Datenblatt-pdf.com


ADSP-2141LKS-E1 Schematic ( PDF Datasheet ) - Analog Devices

Teilenummer ADSP-2141LKS-E1
Beschreibung DSP
Hersteller Analog Devices
Logo Analog Devices Logo 




Gesamt 30 Seiten
ADSP-2141LKS-E1 Datasheet, Funktion
a
R
DSP
ADSP-2141L
APPLICATIONS
Security Coprocessor for High Speed Networking Prod-
ucts (Routers, Switches, Hubs)
Cryptographic Core for Firewalls, Hardware Encryptors,
and More
Crypto Peripheral for Implementing Secure NIC Adapt-
ers (10/100 Ethernet, Token Ring, ISDN)
Secure Modem-on-a-Chip (V.34, ADSL)
FEATURES
DES CRYPTO BLOCK
640 Mbps Sustained Performance—Single DES
214 Mbps Sustained Performance—Triple DES
Supports All Modes: ECB; CBC; 64-Bit OFB; and 1-, 8-,
64-Bit CFB. Includes Automatic Padding
Implements IPsec ESP Transforms Autonomously at
OC-3 (155 Mbps) Rates (3-DES, SHA-1)
HASH BLOCK
Hardware-Based SHA-1 and MD-5 Hashing
253 Mbps Sustained Performance—SHA-1
315 Mbps Sustained Performance—MD-5
Implements IPsec AH and HMAC Transforms
SECURE KERNEL CONTROL
Tamper-Resistant Isolation of Cryptographic Functions
Enforces Security Perimeter Around Crypto Functions
and Crypto Storage Locations
Anticloning Protection
Secure Algorithm Download
SafeNet CGX LIBRARY
On-Chip SafeNet CGX Crypto Library with Flexible CGX
API
Includes Chained and Parallel Execution Commands
Such as Hash-and-Encrypt
Embodied as 32K Words (32K ؋ 24) Kernel Program
Mask-Programmed into On-Chip ROM
On-Chip Protected 4K ؋ 16 Security Scratchpad RAM
RANDOM NUMBER GENERATOR
Hardware-Based Nondeterministic Random Number
Generator
Generates Internal Session Keys That Are Never
Exposed Outside of the SafeNet DSP
Redundant Fail-Safe Design
Up to 1.3 Mbits of Random Data Available per Second
FUNCTIONAL BLOCK DIAGRAM
INTERRUPTS
FLAGS
SPORT 0
SERIAL
PORTS
SPORT 1
KERNEL
MODE
CONTROL
ADSP-218x
DSP CORE
KERNEL ROM
32K ؋ 24
PROG ROM
16K ؋ 24
DATA ROM
16K ؋ 16
TIMER
BUS_MODE
IDMA
BUS
IDMA MODE
PCI MODE
DMA-32
CONTROLLER
PROTECTED
KERNEL
RAM
(4K ؋ 16)
ENCRYPT
BLOCK
(DES, 3-DES)
HASH
BLOCK
(MD-5, SHA-1)
RNG
BLOCK
INTERRUPT APPLICATION
CONTROLLER REGISTERS
EXTERNAL
MEMORY
INTERFACE
LASER
VARIABLE
STORE
PF7/ INT_H
26-BITS
ADDR
32-BITS
DATA
RAM/ROM
16
IDMA
16
INTERFACE
32
PCI OR
32
CARDBUS
INTERFACE
PUBLIC KEY
ACCELERATOR
EMI BUS
SERIAL
EEPROM
INTERFACE
BUS_MODE
BUS_SEL
16-
OR
32-BIT
BUS
SafeNet is a registered trademark of Information Resource Engineering (IRE).
REV. 0
Information furnished by Analog Devices is believed to be accurate and
reliable. However, no responsibility is assumed by Analog Devices for its
use, nor for any infringements of patents or other rights of third parties
which may result from its use. No license is granted by implication or
otherwise under any patent or patent rights of Analog Devices.
One Technology Way, P.O. Box 9106, Norwood, MA 02062-9106, U.S.A.
Tel: 781/329-4700 World Wide Web Site: http://www.analog.com
Fax: 781/326-8703
© Analog Devices, Inc., 2000






