OMO ElectronicOMO Electronic
Expand menu
Hello, Sign inMy Account
0 Cart

MPC184VMB

P1-P3P4-P6P7-P9P10-P12
MOTOROLA MPC184 Security Processor Technical Summary 7
Crypto-channels analyze the data packet descriptor header and request from the controller the first required
cryptographic service. The controller implements a programmable prioritization scheme that allows the user
to dictate the order in which the four crypto-channels are serviced. After the controller grants access to the
required EU, the crypto-channel and the controller perform the following steps:
1. Set the appropriate Mode bits available in the EU for the required service.
2. Fetch context and other parameters as indicated in the data packet descriptor buffer and use these
to program the EU.
3. Fetch data as indicated and place in either the EU’s input FIFO or the EU itself (as appropriate).
4. Wait for EU to complete processing.
5. Upon completion, unload results and context and write them to external memory as indicated by
the data packet descriptor buffer.
6. If multiple services requested, go back to step 2.
7. Reset the appropriate EU if it is dynamically assigned. Note that if statically assigned, a EU is
reset only upon direct command written to the MPC184.
8. Perform descriptor completion notification as appropriate. This notification comes in one of two
forms—interrupt or header writeback modification—and can occur either at the end of every
descriptor or at the end of a descriptor chain.
7 Execution Units (EUs)
“Execution unit” is the generic term for a functional block that performs the mathematical permutations
required by protocols used in cryptographic processing. The EUs are compatible with IPsec, WAP/WTLS,
IKE, SSL/TLS and 802.11i processing, and can work together to perform high level cryptographic tasks.The
MPC184’s execution units are as follows:
PKEU for computing asymmetric key mathematics, including Modular Exponentiation (and other
Modular Arithmetic functions) or ECC Point Arithmetic
DEU for performing block symmetric cryptography using DES and 3DES
AFEU for performing RC-4 compatible stream symmetric cryptography
AESU for performing the Advanced Encryption Standard algorithm
MDEU for hashing data
RNG for random number generation
7.1 Public Key Execution Unit (PKEU)
The PKEU is capable of performing many advanced mathematical functions to support both RSA and ECC
public key cryptographic algorithms. ECC is supported in both F(2)m (polynomial-basis) and F(p) modes.
This EU supports all levels of functions to assist the host microprocessor to perform its desired
cryptographic function. For example, at the highest level, the accelerator performs modular exponentiations
to support RSA and performs point multiplies to support ECC. At the lower levels, the PKEU can perform
simple operations such as modular multiplies.
7.1.1 Elliptic Curve Operations
The PKEU has its own data and control units, including a general-purpose register file in the
programmable-size arithmetic unit. The field or modulus size can be programmed to any value between 160
bits and 512 bits in programmable increments of 8, with each programmable value i supporting all actual
field sizes from i*8 -7 to i*8. The result is hardware supporting a wide range of cryptographic security.
Larger field / modulus sizes result in greater security but lower performance; processing time is determined
Frees
cale Semiconductor,
I
Freescale Semiconductor, Inc.
For More Information On This Product,
Go to: www.freescale.com
nc...
8 MPC184 Security Processor Technical Summary MOTOROLA
by field or modulus size. For example, a field size of 160 is roughly equivalent to the security provided by
1024 bit RSA. A field size set to 208 roughly equates to 2048 bits of RSA security.
The PKEU contains routines implementing the atomic functions for elliptic curve processing—point
arithmetic and finite field arithmetic. The point operations (multiplication, addition and doubling) involve
one or more finite field operations which are addition, multiplication, inverse, and squaring. Point add and
double each use of all four finite field operations. Similarly, point multiplication uses all EC point operations
as well as the finite field operations. All these functions are supported both in modular arithmetic as well as
polynomial basis finite fields.
7.1.2 Modular Exponentiation Operations
The PKEU is also capable of performing ordinary integer modulo arithmetic. This arithmetic is an integral
part of the RSA public key algorithm; however, it can also play a role in the generation of ECC digital
signatures and Diffie-Hellman key exchanges.
Modular arithmetic functions supported by the MPC184’s PKEU include the following:
R 2 mod N
A’ E mod N
(A x B) R
-1
mod N
(A x B) R
-2
mod N
(A+B) mod N
(A-B) mod N
Where the following variable definitions: A’ = AR mod N, N is the modulus vector, A and B are input
vectors, E is the exponent vector, R is 2
s
, where s is the bit length of the N vector rounded up to the nearest
multiple of 32.
