

## **Single-Chip Security Processor**

#### GENERAL DESCRIPTION

The BCM5802 Security Processor provides industrystandard IETF IPsec encryption and authentication acceleration as well as IKE/SSL/TLS key setup acceleration. Engine throughput is over 150 Mbps with 3DES strong encryption and MD5/SHA1 authentication enabled. Sustained in-system performance with all features enabled ranges up to 100 Mbps for crypto/ authentication acceleration and 30 1024-bit Diffie-Hellman (180-bit exponent) key setups per second. The BCM5802 is ideal for cost-sensitive devices, including cable modem access systems, xDSL access systems, T1/T3 line security, and 10/100 Mbps ethernet interfaces.

The BCM5802 includes a built-in PCI 2.2 compliant interface for easy hardware interfacing. It requires zero external support components, enabling tremendous system cost savings, and it features a streamlined highperformance programming model for easy software integration.

#### FEATURES

- High-performance, low-cost security processor integrating full IPsec acceleration
- Supports DES, 3DES, HMAC-SHA1 and HMAC-MD5
- 100 Mbps IPsec (3DES, SHA1) in-system performance, with new Security Association (SA) per packet
- Unlimited SA support via system memory
- Extensive hardware support for IKE/SSL/TLS key setup acceleration
- Public key acceleration unit supports over 30 Diffie-Hellman key exchanges per second
- Compatible with SSH IPsec and IKE software
- True hardware random number generator
- Supports multi-packet processing and pre-fetch of packet data and context
- Aggressive pre-fetch DMA allows multi-packet, multithreaded, DMA processing with single PCI writes
- Full performance maintained independent of any reasonable PCI latency
- PCI 2.2 interface, 32-bit, 33 MHz
- Low-power 3.3V design in 0.35µ CMOS technology
- 144-pin DQFP package



**Functional Block Diagram** 

## **REVISION HISTORY**

| Revision #  | Date     | Change Description                                                            |
|-------------|----------|-------------------------------------------------------------------------------|
| 5802-DS00-R | 09-25-00 | Initial release.                                                              |
| 5802-DS01-R | 11-15-00 | Added lead pitch and lead width dimensions to package dimensions table.       |
| 5802-DS02-R | 07-27-01 | Made text changes in "Pin Definitions" table.                                 |
|             |          | <ul> <li>Made text changes in "Overview of Software Interface."</li> </ul>    |
|             |          | Added two new bullets under "Invalid Encryption/Authentication Operations."   |
|             |          | <ul> <li>Updated "PCI Configuration Registers" table.</li> </ul>              |
|             |          | <ul> <li>Updated "DMA Control and Status Registers" table.</li> </ul>         |
|             |          | Updated and added items under "Electrical and Timing Specifications" section. |
| 5802-DS03-R | 07-03-02 | Changed access for bits 24:23 in Table 29 on page 37.                         |

Broadcom Corporation P.O. Box 57013 16215 Alton Parkway Irvine, California 92619-7013 © 2002 by Broadcom Corporation All rights reserved Printed in the U.S.A.

Broadcom<sup>®</sup>, the pulse logo<sup>®</sup>, and QAMLink<sup>®</sup> are registered trademarks of Broadcom Corporation and/or its subsidiaries in the United States and certain other countries. All other trademarks are the property of their respective owners.

This data sheet (including, without limitation, the Broadcom component(s) identified herein) is not designed, intended, or certified for use in any military, nuclear, medical, mass transportation, aviation, navigations, pollution control, hazardous substances management, or other high risk application. BROADCOM PROVIDES THIS DATA SHEET "AS-IS", WITHOUT WARRANTY OF ANY KIND. BROADCOM DISCLAIMS ALL WARRANTIES, EXPRESSED AND IMPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

## TABLE OF CONTENTS

| Section 1: Functional Description                                | 1    |
|------------------------------------------------------------------|------|
| Overview                                                         | 1    |
| Key Features and Statistics                                      | 1    |
| Streamlined Hardware Interface                                   | 1    |
| IETF IPsec Compliant Acceleration                                | 2    |
| IETF IKE                                                         | 2    |
| Secure Socket Layer (SSL) v 3.0, Transport Layer Security (TLS)  | 2    |
| Streamlined, Flexible Software Command and Packet Interface      | 2    |
| Additional Performance Enhancing Features                        | 2    |
| Advanced Testability Features                                    | 2    |
| BCM5802 Additional Features to BCM5801                           | 3    |
| Optimal Application Areas                                        | 3    |
| Processing Overview                                              | 3    |
| Section 2: Hardware System Interface and Performance             | 6    |
| Application Examples                                             | 6    |
| Hardware Interface                                               | 7    |
| Support for Both PCI 3.3V and PCI 5V Signaling Environments      | 7    |
| Latency Tolerant Design                                          | 7    |
| Support for PCI Clock Rates from 25-33 MHz                       | 7    |
| In-System Performance Analysis                                   | 8    |
| Section 3: Hardware Signal Definition Table                      | 9    |
| Pinout Diagram                                                   | . 11 |
| Section 4: Software Programming Model                            | .12  |
| Overview of Software Interface                                   | 12   |
| Memory Structures                                                | 14   |
| IPsec Crypto/Authentication Processing Data Structure            | 14   |
| IKE/SSL/TLS Key Setup Processing Data Structure                  | 16   |
| Pictorial Illustrations of Memory Structures                     | 19   |
| IPsec ESP and AH (Bulk Encryption and Authentication) Processing | 19   |
| Key Setup Processing                                             | 22   |
| Alignment Restrictions                                           | . 32 |

| Invalid Encryption/Authentication Operations    |    |
|-------------------------------------------------|----|
| BCM5802 Registers                               | 34 |
| PCI Configuration Registers                     | 34 |
| DMA Control and Status Registers                |    |
| Section 5: Electrical and Timing Specifications |    |
| Section 6: Mechanical Information               |    |



## LIST OF FIGURES

| Figure 1: | Packet Processing Overview                                            | . 4 |
|-----------|-----------------------------------------------------------------------|-----|
| Figure 2: | Architecture Concept                                                  | . 6 |
| Figure 3: | PCI IPsec Accelerator Board - Architecture Concept                    | . 7 |
| Figure 4: | BCM5802 Pin Diagram                                                   | 11  |
| Figure 5: | Structures and Linkages Used to Forward Packet/Key Setup Data to Chip | 13  |
| Figure 6: | 144-Pin DQFP Package Drawing                                          | 40  |





## LIST OF TABLES

| Table 1: BCM5802 Key Features and Statistics                                                    | 1  |
|-------------------------------------------------------------------------------------------------|----|
| Table 2: Performance Table (Mbits/second)                                                       | 8  |
| Table 3: PCI Interface Pin Definitions                                                          | 9  |
| Table 4: Data Buffer Chain Entries                                                              | 19 |
| Table 5: Master Command Record                                                                  | 20 |
| Table 6: Packet Context Buffer                                                                  | 21 |
| Table 7: Data Buffer Chain Entries                                                              | 22 |
| Table 8: Master Command Record                                                                  | 23 |
| Table 9: Diffie-Hellman Public Key Generation (X = g <sup>x</sup> mod N) Command Context        | 24 |
| Table 10: Diffie-Hellman Shared Secret Generation (K=Y <sup>x</sup> mod N) Command Context      | 24 |
| Table 11: RSA Public Key Command Context                                                        | 25 |
| Table 12: RSA Private Key Command Context                                                       | 25 |
| Table 13: DSA Signing Command Context                                                           | 26 |
| Table 14: DSA Verification Command Context                                                      | 27 |
| Table 15: RNG Direct Test Command Context                                                       | 27 |
| Table 16: RNG-SHA1 Test Command Context                                                         | 27 |
| Table 17: ModAdd Command Context (C = (A+B) mod N)                                              | 28 |
| Table 18: ModSub Command Context (C = (A-B) mod N)                                              | 28 |
| Table 19: ModMul Command Context (C = A*B mod N)                                                | 28 |
| Table 20: ModRem Command Context (C = M mod N)                                                  | 29 |
| Table 21: ModExp Command Context (C = M <sup>E</sup> mod N)                                     | 29 |
| Table 22: ModInv Command Context (C = M <sup>-1</sup> mod N = M <sup>N-2</sup> mod N)           | 29 |
| Table 23: MCR Input/Output Data Buffer Chaining                                                 | 31 |
| Table 24: Memory-Resident Data Alignment Requirements in IPsec Crypto/Authentication Operations | 32 |
| Table 25: Memory-Resident Data Alignment Requirements in DH/RSA/DSA Operations                  | 32 |
| Table 26: PCI 2.2-Compliant Configuration Space Registers                                       | 34 |
| Table 27: PCI Configuration Registers                                                           | 35 |
| Table 28: PCI Memory BAR0 Space DMA Registers                                                   | 37 |
| Table 29: DMA Control and Status Registers                                                      | 37 |
| Table 30: Electrical and Timing Specifications                                                  | 39 |
| Table 31: PCI Pin DC Specifications                                                             | 39 |
| Table 32: 144-Pin DQFP Package Dimensions                                                       | 41 |





## **Section 1: Functional Description**

#### **OVERVIEW**

This document describes the BCM5802 security processor. The BCM5802 provides high-performance, low-cost IPsec/IKE/ SSL/TLS security. The device is especially attractive for high-volume, cost-sensitive access products and telecommuter solutions running over xDSL, cable modem, T1 line, T3 line, and 10/100 Mb ethernet interfaces.

#### **KEY FEATURES AND STATISTICS**

The feature set of the BCM5802 is optimized to enable cryptographic acceleration for protocols such as IPsec and IKE/ SSL/TLS acceleration. High in-system performance, low system cost and ease of software development are key goals of the BCM5802. The following table lists the key features and statistics of the BCM5802.

| Supply                                                         | 3.3V supply, 3.3V-driven, and 5V-tolerant I/O.                 |
|----------------------------------------------------------------|----------------------------------------------------------------|
| Engine throughput, 3DES + MD5/SHA1                             | >150 Mbps, all features on.                                    |
| System throughput, 3DES+MD5/SHA1                               | 100 Mbps.                                                      |
| System throughput, DH (1024b Mod, 180b Exp)                    | 30 key setup/s.                                                |
| System throughput, DSA<br>(1024b public key, 160b private key) | 50 signing/s and 25 verification/s.                            |
| System throughput, 1024-bit RSA                                | 20 private key operation/s.                                    |
| External memory usage                                          | No additional memory required.                                 |
| External clock supply                                          | No additional clock required. The chip is driven by PCI clock. |
| External bus                                                   | PCI 2.2, 25-33 MHz, 32-bit, 3.3V, and 5V.                      |
| Package                                                        | 144-pin DQFP.                                                  |
| Technology                                                     | 0.35 μm, 5LM standard-cell logic process.                      |

#### Table 1: BCM5802 Key Features and Statistics

#### STREAMLINED HARDWARE INTERFACE

- Direct connect to 32-bit PCI 2.2 bus running at 25-33 MHz, 3.3V, or 5V PCI
- · Zero external components: no external memory, no clock chips/oscillators, no EEPROM
- Ideally suited for a shared PCI bus: latency-tolerant design, programmable burst size

#### **IETF IPSEC COMPLIANT ACCELERATION**

- 3DES CBC encryption and decryption in accordance with FIPS 46-3 and FIPS 81.
- HMAC-MD5-96 and HMAC-SHA1-96 authentication in accordance with RFC2403, RFC2404 and FIPS 180-1. Automatic generation of MD5/SHA1 padding.
- Single-pass encryption and authentication via pipelined application of algorithms over payload in accordance with RFC2402 and RFC2406.
- Automatic sequencing of encryption and authentication: Encrypt first for outbound packets, authenticate first for inbound packets in accordance with RFC2401.

