The HSC Subsystem can be set to a protocol independent BulkCrypto mode, where all packets are encrypted/decrypted (or authenticated only) using the corresponding key and Initialization Vector (IV). The HSC Subsystem receives each frame on its encryption/decryption ingress interface. User logic is expected to provide the following parameters:
- Secure Association (SA) index associated with the packet
- SA Key
- Alternatively, the core will lookup a key from internal table, based on the SA index
- Cipher suite
- GCM-AES-128
- GCM-AES-256
- Confidentiality offset (0 to 63 bytes)
- Initialization Vector (IV)
- Authentication-only selection
- Integrity check value (ICV) on decryption path
- Bypass selection
On the encryption path, the SA index is set using the
enc_igr_prtif_crypto_sa_index_p0
through
enc_igr_prtif_crypto_sa_index_p3
input ports, which are sampled
during the first cycle of the packet. Similarly,
dec_igr_prtif_crypto_sa_index_p0
through
dec_igr_prtif_crypto_sa_index_p3
are used on the decryption
path.
The SA key may be provided by user logic that is external to the HSC Subsystem. In the encryption path, the SA key is set
using the enc_igr_prtif_ext_key_p0
through enc_igr_prtif_ext_key_p3
input ports, which are sampled
during the first cycle of the packet. Similarly, dec_igr_prtif_ext_key_p0
through dec_igr_prtif_ext_key_p3
are used on the decryption path. Alternatively,
the core retrieves the key from its internal table based on the SA index. Internal keys
use SA index value of 0 to 1023, while external keys use the remaining SA index
values.
In the encryption path, the cipher suite is selected using the
enc_igr_prtif_crypto_cipher_suite_p0
through
enc_igr_prtif_crypto_cipher_suite_p3
input ports, which are sampled
during the first cycle of the packet. Similarly,
dec_igr_prtif_crypto_cipher_suite_p0
through
dec_igr_prtif_crypto_cipher_suite_p3
are used on the decryption
path.
The confidentiality offset determines the length of the ‘A’ portion (or Additional
Authenticated Data, AAD) of the packet. This portion of the packet is not encrypted. In
BulkCrypto mode the offset can be set to any value from 0 to 63 bytes, counting from the
start of the packet. In the encryption path, the confidentiality offset is set using the
enc_igr_prtif_crypto_conf_offset_p0
through
enc_igr_prtif_crypto_conf_offset_p3
input ports, which are sampled
during the first cycle of the packet. Similarly,
dec_igr_prtif_crypto_conf_offset_p0
through
dec_igr_prtif_crypto_conf_offset_p3
are used on the decryption
path.
The Initialization Vector (IV[95:0]
) for the encryption path is set
using the enc_igr_prtif_crypto_iv_salt_p0
through
enc_igr_prtif_crypto_iv_salt_p3
input ports, which are sampled
during the first cycle of the packet. Similarly,
dec_igr_prtif_crypto_iv_salt_p0
through
dec_igr_prtif_crypto_iv_salt_p3
are used on the decryption
path.
The bypass indication signal is used to indicate that the corresponding packet must bypass
the encryption and authentication functions and path through the HSC Subsystem
unchanged. On the encryption path, the bypass indication is set using
enc_igr_prtif_crypto_byp_p0
through
enc_igr_prtif_crypto_byp_p3
inputs, which are sampled during the
first cycle of the packet. Similarly, dec_igr_prtif_crypto_byp_p0
through dec_igr_prtif_crypto_byp_p3
inputs are used ion the decryption
path.
The authentication-only selection signal is used to indicate that only the authentication
function (AES-GMAC) must be performed on the corresponding packet. On the encryption
path, the authentication-only selection is set using
enc_igr_prtif_crypto_auth_only_p0
through
enc_igr_prtif_crypto_auth_only_p3
inputs, which are sampled during
the first cycle of the packet. Similarly,
dec_igr_prtif_crypto_auth_only_p0
through
dec_igr_prtif_crypto_auth_only_p3
inputs are used ion the
decryption path.
For the encryption path, after the payload (non ‘A’ portion of the packet) is
encrypted, the authentication tag (ICV[127:0
) is
calculated and provided on the enc_egr_prtif_crypto_icv_p0
through enc_egr_prtif_crypto_icv_p3
output port(s) that correspond to the EOP
segment. The ICV is provided in the same clock cycle that the EOP segment(s) is valid on
the AXI4-Stream interface. Note that there are two
segments for each of these ICV output ports. Also, note that not all ICV ports will
contain an ICV in a given cycle as the core has a maximum of two SOPs and three EOPs in
a given cycle on the egress AXI4-Stream interface of
the encryption path.
For the decryption path, user logic provides the received ICV value on the
dec_igr_prtif_crypto_icv_p0
through dec_igr_prtif_crypto_icv_p3
input port(s) that correspond
to the EOP segment. The ICV must be present in the same clock cycle that the EOP
segment(s) is valid on the AXI4-Stream interface. The core processes
the BulkCrypto packets and compares the received ICV against its calculated ICV. Note
that it is possible for all ICV ports to contain an ICV in a single cycle as the core
supports up to four SOPs and four EOPs in a given cycle on the ingress AXI4-Stream interface of the decryption path.