Motorola DigitalDNA MPC180E Page 68 User Manual Download | Manualshive

Page: 68 / 112

background image

7-18

MPC180E Security Processor User’s Manual

PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE

ECC Routines

Figure 7-11. ECC F

2

m Point Multiply I/O

It is important to note that unlike the RSA exponentiation routine, the point to be multiplied
is not expected to be in the Montgomery residue system when loaded into the PKEU. All
of the other ECC parameters are also expected to be loaded in standard format. This
includes the a, c, and modulus parameters of the ECC system. In addition, the “R

2

mod N”

term is also required. This term is used by the PKEU to put the operands in the Montgomery
residue system. See the full description of this function below.

It is the responsibility of the host processor to provide multiplier data to the accelerator
during the operation. That is, the ‘k’ from the point multiplication ‘kP’ must be provided
dynamically by the host micro-processor in 32-bit words. Note that the host must supply
the k data starting with the most significant 32-bit word and working down to the least
significant word. Each individual word, however, is formatted msb to lsb (i.e.
“k_word[msb:lsb]”).

PKEU asserts the IRQ signal when it is ready to accept more data. This tells the host
processor to read the status word to see what was set. If the E_RDY bit is set (or pin
IRDY_B active low), the host processor knows it must provide the next word of k - this data
is written into the EXP(k) register one 32-bit word at a time. If this interrupt is masked, then
it must poll the status register to determine when to provide the next word of k. The host
should not look for the assertion of E_RDY until after the routine (i.e. PKCR[GO] bit). Any
data written to EXP(K) prior to this will be ignored.

The point multiplication is optimized to efficiently produce results for systems that work in
the projective coordinate scheme but can accelerate affine schemes as well. The host
processor selects the scheme via the CR XYZ-bit.

N1

N2

N3

A0

A1

A2

A3

B0

B1

B2

B3

Initial Condition

Final Condition

XYZ
F2M

? (or Z

2

3

)

? (or Z

2

2

)

same

?

?

?

N0

?

c

irred. poly.

irred. poly.

y

1

(or Y

1

)

x

1

(or X

1

)

a

?

?

X

2

(or X’

2

)

Y

2

(or Y’

2

)

Z

2

(or Z’

2

)

R

2

mod N

?

k (run-time)

1 (or Z

1

)

EXP(k)

Modsize

EXP(k)_SIZE

select ‘1’ or ‘0’

‘1’ - F

2

m enabled

same

set

set

same
same

ECC

same

‘1’ - ECC enabled

F

re

e

sc

a

le

S

e

m

ic

o

n

d

u

c

to

r,

I

Freescale Semiconductor, Inc.

For More Information On This Product,

Go to: www.freescale.com

n

c

.

..

F

re

e

sc

a

le

S

e

m

ic

o

n

d

u

c

to

r,

I

Freescale Semiconductor, Inc.

For More Information On This Product,

Go to: www.freescale.com

n

c

.

..

«
...
66
67
68
69
70
...
»

Summary of Contents for DigitalDNA MPC180E

Page 1: ...sor User s Manual Rev 2 1 11 2000 Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Page 2: ... for any other application in which the failure of the Motorola product could create a situation where personal injury or death may occur Should Buyer purchase or use Motorola products for any such unintended or unauthorized application Buyer shall indemnify and hold Motorola and its officers employees subsidiaries affiliates and distributors harmless against all claims costs damages and expenses ...

Page 3: ... Unit Message Digest Execution Unit Glossary of Terms and Abbreviations 7 8 9 Public Key Execution Unit Random Number Generator Hardware Parameters IND Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Page 4: ... Unit Message Digest Authentication Unit Glossary of Terms and Abbreviations 7 8 9 Public Key Execution Unit Random Number Generator Hardware Parameters Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Page 5: ...3 External Bus Interface and Memory Map 3 1 Execution Unit Registers 3 1 3 2 Address Map 3 2 3 3 External Bus Interface 3 4 3 3 1 EBI Registers 3 5 3 3 1 1 Command Status Register CSTAT 3 5 3 3 1 2 ID Register 3 7 3 3 1 3 IMASK Register 3 8 3 3 1 4 Input Buffer Control IBCTL and Output Buffer Control OBCTL Registers 3 9 3 3 1 5 Input Buffer Count IBCNT and Output Buffer Count 3 3 1 6 OBCNT Registe...

Page 6: ...errupt Register 5 3 5 1 4 Key Length Register 5 3 5 1 5 Key Low Lower middle Upper middle Upper Register 5 3 5 1 6 Message Byte Double Word Register 5 4 5 1 7 Message Register 5 4 5 1 8 Cipher Register 5 4 5 1 9 S box I J Register 5 5 5 1 10 S box0 S box63 Memory 5 5 Chapter 6 Message Digest Execution Unit 6 1 Operational Registers 6 1 6 1 1 MDEU Version Identification Register MID 6 2 6 1 2 MDEU ...

Page 7: ...tion A B R 2 mod N 7 16 7 3 8 ECC F2m Polynomial Basis Point Multiply 7 17 7 3 9 ECC F2m Point Add 7 19 7 3 10 ECC F2m Point Double 7 21 7 3 11 ECC F2m Add Subtract 7 22 7 3 12 ECC F2m Montgomery Modular Multiplication A B R 1 mod N 7 23 7 3 13 ECC F2m Montgomery Modular Multiplication A B R 2 mod N 7 24 7 4 RSA Routines 7 25 7 4 1 A R 1 EXP mod N 7 25 7 4 2 RSA Montgomery Modular Multiplication A...

Page 8: ...ameters 9 1 Absolute Maximum Ratings 9 1 9 2 Package Thermal Characteristics 9 2 9 3 Pin Capacitance 9 2 9 4 AC DC Electrical Characteristics 9 3 9 5 AC Timing Specification 9 3 9 6 Data Transfer 9 4 9 7 Exception Timing 9 5 9 8 Case Outline Package Dimensions 9 6 Glossary of Terms and Abbreviations Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to ww...

