Freescale Semiconductor, Inc.
Advance Information
MPC185TS/D
Rev. 2.1, 2/2003
MPC185 Security Processor
Technical Summary
Freescale Semiconductor, Inc...
This technical summary provides an overview of the MPC185 Security Processor, including
a brief development history, target applications, key features, typical system architecture,
device architectural overview, and a performance summary.
1 Development History
The MPC185 belongs to the Smart Networks platform’s S1 family of security processors
developed for the commercial networking market. This product family is derived from
security technologies Motorola has developed over the last 30 years, primarily for government
applications. The fifth-generation execution units (EU) have been proven in Motorola
semi-custom ICs and in the MPC180 and MPC190, two products in Motorola’s security
processor line.
2 Typical Applications
The MPC185 is suited for applications such as the following:
•
•
•
•
•
Edge routers
Broadband access equipment
eCommerce servers
Wireless base stations
WAP gateways
3 Features
The MPC185 is a flexible and powerful addition to any networking or computing system using
the Motorola PowerQUICC II line of integrated communications processors, or any system
supporting the 60x bus protocol. The MPC185 is designed to offload computationally
intensive security functions, such as key generation and exchange, authentication, and bulk
encryption from the host processor with PowerPC architecture.
The MPC185 is optimized to process all the algorithms associated with IPSec, IKE,
WTLS/WAP, SSL/TLS and 3GPP. In addition, the Motorola family of security co-processors
For More Information On This Product,
Go to: www.freescale.com
Freescale Semiconductor, Inc.
are the only devices on the market capable of executing elliptic curve cryptography which is especially
important for secure wireless communications.
MPC185 features include the following:
•
2 Public Key Execution Units (PKEUs) that support the following:
— RSA and Diffie-Hellman
– Programmable field size up to 2048-bits
— Elliptic curve cryptography
– F
2
m and F(p) modes
– Programmable field size up to 511-bits
2 Data Encryption Standard Execution Units (DEUs)
— DES, 3DES
— Two key (K1, K2, K1) or Three Key (K1, K2, K3)
— ECB and CBC modes for both DES and 3DES
2 Advanced Encryption Standard Units (AESUs)
— Implements the Rinjdael symmetric key cipher
— ECB, CBC, and counter modes
— 128, 192, 256 bit key lengths
1 ARC Four Execution Unit (AFEUs)
— Implements a stream cipher compatible with the RC4 algorithm
— 40- to 128-bit programmable key
2 Message Digest Execution Units (MDEUs)
— SHA with 160-bit or 256-bit message digest
— MD5 with 128-bit message digest
— HMAC with either algorithm
1 Kasumi Execution Unit for 3GPP systems (KEUs)
— Implements F8 algorithm for encryption and F9 algorithm for authentication
1 Random number generator (RNGs)
60x compliant external bus interface, with master/slave logic
— 32-bit address/64 -bit data
— Up to 100 MHz operation
4 Crypto-channels, each supporting multi-command descriptor chains
— Static and/or dynamic assignment of crypto-execution units via an integrated controller
— Buffer size of 512 bytes for each execution unit, with flow control for large data sizes
32KB of internal scratchpad memory for key, IV and context storage
1.5V supply, 3.3V and 2.5V I/O
256 MAP BGA, 17 x 17mm package body size
1.5W power dissipation
•
Freescale Semiconductor, Inc...
•
•
•
•
•
•
•
•
•
•
•
4 Typical System Architecture
The MPC185 is designed to integrate easily into any system using the 60x bus protocol. It is ideal in any
system using a Motorola PowerQUICC II communications processor (as shown in Figure 4-1) or a
2
MPC185 Security Processor Technical Summary
For More Information On This Product,
Go to: www.freescale.com
MOTOROLA
Freescale Semiconductor, Inc.
PowerPC-architectured processor and memory controller. The ability of the MPC185 to be a master on the
60x bus allows the co-processor to offload the data movement bottleneck normally associated with slave
devices.
The host processor accesses the MPC185 through its device drivers using system memory for data storage.
The MPC185 resides in the memory map of the processor, therefore when an application requires
cryptographic functions, it simply creates descriptors for the MPC185 which define the cryptographic
function to be performed and the location of the data. The MPC185’s 60x-mastering capability permits the
host processor to set up a crypto-channel with a few short register writes, leaving the MPC185 to perform
reads and writes on system memory to complete the required task.
EEPROM
MPC185
Freescale Semiconductor, Inc...
60x Bus
MPC82xx
PCI or Local Bus
Main
Memory
I/O or Network
Interface
Figure 4-1. MPC185 Connected to PowerQuicc II 60xBus
Figure 4-2 shows a configuration with the MPC185 communicating with the host processor via a PCI
bridge, such as the MPC107.
MPC7xx, MPC74xx
60x Bus
MPC185
MPC107
PCI Bridge
PCI Local Bus
Main
Memory
Network
Interface Card
PCI
Application
Network
Interface Card
Figure 4-2. MPC185 Connected to host CPU via a Bridge
MOTOROLA
MPC185 Security Processor Technical Summary
For More Information On This Product,
Go to: www.freescale.com
3
Freescale Semiconductor, Inc.
