mcs1000 MosChip, mcs1000 Datasheet - Page 16

mcs1000

Manufacturer Part Number

mcs1000

Description

Security Processor

Manufacturer

MosChip

Datasheet

1.MCS1000.pdf (30 pages)

Current page: 16 of 30
Download datasheet (818Kb)

Page 16

MCS1000

Security Processor

Hardware IPSec Module

The Hardware IPSec Module accelerates the IPSec protocol by using dedicated hardware blocks. It

implements Encapsulating Security Payload (ESP) and Authentication Header (AH) IPSec protocols. The

encryption and authentication algorithms that the MCS1000 uses are DES, 3DES, AES, SHA-1, SHA-256

and MD5. The MCS1000 performs DES, 3DES and AES in both Cipher Block Chaining (CBC) mode and

Electronic Code Book (ECB) mode. The AES algorithm can be performed in 128-, 192-, and 256-bit modes.

IPSec Unit Architecture

The IPSec Unit contains the data I/O channels and

the operator blocks. The operator blocks transform

the data and the I/O channels serialize and de-

serialize the data for the operators. The IPSec Unit

communicates with the system memory through the

arbiter as described in the previous section.

operators have different block widths, but all of them

are multiples of a double-word (32 bits).

The channels and operators are configured via the

Configuration Block. This block decouples the reads

and writes for the addressed device. Each device or

channel has up to 6 double-words of configuration/

status interface.

configuration areas are gathered into 8 double-word

•

Configuration Block - The Configuration Block holds all of the configuration registers and

miscellaneous system interfaces.

Ethernet DMA Block - DMA channels and access arbiter for MAC, PCI and Cipher Module

Look Up Accelerator (LUP) - Used to alleviate the CPU. If the Security Parameter is not found

in the cache, then the CPU hands off to the LUP the SPI to search the SPD (stored on external

SDRAM) for a match.

Packet Cache - Ethernet packet cache (write-back, write-allocate) with large line size (16 double

words). The Packet Cache is used to store Ethernet packets on-chip. This on-chip storage increases

system performance since the packet does not need to be stored off-chip and frees memory controller

for CPU access.

Internal ROM - The internal 32K Byte ROM contains Built-In Self Test (BIST) and initial configuration

information for the MCS1000. The ROM is used to test and initialize the ARM core and the Hardware

IPSec Module. The ROM enables the CPU to operate in Stand-Alone or Peripheral mode. This ROM

is factory masked and is not user programmable.

IPSec Unit - The IPSec Unit contains the Operator Blocks, I/O Blocks and the DMA Channel. The

Operator Blocks include the cryptography blocks (DES, 3DES, AES) and the authentication blocks

(MD5, SHA-1, and SHA-256). The cryptography blocks are known as the BL operators and the

authentication blocks are known at the HM operators. The I/O Blocks are the means of input and

output to the IPSec Unit. The DMA Channel “links” the required blocks together in order to perform

encryption/decryption and signature/authentication quickly. Collectively the cryptography blocks and

authentication blocks are known as operator blocks.

Random Number Generator (RNG) - The RNG is a hardware-based block that generates true

random numbers.

To ease the addressing, the

The

blocks and the unused areas are marked as reserved.

The reserved registers are not decoded – writes are

discarded and reads return random data. Detailed

descriptions of the register maps for the channels and

the operators are found in the data book document.

The configuration is entered into the registers using

CPU load/store instructions.

The Ethernet DMA Block distributes the packet data-

flow through the operators and channels. The DMA

router and channel arbiter turn operators on and off

from the stream and control the DMA channel bus

multiplexers. The input-output channels allow several

streams to run through the IPSec Unit in parallel.

Rev.

1.1

mcs1000 MosChip, mcs1000 Datasheet - Page 16

mcs1000

Related parts for mcs1000