MOTOROLA MPC180LMB User Guide

查询MPC180LMB供应商

MPC180LMB Security Processor

User’s Manual

PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE

MPC180LMBUM/D

Rev. 0, 3/2002

DigitalDNA, PowerQUICC, and PowerQUICC II are trademarks of Motorola, Inc.
The PowerPC name, the PowerPC logotype, and PowerPC 603e are trademarks of International Business Machines Corporation

used by Motorola under license from International Business Machines Corporation.

2

I

C is a registered trademark of Philips Semiconductors

This document contains information on a new product under development. Motorola reserves the right to change or discontinue this
product without notice. Information in this document is provided solely to enable system and software implementers to use Motorola
security processors. There are no express or implied copyright licenses granted hereunder to design or fabricate Motorola security
processors integrated circuits or integrated circuits based on the information in this document.

Motorola reserves the right to make changes without further notice to any products herein. Motorola makes no warranty,
representation or guarantee regarding the suitability of its products for any particular purpose, nor does Motorola assume any liability
arising out of the application or use of any product or circuit, and specifically disclaims any and all liability, including without limitation
consequential or incidental damages. “Typical” parameters can and do vary in different applications. All operating parameters,
including “Typicals” must be validated for each customer application by customer’s technical experts. Motorola does not convey any
license under its patent rights nor the rights of others. Motorola products are not designed, intended, or authorized for use as
components in systems intended for surgical implant into the body, or other applications intended to support or sustain life, or for any
other application in which the failure of the Motorola product could create a situation where personal injury or death may occur.
Should Buyer purchase or use Motorola products for any such unintended or unauthorized application, Buyer shall indemnify and
hold Motorola and its officers, employees, subsidiaries, affiliates, and distributors harmless against all claims, costs, damages, and
expenses, and reasonable attorney fees arising out of, directly or indirectly, any claim of personal injury or death associated with such
unintended or unauthorized use, even if such claim alleges that Motorola was negligent regarding the design or manufacture of the
part. Motorola and are registered trademarks of Motorola, Inc. Motorola, Inc. is an Equal Opportunity/Affirmative Action Employer.

Motorola Literature Distribution Centers:
USA/EUROPE: Motorola Literature Distribution; P.O. Box 5405; Denver, Colorado 80217; Tel.: 1-800-441-2447 or 1-303-675-2140/

JAPAN: Nippon Motorola Ltd SPD, Strategic Planning Office 4-32-1, Nishi-Gotanda Shinagawa-ku, Tokyo 141, Japan Tel.: 81-3­5487-8488

ASIA/PACIFC: Motorola Semiconductors H.K. Ltd.; 8B Tai Ping Industrial Park, 51 Ting Kok Road, Tai Po, N.T., Hong Kong;

Tel.: 852-26629298

Technical Information: Motorola Inc. SPS Customer Support Center 1-800-521-6274; electronic mail address:

crc@wmkmail.sps.mot.com.

Document Comments: FAX (512) 933-3873, Attn: Security Processor Applications Engineering.
World Wide Web Addresses: http://www.motorola.com/smartnetworks/products/security

http://www.mot.com/netcomm
http://www.mot.com/PowerPC
http://www.mot.com/HPESD

© Motorola Inc. 2002. All rights reserved.

Overview

1

Signal Descriptions

External Bus Interface and Memory Map

Data Encryption Standard Execution Unit

Arc Four Execution Unit

Message Digest Execution Unit

Public Key Execution Unit

Random Number Generator

2

3

4

5

6

7

8

Glossary of Terms and Abbreviations

PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE

GLO

1

Overview

2

3

4

5

6
7

8

Signal Descriptions
External Bus Interface and Memory Map
Data Encryption Standard Execution Unit
Arc Four Execution Unit
Message Digest Authentication Unit

Public Key Execution Unit
Random Number Generator

GLO

Glossary of Terms and Abbreviations

PRELIMINARY—SUBJECT TO CHANGE WITHOUT NOTICE

v

CONTENTS

Paragraph
Number

Title

Page

Number

Chapter 1

Overview

1.1 Features............................................................................................................... 1-1

1.2 System Architecture............................................................................................ 1-2

1.3 Architectural Overview....................................................................................... 1-3

1.3.1 Public Key Execution Unit (PKEU)............................................................... 1-4

1.3.2 Data Encryption Standard Execution Unit (DEU).......................................... 1-4

1.3.3 Arc Four Execution Unit (AFEU) .................................................................. 1-5

1.3.4 Message Authentication Unit (MAU)............................................................. 1-5

1.3.5 Random Number Generator (RNG)................................................................ 1-5

1.3.6 Software and Hardware Support..................................................................... 1-6

Chapter 2

Signal Descriptions

2.1 Signal Descriptions............................................................................................. 2-1

Chapter 3

External Bus Interface and Memory Map

3.1 Execution Unit Registers .................................................................................... 3–1

3.2 Address Map....................................................................................................... 3–2

3.3 External Bus Interface......................................................................................... 3–4

3.3.1 EBI Registers.................................................................................................. 3–5

3.3.1.1 Command/Status Register (CSTAT).......................................................... 3–5

3.3.1.2 ID Register.................................................................................................. 3–7

3.3.1.3 IMASK Register......................................................................................... 3–8

3.3.1.4 Input Buffer Control (IBCTL) and Output Buffer Control (OBCTL) Registers
3–9

3.3.1.5 Input Buffer Count (IBCNT) and Output Buffer Count (OBCNT) Registers...
3–11

3.4 EBI Controller Operation.................................................................................. 3–11

3.4.1 Buffer Accesses (FIFO Mode)...................................................................... 3–11

Contents

vi

CONTENTS

Paragraph
Number

Title

Page

Number

Chapter 4

Data Encryption Standard Execution Unit

4.1 Operational Registers.......................................................................................... 4–1

4.1.1 DEU Control Register (DCR)......................................................................... 4–2

4.1.2 DEU Configuration Register (DCFG)............................................................ 4–2

4.1.3 DEU Status Register (DSR)............................................................................ 4–3

4.1.4 Key Registers.................................................................................................. 4–4

4.1.5 Initialization Vector........................................................................................ 4–4

4.1.6 DATAIN......................................................................................................... 4–4

