AES-GCM MACsec (IEEE 802.1AE) and FC-SP Cores GCM1/GCM2/GCM3
General Description
Implementation of the new LAN security standard 802.1ae (MACSec) requires the NIST standard AES cipher in the GCM mode for encryption and message authentication (AES-GCM). The GCM1 AES core is tuned for 802.1ae applications at the data rates of 1 Gbps
and higher. The GCM2 family of
cores is targeted towards high
performance applications with
high-end cores supporting data
rates in excess of 100 Gbps and ability to parallelize to achieve even higher throughput. GCM3 is similar to GCM2, but supports AES key lengths up to 256 bits.
For higher throughputs of 100
Gbps and above, use our GCM10
core family.
Cores contain the base AES core AES1 and are available for immediate licensing.
The design is fully synchronous and available in both source and netlist form.
Symbol
Base Core Features
Small size:
Starting at less than 13K
ASIC gates, 1.5 Gbps
performance at less than 20K
gates
Scalability to throughputs
of 128 bits per clock with
the capability of parallel
cores at throughputs of 100
Gbps and above
Supports Galois Counter Mode Encryption and authentication (GCM-AES a.k.a. AES-GCM)
Includes AES-GCM encryption, AES-GCM decryption, key expansion and data interface
Automatic generation of key context from key data and frame header
Synchronous enable signal. When LOW the core ignores all its inputs and all its outputs must be ignored.
MODE
Input
Mode. When HIGH, transmit (GCM-AES encryption), when LOW receive (GCM-AES decryption)
START
Input
HIGH starting input data processing
READ
Output
Read request for the input data byte
DATA_VALID
Input
HIGH when valid data byte present on the input
WRITE
output
Write to the output interface
OUT_READY
Input
HIGH when output interface is ready to accept data byte
D[ ]
Input
Input Data Bus
Q[ ]
Output
Output Key Data
DONE
Output
Data processing completed
AES-GCM Function Description
The Advanced Encryption Standard (AES) algorithm is a new NIST data encryption standard as defined in the
NIST FIPS-197.
The GCM core implementation fully
supports the AES algorithm for 128
bit keys in Galois Counter Mode
(GCM-AES or AES-GCM) as required by
the
IEEE 802.1ae standard and
NIST
SP800-38D,
The cores are designed for flow-through operation. GCM cores support encryption and decryption modes.
Implementation Results
Area Utilization and Performance
Representative area/resources figures are shown below.
Core
Technology
Area / Resources
Frequency
Throughput
GCM1-32
TSMC
65
nm G+
19,163 gates
500 MHz
1.6 Gbps
GCM1-128
TSMC
130 nm LV
30,707 gates
250 MHz
3.2 Gbps
GCM1-128
TSMC
130 nm LV
40,335 gates
500 MHz
6.4 Gbps
GCM1-128
TSMC
90 nm LV
49,633 gates
824 MHz
10.5 Gbps
GCM3-64
TSMC
90 nm LV
136,582 gates
410 MHz
26 Gbps
Export Permits
US Bureau of Industry and Security has assigned the export control classification number 5E002 to our AES cores. The core is eligible for the license exception ENC under section 740.17(A) and (B)(1) of the export administration regulations. See the licensing basics page,
for links to US government sites and more details.