hit counter script
Motorola DigitalDNA MPC180E User Manual
  1. Manuals
  2. Brands
  3. Motorola Manuals
  4. Computer Hardware
  5. DigitalDNA MPC180E
  6. User manual
Motorola DigitalDNA MPC180E User Manual

Motorola DigitalDNA MPC180E User Manual

Security processor
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
MPC180E Security Processor
User's Manual
Rev. 2.1, 11/2000
PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE

Advertisement

Table of Contents
loading

Related Manuals for Motorola DigitalDNA MPC180E

Summary of Contents for Motorola DigitalDNA MPC180E

  • Page 1 MPC180E Security Processor User’s Manual Rev. 2.1, 11/2000 PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE...
  • Page 2 “Typicals” must be validated for each customer application by customer’s technical experts. Motorola does not convey any license under its patent rights nor the rights of others. Motorola products are not designed, intended, or authorized for use as components in systems intended for surgical implant into the body, or other applications intended to support or sustain life, or for any other application in which the failure of the Motorola product could create a situation where personal injury or death may occur.
  • Page 3 Overview Signal Descriptions External Bus Interface and Memory Map Data Encryption Standard Execution Unit Arc Four Execution Unit Message Digest Execution Unit Public Key Execution Unit Random Number Generator Hardware Parameters Glossary of Terms and Abbreviations PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE...
  • Page 4 Overview Signal Descriptions External Bus Interface and Memory Map Data Encryption Standard Execution Unit Arc Four Execution Unit Message Digest Authentication Unit Public Key Execution Unit Random Number Generator Hardware Parameters Glossary of Terms and Abbreviations PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE...

  • Page 5: Table Of Contents

    CONTENTS Paragraph Page Title Number Number Chapter 1 Overview Features ....................... 1-1 System Architecture.................... 1-2 Architectural Overview..................1-3 1.3.1 Public Key Execution Unit (PKEU) ............... 1-4 1.3.2 Data Encryption Standard Execution Unit (DEU).......... 1-4 1.3.3 Arc Four Execution Unit (AFEU) ..............1-5 1.3.4 Message Digest Execution Unit (MDEU) ............
  • Page 6 CONTENTS Paragraph Page Title Number Number Chapter 4 Data Encryption Standard Execution Unit Operational Registers..................4–1 4.1.1 DEU Control Register (DCR)................. 4–2 4.1.2 DEU Configuration Register (DCFG) ............4–2 4.1.3 DEU Status Register (DSR)................4–3 4.1.4 Key Registers....................4–4 4.1.5 Initialization Vector ..................
  • Page 7 CONTENTS Paragraph Page Title Number Number Chapter 7 Public Key Execution Unit Operational Registers..................7–1 7.1.1 PKEU Version Identification Register (PKID) ..........7–1 7.1.2 Control Register (PKCR)................7–2 7.1.3 Status Register (PKSR)................... 7–3 7.1.4 Interrupt Mask Register (PKMR) ..............7–4 7.1.5 EXP(k) Register....................
  • Page 8 CONTENTS Paragraph Page Title Number Number Chapter 8 Random Number Generator Overview......................8–1 Functional Description..................8–1 Typical Operation ....................8–1 Random Number Generator Registers ..............8–2 8.4.1 Status Register ....................8–2 Chapter 9 Hardware Parameters Absolute Maximum Ratings ................9-1 Package Thermal Characteristics................
  • Page 9 ILLUSTRATIONS Figure Page Title Number Number Typical MPC8xx System Example................1-2 Typical MPC8260 System Example................1-3 MPC180E Architectural Block Diagram ..............1-4 MPC180E Pin Diagram ....................2-4 MPC180E Execution Unit Registers ................3–1 Command/Status Register (CSTAT) ................3–6 ID Register ........................3–8 IMASK Register ......................3–9 Input Buffer Control (IBCTL) and Output Buffer Control (OBCTL) Registers ..3–10 Input Buffer Count (IBCNT) and Output Buffer Count (OBCNT) Registers ...3–11 DES Control Register (DCR)..................4–2...
  • Page 10 ILLUSTRATIONS Figure Page Title Number Number 7-19 Modular Multiplication (with double reduction) Register Usage.......7–28 7-20 Modular Add Register Usage..................7–29 7-21 Modular Subtract Register Usage ................7–30 7-22 Clear Memory Register Usage..................7–31 7-23 mod N Register Usage ...................7–33 7-24 mod P Register Usage ..................7–34 RNG Status Register .....................8–2 Exception Cycle Timing ....................
  • Page 11 TABLES Table Page Title Number Number Pin Descriptions ......................2-1 32-Bit System Address Map ..................3–2 EBI Registers ........................3–5 CSTAT Field Descriptions ...................3–6 ID Field Descriptions....................3–8 IMASK Field Descriptions ...................3–9 IBCTL Field Descriptions...................3–10 OBCTL Register Field Descriptions................3–10 EBI Operation Summary.....................3–12 Data Encryption Standard Execution Unit (DEU) Registers........4–1 DCR Field Descriptions....................4–2 DCFG Field Descriptions .....................4–3 DSR Field Descriptions ....................4–3...
  • Page 12 TABLES Table Page Title Number Number 7-18 Integer Modular Exponentiation .................7–26 7-19 Modular Multiplication....................7–27 7-20 Modular Multiplication (with double reduction) ............7–28 7-21 Modular Add.......................7–29 7-22 Modular Subtract ......................7–30 7-23 Clear Memory ......................7–31 7-24 mod N ........................7–32 7-25 mod P ........................7–34 7-26 Run Time Formulas ....................7–35 Random Number Generator Registers ................8–2...