Page 9: ...PKEU Control Register PKCR 7 2 7 2 PKEU Status Register PKSR 7 4 7 3 PKEU Interrupt Mask Register PKMR 7 5 7 4 ECC Fp Point Multiply Register Usage 7 9 7 5 ECC Fp Point Add Register Usage 7 11 7 6 ECC Fp Point Double Register Usage 7 12 7 7 Modular Add Register Usage 7 13 7 8 Modular Subtract Register Usage 7 14 7 9 Modular Multiplication Register Usage 7 15 7 10 Modular Multiplication with double...

Page 10: ... Register Usage 7 30 7 22 Clear Memory Register Usage 7 31 7 23 R2 mod N Register Usage 7 33 7 24 RPRN mod P Register Usage 7 34 8 1 RNG Status Register 8 2 9 1 Exception Cycle Timing 9 5 9 2 Case Outline Package Dimensions 9 6 Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc ...

Page 11: ...st Execution Unit MDEU Registers 6 1 6 2 MCR Field Descriptions 6 3 6 3 MSR Field Descriptions 6 4 7 1 PKEU Registers 7 1 7 2 PKCR Field Descriptions 7 2 7 3 PKSR Field Descriptions 7 4 7 4 PKMR Field Descriptions 7 5 7 5 ECC Fp Point Multiply 7 8 7 6 ECC Fp Point Add 7 11 7 7 ECC Fp Point Double 7 12 7 8 Modular Add 7 13 7 9 Modular Subtract 7 14 7 10 Modular Multiplication 7 15 7 11 Modular Mult...

Page 12: ...Generator Registers 8 2 8 2 RNG Status Register Field Descriptions 8 2 9 1 Absolute Maximum Ratings 9 1 9 2 Package Thermal Characteristics 9 2 9 3 Capacitance 9 2 9 4 DC Electrical Characteristics 9 3 9 5 AC Timing Specifications Clock and Reset Pins 9 3 9 6 AC Timing Specifications Signal Pins 9 4 9 7 Determination of Cycle Types 9 4 Freescale Semiconductor I Freescale Semiconductor Inc For More...

Page 13: ...versions of the MPC8xx system bus The MPC180E is optimized to quickly process all the algorithms associated with IPSec WTLS WAP SSL TLS and IKE including RSA RSA signature Diffie Hellman Elliptic Curve Cryptography DES 3DES SHA 1 MD4 MD5 and Arc Four Major features of MPC180E are as follows Public key asymmetric key RSA Programmable field size of up to 2048 bits Elliptic curve cryptography F2m and...

Page 14: ...xternal processor may execute application code from its ROM and RAM using RAM and optional nonvolatile memory such as EEPROM for storing data The MPC180E resides in the processor memory map therefore an application requiring cryptographic functions simply writes to and reads from the appropriate memory location The MPC180E interfaces to the MPC8xx system bus or to the local buss of the MPC8260 Fig...

Page 15: ...Open address mode Any address in the MPC180E address map is available for use by the host processor This mode is used for direct writes to set up the MPC180E control registers and can be used for data transfers to and from the MPC180E FIFO mode The MPC180E will accept large data transfers into the input buffer and return burst data through the output buffer Up to 4Kb data transfers are possible th...

Page 16: ... Standard Execution Unit DEU The DEU is used to perform bulk data encryption and decryption in compliance with the Data Encryption Standard algorithm ANSI X3 92 The DEU can also compute 3DES an extension of the DES algorithm in which each 64 bit input block is processed three times The MPC180E supports two key K1 K3 or three key 3DES The DEU operates by permuting 64 bit data blocks with a shared 5...

Page 17: ...ssage Authentication Code HMAC as specified by RFC 2104 The HMAC can be built upon any of the hash functions supported by the MDEU 1 3 5 Random Number Generator RNG The RNG is a digital integrated circuit capable of generating 32 bit random numbers It is designed to comply with FIPS 140 standards for randomness and non determinism Because many cryptographic algorithms use random numbers as a sourc...

Page 18: ...E WITHOUT NOTICE Architectural Overview Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Page 19: ...it 31 D 0 31 1 2 4 6 7 9 11 12 14 17 18 20 22 24 28 32 34 36 37 38 87 89 90 92 94 96 98 99 I O Data bidirectional data bus This bus is connected directly to the processor core msb bit 0 lsb bit 31 TS 53 I Transfer Start transfer start pin for control port This signal is asserted by the bus master to indicate the start of a bus cycle that transfers data to or from the MPC180E R W 54 I Read Write re...

Page 20: ...ardware interrupt NC 26 27 49 50 51 76 100 No connection to the pin DMA Hardware Handshake pins DREQ1 83 O DMA Request 1 active low signal which indicates that either the input or output buffer is requesting data transfer by the host or DMA controller DREQ1 and DREQ2 are each programmable to refer to the MPC180E chip input buffer or output buffer This signal is designed to interoperate with a Powe...

Page 21: ...1 88 97 I 3 3 Volts Power pins for I O pads OVSS 3 13 23 33 42 63 80 86 95 I 0 Volts Ground IVSS 8 19 39 58 69 91 I 0 Volts Ground Table 2 1 Pin Descriptions Continued Signal name Pin locations Signal type Description Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More I...

Page 22: ...87 OVSS 86 IRQ 85 DREQ2 84 83 82 OVDD 81 80 OVDD 97 D22 96 OVSS 95 IVDD 93 IVSS 69 A22 68 A21 67 A20 66 OVDD 65 A19 64 OVSS 63 A18 62 TA 61 IVDD 60 CLK 59 IVSS 58 CONFIG 57 CS 56 BURST 55 R W 54 A25 73 A24 72 IVDD 71 A23 70 MPC180E Pinout TDI 48 NC 49 NC 50 NC 26 NC 27 TS 53 RESET 52 NC 51 A27 75 A26 74 OVSS 23 D10 24 OVDD 25 D29 1 D21 2 A29 78 A28 77 NC 100 D6 99 D14 D30 OVSS IVDD SE VSS NC 76 PS...

