MPC8536E-ANDROID Freescale Semiconductor, MPC8536E-ANDROID Datasheet - Page 516

MPC8536E-ANDROID

Manufacturer Part Number

MPC8536E-ANDROID

Description

HARDWARE/SOFTWARE ANDROID OS

Manufacturer

Freescale Semiconductor

Series

PowerQUICC ™r

Type

MPUr

Datasheets

1.MPC8536EBVTAVLA.pdf (127 pages)

2.MPC8536EBVTAVLA.pdf (2 pages)

3.MPC8536EBVTAVLA.pdf (1706 pages)

Specifications of MPC8536E-ANDROID

Contents

Board

For Use With/related Products

MPC8536

Lead Free Status / RoHS Status

Lead free / RoHS Compliant

Current page: 516 of 1706
Download datasheet (15Mb)

Security Engine (SEC) 3.0

Example of Context in GCM Encryption

For illustrative purposes we consider the case of a GCM encrypt operation that generates the final MAC

tag, where the whole message is small enough to be processed with one descriptor. AESU mode register

bits 56-63 (ECM, AUX, CM, and ED) should be set to 10_100_01_1. Only context registers 11–12 must

10-86

•

partially computed GHASH(H, AAD, ciphertext), where the last GHASH iteration is not

computed.

In the case of GCM with ICV, the final MAC tag written here as the result of GCM processing is

truncated to 8, 12, or 16 (no truncation) bytes as defined in ICV size register. Note that any size

from 1 to 16 bytes can be specified in ICV size register but any value other than 8 or 12

automatically defaults to 16 bytes.

Registers 3–4 contain the received MAC tag, in case of inbound processing using GCM with ICV.

This can be a 8, 12 or 16-byte block as specified by the ICV size register.

Registers 5–6 contain the counter value Y

continue processing a message. Note that the same value read when saving context should be

written to these registers when restoring the context, since it is automatically incremented after

every processed block.

In the case of GCM-GHASH, these registers are not used.

total AAD length irrespective of whether AAD is split in multiple descriptors. It is required when

AUX1=1 and the current descriptor processes the last segment of AAD or text data. It is also

required if the whole message is already processed and the current descriptor only computes the

final MAC tag.

when AUX1=1 (see

then total IV length should be provided; otherwise, the total length of text data should be provided.

Registers 9–10 contain the initial counter value Y

processing and needs to be provided only if the message is split into multiple descriptors and for

those descriptors that come after IV processing is complete. Otherwise, the value provided here is

ignored and overwritten with computed Y

In case of GCM-GHASH cipher mode setting, the constant H from GHASH(H, AAD, ciphertext)

should be provided in these registers. Note that in the general case this may not be to be equal to

E(K, {0}

current descriptor does not process AAD, then the register should be zero. If AAD is not split into

multiple descriptors, then this field should contain the total AAD length. The value written here

should be divisible by 128 for all AAD segments except for the last one, which can be any number

of bits. Note, however, that the actual AAD stream supplied to the AES engine through the FIFOs

has to be zero-padded to an integral number of 16-byte blocks.

remarks apply for IV in register 12 as for AAD in register 11.

In case of GCM-GHASH, this register is not used.

128

) where K is a key as defined for GCM.

MPC8536E PowerQUICC III Integrated Processor Reference Manual, Rev. 1

Table

10-32). If the current descriptor processes the last segment of the IV,

, which is required only if restoring the context to

. Normally, this value is a result of the IV stream

Freescale Semiconductor

MPC8536E-ANDROID Freescale Semiconductor, MPC8536E-ANDROID Datasheet - Page 516

MPC8536E-ANDROID

Specifications of MPC8536E-ANDROID

Related parts for MPC8536E-ANDROID