The Ensigma PE-CRDMA is a high performance DMA engine with crypto blocks to off-load crypto engine processing, and is part of the Ensigma security IP portfolio. It is used within various IP cores and susbsystems with a protocol processor (software) to realize several security protocols. The CRDMA can provide all the baseline crypto functions for a Secure SOC platform performing Secure Boot, Authentication, KEK and Key Storage.

PE-CRDMA provides a DMA type of interface for programming pointers to the security association data, packet pointers. The DMA performs scatter/gather data fetching and security association data along with the keys. The state machine schedules the crypto engines based on the protocol selection and packet boundaries. The hardware engines perform the encryption and authentication in sequence or in parallel.

 

Ensigma-Crypto-DMA

Features

The following are the salient features of the PE-CRDMA Processing Engine

  • The Ordering and padding options as per different Security Protocols
  • Encryption/Authentication runs in parallel or in succession.
  • Encryption Engines
    • AES
      • 128, 192 and 256 bit modes
      • CBC, ECB, CTR, CFB, OFB modes of operation
    • TDES
      • Optional DES operation
      • CBC, ECB, CTR, CFB, OFB modes of operation
    • RC4
    • Kasumi
    • SNOW 3G
    • ZUC
  • Authentication Engines
    • SHA-1, SHA-256, SHA-384, SHA-256
    • MD-5
    • AES-GCM, AES-xCBC
    • Kasumi
    • SNOW 3G
    • ZUC
    • HMAC operation for all the Authentication Engines
  • Optional RAM to counter BUS latencies.
  • Works with PE-True Random Number, Psuedo Random Number and Public Key Cryptography Engine

Applications

The PE-CRDMA is suited to realize security a variety of security blocks like.

  • IPSEC/SSL VPN
  • MACSEC Engine
  • Crypto Sub-Systems