#### **IETF IKE**

- 768-bit and 1024-bit Diffie-Hellman key generations for IKE handshake according to RFC2409
- 512-bit, 768-bit and 1024-bit RSA signing and verification for IKE handshake
- 1024-bit DSA signing and verification for IKE handshake according to FIPS 186-2
- True random number generation for IKE keys using on-chip random number generator

#### SECURE SOCKET LAYER (SSL) V 3.0, TRANSPORT LAYER SECURITY (TLS)

- 512-bit, 768-bit, and 1024-bit RSA public key and private key processing
- 512-bit, 768-bit, and 1024-bit Diffe-Hellman session key generation
- DES and Triple-DES bulk encryption capability
- 1024-bit DSA signing and verification
- HMAC-MD5/SHA1 bulk authentication according to RFC2104

#### STREAMLINED, FLEXIBLE SOFTWARE COMMAND AND PACKET INTERFACE

- · Flexible command interface allows exchange of multiple packets or public key setups with one PCI write
- · Zero latency command buffer switching via double-buffered master command register
- Support for big and little endian environments
- · Host CPU intervention not required between packets or between key setups
- · Intelligent, autonomous DMA descriptor based interface to minimize software load
- Scatter/Gather support to eliminate packet data or key setup data copying-handles fragmented data directly
- · Support for any number of IPsec security association contexts, limited only by system memory

#### **ADDITIONAL PERFORMANCE ENHANCING FEATURES**

- Latency-tolerant design optimized for shared PCI bus environments. The BCM5802 leverages PCI burst mode access capability, up to a maximal burst size of 64 bytes.
- Aggressive pre-fetch of command and packet data.
- Full performance is maintained independent of any reasonable PCI latency.

#### **ADVANCED TESTABILITY FEATURES**

- 100% testability of on-chip RAM cells via BIST circuitry
- JTAG boundary scan for board-level testing

#### BCM5802 Additional Features to BCM5801

The BCM5802 adds a number of features as compared to the BCM5801. The notable additional features are:

- Diffie-Hellman, RSA, and DSA key setup execution unit to accelerate the public key operations.
- True random number generator (RNG) functional unit to generate secure private keys for Diffie-Hellman key exchanges and DSA signatures.
- 1024-bit register files to hold the large public key data.
- The BCM5802 is completely pin and register compatible with BCM5801, and is completely backwards register compatible with the BCM5801.

#### **OPTIMAL APPLICATION AREAS**

The BCM5802 enables high-speed security support for a variety of cost-sensitive applications and markets, including no compromise VPN support, secure telecommuting and remote access. Specific applications areas are as follows:

- · Secure telecommuting and SOHO access devices based on cable or xDSL modem
- Secure enterprise T1 and T3 access devices
- Secure LAN access devices
- PC-based VPN accelerator boards

#### **PROCESSING OVERVIEW**

The BCM5802 security processor manages IPsec packets in the following stages:

- 1 Fetch command context and data via descriptors.
- 2 If packet is inbound, authenticate then decrypt in pipelined fashion.
- 3 If packet is outbound, encrypt then authenticate in pipelined fashion.
- 4 Write (via descriptors) output data and authentication codes if applicable.

The command, data descriptor, packet data and context data fetch phases are completely overlapped with engine processing. Output packet data writeback is completely overlapped as well.



#### **BCM5802**

The following figure illustrates a high-level view of the BCM5802 packet processing.

Note Multiple sets of input packets can be specified via a single command descriptor (single PCI write).



Figure 1: Packet Processing Overview

The BCM5802 provides SSL/TLS key exchange using RSA in the following stages:

- 1 Fetch command context, including keys and message through DMA.
- 2 If the required operation is private key decryption, use the private key RSA algorithm with pre-computed components generated using the Chinese Remainder Theorem.
- 3 If the required operation is public key encryption, use the public RSA algorithm.
- 4 Write the decrypted/encrypted message to the output buffer.

The BCM5802 generates keys using the Diffie-Hellman algorithm for IKE handshake in the following stages:

- 1 Fetch command context and message through DMA.
- 2 If the required operation is to generate a message to another party (g<sup>x</sup> mod n), generate a random number from the random number generator unit on the chip and then perform the modular exponentiation with the generated random number as the exponent on the chip.
- 3 If the required operation is to generate the shared key from the message received (Y<sup>x</sup> mod n), perform the modular exponentiation with a previously generated random number on the chip. The random number is a part of the command context through DMA.
- 4 Write the output including the generated random number to the output buffer.

#### 07/03/02

The BCM5802 performs authentication using the DSA algorithm for an IPsec session during IKE handshake in the following stages:

- 1 Fetch command context and message through DMA.
- 2 If the required operation is to sign message, generate a random number and compute *r* and *s* values using SHA-1 and key setup execution units.
- 3 If the required operation is to verify signature, compute *v* value using SHA-1 and key setup execution units.
- **4** Write the output to the output buffer.

# Section 2: Hardware System Interface and Performance

#### **APPLICATION EXAMPLES**

The BCM5802 is ideally suited for cost-sensitive applications such as VPN appliances, SOHO routers and appliances, and IPsec acceleration. The following figure illustrates a system architecture concept that integrates the BCM5802 as a VPN accelerator. This architecture allows wire-speed support of secure VPN for a minimal incremental system cost.



Figure 2: Architecture Concept



#### **Production Specification**

#### 07/03/02

The BCM5802 enables very low-cost PCI-based cards that can accelerate IPsec processing up to T3 rate. The following figure shows the architecture of a BCM5802-based accelerator card. The accelerator card also provides key setup acceleration on the chip as well as a hardware random number generator to generate secret keys.



Figure 3: PCI IPsec Accelerator Board - Architecture Concept

#### HARDWARE INTERFACE

The only interface to the BCM5802 is a 32-bit PCI 2.2-compliant bus and a clock input. The following sections describe the key features of the hardware interface.

#### Support for Both PCI 3.3V and PCI 5V Signaling Environments

Single supply voltage of 3.3V ±5%. Because I/O pins for the BCM5802 are 5V tolerant, the BCM5802 can be used in both PCI 3.3V and PCI 5V environments.

#### Latency Tolerant Design

Descriptor for command as well as data buffers are pre-fetched to reduce the impact of PCI arbitration and system latency upon overall performance. Large burst sizes (up to a maximum of 64 bytes) are used when possible to fetch descriptor, command and packet payload data. Command context data is pre-fetched. Payload data is also pre-fetched and written back in posted fashion.

#### Support for PCI Clock Rates from 25-33 MHz

PCI clock rates from 25-33 MHz are supported. In general, lower clock rates and higher PCI system latencies have little impact on system performance, owing to aggressive data pre-fetch.



#### **IN-SYSTEM PERFORMANCE ANALYSIS**

PCI bus clock and latency have little effect on total BCM5802 system performance. This is because the chip aggressively pre-fetches and writes back descriptors, command buffers, context parameters and packet data. This aggressive pre-fetch enables the chip to run encryption and authentication engines at their full potential despite system latencies. Standard shared PCI bus implementations that run at 20-33 MHz with per-access latencies in the range of 1 ms to 1.5 ms enable the BCM5802 to run at full speed.

The chip core clock rate has a major impact on performance. Broadcom recommends that the BCM5802 be clocked at 33 MHz, which is the high end of the core clock frequency, in systems where maximal performance is desired. The chip core clock can be either directly copied from the PCI clock for reduced system cost, or generated asynchronously via an external oscillator for maximal performance.

The values shown in the following table indicate outbound packet Mbps performance for 3DES, HMAC-SHA1, with new the Security Association per packet.

|                     | Packet Sizes (Bytes) |     |     |      |      |  |  |  |  |  |  |
|---------------------|----------------------|-----|-----|------|------|--|--|--|--|--|--|
| PCI Clock Frequency | 64                   | 256 | 512 | 1024 | 2048 |  |  |  |  |  |  |
| 33 MHz              | 28                   | 67  | 89  | 104  | 113  |  |  |  |  |  |  |

#### Table 2: Performance Table (Mbits/second)

The BCM5802 is housed within a 144-pin DQFP package with a 28 mm x 28 mm body size. The pin definitions are shown in the following table.

| Name   | I/O | Pin # | Description                       |
|--------|-----|-------|-----------------------------------|
| AD[31] | Ю   | 20    | PCI multiplexed address/data bus. |
| AD[30] | Ю   | 21    | PCI multiplexed address/data bus. |
| AD[29] | Ю   | 23    | PCI multiplexed address/data bus. |
| AD[28] | Ю   | 24    | PCI multiplexed address/data bus. |
| AD[27] | Ю   | 25    | PCI multiplexed address/data bus. |
| AD[26] | Ю   | 27    | PCI multiplexed address/data bus. |
| AD[25] | Ю   | 28    | PCI multiplexed address/data bus. |
| AD[24] | Ю   | 29    | PCI multiplexed address/data bus. |
| AD[23] | Ю   | 33    | PCI multiplexed address/data bus. |
| AD[22] | Ю   | 35    | PCI multiplexed address/data bus. |
| AD[21] | Ю   | 36    | PCI multiplexed address/data bus. |
| AD[20] | Ю   | 37    | PCI multiplexed address/data bus. |
| AD[19] | Ю   | 38    | PCI multiplexed address/data bus. |
| AD[18] | Ю   | 39    | PCI multiplexed address/data bus. |
| AD[17] | Ю   | 41    | PCI multiplexed address/data bus. |
| AD[16] | Ю   | 42    | PCI multiplexed address/data bus. |
| AD[15] | Ю   | 59    | PCI multiplexed address/data bus. |
| AD[14] | Ю   | 60    | PCI multiplexed address/data bus. |
| AD[13] | Ю   | 62    | PCI multiplexed address/data bus. |
| AD[12] | Ю   | 63    | PCI multiplexed address/data bus. |
| AD[11] | Ю   | 65    | PCI multiplexed address/data bus. |
| AD[10] | Ю   | 66    | PCI multiplexed address/data bus. |
| AD[9]  | Ю   | 67    | PCI multiplexed address/data bus. |
| AD[8]  | Ю   | 68    | PCI multiplexed address/data bus. |
| AD[7]  | Ю   | 71    | PCI multiplexed address/data bus. |
| AD[6]  | Ю   | 72    | PCI multiplexed address/data bus. |
| AD[5]  | Ю   | 73    | PCI multiplexed address/data bus. |
| AD[4]  | Ю   | 75    | PCI multiplexed address/data bus. |
| AD[3]  | Ю   | 76    | PCI multiplexed address/data bus. |
| AD[2]  | ю   | 77    | PCI multiplexed address/data bus. |
| AD[1]  | ю   | 79    | PCI multiplexed address/data bus. |

