1 Contents. Version of EnSilica Ltd, All Rights Reserved

Transcription

1

2 1 Contents esi-apb-aes 1 Contents 2 2 Overview 3 3 Hardware Interface Area 5 4 Software Interface Register Map 6 5 AES Operation Introduction DMA operation CBC operation CTR operation GCM operation Cycle counts 18 6 Revision History 19 Version of EnSilica Ltd, All Rights Reserved

3 2 Overview esi-apb-aes The esi-apb-aes core is an easy to use AES symmetric cipher/decipher accelerator peripheral. It supports the following features: ASIC or FPGA target. Simple register based interface Run-time support for 128, 192 and 256 bit keys 14, 16 and 18 clock cycle cipher/decipher for 128-bit/192-bit/256-bit keys respectively 130x faster than a software only implementation Integrated key expansion Cipher-Block-Chaining (CBC) support Counter chaining (CTR) support Galois Counter Mode (GCM) Galois Message Authentication Code (GMAC) support Split clock domains allow power reduction by using the APB clock domain for configuration, with a local system-clock domain to perform processing. Note: clock domains must operate at the same frequency and be synchronous and balanced. AMBA 3 APB slave interface for configuration Optional support for interfacing with DMA-engine (esi-dma) for greater throughput. Verilog APB Clock APB Slave esi-apb-aes APB Registers System Clock System Clock enable AES Engine Figure 1: esi-apb-aes Version of EnSilica Ltd, All Rights Reserved

4 3 Hardware Interface esi-apb-aes Module Name esi_apb_aes HDL Verilog 2001 Technology Generic Source Files esi_aes_apb.v, esi_aes_apb_if.v, esi_aes_enc_round.v, esi_aes_dec_round.v, esi_aes_ke_round.v, esi_aes_sbox.v, esi_aes_sbox_rom.v, esi_aes_isbox.v, esi_aes_xtime.v, esi_aes_ram_sp.v, esi_aes_include.v Compiler Directive `define ESI_CFG_AES_DMA_ENABLED `define ESI_CFG_AES_GCM_ENABLED `define ESI_CFG_AES_DEC_DISABLED Table 1: Compiler directives Description Optionally enables support for the esi-dma DMA-Engine. Declaring this enables addition top-level ports and builds additional functionality within the core. Optionally enables support for GCM and GMAC modes of operation. Optionally remove support for ECM and CBC deciphering. This is normally used to achieve a reduction in area when only CTR, GCM or GMAC modes of operation are required. As these modes do not require a traditional AES Decipher operation (instead using an Encipher operation for both Encrypt and Decrypt functions), the functionality can be removed in order to reduce the size of the IP. Parameter APB_ADDRESS_WIDTH APB_DATA_WIDTH Table 2: Module Parameters Description Specifies the width of the APB Address bus. Minimum of 6-bits required. Specifies the width of the APB Data bus. 32 or 16-bits supported. APB Port Direction Width Description pclk Input 1 Clock. presetn Input 1 Reset, active-low paddr Input 6 Address psel Input 1 Slave select penable Input 1 Enable pwrite Input 1 Write pwdata Input 32 Write data pready Output 1 Ready prdata Output 32 Read data pslverr Output 1 Slave error Table 3: APB I/O Ports Version of EnSilica Ltd, All Rights Reserved

5 Port Direction Width Description clk Input 1 Local System Clock input. This clock is used for all processing within the core. Note: This clock must operate at the same frequency as PCLK and be synchronous and balanced to the PCLK domain. cactive Output 1 Clock request for the System Clock. When this output is asserted the System-Clock must be enabled, when de-asserted the System-Clock may be disabled to save power. reset_n Input 1 Reset for the System clock domain, active low. key_ext Input 256 Optional external key interface key_size_ext Input 2 External key size key_src_ext Input 1 External key source 0 - Use APB control register field src as source 1 Always use external key interface tx_ack Input 1 Present when `define ESI_CFG_AES_DMA_ENABLED is declared. Acknowledges tx_ready after transfer complete (DMA mode) rx_ack Input 1 Present when `define ESI_CFG_AES_DMA_ENABLED is declared. Acknowledges rx_ready after transfer complete (DMA mode) interrupt_n Output 1 Level sensitive interrupt. Low if operation is completed tx_ready Output 1 Present when `define ESI_CFG_AES_DMA_ENABLED is declared. Indicates device can accept new data (DMA mode) rx_ready Output 1 Present when `define ESI_CFG_AES_DMA_ENABLED is declared. Indicates device has data to be read (DMA mode) Table 4: Additional I/O Ports For complete details of the APB signals, please refer to the AMBA 3 APB Protocol v1.0 Specification available at: Area When building with the following options, the core cell area (drawn) and equivalent NAND2 gate count is shown in Table 5. These numbers are based on TSMC 65GP at a target clock speed of 10 MHz. These areas include an instantiated 16x128bit single port RAM macro. ESI_CFG_AES_DEC _DISABLED ESI_CFG_AES_DMA _ENABLED ESI_CFG_AES_GCM _ENABLED Equivalent NAND2 Gate count Approx. cell area um K Base option implementing ECB CBC and CTR modes X 53.32K As above with DMA interface enabled X X 66.6K All functionality, ECB, CBC, CTR, and GCM/ GMAC with DMA option. X X X 51.2K CTR + GCM/ GMAC only, with DMA option. Table 5: Area based on different build options. Notes Version of EnSilica Ltd, All Rights Reserved

