1 outbound tls descriptors – Freescale Semiconductor MCF5480 User Manual

EU Specific Data Packet Descriptors

MCF548x Reference Manual, Rev. 3

Freescale Semiconductor

22-103

performs the HMAC function first, then attaches the HMAC (which is variable size) to the end of the

payload data. The payload data, HMAC, and any padding added after the HMAC are then encrypted.

Parallel encryption and authentication of TLS “records” cannot be performed using the SEC snooping

mechanisms which work for IPSec.
Performing TLS record layer encryption and authentication with the SEC requires two descriptors. For

outbound records, one descriptor is used to calculate the HMAC, and a second is used to encrypt the

record, HMAC, and padding. For inbound records, the first descriptor decrypts the record, while the

second descriptor is used to recalculate the HMAC for validation by the host. With some planning, the user

may create the outbound descriptors and launch them as a chain, leaving the SEC to complete the full

HMAC/encrypt operation before signalling DONE. It is anticipated that for inbound records, the SEC will

signal DONE after decryption, so that the host can determine the location of the HMAC before setting up

the HMAC validation descriptor.

22.14.6.4.1 Outbound TLS Descriptors

Table 22-106

shows the first descriptor used for outbound TLS. The descriptor performs the HMAC of the

record header and the record payload. The primary EU is the MDEU, with its mode bits set to cause the

MDEU to initialize its context registers, perform auto-padding if the data size is not evenly divisible by

512 bits, and calculate an HMAC. The descriptor header does not designate a secondary EU, so the setting

of the snoop type bit is ignored.
At the conclusion of the outbound TLS descriptor 1, the crypto-channel has calculated the HMAC, placed

it in memory, and has reset and released the MDEU.

Table 22-106. Outbound TLS Descriptor One Format

Field Name

Value/Type

Description

Header

see

Table 22-107

Header common to several descriptors (TYPE 0001)

LEN_1

Length (not used)

NULL

PTR_1

Pointer (not used)

NULL

LEN_2

IV Length

NULL

PTR_2

IV Pointer

NULL

LEN_3

Key Length

Number of bytes of HMAC key

PTR_3

Key Pointer

Pointer to HMAC key

LEN_4

Data In Length

Number of bytes of data to be hashed

PTR_4

Data In Pointer

Pointer to data to perform hash upon

LEN_5

Data Out Length

NULL

PTR_5

Data Out Pointer

NULL

LEN_6

IV Out Length

Number of bytes of data after hashing (16, 20, or 32)

PTR_6

IV Out Pointer

Pointer to location where hash output is to be written

LEN_7

MAC Out Length

NULL

PTR_7

MAC Out Pointer

NULL

PTR_NEXT

Next Descriptor Pointer Pointer to next data packet descriptor