  • Page 13: Overview

    MPC180E architecture. 1.1 Features The MPC180E is designed to work with Motorola’s PowerQUICC™ family of processors. The MPC180E interfaces gluelessly to both the PowerQUICC and PowerQUICC II™, accelerating the performance of computationally-intensive security functions, such as key generation and exchange, authentication, and bulk encryption.

  • Page 14: System Architecture

    System Architecture • Authentication hashed message of 128 bits – MD4— hashed message of 128 bits – MD5— 160 bits – SHA-1—hashed message of • Random Number Generator • Glueless MPC8xx/82xx interface—50 and 66 MHz • DMA hardware handshaking signals •...

  • Page 15: Architectural Overview

    Architectural Overview MPC180E EEPROM 60x Bus MPC8260 Local Bus SDRAM SDRAM SDRAM DIMMs I/O or Network Interface Figure 1-2. Typical MPC8260 System Example 1.3 Architectural Overview Figure 1-3 shows a simplified block diagram of MPC180E internal architecture. The External Bus Interface (EBI) module is designed to interface gluelessly to the PowerQUICC and PowerQUICC II and to translate the processor core bus timing to a simple read/write interface for the execution units (EU).

  • Page 16: Public Key Execution Unit (Pkeu)

    Architectural Overview INPUT DMA Request 4K bit Logic FIFO SHA-1 DES/ ARC4 3DES MD 5 8xx/6xx Controller (Slave) OUTPUT DMA Request 4K bit Logic FIFO Figure 1-3. MPC180E Architectural Block Diagram 1.3.1 Public Key Execution Unit (PKEU) The PKEU is capable of performing many advanced mathematical functions to support both RSA and ECC public key cryptographic algorithms.

  • Page 17: Arc Four Execution Unit (Afeu)

    Architectural Overview 1.3.3 Arc Four Execution Unit (AFEU) The AFEU accelerates an algorithm compatible with the RC4 stream cipher from RSA Security, Inc. The algorithm is byte-oriented, which means a byte of plaintext is encrypted with a key to produce a byte of ciphertext. The key is variable length, and the AFEU supports key lengths from 40 bits to 128 bits (in byte increments), providing a wide range of security strengths.
  • Page 18 Architectural Overview MPC180E Security Processor User’s Manual PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE...

  • Page 19: Signal Descriptions

    Chapter 2 Signal Descriptions This chapter provides a pinout diagram and signal descriptions for the MPC180E security processor. 2.1 Signal Descriptions Table 2-1 groups pins by functionality. Table 2-1. Pin Descriptions Signal Signal Description name locations type Signal pins A[18:29] 62, 64, 66, Address: address bus from the processor core.
  • Page 20 Signal Descriptions Table 2-1. Pin Descriptions (Continued) Signal Signal Description name locations type Transfer Acknowledge: This signal is asserted by the MPC180E when a successful read or write has occurred. PSDVAL Data valid: This active low signal is ignored when CONFIG=0 (MPC860 Mode), but is active in MPC8260 Mode.
  • Page 21 Signal Descriptions Table 2-1. Pin Descriptions (Continued) Signal Signal Description name locations type ATPG test scan enable, should be tied to Vss Power and Ground IVDD 10, 21, 41, +1.8 Volts (power pins for core logic) 60, 71, 93 OVDD 5, 15, 25, +3.3 Volts (Power pins for I/O pads) 35, 43, 65,...

  • Page 22: Mpc180E Pin Diagram

    Signal Descriptions Figure 2-1 shows the MPC180E pinout. D29 1 D21 2 OVSS 3 OVDD 5 IVDD D5 6 IVSS IVSS 8 D20 9 IVDD 10 OVDD OVSS 13 OVSS MPC180E Pinout D27 14 OVDD 15 D19 16 IVDD D11 17 IVSS D3 18 CONFIG...

  • Page 23: External Bus Interface And Memory Map

    Chapter 3 External Bus Interface and Memory Map This chapter describes the MPC180E address map, the External Bus Interface (EBI), and EBI registers. 3.1 Execution Unit Registers Each MPC180E execution unit has a dedicated set of registers. The MPC180E has a unified memory map that allows software addressibility to all internal registers.