#### Table 3: PCI Interface Pin Definitions

| Name    | I/O                       | Pin #                 | Description                                                                                                                           |
|---------|---------------------------|-----------------------|---------------------------------------------------------------------------------------------------------------------------------------|
| AD[0]   | IO                        | 80                    | PCI multiplexed address/data bus.                                                                                                     |
| PCI_CLK | Ι                         | 8                     | PCI clock, 25-33 MHz.                                                                                                                 |
| GNT#    | Ι                         | 17                    | PCI bus grant allowing the chip to use the bus.                                                                                       |
| FRAME#  | Ю                         | 45                    | PCI frame, indicates the beginning and duration of a master transfer.                                                                 |
| IRDY#   | Ю                         | 46                    | PCI initiator ready.                                                                                                                  |
| TRDY#   | Ю                         | 47                    | PCI target ready.                                                                                                                     |
| DEVSEL# | Ю                         | 49                    | PCI device select, asserted by an access target.                                                                                      |
| STOP#   | Ю                         | 50                    | PCI stop, requesting that the current master stop an active transfer.                                                                 |
| PERR#   | Ю                         | 53                    | PCI parity error.                                                                                                                     |
| SERR#   | Ю                         | 54                    | PCI system error, open drain.                                                                                                         |
| PAR     | Ю                         | 55                    | PCI parity.                                                                                                                           |
| REQ#    | 0                         | 19                    | PCI bus request.                                                                                                                      |
| RESET#  | Ι                         | 16                    | PCI reset, tri-states all PCI outputs.                                                                                                |
| INT#    | 0                         | 15                    | PCI interrupt output, open drain.                                                                                                     |
| IDSEL   | Ι                         | 32                    | PCI Initialization Device Request, used for PCI configuration cycles.                                                                 |
| CBE#[3] | Ю                         | 31                    | PCI command/byte enable, provides PCI bus command and data byte enables.                                                              |
| CBE#[2] | Ю                         | 43                    | PCI command/byte enable, provides PCI bus command and data byte enables.                                                              |
| CBE#[1] | Ю                         | 58                    | PCI command/byte enable, provides PCI bus command and data byte enables.                                                              |
| CBE#[0] | Ю                         | 70                    | PCI command/byte enable, provides PCI bus command and data byte enables.                                                              |
| VCC     | I                         | 51                    | Must be pulled up to VCC (PCI LOCK_).                                                                                                 |
| VCC     | Powe<br>109, <sup>-</sup> | er pins, r<br>110, 12 | must be connected to a 3.3V source: 10, 18, 26, 40, 48, 57, 61, 74, 81, 90, 92, 93, 102, 103, 6, 127, 133, 134, 135, 143, 144.        |
| GND     | Groui<br>118, 1           | nd pins:<br>119, 12   | 5, 12, 14, 22, 30, 34, 44, 52, 56, 64, 69, 78, 84, 85, 89, 99, 100, 106, 107, 108, 116, 117, 2, 123, 136, 137, 139, 140.              |
| AVCC1   | Ι                         | 94                    | Analog VCC for 4x PLL. Connect to 3.3V.                                                                                               |
| AGND1   | Ι                         | 98                    | Analog ground for 4x PLL.                                                                                                             |
| AVCC2   | Ι                         | 9                     | Analog VCC for deskew PLL. Connect to 3.3V.                                                                                           |
| AGND2   | Ι                         | 7                     | Analog ground for deskew PLL.                                                                                                         |
| VIO     | Ι                         | 111                   | PCI clamp voltage bias. Connect to 3.3V for 3.3V signaling environments. Connect to 5V for 5V signaling environments.                 |
| EXPORT  | Ι                         | 138                   | EXPORT pin (high = 56-bit encryption; low = strong encryption). Internally pulled up.                                                 |
| TEST    | I                         | 1                     | Test pin, internally pulled down, should be grounded for regular operation. When TEST is high, all outputs are tri-stated.            |
| TRST#   | Ι                         | 131                   | Internally pulled up. Should be connected to ground for normal operation. Used for boundary scan JTAG testing.                        |
| TMS     | Ι                         | 120                   | Test mode select for JTAG boundary scan. Internally pulled up. Should be connected to VCC for normal operation.                       |
| ТСК     | I                         | 6                     | Test mode clock for JTAG boundary scan. Internally pulled up. Unused in normal operation; connect to either high or low static level. |

#### Table 3: PCI Interface Pin Definitions

| Name                                                                   | I/O                                                                                                                                   | Pin # | Description                                                                                                                                   |  |  |  |  |  |  |
|------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--|--|--|
| TDI                                                                    | I                                                                                                                                     | 13    | Test data in for JTAG boundary scan. Internally pulled up. Unused in normal operation; connect to either high or low static level.            |  |  |  |  |  |  |
| TDO                                                                    | 0                                                                                                                                     | 121   | Test data out for JTAG boundary scan. Unused in normal operation.                                                                             |  |  |  |  |  |  |
| RNGOSC                                                                 | I                                                                                                                                     | 113   | Optional random number generator oscillator. Internally grounded. It can be Ex-ORed with internal oscillator to provide random number source. |  |  |  |  |  |  |
| Don't<br>Connect                                                       | The pins used for product testability and not used by customers. Leave them unconnected: 2, 3, 11, 82, 83, 86, 87, 91, 112, 114, 141. |       |                                                                                                                                               |  |  |  |  |  |  |
| All other pins are No Connects, and can be left floating or connected. |                                                                                                                                       |       |                                                                                                                                               |  |  |  |  |  |  |

#### Table 3: PCI Interface Pin Definitions

#### **PINOUT DIAGRAM**

The following figure shows the BCM5802 pin diagram.



Figure 4: BCM5802 Pin Diagram



## Section 4: Software Programming Model

This section specifies the programming model of the BCM5802, shows a sample software processing loop, and provides detailed descriptions of the on-chip registers.

#### **OVERVIEW OF SOFTWARE INTERFACE**

The major features of the BCM5802 software interface are as follows:

- Autonomous chip operation via an intelligent, descriptor-based DMA interface that minimizes the software processing load.
- Avoid packet or key setup data copying under any condition.
- Supports input packet fragmentation (at an IP level as well as in terms of memory allocation for packet data). Input fragments can be of any size (down to 1 byte), and can be aligned on any byte boundary.
- Supports output packet fragmentation (at an IP level as well as in terms of memory allocation for packet data). Output fragment size can be controlled in one of two configurable ways: 1) through a length field with each output data descriptor, or 2) through a global output data buffer length field. This offers the flexibility of using a fixed output fragment size, or of setting fragment size on a per-packet basis. Output fragments must be aligned on 32-bit word boundaries, and must be multiples of a 32-bit word in size.
- Permits flexibility with respect to the granularity of communication between the CPU and the chip. The CPU can instruct
  the chip to process several packets or key setups via a single PCI write. This allows the host CPU to select the degree
  of overlap between software and chip processing—one packet or key setup, several packets or key setups, or a very
  large number of packets or key setups.
- Permits different security processing to be applied to each and every packet or key setup, even though several packets or key setups may be part of a common master command structure.
- Flexible support for all IPsec formats, including ESP, AH and combinations with and without tunneling
- Flexible support for IKE, SSL, and TLS protocols, including DH, RSA, and DSA algorithms

The host CPU queues up any number of packets or key setups in system memory, and passes a pointer to a master command structure that identifies these packets or key setups to the chip. After the chip processes all the packets or key setups as specified, it then returns status to the CPU via a done flag per packet, and if enabled, via an interrupt upon global completion of all packets or all key setups within a master command structure.

A processing context structure is associated with each packet/key setup that allows various packets/key setups to be processed differently even though they are all part of a common master command structure. In addition, data from each packet can be fragmented on input (gather function) and on output (scatter function) in the IPsec crypto/authentication operations.

While there are no data buffer alignment constraints (such as byte alignment only), there are specific constraints upon command and context structure alignment as detailed under memory structures.



#### **Production Specification**

#### 07/03/02

The following figure shows an overview of the various structures and linkages used to forward packet/key setup data to the chip. Fields indicated by an @ sign correspond to pointers. The # PKT field in the master command structure allows up to  $2^{16}$ -1 packets to be queued up for processing (the high order 16 bits of this field are not used). The output fields within each entry in a master command buffer specify the start of a buffer chain into which output (encrypted or decrypted) data is written.



Figure 5: Structures and Linkages Used to Forward Packet/Key Setup Data to Chip

The master command structure is a single point of communication between the host CPU and the chip. Chip processing of any number of packets is initiated by writing the address of a master command structure to the on-chip master command address register (Master Command Register 1). The chip signals completion of processing by writing status information to the flags entry at the beginning of the master command structure and by posting an interrupt per master command structure (if enabled).

Note The NEXT@ field of the last output data buffer pointer is never used to access data for IPsec crypto/ authentication operations. This field instead contains the address of a buffer to which HMAC information is written to or read from, if HMAC processing is specified for a given packet. For HMAC-MD5, the entire 16 bytes of hash result is written to the buffer. For HMAC-SHA1, the entire 20 bytes of hash result is written to the buffer. For the IPsec HMAC-96, the software must discard the last four bytes of the data for HMAC-MD5 and the last eight bytes of the data for HMAC-SHA1.

For key setup operations, the same MCR structure is used as for IPsec crypto/authentication operations. The only difference is that chip processing of any number of key setups is initiated by writing the address of a master command structure to a different on-chip master command address register (Master Command Register 2). Both operations still share DMA Control Register, Status Register, and Error Address Register.

#### **MEMORY STRUCTURES**

All structures used for communication between the CPU and the chip are defined by their .h pseudo-code C language representation.

For IPsec crypto/authentication processing, the only alignment restriction placed upon all command and descriptor (not packet data) memory structures is that they must start on 32-bit (4-byte) boundaries. Beyond that, aligning structures to their natural boundaries may increase performance in certain systems.