Page 23: ...8 IV left 209 DATAIN_R 20A MDEU MDMB 0 15 000 Digest 0 4 010 Control CR 015 Status SR 016 Clear interrupt 017 PKEU BRAM 64x32 A00 ARAM 64x32 A40 NRAM 64x32 A80 EXP k B00 Control CR B01 Status SR B02 Mask MR B03 Instruction IR B04 Prog counter PC B05 Clear interrupt B06 Modulus size B07 EXP k size B08 Command status 600 AutoRand output 602 DATAIN_L 20B DATAOUT_R 20C DATAOUT_L 20D Device ID 018 AFEU...

Page 24: ...x000 0x1FF 0x000 0x0000_0000 Message buffer MB0 W 0x001 0x0000_0004 Message buffer MB1 W 0x002 0x0000_0008 Message buffer MB2 W 0x003 0x0000_000C Message buffer MB3 W 0x004 0x0000_0010 Message buffer MB4 W 0x005 0x0000_0014 Message buffer MB5 W 0x006 0x0000_0018 Message buffer MB6 W 0x007 0x0000_001C Message buffer MB7 W 0x008 0x0000_0020 Message buffer MB8 W 0x009 0x0000_0024 Message buffer MB9 W...

Page 25: ...0x0000_1000 Control W 0x401 0x0000_1004 Status R 0x402 0x0000_1008 Clear interrupt W 0x403 0x0000_100C Key Length W 0x404 0x0000_1010 Key Low W 0x405 0x0000_1014 Key Lower Middle W 0x406 0x0000_1018 Key Upper Middle W 0x407 0x0000_101C Key Upper W 0x408 0x0000_1020 Message Byte Double Word W 0x409 0x0000_1024 Plaintext in W 0x40A 0x0000_1028 Ciphertext out R 0x40B 0x0000_102C S box I J R W 0x410 0...

Page 26: ...T R W 0x901 0x0000_2404 ID R 0x902 0x0000_2408 IMASK R W 0x903 0x0000_240C IBCTL R W 0x904 0x0000_2410 IBCNT R W 0x905 0x0000_2414 OBCTL R W 0x906 0x0000_2418 OBCNT R W PKEU 0xA00 0xBFF 0xA00 0x0000_2800 BRAM R W 0xA40 0x0000_2900 ARAM R W 0xA80 0x0000_2A00 NRAM R W 0xB00 0x0000_2C00 EXP k R W 0xB01 0x0000_2C04 Control R W 0xB02 0x0000_2C08 Status R 0xB03 0x0000_2C0C Interrupt mask R W 0xB05 0x000...

Page 27: ... IBCTL R W Input Buffer Control Register Contains the starting address in the MPC180E where data from the input buffer is to be written Contains the counter mask field see Section 3 3 1 4 Input Buffer Control IBCTL and Output Buffer Control OBCTL Registers IBCNT R W Input Buffer Count Register Gives the total number of 32 bit words to be written to a specific execution unit for a given operation T...

Page 28: ...terrupts 13 MDEU Message Digest Execution Unit External Bus Interface interrupts 14 RNG Random Number Generator External Bus Interface interrupts 15 PKEU Public key Execution Unit External Bus Interface interrupts 16 17 Reserved should be cleared 18 22 Raw interrupt indicators for individual execution units These are the unmasked interrupts from the execution units For bits18 22 0 interrupt not pe...

Page 29: ...his function is used to unmask an interrupt from the currently active execution unit It is to be used when a execution unit sends a series of intermediate interrupts the host does not want to see For example if the DEU is enabled and active many interrupts may be generated for intermediate results The host however may only be interested in the final interrupt that occurs when the DEU completes pro...

Page 30: ... bit assignments in the IRQ register for all the MPC180E execution units All enable mask registers operate on the corresponding bits An interrupt is masked when its corresponding IMASK bit is a 1 0 7 8 10 11 13 14 15 Field MPC180E MDEU DEU Reset 0000_0000 010 0_01 01 R W Read 16 17 19 20 22 23 25 26 28 29 31 Field DEU AFEU RNG EBI PKEU Reset 0 001 001 0_10 01_0 00x R W Read Addr 0x901 Figure 3 3 I...

Page 31: ...4 IMASK Register Table 3 5 IMASK Field Descriptions Bits Name Description 0 26 Reserved should be cleared 27 DEU Data Encryption Standard Execution Unit global interrupt control 0 interrupt unmasked 1 interrupt masked 28 AFEU Arc Four Execution Unit global interrupt control 0 interrupt unmasked 1 interrupt masked 29 MDEU Message Digest Execution Unit global interrupt control 0 interrupt unmasked 1...

Page 32: ...tarting address is the address to which the first word of data from the input buffer is written for a given operation All subsequent addresses are derived from this address Table 3 7 OBCTL Register Field Descriptions Bits Name Description 0 7 Reserved should be cleared 8 15 Count mask Defines how the buffer controller presents addresses to execution units when data is read from the active executio...

Page 33: ...oller Operation The controller EBI is the interface between the host the input and output FIFOs and the individual execution units It also contains control logic designed to help off load flow control from the host The controller facilitates single access or burst reads and writes from the host and it also manages the interrupts that execution units send to the host The controller also controls DR...

Page 34: ...fer with data transfers as required The EBI CSTAT register determines whether these signals reflect the state of the input buffer or output buffer By default DREQ1 refers to the state of the input buffer and DREQ2 refers to the state of the output buffer NOTE DREQx refers to either DREQ1 or DREQ2 Either can be programmed to refer to the state of the input or output buffer In FIFO mode the input bu...