  • Page 24: Address Map

    Address Map Most of these registers are read and write, however some have special permissions. See Table 3-1 for more information. The 12-bit MPC180E address of each register is shown next to the register name. All registers are assumed to be 32 bits wide; however, registers that contain fewer bits will return 0 (or a known value) on unused bits for that bus transaction only.
  • Page 25 Address Map Table 3-1. 32-Bit System Address Map (Continued) MPC180E 12-Bit Address Processor 32-Bit Address Register Type 0x018 0x0000_0060 Version Identification (MID) DEU: 0x200–0x3FF 0x200 0x0000_0800 Control (DCR) 0x201 0x0000_0804 Status (DSR) 0x202 0x0000_0808 Key1_R 0x203 0x0000_080C Key1_L 0x204 0x0000_0810 Key2_R 0x205 0x0000_0814...

  • Page 26: External Bus Interface

    External Bus Interface Table 3-1. 32-Bit System Address Map (Continued) MPC180E 12-Bit Address Processor 32-Bit Address Register Type RNG: 0x600–0x7FF 0x600 0x0000_1800 Status 0x602 0x0000_1808 Random output EBI: 0x800–0x9FF 0x800 0x0000_2000 Input buffer[128] 0x880 0x0000_2200 Output buffer[128] 0x900 0x0000_2400 CSTAT 0x901 0x0000_2404 0x902...

  • Page 27: Ebi Registers

    External Bus Interface • Automatic buffer filling and emptying. DREQ1 and DREQ2 stay asserted as long as memory space or data is in the buffers, letting the host load data for the next operation before the current operation finishes • Interrupt routing and masking, which lets the host individually detect interrupts •...

  • Page 28: Command/Status Register (Cstat)

    External Bus Interface Field — AFEU MDEU RNG PKEU Reset 0000_0000_0000_0000 16 17 Field — DEU AFEU MDEU RNG PKEU MPC180E Destination AUTO-UNMASK Reset 0000_0000_0000_0000 Addr 0x900 Figure 3-2. Command/Status Register (CSTAT) Table 3-3 describes CSTAT fields. Table 3-3. CSTAT Field Descriptions Bits Name Description...

  • Page 29: Id Register

    External Bus Interface Table 3-3. CSTAT Field Descriptions Bits Name Description 24–27 Destination Destination bits. Only one execution unit on MPC180E can be active at a time through FIFO accesses, so the host must program CSTAT to enable the appropriate execution unit. The host must guarantee that all data related to a specific operation has been processed before updating CSTAT, otherwise unpredictable results occur in MPC180E because the controller acts on one execution unit at a time.

  • Page 30: Imask Register

    External Bus Interface Field — MPC180E MDEU Reset 0000_0000 0_01 Read Field DEU AFEU — PKEU Reset 0_10 01_0 Read Addr 0x901 Figure 3-3. ID Register Table 3-4 describes the ID fields. Table 3-4. ID Field Descriptions Bits Name Description 0–7 —...

  • Page 31: Input Buffer Control (Ibctl) And Output Buffer Control (Obctl) Registers

    External Bus Interface Field — Reset 0000_0000_0000_0000 Field — DEU AFEU MDEU RNG PKEU Reset 0000_0000_0000_0000 Addr 0x902 Figure 3-4. IMASK Register Table 3-5 describes the IMASK fields. Table 3-5. IMASK Field Descriptions Bits Name Description 0–26 — Reserved, should be cleared. Data Encryption Standard Execution Unit global interrupt control 0 interrupt unmasked 1 interrupt masked...

  • Page 32: Ibctl Field Descriptions

    External Bus Interface Field — Count Mask Reset 0000_0000_0000_0000 Field — Starting Address Reset 0000_0000_0000_0000 Addr IBCTL: 0x903; OBCTL: 0x905 Figure 3-5. Input Buffer Control (IBCTL) and Output Buffer Control (OBCTL) Registers Table 3-6 describes IBCTL fields. Table 3-6. IBCTL Field Descriptions Bits Name Description...

  • Page 33: Input Buffer Count (Ibcnt) And Output Buffer Count (Obcnt) Registers

    EBI Controller Operation 3.3.1.5 Input Buffer Count (IBCNT) and Output Buffer Count (OBCNT) Registers IBCNT indicates the number of 32-bit words to be used for an operation. For example, if the PKEU is to operate on 512 bits (16 words), IBCNT should be set to 0x0000_0010, corresponding to sixteen, 32-bit words to be taken from the input buffer and written to the PKEU.

  • Page 34: Buffer Accesses (Fifo Mode)

    EBI Controller Operation Table 3-8 summarizes the operation in clock cycles of the EBI in MPC860 and MPC8260 modes. Table 3-8. EBI Operation Summary MPC860 Mode MPC260 Mode Name CONFIG=0 CONFIG=1 Single beat read/write to/from EBI register or FIFO Single beat read/write to/from execution units at least 2 at least 3 4-beat burst read/write to/from FIFOs...

  • Page 35: Operational Registers

    Chapter 4 Data Encryption Standard Execution Unit This chapter explains how to program the DEU (Data Encryption Standard Execution Unit) to encrypt or decrypt a message. 4.1 Operational Registers All operational registers within the main control block are 32-bit addressable, however they may contain less than 32 bits.