4.1.7 DATAOUT..................................................................................................... 4–4

Chapter 5

Arc Four Execution Unit

5.1 Arc Four Execution Unit Registers..................................................................... 5–1

5.1.1 Status Register ................................................................................................ 5–2

5.1.2 Control Register.............................................................................................. 5–3

5.1.3 Clear Interrupt Register .................................................................................. 5–3

5.1.4 Key Length Register....................................................................................... 5–3

5.1.5 Key (Low/Lower-middle/Upper-middle/Upper) Register.............................. 5–3

5.1.6 Message Byte Double-Word Register ............................................................ 5–4

5.1.7 Message Register............................................................................................ 5–4

5.1.8 Cipher Register............................................................................................... 5–4

5.1.9 S-box I/J Register............................................................................................ 5–5

5.1.10 S-box0 – S-box63 Memory............................................................................. 5–5

Chapter 6

Message Digest Execution Unit

6.1 Operational Registers.......................................................................................... 6–1

6.1.1 MDEU Version Identification Register (MID)............................................... 6–2

6.1.2 MDEU Control Register (MCR)..................................................................... 6–2

6.1.3 Status Register (MSR).................................................................................... 6–4

6.1.4 Message Buffer (MB0—MB15)..................................................................... 6–5

6.1.5 Message Digest Buffer (MA–ME) ................................................................. 6–5

Chapter 7

Public Key Execution Unit

7.1 Operational Registers.......................................................................................... 7–1

7.1.1 PKEU Version Identification Register (PKID) .............................................. 7–1

MPC180LMB Security Processor User’s Manual

CONTENTS

Paragraph
Number

Title

Page

Number

7.1.2 Control Register (PKCR)................................................................................ 7–2

7.1.3 Status Register (PKSR)................................................................................... 7–3

7.1.4 Interrupt Mask Register (PKMR)................................................................... 7–4

7.1.5 EXP(k) Register.............................................................................................. 7–6

7.1.6 Program Counter Register (PC)...................................................................... 7–6

7.1.7 Modsize Register ............................................................................................ 7–7

7.1.8 EXP(k)_SIZE.................................................................................................. 7–7

7.2 Memories ............................................................................................................ 7–7

7.3 ECC Routines ..................................................................................................... 7–8

7.3.1 ECC Fp Point Multiply................................................................................... 7–8

7.3.2 ECC Fp Point Add........................................................................................ 7–11

7.3.3 ECC Fp Point Double................................................................................... 7–12

7.3.4 ECC Fp Modular Add................................................................................... 7–13

7.3.5 ECC Fp Modular Subtract ............................................................................ 7–14

7.3.6 ECC Fp Montgomery Modular Multiplication

B × R-1) mod N) 7–15

((A ×

7.3.7 ECC Fp Montgomery Modular Multiplication

B × R-2) mod N) 7–16

((A ×

m

7.3.8 ECC F2

7.3.9 ECC F2

7.3.10 ECC F2

7.3.11 ECC F2

7.3.12 ECC F2

((A ×

7.3.13 ECC F2

((A ×

Polynomial-Basis Point Multiply................................................. 7–17

m

Point Add...................................................................................... 7–19

m

Point Double................................................................................ 7–21

m

Add (Subtract)............................................................................. 7–22

m

Montgomery Modular Multiplication

B × R-1) mod N) 7–23

m

Montgomery Modular Multiplication

B × R-2) mod N) 7–24

7.4 RSA Routines ................................................................................................... 7–25

-1

EXP

R

)

7.4.1 (A ×

mod N .................................................................................... 7–25

7.4.2 RSA Montgomery Modular Multiplication

((A ×

B × R-1) mod N) 7–27

7.4.3 RSA Montgomery Modular Multiplication

((A ×

B × R-2) mod N) 7–28

7.4.4 RSA Modular Add........................................................................................ 7–29

7.4.5 RSA Fp Modular Subtract ............................................................................ 7–30

7.5 Miscellaneous Routines.................................................................................... 7–31

7.5.1 Clear Memory............................................................................................... 7–31

2

7.5.2 R

7.5.3 R

mod N Calculation................................................................................... 7–32

R

mod P Calculation .............................................................................. 7–33

p

N

7.6 Embedded Routine Performance ...................................................................... 7–35

Chapter 8

Random Number Generator

Contents

vii

CONTENTS

Paragraph
Number

8.1 Overview............................................................................................................. 8–1

8.2 Functional Description........................................................................................ 8–1

8.3 Typical Operation ............................................................................................... 8–1

8.4 Random Number Generator Registers................................................................ 8–2

8.4.1 Status Register ................................................................................................ 8–2

Title

Page

Number

Glossary of Terms and Abbreviations

viii

MPC180LMB Security Processor User’s Manual

ix

ILLUSTRATIONS

Figure
Number

Title

Page

Number

1-1 Typical MPC8xx System Example............................................................................... 1-2

1-2 Typical MPC8260 System Example............................................................................. 1-3

1-3 MPC180 Block Diagram...............................................................................................1-3

2-1 MPC180 Pin Diagram................................................................................................... 2-4

3-1 MPC180 Execution Unit Registers...............................................................................3–1

3-2 Command/Status Register (CSTAT) ............................................................................3–6

3-3 ID Register....................................................................................................................3–8

3-4 IMASK Register ...........................................................................................................3–9

3-5 Input Buffer Control (IBCTL) and Output Buffer Control (OBCTL) Registers........3–10

3-6 Input Buffer Count (IBCNT) and Output Buffer Count (OBCNT) Registers...........3–11

4-1 DES Control Register (DCR)........................................................................................4–2

4-2 DEU Configuration Register (DCFG)..........................................................................4–2

4-3 DES Status Register (DSR) ..........................................................................................4–3

5-1 Arc Four Execution Unit Status Register......................................................................5–2

5-2 Arc Four Execution Unit Control Register...................................................................5–3

5-3 Arc Four Execution Unit Message Byte Double-Word Register..................................5–4

6-1 MDEU Control Register (MCR)...................................................................................6–2

6-2 MDEU Status Register (MSR)......................................................................................6–4

7-1 PKEU Control Register (PKCR) ..................................................................................7–2

7-2 PKEU Status Register (PKSR) .....................................................................................7–4

7-3 PKEU Interrupt Mask Register (PKMR)......................................................................7–5

7-4 ECC Fp Point Multiply Register Usage........................................................................7–9

