ADSP-2141LKS-N1 Просмотр технического описания (PDF) - Analog Devices
Номер в каталоге
Компоненты Описание
производитель
ADSP-2141LKS-N1 Datasheet PDF : 39 Pages
| |||
ADSP-2141L
Protected Kernel RAM
The 4K × 16 kernel RAM provides a secure storage area on the
ADSP-2141L for sensitive data such as keys or intermediate
calculations during public key operations. The Kernel Mode
Control subsystem (above) enforces the protection by allowing
only internal secure kernel mode access to this RAM. A public
keyset and a cache of up to 15 secret keys may be stored in kernel
RAM. Secure key storage may be expanded to 700 secret keys
by assigning segments of the DSP’s internal data RAM to be
protected. Furthermore, a virtually unlimited number of data
encryption keys may be stored in an encrypted form in off-chip
memory.
Encrypt Block
The encrypt block performs high speed DES and Triple-DES
encrypt/decrypt operations. All four standard modes of DES are
supported: Electronic Code Book (ECB), Cipher Block Chaining
(CBC), 64-bit Output Feedback (OFB) and 1-bit, 8-bit and 64-
bit Cipher Feedback (CFB). The DES encrypt/decrypt operations
are highly pipelined and execute full 16-round DES in only four
clock cycles. Hardware support for padding insertion, verification
and removal further accelerates the encryption operation. Con-
text switching is provided to minimize the overhead of changing
crypto keys and Initialization Vectors (IVs) to nearly zero.
Hash Block
The secure hash block is tightly coupled with the encrypt block
and provides hardware accelerated one-way hash functions.
Both the MD-5 and SHA-1 algorithms are supported. Combined
operations that chain both hashing and encrypt/decrypt functions
are provided in order to significantly reduce the processing time
for data that needs both operations applied. For hash-then-encrypt
and hash-then-decrypt operations, the ADSP-2141L can perform
parallel execution of both functions from the same source and
destination buffers. For encrypt-then-hash and decrypt-then-hash
operations, the processing must be sequential, but minimum
latency is still provided through the pipeline chaining design. An
offset may be specified between the start of hashing and the
start of encryption to support certain protocols such as IPsec. A
‘mutable bit handler’ is also provided on the hash engine to
facilitate IPsec AH processing.
Random Number Generator (RNG) Block
The hardware random number generator provides a true, non-
deterministic noise source for the purpose of generating keys,
Initialization Vectors (IVs), and other random number require-
ments. Random numbers are provided as 16-bit words to the
kernel. The CGX kernel requests random numbers as needed to
perform requested CGX commands such as CGX_Gen_Key,
and can also directly supply from 1 to 65,535 random bytes to a
host application via the CGX_Random command.
Public Key Accelerator
The public key accelerator module works in concert with the
CGX kernel firmware to provide full public key services to the
host application. The kernel provides macro-level functions to
perform Diffie-Hellman key agreement, RSA encrypt or decrypt,
DSA compute and verify digital signatures. The hardware accel-
erator block speeds computation-intensive operations such as
large vector multiply, add, subtract, square.
PCI/Cardbus Interface
A full 40 MHz/33 MHz PCI bus interface has been added to the
core DSP functions. The 32-bit PCI interface supports both bus
master and target modes. The ADSP-2141L is capable of using
DMA to directly access data on other PCI entities and pass that
data through its encryption/hash engines.
32-Bit DMA Controller
The ADSP-2141L incorporates a high performance 32-bit DMA
controller which can be set up to move data efficiently between
Host PCI memory, the hash/encrypt blocks, and/or external
memory. The DMA controller can be used with the PCI bus in
master mode, thus autonomously moving 32-bit data with mini-
mal DSP intervention. Up to 255 long words (1020 bytes) can
be moved in a burst at up to 160 Mbytes per second.
Application Registers
The application registers are a set of memory-mapped registers
that facilitate communications between the ADSP-2141L and a
host processor via the PCI bus. One of the registers is a mailbox
that is 44 bytes long and set up to hold the CGX command
structure passed between the host and DSP processors. The
application registers also provide the mechanism that allows the
DSP and the external host to negotiate ownership of the hash/
encrypt block.
Serial EEPROM Interface
The serial EEPROM interface allows an external nonvolatile
memory to be connected to the ADSP-2141L for storing PCI
configuration information (Plug and Play), as well as general-
purpose nonvolatile storage. For example, encrypted (black)
keys could be stored into EEPROM for fast recovery after a
power outage.
Interrupt Controller
The DSP core provides support for 14 interrupt sources, includ-
ing six external and eight internal. All interrupts are prioritized
into 12 levels and interrupt nesting may be enabled or disabled
under software control. The security block interrupt controller
provides enhancements to the DSP interrupt functions.
Primarily, the interrupt controller provides a new interrupt
generation capability to the DSP or to an external host processor.
Under programmable configuration control, a crypto interrupt
may be generated due to completion of certain operations such
as encrypt complete, hash complete. The interrupt may either
be directed at the DSP core (on IRQ2), or provided on an out-
put line (PF7/INT_H) to a host subsystem.
Laser Variable Storage
The laser variable storage consists of 256 bits of tamper-proof
factory-programmed data that is only accessible to the internal
function blocks and the security kernel. Included in these laser
variable bits are:
• Local Storage Variable (master key-encryption key)
• Randomizer Seed (to supplement the true entropy fed into
the RNG)
• Program Control Data (enables/disables various features and
configures the ADSP-2141L)
• CRC of the Laser Data (to verify laser data integrity).
REV. 0
–3–
Share Link: 