13 descriptors, 1 descriptor structure, Descriptors -56 – Freescale Semiconductor MCF5480 User Manual
Page 658: Descriptor structure -56
MCF548x Reference Manual, Rev. 3
22-56
Freescale Semiconductor
22.13 Descriptors
As an IPSec accelerator, the SEC has been targeted for ease of use and integration with existing systems
and software. As such, all cryptographic functions are accessible through data packet descriptors. In
addition, some multi-function descriptors have been defined, with particular IPSec applications in mind.
The SEC has ColdFire bus mastering capability to off-load data movement and encryption operations from
the host CPU. As the system controller, the host processor maintains a record of current secure sessions
and the corresponding keys and contexts of those sessions. Once the host has determined a security
operation is required, it can create a data packet descriptor to guide the SEC through the security operation,
with the SEC acting as a bus master. The descriptor can be created in main memory, any memory local to
the SEC, or written directly to the data packet descriptor buffer in the SEC crypto-channel.
22.13.1 Descriptor Structure
The SEC data packet descriptors are conceptually similar to descriptors used by most devices with DMA
capability. See
for a conceptual data packet descriptor. The descriptors are fixed length (64
bytes), and consist of sixteen 32-bit fields. The number of fields provided in the descriptor allows for
multi-algorithm operations requiring the fetch (and potentially return) of multiple keys and contexts. Any
field that is not used is NULL, meaning it is filled with all zeroes.
Descriptors begin with a header that describes the security operation to be performed and the mode the
execution unit will be set to while performing the operation. The header is followed by seven data
length/data pointer pairs. Data length indicates the amount of contiguous data to be transferred. This
amount cannot exceed 32 Kbytes. The data pointer refers to the address of the data which the SEC fetches.
Data in this case is broadly interpreted to mean keys, context, additional pointers, or the actual plaintext
to be permuted.
20
IE
Internal Error. An internal processing error was detected while the AESU was processing.
0 Internal error enabled
1 Internal error disabled
19
ERE
Early Read Error. The AESU IV register was read while the AESU was processing.
0 Early read error enabled
1 Early read error disabled
18
CE
Context Error. An AESU key register, the key size register, data size register, mode register,
or IV register was modified while the AESU was processing.
0 Context error enabled
1 Context error disabled
17
KSE
Key Size Error. An inappropriate value (not 16, 24 or 32 bytes) was written to the AESU
key size register
0 Key size error enabled
1 Key size error disabled
16
DSE
Data Size Error. Indicates that the number of bits to process is out of range.
0 Data size error enabled
1 Data size error disabled
15–0
—
Reserved
Table 22-37. AESIMR Field Descriptions (Continued)
Bits
Name
Description