7-5 ECC Fp Point Add Register Usage.............................................................................7–11

7-6 ECC Fp Point Double Register Usage........................................................................7–12

7-7 Modular Add Register Usage......................................................................................7–13

7-8 Modular Subtract Register Usage...............................................................................7–14

7-9 Modular Multiplication Register Usage......................................................................7–15

7-10 Modular Multiplication (with double reduction) Register Usage...............................7–16

m

7-11 ECC F2
7-12 ECC F2
7-13 ECC F2
7-14 F2
7-15 F2
7-16 F2

m
m
m

Point Multiply I/O......................................................................................7–18

m

Point Add Register Usage ..........................................................................7–20

m

Point Double Register Usage .....................................................................7–21

Modular Add (Subtract) Register Usage.............................................................7–22

Modular Multiplication Register Usage..............................................................7–23

Modular Multiplication (with double reduction) Register Usage.......................7–24

7-17 Integer Modular Exponentiation Register Usage........................................................7–26

7-18 Modular Multiplication Register Usage......................................................................7–27

Contents

ILLUSTRATIONS

x

Figure
Number

Title

Page

Number

7-19 Modular Multiplication (with double reduction) Register Usage...............................7–28

7-20 Modular Add Register Usage......................................................................................7–29

7-21 Modular Subtract Register Usage...............................................................................7–30

7-22 Clear Memory Register Usage....................................................................................7–31

2

7-23 R
7-24 R

mod N Register Usage...........................................................................................7–33

R

mod P Register Usage ......................................................................................7–34

P

N

8-1 RNG Status Register.....................................................................................................8–2

MPC180LMB Security Processor User’s Manual

TABLES

Table
Number

Title

Page

Number

2-1 Pin Descriptions............................................................................................................ 2-1

3-1 32-Bit System Address Map.........................................................................................3–2

3-2 EBI Registers................................................................................................................3–5

3-3 CSTAT Field Descriptions ...........................................................................................3–6

3-4 ID Field Descriptions....................................................................................................3–8

3-5 IMASK Field Descriptions...........................................................................................3–9

3-6 IBCTL Field Descriptions...........................................................................................3–10

3-7 OBCTL Register Field Descriptions...........................................................................3–10

4-1 Data Encryption Standard Execution Unit (DEU) Registers........................................4–1

4-2 DCR Field Descriptions................................................................................................4–2

4-3 DCFG Field Descriptions .............................................................................................4–3

4-4 DSR Field Descriptions ................................................................................................4–3

5-1 Arc Four Execution Unit (AFEU) Registers.................................................................5–1

5-2 AFEU Status Register Field Descriptions.....................................................................5–2

5-3 AFEU Control Register Field Descriptions..................................................................5–3

6-1 Message Digest Execution Unit (MDEU) Registers ....................................................6–1

6-2 MCR Field Descriptions...............................................................................................6–3

6-3 MSR Field Descriptions................................................................................................6–4

7-1 PKEU Registers............................................................................................................7–1

7-2 PKCR Field Descriptions..............................................................................................7–2

7-3 PKSR Field Descriptions..............................................................................................7–4

7-4 PKMR Field Descriptions.............................................................................................7–5

7-5 ECC Fp Point Multiply.................................................................................................7–8

7-6 ECC Fp Point Add......................................................................................................7–11

7-7 ECC Fp Point Double .................................................................................................7–12

7-8 Modular Add...............................................................................................................7–13

7-9 Modular Subtract ........................................................................................................7–14

7-10 Modular Multiplication...............................................................................................7–15

7-11 Modular Multiplication (with double reduction)........................................................7–16

m

7-12 ECC F2
7-13 ECC F2
7-14 ECC F2
7-15 F2
7-16 F2
7-17 F2

m
m
m

Point Multiply.............................................................................................7–17

m

Point Add....................................................................................................7–20

m

Point Double...............................................................................................7–21

Modular Add (Subtract)......................................................................................7–22

Modular Multiplication.......................................................................................7–23

Modular Multiplication (with double reduction) ................................................7–24

7-18 Integer Modular Exponentiation.................................................................................7–26

Contents

xi

TABLES

Table
Number

Title

Page

Number

7-19 Modular Multiplication...............................................................................................7–27

7-20 Modular Multiplication (with double reduction)........................................................7–28

7-21 Modular Add...............................................................................................................7–29

7-22 Modular Subtract ........................................................................................................7–30

7-23 Clear Memory.............................................................................................................7–31

2

7-24 R
7-25 R

mod N ....................................................................................................................7–32

R

mod P................................................................................................................7–34

p

N

7-26 Run Time Formulas ....................................................................................................7–35

8-1 Random Number Generator Registers..........................................................................8–2

8-2 RNG Status Register Field Descriptions.......................................................................8–2

xii

MPC180LMB Security Processor User’s Manual

Chapter 1
Overview

This chapter gives an overview of the MPC180 security processor, including the key
features, typical system architecture, and the MPC180 internal architecture.

1.1 Features

The MPC180 is a flexible and powerful addition to an y netw orking system currently using
Motorola’s MPC8xx or MPC826x family of PowerQUICC™ communication processors.
The MPC180 is designed to off-load computationally intensive security functions such as
key generation and exchange, authentication, and bulk data encryption.

The MPC180 is optimized to process all of the algorithms associated with IPSec, IKE,
WTLS/WAP and SSL/TLS. In addition, the MPC180 is the only security processor on the
market capable of executing the elliptic curv e cryptography that is especially important for
secure wireless communications.

MPC180 features include the following:

• Public key execution unit (PKEU), which supports the following:
— RSA and Diffie-Hellman

– Programmable field size 80- to 2048-bits
– 1024-bit signature time of 32ms
– 10 IKE handshakes/second

— Elliptic Curve operations in either F 2 m or F p

– Programmable field size from 55- to 511-bits
– 155-bit signature time of 11ms
– 30 IKE handshakes/second

• Message authentication unit (MAU)
— SHA-1 with 160-bit message digest
— MD5 with 128-bit message digest
— HMAC with either algorithm

• Data encryption standard execution units (DEUs)
— DES and 3DES algorithm acceleration

– Two key (K1, K2, K1) or Three key (K1, K2, K3)

Chapter 1. Overview 1-1

System Architecture

— ECB and CBC modes for both DES and 3DES
— 15 Mbps 3DES-HMAC-SHA-1 (memory to memory)

• ARC four execution unit (AFEU)
— Implements a stream cipher compatible with the RC4 algorithm
— 40- to 128-bit programmable key
— 20 Mbps ARC Four performance (memory to memory)

• Random Number Generator (RNG)
— Supplies up to 160 bit strings at up to 5 Mbps data rate

• Input Buffer (4kbits)

• Output Buffer (4kbits)

• Glueless interface to MPC8xx system or MPC826x local bus (50MHz and 66MHz
operation)

• DMA hardware handshaking signals for use with the MPC826x

• 1.8v Vdd, 3.3v I/O

• 100pin LQFP package

• HIP4 0.25µm process

1.2 System Architecture

The MPC180 works well in most load/store, memory-mapped systems. An external
processor may execute application code from its R OM and RAM, using RAM and optional
non-volatile memory (such as EEPR OM) for data storage. Figure 1-1 shows an e xample of
the MPC180 in an MPC8xx system, and Figure 1-2 shows the MPC180 connected to the
local bus of the MPC826x. In these examples, the MPC180 resides in the memory map of
the processor; therefore, when an application requires cryptographic functions, it reads and
writes to the appropriate memory location in the security processor.

EEPROM

MPC860

MPC180

System Bus

1-2

SDRAM

I/O or Network

Interface

Figure 1-1. Typical MPC8xx System Example

MPC180LMB Security Processor User’s Manual

Architectural Overview

EEPROM

SDRAM

DIMMs

60x Bus

MPC8260

SDRAM

I/O or Network

Interface

MPC180

Local Bus

SDRAM

Figure 1-2. Typical MPC8260 System Example

1.3 Architectural Overview

The MPC180 has a slave interface to the MPC8xx system b us and MPC8260 local b us and
maps into the host processor’s memory space. Each encryption algorithm is mapped to a
unique address space. To perform encryption operations, the host reads and writes to the
MPC180 to setup the execution unit and, then, transfers data to the execution unit directly
or through the external bus interface.

In FIFO mode, the MPC180 accepts data into the 4-Kbit input buffer and returns b urst data
through the output buffer. In this way, the host can automatically transfer bulk data
through a given EU. This minimizes host management overhead and increases overall
system throughput. Once the host configures the external bus interface (EBI), it receives
an interrupt only after all data has been transferred or processed by the MPC180.

DMA Request

8xx/6xx

I/F

(Slave)

External Bus Interface

DMA Request

INPUT

4K bit
FIFO

Controller

OUTPUT

4K bit
FIFO

DMA
Logic

DMA
Logic

RSA
ECC

SHA-1

MD 5

DES/
3DES

ARC4

RNG

Figure 1-3. MPC180 Block Diagram

Chapter 1. Overview 1-3

Architectural Overview

The interrupt controller organizes hardware interrupts coming from individual EUs into a
single maskable interrupt, IRQ_B, for the host processor. Multiple internal interrupt
sources are logically ORed to create a single, non-prioritized interrupt for the host
processor. The controller lets the host read the unmasked interrupt source status as well as
the request status of masked interrupt sources, thereby indicating whether a given
unmasked interrupt source will generate an interrupt request to the host processor.

1.3.1 Public Key Execution Unit (PKEU)

The PKEU is capable of performing many advanced mathematical functions to support
RSA and Diffie-Hellman as well as ECC in both F 2 m (polynomial-basis) and F p. The
accelerator supports all levels of functions to assist the host microprocessor in performing
its desired cryptographic function. For example, at the highest level, the accelerator
performs modular exponentiations to support RSA and point multiplies to support ECC. At
lower levels, the PKEU can perform simple operations such as modular multiplies.

1.3.2 Data Encryption Standard Execution Unit (DEU)

The DEU is used for bulk data encryption. It can also execute the Triple-DES algorithm,
which is based on DES. The host processor supplies data to the DEU as input, and this
data is encrypted and made available for reading. The session key is input to the DEU
prior to encryption. The DEU computes the data encryption standard algorithm (ANSI
X3.92) for bulk data encryption and decryption.

DES is a block cipher that uses a 56-bit key to encrypt 64-bit blocks of data, one block at a
time. DES is a symmetric algorithm; therefore, each of the two communicating parties
share the same 56-bit key. DES processing begins after this shared session key is agreed
upon. The message to be encrypted (typically plain text) is partitioned into n sets of 64-bit
blocks. Each block is processed, in turn, by the DES engine, producing n sets of encrypted
(ciphertext) blocks. Decryption is handled in the rev erse manner. The ciphertext blocks are
processed one at a time by a DES module in the recipient’s system. The same key is used,
and the DEU manages the key processing internally so that the plaintext blocks are
recovered.

The DES/3DES execution unit supports the following modes:

• ECB (electronic code book)

• CBC (cipher block chaining)

In addition to these modes, the DEU can compute T riple-DES. Triple-DES is an extension
to the DES algorithm in which every 64-bit input block is processed three times. There are
several ways that Triple-DES can be computed. The DES accelerator on the MPC180
supports two key (K1, K2, K1) or three key (K1, K2, K3) Triple-DES.

THe MPC180 supports two of the modes of operation defined for Triple-DES (see draft
ANSI Standard X9.52-1998):

• TECB (Triple DES analogue of ECB)

1-4 MPC180LMB Security Processor User’s Manual

Architectural Overview

• TCBC (Triple DES analogue of CBC)

1.3.3 Arc Four Execution Unit (AFEU)

The AFEU processes an algorithm that is compatible with the RC4 stream cipher from
RSA Security, Inc. The RC4 algorithm is byte-oriented; therefore, a byte of plaintext is
encrypted with a key to produce a byte of ciphertext. The key is variable length, and the
AFEU supports 40-bit to 128-bit key lengths, providing a wide range of security levels.
RC4 is a symmetric algorithm, so each of the two communicating parties share the same
key .

AFEU processing begins after this shared session key is agreed upon. The plaintext
message to be encrypted is logically partitioned into n sets of 8-bit blocks. In practice, the
host processor groups 4 bytes at a time into 32-bit blocks and write that data to the AFEU.
The AFEU internally processes each w ord one byte at a time. The AFEU engine processes
each block in turn, byte by byte, producing n sets of encrypted (ciphertext) blocks.
Decryption is handled in the reverse manner. The ciphertext blocks are processed one at a
time by an AFEU in the recipient’s system. The same key is used, and the AFEU manages
the key processing internally so that the plaintext blocks are recovered.

The AFEU accepts data in 32-bit words per write cycle and produces 4 bytes of ciphertext
for every 4 bytes of plaintext. Before any processing occurs, the key data is written to the
AFEU, after which an initial permutation on the key happens internally. After the initial
permutation is finished, processing on 32-bit words can begin.

1.3.4 Message Authentication Unit (MAU)

The MAU can perform SHA-1, MD5 and MD4, three of the most popular public message
digest algorithms. At its simplest, the MAU receives 16 32-bit registers containing a
message, and produces a hashed message of 128 bits for MD4/MD5 and 160 bits for
SHA-1. The MAU also includes circuitry to automate the process of generating an HMAC
(hashed message authentication code) as specified by RFC 2104. The HMAC can be built
upon any of the hash functions supported by MAU.

1.3.5 Random Number Generator (RNG)

Because many cryptographic algorithms use random numbers as a source for generating a
secret value, it is desirable to have a private RNG for use by the MPC180. The anonymity
of each random number must be maintained, as well as the unpredictability of the next
random number. The private RNG allows the system to develop random challenges or
random secret keys. The secret key can thus remain hidden from even the high-level
application code, providing an added measure of physical security. The RNG is also useful
for digital signature generation.

The RNG is a digital integrated circuit capable of generating 32-bit random numbers. It is
designed to comply with FIPS-140 standards for randomness and non-determinism. The
RNG creates an unpredictable sequence of bits and assembles a string of those bits into a
register. The random number in that register is accessible to the host through the host

Chapter 1. Overview 1-5

Architectural Overview

interface of the RNG.

1.3.6 Software and Hardware Support

Customers will have access to device drivers integrated with the WindRiver VxWorks OS.
Sample drivers will also be provided to customers wishing to integrate MPC180 support
into other operating systems.

Third-party support for the MPC180 includes a development system for both the MPC860
and the MPC8260. The WindRiver/EST SBC8260C development system and Zephyr
Engineering ZPC860C, both of which include a board support package, are available to
accelerate customer design cycles.

1-6 MPC180LMB Security Processor User’s Manual

Chapter 2
Signal Descriptions

This chapter provides a pinout diagram and signal descriptions for the MPC180 security
processor.

2.1 Signal Descriptions

Table 2-1 groups pins by functionality.

Table 2-1. Pin Descriptions

Signal name

A[18:29] 62, 64, 66,

D[0:31] 1, 2, 4, 6, 7,

CS

R/W

URST 55 I Burst Transaction. Active low signal used in the 8260 interface that indicates when

B

Pin

locations

67, 68, 70,
72–75, 77,

78

9, 11, 12,
14, 16-18,
20, 22, 24,
28–32, 34,
36, 37, 38,
87, 89, 90,
92, 94, 96,
98, 99

56 I Chip Select. Active low signal that indicates when a data transfer is intended for

54 I Read/Write. Read/write line

Signal

type

Signal pins

I Address—address bus from the processor core. These bits are decoded in the

MPC180 to produce the individual module select lines to the execution units. Note
that the processor address bus might be 32 bits wide, while the MPC180 address
bus is only 12 bits wide.

msb = bit 0
lsb = bit 31

I/O Data—bidirectional data bus. This bus is connected directly to the processor core.

msb = bit 0
lsb = bit 31

the MPC180.

1 read cycle
0 write cycle

the current read/write is a burst transfer.

Description

TS

53 I Transfer Start. Transfer start pin for control port. This signal is asserted by the

850/860 to indicate the start of a bus cycle that transfers data to or from the
MPC180. This is used by the MPC180 along with CS
transfer.

Chapter 2. Signal Descriptions 2-1

, R/W, and A to begin a

Signal Descriptions

Table 2-1. Pin Descriptions (Continued)

Signal name

PSDVAL 82 I Data valid. This active low signal is ignored when CONFIG=0 (MPC860 Mode), but

T

A /

LUPMWAIT

RESET

CONFIG 57 I Configuration. Input that indicates whether the interface is to an MPC860 or

ENDIAN 40 I Endian. Active high for big endian mode. Low for little endian mode.

IRQ

Pin

locations

61 O Transfer Acknowledge. This active low signal is used in 860 mode and is asserted

52 I Reset. Asynchronous reset signal for initializing the chip to a known state. It is

85 O Interrupt Request. Interrupt line that signifies that one or more execution units

Signal

type

Description

is active in MPC8260 Mode. The assertion of PSD
valid on the data bus.

by the MPC180 when a successful read or write has occurred.
Local UPM wait. This active high signal is used in 8260 mode and is asserted to

indicate the number of wait states for a transaction.

Miscellaneous pins

highly recommended that this signal be connected to a dual hardware/software
reset function. Thus, the system designer can reset the MPC180 chip with optimal
flexibility.

MPC8260

1 8260 interface
0 860 interface

1 big endian
0 little endian

modules has asserted its IRQ

hardware interrupt.

VAL indicates that a data beat is

NC 26, 27, 49,

50, 51, 76,
100

DREQ1 83 O DMA Request 1. Active high signal which indicates that either the input or output

DREQ2 84 O DMA request 2. Active high signal which indicates that either the input or output

CLK 59 I Master clock input

TCK 47 I JTAG test clock
TDI 48 I JTAG test data input
TDO 44 I JTAG test data output
TMS 46 I JTAG test mode select
TRST

45 I JTAG test reset

— No connection to the pin

DMA Hardware Handshake pins

buffer is requesting data transfer by the host or DMA controller. DREQ1 and
DREQ2 are each programmable to refer to the MPC180 chip input buffer or output
buffer. This signal is designed to interoperate with a PowerQUICC IDMA channel.

buffer is requesting data transfer by the host or DMA controller. DREQ1 and
DREQ2 are each programmable to refer to the MPC180 Chip input b uff er or output
buffer. This signal is designed to interoperate with a PowerQUICC IDMA channel.

