188
AMD Alchemy Au1550 Security Network Processor Data Book
Security Engine
30283D
Table 7-11. Protocol Operations (OPG = 01)
Outbound (I/O = 0)
Inbound (I/O = 1)
Operation
Group
In/Out
OpCode
Description
Operation
Group
In/Out
OpCode
Description
01
0
000
ESP Outbound
01
1
000
ESP Inbound
01
0
001
AH Outbound
01
1
001
AH Inbound
01
0
010-111
Reserved
01
1
010–111
Reserved
sec_sacmd1
Offset = 0x0604
Bit 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10
9876543210
SS AS
KLEN
HCOFF
SA
HM
CM
MB IP PAD PAY HD
Def. 00000000000000000000000000000000
Bits
Name
Description
R/W
Default
31
—
Reserved.
R/W
0
30
SS
Save ARC4 State. Controls whether the Packet Engine writes the ARC4
State data back out to the SA record. This bit would normally be set for
Stateful ARC4 and not be set for Stateless.
0
Do not save ARC4 state.
1
Save ARC4 state.
R/W
0
29
AS
ARC4 Stateless/Stateful. Controls whether the ARC4 engine is running in
the Stateless or Stateful mode.
0
Stateless: Each packet is processed with a newly initialized ARC4
key (from the Current Key field of the SA record). In this mode, the
state information from the SA is never read.
1
Stateful: When bit 3 of the Control word in the Packet Descriptor is
set, the ARC4 algorithm initializes using the Current Key specified in
the SA record. During operation, the ARC4 context is read from the
State field of the SA record and encrypt/decrypt processing continues
from the previous algorithm state.
R/W
0
28:24
KLEN
ARC4 Key Length. Selects the key length, in bytes, for an ARC4 operation.
Valid settings range from 1 to 16 corresponding to 8-bits to 128-bits. An
ARC4 key longer than 128-bits may be achieved by creating it off-chip. The
external key must be replicated off-chip to fill a 256-byte ARC4 Context
and then have the ARC4 key scheduling applied. Finally, the 256-byte
table is placed in a State record and the i and j pointers written to the SA
(initial i = 1, j = 0). Then use bit 29 to specify ‘Stateful’ in order to use the
key.
Bits #26-24, AES Key Length/ Selects the size of the key data used for
AES operations only. The key length changes in increments of 64 bits:
000-001 Reserved
010
128 bits
011
192 bits
100
256 bits
101-111 Reserved
R/W
00000
23:16
HCOFF
Hash / Encrypt Offset. Specifies the offset, in words, between the hash
data and the encrypt/decrypt data for Bulk Operations. In the case of Out-
bound operations, the data to be hashed is assumed to come first, with an
offset to the beginning of encrypted data. For Inbound operations, the data
to be hashed is assumed to come first, with an offset to the beginning of
data to decrypt.
R/W
0