLAYL alternates External Page
(DMOVLAYL=1) (DMOVLAYH=000)
0x2000 0x1FFF 0x1000 0x0FFF 0x0000
Memory-mapped Registers Kernel (Kernel Mode)
(DMOVLAY-000F)
Internal Page
(DMOVLAYL=0) (DMOVLAYH=000)
External Page
(DMOVLAYL=2) (DMOVLAYH=000)
External Page 8191
(DMOVLAYL=2) (DMOVLAYH=FFF)
Figure Data Memory
Preliminary Information Copyright 1999 -5Rev
Secure Solutions
ADSP 2141 User's Manual
PMOVLAY register responsible selecting 8k-word `Pages' upper Program Memory. PMOVLAY register
PMOVLAYH External Address PMOVLAYL Page Select
lsb's (bits 3:0) interpreted follows: 1111 Kernel (Base Page) 1110 Kernel 1101 Kernel 1100 Kernel (Top) 1011 reserved 0011 reserved 0010 External Pages 0001 External Even Pages 0000 Internal msb's (bits 15:4) mapped most-significant external address pins ADSP-2141 (addr 25:14) Thus, address Kernel base page, PMOVLAY register should 0x000F (although uppermost bits ignored this case). address External memory page PMOVLAY register should 0x0131 (0x013 msb's representing pages least-significant nibble indicates External even page). DMOVLAY register responsible selecting 8k-word `Pages' lower Data Memory. DMOVLAY register
DMOVLAYH External Address DMOVLAYL Page Select
lsb's (bits 3:0) interpreted follows: 1111 Kernel Kernel Registers 1110 reserved 1101 reserved 0011 reserved 0010 External Pages 0001 External Even Pages 0000 Internal msb's (bits 15:4) mapped most-significant external address pins ADSP-2141 (addr 25:14) Thus, address Kernel RAM/Crypto Registers page, DMOVLAY register should 0x000F (although uppermost bits ignored this case). address External memory page (decimal), DMOVLAY register should 0x04F2 (0x04F msb's representing pages least-significant nibble indicates External page).
Preliminary Information Copyright 1999 -6Rev
Secure Solutions
ADSP 2141 User's Manual
Register
ADSP 2141 contains number additional registers (beyond those ADSP 2183) which mapped into DSP's external data memory space. Some Registers intended accessed only Kernel referred Protected Registers. some cases, designers require features ADSP 2141 which only available Protected Registers.) Registers which accessible either running User mode controller performing 32-bit transfer, outside entity referred Unprotected Registers listed below. Protected Registers memory-mapped Data Memory space 0x1000 0x17FF. Unprotected registers reside 0x1800 0x1FFF. DMOVLAY register must 0x000F access these registers. From Host perspective, base register address space BASEADDR register. `Target' access these registers from Host, address `Target' column added Base Address. Note that although cannot directly read registers from 32-bit interface, perform 32-bit operation between 32-bit register external memory space. section 4.2.4. table below, observes these registers address first column, sees registers 16-bit words. Host performing `Target' reads writes will observe registers addresses second column. These byte addresses, however host will always perform full 32-bit dword read write. When programming engine perform either `Master' transfer from Host, transfer between External Memory below registers, then will address third column `Local Address' following table:
UNPROTECTED REGISTERS
ADDRESS (word) TARGET ADDRESS (byte) `Local' ADDRESS (word) REGISTER NAME Reset Default DESCRIPTION
0x1880-1895 0x0000-002B 0x0000-0015 0x18A0 0x0040 0x0020 0x18A1 0x0042 0x0021 0x18A2 0x0044 0x0022 0x18A3 0x18A4 0x18A5 0x18A6 0x004C 0x0026
APPLICATION REGISTERS Mailbox Data Status 0x0000 Lock 0x0000 Misc. Semaphore 0x0000 Select Delay 0x0014 Hash/Encrypt Byte 0x0003 Enables Reset Violation 0x0000 Memtype/Addr ExtMem Configuration 0x0001 REGISTERS
44-byte Mailbox Data register Application registers status DSP/Host lock control Miscellaneous status bits: host Delay configuration memory pulses Byte enables Hash/Encrypt FIFOs Holds memory type Address last protection violation-induced Reset External memory configuration/ownership
DSP-Visible Registers: 0x1840 0x1841 0x1842 0x1843 0x1844 0x1845 0x1846 0x1847 Host-Visible Registers: 0x00C0 0x00C4 0x00C8
0x0060 0x0062 0x0064
Host Address [15:0] Host Address [31:16] Local Address [15:0] Local Address [31:16] Command Status/Config. Core Status/Config. Extmem Status Target Page Target Read Count Endian
Lower 16-bits Host Address Upper 16-bits Host Address Lower 16-bits Local Address Upper 16-bits Local Address 0x0000 Command 0x8000 Status/Configuration Register 0x8800 Status/Configuration core External Memory Status 0x0000 Target Page specifier when ADSP 2141 External Memory Target 0x00FF Maximum number dwords Target Read Transfer 0x0000 Big/Little Endian select
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
UNPROTECTED REGISTERS (cont.)
ADDRESS (word) TARGET ADDRESS (byte) Local ADDRESS (word) REGISTER NAME Reset Default DESCRIPTION
HASH/ENCRYPT REGISTERS Configuration Registers: 1A00 0x0200 1A0F 0x021C 0x1A10-1A11 0x0220 0x1A12 0x0224 0x0100 0x010E 0x0110 0x0112 config. control Length Offset Hash/Encrypt block configuration word control word Data length bytes) processed Offset, dwords), from start hash (encryption) start encryption (hash) 0x0007 Operation control. Command consume final block 0x0001 0x0001 0x0040 0x0000 Decrypted next header byte, bytes, Context Decrypted next header byte, bytes, Context Status result from Hash/Encrypt operation input ready control word, ready input ready data FIFO, ready Number free input bytes crypto FIFO Number output bytes ready crypto FIFO Triple DES: Crypto Context Triple DES: Crypto Context Triple DES: Context decryption: Crypto Context data encrypt/decrypt: Context (Inner) Digest: Crypto Context Outer Digest: Crypto Context Byte count, hash resume: Context Triple DES: Crypto Context Triple DES: Crypto Context Triple DES: Context decryption: Crypto Context data encrypt/decrypt: Context (Inner) Digest: Crypto Context Outer Digest: Crypto Context Byte count, hash resume: Context FIFO: Data In/Data 0x0000 0x0000 0x0000 0x0000
0x1A13 0x1A14
0x0226 0x0228
0x0113 0x0114 0x0116 0x0117 0x0118 0x0119 0x011A 0x011B 0x011C 0x0120-0123 0x0124-0127 0x0128-012B 0x012C-012F 0x0130-0133 0x0134-013D 0x013E-0147 0x0148 0x0150-0153 0x0154-0157 0x0158-015B 0x015C-015F 0x0160-0163 0x0164-016D 0x016E-0177 0x0178 0x01C0
Control Consume Status Status GeneralStatus ControlReady DataReady Free Input Bytes Status Output Bytes Status Key3_0 Key2_0 Key1-0 Salt_0 IV_0 Digest_0 OuterDigest_0 HashByteCnt_0 Key3_1 Key2_1 Key1_1 Salt_1 IV_1 Digest_1 OuterDigest_1 HashByteCnt_1 Data FIFO
Status Registers: 0x1A16 0x022C 0x1A17 0x1A18 0x1A19 0x1A1A 0x1A1B 0x1A1C 0x022E 0x0230 0x0232 0x0234 0x0236 0x0238
Context Registers: 0x1A20-1A23 0x0240-0247 0x1A24-1A27 0x0248-024F 0x1A28-1A2B 0x0250-0257 0x1A2C-1A2F 0x0258-025F 0x1A30-1A33 0x0260-0267 0x1A34-1A3D 0x0268-027B 0x1A3E-1A47 0x027C-028F 0x1A48-1A49 0x0290 Context Registers: 0x1A50-1A53 0x02A0-02A7 0x1A54-1A57 0x02A8-02AF 0x1A58-1A5B 0x02B0-02B7 0x1A5C-1A5F 0x02B8-02BF 0x1A60-1A63 0x02C0-02C7 0x1A64-1A6D 0x02C8-02DB 0x1A6E-1A77 0x02D0-02EF 0x1A78-1A79 0x02F0 Data In/Out FIFOs: 0x1AC0 0x0380
0x0000 0x0000
`Unprotected' Hash/Encrypt registers locked from view certain times when kernel executing commands. global semaphore specified used arbitrate ownership. Interface Programmer's Guide.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
UNPROTECTED REGISTERS (cont.)