#### **IPSEC CRYPTO/AUTHENTICATION PROCESSING DATA STRUCTURE**

```
_____
/* LITTLE ENDIAN command structures for uBSec Chip */
typedef unsigned char u8; /* 8-bit data type */
typedef unsigned short u16; /* 16-bit data type */
/* Data Buffer chain entry */
typedef struct DataBufChain struct {
   unsigned char *dataAddr;
   struct DataBufChain struct *next;
   ul6 dataLength;
   ul6 reserved;
} DataBufChain;
/* Context buffer */
typedef struct PktCtxBuf struct {
   /* Keys for 3DES -- three keys of 8 bytes each (56 bits plus parity) */
   uint cryptokeys[6];
   /*
      * Pre-computed HMAC inner & outer state
      * (2x16B for MD5, 2x20B for SHA1).
   */
      uint HMACInnerState[5];//HMACInnerState[0-3] for MD5, HMACInnerState[0-4] for SHA1
      uint HMACOuterState[5];//HMACOuterState[0-3] for MD5, HMACOuterState[0-4] for SHA1
      /*
          * Crypto IV (copied from payload if explicit, byte swapped if needed)
      */
      uint computedIV[2];
      /*
      * Processing control flags
      */
      unsigned int reserved:12; /* Reserved */
      unsigned int auth:2; /* MD5, SHA1, None */
      unsigned int inbound:1; /* Inbound packet */
      unsigned int crypto:1; /* 3DES-CBC or None */
          /* Offset to skip authenticated but non-encrypted
         header words. Goes to start of IV data. In units of 32-bit words */
      u16 cryptoOffset;
```

#### **Production Specification**

07/03/02

```
BCM5802
```

```
} PktCtxBuf;
/* Master command record */
typedef struct MasterCmd struct {
      ul6 numPkt; /* Number of Packets in this MCR*/
      ul6 flags; /* Completion and error status from chip, per MCR */
          /* flags[0] = 1 if processing of the MCR is finished
                0 otherwise
             flags[1] = 1 if an error occurred
                0 if no error occurred
             flags[7:2]: reserved
             flags[15:8] = error code if an error occurred (i.e. flags[1] == 1),
                undefined otherwise*/
      /* Following 5 fields occur once per packet in the MCR */
      uint firstPktCMDAddr;
      DataBufChain firstPktData; /* First descriptor for input packet data */
      ul6 reserved; /* Includes per packet done status */
      ul6 pktLength;
      DataBufChain firstOutputData; /* First descriptor for output packet data */
      /* Followed by as many sets of above 5 fields as there
      are packets in this MCR */
} MasterCmd;
```

An implicit (pre-computed) IV is never used as part of the HMAC computation—even if specified. However, an explicit IV is always part of the authentication computation. Further details regarding IV material handling follow the pictorial illustration of the packet context structure.

The following is the data structure (.h file) for key setup processing.

#### **IKE/SSL/TLS KEY SETUP PROCESSING DATA STRUCTURE**

```
_____
/* LITTLE ENDIAN command structures for uBSec Chip */
typedef unsigned char u8; /* 8-bit data type */
typedef unsigned short u16; /* 16-bit data type */
typedef unsigned int u32; /* 32-bit data type */
/* Data Buffer chain entry */
typedef struct DataBufChain struct {
   unsigned char *dataAddr;
   struct DataBufChain struct *next;
   ul6 dataLength;
   ul6 reserved;
} DataBufChain;
/* Context buffer */
/* Different algorithms have different command context buffers */
/*Diffie-Hellman Send*/
typedef struct DH SEND CtxCmdBuf struct {
   u16 total_command_structure_length;
   ul6 operation_type; /* Send mode for DH (0x1) */
   ul6 rng_enable; /* Private key x generated by RNG or provided by SW
         rng_enable = 0x0 -> x provided by SW
          rng_enable = 0x1 -> x generated by RNG \star/
      ul6 private key length; /* Private key x length in bits*/
      ul6 generator length; /*Generator g length in bits*/
      ul6 modulus length; /* Modulus N Length in bits */
u32 N[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* Modulus N
*/
      u32 g[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* Generator
g */
          /* Private key is stored in the data buffer */
} DH_SEND_CtxCmdBuf;
/*Diffie-Hellman Receive*/
typedef struct DH_REC_CtxCmdBuf_struct {
   u16 total command structure length;
   ul6 operation type; /* Receive mode for DH (0x2) */
   ul6 exponent_length; /* Exponent (private key x) length in bits */
   ul6 modulus_length; /* Modulus N Length in bits */
   u32 N[(modulus length <= 512)? 16 : (modulus length <= 768)? 24 : 32]; /* Modulus N */
} DH_REC_CtxCmdBuf;
/*Public Key RSA*/
typedef struct Pub RSA CtxCmdBuf struct {
   u16 total_command_structure_length;
   ul6 operation type; /* Public mode for RSA (0x3) */
   ul6 exponent length; /* Exponent E length in bits*/
   ul6 modulus_length; /* Modulus N Length in bits */
   u32 N[modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /*
Modulus N */
   u32 E [exponent_length + 31)/32]; /* Exponent E */
} Pub_RSA_CtxCmdBuf:
/*Private Key RSA*/
typedef struct Pri_RSA_CtxCmdBuf_struct {
   u16 total_command_structure_length;
```

Broadcom Corporation

07/03/02

```
ul6 operation_type; /* Private mode for RSA (0x4) */
   ul6 q length; /* Prime q length in bits */
   ul6 p length; /* Prime p Length in bits */
   u32 p[max_length <= 256 ? 8 : max_length <= 384 ? 12 : 16]; /* Prime p */
   u32 q[max_length <= 256 ? 8 : max_length <= 384 ? 12 : 16]; /* Prime q */
   u32 dp[max_length <= 256 ? 8 : max_length <= 384 ? 12 : 16];/* CRT private exponent dp
   */
   u32 dp[max_length <= 256 ? 8 : max_length <= 384 ? 12 : 16];/* CRT private exponent dq
   */
   u32 pinv[max_length <= 256 ? 8 : max_length <= 384 ? 12 : 16]; /* CRT coefficient */
} Pri RSA CtxCmdBuf;
where max length = (p length > q length) ? p length : q length;
/*DSA signing */
typedef struct DSA SIGN CtxCmdBuf struct {
   u16 total command structure length;
   ul6 operation type; /* Signing mode for DSA (0x5) */
   ul6 shal enable; /* hash of message performed by SHAl unit or provided by SW
      shal enable = 0x0 \rightarrow hash provided by SW
      shal enable = 0x1 -> hash performed by SHA1 unit */
   ul6 reserved;
   ul6 rng enable; /* Random number k generated by RNG or provided by SW
      rng_enable = 0x0 -> k provided by SW
      rng enable = 0x1 \rightarrow k generated by RNG */
      u16 p length; /* Modulus p length in bits */
      u32 q[5]; /* Modulus q */
      u32 p[(p_length <= 512)? 16 : (p_length <= 768)? 24 : 32]; /* Modulus p */
      u32 g[(p length <= 512)? 16 : (p length <= 768)? 24 : 32]; /* Generator g */
      u32 x[5]; /* Private key x */
} DSA_SIGN_CtxCmdBuf;
/*DSA Verification */
typedef struct DSA_VERIFY_CtxCmdBuf_struct {
   u16 total command structure length;
   ul6 operation type; /* Verification mode for DSA (0x6)*/
   ul6 shal_enable; /* hash of message performed by SHA1 unit or provided by SW
      sha1_enable = 0x0 -> hash provided by SW
      sha1 enable = 0x1 -> hash performed by SHA1 unit */
   ul6 reserved;
   ul6 reserved;
   u16 p length; /* Modulus p length in bits */
   u32 q[5]; /* Modulus q */
   u32 p[(p_length <= 512)? 16 : (p_length <= 768)? 24 : 32]; /* Modulus p */
   u32 g[(p length <= 512)? 16 : (p length <= 768)? 24 : 32]; /* Generator g */
   u32 y[(p_length <= 512)? 16 : (p_length <= 768)? 24 : 32]; /* Public key y */
} DSA_VERIFY_CtxCmdBuf
/* RNG Bypass */
typedef struct RNG_BYPASS_CtxCmdBuf_struct {
   ul6 total_command_structure_length; /* 64 bytes long as required by PCI access */
   ul6 operation_type; /* Bypass RNG mode for RNG (0x41) */
} RNG_BYPASS_CtxCmdBuf
/* RNG SHA1 */
```

```
typedef struct RNG_SHA1_CtxCmdBuf_struct {
   ul6 total_command_structure_length; /* 64 bytes long as required by PCI access */
   ul6 operation_type; /* RNG-SHA1 modes for RNG (0x42)*/
} RNG_SHA1_CtxCmdBuf
/*Modular Addition Atomic Operation*/
typedef struct ModAdd_CtxCmdBuf_struct {
   u16 total_command_structure_length;
   ul6 operation_type; /* ModAdd (0x43)*/
   ul6 reserved;
   u16 modulus_length; /* Modulus N Length in bits */
   u32 N[(modulus length <= 512)? 16 : (modulus length <= 768)? 24 : 32]; /* Modulus N */
} ModAdd CtxCmdBuf;
/*Modular Subtraction Atomic Operation*/
typedef struct ModSub CtxCmdBuf struct {
   u16 total command structure length;
   ul6 operation_type; /* ModSub (0x44) */
   ul6 reserved;
   u16 modulus length; /* Modulus N Length in bits */
      u32 N[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* Modulus N
      */
} ModSub CtxCmdBuf;
/*Modular Multiplication Atomic Operation*/
typedef struct ModMul CtxCmdBuf struct {
   u16 total command structure length;
   ul6 operation_type; /* ModMul (0x45) */
   ul6 reserved;
   u16 modulus length; /* Modulus N Length in bits */
   u32 N[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* Modulus N */
} ModMul_CtxCmdBuf;
/*Modular Reduction Atomic Operation */
typedef struct ModRem CtxCmdBuf struct {
   u16 total_command_structure_length;
   ul6 operation_type; /* ModRem (0x46) */
   ul6 message_length; /* Message M Length in bits */
   u16 modulus_length; /* Modulus N Length in bits */
   u32 N[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* Modulus N */
} ModRem_CtxCmdBuf;
/*Modular Exponentiation Atomic Operation */
typedef struct ModExp CtxCmdBuf struct {
   u16 total_command_structure_length;
   ul6 operation_type; /* ModExp (0x47) */
   u16 exponent length; /* Exponent E Length in bits */
   u16 modulus_length; /* Modulus N Length in bits */
   u32 N[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* Modulus N */
} ModExp CtxCmdBuf;
/*Modular Inverse Atomic Operation */
typedef struct ModInv_CtxCmdBuf_struct {
   u16 total command structure length;
```

#### **Production Specification**

07/03/02

```
ul6 operation_type; /* ModInv (0x48)*/
   ul6 reserved;
   u16 modulus length; /* Modulus N Length in bits */
   u32 N[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* Modulus N */
   u32 E[(modulus_length + 31)/32]; /* Exponent (N-2) */
} ModInv CtxCmdBuf;
/* Master command record */
typedef struct MasterCmd struct {
   ul6 numKeysetup; /* Number of Key setups in this MCR*/
   ul6 flags; /* Completion/error status from chip, per MCR */
      /* flags[0] = 1 if processing of the MCR is finished
          0 otherwise
      flags[1] = 1 if an error occurred
          0 if no error occurred
             flags[7:2]: reserved
             flags[15:8] = error code if an error occurred (i.e. flags[1] == 1),
                undefined otherwise
      */
   /*
       * Following 5 fields occur once per key setup in the MCR
   */
   uint firstKeySetupCMDAddr;
   DataBufChain firstKeySetupData; /* First descriptor for input key setup data */
   ul6 reserved;
   ul6 dLength; /* Total length of the input data for the first key setup */
   DataBufChain firstOutputData; /* First descriptor for output key setup data */
   /*
      * Followed by as many sets of above 5 fields as there
       * are key setups in this MCR
   */
} MasterCmd;
                              -----
```

#### **PICTORIAL ILLUSTRATIONS OF MEMORY STRUCTURES**

The tables below illustrate memory-based structures used for CPU to chip communication. Fields in quotes refer to structure names from the description on the previous pages.