Page 35: ...in more detail in the following sections Table 4 1 Data Encryption Standard Execution Unit DEU Registers MPC180E 12 Bit Address Processor 32 Bit Address Register Type 0x200 0x0000_0800 Control DCR R W 0x201 0x0000_0804 Status DSR R 0x202 0x0000_0808 Key1_R R W 0x203 0x0000_080C Key1_L R W 0x204 0x0000_0810 Key2_R R W 0x205 0x0000_0814 Key2_L R W 0x206 0x0000_0818 Key3_R R W 0x207 0x0000_081C Key3_...

Page 36: ...ed bits of DCFG are read as 0 values Figure 4 2 DEU Configuration Register DCFG 0 28 29 30 31 Field MODE XDES E D Reset 0000_0000_0000_0000 R W R R W Addr 0x200 Table 4 2 DCR Field Descriptions Bits Name Description 0 28 Reserved should be cleared 29 MODE Selects the DES mode of operation Both Electronic Code Book ECB and Cipher Block Chaining CBC are supported 0 ECB 1 CBC 30 XDES Controls single ...

Page 37: ...l goes high new data in the Table 4 3 DCFG Field Descriptions Bits Name Description 0 29 Reserved should be cleared 30 RST The DES can be reset by asserting the RESET signal or by setting the Software Reset bit in the Control Register The software and hardware resets are functionally equivalent The software reset bit will clear itself one cycle after being set 0 1 software reset 31 IMSK Clearing t...

Page 38: ... The IV should be written before the first block of data is encrypted After each block of data is encrypted the Initialization Vector register is updated to prepare for the next block of data This register is readable so that the current encryption context mode keys and IV can be saved and restored The Initialization Vector registers must not be written while data is being encrypted or decrypted D...

Page 39: ...ddress Register Type 0x400 0x0000_1000 Control W 0x401 0x0000_1004 Status R 0x402 0x0000_1008 Clear interrupt W 0x403 0x0000_100C Key Length W 0x404 0x0000_1010 Key Low W 0x405 0x0000_1014 Key Lower Middle W 0x406 0x0000_1018 Key Upper Middle W 0x407 0x0000_101C Key Upper W 0x408 0x0000_1020 Message Byte Double Word W 0x409 0x0000_1024 Plaintext in W 0x40A 0x0000_1028 Ciphertext out R 0x40B 0x0000...

Page 40: ...the next sub message is written the AFEU will begin processing it and this bit will clear 28 Permute done Set once the memory is permuted with the key Once the first sub message is written the AFEU will begin processing the message and this bit will clear 29 Initialize done Set once memory initialization is complete Once the key data and length is written the AFEU will begin permuting the memory a...

Page 41: ...owest significant four bytes of the key The Key Lower Middle Register holds the next lowest four bytes of the key The Key Upper Middle Register holds the next highest four bytes of the key The Key Upper Register holds the most significant four bytes of the key 0 29 30 31 Field RST IMSK Reset 0000_0000_0000_0001 R W W Addr 0x400 Table 5 3 AFEU Control Register Field Descriptions Bit Name Descriptio...

Page 42: ...iphertext to be decrypted Writing data to this register signals the AFEU to start processing the data 5 1 8 Cipher Register The Cipher Register is a 32 bit read only register that stores the processed sub message This can either be the encrypted ciphertext or decrypted plaintext Data in this register is valid when the sub or full message done bit is set in the status register NOTE If the sub messa...

Page 43: ...register may be accessed whenever the AFEU is idle 5 1 10 S box0 S box63 Memory The S box Memory consists of 64 read write 32 bit blocks The entire contents of the S box memory must be read prior to context switching and must be written back to the AFEU before resuming message processing of an interrupted message The S box memory may be accessed whenever the AFEU is idle Freescale Semiconductor I ...

Page 44: ...OUT NOTICE Arc Four Execution Unit Registers Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Page 45: ... 0x0000_0008 Message buffer MB2 W 0x003 0x0000_000C Message buffer MB3 W 0x004 0x0000_0010 Message buffer MB4 W 0x005 0x0000_0014 Message buffer MB5 W 0x006 0x0000_0018 Message buffer MB6 W 0x007 0x0000_001C Message buffer MB7 W 0x008 0x0000_0020 Message buffer MB8 W 0x009 0x0000_0024 Message buffer MB9 W 0x00A 0x0000_0028 Message buffer MB10 W 0x00B 0x0000_002C Message buffer MB11 W 0x00C 0x0000_...

Page 46: ...tomatically by the MDEU after one cycle or operation All unused bits of the MCR are read as 0 values Figure 6 1 shows the MDEU Control Register and Table 6 2 describes this register s fields 0x013 0x0000_004C Message digest MD R W 0x014 0x0000_0050 Message digest ME R W 0x015 0x0000_0054 Control MCR R W 0x016 0x0000_0058 Status MSR R W 0x017 0x0000_005C Clear interrupt MCLRIRQ W 0x018 0x0000_0060 ...

Page 47: ...ted a SHA 1 Hash will be computed 26 RST The RST bit is a software reset signal When activated the MDEU will reset immediately halting any ongoing hash All registers and buffers revert to their initial state Normally asserting GO continues an existing hash function across multiple 512 bit message blocks Should a fresh hash be desired for a new message block the RST bit should be asserted prior to ...

Page 48: ...ts cannot be modified by the host processor except to be reset which occurs when the host processor performs a write to the MSR regardless of the data value Figure 6 2 shows the MDEU status register and Table 6 3 describes this register s fields 0 15 Field Reset 0000_0000 R W R W 16 27 28 29 30 31 Field IRQ AE BE DONE Reset 0000_0000 R W R W Addr 0x016 Figure 6 2 MDEU Status Register MSR Table 6 3...

Page 49: ... next block of a multi block message may be written as soon as MSR BE is asserted If IPAD or OPAD are asserted while the Message Buffer is written then the value stored will be the value applied to the data bus exclusive ORed with the appropriate pad value In addition assertion of OPAD causes the contents of the Message Digest Buffer to be copied into the first four or five words of the Message Bu...