ADDRESS (word) TARGET ADDRESS (byte) Local ADDRESS (word) REGISTER NAME Reset Default DESCRIPTION
INTERRUPT CONTROLLER REGISTERS DSP-Visible Registers: 0x1800 0x1801 0x1801 0x1802 0x1803 0x1804 0x1805 0x0040 0x0042 0x0042 0x0044 0x0046 0x0048 0x004A Unmasked Status Masked Status Clear Mask Control Config. Force Host Error Code Host Unmasked Status Host Masked Status Host Clear Host Mask Control Host Config. Force Error Code Interrupt source current states prior mask Interrupt source current states post mask Clear selected Interrupt 0x0000 Interrupt mask register 0x0001 Interrupt configuration register Force interrupt Host (PCI) 0x0000 Provides Error Code (write clears) Interrupt source current states prior mask Interrupt source current states post mask Clear selected interrupt 0x0000 Interrupt mask register 0x0001 Host interrupt configuration register Force interrupt 0x0000 Provides Error Code (write clears)
Host-Visible Registers: 0x0080 0x0084 0x0084 0x0088 0x008C 0x0090 0x0094
IDMA INTERFACE REGISTERS Host-Visible Registers: 0x3FE0 0x00A0 0x0050 IDMA Indirect Address Address latch IDMA Indirect transfers (also specifies 0x0001 IDMA Configuration (Direct Indirect) IDMA Data Range (Explicit address Direct, address Indirect)
0x00A4 0x0052 IDMA Config. 0x8000-FFFF 0x4000-7FFF IDMA Data
0x1900 0x1901 0x1902 0x1903 0x1904 0x1905 0x1906 0x1907 0x1908 0x1909 0x190A 0x190B 0x190C 0x190F
SERIAL EEPROM REGISTERS Device 0x2F44 16-bit device Vendor 0x11D4 16-bit vendor (11D4h) ID/Class 0x0000 8-bit chip Revision 8-lsb's Class Code Class Code 0xFF00 remaining 16-msb's Class Code Header Type/Int 0x0100 header type Interrupt Subsystem 0x0000 16-bit Subsystem Subsystem Vendor 0x0000 16-bit Subsystem Vendor Lat, 0x0000 Maximum Latency, Grant parameters Cardbus1 0x8002 lower 16-bits Cardbus pointer Cardbus2 0x0000 upper 16-bits Cardbus pointer Baddr mask1 0x0000 Specifies modifiable addresses Baddr mask2 0xFFFE Upper bits base address mask Size 0x0000 Size spec 16-bit (Upper bits Cmd/Status 0x0000 EEPROM Command Status Register
Table ADSP 2141 Unprotected Register
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
PROTECTED REGISTERS
ADDRESS (word) REGISTER NAME Reset Default DESCRIPTION
HASH/ENCRYPT REGISTERS Configuration Registers: 0x1000 config 0x100F control 0x1010 Length 0x1011 Length 0x1012 Offset 0x1013 0x1014 Control Consume 0x0000 0x0000 0x0000 0x0000 0x0000 0x0007 0x0000 0x0000 Hash/Encrypt block configuration word control word High 16-bits data length, bytes 16-bits data length, bytes Offset, dwords), from start hash (encryption) start encryption (hash) Operation control. Command consume final block Decrypted next header byte, bytes, Context Decrypted next header byte, bytes, Context Status result from Hash/Encrypt operation input ready control word, ready input ready data FIFO, ready Number free input bytes crypto FIFO 64-bit blocks) Number output bytes ready crypto FIFO 64-bit blocks) Triple DES: Crypto Context Triple DES: Crypto Context Triple DES: Context decryption: Crypto Context data encrypt/decrypt: Crypto Context (Inner) Digest: Crypto Context Outer Digest: Crypto Context
Byte count, hash resume: Crypto Context
Status Registers: 0x1016 Status 0x1017 Status 0x1018 GeneralStatus 0x1019 ControlReady 0x101A DataReady 0x101B StatFreeBytes 0x101C StatOutBytes Context Registers: 0x1020-1023 Key3_0 0x1024-1027 Key2_0 0x1028-102B Key1-0 0x102C-102F Salt_0 0x1030-1033 IV_0 0x1034-103D Digest_0 0x103E-1047 OuterDigest_0 0x1048-1049 HashByteCnt_0 Context Registers: 0x1050-1053 Key3_1 0x1054-1057 Key2_1 0x1058-105B Key1_1 0x105C-105F Salt_1 0x1060-1063 IV_1 0x1064-106D Digest_1 0x106E-1077 OuterDigest_1 0x1078-1079 HashByteCnt_1 Data In/Out FIFOs: 0x10C0 Data FIFO 0x1180 0x1181 0x1182 0x1183 0x1184 0x1185 control Reserve Reserve Reserve Hash/Enc Control Reset Control
Triple DES: Crypto Context Triple DES: Crypto Context Triple DES: Context decryption: Crypto Context data encrypt/decrypt: Crypto Context (Inner) Digest: Crypto Context Outer Digest: Crypto Context Byte count, hash resume: Crypto Context FIFO: Data In/Data
MANAGEMENT REGISTERS 0x0003 Selects current KRAM owner: DSP, 0x0000 Selects 1kword segments `Protect' into Kernel 0x0000 Selects 1kword segments `Protect' into Kernel 0xFFFF Selects 256-byte segments `Protect' into Kernel 0x0004 Selects owner block: Host 0x0000 Allows internal reset H/E, reset)
Table ADSP 2141 Protected Register
Note: register addresses Table visible User mode programs. This information provided developers creating `Extended Programs' which will digitally signed IRE.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
CHAPTER INTERFACES
ADSP 2141 supports multiple interfaces order allow integrated into wide variety host systems. These buses are: Host Processor (also Cardbus) 2183 IDMA External Memory Interface (EMI)
These buses will described following sections.
Host Mode Selection
ADSP 2141 Host configured personalities: 2183 IDMA Mode, Mode. selection mode made with Hardware control inputs BUS_MODE BUS_SEL boot time. Mode Pins Reserved 2183 IDMA Mode Mode Reserved BUS_MODE BUS_SEL
Table Mode Selection number pins ADSP 2141 internally multiplexed order change personalities. Refer ADSP2141 SafeNet Datasheet assignments. Note also that 32-bit engine only enabled mode. This selection changed after ADSP 2141 comes power-up Reset. typically expected that Mode signals tied ground Board.
2183 IDMA Host Processor
2183 IDMA Host selection (Internal Direct Memory Access) allows ADSP 2141 offer IDMA interface directly outside Host processor. ADSP 2141's usage IDMA identical that described ADSP 2183 Datasheet ADSP-2100 Family User's Manual. IDMA port allows Host Processor perform 16-bit reads writes selected areas ADSP 2141's internal memory space. These areas include1 Internal Data Memory (DM) Internal Program Memory (PM). Since 24-bits wide, IDMA cycles required access first cycle transferring most-significant bits, second cycle moving least-significant bits. IDMA transfers implemented using cycle-stealing from ADSP 2141's internal processor. IDMA useful means bootload programs data structures into ADSP 2141. addition, using designated block internal memory, virtual mailbox function implemented using IDMA. IDMA transfers achieve Mbps throughput, which relatively low-performance compared with (1-2 Gbps) thus should used applications where high data throughput required. Refer Analog Devices ADSP-2100 Family User's Manual further information.
Note that ADSP 2141 supports optional memory locking 1kword slices locked areas memory visible Host IDMA port. Typically, locking these memory spaces performed custom `Extended' program invoked Kernel interface, although locking portions extended Cache Registers available parameter. Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
PCI/Cardbus Host Processor
When ADSP 2141 configured host mode, Multiplex pins become personalized directly connect 3.3V local bus. core ADSP 2141 compliant with version standard supports 32-bit wide bus. clock speed from 10MHz 66MHz2, asynchronous ADSP 2141 master clock.
3.3.1 Interface Specifications
ADSP 2141's `core' meets following specifications: Version Target Master transfer capability Configuration Space Read/Write Memory Mode Read/Write Single word Burst transfer Abort auto re-try Target Master read/write FIFO's: dwords each four FIFO's dwords Master Read FIFO)
interface does support following: Mode Read/Write Fast Back-to-Back transactions Memory Write Invalidate operations
3.3.2 Address
ADSP 2141 appears Target with single contiguous memory space 128k bytes. ADSP 2141 presents [16:0] address interface Target. Inbound address bits [31:17] decoded ADSP 2141 core determine whether access matches Memory Base Address Register, thus determining whether access ADSP 2141 not. However, bits [31:17] otherwise reflected ADSP 2141 register addresses.
0x1FFFF External Memory Page (Window into External Memory selected Target Page Register) kbytes
Byte Address (above base)
0x10000 0x0FFFF
kbytes IDMA access internal data memory program memory Reserved Kernel ADSP 2141 Registers kbytes
0x08000 0x04000 0x00000
Base Address
Figure Target Mode Memory
66MHz rating pending characterization
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
Once ADSP 2141's address been decoded, next most significant address bit, [A16], determines whether lower address bits should decoded internal ADSP 2141 register/memory address reflected ADSP 2141's external memory interface. address lsb's interpreted ADSP 2141 internal register/memory address bits. address lsb's [A15-A0]3 combined with 11-bit page designator Target Page Register form external memory address. Target Page register addressable Host through Interface specifies upper address bits transfers from/to external memory. section 4.3.9.
3.3.3 Target Mode Transfers
Target entity, ADSP 2141 provides memory-mapped access `unprotected' memory register space. This includes read/write access through ADSP 2141 external memory connected bus. Target mode transfers (except 256-byte core configuration register space), ADSP 2141 engine called upon perform data movements inside ADSP 2141 between core desired memory register location(s). This action automatic initiating entity unaware participation transfer. important however note DMA's target transfer role effects other DSP-initiated operations. Since Target transfers initiated from other entities typically unaware other activities occurring within ADSP 2141, arbiter gives precedence Target transfers. transfer in-process will preempted, however pending DSPinitiated will deferred until after Target transfers have been completed. status register controller allows determine whether seized controller whether Target transfer running.) Refer also CHAPTER more information controller. addition, order Target transfers occur to/from External Data Memory, must grant ownership External Memory engine. section 6.3.9. External memory granted, then data transfer will held-off until granted. course, fails grant within approximately cycles, then abort retry will occur. still granted retry, then Target transaction will likely fail. Refer also section 3.4.2. Target transfers to/from ADSP 2141 some cases experience timeout abort re-start latencies core FIFO's, address/data setup times, memory wait-states, etc. These more likely occur with reads than writes `round-trip' nature read. fact, writes kept dwords fewer, then timeout aborts avoided, since core target write FIFO dwords) store written data until DMA'ed destination within ADSP 2141. Latencies largest with IDMA transfers from internal memory within ADSP 2141. interaction clock speeds ADSP 2141 core must also considered. Ideally, ADSP 2141 core clock should equal faster than clock order allow unload incoming data least fast arrives. this case, then only IDMA transfers transfers external memory with wait state will result timeout aborts transfers dwords.
3.3.4 Master Mode Transfers
ADSP 2141 Master Mode transfers most efficient transfer data into device. Master mode transfers always performed under control DSP. Refer CHAPTER more information controller initiating master transfers.