ADSP-2141LKS-E1 Datasheet, Funktion
ADSP-2141L
Context switching is optimized to minimize the overhead of
changing cryptographic keys to near zero.
The software interface to the module consists of a set of
memory-mapped registers, all of which are visible to the DSP and
most of which can be enabled for host access via the PCI bus. A
set of five, 16-bit registers define the operation to be performed,
the length of the data buffer to be processed, in bytes, the offset
between the start of hashing and encryption (or vice versa), and
the padding operation. If the data length is unknown at the time
the encrypt/decrypt operation is started, the data length register
may be set to zero, which specifies special handling. In this case,
data may be passed to the hash/encrypt block indefinitely until
the end of data is encountered. At that time, the operation is
terminated by writing a new control word to the hash/encrypt
control register (either to process the next packet or to invoke
the idle state if there is no further work to do). This will close
out the processing for the packet, including the addition of the
selected crypto padding.
A set of seven status registers provides information on when a
new operation can be started, when there is space available to
accept new data, when there is data available to be read out, and
the results from the padding operation.
Crypto Contexts
There are two sets of crypto-context registers. Each context
contains a DES or triple DES key, initialization vector, and
precomputed hashes (inner and outer) of the authentication key
for HMAC operations. The contexts also contain registers to
reload the byte count from a previous operation (which is part
of the hashing context), as well as an IV (also called salt) for
decrypting a black key, if necessary.
with trailing pad length and next header byte (for IPsec), or
fixed character padding. Note that for the IPsec and PKCS#7
pad protocols, there are cases where the padding not only fills
out the last 8-byte block, but also causes an additional 8-byte
block of padding to be added.
For the hash operations, padding is automatically added as
specified in the MD-5 and SHA-1 standards. When the hash
final command is issued indicating the last of the input data, the
algorithm-specified padding and data count bits are added to the
end of the hash input buffer prior to computing the hash.
Data Offsets
Certain security protocols, including IPsec, require portions of a
data packet to be hashed while the remainder of the data is both
hashed and encrypted. The ADSP-2141L supports this require-
ment through the OFFSET register, which allows specifying the
number of 32-bit dwords of offset between the hash and encrypt/
decrypt operations.
Black Key Loads
The cryptographic keys loaded as part of a crypto-context can
be stored off-chip in a black, or encrypted, form. If the appropri-
ate control bit is set (HECNTL Bit 15), the DES or 3-DES key
will be decrypted immediately after it is written into the context
register. The hardware handles this decryption automatically.
The Key Encryption Key (KEK) that covers the black keys
is loaded in a dedicated write-only KEK register within the
ADSP-2141L. The IV for decrypting the black secret key is
called ‘salt’ and must be stored along with the black key (as part
of the context). Note that 3-DES CBC mode is used for pro-
tecting 3-DES black keys and single DES CBC is used for
single DES black keys.
Once a crypto-context has been loaded and the operation
defined, data is processed by writing it to a data input FIFO. At
the I/O interface, data is always written to, or read from, the
same address. Internally, the hash and encryption functions
have separate 512-bit FIFOs, each with their own FIFO man-
agement pointers. Incoming data is automatically routed to one
or both of these FIFOs, depending on the operation in progress.
Output from the encryption block is read from the data output
FIFO. In encrypt-hash or decrypt-hash operations, the data is
also automatically passed to the hashing data input FIFO. Output
from the hash function is always read from the digest register of
the appropriate crypto-context.
The initialization vector to be used for a crypto operation can be
loaded as part of a crypto-context. When an operation is complete,
the same context will contain the resulting IV produced at the
end, which can be saved away and restored later to continue the
operation with more data.
In certain packet-based applications such as IPsec, a feature is
available that avoids the need for the control software to generate
and load random IVs for outgoing (encrypted) packets. Effec-
tively, the IV register can be configured to be automatically
updated with new random numbers for each encrypted packet,
with almost no software intervention.
Padding
When the input data is not a multiple of eight bytes (a 64-bit
DES block), the encrypt module can be configured to automati-
cally append pad bytes. There are several options for how the
padding is constructed, which are specified using the pad control
word of the operation description. Options include zero padding,
pad-length character padding (PKCS#7), incrementing count,
When black keys are used, the key-decrypt operation adds a
6-cycle overhead (0.15 µs @ 40 MHz) for DES keys or 36-cycle
overhead (0.9 µs @ 40 MHz) for triple DES keys each time a
new crypto-context is loaded. (Note that if the same context is
used for more than one packet operation, the key decryption does
not need to be performed again.) Depending on the sequencing
of operations, this key decryption may in fact be hidden (from a
performance impact perspective) if other operations are underway.
This is because the black key decryption process only requires
that the DES hardware be available. For example, if the DSP is
reading the previous hash result from the output FIFO, the
black key decryption can be going on in parallel. Also note that
the data driver firmware does NOT have to wait for the key to
be decrypted before writing data to the input FIFO. The hard-
ware automatically waits for the key to be decrypted before
beginning to process data for a given packet. So, with efficient
pipeline programming, it is possible to make the impact of black
key essentially zero.
The KEK for key decryption is loaded via the secure kernel
firmware using one of the CGX key manipulation commands.
(For more information, see the Command Summary section.)
This KEK is typically the same for all black keys, since it is usually
protecting local storage only. It is designated the DKEK in the
CGX API.
One of the laser-programmed configuration bits specifies whether
red (plaintext) keys are allowed to be loaded into the ADSP-
2141L from a host. If the AllowRedKeyLoad laser bit is not set,
keys may only be loaded in their black form. This is useful in
systems where export restrictions limit the key length that may
be used or where the external storage environment is untrusted.
–6– REV. 0

6 Page









ADSP-2141LKS-E1 pdf, datenblatt
ADSP-2141L
1/2X CLOCK
OR
CRYSTAL
INTERRUPT
SOURCES
SERIAL
DEVICE
ADSP-2141
CLKOUT
ADDR25–0
CLKIN
XTAL
FL0–2
PF0–7
IRQ2
IRQE
IRQL0
IRQL1
SPORT1
SCLK1
RFS1 OR IRQ0
TFS1 OR IRQ1
DT1 OR FO
DR1 OR FI
DATA 31–0
BMS
IOMS
PMS
EXTERNAL
MEMORY BUS
26 A13–0
D23–16
32 D15–8
A10–0
D23–8
A25–0
D23–0
SERIAL
DEVICE
SPORT0
SCLK0
RFS0
TFS0
DT0
DR0
CMS
(OPTIONAL)
A25–0*
D15–0
D31–16
SYSTEM
INTERFACE
OR
CONTROLLER
IDMA PORT
IRD
IWR
IS
IAL
IACK
16
IAD15–0
16
NC MPLX31–16
RESET
PCI_CLK
PCI_PAR
NC PCI_IRDY
PCI_STOP
DMSH
DMSL
BR
BG
BGH
PWD
PWDACK
BUS_MODE
BUS_SEL
MMAP
BMODE
BUS
ARBITER
VDD
VDD OR GND
A0-A21
DATA
CS
BYTE
MEMORY
(BOOT
LOADER)
ADDR
DATA
CS
16-BIT
I/O SPACE
2048
LOCATIONS
ADDR PROGRAM
OVERLAY
DATA
MEMORY
8192
8K ؋ 24
PM SEGMENTS
DATA
OVERLAY
MEMORY
8192
8K ؋ 16
SEGMENTS
UP TO 32M ؋ 32
EEPROM EE_DI
EE_DO
EE_CS
EE_SK
*ADDR0 FROM THE ADSP-2141
NC IS NO CONNECT FOR 32-BIT MEMORY.
ADSP-2141 ADDR1 IS WIRED TO RAM A0.
Figure 6. ADSP-2141L IDMA System Configuration
–12–
REV. 0

12 Page





SeitenGesamt 30 Seiten
PDF Download[ ADSP-2141LKS-E1 Schematic.PDF ]

Link teilen




Besondere Datenblatt

TeilenummerBeschreibungHersteller
ADSP-2141LKS-E1DSPAnalog Devices
Analog Devices

TeilenummerBeschreibungHersteller
CD40175BC

Hex D-Type Flip-Flop / Quad D-Type Flip-Flop.

Fairchild Semiconductor
Fairchild Semiconductor
KTD1146

EPITAXIAL PLANAR NPN TRANSISTOR.

KEC
KEC


www.Datenblatt-PDF.com       |      2020       |      Kontakt     |      Suche