#### IPsec ESP and AH (Bulk Encryption and Authentication) Processing

**Data Buffer Chain Entries.** This structure is used to build up a linked list of data buffers for every input and output packet. Each entry in the linked list points at a data buffer that contains actual packet data, a next field that points to the next descriptor entry in the linked list, and a length field that contains the number of bytes stored in the data buffer.

| M        | SB                           |    |    |    |    |    |    |    |    |                            |       |      |       |     |        |    |      |      |       |      |    |   |   |   | LSB |   |   |   |   |   |   |
|----------|------------------------------|----|----|----|----|----|----|----|----|----------------------------|-------|------|-------|-----|--------|----|------|------|-------|------|----|---|---|---|-----|---|---|---|---|---|---|
| 31       | 30                           | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21                         | 20    | 19   | 18    | 17  | 16     | 15 | 14   | 13   | 12    | 11   | 10 | 9 | 8 | 7 | 6   | 5 | 4 | 3 | 2 | 1 | 0 |
|          | Data Buffer Address dataAddr |    |    |    |    |    |    |    |    |                            |       |      |       |     |        |    |      |      |       |      |    |   |   |   |     |   |   |   |   |   |   |
|          |                              |    |    |    |    |    |    |    |    | Ne                         | xt ei | ntry | in li | nke | d list | of | data | ı bu | ffers | s ne | ĸt |   |   |   |     |   |   |   |   |   |   |
| Reserved |                              |    |    |    |    |    |    |    |    | Data buffer length dataLen |       |      |       |     |        |    |      |      |       |      |    |   |   |   |     |   |   |   |   |   |   |
|          |                              |    |    |    |    |    |    |    |    |                            |       |      |       |     |        |    |      |      |       |      |    |   |   |   |     |   |   |   |   |   |   |

#### Table 4: Data Buffer Chain Entries

**Master Command Record.** This structure is used to hand off a number of packets to the chip for processing. The structure is variable-length, and contains up to 2<sup>16</sup>-1 sets of fields where each field describes one packet. This degree of flexibility allows the host CPU to queue up any number of packets, and to initiate hardware processing of all queued up packets via a single PCI write.

| MSB                                                                                          | LSB                                              |  |  |  |  |  |  |  |  |  |  |
|----------------------------------------------------------------------------------------------|--------------------------------------------------|--|--|--|--|--|--|--|--|--|--|
| 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2            | 1 0                                              |  |  |  |  |  |  |  |  |  |  |
| Flags # Packets in this MCR                                                                  |                                                  |  |  |  |  |  |  |  |  |  |  |
| Command context address for 1 <sup>st</sup> packet firstPktCMDAddr                           |                                                  |  |  |  |  |  |  |  |  |  |  |
| Data Buffer Address dataAddr for 1 <sup>st</sup> packet                                      |                                                  |  |  |  |  |  |  |  |  |  |  |
| Next entry in linked list of data buffers for 1 <sup>st</sup> packet next                    |                                                  |  |  |  |  |  |  |  |  |  |  |
| Reserved Data buffer length dataLen 1 <sup>st</sup> pkt                                      |                                                  |  |  |  |  |  |  |  |  |  |  |
| Length for 1 <sup>st</sup> packet pktLength Reserved                                         |                                                  |  |  |  |  |  |  |  |  |  |  |
| Output Buffer Address dataAddr for 1 <sup>st</sup> packet                                    |                                                  |  |  |  |  |  |  |  |  |  |  |
| Next entry in linked list of Output buffers for 1 <sup>st</sup> packet next                  |                                                  |  |  |  |  |  |  |  |  |  |  |
| Reserved Output buffer length dataLen 1 <sup>st</sup> pkt                                    |                                                  |  |  |  |  |  |  |  |  |  |  |
| Command context address for 2 <sup>nd</sup> to N <sup>th</sup> packet pktCMDAddr             |                                                  |  |  |  |  |  |  |  |  |  |  |
| Data Buffer Address dataAddr for 2 <sup>nd</sup> to N <sup>th</sup> packet                   |                                                  |  |  |  |  |  |  |  |  |  |  |
| Next entry in linked list of data buffers for 2 <sup>nd</sup> to N <sup>th</sup> packet next |                                                  |  |  |  |  |  |  |  |  |  |  |
| Reserved Data buffer length dataLen 2-N <sup>th</sup> pkt                                    | Data buffer length dataLen 2-N <sup>th</sup> pkt |  |  |  |  |  |  |  |  |  |  |
| Length for 2-N <sup>th</sup> packet pktLength Reserved                                       | Reserved                                         |  |  |  |  |  |  |  |  |  |  |
| Output Buffer Address dataAddr for 2-N <sup>th</sup> packet                                  |                                                  |  |  |  |  |  |  |  |  |  |  |
| Next entry in linked list of Output buffers for 2-N <sup>th</sup> packet next                |                                                  |  |  |  |  |  |  |  |  |  |  |
| Reserved Output buf length dataLen 2-N <sup>th</sup> pkt                                     |                                                  |  |  |  |  |  |  |  |  |  |  |

#### Table 5: Master Command Record



#### 07/03/02

**Packet Context Buffer.** This structure defines IPsec crypto and authentication processing to be applied on a per packet basis.

| MSB   |      |       |     |      |      |      |     |       |       |       |      |       |       |      |         |        |        |       |       |                  |       |    |   |      |     |    |   |   |   | LSE | 3 |
|-------|------|-------|-----|------|------|------|-----|-------|-------|-------|------|-------|-------|------|---------|--------|--------|-------|-------|------------------|-------|----|---|------|-----|----|---|---|---|-----|---|
| 31 30 | 29   | 28    | 27  | 26   | 25   | 24   | 23  | 22    | 21    | 20    | 19   | 18    | 17    | 16   | 6       | 14     | 13     | 12    | 11    | 10               | 9     | 8  | 7 | 6    | 5   | 4  | 3 | 2 | 1 | C   | ) |
|       |      |       |     |      |      |      | С   | rypto | 5 3D  | ES    | keyi | ng r  | nate  | əri  | ial, (2 | 24 by  | tes,   | hig   | jh w  | ord              | of k  | 1) |   |      |     |    | 1 |   |   |     |   |
|       |      |       |     |      |      |      | (   | Crypt | o 3[  | DES   | key  | ving  | mat   | ter  | rial (2 | 24 by  | /tes,  | lov   | v wo  | ord c            | of k1 | )  |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     | (     | Cryp  | to 3  | DES  | S ke  | ying  | , n  | nater   | ial (ł | nigh   | wo    | rd o  | f k2)            | )     |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     | (     | Cryp  | oto 3 | DE   | S ke  | ying  | g r  | nate    | rial ( | low    | wor   | d of  | <sup>i</sup> k2) |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     | (     | Cryp  | to 3  | DES  | S ke  | ying  | , n  | nater   | ial (ł | nigh   | wo    | rd o  | f k3)            | 1     |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     | (     | Cryp  | oto 3 | DE   | S ke  | ying  | g r  | mate    | rial ( | low    | wor   | d of  | ,<br>k3)         |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     | HMA   |       | lash  | Inn  | er s  | tate  | ) (I | high    | word   | I) HI  | MA    | CInr  | nerS             | tate  |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       |       |       | Н    | IMA   | СН    | las  | sh In   | ner s  | tate   |       |       |                  |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       |       |       | Н    | IMA   | СН    | las  | sh In   | ner s  | tate   |       |       |                  |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       | HM    | AC    | Has  | h In  | ner   | st   | tate (  | low    | word   | d fo  | r MD  | D5)              |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     | H     | ЛАС   | ; Ha  | sh l | nne   | r sta | ate  | e (lov  | / wo   | d or   | nly f | for S | SHA              | 1)    |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     | HMA   | СН    | ash   | Out  | er s  | state | e (I | high    | word   | I) HI  | MA    | COL   | uterS            | State | •  |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       |       |       | Н    | MA    | СН    | as   | sh Oi   | uters  | state  | ;     |       |                  |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       |       |       | Н    | MA    | СН    | as   | sh Oi   | uters  | state  | ;     |       |                  |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       | HM    | AC    | Has  | hΟ    | uter  | s    | tate    | (low   | word   | d fo  | r MI  | D5)              |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     | HN    | ЛАС   | Ha    | sh C | Dute  | r sta | ate  | e (lov  | v wo   | rd o   | nly   | for S | SHA              | 1)    |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       | 3     | DES   | Co   | mpı   | uted  | \    | V (8 I  | oytes  | s, hig | gh v  | vorc  | d)               |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       | 3     | DES   | S Co | mp    | utec  | 'I k | V (8    | byte   | s, lo  | w w   | vord  | )                |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       |       |       |      |       |       |      | С       | Ι      | Α      |       |       |                  |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       |       |       |      |       |       |      | r       | n      | u      |       |       |                  |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       |       |       |      |       |       |      | у       | b      | t      |       |       |                  |       |    |   |      |     |    |   |   |   |     |   |
| Paylo | ad a | uth t | o C | rypt | o of | fset | cry | /ptoC | Offse | et in | 32-ł | oit w | /ord  | s    | р       | 0      | h      |       |       |                  |       |    | F | Rese | rve | ed |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       |       |       |      |       |       |      | t       | u      | (2)    | )     |       |                  |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       |       |       |      |       |       |      | 0       | n      |        |       |       |                  |       |    |   |      |     |    |   |   |   |     |   |
|       |      |       |     |      |      |      |     |       |       |       |      |       |       |      |         | d      |        |       |       |                  |       |    |   |      |     |    |   |   |   |     |   |

| Table 6: | Packet  | Context | Buffer |
|----------|---------|---------|--------|
| runic v. | I GONGE | CONCOL  | Dunci  |

The crypto bit must be 0 for no crypto, or 1 for 3DES-CBC. DES modes are generated by setting three consecutive 3DES keys to be equal.

The authentication value must be set as follows:

| 00 | No authentication |
|----|-------------------|
| 01 | HMAC-MD5          |
| 10 | HMAC-SHA1         |
| 11 | Invalid           |

**Generation of Cryptography Initial Vector (IV).** The cryptographic IV is always read from the context structure associated with a given packet. This implies that for situations where the IPsec explicit IV mode is used, the host CPU must copy IV material from packet payload to the context structure. If needed, the host may have to perform byte swapping on the IV to convert between big and little endian.

