|
|
|
|
|
GLM1/GLM2/GLM3
Combo P1619 / 802.1ae (MACSec)
GCM-AES/LRW-AES Cores
|
|
General Description
|
Key Features
|
|
|
LAN security standard
IEEE 802.1ae (MACSec) uses AES cipher in the GCM mode,
while the disk/tape encryption standard IEEE P1619 uses
the LRW mode. Since AES-GCM and AES-LRW share some of their
basic components, a combo GCM-AES/LRW-AES core is not much larger
than a dedicated core for either of the modes.
The GLM1 core is tuned for mid-performance P1619 and
802.1ae applications at the data rates of 3-5 Gbps and
higher. GLM2 is designed for higher throughput up to
10 Gbps. Both cores use identical external interface, contain the base AES core AES1 and
are available for immediate licensing.GLM3 core is
similar to GLM2, but its interface supports variable
message length in the GCM mode.
The design is fully synchronous and available in both
source and netlist form.
|
Small size:
from
31,000 ASIC gates for GLM1
from 58,000 ASIC gates for GLM2
400 MHz frequency in 130 nm process
GLM1 throughput is 12.8 bits per clock
GLM2 throughput is 25.6 bits per clock
Easily parallelizable to achieve higher throughputs
Completely self-contained: does not require external
memory. Includes encryption, decryption, key expansion
and data interface
Support for Galois Counter Mode Encryption and authentication
(GCM-AES) and Liskov, Rivest, and Wagner Mode (LRW-AES)
Automatic generation of key context from key data
and frame header
Flow-through design
Test bench provided
|
Symbol
|
Applications
|
|
|
|
IEEE 802.1ae
LAN switches, routers,
NICs
IEEE P1619, P1619.1
Hard drive and tape encryption, SAN, NAS
|
|
|
Pin Description
|
|
Name
|
Type
|
Description
|
CLK
|
Input
|
Core
clock signal |
CEN
|
Input
|
Synchronous
enable signal. When LOW the core ignores all its inputs
and all its outputs must be ignored. |
GCM/LRW
|
Input
|
When
HIGH, AES mode is GCM, when LOW mode is LRW |
E/D
|
Input
|
When
HIGH, core is encrypting, when LOW core is decrypting |
START
|
Input
|
HIGH
level starts the input data processing |
READ
|
Output
|
Read
request for the input data byte |
DATA_VALID
|
Input
|
HIGH
when valid data word present on the input |
WRITE
|
Output
|
Write
signal for the output interface |
OUT_READY |
Input |
HIGH
when output interface is ready to accept data word |
Q[127:0] |
Input |
Input
Data (other data bus widths are also available)
- For GCM, additional authenticated data (AAD, A),
followed by the plain or cipher text
- For LRW, plain or cipher text
|
K1[255:0] |
Input |
AES
key (128-bit key option is also available) |
K2[127:0] |
Input |
(LRW
mode only) Tweak key |
IV[127:0] |
Input |
Initial counter value
for GCM mode (Y0, IV || 0311), logical
position for LRW mode |
lenA[63:0] |
Input |
(GCM
mode only) Length of additional authenticated data in
bits |
lenC[63:0] |
Input |
(GCM
mode only) Length of plain or cipher text in bits |
lenC[63:0] |
Output |
plain
or cipher text |
T[127:0] |
Output |
(GCM
mode only) Computed MAC (tag, T) |
DONE |
Output |
HIGH
when data processing is completed |
|
|
Function Description
|
|
The GLM1 and GLM2 implementation fully supports the AES algorithm
for 128 and 256 bit keys in Galois Counter Mode (AES-GCM) as
required by the 802.1ae IEEE standard and in Liskov, Rivest,
and Wagner Mode (AES-LRW) as required by the IEEE P1619 standard.
The core is designed for flow-through operation, with input
and output interfaces of flexible width. GCM additional
authentication data precede the plaintext in the flow of
data. All GLM cores support both encryption and decryption
modes for LRW-AES and GCM-AES.
|
|
|
Synthesis Results
|
|
Device Area Utilization and Performance
|
|
Representative area/resources figures are shown
below. |
|
Core |
Technology
|
Area / Resources
|
Max Frequency
|
Throughput
|
GLM1 |
TSMC 0.13 µ LV
|
31,000 gates
|
250 MHz
|
3.2 Gbps
|
GLM1 |
TSMC 0.13 µ LVOD
|
52,000 gates
|
400 MHz
|
5 Gbps
|
GLM1 |
TSMC 0.13 µ LV
|
56,000 gates
|
400 MHz
|
5 Gbps
|
GLM2 |
TSMC 0.13 µ LV |
58,000 gates
|
200 MHz |
5 Gbps
|
GLM2 |
TSMC 0.13 µ LV |
100,000 gates
|
400 MHz |
10 Gbps
|
|
|
Few GLM1 or GLM2 cores can be easily paralleled
to achieve even higher throughput.
|
|
Export Permits
|
|
US Bureau of Industry and Security has assigned
the export control classification number 5E002 to our AES
core. The core is eligible for the license exception ENC
under section 740.17(A) and (B)(1) of the export
administration regulations. See the
licensing basics page
for links to US government sites and more details. |
|
Deliverables
|
|
HDL Source Licenses
|
Netlist Licenses
|
|
|
- Synthesizable Verilog RTL source code
- Test bench (self-checking)
- Vectors for test bench
- Expected results
- User Documentation
|
- Post-synthesis EDIF
- Test bench (self-checking)
- Vectors for test bench
- Expected results
- Place & Route script
|
|
|
Contact Information
|
|
|
|
|
|