Clock

Test

2-2 MPC180LMB Security Processor User’s Manual

Table 2-1. Pin Descriptions (Continued)

Signal Descriptions

Signal name

IVDD 10, 21, 41,

OVDD 5, 15, 25,

OVSS 3, 13, 23,

IVSS 8, 19, 39,

Pin

locations

60, 71, 93

35, 43, 65,
81, 88, 97

33, 42, 63,
79, 80, 86,
95

58, 69, 91

Signal

type

Power and Ground

I +1.8 Volts (power pins for core logic)

I +3.3 Volts (Power pins for I/O pads)

I 0 V olts (Ground)

I 0 V olts (Ground)

Description

Chapter 2. Signal Descriptions 2-3

Signal Descriptions

Figure 2-1 shows the MPC180 pinout.

D29 1
D21 2

OVSS 3

D13

OVDD 5

D5

D28

IVSS 8

D20

IVDD 10

D12

D4

OVSS 13

D27

OVDD 15

D19

D11 17

D3

IVSS 19

D26

IVDD 21

D18

OVSS 23

D10 24

OVDD

4

6
7

9

11
12

14

16

18

20

22

25

NC

100

26

D6

99

D14

98

27

OVDD

97

28

D22

96

OVSS

95

D30

94

IVDD

93

D7

92

IVSS

91

D1590D23

89

OVDD

88

MPC180 Pinout

29

30D931

32

33

34

35

36

37

38

D31

87

39

OVSS

86

40

DREQ2

IRQ

85

848382

41

42

VAL
PSD

DREQ1

43

44

OVDD

81

45

OVSS

80

46

OVSS

79

47

A29

78

48

A28

77

49

NC

76

75

A27
A2674
A2573
A2472
IVDD71
A2370
IVSS69
A2268
A2167
A2066
OVDD65
A1964
OVSS63
A18

62
61

TA / LUPMWAIT

60

IVDD
CLK

59

IVSS

58

CONFIG

57

CS56
BURST55

54

R/W

53

TS

52

RESET

51

NC

50

NC

NC

D2

D25

D17

D1

OVSS

D24

OVDD

D16

D8

D0

IVSS

IVDD

OVSS

ENDIAN

OVDD

TDO

TMS

TRST

Figure 2-1. MPC180 Pin Diagram

2-4 MPC180LMB Security Processor User’s Manual

TCK

TDI

NC

NC

Chapter 3
External Bus Interface and Memory Map

This chapter describes the MPC180 address map, the External Bus Interface (EBI), and EBI
registers.

3.1 Execution Unit Registers

Each MPC180 execution unit has a dedicated set of registers. The MPC180 has a unified
memory map that allows software addressibility to all internal registers. Figure 3-1 lists
each MPC180 register and its 12-bit MPC180 chip address.

A00
A40
A80
B00
B01
B02
B03
B04
B05
B06
B07
B08
B09

000
010
015
016
017
018

PKEU

BRAM [64x32]
ARAM [64x32]

NRAM[64x32]

EXP(k)

Control [CR]

Status [SR]

Mask [MR]

Instruction [IR]

Prog. counter [PC]

Clear interrupt

Modulus size

EXP(k) size

Device ID

MDEU

MDMB [0–15]

Digest [0–4]

Control [CR]

Status [SR]

Clear interrupt

Device ID

200
201
202
203
204
205
206
207
208
209
20A

20B
20C
20D
20E

600
602

DEU

Control

Status

Key1-right

Key1-left

Key2-right

Key2-left

Key3-right

Key3-left

IV-right

IV-left

DATAIN_R

DATAIN_L

DATAOUT_R

DATAOUT_L

Configuration

RNG

Command/status
AutoRand output

A00
A80

B00
B01
B02
B03
B04
B05
B06

400
401
402
403
404
408
409
40A

40B
410

EBI

Input buffer

Output buffer

CSTAT

ID register

IMASK

IBCTL

IBCNT

OBCTL

OBCNT

AFEU

Control

Status

Clear interrupt

Key length
Key data[0–3]
Last sub msg

Plaintext-in

Ciphertext-out

Context I/J

Context SBox[0–63]

Figure 3-1. MPC180 Execution Unit Registers

Chapter 3. External Bus Interface and Memory Map 3-1

Address Map

Most of these registers are read and write, however some have special permissions. See
Table 3-1 for more information. The 12-bit MPC180 address of each register is shown ne xt
to the register name. All registers are assumed to be 32 bits wide; however, registers that
contain fewer bits will return 0 (or a known value) on unused bits for that bus transaction
only. Many registers contain multiple 32-bit words. If so, the number of words in the
register set is shown in brackets after the name. Indi vidual e x ecution unit chapters describe
how to use these registers, the bit assignments, and bit ordering.

3.2 Address Map

Table 3-1 lists the addresses for all registers in each execution unit. The 12-bit MPC180
address bus value is shown along with a 32-bit host processor address bus value.

Table 3-1. 32-Bit System Address Map

MPC180 12-Bit Address Processor 32-Bit Address Register Type

MDEU: 0x000–0x1FF

0x000 0x0000_0000 Message buffer(MB0) W
0x001 0x0000_0004 Message buffer(MB1) W
0x002 0x0000_0008 Message buffer(MB2) W
0x003 0x0000_000C Message buffer(MB3) W
0x004 0x0000_0010 Message buffer(MB4) W
0x005 0x0000_0014 Message buffer(MB5) W
0x006 0x0000_0018 Message buffer(MB6) W
0x007 0x0000_001C Message buffer(MB7) W
0x008 0x0000_0020 Message buffer(MB8) W

0x009 0x0000_0024 Message buffer(MB9) W
0x00A 0x0000_0028 Message buffer(MB10) W
0x00B 0x0000_002C Message buffer(MB11) W
0x00C 0x0000_0030 Message buffer(MB12) W
0x00D 0x0000_0034 Message buffer(MB13) W
0x00E 0x0000_0038 Message buffer(MB14) W

0x00F 0x0000_003C Message buffer(MB15) W

0x010 0x0000_0040 Message digest (MA) R/W

0x011 0x0000_0044 Message digest (MB) R/W

0x012 0x0000_0048 Message digest (MC) R/W

0x013 0x0000_004C Message digest (MD) R/W

0x014 0x0000_0050 Message digest (ME) R/W

0x015 0x0000_0054 Control (MCR) R/W

0x016 0x0000_0058 Status (MSR) R/W

0x017 0x0000_005C Clear interrupt (MCLRIRQ) W

3-2 MPC180LMB Security Processor User’s Manual

Address Map

Table 3-1. 32-Bit System Address Map (Continued)