3.3.5 Transfers Using IDMA
order allow access internal Program Memory (PM) Data Memory (DM) ADSP 2141, IDMA engine must used. state machine ADSP 2141 interfaces between 16-bit internal IDMA interface 32-bit interface.
fact, Target access External Memory must dword boundary, thus lsb's [A1, ignored. 32-bit dword address formed from remaining address bits. Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
modes operation provided: Direct Indirect. Direct mode only applicable access internal Data Memory. Direct mode, ADSP 2141 directly translates address into internal address. Behind scenes inside ADSP 2141, hardware logic decodes address shifts right (discarding lsb) thus making word address. then writes lsb's target address into IDMA address register sets indicate Finally performs IDMA read write single word. above steps transparent target initiator. Indirect mode, host must explicitly program IDMA address register with starting address IDMA transfer (after each word transfer, internal memory address will incremented Then, host perform Target burst read write. Note that Target Read Count register (section 4.3.10) must IDMA reads will used.
3.3.5.1
IDMA Latency
Since IDMA process requires more ADSP 2141 clock cycles each word transfers, throughput cannot match that bus. Host Target writes IDMA memory, burst transfers should limited dwords fewer, since core FIFO store that many while waits IDMA completion. Host Target PCI/IDMA reads, only dword should accessed time, since latency IDMA read typically causes abort retry. requested data will available time retry occurs, access will succeed. However, second word IDMA data ready during that cycle.
3.3.5.2
Access Program Memory
When used access internal Program Memory (PM), IDMA engine utilized perform transfers. Since 24-bits wide, there conversion from 32-bit dwords memory space 24-bit format internal memory. byte each dword unused access. 32-bit IDMA Indirect transfer Program Memory, PM[7:0] resides A/D[23:16] PM[23:8] resides A/D[15:0]. uppermost data byte [31:24] don't care should writes.
3.3.5.3
IDMA Indirect Address Register (IADDR)
This register carries `starting' address indirect IDMA transfer. internal address either Data Memory transfer Program Memory transfer. used specify which type transfer being requested. Register Address (WRITE ONLY) Target Master 0x3FE0 0x00A0 0x0050
Internal Memory Address bits (ignored transfers to/from DSP/Crypto-regs) Data Memory (DM) access, Program Memory Reserved (set write)
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
3.3.5.4
IDMA Configuration Register (IDMACFG)
This register specifies whether direct indirect IDMA transfers will performed internal memory within ADSP 2141's DSP. This register only visible from Host interface. Note: wishes change state this register order perform Master transfers to/from IDMA, then using following steps: Write desired register value into External Data Memory. Perform move dword from above location External Memory IDMACFG register (This case move described section Register Address (READ WRITE) Target Master 0x00A4 0x0052
IDMA Mode: Direct only), Indirect Reserved
3.3.6 Core Configuration Registers
viewed from Host perspective, 256-byte Type Configuration Space Header (CSH) defined below Table fields marked xxxxxxxx `don't cares'. Shaded fields read-only registers loaded from serial EEPROM connected ADSP 2141 optionally from boot time. CHAPTER Device Status BIST Vendor Command Addr. 44hFFh
xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
Max_Lat
Class Code Revision Header Type Master Latency Timer Cacheline Size Base Address Memory Base Address Reserved (Dual Base) Reserved xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx Subsystem Subsystem Vendor xxxxxxxx xxxxxxxx xxxxxxxx Reserved Reserved Min_Gnt Interrupt Interrupt Line Reserved Retry Timeout Value TRDY Timeout Value Reserved
Dual Base mapping ADSP 2141 supported. These registers will always read back
Table Configuration Registers
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
default values above registers follows: Programmed Serial EEPROM DSP: Device 2F44h Vendor 11D4h Class Code FF0000h Revision BIST Header Type Hardware Defaults core: Master Latency Timer Cacheline Size Subsystem Subsystem Vendor Max_Lat Min_Gnt Interrupt 0000h 0000h
Interrupt Line Retry Timeout Value TRDY Timeout Value
upper bits Memory Base Address register writable, allowing selection 128k-byte address space ADSP 2141. part automatic (plug play) address mapping, Host BIOS will typically write FF's into Base Address registers then read-back value determine address range required target device. case ADSP 2141, lower bits will read 0's, indicating 128k. Then, BIOS writes appropriate Base Address into upper bits which were read 1's. Configuration Command Status registers operate specified v2.1 standard. They only visible from bus, from DSP. Following system initialization, after core registers have been pre-loaded either from serial EEPROM DSP, host must initialize Memory Base Address register write Command into Command Register. Following default settings behavior these registers: Status Register (visible only Host) Description Detect Parity Error Signaled System Error Received Master Abort Status. when Master terminates Host-to-PCI transaction with Master Abort. Received Target Abort Status. when core initiates transaction terminated Target Signaled Target Abort Status 10:9 Device Select Timing. Indicates timing DEVSEL# when core responds transaction Target Data Parity Detected Fast Back-to-Back Capable Reserved Capable Reserved Reset Type Status Status Status Status Status Static Status Static Static Static Static
Command Register (visible only Host) Description 15:10 Reserved Master Fast Back-to-Back Enable System Error (SERR#) Enable
Reset
Type Read Only
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual Read Only Read Only
Wait Cycle Control Address Stepping Enable Parity Error Enable Snoop Enable Memory Write Invalidate Enable Special Cycles Enable Master Enable Memory Access Enable Access Enable
typical system, BIOS would write value 0x01C6 Command Register order enable Mastering, Memory-mapped access, error reporting.
External Memory Interface
External Memory Interface (EMI) logical extension presented standard ADSP 218x processor. ADSP 2141 enhanced this follows: Extended data width from 24-bits 32-bits Additional Addressing: from 14-bits (16k words) 26-bits (64M words) both
interface support multiple memory types including: I/O, Program Memory (PM), Byte Memory (BM), 16-bit 32-bit Data Memory (DM).
3.4.1 Data Memory Width
Data Memory space, ADSP 2141 configured either 16-bit 32-bit wide memory. This configured EXMEMCFG register, (section 6.3.9), normally changed after initialization. order support operations external Data Memory, 32-bit memory must used. When 32-bit memory enabled, then physical address used. Rather, DMSL chip select will activate least significant 16-bits dword, DMSH will activate most significant 16-bits. Thus, 32-bit external data memory chips must support separate enables upper lower word each dword. From logical perspective, 32-bit Data Memory operates follows: access always 16-bit words. accesses `even' word (ie. 0x0000, 0x0002.), then DMSL will activated. `odd' word (ie. 0x0001, 0x0003.) accessed, then DMSH (previously designated CS32) will activated. access always 32-bit dwords both DMSL DMSH will asserted. transfer being handled DMA, then address bits ignored transfer will move entire dword time. transfers between internal crypto registers, then again, 32-bit dwords always moved. case between Crypto FIFO's, then byte enables used FIFO's effectively move less than full dword. However, side, full 32-bit read write access always done.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
3.4.2 Arbitration (DMA/DSP)
Since shared between engine within ADSP 2141, EXMEMCFG (see section 6.3.9) register (bit used select which internal controller `owns' bus. (This applies accesses I/O, BM). Only access this register, effectively becomes arbiter bus. This allows straightforward contention management between direct access access external memory. becomes more interesting when Host-initiated Target transfers expected external memory, since there intrinsic arbitration provided. Target transfer attempted while owns bus, transfer will re-try then aborted. this event, interrupt (External Memory Conflict) generated IRQ2, unmasked (section 7.2). response this interrupt, could, example, immediately grant controller allow transaction complete. After Target transaction complete, would return ownership return-from-interrupt.
3.4.3 Request/Grant
ADSP 2141's External Memory Interface also supports sharing with external co-processor using Request (BR) Grant (BG) handshake. ADSP 2141 considered master thus external device must request permission bus. Once grants bus, will suspend requires access External Memory (PM, I/O, BM). However, continue execute operations internal memory spaces Crypto registers while been relinquished. Note that controller ownership EXMEMCFG then signal masked ADSP 2141 will therefore respond Request. Refer Figure below. this scenario, possible mechanism could connect Request source both interrupt line ADSP 2141. That interrupt source masked whenever owns normal BR/BG operations occur. However, sets control engine, then would enable interrupt. Thus, when co-processor asserts will interrupted decide when restore ownership DSP, thus allowing seen.
ADSP 2141
Host Memory etc.
Tri-state
Crypto Registers, etc.
Core
Co-Processor
EXMEMCFG
text
Figure Request/Grant
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
CHAPTER 32-BIT CONTROLLER
Overview
ADSP 2141 integrates high-performance 32-bit controller order facilitate bulk data movements within chip without requiring continuous supervision. subsystem allows 32-bit transfers occur within ADSP 2141 Mwords second (160 Mbytes/s). 32-bit controller only enabled when mode selected (section 3.3). following figure illustrates functionality 32-bit subsystem.
ADSP 2183 Core
Master
Registers
Host Addr Host Addr Local Addr
CONTROL
Target
Hardware Control
Arbiter
Local Addr Command Status/Config. Status/Config. ExtMem Status
Host Registers
Target Page Target Read Endian Select
32-bit
Internal (16k IDMA Internal (16k
xfer queued xfer complete
Working Registers
Kernel
Case
Local addr.
Host addr.
ENGINE
Case Case
Crypto Registers, AppRegs (mailbox)
Host addr.
Local addr.
Ext_Mem
ADSP 2141 Boundary
16-bit 32-bit conversion occurs.
External Memory (16k 256k External Memory etc.)
Figure 32-bit Subsystem
Preliminary Information Copyright 1999
Hash/Encrypt
Secure Solutions
ADSP 2141 User's Manual
Controller Functional Description
controller shared between `owners'; either Host processor. This essentially corresponds whether `Master' (DSP-owned) `Target' (Host-owned) transfer needed. arbiter manages contention issues when both Host attempt control engine same time, with Target transfers getting priority. pair interrupts generated based events. interrupt signals completion transfer, other indicates `queueing' command another command already process. operations occur 32-bit buses within ADSP 2141, although some internal locations, source destination could 16-bits wide. this case, interface state machine converts data between bits (see markings figure above).
4.2.1 Arbitration Master Target
Since shared resource between Host Target mode requests, deterministic arbitration scheme required predictable results. Arbiter shown Figure responsible moving requests into engines working registers. Arbiter gives priority Host Target mode requests, this means following: Assume transaction progress, that another DSP-initiated transfer request queued-up control registers. Host Target read write request occurs before in-progress transaction completed, then Host request will serviced prior queued request. Note that transfer which already running will never preempted. only transfer aborted midstream Host error occur (e.g. abort Parity error) force abort writing PCICSC register `Force Transfer' bit.