The PKEU can perform modular arithmetic on operands up to 2048 bits in length. The modulus must be
larger than or equal to 129 bits. The PKEU uses the Montgomery modular multiplication algorithm to
perform core functions. The addition and subtraction functions exist to help support known methods of the
Chinese Remainder Theorem (CRT) for efficient exponentiation.
7.2 Data Encryption Standard Execution Unit (DEU)
The DES execution unit (DEU) performs bulk data encryption/decryption, in compliance with the Data
Encryption Standard algorithm (ANSI x3.92). The DEU can also compute 3DES and extension of the DES
algorithm in which each 64-bit input block is processed three times. The MPC184 supports 2 key (K1=K3)
or 3 key 3DES.
The DEU operates by permuting 64-bit data blocks with a shared 56-bit key and an initialization vector (IV).
The MPC184 supports two modes of IV operation: ECB (Electronic Code Book) and CBC (Cipher Block
Chaining).
7.3 Arc Four Execution Unit (AFEU)
The AFEU accelerates a bulk encryption algorithm compatible with the RC4 stream cipher from RSA
Security, Inc. The algorithm is byte-oriented, meaning a byte of plain text is encrypted with a key to produce
a byte of ciphertext. The key is variable length and the AFEU supports key lengths from 40 to 128 bits (in
byte increments), providing a wide range of security strengths. RC4 is a symmetric algorithm, meaning each
of the two communicating parties share the same key.
Frees
cale Semiconductor,
I
Freescale Semiconductor, Inc.
For More Information On This Product,
Go to: www.freescale.com
nc...
MOTOROLA MPC184 Security Processor Technical Summary 9
7.4 Advanced Encryption Standard Execution Unit (AESU)
The AESU is used to accelerate bulk data encryption/decryption in compliance with the Advanced
Encryption Standard algorith Rinjdael. The AESU executes on 128 bit blocks with a choice of key sizes:
128, 192, or 256 bits.
AESA is a symmetric key algorithm, the sender and receiver use the same key for both encryption and
decryption. The session key and IV(CBC mode) are supplied to the AESU module prior to encryption. The
processor supplies data to the module that is processed as 128 bit input. The AESU operates in ECB, CBC,
and counter modes.
7.5 Message Digest Execution Unit (MDEU) Module
The MDEU computes a single message digest (or hash or integrity check) value of all the data presented on
the input bus, using either the MD5, SHA-1 or SHA-256 algorithms for bulk data hashing. With any hash
algorithm, the larger message is mapped onto a smaller output space, therefore collisions are potential, albeit
not probable. The 160-bit hash value is a sufficiently large space such that collisions are extremely rare. The
security of the hash function is based on the difficulty of locating collisions. That is, it is computationally
infeasible to construct two distinct but similar messages that produce the same hash output.
SHA-1 is a 160 bit hash function, specified by the ANSI X9.30-2 and FIPS 180-1 standards.
The MD5 generates a 128 bit hash, and the algorithm is specified in RFC 1321.
The MDEU also supports HMAC computations, as specified in RFC 2104.
SHA-256 is a 256-bit hash function that provides 256 bits of security against collision attacks.
7.6 Random Number Generator (RNG)
The RNG is a digital integrated circuit capable of generating 32-bit random numbers. It is designed to
comply with FIPS 140-1 standards for randomness and non-determinism.
Because many cryptographic algorithms use random numbers as a source for generating a secret value (a
nonce), it is desirable to have a private RNG for use by the MPC184. The anonymity of each random number
must be maintained, as well as the unpredictability of the next random number. The FIPS-140 compliant
private RNG allows the system to develop random challenges or random secret keys. The secret key can thus
remain hidden from even the high-level application code, providing an added measure of physical security.
7.7 8KB General Purpose RAM (gpRAM)
The MPC184 contains 8KB of internal general purpose RAM that can be used to store keys, IV’s and data.
The internal scratchpad allows the user to store frequently used context on chip which increases system
performance by minimizing setup time. This feature is especially important when dealing with small
packets and in systems where bus bandwidth is limited.
8 Performance Estimates
Bulk encryption/authentication performance estimates shown in Table 8-1. include data/key/context reads
(from memory to MPC184), security processing (internal to MPC184), and writes of completed
data/context to memory by MPC184, using typical bus overhead.
Frees
cale Semiconductor,
I
Freescale Semiconductor, Inc.
For More Information On This Product,
Go to: www.freescale.com
nc...
P1-P3P4-P6P7-P9P10-P12

MPC184VMB

Mfr. #:
Buy MPC184VMB
Manufacturer:
NXP Semiconductors
Description:
IC SECURITY PROCESSOR 252MAPBGA
Lifecycle:
New from this manufacturer.
Delivery:
DHL FedEx Ups TNT EMS
Payment:
T/T Paypal Visa MoneyGram Western Union

Products related to this Datasheet