The HSC Subsystem implements GCM-AES with support for multiple key sizes. GCM-AES has two functions: encryption and authentication. AES is the Advanced Encryption Standard and is a symmetric block cipher (that is, the transmitter and receiver use the same cipher key) with data blocks of 128 bits and cipher keys with lengths of 128, 192, or 256 bits. HSC Subsystem supports 128-bit and 256-bit keys. GCM is the Galois/Counter Mode which operates on top of AES to add authentication and integrity to the encrypted data and the associated non-encrypted data. Thus, GCM-AES is an algorithm for authenticated encryption. The HSC Subsystem also supports AES-ECB encryption to encrypt 128-bit data blocks with a given key. No authentication is supported in that case.
The HSC Subsystem can operate in a Fixed Port mode where it exposes up to four independent encryption and four independent decryption datapaths. Alternatively, the HSC Subsystem can operate in a Channelized mode where it exposes a channelized encryption datapath and a channelized decryption datapath. The functional block diagram of the system is shown in the following figure.
The encryption path is also called the Tx path, while the decryption path is also referred to as the Rx path. Traffic flows into the encryption path on the ingress encryption AXI4-Stream interface and flows out on the egress encryption AXI4-Stream interface. Similarly, traffic flows into the decryption path on the ingress decryption AXI4-Stream interface and flows out on the egress decryption AXI4-Stream interface.