AMD Alchemy Au1550 Security Network Processor Data Book
159
7
Security Engine
30283D
7.0Security Engine
The Au1550 processor contains a security engine with data encryption and decryption technology from SafeNet. Tar-
get applications for the security engine include the encryption/decryption of Internet packets for IP security.
The security engine incorporates a number of high-performance cryptographic functions, including the following features:
Bulk encryption/decryption.
DES, 3DES, AES, ARC4 encryption algorithms implemented in hardware.
MD5, SHA1 hash algorithms implemented in hardware.
Supports header/trailer processing, padding, and initialization vector (IV) processing for Internet protocol security (IPsec)
packets.
Supports a two-pass hash-then-encrypt implementation of the secure socket layer (SSL) protocol using either MD5 or
SHA1 hashing along with 3DES or ARC4 ciphers.
Compatible with CGX Cryptographic Library from SafeNet, Inc.
Non-deterministic random number generator.
7.1
Overview
Table 7-1. Security Engine Block Diagram Description
Block
Description
SBUS Interface
Contains the bus interface logic and system integration registers to connect to the processor core.
2-Channel DMA
Controller
Schedules the DMA requests to fetch or store data through the System Bus (SBUS) Interface block.
Interrupt Controller
Contains the registers for the dedicated interrupt controller.
Random Number
Generator
The random number generator includes the entropy registers, linear feedback shift registers, and ring
oscillators.
Device ID and Control
Contains the registers for IP version and supported functions.
Packet Engine
Descriptor and
Command Registers
Interface and control for the packet engine. The controller fetches the descriptors from external memory
to the command queue, drives the appropriate internal control signals, and initiates DMA transfers from
external memory to the packet engine’s I/O buffers.
Packet Engine Controller
64-byte Input Buffer
Processing block of the packet engine. Contains the I/O buffers for packet transfer. It steps through the
loaded packets and performs IPsec header/trailer processing. Based on the instructions passed from
the hash/encrypt controller, it distributes the packet data to the Hash and Encrypt blocks and performs
the specified operation.
64-byte Output Buffer
Header Processor
Trailer Processor
Encrypt Block
Context Registers
Hash Block