mcs1000 MosChip, mcs1000 Datasheet - Page 21

mcs1000

Manufacturer Part Number

mcs1000

Description

Security Processor

Manufacturer

MosChip

Datasheet

1.MCS1000.pdf (30 pages)

Current page: 21 of 30
Download datasheet (818Kb)

Rev. 1.1

As the BL in the IPSec must be in cipher feedback

mode (CBC) it requires also the IV. For all currently

used BL algorithms the IV is the first block in encryption

data stream (It need not be so and the possibility must

exist to enter the IV with the keys from SA). This

information is all that is required to process the packet.

The operators are programmed with keys and start/

end info. This information is written using the registers

in the Configuration Block. After the operators are

configured with the key data they are connected into

a pipeline chain by programming the registers in the

Configuration Block.

The data-stream always goes through the BL units

and is only read by the HM units. The data processing

goes through the following transformations:

After the packet has passed through the operator chain

the data is transformed and signatures are available

within the HM units. Although this example used

encryption, decryption follows the same principle but

both HM units are located in front of the BL encryption

block.

Location

104

Suspend

ESP BL

Bypass

Begin

End

Continue

Suspend

ESP HM

Begin

End

Continue

AH HM

Begin

End

Hardware IPSec Module Performance

The Hardware IPSec Module performance is rated in

the next section. One of the primary advantages of the

MCS1000’s architecture is the presence of the Packet

Cache. The Packet Cache allows the packet to be

inside the cache for the duration of its lifetime through

the pre-process (CPU) - en/decrypt (cipher) - post-

process (CPU) cycle. This frees the memory controller

for an alternate program (CPU) code/data fetch and

lookup unit. The IPSec Unit operator chaining feature

avoids multiple memory transactions during the cipher

run. The packet is transferred in a single pipelined

pass and the actual throughput achieved will not be

degraded because only one pass is required.

Cryptography and Authentication Block Performance

The five (5) Encapsulating Security Payload (ESP)

and Authentication Header (AH) algorithms run at the

rates described below:

There are four (4) DES/3DES blocks, four (4) AES

blocks, four (4) MD5 blocks, four (4) SHA blocks, and

four (4) SHA-1 blocks.

Internal Bus Performance

The connection between the IPSec Unit and the

Ethernet DMA Block is a 64-bit 50MHz interface,

yielding a throughput of 3.2Gbps. This is then divided

up into eight (8) I/O streams giving the MCS1000 a

400Mbps bandwidth per input or output stream.

•

DES algorithm is 16 cycles running at

100MHz (64-bit block data) or 100/16*64 =

400Mbps with 4 blocks for a total bandwidth

of 1.6Gbps.

3DES algorithm is 48 cycles running at

100MHz (64-bit block data) or 100/48*64 =

128Mbps with 4 blocks for a total bandwidth

of 512Mbps.

AES algorithm is 50 cycles running at

50MHz (128-bit block data) or 50/50*128 =

128Mbps with 4 blocks for a total bandwidth

of 512Mbps.

MD5 and SHA(-1) algorithms run in 80

cycles at 50MHz (64 Bytes) or 50/80*512 =

320Mbps with 4 blocks for a total bandwidth

of 1.32Gbps.

MCS1000

Security Processor

Page 21

mcs1000 MosChip, mcs1000 Datasheet - Page 21

mcs1000

Related parts for mcs1000