mcs1000 MosChip, mcs1000 Datasheet - Page 18

mcs1000

Manufacturer Part Number

mcs1000

Description

Security Processor

Manufacturer

MosChip

Datasheet

1.MCS1000.pdf (30 pages)

Current page: 18 of 30
Download datasheet (818Kb)

Page 18

MCS1000

Security Processor

Operator Blocks

The operators function on the packet data stream. Two types of operators exist – HM and BL. The HM operators

sign and authenticate the data and are read-only. The BL operators encrypt and decrypt the data.

Each operator connects to a DMA channel. The DMA system takes care of the data transfer and routing. The

operator queries the DMA channel with rd_req and wr_req. Upon receiving rd_gnt and write_gnt the data is

either available from the transmitter or captured by the receiver. Kill terminates the operator and clears the I/O

queues. Run starts the operator processing.

The operators handshake for data using rq/gnt pairs. They are unaware from where the data originates or

where it ends up. The signature operators do not have a transmitter and resultant signature is stored inside

them for later readout by the CPU using the configuration interface.

All operators process data in blocks. The block sizes are 64 bits (2 double-words) for (3)DES, 128 bits (4

double-words) for AES ciphers and 1024 bits (16 double-words) for all signature blocks. The operators do not

have start/end counters inside the blocks. The routing is handled by the DMA and the disconnected operators

do not receive the rd_gnt or wr_gnt. They are disconnected from the read port on block aligned positions inside

the stream.

BL Operator

The BL operator contains the cipher algorithm and the

DMA channel controller. It has both outputs and inputs.

The operator is only connected to the data-stream for

the duration of processing operation. It only works on

the data in its range. The range registers are inside

the DMA router.

Configuration registers hold the Key, IV, Status and

Configuration registers. It is possible to write the IV

through the configuration interface or use the first

block as an IV. The mode is set by the configuration

mechanism described above.

and the BL accumulator form the data-path and

DMA handshake controller. They also contain the

required logic to create a cipher feedback mode and

power management. This block is the same for all

BL channels. The cipher block size is entered as a

parameter to this module.

The ECB cipher module is the encryption engine that

differentiates the block operators. This is the common

Electronic Code Book mode of the cipher required.

This block runs asynchronously and is clock-stopped

by the power management system in case it is idle.

All the inputs are stable for the duration of the cipher

run.

The CBC Control

HM Operator

The HM operator contains the signature block and

the DMA channel controller. The Channel controller

is a subset of the BL operator. The HM operator only

reads data leaving the signature inside the block after

the transformation is complete. This is done because

the channel has no direct access to the stream and

therefore cannot install ICV value in the headers that

have been bypassed. The signature value is small

compared to the data count and does not create a

bottleneck. Signature blocks by themselves do not

allow for keying and the IPSec standard requires a

keyed hash – HMAC. The data preparation requires

special handling done inside the operator by the HMAC

FSM. The differentiating factor is the hash algorithm

used: MD5, SHA-1 and SHA-256. The hash operator

can be divided into data preparation and transformation

stages. The data preparation is the same for all three

of the above-mentioned hash algorithms.

Power management works in the same way as with

the BL operator. It is possible to stop all of the clocks

to the operator or those to the hash module. See BL

operator for additional description.

Rev.

1.1

mcs1000 MosChip, mcs1000 Datasheet - Page 18

mcs1000

Related parts for mcs1000