4.2.2 Arbitration Software Applications
second level arbitration resource must considered software application level: library functions occasionally require engine, since interrupted application running DSP, necessary communicate whether currently using DMA. Otherwise, user application could overwrite partial register settings which have begun set. pair fields `Kernel Configuration String' (KCS) allow arbitrating software access master transfers. these fields allows setting-up shared semaphore memory which checked before attempting DMA. other field allows user application interrupt when finished using engine. Refer Interface Programmer's Guide more information.
4.2.3 Memory Arbitration
Because External Memory interface multiplexed between engine DSP's external memory bus, DSP-controlled register output (EXMEMCFG, section 6.3.9) selects which `owner' External Memory bus. typical applications, this normally give control engine ensuring that Target transactions complete would only momentarily switched during non-DMA read write. kernel will manipulate this when needs perform data movements external memory, will save restore bit's original setting. also section 3.4.2. While transfer active, generally continue internal operations without impact. This because activities occur separate 32-bit within ADSP 2141 thus need cycle-steal from DSP. Exceptions this isolation occur when both attempting access same memory space. This includes access External Memory, Kernel RAM, Hash/Encrypt Control, Hash/Encrypt Data FIFOs. each these blocks, control which assigns ownership respective block either DMA/Host. following table describes these controls.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual Control Register Access? EXTMEMCFG, User Kernel (See 6.3.9) Notes expected manage ownership External Memory both User Mode Kernel Mode. Generally well-controlled with exception spurious Target Mode attempts. Generally, Kernel only used Kernel, thus fully manages ownership. most applications, desirable manage Hash/Encrypt block from DSP. Thus, this control typically left with owning this interface. intended move data through FIFO's high performance applications, then this will give ownership crypto context FIFO interface block
Memory Space External Memory
Kernel (KRAM) Control Regs
KMRAMCTRL KMHECTRL
Kernel Kernel
Data FIFO's Contexts
KMHEDATACTRL
Kernel
field Kernel Configuration String (KCS) allows programmer request which state these controls should when Kernel returns from operation. Refer Interface Programmer's Guide.
When Kernel runs, must occasionally change ownership some these memory spaces order move data where needs Some semaphores provided guarantee that User application Kernel properly negotiate ownership these spaces, should interrupted. When finished with data movement, will restore these settings that User application will have expected access when returns. Refer description Interface Programmer's Guide more details semaphores setting User Mode memory ownership state.
4.2.4 Initiated Transfers (Master Mode)
When controls engine, truly behaves general-purpose controller: specifies source destination devices/addresses byte count, engine then executes transaction. Status registers polled completion, interrupt generated transfer. host bus, data movements handled between: Case Host DSP/Crypto* Case Host External Memory Case External Memory DSP/Crypto* cases above, this `Master' transaction occurs. Case memory-to-memory type transfer.
DSP/Crypto includes: Crypto registers, Hash/Encrypt block, IDMA internal RAM, Kernel unlocked.
most transactions, both source destination address pointers will automatically incremented each word transferred. only exceptions this when either source destination transfer Hash/Encrypt Input FIFO Hash/Encrypt Output FIFO IDMA Data Register (Indirect mode only)
those transfers, FIFO/register address remains fixed only `memory' side address automatically increments.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
4.2.4.1
Memory
Addresses memory domains specified part setup. Each domains Host memory, External Memory, DSP/Crypto-register have slightly different addressing techniques shown below. Host memory: When transaction memory (case above), full 32-bit address specified Host Address register. This allows transfer done to/from location memory space. External memory: When transferring from External memory, addressing slightly different cases above. case (PCI Host to/from External memory), full 26-bit external memory address specified Local Address register. Also, Local Address register indicate External Memory. case (External memory to/from DSP/Crypto-registers), Command register `1'. Then, 26-bit external memory address specified Host Address register. DSP/Crypto-register memory: When transaction DSP/Crypto-register/KRAM space, then Word (16-bit) address specified Local Address register. This causes address shifted address from (byteoriented) shown Figure Target Mode Memory Map. Register listing section 2.2, third column shows these addresses. Following word memory DSP/Crypto-register addresses from perspective:
0x07FFF IDMA access internal data memory program memory 0x04000 Word Address 0x02000 Reserved Kernel
kwords
kwords
0x00000
ADSP 2141 Registers
Figure `Local Address' Memory
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
4.2.4.2
Control Flow
following steps typically followed DSP-initiated Master transfer:
Enter
Poll Stat/Control [15] Ready
Set-up Source/ Destination Addr.
Write Command register byte count other control data
Wait cycles
Poll Master Tranfer Active
Done
Figure Master flowchart
4.2.5 Host Initiated Transfers (Target Mode)
When Host performs Target Read Target Write memory register within ADSP 2141, controller automatically called into use. From Host's perspective, most operation controller hidden. controller interprets PCI-supplied addresses other control signals then generates appropriate addresses internal/external memory space. some Target reads which experience latencies before data retrieved, controller `fetchahead' three dwords place them core's read FIFO. This important consider when performing reads from Hash/Encrypt FIFO, since once data read from FIFO, cannot reversed. Thus, Host must ensure that `fetch-ahead' performed these cases. There other cases where `fetch-ahead' could cause unexpected behavior: Reading base address AppReg Mailbox (0x0000), since this will clear `DSP wrote Command' status flag. This moot however since base address ADSP 2141's memory space Reading HOSTAPPSTAT register (0x0040), since this will clear `DSP read Mailbox' this same register.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
fetch-ahead reads IDMA memory space Indirect mode used (3.3.5). This because IDMA address automatically incremented each read. extra fetches would cause memory pointer higher than expected next IDMA read.
PCI_Target_Read_Count register mechanism limit maximum `fetch-ahead' data which read. example, Host moving data through Hash/Encrypt FIFOs 8-dword blocks, then PCI_Target_Read_Count register should programmed with 0x08. section 4.3.10. Target mode reads writes must occur 32-bit dword boundary. only exception reads writes Hash/Encrypt block. this case, starting ending address decoded down byte level that number bytes written read from data FIFO. Byte Enables will dictate number bytes transferred.
4.2.6 Byte Enables (PCI)
Byte Enables (C/BE[]#) output initiator during data phase cycle, they used specify which byte-lanes carry meaningful data. ADSP 2141, transactions ignore Byte Enables with following exceptions: Configuration Read/Write reads writes configuration space ADSP 2141's core, Byte Enables recognized responded Thus, Target mode access made individual byte address within Configuration space only that byte lane will activated. Hash/Encrypt FIFO Read/Write Since Hash/Encrypt FIFOs sensitive exact number bytes being delivered (and since user data cannot guaranteed begin byte boundary), ADSP 2141 processes Byte Enables these transactions. Byte Enables handled defined v2.1 specification. Target read write, ADSP 2141 monitors Byte Enables that initiator activates then accesses appropriate number bytes FIFO. Master read write, starting Host address byte count specified registers, engine asserts internal Byte Enables read correct number bytes from FIFO, data still driven full 32-bit dwords with Byte Enables asserted. Thus, memory space must allocated host memory these extra bytes added nearest dword boundary. This means that either Target Master reads/writes FIFO begin and/or non-dword boundary. recommended that Host memory allocated nearest dword boundary, since when data moved towards Host (Target Master), ADSP 2141 will entire dword transfers, there will unknown data unused bytes. Others: Except these cases where Byte Enables used, ADSP 2141 will behave follows: Target Reads: ADSP 2141 will ignore Byte Enables from initiator (except when Target address Hash/Encrypt FIFO). 32-bits addressed word will appear bus. Target Writes: ADSP 2141 will ignore Byte Enables from initiator (except when Target address Hash/Encrypt FIFO). ADSP 2141 will look 32-bits data word bus. some data invalid that Byte Enable being deasserted, then unknown data will written addressed byte location(s). Master Reads: ADSP 2141 will always perform full 32-bit dword reads, thus asserting four Byte Enables. Master Writes: ADSP 2141 will always perform full 32-bit dword writes, thus asserting four Byte Enables.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
Note that accesses from (Target Master) ADSP 2141 External Memory should occur 32bit dword boundaries proper operation. least-significant address bits (A0, fact passed interface ADSP 2141.
Register
memory-mapped control status registers used operate controller. These considered Unprotected Registers, therefore visible either running User mode outside entity. They summarized Table described detail following subsections.
