AES-GCM MACsec (IEEE 802.1AE) and FC-SP Cores GCM1/GCM2/GCM3
General Description
Implementation of the new LAN security standard 802.1ae (MACSec) requires the NIST standard AES cipher in the GCM mode for encryption and message authentication (AES-GCM). The GCM1 AES core is tuned for 802.1ae applications at the data rates of 1 Gbps
and higher. The GCM2 family of
cores is targeted towards high
performance applications with
high-end cores supporting data
rates in excess of 100 Gbps and ability to parallelize to achieve even higher throughput. GCM3 is similar to GCM2, but supports AES key lengths up to 256 bits.
Cores contain the base AES core AES1 and are available for immediate licensing.
The design is fully synchronous and available in both source and netlist form.
Symbol
Base Core Features
Small size: From 25,000 ASIC gates at 1 Gbps and above data speeds (at throughput of 6.4 bits per clock)
Completely self-contained: does not require external memory
Supports Galois Counter Mode Encryption and authentication (GCM-AES a.k.a. AES-GCM)
Includes AES-GCM encryption, AES-GCM decryption, key expansion and data interface
Automatic generation of key context from key data and frame header
Flow-through design
Test bench provided
Deliverables include test benches
GCM-AES Applications
WLAN 802.1ae MACSec
P1619.1 tape encryption
Fibre Channel Security Protocol FC-SP
IEEE 802.3ah (EPON) encryption
Pin Description
Name
Type
Description
CLK
Input
Core clock signal
CEN
Input
Synchronous enable signal. When LOW the core ignores all its inputs and all its outputs must be ignored.
MODE
Input
Mode. When HIGH, transmit (GCM-AES encryption), when LOW receive (GCM-AES decryption)
START
Input
HIGH starting input data processing
READ
Output
Read request for the input data byte
DATA_VALID
Input
HIGH when valid data byte present on the input
WRITE
output
Write to the output interface
OUT_READY
Input
HIGH when output interface is ready to accept data byte
D[ ]
Input
Input Data Bus
Q[ ]
Output
Output Key Data
DONE
Output
Data processing completed
AES-GCM Function Description
The Advanced Encryption Standard (AES) algorithm is a new NIST data encryption standard as defined in the
NIST FIPS-197.
The GCM core implementation fully
supports the AES algorithm for 128
bit keys in Galois Counter Mode
(GCM-AES or AES-GCM) as required by
the
IEEE 802.1ae standard and
NIST
SP800-38D,
The cores are designed for flow-through operation. GCM-AES key and nonce material precedes the frame in the flow of data. GCM cores support encryption and decryption modes.
Implementation Results
Area Utilization and Performance
Representative area/resources figures are shown below.
Core
Technology
Area / Resources
Frequency
Throughput
GCM1
TSMC 0.13 µ LV
30,707 gates
250 MHz
3.2 Gbps
GCM1
TSMC 0.13 µ LV
40,335 gates
500 MHz
6.4 Gbps
GCM1
TSMC 0.09 µ LV
49,633 gates
824 MHz
10.5 Gbps
GCM3-64
TSMC 0.09 µ LV
136,582 gates
410 MHz
26 Gbps
Export Permits
US Bureau of Industry and Security has assigned the export control classification number 5E002 to our AES core. The core is eligible for the license exception ENC under section 740.17(A) and (B)(1) of the export administration regulations. See the licensing basics page,
for links to US government sites and more details.
Deliverables
HDL Source Licenses
Synthesizable Verilog RTL source code
Verilog testbench (self-checking)
AES-GCM vectors for testbenches
Expected results
User Documentation
Netlist Licenses
Post-synthesis EDIF
Testbench (self-checking)
AES-GCM vectors for testbenches
Expected results
Place & Route script
Contact Information
IP Cores, Inc.
3731 Middlefield Rd.
Palo Alto, CA 94303, USA
Phone: +1 (650) 814-0205
