DesignWare Multipurpose Security Protocol Accelerator

The DesignWare® Multipurpose Security Protocol Accelerator (SPAcc) offers designers unprecedented configurability to address the complex security requirements that are commonplace in today's multi-function, high-performance SoC designs. Increasingly, these designs include security at the MAC layer (e.g., Wi-Fi, MACsec or 3GPP/LTE), VPN security with IPsec and TLS/DTLS, application layer security such as SRTP, and content protection. Compounding the challenge is the need to support high throughput requirements with mixed packet size traffic characteristics along with low latency requirements to preserve quality of service in voice and video applications in single- and multi-core processor architectures.

Most security protocols require computationally intensive confidentiality and authentication algorithms to be applied to the data. The DesignWare Multipurpose SPAcc provides a framework including a programmable sequencer, secure DMA engine, and cryptographic/hashing resources that can handle a variety of protocols, such as MACsec, IPsec, TLS/DTLS, SRTP, Wi-Fi, content protection, and 3GPP/LTE/LTE-A. The DesignWare Multipurpose SPAcc reduces the bus traffic and offers increased throughput by supporting efficient data sequencing as well as parallel processing of cryptographic operations (authentication and encryption/decryption).

DesignWare Multipurpose Security Protocol Accelerator

 

Highlights
Products
Downloads and Documentation
  • Highly configurable security accelerator
  • Support for all ciphers, hashes and MAC algorithms used in major protocols such as IPsec, SSL/TLS/DTLS, Wi-Fi, 3GPP LTE/LTE-A, SRTP, MACsec
  • Cipher algorithms: AES, DES/3DES, ARC4 [RC4], MULTI2, KASUMI, SNOW 3G, ZUC
  • Cipher modes: ECB, CBC, CTR, OFB, CFB, f8, XTS, UEA1, UEA2, 128-EEA1, 128-EEA2, 128-EEA3
    • Authenticated Encryption with Associated Data (AEAD) modes: CCM, GCM
    • Hash/MAC algorithms: MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256, AES-XCBC-MAC, AES-CMAC, KASUMI-f9, KASUMI-UIA1, SNOW-3G-UIA2, SNOW-3G-128-EIA1, AES-128-EIA2, ZUC-128-EIA3, CRC-32-IEEE802.3
    • Hash modes: raw hash, SSLMAC, HMAC
    • Other modes: GSM A5/3, ECSD A5/3 and GEA3 keystream generation
  • Built-in scatter/gather DMA capability offloads system CPU
  • Optimal bus utilization
  • Increased throughput through parallel hashing and encryption
  • IV import feature – permits DMA of IV with associated payload
  • Secure key port to access secrets stored in NVM
  • Secure bus option for systems which differentiate between secure and normal processing modes
    • TEE support (e.g., ARM® TrustZone®, ARC SecureShield)
  • Command and status FIFO depth selection offers interrupt coalescence
  • Dual-clock domain capability to run interface and crypto content in different clock domains
  • Support for big- or little-endian
  • Configurable 32- or 64-bit bus interfaces
    • AMBA AXI
    • AMBA AHB
    • Lower level of interfacing available
  • Optional enhancements:
    • SHA-3 Secure Hash Algorithm, NIST FIPS 202 compliant
      • Modes: SHA3-224/256/384/512, SHAKE128, SHAKE256
    • Virtualization – allows sharing between multiple CPUs
    • QoS capability allows multiple command priority queues for enhanced traffic management capabilities
Multipurpose Security Protocol AcceleratorSTARs Subscribe

Description: Multipurpose Security Protocol Accelerator
Name: dwc_spacc
Version: 2.00a
Product Type: DesignWare Cores
Documentation:
Download: spacc
Product Code: B259-0