Home   About Us   News   Contact Us
 

GLM1/GLM2/GLM3 Combo P1619 / 802.1ae (MACSec) GCM-AES/LRW-AES Cores


General Description


LAN security standard IEEE 802.1ae (MACSec) uses AES cipher in the GCM mode, while the disk/tape encryption standard IEEE P1619 uses the LRW mode. Since AES-GCM and AES-LRW share some of their basic components, a combo GCM-AES/LRW-AES core is not much larger than a dedicated core for either of the modes.
The GLM1 core is tuned for mid-performance P1619 and 802.1ae applications at the data rates of 3-5 Gbps and higher. GLM2 is designed for higher throughput up to 10 Gbps. Both cores use identical external interface, contain the base AES core AES1 and are available for immediate licensing.
GLM3 core is similar to GLM2, but its interface supports variable message length in the GCM mode.
The design is fully synchronous and available in both source and netlist form.
Symbol

Key Features


Small size: from 31,000 ASIC gates for GLM1 from 58,000 ASIC gates for GLM2
400 MHz frequency in 130 nm process GLM1 throughput is 12.8 bits per clock GLM2 throughput is 25.6 bits per clock
Easily parallelizable to achieve higher throughputs
Completely self-contained: does not require external memory. Includes encryption, decryption, key expansion and data interface
Support for Galois Counter Mode Encryption and authentication (GCM-AES) and Liskov, Rivest, and Wagner Mode (LRW-AES)
Automatic generation of key context from key data and frame header
Flow-through design
Test bench provided
Applications
IEEE 802.1ae LAN switches, routers, NICs
IEEE P1619, P1619.1 Hard drive and tape encryption, SAN, NAS
Pin Description
CLK Input   Core clock signal
CEN Input   Synchronous enable signal. When LOW the core ignores all      its inputs and all its outputs must be ignored.
GCM/LRW Input   When HIGH, AES mode is GCM, when LOW mode is LRW
E/D Input   When HIGH, core is encrypting, when LOW core is decrypting
START Input   HIGH level starts the input data processing
READ Output   Read request for the input data byte
DATA_VALID Input   HIGH when valid data word present on the input
WRITE output   Write signal for the output interface
OUT_READY Input   HIGH when output interface is ready to accept data word
Q[127:0] Input
Input Data (other data bus widths are also available)
For GCM, additional authenticated data (AAD, A), followed by the plain or cipher text
For LRW, plain or cipher text
K1[255:0] Intput   AES key (128-bit key option is also available)
K2[127:0] Input   (LRW mode only) Tweak key
IV[127:0] Input   Initial counter value for GCM mode (Y0, IV || 0311), logical position for LRW mode
lenA[63:0] Input   (GCM mode only) Length of additional authenticated data in bits
lenC[63:0] Input   (GCM mode only) Length of plain or cipher text in bits
lenC[63:0] Output   plain or cipher text
T[127:0] Output   (GCM mode only) Computed MAC (tag, T)
DONE Output   HIGH when data processing is completed
 
Function Description
The GLM1 and GLM2 implementation fully supports the AES algorithm for 128 and 256 bit keys in Galois Counter Mode (AES-GCM) as required by the 802.1ae IEEE standard and in Liskov, Rivest, and Wagner Mode (AES-LRW) as required by the IEEE P1619 standard.

The core is designed for flow-through operation, with input and output interfaces of flexible width. GCM additional authentication data precede the plaintext in the flow of data. All GLM cores support both encryption and decryption modes for LRW-AES and GCM-AES.

 
Synthesis Results
Device Area Utilization and Performance

Representative area/resources figures are shown below.

 

GLM1 TSMC 0.13 µ LV 31,000 gates 250 MHz 3.2 Gbps
GLM1 TSMC 0.13 µ LVOD 52,000 gates 400 MHz 5 Gbps
GLM1 TSMC 0.13 µ LV 56,000 gates 400 MHz 5 Gbps
GLM2 TSMC 0.13 µ LV 58,000 gates 200 MHz 5 Gbps
GLM2 TSMC 0.13 µ LV 100,000 gates 400 MHz 10 Gbps
 
Export Permits
US Bureau of Industry and Security has assigned the export control classification number 5E002 to our AES core. The core is eligible for the license exception ENC under section 740.17(A) and (B)(1) of the export administration regulations. See the licensing basics page, for links to US government sites and more details.
 
Deliverables

HDL Source Licenses

Synthesizable Verilog RTL source code
Test bench (self-checking)
Vectors for test bench
Expected results
User Documentation

Netlist Licenses

Post-synthesis EDIF
Testbench (self-checking)
Vectors for test bench
Expected results
Place & Route script
 
Contact Information
IP Cores, Inc.
3731 Middlefield Rd.
Palo Alto, CA 94303, USA
Phone: +1 (650) 815-7996
E-mail: [email protected]
www.ipcores.com