For IPsec explicit IV packets, cryptoOffset must point to the word following IV material, and the IV must be copied into packet payload as well as into the context structure. This ensures that the IV is part of the HMAC computation. For IPsec implicit IV packets, cryptoOffset must point to the first encrypted payload word, and the IV is not part of packet payload, hence is automatically left out of the HMAC computation.

#### **Key Setup Processing**

**Data Buffer Chain Entries.** This structure is used to build up a linked list of data buffers for every input and output message. Each entry in the linked list points at a data buffer that contains actual key set up data, a next field that points to the next descriptor entry in the linked list, and a length field that contains the number of bytes stored in the data buffer.

Unlike IPsec ESP and AH processing, key setup operations do not involve packet fragmentation. The linked list in each set of key setup is used to access different data needed for key setup computations. For Diffie-Hellman algorithms used in the IKE protocol, both the public key Y received from a party with whom the secret is shared and its own secret key *x* are required to compute the shared secret. In this case, the first entry points to Y data buffer. The second entry in the data buffer points to a structure that contains the pointer to *x* data buffer.

|    |    |    |    |    |    |    |     |      |    |    |       | -    |       |      |       | -    | -    |       |      |     | -    |       |       |      |     |     |   |   |   |    |    |
|----|----|----|----|----|----|----|-----|------|----|----|-------|------|-------|------|-------|------|------|-------|------|-----|------|-------|-------|------|-----|-----|---|---|---|----|----|
| M  | SB |    |    |    |    |    |     |      |    |    |       |      |       |      |       |      |      |       |      |     |      |       |       |      |     |     |   |   |   | LS | зB |
| 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24  | 23   | 22 | 21 | 20    | 19   | 18    | 17   | 16    | 15   | 14   | 13    | 12   | 11  | 10   | 9     | 8     | 7    | 6   | 5   | 4 | 3 | 2 | 1  | 0  |
|    |    |    |    |    |    |    |     |      |    |    | [     | Data | ı Bu  | ffer | Add   | ress | s da | taAc  | ddr  |     |      |       |       |      |     |     |   |   |   |    |    |
|    |    |    |    |    |    |    |     |      |    | Ne | xt ei | ntry | in li | nke  | d lis | tof  | data | ı buf | fers | nex | ×t   |       |       |      |     |     |   |   |   |    |    |
|    |    |    |    |    |    | R  | ese | rved |    |    |       |      |       |      |       |      |      |       |      | Da  | ta b | ouffe | r lei | ngth | dat | aLe | n |   |   |    |    |

#### Table 7: Data Buffer Chain Entries

#### 07/03/02

**Master Command Record.** This structure is used to hand off a number of key setups to the chip for processing. The structure is variable-length, and contains up to 2<sup>16</sup>-1 sets of fields where each field describes one key setup. This degree of flexibility allows the host CPU to queue up any number of key setups, and to initiate hardware processing of all queued up key setup sessions via a single PCI write. When using the Diffie-Hellman algorithm to generate shared secrets, two key setup operations must be performed. The first operation is to generate a public key to be sent to a party with whom the secret is shared. The second operation is to generate the shared secret using the received public key from the party. Two sets of fields are needed to complete the generation of a shared secret.

| MSB  |                                                               |     |    |    |    |          | 1    |       |          |       |       |       | 1     | Г              |                  |                 |                |                  |                 |                    |        | 1     | T  |         |                  | Т               | T   | [    |      |   | 19 | B |
|------|---------------------------------------------------------------|-----|----|----|----|----------|------|-------|----------|-------|-------|-------|-------|----------------|------------------|-----------------|----------------|------------------|-----------------|--------------------|--------|-------|----|---------|------------------|-----------------|-----|------|------|---|----|---|
|      |                                                               | ~~~ | 07 |    | 05 | <u> </u> |      | 00    | <u>.</u> |       | 4.0   | 4.0   | 47    |                | 0 4              | _               |                | 10               | 10              |                    | 10     | _     |    |         | _                | -               |     |      |      | _ |    |   |
| 31 3 | 29                                                            | 28  | 27 | 26 | 25 | 24       | 23   | 22    | 21       | 20    | 19    | 18    | 17    | 10             | 6 18             | 5 1·            | 1              | 13               | 12              | 2 11               | 10     | 9     | 8  | 3 7     | 6                | 5               |     | 4    | 3    | 2 | 1  | 0 |
|      |                                                               |     |    |    |    | Fla      | gs   |       |          |       |       |       |       |                |                  |                 |                |                  |                 | #                  | key    | set   | up | os in t | his I            | ЛC              | R   |      |      |   |    |   |
|      |                                                               |     |    |    |    | Con      | nma  | and o | cont     | ext a | ddr   | ess   | for   | 1 <sup>s</sup> | <sup>st</sup> ke | / se            | tup            | o fir            | stł             | KeyS               | etup   | сM    | ID | Addr    |                  |                 |     |      |      |   |    |   |
|      |                                                               |     |    |    |    |          |      | D     | ata      | Buff  | er A  | ١ddr  | ess   | d              | ataA             | ddr             | fo             | r 1 <sup>s</sup> | <sup>st</sup> k | key s              | etup   |       |    |         |                  |                 |     |      |      |   |    |   |
|      |                                                               |     |    |    |    |          | Ne   | xt en | try i    | n lin | ked   | list  | of d  | lat            | ta bu            | Iffer           | s f            | or 1             | 1 <sup>st</sup> | <sup>t</sup> key   | setu   | p ne  | эх | t       |                  |                 |     |      |      |   |    |   |
|      |                                                               |     |    |    | R  | ese      | rve  | d     |          |       |       |       |       |                |                  |                 |                | [                | Da              | ata bu             | ıf ler | ngth  | d  | ataLe   | n 1 <sup>s</sup> | <sup>t</sup> ke | эy  | set  | up   |   |    |   |
|      | Length for 1 <sup>st</sup> key setup data dLength             |     |    |    |    |          |      |       |          |       |       |       |       |                |                  |                 |                |                  |                 |                    |        | R     | e  | serve   | d                |                 |     |      |      |   |    |   |
|      | Cength for 1° key setup data dLength<br>Output Buffer Address |     |    |    |    |          |      |       |          |       |       |       |       | s (            | data             | Add             | r fo           | or 1             | st              | key                | setu   | р     |    |         |                  |                 |     |      |      |   |    |   |
|      |                                                               |     |    |    |    | Ν        | lex  | t ent | ry in    | link  | ed I  | ist c | of O  | utp            | put k            | uffe            | ers            | for              | 1 <sup>s</sup>  | <sup>st</sup> ke   | / set  | up r  | ne | xt      |                  |                 |     |      |      |   |    |   |
|      |                                                               |     |    |    | R  | ese      | rve  | d     |          |       |       |       |       |                |                  |                 |                | 0                | ut              | tput k             | uf le  | ength | h  | dataL   | .en 1            | <sup>st</sup> k | ey  | / se | tup  |   |    |   |
|      |                                                               |     |    |    | С  | omn      | nar  | d co  | nte>     | t ad  | dres  | ss fo | or 2' | nd             | to N             | <sup>th</sup> k | ey             | set              | tup             | p Ke               | /Set   | upC   | M  | DAdo    | łr               |                 |     |      |      |   |    |   |
|      |                                                               |     |    |    |    |          |      | Data  | Buf      | fer A | ١dd   | ress  | dat   | ta/            | Addr             | for             | 2 <sup>n</sup> | <sup>d</sup> to  | b N             | √ <sup>th</sup> k€ | ey se  | tup   |    |         |                  |                 |     |      |      |   |    |   |
|      |                                                               |     |    |    |    | Nex      | xt e | ntry  | in lir   | nked  | list  | of o  | data  | b              | uffe             | 's fo           | r 2            | nd               | to              | N <sup>th</sup> I  | key s  | etup  | р  | next    |                  |                 |     |      |      |   |    |   |
|      |                                                               |     |    |    | R  | ese      | rve  | d     |          |       |       |       |       |                |                  |                 |                | Da               | ata             | a buf              | lenç   | gth d | la | taLer   | 12-N             | th              | key | y se | etup |   |    |   |
|      | Length for 2-N <sup>th</sup> keysetup dLength                 |     |    |    |    |          |      |       |          |       |       |       |       |                |                  |                 |                | R                | e               | serve              | d      |       |    |         |                  |                 |     |      |      |   |    |   |
|      |                                                               |     |    |    |    |          |      | Out   | put      | Buff  | ər A  | ddr   | ess   | da             | ataA             | ddr             | for            | r 2-             | N <sup>tł</sup> | <sup>th</sup> key  | v set  | up    |    |         |                  |                 |     |      |      |   |    |   |
|      |                                                               |     |    |    |    | Ne       | ext  | entry | ' in l   | inke  | d lis | t of  | Out   | tpι            | ut bu            | iffer           | s f            | or 2             | <u>2-N</u>      | N <sup>th</sup> k  | ey se  | etup  | n  | ext     |                  |                 |     |      |      |   |    |   |
|      |                                                               |     |    |    | R  | ese      | rve  | d     |          |       |       |       |       |                |                  |                 |                | Ou               | tρι             | ut bu              | f ler  | gth   | da | ataLe   | n 2-l            | <b>∖</b> th     | ke  | ey s | etu  | р |    |   |

