Manualshelf

Datasheet

ManualsBrandsDIGILENT ManualsDev KitsExpansion
131132133134135136137138139140
2010 Microchip Technology Inc. DS39935C-page 129
ENC424J600/624J600
To switch the context during a calculation:
1. Configure SHA1MD5 (ECON2<12>) to select
the correct operation.
2. Clear HASHOP (ECON1<13>) to begin a new
hash.
3. Set HASHEN (ECON1<14>).
4. Clear HASHIF (EIR<13>).
5. Use the DMA to transfer exactly 64 bytes to
address 7A00h. This transfer may be split into
multiple transactions if each copy operation is
an integral length of 4 and the net of all transfers
is 64 bytes.
6. Wait for HASHIF to be set.
7. Repeat steps 4 through 6 for as many complete
64-byte blocks as are ready to be hashed.
8. Use the DMA to transfer the resulting 28 bytes
of context data, beginning at address 7A70h, to
another location in memory.
9. Clear HASHEN.
10. Use the module for other operations as
necessary.
11. Configure SHA1MD5 as in step 1.
12. Use the DMA to transfer the 28 bytes of stored
context to address 7A40h.
13. Set HASHOP and HASHEN to resume a
previous calculation.
14. Continue using the module as previously
described by hashing more data, then either
saving the state or completing the calculation.
It is important to note that the Digest/State Out only
contains either a Digest or a State Out initialization vec-
tor, but not both. If the HASHLST bit is set before the
final DMA transfer, the value will indicate the final
digest of all data processed so far. This digest is not a
valid initialization vector and cannot be used to resume
the hash. This is true even if the final transfer filled the
buffer to a 64-byte boundary. Likewise, if HASHLST is
clear before the final DMA transfer, the value can only
be used as an initialization vector. It will not be a valid
hash of the message so far. Therefore, applications
that require the capability to calculate a hash, add more
data and continue, should buffer up to 64 bytes in
memory. Only perform the hash operation on a block
once the 65
th
byte is ready to be hashed. This allows
the application to select whether a Digest or a State Out
initialization vector is desired before hashing a block.
Provided the context is stored, the application could
request a digest, then reload the context and retransfer
the data (beginning at the most recent 64-byte
boundary) to continue the hashing operation where it
was last stopped.
15.2.4 MD5/SHA-1 HASH PERFORMANCE
The implications noted in Section 15.2.1 “MD5 Hash-
ing”
and Section 15.2.2 “SHA-1 Hashing are that
the hashing engine is extremely fast and net through-
put is primarily limited by the DMA. Using an open-loop
method of skipping DMA and hash status checking, it is
possible to attain a net hashing throughput of
13.6 Mbytes/second (108 Mbits/second). Practical
considerations, such as the time it takes to send and
receive the data between the Ethernet and host
microcontroller, will generally play a bigger roll in the
total application performance.
15.3 Advanced Encryption Standard
(AES)
The AES engine implements the Advanced Encryption
Standard (originally known as Rijndael), as described
in the NIST Federal Information Processing Standard
Publication 197. This module can be used to encrypt or
decrypt data using a known secret key. Context
switching is supported for applications that require the
capability to alternate between two or more operations
or keys.
AES is a block cipher that must operate over 128-bit
(16-byte) blocks. The application must apply any
necessary padding, or strip any extraneous output
bytes, as dictated by the desired padding scheme. No
support for padding is included in the engine.
15.3.1 KEY SUPPORT
The AES engine supports 128, 192 and 256-bit key
sizes. Keys for AES are symmetric, meaning both parties
must agree on a shared secret before the algorithm can
be used. This is typically accomplished using an asym-
metric algorithm, such as RSA, and/or is handled by a
higher level protocol, such as Secure Socket Layer (SSL)
or Transport Layer Security (TLS).
To load an encryption key:
1. Verify that AESST (ECON1<11>) is clear,
indicating that the engine is Idle.
2. Configure AESLEN<1:0> (ECON2<1:0>) to
select the correct key size.
3. Use the DMA to transfer the key data to address
7C00h. Keys shorter than 256 bits should be
left-aligned.
AES generates a series of roundkeys from the encryp-
tion key using an expansion function. While encryption
begins at the first of these keys, decryption must start
from the last one. The AES module includes a key
expander, which calculates the roundkeys as needed
by the encryption engine. To calculate the last round-
key before beginning decryption, the engine must first
be operated in Encryption mode for one block.