Page 50: ...E WITHOUT NOTICE Operational Registers Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Page 51: ... PKEU As future hardware is developed to support different field types or different microcode each version will be assigned a different identifier The value returned is ID 0002x MPC180E 12 Bit Address Processor 32 Bit Address Register Type 0xA00 0x0000_2800 BRAM R W 0xA40 0x0000_2900 ARAM R W 0xA80 0x0000_2A00 NRAM R W 0xB00 0x0000_2C00 EXP k R W 0xB01 0x0000_2C04 Control R W 0xB02 0x0000_2C08 Sta...

Page 52: ...ed automatically by the PKEU for high level functions However for low level functions such as field add or multiplies the host may set these pointers to reference a particular memory block This flexibility allows for example the following computation A 3 B 1 R 1 mod N 2 2 3 regBsel 00 memory B block 0 select 01 memory B block 1 select 10 memory B block 2 select 11 memory B block 3 select 4 5 regAs...

Page 53: ...en set to 1 the IRQ signal is enabled thus when an interrupt occurs the IRQ signal will be activated When the IE bit is set to 0 all interrupts are disabled and the IRQ output pin will be held inactive i e 0 The IE bit acts as the global interrupt enable Note that this does not affect the SR IRQ bit That bit is set regardless of IE 0 interrupts disabled 1 interrupts enabled 12 GO The GO bit initia...

Page 54: ...ered the host response time while important is not critical to meet maximum performance At a minimum the host will have 8 integer multiplies for RSA or 8 point doubles for ECC to provide new data before adversely impacting the run time Refer to the run time formulae see Table 7 26 to determine the exact time available for the target operating frequency For those instances where the host does not n...

Page 55: ...EXP k register is double buffered the host response time while important is not critical to meet maximum performance At a minimum the host will have 8 integer multiplies for RSA or 8 point doubles for ECC to provide new data before adversely impacting the run time Refer to the run time formulae see Table 7 26 to determine the exact time available for the target operating frequency For those instan...

Page 56: ...ister is internally double buffered As a result the host response time while important is not critical to meet maximum performance At a minimum the host will have 32 integer multiplies for RSA or 32 point doubles for ECC to provide new data before adversely impacting the run time Refer to the run time formulae see Table 7 26 to determine the exact time available for the target operating frequency ...

Page 57: ...ent or multiplier size of 1 to 64 bytes On power up or clear EXP k _SIZE is 0 7 2 Memories The PKEU uses four memory spaces RAM consisting of 128 16 bit words Three of these memories A B and N are R W accessible to the host during normal operation The fourth memory t or tmp is normally not accessible to the host accept when the PKEU is placed in test mode Each individual memory can be thought of a...

Page 58: ...x y X is simply x Y is y and Z is 1 The complete set of I O conditions is shown below NOTE The scalar k is assumed to be positive If k 0 the results of the point multiply are 1 1 0 If k 0 then k k and Y Y modP NOTE The input Z is assumed to be non zero If zero then the results of the point multiply are 1 1 0 Table 7 5 ECC Fp Point Multiply Fp Point Multiply Computation Q k P where Q X3 Y3 Z3 P X1 ...

Page 59: ...in 32 bit words Note that the host must supply the k data starting with the most significant 32 bit word and working down to the least significant word Each individual word however is formatted msb to lsb i e k_word msb lsb Post conditions B1 X2 X 2 B2 Y2 Y 2 B3 Z2 Z 2 A2 undefined when XYZ 1 or Z2 2 when XYZ 0 A3 undefined when XYZ 1 or Z2 3 when XYZ 0 Unless explicitly noted all other registers ...

Page 60: ...ery residue system In order to put the projective coordinates into their affine form the following equations which define their relationships must be calculated x X Z2 y Y Z3 Because the PKEU does not support the inverse function it is the responsibility of the host processor to find Z2 1 and Z3 1 by using any number of available modulo n inversion techniques Once this is accomplished the host may...

Page 61: ...system B0 b elliptic curve parameter in Montgomery residue system B1 X 2 projective coordinate in Montgomery residue system B2 Y 2 projective coordinate in Montgomery residue system B3 Z 2 projective coordinate in Montgomery residue system N0 prime p modulus of the ECC system Post conditions A0 X 1 A1 Y 1 A2 Z 1 A3 a B0 b B1 X 3 B2 Y 3 B3 Z 3 Unless explicitly noted all other registers are not gua...

Page 62: ...tgomery residue system B0 b elliptic curve parameter in Montgomery residue system N0 prime p modulus of the ECC system Post conditions B1 X 3 B2 Y 3 B3 Z 3 A3 a B0 b Unless explicitly noted all other registers are not guaranteed to be any particular value Special conditions All variables followed with the tick mark indicate it is in the Montgomery residue system While not explicitly mentioned or n...

Page 63: ...C D E mod N where D E and C are integers and are less than N Entry name modularadd Entry address 0x008 modularadd Pre conditions A0 3 D integer exact A location pre selected in Control Register B0 3 E integer exact B location pre selected in Control Register N0 3 prime p modulus of the ECC system Post conditions B0 3 results of modular addition stored where the B operand was located Unless explici...

Page 64: ... Computation C D E mod N where D E and C are integers and are less than N Entry name modularsubtract Entry address 009h modularsubtract Pre conditions A0 3 D integer exact A location pre selected in Control Register B0 3 E integer exact B location pre selected in Control Register N0 3 prime p modulus of the ECC system Post conditions B0 3 results of modular subtraction stored where the B operand w...

Page 65: ...ocation pre selected in Control Register N0 3 prime p modulus of the ECC system Post conditions A0 3 A operand is preserved B0 3 results of modular multiplication stored where the B operand was located Unless explicitly noted all other registers are not guaranteed to be any particular value Special conditions Typically though it is not mandatory the operands will be in the Montgomery residue syste...