#### Table 8: Master Command Record

**Context Buffer.** This structure defines DH/RSA/DSA processing to be applied on a per key setup basis.

| MSB   |                                                |       |     |      |       |      |       |      |       |       |       |     |       |                   |                  |      |                 |       |       |      |            |       |     |      |      |      |     |    | l | SB |
|-------|------------------------------------------------|-------|-----|------|-------|------|-------|------|-------|-------|-------|-----|-------|-------------------|------------------|------|-----------------|-------|-------|------|------------|-------|-----|------|------|------|-----|----|---|----|
| 31 30 | 29                                             | 28    | 27  | 26   | 25    | 24   | 23    | 22   | 21    | 20    | 19    | 18  | 17    | 16                | 15               | 14   | 13              | 12    | 11    | 10   | 9          | 8     | 7   | 6    | 5    | 4    | 3   | 2  | 1 | 0  |
|       |                                                |       |     | C    | )per  | atio | n Ty  | /pe  |       |       |       |     |       |                   |                  |      | To              | tal C | Com   | mai  | nd C       | cont  | ext | Stru | ctur | e Le | eng | th |   |    |
|       |                                                | Diffi | e-H | ellm | ian I | Pub  | lic K | (ey  | Ope   | ratio | on    |     |       |                   |                  |      |                 |       |       |      |            |       |     |      |      |      |     |    |   |    |
|       |                                                |       |     |      | (     | (0x0 | 1)    |      |       |       |       |     |       |                   |                  |      |                 |       |       |      |            |       |     |      |      |      |     |    |   |    |
|       |                                                |       | Ra  | ndo  | mΝ    | luml | ber   | x Le | engtl | h     |       |     |       |                   |                  |      | Х               | pro   | vide  | d b  | y SV       | V/x   | gen | erat | ed b | by R | RNG | 6  |   |    |
|       | Modulus N Length                               |       |     |      |       |      |       |      |       |       |       |     |       |                   |                  |      |                 |       |       | l    | Base       | e g l | Len | gth  |      |      |     |    |   |    |
|       | Modulus N (512, 768                            |       |     |      |       |      |       |      |       |       |       |     |       | 68, 1             | 024              | bits | s, Iov          | wes   | t wo  | ord) |            |       |     |      |      |      |     |    |   |    |
|       | Modulus N (512, 768,<br>Modulus N (512, 768, 1 |       |     |      |       |      |       |      |       |       |       |     |       | , 10              | 24 b             | its, | 2 <sup>nd</sup> | low   | est v | voro | 4)         |       |     |      |      |      |     |    |   |    |
|       |                                                |       |     |      |       |      |       |      |       |       |       |     |       |                   |                  |      |                 |       |       |      |            |       |     |      |      |      |     |    |   |    |
|       |                                                |       |     |      |       |      |       | ſ    | Mod   | ulus  | 5 N ( | 512 | , 76  | 8, 1              | 024              | bits | , hig           | ghes  | st w  | ord) |            |       |     |      |      |      |     |    |   |    |
|       |                                                |       |     |      |       |      |       | В    | ase   | g (5  | 512,  | 768 | s, 10 | 24                | bits,            | low  | est             | wor   | d of  | key  | )          |       |     |      |      |      |     |    |   |    |
|       | Base g (512, 768, 1024 b                       |       |     |      |       |      |       |      |       |       |       |     | 4 bit | s, 2 <sup>ı</sup> | <sup>nd</sup> Ic | wes  | st w            | ord   | of k  | ey)  |            |       |     |      |      |      |     |    |   |    |
|       |                                                |       |     |      |       |      |       |      |       |       |       |     |       |                   |                  |      |                 |       |       |      |            |       |     |      |      |      |     |    |   |    |
|       |                                                |       |     |      |       |      |       | Ba   | ase   | g (5  | 12, ' | 768 | , 10  | 24 k              | oits,            | high | nest            | wor   | d of  | key  | <i>'</i> ) |       |     |      |      |      |     |    |   |    |

#### Table 9: Diffie-Hellman Public Key Generation ( $X = g^x \mod N$ ) Command Context

#### Table 10: Diffie-Hellman Shared Secret Generation (K=Y<sup>x</sup> mod N) Command Context

| MS                                           | В                           |    |    |       |      |      |      |      |      |      |      |      |      |        |                 |     |       |       |       |      |       |      |      |       |      |      |      |      |     | LSI | В |
|----------------------------------------------|-----------------------------|----|----|-------|------|------|------|------|------|------|------|------|------|--------|-----------------|-----|-------|-------|-------|------|-------|------|------|-------|------|------|------|------|-----|-----|---|
| 31                                           | 30                          | 29 | 28 | 27    | 26   | 25   | 24   | 23   | 22   | 21   | 20   | 19   | 18   | 17     | 16              | 15  | 14    | 13    | 12    | 11   | 10    | 9    | 8    | 7     | 6    | 5    | 4    | 3    | 2 1 | (   | 0 |
|                                              |                             |    |    |       | C    | Dper | atio | n Ty | /pe  |      |      |      |      |        |                 |     |       | То    | tal ( | Com  | mai   | nd C | Cont | ext   | Stru | ctur | e Le | engt | h   |     |   |
|                                              |                             |    | I  | Diffi | e-He | ellm | an S | Shar | ed S | Seci | ret  |      |      |        |                 |     |       |       |       |      |       |      |      |       |      |      |      |      |     |     |   |
|                                              | Generation Operation (0x02) |    |    |       |      |      |      |      |      |      |      |      |      |        |                 |     |       |       |       |      |       |      |      |       |      |      |      |      |     |     |   |
|                                              | Modulus N Length            |    |    |       |      |      |      |      |      |      |      |      |      |        |                 |     |       | E     | хро   | nen  | t (pr | ivat | e ke | ey) x | Ler  | ngth | 1    |      |     |     |   |
| Modulus N (512, 768, 1024 bits, lowest word) |                             |    |    |       |      |      |      |      |      |      |      | ord) |      |        |                 |     |       |       |       |      |       |      |      |       |      |      |      |      |     |     |   |
|                                              | Modulus N (512, 768, 102    |    |    |       |      |      |      |      |      |      |      |      | 24 b | its, i | 2 <sup>nd</sup> | low | est v | voro  | 3)    |      |       |      |      |       |      |      |      |      |     |     |   |
|                                              |                             |    |    |       |      |      |      |      |      |      |      |      |      |        |                 |     |       |       |       |      |       |      |      |       |      |      |      |      |     |     |   |
|                                              |                             |    |    |       |      |      |      |      | Ν    | ٨od  | ulus | N (  | 512  | , 76   | 8, 1            | 024 | bits  | , hic | ghes  | st w | ord)  |      |      |       |      |      |      |      |     |     |   |



| Μ  | SB |    |    |      |      |      |      |      |       |       |       |      |       |        |      |       |                   |                  |       |                   |                  |       |      |       |       |      |      |     |    | LS | В |
|----|----|----|----|------|------|------|------|------|-------|-------|-------|------|-------|--------|------|-------|-------------------|------------------|-------|-------------------|------------------|-------|------|-------|-------|------|------|-----|----|----|---|
| 31 | 30 | 29 | 28 | 27   | 26   | 25   | 24   | 23   | 22    | 21    | 20    | 19   | 18    | 17     | 16   | 15    | 14                | 13               | 12    | 11                | 10               | 9     | 8    | 7     | 6     | 5    | 4    | 3   | 2  | 1  | 0 |
|    |    |    | _  |      | (    | Oper | atic | n T  | /pe   | ( .   |       |      |       |        |      |       |                   | Тс               | otal  | Con               | nma              | nd (  | Con  | text  | Stru  | ictu | re L | eng | th |    |   |
|    |    |    | R  | SA I | Jubl | ic K | ey ( | Jpei | atio  | n (0  | x03   | )    |       |        |      |       |                   |                  |       |                   |                  |       |      |       |       |      |      |     |    |    |   |
|    |    |    |    |      | M    | odul | us I | N Le | ngth  | ו     |       |      |       |        |      |       |                   |                  |       |                   | Ex               | por   | nent | ΕL    | eng   | th   |      |     |    |    |   |
|    |    |    |    |      |      | Мо   | dulu | is N | - R\$ | SA k  | eyir  | ng m | nate  | rial,  | (51  | 2, 70 | 68, <sup>-</sup>  | 1024             | 4 bit | ts, lo            | owes             | st w  | ord  | of k  | ey)   |      |      |     |    |    |   |
|    |    |    |    |      | Ν    | lodu | llus | N -  | RSA   | A ke  | ying  | ma   | teria | al, (ł | 512, | 768   | 3, 10             | )24              | bits  | , 2 <sup>nd</sup> | <sup>i</sup> low | /est  | wo   | rd of | f key | /)   |      |     |    |    |   |
|    |    |    |    |      |      |      |      |      |       |       |       |      |       |        |      |       |                   |                  |       |                   |                  |       |      |       |       |      |      |     |    |    |   |
|    |    |    |    |      |      | Mod  | lulu | s N  | - RS  | SA k  | eyin  | g m  | ater  | ial,   | (512 | 2, 76 | 68, 1             | 024              | 1 bit | s, h              | ighe             | st w  | /ord | of k  | (ey   |      |      |     |    |    |   |
|    |    |    |    |      |      |      |      | E    | хро   | nent  | : E - | RS   | A ke  | əyin   | g m  | ater  | ial, (            | low              | est   | wor               | d of             | key   | )    |       |       |      |      |     |    |    |   |
|    |    |    |    |      |      |      |      | Exp  | one   | ent E | - R   | SA   | key   | ing    | mat  | erial | , (2 <sup>r</sup> | <sup>nd</sup> lo | wes   | st w              | ord o            | of ke | ey)  |       |       |      |      |     |    |    |   |
|    |    |    |    |      |      |      |      |      |       |       |       |      |       |        |      |       |                   |                  |       |                   |                  |       |      |       |       |      |      |     |    |    |   |
|    |    |    |    |      |      |      |      | E    | xpor  | nent  | E -   | RS   | A ke  | ying   | g ma | ateri | al, (             | high             | nest  | wor               | d of             | key   | /)   |       |       |      |      |     |    |    |   |

#### Table 11: RSA Public Key Command Context





| MSB   |    |    |    |    |      |       |      |       |      |      |        |       |       |       |                   |                  |                   |      |        |       |      |       |      |      |      |       |      |     | L | SB |
|-------|----|----|----|----|------|-------|------|-------|------|------|--------|-------|-------|-------|-------------------|------------------|-------------------|------|--------|-------|------|-------|------|------|------|-------|------|-----|---|----|
| 31 30 | 29 | 28 | 27 | 26 | 25   | 24    | 23   | 22    | 21   | 20   | 19     | 18    | 17    | 16    | 15                | 14               | 13                | 12   | 2 11   | 10    | 9    | 8     | 7    | 6    | 5    | 4     | 3    | 2   | 1 | 0  |
|       |    |    |    | C  | Dper | ratio | n T  | ype   |      | 1    |        |       |       | 1     |                   |                  | То                | tal  | l Con  | nmai  | nd C | Cont  | ext  | Stru | ictu | ure L | eng  | th  |   | 4  |
|       |    |    |    | DS | A S  | ignir | ng ( | (0x05 | 5)   |      |        |       |       |       |                   |                  |                   |      |        |       |      |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    | R    | eser  | ve   | d     |      |      |        |       |       |       |                   |                  |                   | M    | essa   | ge ⊦  | lash | n Pro | ovid | ed/0 | Ger  | nera  | ted  |     |   |    |
|       |    |    |    | M  | odul | lus p | ) Le | ength | ۱    |      |        |       |       |       |                   |                  | Ran               | do   | om N   | umb   | er k | pro   | vide | ed/R | NG   | G ge  | nera | ted |   |    |
|       |    |    |    |    |      |       |      |       |      | Ν    | /lodu  | lus d | q (10 | 60 I  | oits,             | lowe             | est v             | voi  | rd)    |       |      |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      |       |      | Мо   | dulu   | sq(   | (160  | ) bit | s, 2 <sup>r</sup> | <sup>id</sup> lo | wes               | t w  | vord)  |       |      |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      |       |      |      |        |       |       |       |                   |                  |                   |      |        |       |      |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      |       |      | Μ    | lodul  | us q  | 1 (16 | 60 k  | its, I            | high             | est v             | wo   | ord)   |       |      |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      | Μ     | lodu | llus | s p (5 | i12,  | 768   | i, oi | 102               | 24 bi            | ts, lo            | ow   | /est v | vord  | )    |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      | Мо    | dulu | us p | o (51  | 2, 7  | 68,   | or '  | 024               | bits             | ,2 <sup>nd</sup>  | lo   | west   | wor   | d)   |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      |       |      |      |        |       |       |       |                   |                  |                   |      |        |       |      |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      | Μ     | odu  | lus  | p (5   | 12, ' | 768   | , or  | 102               | 4 bi             | s, h              | igŀ  | hest v | word  | )    |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      | Bas   | se g | (5   | 12, 7  | '68,  | or 1  | 02    | 4 bits            | s, lo            | wes               | t w  | vord o | of ke | y)   |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       | E    | Base  | g (! | 512  | 2, 76  | 8, or | 102   | 24    | oits,             | 2 <sup>nd</sup>  | lowe              | est  | t wor  | d of  | key) | )     |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      |       | -    |      |        |       |       |       |                   |                  |                   |      |        |       |      |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      | Bas   | e g  | (51  | 12, 7  | 68, ( | or 1  | 024   | bits              | s, hig           | ghes              | st v | word   | of ke | ey)  |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      | Pri   | vate | e ke | ey y ( | (512  | 2, 76 | 8, 0  | or 10             | )24 I            | oits,             | lo۱  | west   | wor   | d)   |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      | Priva | te k | key  | y (5   | 12, 7 | 768,  | or    | 102               | 4 bit            | s, 2 <sup>ı</sup> | nd   | lowe   | st w  | ord) |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      |       |      |      |        |       |       |       |                   |                  |                   |      |        |       |      |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      | Priv  | /ate | ke   | уу(    | 512   | , 76  | 8, c  | r 10              | 24 k             | oits,             | hig  | ghest  | wor   | d)   |       |      |      |      |       |      |     |   |    |
|       |    |    |    |    |      |       |      |       |      |      |        |       |       |       |                   |                  |                   |      |        |       |      |       |      |      |      |       |      |     |   | -  |