  • Page 36: Deu Control Register (Dcr)

    Operational Registers 4.1.1 DEU Control Register (DCR) The control register, shown in Figure 4-1, contains static bits that define the encryption mode of operation for the DEU. This is typically written along with the keys and initialization vector at the start of each new encryption process. All unused bits of DCR are read as 0 values.

  • Page 37: Deu Status Register (Dsr)

    Operational Registers Table 4-3 describes DCFG fields. Table 4-3. DCFG Field Descriptions Bits Name Description 0–29 — Reserved, should be cleared. The DES can be reset by asserting the RESET signal or by setting the Software Reset bit in the Control Register. The software and hardware resets are functionally equivalent. The software reset bit will clear itself one cycle after being set.

  • Page 38: Key Registers

    Operational Registers DATA_IN registers will start processing. When completed, the resulting output will be held in a working register until the output ciphertext is read from the DATA_OUT registers. Then the held data will be copied to the DATA_OUT registers and the ORDY signal asserted again.

  • Page 39: Arc Four Execution Unit

    Chapter 5 Arc Four Execution Unit This chapter explains how to program the AFEU (Arc Four Execution Unit) to encrypt or decrypt a message. 5.1 Arc Four Execution Unit Registers All operational registers within the main control block are 32-bit addressable. However, they may contain less than 32 bits.

  • Page 40: Status Register

    Arc Four Execution Unit Registers 5.1.1 Status Register The AFEU Status Register, shown in Figure 5-1, contains seven bits of information. These bits describe the state of the AFEU circuit and are all active-high. Field — Input Buffer Full msg Sub-msg Permute Initialize...

  • Page 41: Control Register

    Arc Four Execution Unit Registers 5.1.2 Control Register Figure 5-2 shows the AFEU Control Register. Field — IMSK Reset 0000_0000_0000_0001 Addr 0x400 Figure 5-2. Arc Four Execution Unit Control Register Table 5-3 describes the AFEU Control Register fields. Table 5-3. AFEU Control Register Field Descriptions Name Description 0–29 —...

  • Page 42: Message Byte Double-Word Register

    Arc Four Execution Unit Registers NOTE: If the key length is not divisible by four, the lower key data registers must be filled before writing to the upper key data registers. 5.1.6 Message Byte Double-Word Register The Message Byte Double-Word Register is a 3-bit write-only register and is used to hold the number of bytes (minus one) in the last/partial sub-message.

  • Page 43: S-Box I/J Register

    Arc Four Execution Unit Registers 5.1.9 S-box I/J Register The Sbox I/J Register is a 24-bit read/write register where the Sbox I/J pointers are stored. The contents of this register must be read prior to context switching and must be written back to the AFEU before resuming message processing of an interrupted message.
  • Page 44 Arc Four Execution Unit Registers MPC180E Security Processor User’s Manual PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE...

  • Page 45: Message Digest Execution Unit

    Chapter 6 Message Digest Execution Unit This chapter explains how to program the MDEU (Message Digest Execution Unit) within the MPC180E to hash a message for authentication. 6.1 Operational Registers All operational registers within the MDEU are 32-bit addressable, however they may contain less than 32 bits.

  • Page 46: Mdeu Version Identification Register (Mid)

    Operational Registers MPC180E 12-Bit Address Processor 32-Bit Address Register Type 0x013 0x0000_004C Message digest (MD) 0x014 0x0000_0050 Message digest (ME) 0x015 0x0000_0054 Control (MCR) 0x016 0x0000_0058 Status (MSR) 0x017 0x0000_005C Clear interrupt (MCLRIRQ) 0x018 0x0000_0060 Version Identification (MID) 6.1.1 MDEU Version Identification Register (MID) The Identification Register contains a value reserved for a particular version and configuration of the MDEU.

  • Page 47: Mcr Field Descriptions

    Operational Registers Table 6-2. MCR Field Descriptions Bits Name Description 0–19 — Reserved, should be cleared. ENGO Enables automatic start of hashing as soon as the MDMB buffers have all been written. It is not necessary to set the GO bit manually. OPAD The assertion of OPAD causes: 1.

  • Page 48: Status Register (Msr)

    Operational Registers 6.1.3 Status Register (MSR) The status register contains bits that give information about the state of the MDEU. Upon completion of a hash, DONE is asserted in bit 0 of MSR, followed by an interrupt on IRQ if interrupts are enabled. In addition, whenever the contents of the message buffer are copied for internal hash processing, BE is asserted.

  • Page 49: Message Buffer (Mb0-Mb15)

    Operational Registers 6.1.4 Message Buffer (MB0—MB15) The MDEU hashes a message contained in the 16-word Message Buffer. The message should be processed such that a single-character message would be written to MB0. MB15 should only be programmed if the message block uses at least 481 bits. The Message Buffer is not cleared upon completion of a computation process.
  • Page 50 Operational Registers MPC180E Security Processor User’s Manual PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE...

  • Page 51: Public Key Execution Unit

    Chapter 7 Public Key Execution Unit This chapter explains how to program the PKEU (Public Key Execution Unit) to perform mathematical functions. 7.1 Operational Registers All operational registers within the main control block are 32-bit addressable, however they may contain less than 32 bits. Table 7-1 lists all PKEU registers.

  • Page 52: Control Register (Pkcr)

    Operational Registers 7.1.2 Control Register (PKCR) The Control Register contains static bits that define the mode of operation for the PKEU. In addition to the static control bits, several bits are dynamic. These dynamic bits are set by a write to the PKCR initiated by the host processor, and are reset automatically by the PKEU after one cycle of operation.

  • Page 53: Status Register (Pksr)

    Operational Registers Table 7-2. PKCR Field Descriptions (Continued) Bits Name Description For a description of R see Section 7.5.3, “RpRN mod P Calculation.” mod N enabled mod P enabled The RST bit is a software reset signal. When activated, the PKEU will reset immediately. All registers revert to their initial state, and the Program Counter (PC) will jump to 0.

  • Page 54: Interrupt Mask Register (Pkmr)

    Operational Registers Field — E_RDY IRQ DONE Reset 0000_0000_0000_0001 Addr 0xB02 Figure 7-2. PKEU Status Register (PKSR) Table 7-3. PKSR Field Descriptions Bits Name Description 0–10 — Reserved, should be cleared. E_RDY The E_RDY (exponent or k ready) bit indicates that the execution unit is ready to accept the next 32-bit word of exponent data or point multiplier (k) data in the EXP(k) register.

  • Page 55: Pkeu Interrupt Mask Register (Pkmr)

    Operational Registers All unused bits of the PKMR are read as 0 values. Since the PKMR is a 16-bit register, when the host processor reads the PKMR, its contents are copied onto D[15:0], and the upper half of D is driven with 0’s. Figure 7-3 shows the PKEU Interrupt Mask Register and Table 7-4 describes this register’s fields.

  • Page 56: Exp(K) Register

    Operational Registers 7.1.5 EXP(k) Register The EXP(k) register contains the exponent (EXP) during exponentiation routines or the point multiplier (k) during ECC point multiply routines. EXP(k)_SIZE must be specified before writing to the EXP(k) register. Since EXP(k) is 32 bits in size, data must be written to it during exponentiations or point multiplies and never before.

  • Page 57: Modsize Register

    Memories 7.1.7 Modsize Register This register sets the maximum size of the modulus (or prime) for RSA and ECC F or the irreducible polynomial for ECC F m. The maximum size of these vectors is 128 digits (1 digit = 16 bits) for RSA and ECC F and 32 digits for ECC F m (Note that the value written to modsize is not checked for validity).

  • Page 58: Ecc Routines

    ECC Routines 7.3 ECC Routines 7.3.1 ECC F Point Multiply The PKEU performs the Elliptic Curve point multiply function which is the highest level of ECC abstraction supported by the device. It is the intention that the host processor use the PKEU in such a way as to support ECC schemes defined in IEEE P1363 (and other ECC standards) where the point multiply is the critical and most computationally intensive, but not final, step in many of these schemes.
  • Page 59 ECC Routines Table 7-5. ECC F Point Multiply (Continued) Point Multiply Post-conditions B1 = X / X’ B2 = Y / Y’ B3 = Z / Z’ A2 = undefined (when XYZ = 1) or Z (when XYZ = 0) A3 = undefined (when XYZ = 1) or Z (when XYZ = 0) Unless explicitly noted, all other registers are not guaranteed to be any particular value.
  • Page 60 ECC Routines PKEU asserts the IRQ signal when it is ready to accept more data. This tells the host processor to read PKSR to see what was set. If the E_RDY bit is set, the host processor knows it must provide the next word of k - this data is written into the EXP(k) register one 8-bit word at a time.
  • Page 61 ECC Routines 7.3.2 ECC F Point Add This function is extensively utilized by the point multiply routine. However, its value as a stand-alone routine to the host processor is extremely limited. As a result, the information provided on the routine is primarily for testing and debug purposes. Table 7-6.
  • Page 62 ECC Routines 7.3.3 ECC F Point Double This function is extensively utilized by the point multiply routine. However, its value as a stand-alone routine to the host processor is extremely limited. As a result, the information provided on the routine is primarily for testing and debug purposes. Table 7-7.

  • Page 63: Ecc Fp Modular Add

    ECC Routines 7.3.4 ECC F Modular Add Modular addition may be performed on any two vectors loaded into A (A0-A3) and B (B0-B3), where both of these vectors are less than the value stored in the modulus register N (N0-N3). The results are stored in the respective B register. For ECC functionality, this function is used by the point add and point double routines but is available to the host interface - typically for higher-level ECC-related functions.

  • Page 64: Modular Subtract Register Usage

    ECC Routines 7.3.5 ECC F Modular Subtract Modular subtraction may be performed on any two vectors loaded into A (A0–A3) and B (B0–B3), where both of these vectors are less than the value stored in the modulus register N (N0–N3). This is accomplished by computing A-B if A > B or A-B+N if A < B. The results are stored in the respective B register.

  • Page 65: Modular Multiplication Register Usage

    ECC Routines 7.3.6 ECC F Montgomery Modular Multiplication ((A × B × R ) mod N) The (A × B × R ) mod N calculation is the core function of the PKEU. It is used to assist the point add and double routines in completing their functions. For ECC purposes, this function will rarely be used directly by the host processor.

  • Page 66: Modular Multiplication (With Double Reduction) Register Usage

    ECC Routines 7.3.7 ECC F Montgomery Modular Multiplication ((A × B × R ) mod N) The (A × B × R ) mod N calculation is similar to the standard ‘R ’ Montgomery multiplication except an additional R is divided out. This function is ideal for those ECC applications which work in affine coordinates.
  • Page 67 ECC Routines 7.3.8 ECC F m Polynomial-Basis Point Multiply The PKEU performs the elliptic curve point multiply function which is the highest level of ECC abstraction supported by the device. It is the intention that the host processor use the PKEU in such a way as to support ECC schemes defined in IEEE P1363 (and other ECC standards) where the point multiply is the critical and most computationally intensive, but not final, step in many of these schemes.
  • Page 68 ECC Routines Initial Condition Final Condition (or Z’ (or Y’ mod N (or X’ ? (or Z 1 (or Z ? (or Z (or Y (or X irred. poly. irred. poly. ‘1’ - ECC enabled same k (run-time) EXP(k) same select ‘1’...
  • Page 69 ECC Routines For affine coordinate systems (XYZ = 0): The results of the calculation are returned to the A and B storage registers. Note that these values correspond to the projective coordinate values X, Y, Z, Z , and Z .
  • Page 70 ECC Routines Table 7-13. ECC F m Point Add m Point Add Computation R = P + Q, where R ≡ (X ), P ≡ (X ), and Q ≡ (X Entry name maddPtoQ Entry address 0x005(F maddPtoQ) Pre-conditions A0 = X’ (projective coordinate in Montgomery residue system) A1 = Y’...

  • Page 71: Point Double

    ECC Routines 7.3.10 ECC F m Point Double This function is extensively utilized by the point multiply routine. However, its value as a stand-alone routine to the host processor is extremely limited. As a result, the information provided on the routine is primarily for testing and debug purposes. Table 7-14.

  • Page 72: Ecc F2 M Montgomery Modular Multiplication ((A × B × R-1) Mod N)

    ECC Routines 7.3.11 ECC F m Add (Subtract) Field addition in F m (polynomial-basis) may be performed on any two vectors loaded into A (A0-A3) and B (B0-B3), where both of these vectors are less than the value stored in the modulus (irreducible polynomial) register N (N0-N3).

  • Page 73: Ecc F2 M Montgomery Modular Multiplication ((A × B × R-2) Mod N)

    ECC Routines 7.3.12 ECC F m Montgomery Modular Multiplication ((A × B × R ) mod N) The (A × B × R ) mod N calculation is the core function of the PKEU. This function is used to assist the point add and double routines in completing their functions. For ECC purposes, this function will rarely be used directly by the host processor.
  • Page 74 ECC Routines 7.3.13 ECC F m Montgomery Modular Multiplication ((A × B × R ) mod N) The (A × B × R ) mod N calculation is similar to the standard ‘R ’ Montgomery multiplication except an additional R is divided out. This function is ideal for those ECC applications which work in affine coordinates.

  • Page 75: Rsa Routines

    RSA Routines 7.4 RSA Routines For the RSA-related descriptions which follow, it is generally recommended that all memory block pointers (regAsel, regBsel, etc.) are set to zero. For the modular exponentiation routine, the pointers are actually ignored. For the multiplies, add, subtract, and R functions, it is possible to set these pointers and have the PKEU adhere to these settings.

  • Page 76: Integer Modular Exponentiation Register Usage

    RSA Routines Table 7-18. Integer Modular Exponentiation Integer Modular Exponentiation Computation S = (A’ * R mod N Entry name expA Entry address 0x007(expA) Pre-conditions A0-3 = A’ (the value A in the Montgomery residue system) N0-3 = modulus Run-time EXP(k) = msb exponent word (provided in 8-bit words throughout the exponentiation);...

  • Page 77: Rsa Montgomery Modular Multiplication ((A × B × R-1) Mod N)

    RSA Routines 7.4.2 RSA Montgomery Modular Multiplication ((A × B × R ) mod N) The (A × B × R ) mod N calculation is the core function of the PKEU. It is used to assist the exponentiation routine in completing its operation though it is also available to the host processor - typically to put messages into the Montgomery format.

  • Page 78: Modular Multiplication (With Double Reduction) Register Usage

    RSA Routines 7.4.3 RSA Montgomery Modular Multiplication ((A × B × R ) mod N) The (A × B × R ) mod N calculation is similar to the standard ‘R ’ Montgomery multiplication except an additional R is divided out. This function is particularly helpful when using the Chinese Remainder Theorem.

  • Page 79: Rsa Modular Add

    RSA Routines 7.4.4 RSA Modular Add Modular addition may be performed on any two vectors loaded into A (A0-A3) and B (B0-B3), where both of these vectors are less than the value stored in the modulus register N (N0-N3). The results are stored in the respective B register. This function is particularly helpful when using the Chinese Remainder Theorem.

  • Page 80: Modular Subtract Register Usage

    RSA Routines 7.4.5 RSA F Modular Subtract Modular addition may be performed on any two vectors loaded into A (A0-A3) and B (B0-B3), where both of these vectors are less than the value stored in the modulus register N (N0-N3). This is accomplished by computing A-B if A > B or A-B+N if A < B. The results are stored in the respective B register.

  • Page 81: Miscellaneous Routines

    Miscellaneous Routines 7.5 Miscellaneous Routines The remaining routines are general in nature and are not specific to any particular cryptographic algorithm. 7.5.1 Clear Memory This routine clears all of the RAM memory locations in the PKEU. This includes the A, B, and N RAMs.

  • Page 82: R 2 Mod N Calculation

    Miscellaneous Routines 7.5.2 R mod N Calculation The PKEU has the capability to calculate R mod N, where R = 2 and D is the number of digits of the modulus vector (Modsize+1, where Modsize is specified independently). This function is used to assist in placing operands into the Montgomery residue system. When possible, this value should be pre-computed.

  • Page 83: R P R N Mod P Calculation

    Miscellaneous Routines Initial Condition Final Condition mod N(⇑) modulus N(⇑) modulus N(⇑) ‘0’ - ECC disabled same EXP(k) ‘0’ - integer-modulo-n enabled same regAsel regBsel set (00) set (00) regNsel Modsize same EXP(k)_SIZE Figure 7-23. R mod N Register Usage 7.5.3 R mod P Calculation The PKEU has the ability to calculate R...
  • Page 84 Miscellaneous Routines Table 7-25. R mod P mod P Computation mod P, where R , and R ; D is the number of digits of the modulus P, and E is the number of digits of the modulus N, and D + 4 < E Entry name Entry address 0x00c(r2)

  • Page 85: Embedded Routine Performance

    Embedded Routine Performance 7.6 Embedded Routine Performance The formulas listed in Table 7-26 show the run times for the PKHA embedded routines. Many of these are data dependent, which result in variable length run times. For these cases, the average run-time is noted. Table 7-26.
  • Page 86 Embedded Routine Performance 7-36 MPC180E Security Processor User’s Manual PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE...

  • Page 87: Random Number Generator

    Chapter 8 Random Number Generator This chapter explains how to program the RNG (Random Number Generator) to create a random number. 8.1 Overview The RNG is a digital integrated circuit capable of generating 32-bit random numbers. It is designed to comply with the FIPS-140 standard for randomness and non-determinism. A linear feedback shift register (LSFR) and cellular automata shift register (CASR) are operated in parallel to generate pseudo-random data.

  • Page 88: Random Number Generator Registers

    Random Number Generator Registers repeating this process until the required number of 32-bit random words have been generated. Reads by the EBI can be repeated as soon as the ORDY bit is driven high again. The process is outlined as follows: •...

  • Page 89: Hardware Parameters

    Chapter 9 Hardware Parameters This chapter provides the AC and DC electrical specifications as well as the thermal characteristics of the MPC180E. 9.1 Absolute Maximum Ratings Table 9-1 lists ranges of basic parameters. Table 9-1. Absolute Maximum Ratings Characteristic Name Absolute Min Absolute Max Unit...

  • Page 90: Package Thermal Characteristics

    Package Thermal Characteristics 9.2 Package Thermal Characteristics Table 9-2 shows the thermal resistances for the 100 pin LQFP package. Table 9-2. Package Thermal Characteristics Rating Symbol Unit ° Junction to ambient (@200Ifm) Single–layer board Four–layer board ° Junction to board (bottom) °...

  • Page 91: Ac/Dc Electrical Characteristics

    AC/DC Electrical Characteristics 9.4 AC/DC Electrical Characteristics Table 9-4 shows DC electrical characteristics. Unless specified otherwise, conditions are as follows: = 0 V and T C to 120 ° ° Table 9-4. DC Electrical Characteristics Characteristic Name Units Power supply voltage—Core 1.65 —...

  • Page 92: Data Transfer

    Data Transfer Table 9-6 shows the AC timing specifications for data signals. Table 9-6. AC Timing Specifications—Signal Pins Condition Name Units Address setup time to MCLK rise — Address hold time from MCLK rise — Data (write) setup time to MCLK rise —...

  • Page 93: Exception Timing

    Exception Timing 9.7 Exception Timing An interrupt occurs when MPC180E asserts IRQ, indicating to the microprocessor that an event worth monitoring has happened. After the interrupt is received and processed by the microprocessor, the processor may read CSTAT to determine which execution unit caused the interrupt.

