Freescale Semiconductor MCF5480 User Manual

EU Specific Data Packet Descriptors

MCF548x Reference Manual, Rev. 3

Freescale Semiconductor

22-93

Table 22-93

lists typical AESU/HMAC multi-function descriptor header values.

Table 22-94

shows the representative descriptor used for multi-function encryption such as outbound

IPSec ESP. The descriptor header encodes to select the DEU or AESU as the primary EU, and the MDEU

for the secondary EU. Because all the data necessary to calculate the HMAC in a single dynamic descriptor

is available, initialize and autopad are set, while continue is cleared in the SMODE field.
The descriptor header also encodes the descriptor type 0010, which defines the input and output ordering

for “hmac_snoop_no_afeu.” The HMAC key is loaded first, followed by the length and pointer to the data

over which the HMAC will be calculated. The DEU/AESU key is loaded next, followed by the context

(IV). The number of bytes to be ciphered and starting address will be an offset of the number of bytes being

HMAC’d. The data to be decrypted and HMAC’d is only brought in the SEC a single time, with the

DEU/AESU and MDEU only reading the portion that matches the starting address and byte length in the

length/pointer fields corresponding to their data of interest.
Plaintext is brought into the DEU/AESU input FIFO, with the MDEU out-snooping the portion of the data

it has been told to process. As the encryption continues, the ciphertext fills the DEU/AEU output FIFO,

and this data is written back to system memory as needed. When the final byte of data to be HMAC’d has

been processed through the MDEU, the descriptor will cause the MDEU to write the HMAC to the

indicated area in system memory. Software will append the most significant bytes of the HMAC generated

by the SEC to the packet as the authentication trailer. Common practice in IPSec ESP with TDES-CBC is

to use the last 8 bytes of the ciphertext as the IV for the next packet. If this is the case, software should

0x20231D22

CBC

Single DES

Decrypt

SHA256

Yes

Yes

0x20231E22

CBC

Single DES

Decrypt

MD5

Yes

Yes

0x20231C22

CBC

Single DES

Decrypt

SHA

Yes

Yes

0x20631D22

CBC

Triple DES

Decrypt

SHA256

Yes

Yes

0x20631E22

CBC

Triple DES

Decrypt

MD5

Yes

Yes

0x20631C22

CBC

Triple DES

Decrypt

SHA

Yes

Yes

Table 22-93. Typical Header Values for Dynamic Multi-Function AESU Descriptors

Header Value

Mode

E/D

Algorithm

HMAC

Pad

0x60831D22

ECB

Decrypt

SHA256

Yes

Yes

0x60831E22

ECB

Decrypt

MD5

Yes

Yes

0x60831C22

ECB

Decrypt

SHA

Yes

Yes

0x60A31D22

CBC

Decrypt

SHA256

Yes

Yes

0x60A31E22

CBC

Decrypt

MD5

Yes

Yes

0x60A31C22

CBC

Decrypt

SHA

Yes

Yes

0x60E31D22

CTR

—

SHA256

Yes

Yes

0x60E31E22

CTR

—

MD5

Yes

Yes

0x60E31C22

CTR

—

SHA

Yes

Yes

Table 22-92. Typical Header Values for Dynamic Multi-Function DEU Descriptors (Continued)

Header Value

E/C

S/T

E/D

Algorithm

HMAC

Pad