6 4 Software Interface esi-apb-aes 4.1 Register Map The software register map is given below. Register Address Access Description offset control 0x00 R/W Control register status 0x04 R/W Status register data_in [31:0] 0x08 R/W Data input register data_in [63:32] 0x0C R/W Data input register data_in [95:64] 0x10 R/W Data input register data_in [127:96] 0x14 R/W Data input register data_in [159:128] 0x18 R/W Data input register data_in [191:160] 0x1C R/W Data input register data_in [223:192] 0x20 R/W Data input register data_in [255:224] 0x24 R/W Data input register data_out [31:0] 0x28 R Data output register data_out [63:32] 0x2C R Data output register data_out [95:64] 0x30 R Data output register data_out [127:96] 0x34 R Data output register iv [31:0] 0x38 R/W CBC Initialisation vector register iv [63:32] 0x3C R/W CBC Initialisation vector register iv [95:64] 0x40 R/W CBC Initialisation vector register iv [127:96] 0x44 R/W CBC Initialisation vector register Table 6: Register Map Registers are represented as 32-bit words, so on a 16-bit architecture each register will require two half-word (16-bit) accesses in order to fully write or read all bits in the register. The esi-apb-aes peripheral is Little-Endian and so on a 16-bit architecture the loweraddressed half-word is the least-significant. For example, on a 16-bit architecture the bits in the control register can be accessed at address 0x00; while for the data_in registers, data_in[15:0] is located at address 0x08 and data_in[31:16] is located at address 0x0A. In encryption applications Plaintext, Ciphertext and IV data are considered as strings of characters (bytes), written left to right. When writing/ reading these strings to/ from the IP the first character of the string should be mapped to the LS-byte of the appropriate register with subsequent characters being mapped to increasingly-significant bytes the final character being mapped to the MS-byte. For example the following character string: 11754cd72aec309bf52f e8957 is written to the data_in or IV registers as follows: data_in/ IV [31:0] = d74c7511 data_in/ IV [63:32] = 9b30ec2a data_in/ IV [95:64] = 87762FF5 data_in/ IV [127:96] = 57892e Control Register The control register contains the configuration fields. The operation to be performed by the core is controlled by the mode field. Cipher mode will encipher the Plaintext to Cipertext. Version of EnSilica Ltd, All Rights Reserved

7 Decipher mode will decipher Ciphertext to Plaintext. Key expansion mode will fill the internal key expansion memory from the supplied key. The key size is determined from the size field. The key source is defined by the src field, and can either be the internal data_in registers or the external interface key_ext. When the key source is external then the key size is also taken from the external interface key_size_ext. When the `define ESI_CFG_AES_DMA_ENABLED compiler directive is specified, additional logic is built into the core to support connection to the esi-dma DMA engine. This allows the core to automatically process multiple blocks of data without interaction from the processor. This mode is enabled by setting the dma bit further details are given in section 5.2. The default mode is ECB which has no chaining, additional modes Cipher-Block-Chaining (CBC), Counter (CTR) and Galois Counter Mode (GCM) can be enabled using the chain field. Details of this functionality are given in sections 5.3, 5.4 and 5.5 The core as a whole is enabled or disabled using the en bit Figure 2: Format of the control register aad chain ie src size mode dma en Field Values Description en 1 Enable Enables the hardware 0 - Disable dma 1 Enable 0 - Disable When enabled the DMA flow-control signals are driven to indicate to a connected DMA engine that it should write or read data from the core. Note: Only present when the `define ESI_CFG_AES_DMA_ENABLED compiler directive is specified. Otherwise this is read-only and returns the value 0. mode size src ie chain aad 0 Cipher 1 Deciper 2 Key Expansion 3 Reserved bits bits bits 3 Reserved 0 Internal 1 External 0 - Interrupts disabled 1 - Interrupts enabled 0 ECB mode 1 - CBC 2 - CTR 3 - GCM 0 - Cipher data 1 - AAD data 2 - H calc 3 - Tag Table 7: Fields of the control register Mode of operation. Selects which operation will be performed by the next assertion of the start bit, and determines which result data is available from the data_out registers. Key size Key source. Keys are either taken from the internal APB key registers or from the external key interface, key_ext. Overridden by true setting on external interface key_src_ext. Interrupt enable Cipher-block-chaining mode. In GCM mode the type of data being presented to the data_in registers is determined by this field. When 0 the input data is ciphertext or plaintext. When 1 it is Additional Authenticated Data. When 2 it is calculating H When 3 it is calculating the Authentication Tag Version of EnSilica Ltd, All Rights Reserved

8 4.1.2 Status Register esi-apb-aes The status register contains the busy and done status bits. A new operation should only be started if the busy bit is false. The done bit is asserted when an operation completes and remains asserted until written to 1. The interface signal interrupt_n is asserted when the done bit is asserted and ie is set true in the control register. In order to clear the interrupt the done bit should be cleared by writing it to 1. Figure 3: Format of the status register 1 0 done busy Field Values Description busy 0 - Not busy 1 Busy Status of the operation. Operation in progress when set true and finished when false done 0 Not complete 1 Operation complete The done bit is asserted when a given operation completes and remains asserted until cleared by the user. When interrupt_n is enabled, clearing the done bit serves as the mechanism to clear the interrupt. Table 8: Fields of the status register Data Input Registers The Data-Input registers provide a common interface for writing data to the core. Operating modes are mutually exclusive and cannot be run concurrently; hence all data, irrespective of the operating mode, is transmitted to the core by writing to these registers. As keys can be up to 256 bits in length, the data_in registers allow for a data word of 256 bits to be written to the core prior to commencing a given operation. The core is little-endian with the least-significant word being written to address 0x08, and the most significant being written to 0x24. Keys of length 128, 192 or 256 bits can be used with the core and these must be written to data_in bits [127:0], [191:0] or [255:0] respectively. Plain-text input data to be enciphered is always 128-bits wide and as such is always written to bits [127:0] of the data_in registers addresses 0x08 to 0x14. Similarly Cipher-text data to be de-ciphered is always 128-bits wide and as such is also written to bits [127:0] of the data_in registers addresses 0x08 to 0x14. In all cases unused high-order bits can be left as don t care and should not be written. When DMA mode is not present or not enabled (dma bit set to zero and/or mode field is KEY_EXPANSION), the currently configured operation (selected by the mode bits in the control register) is initiated by writing the most-significant data-input word required for the operation. For encipher and decipher operations this is the data_in[127:96] register (data_in[127:112] on a 16-bit architecture), for key-expansion the length of the key may be 128, 192 or 256 bits as defined by the size field in the control register. So for a key-size of 256-bits the key-extraction operation is initiated by writing to the data_in[255:224]register; for a key-size of 192-bits the key-extraction operation is initiated by writing to the data_in[191:160] register, and for for a key-size of 128-bits the key-extraction operation is initiated by writing to the data_in[127:96]register. Version of EnSilica Ltd, All Rights Reserved

9 Hence the data_in register must always be written in order from least-significant to mostsignificant in order that the complete input data is present before the operation begins. Note: when running in DMA mode (`define ESI_CFG_AES_DMA_ENABLED compiler directive is specified, the dma bit is set to one and the mode field is CIPHER or DECIPHER) the currently configured operation is initiated by the completion of the DMA write transaction (tx_ack asserted) rather than a write to a specific register address. The current contents of the data_in registers can be read back at any time, with the exception that following a Key-Expansion operation the data_in registers are cleared back to zero as a security feature, thus preventing the key (or a partial key) from being read back at some later point data_in [i] Figure 4: Format of the data_in registers Field Values Description data_in[i] 32-bit portion of input 32-bit part select of the current data input. data word Table 9: Fields of the data_in registers Data Output Registers AES operates on a fixed length 128-bit Plaintext message to produce a 128-bit Ciphertext message and vice versa. The output from either the encipher or decipher operation is therefore always 128-bits in length, and as such 4 data_output registers are provided to allow the output of the current operation to be read. Note: data read from the data_output registers will be the last plain-text output of the decipher operation when the operating mode is set to Decipher, the last cipher-text output of the encipher operation when the operating mode is set to Cipher, and zero when the operating mode is set to Key Expansion or Reserved. The core is little-endian with the least-significant word being read from address 0x28, and the most significant being read from 0x34. The data_out registers are read-only data_out[i] Figure 5: Format of the data output registers Field Values Description data output [i] 32-bits of the output data. 32-bit part select of plaintext or ciphertext outputs. Table 10: Fields of the data_output register IV Registers IV values are 128-bits wide and as such are stored over four 32-bit registers. The IV registers may be written in any order. Version of EnSilica Ltd, All Rights Reserved

10 Note: all IV values are treated as character strings, and hence the byte-swapping rules described in section 4.1 apply when writing values to the IV registers. CBC chaining mode When operating in cipher-block-chaining (CBC) mode the CipherText (the output of a cipher operation or the input to a decipher operation) of the current operation is fed back into the processing phase of the following operation see section 5.3 for details. As there is no feedback term available for the first operation in a chain the Initialisation-Vector must be provided in order to provide the initial value. The IV registers allow this 128-bit value to be preloaded into the core prior to the commencement of processing. CTR chaining mode For CTR chaining mode the IV registers are used to enter the the initial counter value, sometimes denoted the Nonce. GCM chaining mode For GCM chaining modes the IV registers are used to enter the the initial counter value, denoted the ICB (Initial-Counter-Block), and subsequently to enter the J0 value required for Tag generation. When specifying the ICB value the IV character-string must be supplied as 96 random bits concatenated with the value 2. i.e b19b9b4ab6bd4f when supplying the J0 value it must be the same 96 random bits that were used in the ICB, concatentated with the value 1. i.e b19b9b4ab6bd4f Readback Reading back the IV registers returns the current feedback term, that is, after writing the initialisation-vector and prior to running the first encipher/ decipher these registers will return the initialisation-vector itself. After running the first encipher/ decipher the IV registers will read-back the term which will be input to the next encipher/ decipher operation in the chain iv [i] Figure 6: Format of the iv registers Version of EnSilica Ltd, All Rights Reserved

11 5 AES Operation esi-apb-aes 5.1 Introduction This IP core implements a fast rolled AES architecture to complete all the processing in just a few clock cyles more than the number of rounds for that key size. The key size and key can be changed via the APB interface. As a security measure the Key may not be read back following the Key Expansion operation. Whereas this hardware implementation can perform a cipher in as little as 11 clock cycles, it would typically take 1500 clock cycles on a 32-bit processor with a barrel shifter using Gladman's optimisation. So a hardware speed-up of 130x can be achieved. For secure operation the key can be provided from an external source on interface key_ext, together with the size on key_size_ext. To lock the IP core so it only accesses the key from this external interface then set key_src_ext high. With key_src_ext low, the key source is chosen by the src bit in the control register, and will either be the APB supplied key or the external key. Before any cipering or deciphering can take place the key must be expanded. This only needs to happen once, provided the key remains unchanged, and hence provides negligible impact on throughput. The key length is first set using the size bits (or selected using the key_size_ext input) and the key-expansion operation is then selected using the mode bits of the control register. Then the 128, 192 or 256 bit Key is written to the data_in registers or selected from the key_ext input. Key expansion is initiated when the most-significant word (or half-word on a 16-bit system) is written to the data_in register. This causes the keys for each round to be stored in internal memory. Note: when using an external key it is still necessary to perform an initial key expansion operation. This is executed by writing to the data_in register corresponding the most significant word of the selected key-size so for example if using a 128-bit external key, a write of an arbitrary value to data_in[127:96] will initiate the expansion operation; if using a 256-bit external key then data_in[255:224]will initiate the expansion. After key expansion completes - indicated by the done bit in the status register (and optionally the interrupt pin), a cipher or decipher operation may begin. Enciphering starts by setting the mode bits of the control register to the cipher operation. The plain-text is then written to the data_in registers and ciphering is intiated when the mostsignificant word (or half-word on a 16-bit system) is written to the data_in register. The status register done bit can be polled until it transitions to TRUE to indicate that the operation has completed. The final ciphertext is then available in the data-out registers. If interrupts are enabled by setting the ie bit in the control register then status register monitoring is unnecessary and the completion of the operation is indicated by the assertion of the interrupt. Whether polling the done bit or monitoring the interrupt, on detection of a completed operation the user should write the done bit to 1 in order to clear it if the interrupt is enabled then this will cause it to de-assert. Deciphering is a similar process to enciphering beginning with setting the mode bits of the control register to the decipher operation. The ciphertext is then written to the data_in registers and deciphering is intiated when the most-significant word (or half-word on a 16-bit system) is written to the data_in register. On completion the final plaintext is then available in the data_out registers. Note: when reading back the data_out register the mode field of the control register must be set appropriately to select the correct read data source. Version of EnSilica Ltd, All Rights Reserved

