Home   About Us   News   Contact Us

AES-GCM MACsec (IEEE 802.1AE) and FC-SP Cores GCM1/GCM2/GCM3

General Description

Implementation of the new LAN security standard 802.1ae (MACSec) requires the NIST standard AES cipher in the GCM mode for encryption and message authentication (AES-GCM). The GCM1 AES core is tuned for 802.1ae applications at the data rates of 1 Gbps and higher. The GCM2 family of cores is targeted towards high performance applications with high-end cores supporting data rates in excess of 100 Gbps and ability to parallelize to achieve even higher throughput. GCM3 is similar to GCM2, but supports AES key lengths up to 256 bits. For higher throughputs of 100 Gbps and above, use our GCM10 core family.
Cores contain the base AES core AES1 and are available for immediate licensing.
The design is fully synchronous and available in both source and netlist form.

Base Core Features

Small size: Starting at less than 13K ASIC gates, 1.5 Gbps performance at less than 20K gates  
Scalability to throughputs of 128 bits per clock with the capability of parallel cores at throughputs of 100 Gbps and above
Supports Galois Counter Mode Encryption and authentication (GCM-AES a.k.a. AES-GCM)
Includes AES-GCM encryption, AES-GCM decryption, key expansion and data interface
Automatic generation of key context from key data and frame header
Flow-through design
Test bench provided
Optional NIST GCMVS algorithm validation
Deliverables include test benches
GCM-AES Applications
WLAN IEEE 802.1ae MACSec
IEEE P1619.1 tape encryption
Fibre Channel Security Protocol FC-SP
IEEE 802.3ah (EPON) encryption
Pin Description
CLK Input   Core clock signal
CEN Input   Synchronous enable signal. When LOW the core ignores all      its inputs and all its outputs must be ignored.
MODE Input   Mode. When HIGH, transmit (GCM-AES encryption), when      LOW receive (GCM-AES decryption)
START Input   HIGH starting input data processing
READ Output   Read request for the input data byte
DATA_VALID Input   HIGH when valid data byte present on the input
WRITE output   Write to the output interface
OUT_READY Input   HIGH when output interface is ready to accept data byte
D[ ] Input   Input Data Bus
Q[ ] Output   Output Key Data
DONE Output   Data processing completed
AES-GCM Function Description

The Advanced Encryption Standard (AES) algorithm is a new NIST data encryption standard as defined in the NIST FIPS-197.

The GCM core implementation fully supports the AES algorithm for 128 bit keys in Galois Counter Mode (GCM-AES or AES-GCM) as required by the IEEE 802.1ae standard  and NIST SP800-38D

The cores are designed for flow-through operation. GCM cores support encryption and decryption modes.

Implementation Results

Area Utilization and Performance

Representative area/resources figures are shown below.

GCM1-32 TSMC 65 nm G+ 19,163 gates 500 MHz 1.6 Gbps
GCM1-128 TSMC 130 nm LV 30,707 gates 250 MHz 3.2 Gbps
GCM1-128 TSMC 130 nm LV 40,335 gates 500 MHz 6.4 Gbps
GCM1-128 TSMC 90 nm LV 49,633 gates 824 MHz 10.5 Gbps
GCM3-64 TSMC 90 nm LV 136,582 gates 410 MHz 26 Gbps
Export Permits
US Bureau of Industry and Security has assigned the export control classification number 5E002 to our AES cores. The core is eligible for the license exception ENC under section 740.17(A) and (B)(1) of the export administration regulations. See the licensing basics page, for links to US government sites and more details.

HDL Source Licenses

Synthesizable Verilog RTL source code
Verilog testbench (self-checking)
AES-GCM vectors for testbenches
Expected results
User Documentation
Optional GCMVS NIST validation

Netlist Licenses

Post-synthesis EDIF
Testbench (self-checking)
AES-GCM vectors for testbenches
Expected results
Place & Route script
Contact Information
IP Cores, Inc.
3731 Middlefield Rd.
Palo Alto, CA 94303, USA
Phone: +1 (650) 815-7996
E-mail: info@ipcores.com