ADDRESS (word) TARGET ADDRESS (byte) Local ADDRESS (word) Reset Default
REGISTER NAME
DESCRIPTION
REGISTERS DSP-Visible Registers: 0x1840 0x1841 0x1842 0x1843 0x1844 0x1845 0x1846 0x1847 Host-Visible Registers: 0x00C0 0x00C4 0x00C8 0x0060 0x0062 0x0064 Host Address [15:0] Host Address [31:16] Local Address [15:0] Local Address [31:16] Command Status/Config. Core Status/Config. Extmem Status Target Page Target Read Count Endian Lower 16-bits Host Address Upper 16-bits Host Address Lower 16-bits Local Address Upper 16-bits Local Address 0x0000 Command 0x8000 Status/Configuration Register 0x8800 Status/Configuration core External Memory Status 0x0000 Target Page specifier when ADSP 2141 External Memory Target 0x00FF Maximum number dwords Target Read Transfer 0x0000 Big/Little Endian select
Table Controller Register
4.3.1 Host Address Register (DMAHAL)
This 16-bit Read/Write register allows Software configure lower bits Host Address Master mode transaction (case Note that this byte address Host memory. DSP-to-External memory transfer (case this contains lower 16-bits External Memory address. Again, this represents byte address. Since External Memory always accessed dword, lsb's forced internal processing. Register Address (READ WRITE) Target Master 0x1840 Visible Visible
lsb's Host Address [15:0]
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
4.3.2 Host Address High Register (DMAHAH)
This 16-bit Read/Write register allows Software configure upper bits Host Address Master mode transaction. transfer between External Memory memory space (case then this register holds most-significant bits External Address [25:16]. Note that this byte address. Register Address (READ WRITE) Target Master 0x1841 Visible Visible
msb's Host Address [31:16]
4.3.3 Local Address Register (DMALAL)
This 16-bit Read/Write register allows Software configure lower bits Local (ADSP 2141) Address Master transaction. transfer to/from DSP/Crypto-register space (cases then this will address from column Table section 2.2. transfer between Host External Memory (case then this register holds leastsignificant bits External Address [15:0]. Note that this 16-bit word address shown Figure Since external memory based dwords, forced internal processing. Register Address (READ WRITE) Target Master 0x1842 Visible Visible
lsb's Local Address [15:0]
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
4.3.4 Local Address High Register (DMALAH)
transfer to/from DSP/Crypto-register space (cases then there address bits contained here most-significant will `0'. Note that this 16-bit word address shown Figure transfer between Host External Memory (case then this register holds mostsignificant bits External Address [25:16] most-significant will `1'. Register Address (READ WRITE) Target Master 0x1843 Visible Visible
msb's External Memory Address [25:16] (ignored transfers to/from DSP/Crypto-regs) Reserved (set write) External Memory access, Internal access (case (case
4.3.5 Command Register (DMACMD)
This 16-bit Read/Write register used write Commands Controller function. first bits indicate byte count requested transfer. transfers except from Hash/Encrypt FIFO's, this number should evenly divisible order move dwords. selects type transfer: Between DSP/crypto registers External Memory space (case between Host either External Memory DSP/crypto registers (case Note that Local Address High register (above) discriminates between case selects direction transfer. Immediately upon writing this register, command will queued engine. idle, then transfer will begin. Register Address (READ WRITE) Target Master 0x1844 Visible Visible
Byte Count 1023) Reserved (set write) DSP/Cryptregs<->External Memory transfer, Host transfer Master Write (i.e. towards Host Address) Master Read (i.e. towards Local Address)
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
4.3.6 Status/Configuration Register (DMASC)
This 16-bit Read/Write register allows configure/monitor function. first bits Read/Write select Wait States when engine transferring from External Memory. Note that this same number Wait States selected internal DWAIT bits Wait State Control Register. There slight timing differences between access which might result different wait state settings. Read-Only status which reflects Host-selected Endian state. memory registers within Little Endian. Endian determines whether ADSP 2141 Endian conversion data to/from host. next three bits [3-5] indicate busy status engine each three modes: indicates that DSP-initiated master transfer running (could case Note that when this transitions from cause Master Transfer Complete interrupt occur (see section 7.3.1). Generally, recommended read state this along with Command Register Available, determine whether newly requested master transfer running. some cases, previously submitted master transfer could have been postponed intervening target transfer.) indicates that Host-initiated target transfer running (could case further qualifier (i.e. will also set): indicates that transaction case Local to/from External Memory transfer. indicates that core completed DSP-initiated master transfer. indicates that core detected parity error bus. indicates that core experienced fatal error.
Bits 12-14 provide core status DSP:
last [15] indicates that write into engine register set. (Note that another transfer underway, since side double-buffered registers, another addresses command queued. Note that when this transitions from cause Master Transfer Queued interrupt occur (see section 7.3.1). Register Address (READ WRITE) Target Master 0x1845 Visible Visible
External Memory Wait States Endian, Little Endian Master Transfer Active Target Transfer Active Local Ext. Memory Transfer Active Reserved (ignore) Core Master Complete Core Parity Error Core Fatal Error Command Register Available
from Host PCIENDIAN register Preliminary Information Copyright 1999
Control (R/W)
Status (R/O)
Secure Solutions
ADSP 2141 User's Manual
4.3.7 Core Status/Configuration Register (PCICSC)
This 16-bit Read/Write register allows configure monitor Core function. This register normally accessed most applications. first bits allow terminate transfers under abnormal circumstances. last bits provide real-time visibility core operation status. Register Address (READ WRITE) Target Master 0x1846 Visible Visible
Target Force Retry Target Force Abort Target Transmit FIFO Flush Target Receive FIFO Flush Master Transmit FIFO Flush Master Receive FIFO Flush Force Transfer Reserved (set write) Target Transmit FIFO Write Target Transmit FIFO Full Target Receive FIFO Read Target Receive FIFO Empty Master Transmit FIFO Write Master Transmit FIFO Full Master Receive FIFO Read Master Receive FIFO Empty
Control (R/W)
Status (R/O)
4.3.8 External Memory Status Register (DMAEMS)
This 16-bit Read only register reports status External memory Master transfers. leastsignificant 8-bits report current dword count transfer. They will start initialized number dwords transfer will decrement down indicates External Memory engine. Register Address (READ ONLY) Target Master Visible Visible
0x1847
Master transfer dword count 255) External memory request, idle Reserved (set write)
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
4.3.9 Target Page Register (TARGPAGE)
Following definitions Target Page Register. These used order select kbyte page which Host access Target read write. This register used DSP-initiated (Master) transfers. Note that this register only visible Host processor. Register Address (READ WRITE) Target Master 0x00C0 0x0060
msb's 26-bit external address Reserved
4.3.10 Target Read Count Register (TARGRDCNT)
This register specifies maximum number dwords fetch after Target mode read begun. (This applicable Target writes Master reads/writes.) Since Target reads sometimes timeout access latencies path from core addressed location, desirable fetch enough data that re-try, sufficient data will available core read FIFO complete transaction. other hand, anticipatory fetching data from internal FIFO such Hash/Encrypt data FIFO dangerous. Target read only requires bytes from FIFO, bytes pre-fetched, then data will lost. Target reads FIFOs, this register should programmed with exact size desired transfer. Register Address (READ WRITE) Target Master 0x00C4 0x0062
Maximum number dwords fetch Target read 255) Reserved
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
4.3.11 Endian Register (PCIENDIAN)
This register specifies `Endianness' data transfers between ADSP 2141. little-endian, communicating with big-endian Host, then byte swapping needed. Setting this register will cause hardware byte-swap occur transfers element ADSP 2141, including external memory internal registers memory spaces. (However, this does apply accesses to/from 256-byte Configuration space.) status this Host selection reflected side Status/Configuration register, described above. Register Address (READ WRITE) Target Master 0x00C8 0x0064
Endian Select: Endian, Little Endian Reserved
following figure illustrates behavior Endian swapper (see also section 5.2.10):
Endian Swapper
Little Endian Don't swap Endian Swap
ADSP 2141 Internal 32-bit
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
CHAPTER HASH/ENCRYPT SUBSYSTEM
Hash Encrypt Block Overview
Encrypt Block tightly coupled Hash Block ADSP 2141 therefore discussed together. Refer Figure following description: algorithms implemented Combined Hash Encryption Block are: DES, Triple DES, SHA-1. Data transferred from module once perform both hashing encryption same data stream. encrypt/decrypt operations highly paralleled pipelined, execute full 16-round only clock cycles. internal data flow buffering allows parallel execution hashing encryption where possible, allows processing data concurrently with previous subsequent blocks. Context switching optimized minimize overhead changing cryptographic keys near zero.
Register Address
512-bit FIFO
16/32-bit Input
16/32-bit Output
Insertion
Consume Verify
PCI,
Encrypt/ Decrypt Block
Write Context
Context Storage (0/1) 512-bit FIFO Hash Block
Read Context
Hash Digest
Mutable Handle
Insertion
(Encrypt-then-Hash) (Decrypt-then-Hash)
Figure Hash/Encrypt Functional Block Diagram `software' interface module consists memory-mapped registers, which visible most which enabled Host access. five registers define operation performed, length data buffer processed, bytes, offset between start hashing encryption vice versa), Padding operation. data length unknown time
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
encrypt/decrypt operation started, Data Length register zero which specifies special handling. this case, data passed Hash/Encrypt block indefinitely until data encountered. that time, operation terminated writing control word Hash/Encrypt Control Register (the `idle' command). This will `close-out' processing packet, including addition selected crypto padding. seven status registers provides information when operation started, when there space available accept data, when there data available read out, results from Padding operation.
5.1.1 Crypto Contexts
There sets `crypto-context' registers, each context consisting bytes data. Each context contains Triple key, Initialization Vector (IV), pre-computed hashes (inner outer) authentication HMAC operations. contexts also contain registers reload byte count from previous operation (which part hashing context), well (also called `Salt') decrypting Black key, necessary. Once crypto-context been loaded, operation defined writing HECNTL register, data processed writing data input FIFO. interface, data always written read from, same address. Internally, hash encryption functions have separate 512-bit FIFOs, each with their FIFO management pointers. Incoming data automatically routed both these FIFOs depending operation progress. Output from encryption block read from data output FIFO. encrypt-hash decrypt-hash operations, data also automatically passed hashing data input FIFO. Output from hash function always read from digest register appropriate crypto-context. Initialization Vector (IV) used crypto operation loaded part crypto-context. When operation complete, same context will contain resulting produced end, which saved away restored later continue operation with more data.
5.1.2 Padding
When input data multiple bytes 64-bit block), encrypt module will automatically append bytes. There several options padding constructed, which specified using control word operation description. Options include zero padding, pad-length character padding (PKCS #7), incrementing count with trailing length next header byte (for IPsec), fixed character padding. Note that IPsec PKCS#7 protocols, there cases where padding only fills-out last 8-byte block, also causes additional 8-byte block padding added. desired perform padding software, application simply Mode `zero padding' then guarantee that final data presented been padded nearest 8-byte boundary. Hash operations, padding automatically added specified MD-5 SHA-1 standards. When `Hash Final' command issued command word, indicating last input data, algorithmspecified padding bits added hash input buffer prior computing hash.