Page 66: ... B R 2 mod N where A B and C are integers less than N and R 216D where D is the number of digits of the modulus vector Entry name modularmultiply2 Entry address 0x00b modularmultiply2 Pre conditions A0 3 A integer exact A location pre selected in Control Register B0 3 B integer exact B location pre selected in Control Register N0 3 prime p modulus of the ECC system Post conditions A0 3 A operand i...

Page 67: ...mply x Y is y and Z is 1 The complete set of I O conditions is shown below Table 7 12 ECC F2m Point Multiply F2m Point Multiply Computation Q k P where Q X3 Y3 Z3 P X1 Y1 Z1 Entry name multkPtoQ will probably be the same as Fp Entry address 0x001 multkPtoQ Pre conditions A0 x1 when XYZ 0 or X1 when XYZ 1 A1 y1 when XYZ 0 or Y1 when XYZ 1 A2 z1 1 when XYZ 0 or Z1 when XYZ 1 A3 a elliptic curve para...

Page 68: ...hen it is ready to accept more data This tells the host processor to read the status word to see what was set If the E_RDY bit is set or pin IRDY_B active low the host processor knows it must provide the next word of k this data is written into the EXP k register one 32 bit word at a time If this interrupt is masked then it must poll the status register to determine when to provide the next word o...

Page 69: ... the values from the Montgomery residue system For projective coordinate systems XYZ 1 The results of the calculation are returned to the B memory Note that these values correspond to the projective coordinate values X Y and Z and are no longer in the Montgomery residue system The host may take these results as the complete point multiply including the exit from the Montgomery residue system e g X...

Page 70: ...m B3 Z 2 projective coordinate in Montgomery residue system N0 irreducible polynomial of the ECC system Post conditions A0 X 1 A1 Y 1 A2 Z 1 A3 a B0 c B1 X 3 B2 Y 3 B3 Z 3 Unless explicitly noted all other registers are not guaranteed to be any particular value Special conditions The c elliptic curve parameter is a function of the b parameter and field size All variables followed with the tick mar...

Page 71: ...arameter in Montgomery residue system N0 prime p modulus of the ECC system Post conditions B1 X 3 B2 Y 3 B3 Z 3 A3 a B0 c Unless explicitly noted all other registers are not guaranteed to be any particular value Special conditions The c elliptic curve parameter is a function of the b parameter and field size All variables followed with the tick mark indicate it is in the Montgomery residue system ...

Page 72: ... Subtract Computation C D E mod N where D E and C are integers and are less than N Entry name modularadd same as with integer add Entry address 0x008 modularadd Pre conditions A0 3 D binary polynomial exact A location pre selected in control register B0 3 E binary polynomial exact B location pre selected in control register N0 3 irreducible polynomial of the ECC system Post conditions B0 3 results...

Page 73: ...inary polynomial exact B location pre selected in Control Register N0 3 irreducible polynomial of the ECC system Post conditions A0 3 A operand is preserved B0 3 results of modular multiplication stored where the B operand was located Unless explicitly noted all other registers are not guaranteed to be any particular value Special conditions Typically though it is not mandatory the operands will b...

Page 74: ...d C are binary polynomials with order than N and R 216D where D is the number of digits of the irreducible polynomial Entry name modularmultiply2 same as Fp Entry address 0x00b modularmultiply2 Pre conditions A0 3 A binary polynomial exact A location pre selected in Control Register B0 3 B binary polynomial exact B location pre selected in Control Register N0 3 irreducible polynomial of the ECC sy...

Page 75: ...word however is formatted msb to lsb i e exp_word msb lsb PKEU asserts the IRDY_B and IRQ signals when it is ready to accept more exponent data IRQ only if E_RDY is not masked This tells the host processor to read the SR to see what was set If the E_RDY bit is set the host processor knows it must provide the next word of the exponent this data is written into the EXP k register one 32 bit word at ...

Page 76: ...gisters are not guaranteed to be any particular value Special conditions A N and B have the lsb digits in A0 N0 and B0 respectively As required data will occupy the more significant memory blocks N1 N2 N3 A0 A1 A2 A3 B0 B1 B2 B3 Initial Condition Final Condition etc etc N bits 1023 512 etc N0 S bits 511 0 modulus N bits 511 0 modulus N bits 511 0 A bits 1023 512 A bits 511 0 etc A bits 511 0 A bit...

Page 77: ...mod N where A B and C are integers less than N and R 216D where D is the number of digits of the modulus vector Entry name modularmultiply Entry address 0x00a modularmultiply Pre conditions A0 3 A B0 3 B N0 3 modulus Post conditions A0 3 A operand is preserved B0 3 results of modular multiplication stored where the B operand was located Unless explicitly noted all other registers are not guarantee...

Page 78: ...ess than N and R 216D where D is the number of digits of the modulus vector Entry name modularmultiply2 Entry address 0x00b modularmultiply2 Pre conditions A0 3 A B0 3 B N0 3 modulus Post conditions A0 3 A operand is preserved B0 3 results of modular multiplication stored where the B operand was located Unless explicitly noted all other registers are not guaranteed to be any particular value Speci...

Page 79: ... Register Usage Table 7 21 Modular Add Modular Add Computation C D E mod N where D E and C are integers and are less than N Entry name modularadd Entry address 0x008 modularadd Pre conditions A0 3 D B0 3 E N0 3 modulus Post conditions B0 3 results of modular addition stored where the B operand was located Unless explicitly noted all other registers are not guaranteed to be any particular value Spe...

Page 80: ...Figure 7 21 Modular Subtract Register Usage Table 7 22 Modular Subtract Modular Subtract Computation C D E mod N where D E and C are integers and are less than N Entry name modularsubtract Entry address 0x009 modularsubtract Pre conditions A0 3 D B0 3 E N0 3 modulus Post conditions B0 3 results of modular subtraction stored where the B operand was located Unless explicitly noted all other register...

