Generic |
Clk |
Input |
Core clock signal |
Rst |
Input |
Core reset signal |
Cen |
Input |
Synchronous enable signal.
When LOW the core ignores all
its inputs and all its outputs
must be ignored. |
Start |
Input |
HIGH level starts the core
operation
|
Configuration. The
signals in this group typically
have constant values during the
core operation |
Encrypt |
Input |
When HIGH, core is encrypting,
when LOW core is decrypting
|
ESP |
Input |
When HIGH, core is performing ESP processing. When LOW, AH processing
|
Tunnel |
Input |
Tunnel/transport switch. HIGH indicates tunnel. |
Packet
information. The signals in this
group are to be asserted with the
first or last word of the packet |
First |
Input |
Indicates the first word of a
new packet on the D interface |
Last |
Input |
Asserted with the last word of
the packet |
lsbC[3:0] |
Input |
Number of valid bytes in the
last word (unused if the D and Q
buses are 8 bit wide) |
Ealgo[1:0] |
Input |
Encryption algorithm for ESP.
Asserted with the first word of
the packet:
- 00 – NULL
- 01 – 3DES
- 10 – AES-128-CBC
- 11 – AES-256-CBC
|
Aalgo[1:0] |
Input |
Authentication mode for ESP
or AH. Asserted with the first
word of the packet:
- 00 – None
- 01 – HMAC-SHA1-96
- 10 - AES-XCBC-MAC-96
|
Ekey[255:0] |
Input |
Encryption key (shorter AES-128 and 3DES keys are in the MSB). Asserted with the first word of the packet. |
Akey[159:0] |
Input |
Authentication key (shorter AES-128 key is in the MSB). Asserted with the first word of the packet. |
tunSrc[127:0] |
Input |
Tunnel outer header information (source IP address). The IPv4 32-bit address is in the MSB (encryption in tunnel mode only). Asserted with the first word of the packet. |
tunDst[127:0] |
Input |
Tunnel outer header information (destination IP address). The IPv4 32-bit address is in the MSB (encryption in tunnel mode only). Asserted with the first word of the packet. |
SPI[31:0] |
Input |
SPI value (encrypt only). Asserted with the first word of the packet. |
seq[31:0] |
Input |
Sequence number (encrypt only). Asserted with the first word of the packet. |
IV[127:0] |
Input |
Initialization vector for the ESP (shorter 3DES IV is in the MSB). Asserted with the first word of the packet. |
Datapath |
D[] |
Input |
Input Packet Data |
Dvalid |
Input |
When high, data on the D bus
is valid |
Dready |
Output |
When HIGH, core is ready to
accept next data word on the D
bus |
Q[] |
Output |
Output encrypted or decrypted packet |
Qvalid |
Output |
When high, data on the Q bus
is valid |
Qready |
Input |
When HIGH, external circuitry
is ready to accept next data
word on the Q bus |
Completion
signals. Asserted after the packet
processing |
Done |
Output |
HIGH when data processing is
completed, gate for the rest of
completion signals |
ICVmismatch |
Output |
On decryption: Packet authentication
failed |
Memory interfaces |
memBuf |
|
Memory buffer. Used as a ring
buffer to delay a packet so its
header can be modified.
Single-port memory interface
with data width twice larger
than the D and Q buses |