5.1.3 Data Offsets
Certain security protocols, including IPsec, require portions data packet Hashed while remainder data both hashed encrypted. ADSP 2141 supports this requirement through OFFSET register which allows specifying number 32-bit dwords offset between hash encrypt operations.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
5.1.4 Black Loads
cryptographic keys loaded part crypto-context stored off-chip "black" (encrypted) form4. appropriate control (HECNTL 15), 3DES will decrypted immediately after written into Context register. hardware handles this decryption automatically. that covers black keys loaded dedicated write-only register within ADSP 2141. decrypting Black secret called 'Salt' must stored along with black part context). Note that 3DES mode used protecting 3DES Black keys single-DES used single-DES Black keys. When Black keys used, key-decrypt adds 6-cycle overhead (0.15µs 40MHz) keys 36cycle overhead (0.9µs 40MHz) triple-DES keys each time crypto-context loaded. (Note that same Context used more than packet operation, decryption does need performed again.) Depending sequencing operations, this decryption fact hidden (from performance impact perspective) other operations underway. This because Black decryption process only requires that hardware available. example, reading previous Hash result output FIFO, Black decryption going parallel. Also note that data driver firmware does have wait decrypted before writing data input FIFO. hardware automatically waits decrypted before beginning process data given packet. possible make impact black essentially zero with efficient pipeline programming. Encryption decryption, designated Data Encrypting (DKEK) loaded Secure Kernel firmware using Manipulation commands such cgx_load_kg cgx_uncover_key (see "CGX Interface Programmer's Guide"). This DKEK typically same black keys, since usually protecting local storage only. Black keys typically created commands. Almost generation derivation command will allow result saved off-chip, encrypted under specified DKEK. This structure then stripped down just Salt encrypted used Black encryption engine. Laser Program-Control (PCDB) configuration bits specifies whether (Plaintext) keys allowed loaded into ADSP 2141 from Host transfer from external memory. AllowRedKeyLoad PCDB set, keys only loaded their `Black' form `decrypt key' HECNTL register assumed forced `1'. This useful systems where export restrictions limit length which used where external storage environment untrusted. AllowRedKeyLoad set, then keys either loaded either their Black form, `Red' (unencrypted) form. Note that Laser Configuration overridden with IRE-signed Token (see Interface Programmer's Guide). Depending definition 'Security Module Boundary' given application, FIPS 140-1 require `black key' protect material. other words, Security Boundary does enclose database where keys stored, then those keys must protected from compromise. Black satisfactory meet this FIPS requirement.
Note that PCDB configuration selects whether Black load mandatory whether load permitted. This overridden with IRE-signed token. Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
Encrypt Hash Detailed Description
following sections provide details operation Hash/Encrypt block ADSP 2141.
5.2.1 Subsystem
512-bit byte) crypto data FIFO allows eight 64-bit blocks queued processing. FIFO implemented circular buffer, where processed data written back same location came from. most applications, optimum transfer size 256-bits bytes) which provides most efficient `pipelining'. This allows four 64-bit (8-byte) blocks queued, then while those being processed, previous four blocks output, four blocks input.
5.2.2 Modes
ADSP 2141 DES/3-DES engine perform standard modes: ECB, CBC, OFB, either Single-DES Triple-DES. Since operates 64-bits time, data always input algorithm 8-byte lumps padded bytes ADSP 2141). mode operation selected HECNTL register same time Encrypt/Decrypt operation started. CBC, modes, algorithm block used generate `Keystream' which XORed with Plaintext data order product Ciphertext. This XORing performed within Encryption hardware, user only passes Plaintext Ciphertext data ADSP 2141. Cipher Feedback mode, three feedback choices available: 64-bit, 8-bit, 1-bit. 64-bit CFB, data written input FIFO same manner other modes. However 8-bit 1-bit modes, null bytes must written data FIFO order align desired byte within 8-byte output. example, 8-bit mode, null bytes must written after each `payload' byte written input FIFO. Triple-DES (3DES) processing performed encrypt hardware employs `Outer' 3DES algorithm opposed `Inner' 3DES). This means that, given input block 8-bytes, engine first Encrypt, then Decrypt, finally again Encrypt mode prior feedback operations. Inner 3DES performs feedback operations between each operations. Most security protocol standards call Outer 3DES, generally considered stronger modes.
5.2.3 Automatic Updating
certain packet-based applications such IPsec, feature available that avoids need generate load random IV's outgoing (encrypted) packets. operating sequence this feature follows: first encrypted packet after ADSP 2141 initialized, random numbers should generated written each context's register. (This actually done part ADSP 2141 boot process.) Control Hash/Encrypt Control register order prevent subsequent software overwriting field context registers. Now, each packet encryption decryption, register active context will contain last bytes ciphertext. This `random' value will remain register overwritten when context next packet loaded. (This technique fully compliant with IPsec standards.) decrypted packets, typically explicitly included with incoming packet. Thus, Control step will have prior writing into context register. After written, control should restored `1'.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
5.2.4 Crypto Padding
facilitate peak encrypt/decrypt performance, ADSP 2141 supports most commonly needed Padding functions hardware. features include: Generating appending bytes Plaintext packet prior encryption Verifying correct bytes after decrypting packet Consuming (discarding) bytes after decrypting packet.
Four Padding Modes supported ADSP 2141 hardware: Number Mode Zero IPsec Description Appends bytes 0x00 Plaintext data ensure total number bytes remainder modulo Appends bytes, followed count then "next header" byte. byte values count from `Next Header' byte specified Control register. total bytes appended. Appends bytes: byte value value count, bytes needed, they will `03, 03'. Appends bytes user-specified character Plaintext data ensure total number bytes remainder modulo byte (any value from 0x00 0xff) specified Read/Write Control Register.
PKCS Constant
Host system software wishes implement another type Padding than supported hardware, then Mode (Zero Pad) should selected. Host simply insures that data encrypted falls 8-byte boundary inserting characters own, which case Hardware Padding engine will bytes. Verification There Verify General Status register which checks proper padding Modes (Note that this invalid blocks read from hash/encrypt FIFO except last block processed.) Verification operation checks decrypted data correct properties specified selected Padding Mode (The Next Header byte value validated IPsec mode). Modes selected, Verify will always read Consumption application must always read-out last block (8-bytes) decrypted plaintext data there least user-payload byte When either Mode (IPsec) Mode (PKCS selected, ADSP 2141 notify application number bytes (including Pad, length, Next Header applicable) detected decrypted plaintext through Status registers (HEPADSTAT0/1). count reported. addition, these padding modes cause additional block bytes produced (since more than bytes have originally been added packet). presence this additional block detected ADSP 2141and reported General Status register. response, application command ADSP 2141 discard last block order save time reading those bytes. write value Consume register will cause this discard occur.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
5.2.5 Hash Subsystem
Like Encrypt/Decrypt subsystem, hash processing section also 512-bit byte) FIFO. This represents single 512-bit input block hash algorithm. When hash buffer buffer full, algorithm section finished processing previous data, input block immediately copied 512-bit algorithm working buffer, entire 512-bit FIFO buffer available data input again. When data being supplied Hash FIFO controller (Master Target), there hardware flow-control mechanism which will suspend until room becomes available Hash FIFO. supplies data directly Hash FIFO, must implement `soft' flow control avoid overrunning FIFO. general, speed hardware Hash engine, unlikely that overrun could even occur; only highly optimized assembly language driver could supply Hash FIFO faster than able consume it.) This soft flow-control could, example, implemented burst-loading hash buffers worth data bytes) into Hash input FIFO. Then, pause approximately cycles ensure that first Hash been computed (MD-5 hash takes clock cycles, SHA-1 takes cycles). There several options available control hashing, addition selecting between SHA-1 MD5. application choose either initial state hash operation from constants defined algorithms, from digest which loaded part crypto-context. continue previous operation, previous `interim' digest must reloaded. operation resumed, also necessary load previous count bytes processed. This also loaded part crypto-context.
5.2.6 Mutable Processing
Hash subsystem ADSP 2141 incorporates hardware `Mutable processor'. This included support IPsec standards which specify that certain fields header must zero'ed they change transit through network.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
Mutable processor zeroes following bits (shaded), based selected mode: IPv4 IPv6. assumed that data enters hash FIFO following numbered order.)
HLEN Priority Flow Label
IPv4)
IPv6)
IPv4 Header
Service Type (TOS) Packet Length
Packet Flags Frag Offset Protocol Header Checksum
Payload Length Next Header Limit
Source Address
Source Address
Destination Address
Destination Address
(Options) Payload
(Extension Headers) Payload
Mutable processing only performed data which appears Hash input FIFO; will affect data Crypto input FIFO (although IPsec data encrypted anyway). Mutable processing available hardware IPv4 `Options' fields header, available IPv6 `Extension Headers'. Mutable processing these cases must handled software prior data being presented hash input FIFO.
Preliminary Information Copyright 1999
IPv6 Header
Secure Solutions
ADSP 2141 User's Manual
5.2.7 Hash Padding
Controls also provided determine what done input data stream. operation resumed later time, then operation should defined exclude `final' processing. this case, special processing will done beyond making resulting digest available part output crypto-context. operation include last input data, then control `final' processing should set, which will cause padding operations defined hashing algorithms performed. These include adding `pad byte' following last byte data, placing 64-bit data length, expressed terms bits, end. less than bytes available between last input data byte, next 512-bit block boundary, extra 512-bit padding hash block will added contain length. additional bytes required fill last extra 512-bit blocks zero. previously described, same input data stream internally buffered both hash encryption sections, depending data flow operation selected. case hash-encrypt, where components operation done parallel, padding added crypto block according option selected, same padding added hash block.
5.2.8 HMAC Processing
support IETF HMAC protocol, module supports processing `outer' hash. Each crypto-context supports loading `inner' `outer' pre-computed initial digest. Typically, these would results HMAC keyed hash pre-processing, would stored part security association (SA) negotiated connection. pre-computed inner hash loaded initial state hash algorithm before processing input data stream initial hash byte count input data, normal `final' processing done inner hash, then resulting digest used data additional round hash processing, where initial state pre-computed initial `outer' keyed hash digest.