Page 81: ...reset and the assertion of the DONE bit in the status register Figure 7 22 Clear Memory Register Usage Table 7 23 Clear Memory Clear Memory Computation A B N and t memories are overwritten with zeros Entry name clearmemory Entry address 0x00d r2 Pre conditions Post conditions A B N 0 all locations Unless explicitly noted all other registers are not guaranteed to be any particular value Special con...

Page 82: ... is a system wide parameter which means that the R2 mod N value may be pre computed before any real time operations by any other system entity and stored for future use For this reason R2 mod N only supports integer modulo n computations i e the control register bit F2M must be 0 This function operates with a minimum of 4 digits Modsize 3 and with the most significant digit 16 bits of the modulus ...

Page 83: ...the PKEU the number of digits of P and Q must each be at least five As with the standard R2 mod N operation this operation exists primarily to support RSA and only works with the Control Register F2M bit set to zero To use this function MOD_SIZE must be programmed with D 1 and EXP_SIZE must be programmed with E 1 and the prime modulus either P or Q is written into memory N The complete set of I O ...

Page 84: ...e vector E 1 Post conditions B0 3 RpRN mod P N0 3 modulus Unless explicitly noted all other registers are not guaranteed to be any particular value Special conditions N1 N2 N3 A0 A1 A2 A3 B0 B1 B2 B3 Initial Condition Final Condition N0 modulus P modulus P R2 mod N RpRn F2M EXP k regAsel regBsel regNsel 0 integer modulo n enabled same set 00 Modsize EXP k _SIZE set E 1 set D 1 same ECC same 0 ECC ...

Page 85: ...operating frequency MS number of 16 bit blocks in the modulus that is the value assigned to the Modsize reg plus one Ne number of bits in the exponent or multiplier k avg average run time applied to a nominal case which assumes 50 1 s in Ne wcs worst case run time bcs best case run time multPtoQ tmulfp avg Ne tdblfp 0 5 Ne taddfp 8 tmult1 6 MS move FpaddPtoQ taddfp 16 tmult1 4 tadd 5 tsub 19 MS mo...

Page 86: ...ITHOUT NOTICE Embedded Routine Performance Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Page 87: ...and the clock control When a read is performed the oscillator clocks are halted and a collection of bits from the LFSR and CASR are x ored together to obtain the 32 bit random output The BIU interfaces with the External Bus Interface EBI to allow communication between the EBI and the RNG 8 3 Typical Operation A typical procedure for reading random data is as follows When a given operation calls fo...

Page 88: ...egisters Table 8 1 shows RNG registers Table 8 1 Random Number Generator Registers 8 4 1 Status Register Figure 8 1 shows the RNG status register Table 8 2 describes the RNG status register fields MPC180E 12 Bit Address Processor 32 Bit Address Register Type 0x600 0x0000_1800 Status R 0x602 0x0000_1808 Autorand output R 0 17 18 19 30 31 Field ORDY ON OFF Reset 0000_0000_0000_0001 R W R Addr 0X600 ...

Page 89: ...s device contains circuitry to protect the inputs against damage due to high static voltages or electric fields however it is advised that normal precautions be taken to avoid application of any voltage higher than maximum rated voltages to this high impedance circuit Characteristic Name Absolute Min Absolute Max Unit Power supply voltage Core VDD 0 3 1 95 Volts Power supply voltage I O VDD 0 3 3 ...

Page 90: ... resistance 2 Per SEMI G38 87 Single layer board Four layer board R 40 25 C W Junction to board3 bottom 3 Indicates the average thermal resistance between the die and the printed circuit board R 17 C W Junction to case4 top 4 Indicates the average thermal resistance between the die and the case top surface via the cold plate method MIL SPEC 883 Method 1012 1 R 9 C W Table 9 3 Capacitance1 1 f 1 0M...

Page 91: ...0 8 VDC Input high voltage Vdd Max Vih 2 0 VDC AC supply current IDD mA Standby supply current ISS mA Input leakage current VDD Vin VSS Ileak 10 µA Three state input current VDD Vin VSS Iz 10 µA Input buffer pad capacitance Cin 5 pF Input output buffer pad capacitance Cio 5 pF Output high voltage Ioh 400 µA Voh 2 4 VDC Output low voltage Iol 3 2 mA CL 35 pF IRQ Iol 3 2 mA CL 50 pF D 0 31 Vol 0 4 V...

Page 92: ...TS setup time to MCLK rise Tms 5 nS TS hold time from MCLK rise Tmh 3 nS R W setup time to MCLK rise Trws 5 nS R W hold time from MCLK rise Trwh 3 nS MCLK rise to D read active delay Tdd 5 11 nS MCLK fall to D read HiZ delay Tdzd 5 13 nS MCLK rise to IRQ TA DREQx active or inactive Tirq 3 9 nS RESET setup time to MCLK rise Trs 5 nS RESET hold time from MCLK rise Trh 7 nS Table 9 7 Determination of...

Page 93: ...pical interrupt cycle is asserted by the rising edge of MCLK The RESET input must be stable on the falling edge of MCLK to guarantee its recognition in that cycle otherwise it is recognized in the following cycle After RESET is negated the processor needs to guarantee at least four idle cycles before accessing the MPC180E Figure 9 1 Exception Cycle Timing MCLK IRQ Interrupt read and cleared Freesc...

Page 94: ...PLANE DATUM T 5 DIMENSIONS A AND B DO NOT INCLUDE MOLD PROTRUSION ALLOWABLE PROTRUSION IS 0 25 PER SIDE DIMENSIONS A AND B INCLUDE MOLD MISMATCH 6 DIMENSION D DOES NOT INCLUDE DAMBAR PROTRUSION DAMBAR PROTRUSION SHALL NOT CAUSE THE LEAD WIDTH TO EXCEED 0 35 MINIMUM SPACE BETWEEN PROTRUSION AND ADJACENT LEAD OR PROTRUSION 0 07 1 2 3 _ _ _ _ VIEW Y 4X 25 TIPS 4X 25 100 76 75 51 26 50 1 VIEW AA C N 0...