12 The IP core is split into two clock domains. Both domains must operate at the same frequency and be synchronous and balanced: The APB clock domain (pclk) is used by the APB interface to configure the IP. The System-Clock (clk) domain is used by the IP for all processing. The PCLK input needs only run when an APB transaction is in progress and may be gated off at all other times, hence reducing the power consumed by the global PCLK clock tree distribution. The clk input must run when the IP has data to process indicated by the assertion of cactive. When cactive is de-asserted the clk input may be gated off to reduce power consumption. 5.2 DMA operation To facilitate driving the core from the esi-dma DMA-engine (or similar) the esi-apb-aes core supports additional flow-control signals to allow the core to interact with the DMA engine without intervention from the attached control processor. These additional ports are only present when the `define ESI_CFG_AES_DMA_ENABLED compiler directive is specified. The DMA feature is enabled by setting the DMA bit in the control register and may be used when the core is configured to ENCIPHER or DECIPHER mode. Note: setting the DMA bit in KEY_EXPANSION mode has no effect. The flow control signals allow the core to assert tx_ready to the DMA-Engine to indicate that it can accept a new plain-text or cipher-text data-word, and the rx_ready signal to indicate that it has data to be read. An encipher/ decipher operation consists of the following cycle: DMA write -> Processing -> DMA read The cycle starts with the core asserting the tx_ready signal in order to request a data-word from the DMA-Engine. On receiving tx_ready the DMA-Engine should be configured to perform a write transaction consisting of multiple beats to incrementing addresses in the data_in registers (address 0x08 upwards) in order to convey a single 128-bit plain-text of cipher-text word. The number of beats will depend on the architecture of the system - for example to write a 128-bit plain-text word on a 32-bit system would require 4 beats, whereas on a 16-bit system this would require 8 beats. Having transferred the data the DMA-Engine then asserts the tx_ack signal and this is held high until the tx_ready signal is cleared by the core. When the core receives tx_ack it begins the Processing phase as specified by the mode bits of the control register and clears the tx_ready signal. When processing is complete the core asserts rx_ready in order to request the DMA-Engine to read the result. The DMA-Engine must then perform a similar multi-beat read from the data_out registers (address 0x28 upwards) in order to collect the resulting cipher-text or plain-text word. When the DMA-Engine completes, it assert rx_ack and the core then deasserts rx_ready and re-asserts tx_ready in order to request the next input data. Version of EnSilica Ltd, All Rights Reserved

13 5.2.1 GCM operation Figure 7: Flow control interface operation When operating in GCM/ GMAC mode the user may write AAD data to the IP in order to be included in the generation of the TAG without requiring any data to be read back. In this specific case where mode = gcm and aad = AAD the operation of the DMA state-machine inside the IP is slightly different and operates the following cycle which just allows successive data words to be written: DMA write -> Processing 5.3 CBC operation When CBC is enabled the following chaining methods are used for encipher and decipher operations. For an encipher operation, each block of input plaintext is XORed with the ciphertext result from the preceding encipher operation. An initial vector (IV) is used for the first block where no feedback term is available and this is loaded using the IV registers see section This is illustrated in Figure 8. Plaintext Plaintext Plaintext IV Key Block cipher encryption Key Block cipher encryption Key Block cipher encryption Ciphertext Ciphertext Ciphertext Figure 8: CBC encryption mode For a decipher operation, each block of output plaintext is XORed with the ciphertext input from the preceding decipher operation. An initial vector (IV) is used for the first block where no feedback term is available and this is loaded using the IV registers see section This is illustrated in Figure 9. Version of EnSilica Ltd, All Rights Reserved