5 Architectural Overview
A block diagram of the MPC185 internal architecture is shown in Figure 5-3. The 60x bus interface (60x/IF)
module is designed to transfer 64-bit words between the 60x bus and any register inside the MPC185.
An operation begins with a write of a pointer to a crypto-channel fetch register which points to a data packet
descriptor. The channel requests the descriptor and decodes the operation to be performed. The channel then
requests the controller to assign crypto execution units and fetch the keys, IV’s and data needed to perform
the given operation. The controller satisfies the requests by assigning execution units to the channel and by
making requests to the master interface per the programmable priority scheme. As data is processed, it is
written to the individual execution units output buffer and then back to system memory via the 60x/IF
module.
Freescale Semiconductor, Inc...
32KB
gpRAM
60x
Master/Slave
Interface
crypto-
channel
crypto-
channel
crypto-
channel
crypto-
channel
Control
PKEU
x2
FIFO
DEU
x2
FIFO
FIFO
AESU
x2
FIFO
FIFO
MDEU
x2
FIFO
AFEU
FIFO
FIFO
KEU
FIFO
RNG
FIFO
Figure 5-3. MPC185 Functional Blocks
6 Data Packet Descriptors
As a crypto accelerator, the MPC185 controller has been designed for easy use and integration with existing
systems and software. All cryptographic functions are accessible through data packet descriptors, some of
which have been defined as multifunction to facilitate IPSec applications. A data packet descriptor is
diagrammed in Table 6-1.
Table 6-1. Example Data Packet Descriptor
Field Name
DPD_DES_CTX_CRYPT
LEN_CTXIN
PTR_CTXIN
LEN_KEY
PTR_KEY
LEN_DATAIN
PTR_DATAIN
Value/Type
Tbd
Length
Pointer
Length
Pointer
Length
Pointer
Description
Representative header for DES using Context to Encrypt
Number of bytes to be written
Pointer to Context (IV) to be written into DES engine
Number of bytes in key
Pointer to block cipher key
Number of bytes of data to be ciphered
Pointer to data to perform cipher upon
4
MPC185 Security Processor Technical Summary
For More Information On This Product,
Go to: www.freescale.com
MOTOROLA
Freescale Semiconductor, Inc.
Table 6-1. Example Data Packet Descriptor
Field Name
LEN_DATAOUT
PTR_DATAOUT
LEN_CTXOUT
PTR_CTXOUT
Nul length
Nul pointer
Nul length
Nul pointer
PTR_NEXT
Value/Type
Length
Pointer
Length
Pointer
Length
Pointer
Length
Pointer
Pointer
Description
Number of bytes of data after ciphering
Pointer to location where cipher output is to be written
Length of output Context (IV)
Pointer to location where altered Context is to be written
Zeroes for fixed length descriptor filter
Zeroes for fixed length descriptor filter
Zeroes for fixed length descriptor filter
Zeroes for fixed length descriptor filter
Pointer to next data packet descriptor
Freescale Semiconductor, Inc...
Each data packet descriptor contains the following:
•
•
Header—The header describes the required services and encodes information that indicates which
EUs to use and which modes to set.
Seven data length/data pointer pairs—The data length indicates the number of contiguous bytes of
data to be transferred. The data pointer indicates the starting address of the data, key, or context in
system memory.
Next descriptor pointer
•
A data packet descriptor ends with a pointer to the next data packet descriptor. Upon completion of the
current descriptor, this field is checked and, if non-zero, the channel is instructed to request a burst read of
the next descriptor.
Processing of the next descriptor (and whether or not a done signal is generated) is determined by the
programming of crypto-channel’s configuration register. Two modes of operation are supported:
•
•
Signal done at end of descriptor
Signal done at end of descriptor chain
The crypto-channel can signal done via an interrupt or by a write-back of the descriptor header after
processing a data packet descriptor. The value written back is identical to that of the header, with the
exception that a DONE field is set.
Occasionally, a descriptor field may not be applicable to the requested service. For example, if using DES
in ECB mode, the contents of the IV field do not affect the result of the DES computation. Therefore, when
processing data packet descriptors, the crypto-channel skips any pointer that has an associated length of
zero.
6.1 60x Interface
The 60x interface manages communication between the MPC185 internal execution units and the 60x bus.
The interface uses the 60x bus master/slave protocols. All on-chip resources are memory mapped, and the
target accesses and initiator writes from the MPC185 must be addressed on word boundaries. The MPC185
will perform initiator reads on byte boundaries and will adjust the data to place on word boundaries as
appropriate. Access to system memory is a critical factor in co-processor performance, and the native 60x
interface of the MPC185 allows it to achieve performance unattainable on secondary busses.
MOTOROLA
MPC185 Security Processor Technical Summary
For More Information On This Product,
Go to: www.freescale.com
5
Embedded System
京公网安备 11010802033920号
EEWORLD
