Freescale Semiconductor MPC8313E PowerQUICC II Pro Family Reference Manual page 648

Security Engine (SEC) 2.2
• SHA-1 is a 160-bit hash function, specified by the ANSI X9.30-2 and FIPS 180-2 standards.
• SHA-224 is a 224-bit hash function specified by FIPS 180-2 that provides 224 bits of security
against collision attacks.
• SHA-256 is a 256-bit hash function specified by FIPS 180-2 that provides 256 bits of security
against collision attacks.
• The MDEU also supports HMAC computations, as specified in RFC 2104.
For more information, refer to
14.1.3 Channel
The SEC includes one channel that manages data and EU function by using the following:
• A fetch FIFO, which holds a queue of pointers to descriptors waiting to be serviced
• A configuration register, which allows the user a number of options for SEC event signaling.
• Control registers containing information about the transaction in process
• A status register containing an indication of the last unfulfilled bus request
• A descriptor buffer memory used to store the active descriptor
Whenever the channel is idle and its fetch FIFO is non-empty, the channel reads the next descriptor pointer
from the fetch FIFO. Using this pointer, the channel fetches the descriptor and places it in its descriptor
buffer. To service this descriptor, the channel directs execution of the following steps.
1. Analyze the descriptor header to determine the cryptographic services required, and request use of
the appropriate EUs from the controller.
2. Wait for the controller to grant access to the required EUs.
3. Set the appropriate mode bits in the EU(s) for the required service.
4. Fetch 'data parcels' using pointers from the descriptor buffer, and place them in either a EU input
FIFO or EU registers (as appropriate). The term 'data parcel' refers here to any input or output of
a cryptographic process, such as a key, hash result, input context, output context, or text-data.
'Context' refers to either an IV (initialization vector) or other internal EU state that can be read out
or loaded in. 'Text-data' refers to plaintext or ciphertext to be operated on.
5. If the data size is greater than EU FIFO size, continue fetching input data, and writing output data
to memory.
6. Wait for EU(s) to complete processing.
7. Upon completion, unload results from output FIFOs and context registers and write them to
external memory using pointers in the descriptor buffer.
8. If multiple services are requested, go back to step 3.
9. Release the EUs.
10. If 'done notification' is enabled in the descriptor header, perform this notification.
The channel can generate two types of done notification signals when it completes operation on a
descriptor. It can signal done through an interrupt or by a writeback of the descriptor header after
processing a descriptor. Two values cam be written back: the first is identical to that of the header, with the
MPC8313E PowerQUICC™ II Pro Integrated Processor Family Reference Manual, Rev. 2
14-6
Section 14.4.2, "Message Digest Execution Unit (MDEU)."
Freescale Semiconductor