Subsystem Overview - 1.0 English

This product guide describes the function and operation of the Versal Adaptive SoC Integrated 400G High Speed Channelized Cryptography Engine Subsystem (HSC Subsystem), including how to design, customize, and implement the HSC Subsystem.

The HSC Subsystem handles cryptographic (encryption and decryption) functions for MACsec and IPsec protocols. It also supports two methods of bulk crypto for applications pertaining to non-specific protocols. The HSC Subsystem provides AXI4-Stream interfaces to user logic and an AXI4-Lite interface for statistics and management. It can also provide up to four independent ports and is designed to be flexible for use in many different applications. The crypto protocol (IPsec, MACsec, BulkCrypto, or BulkECB) can be configured independently for each port. To minimize latency, the datapath does not perform any buffering other than the pipelining required to perform the required operations.

The HSC Subsystem also provides a channelized mode of operation that supports up to 40 channels of flexible user-defined bandwidth allocation granularity, up to 400 Gb/s aggregate. The crypto protocol (IPsec, MACsec, BulkCrypto, or BulkECB) can be configured independently for each channel.

The HSC Subsystem hard IP block requires user logic for some functions (for example, the lookup for Secure Association must be performed by user logic). The HSC Subsystem typically also requires user-logic to connect to other hard IP blocks (such as DCMAC or MRMAC) or to other soft IP blocks.

The following figure shows a block diagram of the HSC Subsystem.

The following table lists the supported rates, protocols, and configurations.