MPC180 12-Bit Address Processor 32-Bit Address Register Type

0x018 0x0000_0060 Version Identification (MID) R

DEU: 0x200–0x3FF

0x200 0x0000_0800 Control (DCR) R/W

0x201 0x0000_0804 Status (DSR) R

0x202 0x0000_0808 Key1_R R/W

0x203 0x0000_080C Key1_L R/W

0x204 0x0000_0810 Key2_R R/W

0x205 0x0000_0814 Key2_L R/W

0x206 0x0000_0818 Key3_R R/W

0x207 0x0000_081C Key3_L R/W

0x208 0x0000_0820 IV_R R/W

0x209 0x0000_0824 IV_L R/W
0x20A 0x0000_0828 DATAIN_R R/W
0x20B 0x0000_082C DATAIN_L R/W
0x20C 0x0000_0830 DATAOUT_R R
0x20D 0x0000_0834 DATAOUT_L R

0X20E 0x0000_0838 Configuration (DCFG) R/W

AFEU: 0x400–0x5FF

0x400 0x0000_1000 Control W

0x401 0x0000_1004 Status R

0x402 0x0000_1008 Clear interrupt W

0x403 0x0000_100C Key Length W

0x404 0x0000_1010 Key Low W

0x405 0x0000_1014 Key Lower-Middle W

0x406 0x0000_1018 Key Upper-Middle W

0x407 0x0000_101C Key Upper W

0x408 0x0000_1020 Message Byte Double Word W

0x409 0x0000_1024 Plaintext-in W
0x40A 0x0000_1028 Ciphertext-out R
0x40B 0x0000_102C S-box I/J R/W

0x410 0x0000_1040 SBox [0] R/W

0x414 0x0000_1050 SBox [1] R/W

0x418 0x0000_1060 SBox [2] R/W

... ... ... ...

0x50C 0x0000_1430 SBox [63] R/W

Chapter 3. External Bus Interface and Memory Map 3-3

External Bus Interface

Table 3-1. 32-Bit System Address Map (Continued)

MPC180 12-Bit Address Processor 32-Bit Address Register Type

0x600 0x0000_1800 Status R

0x602 0x0000_1808 Random output R

0x800 0x0000_2000 Input buffer[128] R/W

0x880 0x0000_2200 Output buffer[128] R/W

0x900 0x0000_2400 CSTAT R/W

0x901 0x0000_2404 ID R

0x902 0x0000_2408 IMASK R/W

0x903 0x0000_240C IBCTL R/W

0x904 0x0000_2410 IBCNT R/W

0x905 0x0000_2414 OBCTL R/W

0x906 0x0000_2418 OBCNT R/W

RNG: 0x600–0x7FF

EBI: 0x800–0x9FF

PKEU: 0xA00–0xBFF

0xA00 0x0000_2800 BRAM R/W
0xA40 0x0000_2900 ARAM R/W
0xA80 0x0000_2A00 NRAM R/W
0xB00 0x0000_2C00 EXP(k) R/W
0xB01 0x0000_2C04 Control R/W
0xB02 0x0000_2C08 Status R
0xB03 0x0000_2C0C Interrupt mask R/W
0xB05 0x0000_2C14 Program counter R/W
0xB06 0x0000_2C18 Clear interrupt (CLRIRQ) W
0xB07 0x0000_2C1C Modulus size R/W
0xB08 0x0000_2C20 EXP(k) size R/W
0xB09 0x0000_2C24 Device ID R/W

3.3 External Bus Interface

The EBI handles the interface between the processor and MPC180’s internal execution
units. It has the following features:

• Memory-mapped data transfers to/from the host to the MPC180 in single, burst, or
DMA modes

• 4-Kbit input and output buffers that allows the host to set up an operation and pass
control of interrupts and data flow to the MPC180 until the operation completes

3-4 MPC180LMB Security Processor User’s Manual

External Bus Interface

• Automatic buffer filling and emptying. DREQ1 and DREQ2 stay asserted as long as
memory space or data is in the buffers, letting the host load data for the next
operation before the current operation finishes

• Interrupt routing and masking, which lets the host individually detect interrupts

• Interrupt auto-unmask, which lets the controller unmask an interrupt to the host
when an operation finishes

3.3.1 EBI Registers

Table 3-2 describes the controller’s se v en 32-bit, host-addressable re gisters that are used to
program MPC180.

Table 3-2. EBI Registers

Name R/W Description

CSTAT R/W Command/Status Register. Used to control global MPC180 functions and to monitor interrupts (see

Section 3.3.1.1, “Command/Status Register (CSTAT)”).
ID R ID. Gives the fixed ID number unique to the MPC180 (see Section 3.3.1.2, “ID Register”).
IMASK R/W Interrupt Mask Register. Allows the masking of interrupts to the host (see Section 3.3.1.3, “IMASK

Register”).
IBCTL R/W Input Buffer Control Register. Contains the starting address in the MPC180 where data from the

input buffer is to be written. Contains the counter mask field (see Section 3.3.1.4, “Input Buffer

Control (IBCTL) and Output Buffer Control (OBCTL) Registers”).
IBCNT R/W Input Buffer Count Register. Gives the total number of 32-bit words to be written to a specific

execution unit for a given operation. This number is not limited to 128 (4 Kbits), but is the total

number of words to be taken from the input buffer and written to the selected execution unit (see

Section 3.3.1.5, “Input Buffer Count (IBCNT) and Output Buffer Count (OBCNT) Registers”).
OBCTL R/W Output Buffer Control Register. Contains the starting address in the MPC180’s address map from

where data should be transferred to the output buffer. Also contains the counter mask field (see

Section 3.3.1.4, “Input Buffer Control (IBCTL) and Output Buffer Control (OBCTL) Registers”).
OBCNT R/W Output Buffer Count Register. Contains the total number of 32-bit words a specific execution unit is

to write to the output buffer for a given operation. This number is not limited to 128 (4 Kbits), but is

the total number of words to be read from the selected (or enabled) execution unit (see

Section 3.3.1.5, “Input Buffer Count (IBCNT) and Output Buffer Count (OBCNT) Registers”).