Page 95: ...tailed specification of requirements for a processor or computer system It does not specify details of how the processor or computer system must be implemented instead it provides a template for a family of compatible implementations Big endian A byte ordering method in memory where the address n of a word corresponds to the most significant byte In an addressed memory word the bytes are ordered l...

Page 96: ...Typical context constituents are session keys initialization vectors and security associations Context memory Local or system memory reserved for storage of security context information Context switching The act of changing session specific parameters such as Keys and IVs between the end of the current packet and the next Cryptography The art and science of using mathematics to secure information ...

Page 97: ...of the previous packet ECC Elliptic curve cryptosystem A public key cryptosystem based on the properties of elliptic curves Elliptic curve The set of points x y satisfying an equation of the form y2 x3 ax b for variables x y and constants a b Î F where F is a field Encryption The transformation of plaintext into an apparently less readable form called ciphertext through a mathematical process The ...

Page 98: ...text at the start of DES Used in CBC Cipher Block Chaining to complicate crypto analysis Interrupt An asynchronous exception On PowerPC processors interrupts are a special case of exceptions Interrupt controller Organizes the hardware interrupts coming from the execution units into a maskable interrupt for the processor Interrupt mask register Allows masking of individual interrupts by the host IP...

Page 99: ...pads if necessary the message to be hashed to create a 512 bit block This block is compressed by XOR ing two inputs the 512 bit message block and a 128 bit key Stronger than MD MDEU Message Digest Execution Unit A device or silicon block which accelerates the hashing functions associated with message authentication Memory mapped accesses Accesses whose addresses use the page or block address trans...

Page 100: ...lgorithms associated with public key exchange Typically uses the RSA or Diffie Hellman algorithms PKI Public Key Infrastructure PKIs are designed to solve the key management problem Plaintext The data to be encrypted Private key In public key cryptography this key is the secret key It is primarily used for decryption but is also used for encryption with digital signatures PRNG Pseudo Random Number...

Page 101: ...y which the responder encrypts or authenticates messages Security Parameters Index SPI In IPSec a specific field in the packet header which identifies the SecurityAssociations already established for the one way session the packet belongs to Self synchronous Refers to a stream cipher when the keystream is dependent on the data and its encryption Session key A key for symmetric key cryptosystems th...

Page 102: ...ee secret key Synchronization A process to ensure that operations occur strictly in order Synchronous A property of a stream cipher stating that the keystream is generated independently of the plaintext and ciphertext System memory The physical memory available to a processor Throughput The bits per second measure of the amount of data that is encrypted or hashed per clock cycle TLS Transport Laye...

Page 103: ...he two values are different and zero otherwise XOR is an abbreviation for exclusive OR X Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Page 104: ...UBJECT TO CHANGE WITHOUT NOTICE Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Page 105: ... Interface 3 5 ECC routines F2m Add Subtract 7 22 F2m Montgomery Modular Multiplication 7 23 7 24 F2m Point Add 7 19 F2m Point Double 7 21 Fp Modular Add 7 13 Fp Modular Subtract 7 14 Fp Montgomery Modular Multiplication 7 15 7 16 Fp Point Add 7 11 Fp Point Double 7 12 Fp Point Multipy 7 8 Fp Polynomial Basis Point Multiply 7 17 electrical specifications 9 1 AC timing 9 3 AC DC characteristics 9 3...

Page 106: ...ure internal 1 3 system 1 2 block diagram 1 4 features 1 1 pinout 2 4 N NC 2 2 O OBCNT seeOutput Buffer Count 3 11 OBCTL seeOutput Buffer Control 3 9 open address mode 1 3 Output Buffer Control Register 3 9 Output Buffer Count Register 3 11 OVDD 2 3 OVSS 2 3 P package thermal characteristics 9 2 pin capacitance 9 2 pinout 2 4 PKEU Public Key Execution Unit 1 4 Program Counter Register PKEU 7 6 PSD...

Page 107: ...P k _Size 7 7 PKEU Interrupt Mask 7 4 PKEU Modsize 7 7 PKEU Program Counter 7 6 PKEU Status 7 3 PKEU Version Identification 7 1 Public Key Execution Unit 7 1 RESET 2 2 RNG Random Number Generator 1 5 routines embedded 7 35 RSA routines 7 25 Fp Modular Subtract 7 30 Integer Modular Exponentiation 7 25 Modular Add 7 29 Montgomery Modular Multiplication 7 27 7 28 S S box I J Register 5 5 S box0 S box...

Page 108: ...SUBJECT TO CHANGE WITHOUT NOTICE Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Page 109: ... Execution Unit Glossary of Terms and Abbreviations 7 8 9 Public Key Execution Unit Random Number Generator Hardware Parameters Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Page 110: ... Execution Unit Glossary of Terms and Abbreviations 7 8 9 Public Key Execution Unit Random Number Generator Hardware Parameters Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Page 111: ...ductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Page 112: ...ductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc Freescale Semiconductor I Freescale Semiconductor Inc For More Information On This Product Go to www freescale com nc ...

Reviews:

No comments

Related manuals for DigitalDNA MPC180E

Univerge SV8100

Brand: NEC Pages: 44

Brand: Opvimus Pages: 12

Brand: NA Pages: 22

COMMWARE ECHO 5G

Brand: pivotal Pages: 2

Brand: Kaptia Pages: 14

FireWire 800 ExpressCard 34

Brand: LaCie Pages: 24

Brand: Supermicro Pages: 131

Brand: ADS Technologies Pages: 21

Brand: Kentrox Pages: 246

Brand: Watchguard Pages: 21

Brand: Paradyne Pages: 108

Brand: ETAS Pages: 36

Brand: Kordis Pages: 31

Brand: Williams Sound Pages: 2

Brand: ASROCK Pages: 2

Zum ZUMMESH-NETBRIDGE

Brand: Crestron Pages: 2

Brand: Icom Pages: 7

Brand: D-Link Pages: 54

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands