AN2492 Freescale Semiconductor / Motorola, AN2492 Datasheet - Page 26

AN2492

Manufacturer Part Number

AN2492

Description

MPC184 Descriptor Programmers Guide--PCI View

Manufacturer

Freescale Semiconductor / Motorola

Datasheet

1.AN2492.pdf (40 pages)

Current page: 26 of 40
Download datasheet (425Kb)

Additional Examples

The descriptor header encodes the information required to select the DEU for Op_0, and the MDEU for

Op_1. The Op_0 mode data configured the DEU to operate in 3DES, CBC, encrypt mode. The Op_1 mode

data configured the MDEU to operate in HMAC-SHA-1 mode. Because all the data necessary to calculate

the HMAC in a single dynamic descriptor is available, initialize, and autopad are set, while continue is off.

The descriptor header also encodes the descriptor type 0010, which defines the input and output ordering

for ‘hmac_snoop_no_afeu.’ The HMAC key is loaded first, followed by the length and pointer to the data

over which the HMAC will be calculated. The 3DES key is loaded next, followed by the 3DES IV. The

number of bytes to be encrypted and starting address will be an offset of the number of bytes being

HMAC’d. The data to be encrypted and HMAC’d is only brought into the MPC184 a single time, with the

DEU and MDEU only reading the portion that matches the starting address and byte length in the

length/pointer fields corresponding to their data of interest.

Plaintext is brought into the DEU input FIFO, with the MDEU out-snooping the portion of the data it has

been told to process. As the encryption continues, the ciphertext fills the DEU output FIFO, and this data is

written back to system memory as needed. When the final byte of data to be HMAC’d has been processed

through the MDEU, the descriptor will cause the MDEU to write the HMAC to the indicated area in PCI

memory. The MPC184 will write the entire 20 bytes HMAC-SHA-1 to PCI memory, and the host will

append the most significant 12 bytes of the HMAC generated by the MPC184 to the packet as the

authentication trailer. Common practice in IPSec ESP with 3DES-CBC is to use the last 8 bytes of the

ciphertext as the IV for the next packet. If this is the case, the host should copy the last 8 bytes of the

ciphertext to the Security Association database entry for this particular session before transmitting the

packet.

The next descriptor pointer is optional, and if a next descriptor is indicated, that descriptor may be

completely unrelated to the operation performed on the descriptor shown in Table 20.

9.3 Dynamically Assigned HMAC-MD-5 (Inbound/Outbound

Table 21 shows a dynamic descriptor example of an inbound/outbound IPSec AH transform.

LEN_4

PTR_4

LEN_5

PTR_5

LEN_6

PTR_6

LEN_7

PTR_7

PTR_NEXT

IPSec AH)

Field

0010_3DES_CBC_HMAC_SHA-1_Decrypt (continued)

MPC184 Descriptor Programmer’s Guide— PCI View

Freescale Semiconductor, Inc.

Table 20. Representative Descriptor DPD_Type

Value/Type

For More Information On This Product,

Pointer

Length

Pointer

Go to: www.freescale.com

Number of bytes of IV to be written to DEU IV register (always 8)

PCI address of IV

Number of bytes of plaintext to be encrypted

PCI address of plaintext to be encrypted

Number of bytes of ciphertext to be written out to memory (should be

equal to length of data-in)

PCI address where ciphertext is to be written

Number of bytes of HMAC to be written to PCI memory space

(always 20)

PCI address where HMAC is to be written

Pointer to next descriptor

Description

MOTOROLA

AN2492 Freescale Semiconductor / Motorola, AN2492 Datasheet - Page 26

AN2492

Related parts for AN2492