14 Ciphertext Ciphertext Ciphertext Key Block cipher decryption Key Block cipher decryption Key Block cipher decryption IV Plaintext Plaintext Plaintext Figure 9: CBC decryption mode 5.4 CTR operation Counter mode is a simple chaining mode where the input to each AES encipher is a count value, starting from the value in the initialisation vector. The output of the AES is either XOR'ed with the plaintext for enciphering or the ciphertext for deciphering. CTR mode is enabled by setting the chain field in the control register to CTR. Figure 10: CTR mode Note: The counter is initialised with a 128-bit IV value, which is incremented by 1 following each encipher operation. The counter will rollover modulo GCM operation When GCM chaining operation is enabled the loading of data and calculation occurs in phases. Version of EnSilica Ltd, All Rights Reserved

15 (1) Select mode = Cipher, chain = GCM, aad = H, en = true. Write a 128 bit all zero vector to data_in and wait for processing to complete. The Galois field multiplier H is generated and stored internally. The initial value of the Hash is set to 0. (2) Load the iv registers with the character-string corresponding to the ICB. (3) Select mode = Cipher or Decipher, chain = GCM, aad = AAD Data. All the AAD data are now written, in 128 bit character-strings, to the input registers data_in. The AAD should be padded with zeros if the final 128 bit block is not complete. Wait for completion of processing (indicated by the done / or busy bits) between each write. (4) Select mode = Cipher or Decipher, chain = GCM, aad = Cipher Data. For enciphering/deciphering the plaintext/ciphertext respectively is written to the data_in registers in 128 bit character-strings; the Plain/ Cipher Text should be padded with zeros if the final 128 bit block is not complete. After writing each string wait for processing to complete (indicated by the done / or busy bits) before reading back the corresponding enciphered/ deciphered data from the data_out registers. (5) Select mode = Cipher or Decipher, chain = GCM, aad = AAD Data. Form the Length character string by the concatenation of the two 64-bit fields [len(aad)64 len(cipher Data)64]. Write the character-string to the data_in registers and wait for processing to complete (indicated by the done / or busy bits). (6) Select mode = Cipher or Decipher, chain = GCM, aad = Tag. Write the J0 character-string to the data_in registers and wait for processing to complete (indicated by the done / or busy bits). Read out the Authentication Tag from the data_out registers. The ciphering process is shown below, where the authentication data is just 1 block for simplicity. EK is the AES encryption operation with key K, multh is GF multiplication with H. The Counter 0 value is J0, Counter1 is the ICB and incr increments by 1 modulo NOTE: The DMA engine can be used to write the AAD and Cipher data in the GCM mode. When chain = GCM, aad = AAD Data the IP will perform the simplified DMA cycle shown in section to allow writing of multiple data words. When chain = GCM, aad = Cipher Data the IP performs the standard DMA cycle shown in section 5.2 allowing for successive writes and reads to be performed. When using the DMA interface the DMA mode should be disabled between the above steps by clearing the DMA bit in the control register. Version of EnSilica Ltd, All Rights Reserved

16 Figure 11: GCM authenticated encipher mode The authenticated deciphering process is shown below, and shares many similarities to the enciphering. Version of EnSilica Ltd, All Rights Reserved

17 Figure 12: GCM authenticated decipher mode GMAC operation is exactly the same except that there is no data to be encrypted, so step (4) above is ommitted. Version of EnSilica Ltd, All Rights Reserved

18 5.6 Cycle counts Operation 128-bit key 192-bit key 256-bit key Encipher Decipher Key exchange Version of EnSilica Ltd, All Rights Reserved

19 6 Revision History esi-apb-aes Hardware Software Description Revision Release 1 NA Initial release 2 NA *Added support for esi-dma *Removed the requirement to write the Start bit, processing now commences on the write of the final word of the input data string. * Added Cipher-Block-Chaining *Split clock domains in PCLK and System-CLK. - Removed PCLK_CACTIVE port (no longer required) - Added CACTIVE port to turn on the local System Clock *Updated cycle count figures. * Changed the is bit to be a done bit. The change is backwards compatible the done bit functions as the is bit did when ie is asserted. However, different to the old implementation, the new done bit will also provide the same indication of completion when ie is not enabled. This allows a positive indication of completion when polling, rather than the original inferred method of polling for the absence of the busy bit. 3 NA *Added support for CTR and GCM/ GMAC chaining modes. Table 11: Revision History References 1. FIPS-197 Version of EnSilica Ltd, All Rights Reserved