  • Page 94: Case Outline Package Dimensions

    Case Outline Package Dimensions 9.8 Case Outline Package Dimensions 0.2 T L–M 0.2 T L–M 4X 25 TIPS X = L, M OR N VIEW Y BASE METAL VIEW Y Ç Ç Ç É É Ç Ç Ç É É PLATING 0.08 L–M...
  • Page 95 Glossary of Terms and Abbreviations The glossary contains an alphabetical list of terms, phrases, and abbreviations used in this book. Some of the terms and definitions included in the glossary are reprinted from IEEE Std 754-1985, IEEE Standard for Binary Floating-Point Arithmetic, copyright ©1985 by the Institute of Electrical and Electronics Engineers, Inc.
  • Page 96 Bulk Data Encryption. The process of converting plaintext to ciphertext. Refers to encryption operations other than key exchange and hashing. Burst. A multiple-word data transfer whose total size is typically equal to a cache block. In MPC860 mode, four words. In MPC8260 mode, eight words.
  • Page 97 3DES. Triple DES. Encryption operation which permutes 64 bit blocks of plaintext with 64 bit keys three times. Triple DES is exponentially stronger than single DES encryption. Diffie-Hellman key exchange. A key exchange protocol allowing the participants to agree on a key over an insecure channel. Digest.
  • Page 98 FIFO. First in, first out. A buffer memory which supports in-order processing of data. FIPS. Federal Information Protection Standards. Fraction. In the binary representation of a floating-point number, the field of the significand that lies to the right of its implied binary point. Hashing.
  • Page 99 Latency. The number of clock cycles necessary to execute an instruction and make ready the results of that execution for a subsequent instruction. Least-significant bit (lsb). The bit of least value in an address, register, data element, or instruction encoding. Least-significant byte (LSB).
  • Page 100 Most-significant bit (msb). The highest-order bit in an address, registers, data element, or instruction encoding. Most-significant byte (MSB). The highest-order byte in an address, registers, data element, or instruction encoding. NIST. National Institute of Standards. U.S. Government Agency responsible for defining and certifying standards. Padding.
  • Page 101 RC4 algorithm. Byte oriented, therefore a byte of plaintext is encrypted with a permuted substitution box (S-box) key to produce a byte of ciphertext. The key is variable length and supports in byte increments key lengths from 40 bits to 128 bits, providing a wide range of strengths.
  • Page 102 SSL Security socket layer protocol. Invented by Netscape Communications, Inc. This protocol provides end-to-end encryption of application layer network traffic. Stall. An occurrence when an encryption operation cannot proceed to the next stage. Stream cipher. A secret-key encryption algorithm that operates on a bit at a time.
  • Page 103 XOR. A binary bitwise operator yielding the result one if the two values are different and zero otherwise. XOR is an abbreviation for exclusive- Glossary Glossary-9 PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE...
  • Page 104 Glossary-10 MPC180E Security Processor User’s Manual PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE...
  • Page 105 INDEX AC timing specifications, 9-3 AC/DC characteristics, 9-3 operation summary, 3–12 address map, 3–2 EBI (External Bus Interface), 3–4 AFEU (Arc Four Execution Unit), 1-5, 5–1 EBI seeExternal Bus Interface, 3–5 AFEU Control Register, 5–3 ECC routines AFEU Status Register, 5–2 m Add (Subtract), 7–22 Arc Four Execution Unit, 5–1 Montgomery...
  • Page 106 INDEX address map, 3–2 architecture features internal, 1-3 MPC180E, 1-1 system, 1-2 FIFO mode, 1-3, 3–12 block diagram, 1-4 features, 1-1 pinout, 2-4 IBCNT,seeInput Buffer Count, 3–11 IBCTL,seeInput Buffer Control, 3–9 ID register, 3–7 NC, 2-2 IMASK, 3–8 Initialization Vector, 4–4 Input Buffer Control Register, 3–9 Input Buffer Count Register, 3–11 OBCNT,seeOutput Buffer Count, 3–11...
  • Page 107 INDEX Random Number Generator status, 8–2 S-box I/J Register, 5–5 register S-box0 – S-box63 Memory Registers, 5–5 DEU Control, 4–2 SE, 2-3 registers signal description AFEU BURST, 2-1 Cipher, 5–4 CS, 2-1 clear interrupt, 5–3 R/W, 2-1 control, 5–3 TS, 2-1 key length, 5–3 signal descriptions, 2-1–2-3 key registers, 5–3...
  • Page 108 INDEX Index-4 MPC180E Security Processor User’s Manual PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE...
  • Page 109 Overview Signal Descriptions External Bus Interface and Memory Map Data Encryption Standard Execution Unit Arc Four Execution Unit Message Digest Execution Unit Public Key Execution Unit Random Number Generator Hardware Parameters Glossary of Terms and Abbreviations...
  • Page 110 Overview Signal Descriptions External Bus Interface and Memory Map Data Encryption Standard Execution Unit Arc Four Execution Unit Message Digest Execution Unit Public Key Execution Unit Random Number Generator Hardware Parameters Glossary of Terms and Abbreviations...

Table of Contents