3.3.1.1 Command/Status Register (CSTAT)

CSTAT, shown in Figure 3-2, is used to control the chip software reset and auto-unmask
function and to report interrupt status. The controller synchronizes the software reset
function to the rising edge of MCLK, guaranteeing sufficient setup and hold times. Note
that after the CSTAT register is read, bits 18-23 will be cleared, thus not allowing bitwise
operations on these bits.

Chapter 3. External Bus Interface and Memory Map 3-5

External Bus Interface

05678101112131415

Field — DR2C DR1C — DEU AFEU MDEU RNG PKEU

Reset 0000_0000_0000_0000

R/W R/W

16 17 18 19 20 21 22 23 24 27 28 30 31

Field DR2A DR1A DEU AFEU MDEU RNG PKEU MPC180 Destination AUTO-UNMASK RST

Reset 0000_0000_0000_0000

R/W R/W

Addr 0x900

Figure 3-2. Command/Status Register (CSTAT)

Table 3-3 describes CSTAT fields.

Table 3-3. CSTAT Field Descriptions

Bits Name Description

0–5 — Reserved, should be cleared.

6 DR2C DREQ2 Control Bit

0 = DREQ2 displays the state of the output FIFO
1 = DREQ2 displays the state of the input FIFO

7 DR1C DREQ1 Control Bit

0 = DREQ1 displays the state of the input FIFO
1 = DREQ1 displays the state of the output FIFO

8–10 — Reserved, should be cleared.

11–15 Source interrupt indicators for the individual execution units. These are the masked interrupts from the

execution units.
For bits 11–15:
0 interrupt not pending

1 interrupt pending
11 DEU Data Encryption Standard Execution Unit External Bus Interface interrupts
12 AFEU Arc Four Execution Unit External Bus Interface interrupts
13 MDEU Message Digest Execution Unit External Bus Interface interrupts
14 RNG Random Number Generator External Bus Interface interrupts
15 PKEU Public key Execution Unit External Bus Interface interrupts
16 DR2A DREQ2 Activation

0 = Inactive
1 = Active

17 DR1A DREQ1 Activation

0 = Inactive
1 = Active

18–22 Raw interrupt indicators for individual execution units. These are the unmasked interrupts from the

execution units.

For bits18–22:

0 interrupt not pending

1 interrupt pending

3-6 MPC180LMB Security Processor User’s Manual

External Bus Interface

Table 3-3. CSTAT Field Descriptions

Bits Name Description

18 DEU Data Encryption Standard Execution Unit interrupts
19 AFEU Arc Four Execution Unit interrupts
20 MDEU Message Digest Execution Unit interrupts
21 RNG Random Number Generator interrupts
22 PKEU Public key Execution Unit interrupts
23 MPC180 MPC180 IRQ. This bit, when set, indicates an interrupt is pending in the MPC180.

0 interrupt not pending
1 interrupt pending

24–27 Destination Destination bits. Only one execution unit on MPC180 can be active at a time through FIFO

accesses, so the host must program CSTAT to enable the appropriate execution unit. The
host must guarantee that all data related to a specific operation has been processed before
updating CSTAT, otherwise unpredictable results occur in MPC180 because the controller
acts on one execution unit at a time.
1000 DEU

1001 AFEU
1010 MDEU
1011 RNG
1100 PKEU
0xxx no active module

28–30 AUTO-

UNMASK

31 RST Software reset. Performs the same function as asserting RESET

Auto-unmask bit. Enables or disables the auto-unmask function. This function is used to
unmask an interrupt from the currently active execution unit. It is to be used when a
execution unit sends a series of intermediate interrupts the host does not want to see. For
example, if the DEU is enabled and active, many interrupts may be generated for
intermediate results. The host, however, may only be interested in the final interrupt that
occurs when the DEU completes processing all of the data. To begin the operation, the host
masks off the interrupts from the DEU and then writes to the auto-unmask bit. Then, when
the DEU completes processing all the data, the controller unmasks the DEU interrupt and
allows the final DEU interrupt (signaling the completion of processing) to be sent to the host.
The host can then read CSTAT to determine that the DEU generated an interrupt and take
appropriate action.
for bits 28–30:
000 disabled

001 enabled

on MPC180. Setting this
bit resets the MPC180 within two MCLK cycles; the controller clears this bit.
0—

1 chip reset

The complete MPC180 register map, including all execution units, is available to the host.
Although the host can access control registers and input and output buffers while an
instruction is executing, it cannot access the execution unit itself.

3.3.1.2 ID Register

Figure 3-3 shows the ID register. Note that the ID register contains a 32-bit value that
identifies the version of MPC180. Its value at reset is 0x0065_1491and should be read with
the ENDIAN mode set to big endian.

Chapter 3. External Bus Interface and Memory Map 3-7

External Bus Interface

0 7 8 1011 131415

Field — MPC180 MDEU DEU

Reset 0000_0000 011 0_01 01

R/W Read

16 17 19 20 22 23 25 26 28 29 31

Field DEU AFEU RNG — EBI PKEU

Reset 0 001 001 0_10 01_0 001

R/W Read

Addr 0x901

Figure 3-3. ID Register

Table 3-4 describes the ID fields.

Table 3-4. ID Field Descriptions

Bits Name Description

0–7 — Reserved, should be cleared.

8–10 MPC180 MPC180 version number.
11–13 MDEU Message Digest Execution Unit version number
14–16 DEU Data Encryption Standard Execution Unit version number
17–19 AFEU Arc Four Execution Unit version number
20–22 RNG Random Number Generator version number
23–25 — Reserved, should be cleared.
26–28 EBI Controller version number
29–31 PKEU Public key Execution Unit version number

3.3.1.3 IMASK Register

The built-in interrupt controller (IRQ module) gathers all execution unit interrupt signals
and presents one output (IRQ
interrupts from execution units by programming the IMASK register . In this w ay , interrupts
can be controlled from a single source. Some execution-unit-specific configuration is
required to ensure proper response to any interrupt. The user can read the appropriate
address in CSTAT to get the interrupt status of all execution units at once.

The interrupt port consists of the IRQ
all pending interrupts from the execution units.

) to the host. It also lets the user selectively mask or disable

output, which is negated after the host responds to

All interrupts from the execution units have the same priority. Figure 3-4 shows the bit
assignments in the IRQ register for all the MPC180 execution units. All enable (mask)
registers operate on the corresponding bits. An interrupt is masked when its corresponding
IMASK bit is a 1.

3-8 MPC180LMB Security Processor User’s Manual