5.2.9 Hash/Encrypt Data Flow
Depending headers processed packets transformed using hash-encrypt, that data buffer ends being double word aligned with respect starting point operation buffer. this case, transfers done using byte enables begin operation arbitrary bytes within their respective double words. When on-chip used setup transfers using Master Mode, capability control byte enables setting starting offset byte count. When Target Mode transfers used, host responsible controlling byte enables. Byte enables also used 16-bit bus. this case, byte enable signals HEBYTEEN register Applications Registers section (See section 6.3.7). This byte-access capability only applies data FIFOs. other registers assume full word (16-bit bus) double word (32-bit Host bus) transfers. hash-encrypt block designed support zero wait state reads 16-bit DSP, wait state reads 32-bit (due endian processing). Writes experience clock latency, they first latched, then written target address. Writes zero wait from host's perspective, however, long read attempted immediately following cycle.
5.2.10 Hash/Encrypt Endianness
hash-encrypt block also supports communication with host processors which either endian little endian, terms order storage within double word. default assumption little endian. endian selected, module will reorder input output bytes, case 32-bit bus, align them with proper edge resulting double word. Endian processing applies data transfers through interface. Refer Figure Figure diagrams data words transferred between bus, bus, Hash/Encrypt FIFOs.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
Internal
pins
Addresses (Upper)
32-bit External Memory
Even Addresses (Lower)
Input FIFO register
BYTE register
Output FIFO register
FIFO
FIFO Figure Access Hash/Encrypt FIFOs
Note that ADSP 2141 engine shown accepting data common convention (with leastsignificant being right, most-significant left). FIPS specification uses opposite convention. shows left right. following figure:
FIPS-46 Convention Common Software Convention Data
Input register
Algorithm
Output register
Data
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
following figure illustrates data movements 32-bit internal ADSP 2141.
Host ENDIAN register
Endian Swapper ADSP 2141 Internal 32-bit
Don't Swap Swap Bytes
32-bit External Memory
PCI/DMA Byte Enables
Input FIFO register
Output FIFO register
FIFO
FIFO Figure Access Hash/Encrypt FIFOs
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
5.2.11 IPsec Data Ordering
consider packet which needs encrypted using ESP. following figure shows packet bytes `Network Order' format; other words, value first byte down wire, followed etc. `Network Order' Payload Header (not encrypted) Replay Counter Initialization Vector (IV)
this case, first data enter Hash/Encrypt FIFO this data transferred across 32-bit within ADSP 2141, then first word written FIFO
second word written
(These word-orderings what would expect with Little Endian processor. That first byte down wire always placed `byte position within 32-bit word, which bits Little Endian machine. Endian machine, would expect opposite byte order within word, thus Endian swap hardware ADSP 2141 would activated.) Next, words written, completing first bytes which will into hash block only encrypted (Offset bytes between Hash Encrypt). Then, payload data which will both hashed encrypted written into FIFO. First:
then:
written which will result first 64-bit input appear
5.2.12 Command Data Ordering
Consider command block which needs transferred from Host (PCI bus) into Application Registers Mailbox. example, will command CGX_RANDOM, which would defined follows: cgx_random (kb, &buf, len)
Preliminary Information Copyright 1999
Assume want bytes Random Number
Secure Solutions
ADSP 2141 User's Manual
will examine command structure which would written from 32-bit Host into Application Registers Mailbox within ADSP 2141. following table illustrates longwords which must appear internal 32-bit ADSP 2141 written base addresses shown. Note that with longword writes, address points least significant byte (bits 0-7) longword.
`Little Endian Order' Address
0x0028 0x000C 0x0008 0x0004 0x0000
Argument [Unused] Argument [Unused] Argument [32-bit Buffer Pointer] Argument [Random Number Length] Command Code Application-specific
above example, first 32-bit location (bytes written with Application-specific field lower word this case: 0x1234) Command Code value cgx_random (0x0002) upper word. next longword will specify length random number string; this case bytes (0x00 02). Next, 32-bit address pointer buffer memory space that receive random numbers. example, address 0x00 remaining arguments unused cgx_random command.
5.2.13 Hash/Encrypt Subsystem Notes
Note that pipelining nature module, possible begin operation before data from previous operation been read out. sequence steps simplified operations performed serially with overlap. Final processing hashing operations, padding short trailing crypto block, initiated automatically. input data stream operation determined counting number bytes input comparing byte length entered part operation control. operation ended prematurely entering `idle' operation control word. length field zero, this only cause normal end. black keys used, DKEK register must loaded prior loading either crypto contexts. DKEK register must loaded using command interface, either explicitly using cgx_load_kg, implicitly part generation/manipulation commands. only type which loaded into this register DKEK. (See Interface Programmer's Guide more information.) most processing commands, performs hash-encrypt actions reads writes 16-bit (ie. DMA). However, when managing interactions system, data resides host memory 32-bit External Memory, then status polling control actions take place 16-bit bus, crypto-context data FIFO take place 32-bit using Master transfers initiated DSP5. When host processor directly managing aspects hash-encrypt operation, then takes place 32-bit bus, although some cases upper 16-bits used (such environment with 16-bit embedded processor). firmware releases access Hash/Encrypt function block host whenever executing command. Note that software semaphore arbitrate ownership Hash/Encrypt interfaces set-up. This done using cgx_init with Kernel Configuration String (KCS).
Some commands which perform hash/encrypt operations only fragment packet (e.g. open-ended hash) will continue 16-bit interface order exercise better control over odd-length data units. Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
Hash/Encrypt Registers
Table lists memory-mapped register interface hash-encrypt module within ADSP 2141. These registers accessed either from User mode, granted permission, from host external ADSP 2141. Addresses from first column 16-bit words. Addresses from host controller first 8-bit byte 32-bit transfer. Transfers 32-bit should always aligned double word boundaries.
ADDRESS (word) TARGET ADDRESS (byte) Local ADDRESS (word) REGISTER NAME Reset Default DESCRIPTION
HASH/ENCRYPT REGISTERS Configuration Registers: 1A00 0x0200 1A0F 0x021C 0x1A10-1A11 0x0220 0x1A12 0x0224 0x0100 0x010E 0x0110 0x0112 config. control Length Offset 0x0000 Hash/Encrypt block configuration word 0x0000 control word 0x0000 32-bit data length, bytes (note: msb's lower address, lsb's upper address) 0x0000 Offset, dwords), from start hash (encryption) start encryption (hash) 0x0007 Operation control. Command consume final block Decrypted next header byte, bytes, Context Decrypted next header byte, bytes, Context Status result from Hash/Encrypt operation 0x0001 input ready control word, ready 0x0001 input ready data FIFO, ready 0x0040 Number free input bytes crypto FIFO 0x0000 Number output bytes ready crypto FIFO Triple DES: Crypto Context Triple DES: Crypto Context Triple DES: Context decryption: Crypto Context data encrypt/decrypt: Context (Inner) Digest: Crypto Context Outer Digest: Crypto Context Byte count, hash resume: Context Triple DES: Crypto Context Triple DES: Crypto Context Triple DES: Context decryption: Crypto Context data encrypt/decrypt: Context (Inner) Digest: Crypto Context Outer Digest: Crypto Context Byte count, hash resume: Context FIFO: Data In/Data
0x1A13 0x0226 0x1A14 0x0228 Status Registers: 0x1A16 0x022C 0x1A17 0x1A18 0x1A19 0x1A1A 0x1A1B 0x022E 0x0230 0x0232 0x0234 0x0236
0x0113 0x0114 0x0116 0x0117 0x0118 0x0119 0x011A 0x011B 0x011C 0x0120-0123 0x0124-0127 0x0128-012B 0x012C-012F 0x0130-0133 0x0134-013D 0x013E-0147 0x0148 0x0150-0153 0x0154-0157 0x0158-015B 0x015C-015F 0x0160-0163 0x0164-016D 0x016E-0177 0x0178 0x01C0
Control Consume Status Status GeneralStatus ControlReady DataReady Free Input Bytes Status Output Bytes Status Key3_0 Key2_0 Key1-0 Salt_0 IV_0 Digest_0 OuterDigest_0 HashByteCnt_0 Key3_1 Key2_1 Key1_1 Salt_1 IV_1 Digest_1 OuterDigest_1 HashByteCnt_1 Data FIFO
0x1A1C 0x0238 Context Registers: 0x1A20-1A23 0x0240-0247 0x1A24-1A27 0x0248-024F 0x1A28-1A2B 0x0250-0257 0x1A2C-1A2F 0x0258-025F 0x1A30-1A33 0x0260-0267 0x1A34-1A3D 0x0268-027B 0x1A3E-1A47 0x027C-028F 0x1A48-1A49 0x0290 Context Registers: 0x1A50-1A53 0x02A0-02A7 0x1A54-1A57 0x02A8-02AF 0x1A58-1A5B 0x02B0-02B7 0x1A5C-1A5F 0x02B8-02BF 0x1A60-1A63 0x02C0-02C7 0x1A64-1A6D 0x02C8-02DB 0x1A6E-1A77 0x02D0-02EF 0x1A78-1A79 0x02F0 Data In/Out FIFOs: 0x1AC0 0x0380
0x0000 0x0000
Table Hash/Encrypt Registers
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
5.3.1 Hash/Encrypt Configuration Register (HECFG)
This Read/Write register allows selecting configuration settings Hash/Encrypt subsystem. defines whether register ignores data written from Host. described section 5.2.3, this feature used semi-automate random generation IV's encrypt data traffic. Register Address (READ WRITE) Target Master 0x1A00 0x0200 0x0100
Allow writes context registers: allow software write ignore data written registers Reserved
5.3.2 Control Register (HEPADCNTL)
Control register allows specifying type crypto padding onto data stream order make align 8-byte boundary (see section 5.2.4). also allows specifying that `Mutable bit' processing performed data entering hash subsystem. Lastly, software write byte value into most-significant byte this register which will then inserted into proper position IPsec encrypt padding. Register Address (WRITE ONLY) Target Master 0x1A0F 0x021C 0x010E
Mode: 0=Zero Pad, 1=IPsec, 2=PKCS#7, 3=Constant Reserved Mutable Processing: 0=None, 1=IPv4, 2=IPv6 Next Header byte (IPsec), Byte constant (Mode
5.3.3 Data Length Register (HEDATLEN)
This 32-bit Read/Write register allows Host Software specify data length processed Hash/Encrypt engine. special case designated writing this register. this case, length data undefined start, software must indicate termination data flow writing control word (which should `idle' command: 0x0007). (Note that most least-significant words length word-swapped order memory with most significant length bits located lower memory address.)
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
Register Address (READ* WRITE) Target Master 0x1A10-1A11 0x0220 0x0110
DSP: 0x1A10 DSP: 0x1A11
0x0221
0x0220
<-PCI
0x0223
0x0222
Data Length [31:0]
Note that read this register will result word-swapped result.
5.3.4 Hash/Encrypt Offset Register (HEOFFSET)
This register allows software specify offset between hash crypt operations. data into input FIFO, will immediately processed algorithm (hash crypt) indicated bits Control word (see 5.3.5). offset value specifies many bytes, any, should skipped before beginning second operation. offset range from dwords 1020 bytes). Register Address (READ WRITE) Target Master 0x1A12 0x0224 0x0112
Offset between operations, 4-byte dwords Reserved
5.3.5 Hash/Encrypt Control Register (HECNTL)
Hash/Encrypt Control Register provides overall command code Hash/Encrypt engine order define operations actually start stop processing. Control register must written prior inputting data Input FIFO. Some Control register bits self-explanatory, those which require clarification described below: Bits #0-2, Operation, specify processing which performed Hash/Encrypt subsystem. Writing idle command (0x0007) useful cases: Length register been (specifying unknown data length) then idle command used terminate data processing cause padding added data completion hash/encrypt operation. wished abort processing data stream prior specified length being reached, then idle command should written. Initial Hash State, allows starting hash processing from constants specified MD5/SHA-1 standards from supplied hash state placed HashDigest register active Context (section 5.3.17). Note that HMAC processing requested, this only controls behavior `inner hash'; `outer hash' will always begin with digest state loaded into `OuterDigest' register. #10, Load Hash ByteCount, allows resuming hash processing from previous intermediate state. this set, then previous byte count will retrieved from HashByteCount register active
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
Context (section 5.3.19). HMAC environment with pre-computed inner outer digests, this would during pre-computations, would 1for subsequent data provided after pre-computes. #11, Perform Outer Hash, effectively specifies whether perform straight hash HMAC hash with inner outer loop. This initial command Hash/Encrypt state machine automatically sequences HMAC processing. #12, Perform Hash Final Processing, tells hash engine whether `close' hash input data stream. Closing hash includes adding padding count supplied data then performing hash final block. this set, then user should sure that data supplied input FIFO ends 64-byte block boundary that hash engine complete full hash provide result HashDigest register. Presumably, this would read-out along with HashByteCount that hash could resumed with more input data later time. #14, Offset Sequence, allows specifying which operation `delayed' offset specified Offset register (section 5.3.4): first second. example, IPsec outbound processing, Operation type used indicate encrypt-then-hash, initial data into FIFO should encrypted, Offset Sequence would #15, Decrypt Key, `Black Keys' stored Crypto Context. user writes Black (encrypted) into Key[1-3] registers, writes Salt. hardware will then automatically decrypt into form prior processing data input FIFO. (Note that this ignored AllowRedKeyLoad PCDB set, which case will always decrypted.) Register Address (READ WRITE) Target Master 0x1A13 0x0226 0x0113
Operation 0=encrypt; 1=decrypt; 2=hash; 3=reserved; 4=reserved; 5=hash-dec; 6=enc-hash; 7=idle Triple-DES, Mode: 0=ECB; 1=CBC; 2=OFB; 3=CFB feedback bits: 64-bits; 8-bits; 1-bit (CFB mode only; ignored otherwise) SHA, initial hash state algorithm constants inner Digest initial state load hash byte count, start from zero perform outer hash (i.e. HMAC) perform hash `final' processing context context offset from start sub-operation start sub-operation* offset from start sub-operation start sub-operation* decrypt before (using DKEK)
Preliminary Information Copyright 1999
sub-operation refers operation defined bits [0-2]. example, bits [0-2] 0x3, then first sub-operation hash second encrypt.
Secure Solutions
ADSP 2141 User's Manual
5.3.6 Consume Register (HECONSPAD)
This Write-Only register allows Software command discard last 8-byte block decrypted data Hash/Encrypt output FIFO. This typically used avoid bandwidth transferring block back host memory. example, software perform dummy write this register read that extra block detected upon decryption (HESTAT set). Register Address (WRITE ONLY) Target Master 0x1A14 0x0228 0x0114
Don't Care
5.3.7 Status Register (HEPADSTAT0)
This register provides status padding after decrypt operation context This register only applicable IPsec PKCS#7 mode selected Control Register prior Hash/Encrypt operation commencing that packet. PKCS#7, Number Bytes field direct count bytes. IPsec padding, Number Bytes field counts total Actual number bytes, count byte, next header byte. Register Address (READ ONLY) Target Master 0x022C 0x0116
0x1A16
Number Bytes last decrypted Block (0-8) Reserved Decrypted Next Header byte (IPsec)
5.3.8 Status Register (HEPADSTAT1)
This register provides status padding after decrypt operation context This register only applicable IPsec PKCS#7 mode selected Control Register prior Hash/Encrypt operation commencing that packet. PKCS#7, Number Bytes field direct count bytes. IPsec padding, Number Bytes field counts total Actual number bytes, count byte, next header byte.
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
0x1A17
Register Address (READ ONLY) Target Master 0x022E 0x0117
Number Bytes last decrypted Block (0-9) Reserved Decrypted Next Header byte (IPsec)
5.3.9 General Status Register (HESTAT)
Hash/Encrypt General Status Register provides number status bits which indicate status engine. Output Data Available: whenever output FIFO byte count greater than Bits #1-2, Hashing Complete: These bits will when final hashing complete context digest available read. Note that this occurs after final HEDATLEN byte count been reached, Length=0 processing, when idle command been written. status cleared when Hash Digest read owner. (Also parameter, hashenc_cntl, Interface Programmer's Guide.) Bits #3-4, Encrypt/Decrypt Complete: These bits will when final crypto block specified operation complete data been placed output FIFO. Also final state been transferred Context register. Note that this occurs after final HEDATLEN byte count been reached, Length=0 processing, when idle command been written. status cleared next non-idle HECNTL write. Bits #5-6, Processing Context Complete: This logical ANDing above register bits (1-4), based selected operation HECNTL. depending whether straight Hash, Crypt, Hash Crypt operation been selected, bits reflect both above controls. Bits #8-9, Block Added: only after last encrypt block been processed only extra 8-byte block been added result padding. These bits will always read decrypt processing. status cleared next non-idle HECNTL write. Bits #10-11, Verification Fault: after last decrypt block been processed data does match expected data HEPADCNTL setting. Note that these control bits only considered valid after final crypto block been processed will appear bits other times during middle crypto processing should ignored). Also, verification only enabled IPsec PKCS#7 modes; this will read zero-pad constant-pad modes. encrypt operations, these bits will always read status cleared next non-idle HECNTL write. Bits #12-13, Extra Block Detected: after last decrypt block been processed extra 8byte block data detected HEPADCNTL setting. This means that there `user data' bytes last decrypted block output FIFO, thus safe flush this block using HECONSPAD register. Note that these control bits only considered valid after final crypto block been processed will appear bits other times during middle crypto processing should ignored). Also, extra block detection only enabled IPsec PKCS#7 modes; this will read zeropad constant-pad modes. encrypt operations, these bits will always read
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
status cleared next non-idle HECNTL write. Register Address (READ /ONLY) Target Master 0x1A18 0x0230 0x0118
Output data available (from crypto block) Hashing complete context Hashing complete context Encryption Decryption complete context Encryption Decryption complete context Processing Context complete Processing Context complete Reserved Block Added Encrypt, context Block Added Encrypt, context Verification Fault, context Verification Fault, context Extra Block Detected decrypt, context Extra Block Detected decrypt, context Reserved Reserved available read from Context Valid only after last decrypted block
5.3.10 Hash/Encrypt Control Ready Register (HECTRLRDY)
This 16-bit Read-Only register indicates whether Hash/Encrypt control interface ready command. Hash/Encrypt engine must finished processing previous data before command issued. (However, result data from previous operation does have have been read from output FIFO before Control interface becomes ready.) abort operation progress, idle command written HECNTL register without waiting this register signal ready. Register Address (READ ONLY) Target Master 0x0232 0x0119
0x1A19
Control Ready word; Ready Reserved
Preliminary Information Copyright 1999
Secure Solutions
ADSP 2141 User's Manual
5.3.11 Hash/Encrypt Data Ready Register (HEDATRDY)
This 16-bit Read-Only register indicates whether Hash/Encrypt input FIFO ready more data. Specifically, means that there room input FIFO least byte. Note that there guarantee that write word (16-bits) that Host could write dword (32bits). However, data always passed into FIFO dwords read-out from FIFO dwords, then input will become available increments bytes. Free Bytes status register more specific details FIFO availability. Register Address (READ ONLY) Target Master 0x1A1A 0x0234 0x011A
Input FIFO Ready word; Ready Reserved
5.3.12 FIFO Free Bytes Register (HEFREE)
This 16-bit Read-Only register indicates many byte positions free Encrypt input FIFO. total FIFO depth 64-bytes, this count range from 0x0000 (FIFO full) 0x0040 (FIFO empty). This register applicable Hash input FIFO. Register Address (READ WRITE) Target Master 0x1A1B 0x0236 0x011B
Number free bytes Reserved
5.3.13 FIFO Output Byte Count Register (HE
Other recent searches
VLF-490 - VLF-490 VLF-490 Datasheet
UC1606 - UC1606 UC1606 Datasheet
UC5022 - UC5022 UC5022 Datasheet
UC1608 - UC1608 UC1608 Datasheet
UC3316 - UC3316 UC3316 Datasheet
SVC351 - SVC351 SVC351 Datasheet
MUR820 - MUR820 MUR820 Datasheet
MUR860 - MUR860 MUR860 Datasheet
HDSD26-FF-X-0304 - HDSD26-FF-X-0304 HDSD26-FF-X-0304 Datasheet
ENN7465 - ENN7465 ENN7465 Datasheet
Am29F080B - Am29F080B Am29F080B Datasheet
Privacy Policy | Disclaimer
© 2012 Datasheet Archive