#### Table 13: DSA Signing Command Context



| MSB   |                                      |    |      |       |      |       |       |       |       |       |       |       |                   |      |                   |        |                   |      |        |       |      |      |      |       |    |      |      |      |    | L | .SB |
|-------|--------------------------------------|----|------|-------|------|-------|-------|-------|-------|-------|-------|-------|-------------------|------|-------------------|--------|-------------------|------|--------|-------|------|------|------|-------|----|------|------|------|----|---|-----|
| 31 30 | 29                                   | 28 | 27   | 26    | 25   | 24    | 23    | 22    | 21    | 20    | 19    | 18    | 17                | 16   | 6 15              | 14     | 13                | 12   | 2 11   | 10    | 9    | 8    | 7    | 6     | 5  | 4    | 1    | 3    | 2  | 1 | 0   |
|       |                                      |    |      | (     | Эре  | ratio | on T  | уре   |       |       |       |       |                   |      |                   |        | То                | tal  | I Con  | nmai  | nd ( | Cont | text | Stru  | IC | ture | e Lo | engt | th |   |     |
|       |                                      | D  | SA ۱ | /erif | icat | ion   | ope   | ratio | n (0  | x06)  |       |       |                   |      |                   |        |                   |      |        |       |      |      |      |       |    |      |      |      |    |   |     |
|       |                                      |    |      |       | R    | lese  | erveo | ł     |       |       |       |       |                   |      |                   |        |                   | N    | lessa  | ige H | las  | h pr | ovic | led/g | ge | ener | ate  | əd   |    |   |     |
|       |                                      |    |      | Μ     | odu  | lus   | p Le  | ngtł  | ۱     |       |       |       |                   |      |                   |        |                   |      |        |       | R    | lese | erve | d     |    |      |      |      |    |   |     |
|       |                                      |    |      |       |      |       |       |       |       | Мс    | dul   | us d  | q (16             | 50   | bits,             | lowe   | est v             | vo   | rd)    |       |      |      |      |       |    |      |      |      |    |   |     |
|       |                                      |    |      |       |      |       |       |       |       | Mod   | ilus  | s a ( | 160               | bi   | ts 2 <sup>n</sup> |        | ves               | t w  | vord)  |       |      |      |      |       |    |      |      |      |    |   |     |
|       | Modulus a (1                         |    |      |       |      |       |       |       |       |       |       |       |                   |      | , _               |        |                   |      |        |       |      |      |      |       |    |      |      |      |    |   |     |
|       | Modulus q (16                        |    |      |       |      |       |       |       |       |       |       |       |                   |      | hite k            | high   | oct 1             | NO   | vrd)   |       |      |      |      |       |    |      |      |      |    |   |     |
|       | Modulus q (16<br>Modulus p (512, 768 |    |      |       |      |       |       |       |       |       |       |       |                   |      | r 102             |        |                   | ~~~  |        | (ord) |      |      |      |       |    |      |      |      |    |   |     |
|       | Modulus q (16<br>Modulus p (512, 768 |    |      |       |      |       |       |       |       |       |       |       |                   |      | 102               | 4 01   | IS, IC            | JW   | est v  | vora, | )    |      |      |       |    |      |      |      |    |   |     |
|       |                                      |    |      |       |      |       |       | Мо    | dulu  | sp(   | 512   | 2, 76 | 68, c             | or 1 | 1024              | bits,  | , 2 <sup>nc</sup> | י Ic | owest  | t woi | rd)  |      |      |       |    |      |      |      |    |   |     |
| _     |                                      |    |      |       |      |       |       |       |       |       |       |       |                   |      |                   |        |                   |      |        |       |      |      |      |       |    |      |      |      |    |   |     |
|       |                                      |    |      |       |      |       |       | Μ     | odu   | lus p | (5′   | 12, 1 | 768,              | or   | r 102             | 4 bit  | s, h              | igł  | hest v | vord  | )    |      |      |       |    |      |      |      |    |   |     |
|       |                                      |    |      |       |      |       |       |       |       |       | Bas   | se g  | (lov              | ve   | st wo             | rd o   | f ke              | y)   |        |       |      |      |      |       |    |      |      |      |    |   |     |
|       |                                      |    |      |       |      |       |       |       |       | В     | ase   | g (2  | 2 <sup>nd</sup> I | low  | vest v            | vord   | of I              | ke   | y)     |       |      |      |      |       |    |      |      |      |    |   |     |
|       |                                      |    |      |       |      |       |       |       |       |       |       |       |                   |      |                   |        |                   |      |        |       |      |      |      |       |    |      |      |      |    |   |     |
|       |                                      |    |      |       |      |       |       |       |       |       | Bas   | e g   | (hig              | jhe  | est wo            | ord o  | of ke             | ey)  | )      |       |      |      |      |       |    |      |      |      |    |   |     |
|       |                                      |    |      |       |      |       |       | F     | Publi | ic ke | уу    | (51)  | 2, 70             | 68,  | , 102             | 4 bit  | s, lo             | w    | est w  | ord)  |      |      |      |       |    |      |      |      |    |   |     |
|       |                                      |    |      |       |      |       |       | Pu    | blic  | key   | / (5  | 12,   | 768               | i, 1 | 024 I             | oits,  | 2 <sup>nd</sup>   | lo   | west   | wor   | d)   |      |      |       |    |      |      |      |    |   |     |
|       |                                      |    |      |       |      |       |       |       |       |       |       |       |                   |      |                   |        |                   |      |        |       |      |      |      |       |    |      |      |      |    |   | _   |
|       |                                      |    |      |       |      |       |       | Ρ     | ubli  | c ke  | / y ( | (512  | 2, 76             | 68,  | 1024              | l bits | s, hi             | gh   | nest w | /ord) | )    |      |      |       |    |      |      |      |    |   |     |

#### Table 14: DSA Verification Command Context

#### Table 15: RNG Direct Test Command Context

| MS | SB                                                             |    |    |      |      |      |     |     |       |       |      |    |    |    |    |    |    |        |      |      |      |      |     |       |      |       |      |   |   | LS | SB |
|----|----------------------------------------------------------------|----|----|------|------|------|-----|-----|-------|-------|------|----|----|----|----|----|----|--------|------|------|------|------|-----|-------|------|-------|------|---|---|----|----|
| 31 | 30                                                             | 29 | 28 | 27   | 26   | 25   | 24  | 23  | 22    | 21    | 20   | 19 | 18 | 17 | 16 | 15 | 14 | 13     | 12   | 11   | 10   | 9    | 8   | 7     | 6    | 5     | 4    | 3 | 2 | 1  | 0  |
|    | 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17<br>Operation Type |    |    |      |      |      |     |     |       |       |      |    |    |    |    |    | То | otal ( | Corr | nma  | nd ( | Cont | ext | Stru  | uctu | re Le | engt | h |   |    |    |
|    |                                                                |    | R١ | NG E | Dire | ct T | est | Ope | ratic | on (0 | )x41 | )  |    |    |    |    |    |        |      | (miı | nimu | um l | eng | th is | 64   | byte  | es)  |   |   |    |    |

| Table 16: | RNG-SHA1 | Test Command | Context |
|-----------|----------|--------------|---------|
| Table 16: | RNG-SHA1 | Test Command | Context |

| M  | SB |    |    |      |     |     |       |       |       |       |      |    |    |    |    |    |    |    |       |      |      |      |      |       |      |      |      |     |    | LS | SB |
|----|----|----|----|------|-----|-----|-------|-------|-------|-------|------|----|----|----|----|----|----|----|-------|------|------|------|------|-------|------|------|------|-----|----|----|----|
| 31 | 30 | 29 | 28 | 27   | 26  | 25  | 24    | 23    | 22    | 21    | 20   | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12    | 11   | 10   | 9    | 8    | 7     | 6    | 5    | 4    | 3   | 2  | 1  | 0  |
|    |    |    |    |      | C   | Эре | ratio | on Ty | /pe   |       |      |    |    |    |    |    |    | То | tal ( | Corr | ma   | nd ( | Cont | ext   | Stru | uctu | re L | eng | th |    |    |
|    |    |    | R١ | ۱G-S | SHA | 1 T | est   | Ope   | ratic | on (0 | )x42 | 2) |    |    |    |    |    |    |       | (mii | nimu | um I | eng  | th is | 64   | byte | es)  |     |    |    |    |



|    |                                                |                                                                                            |    |    |    |    |    |    |    |      |       |                   |       |       |       |      |       |                 | •    | •     |      | ·  |   | , |   |   |   |   |   |   |    |
|----|------------------------------------------------|--------------------------------------------------------------------------------------------|----|----|----|----|----|----|----|------|-------|-------------------|-------|-------|-------|------|-------|-----------------|------|-------|------|----|---|---|---|---|---|---|---|---|----|
| M  | SB                                             |                                                                                            |    |    |    |    |    |    |    |      |       |                   |       |       |       |      |       |                 |      |       |      |    |   |   |   |   |   |   |   | Ľ | SB |
| 31 | 30                                             | 29                                                                                         | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21   | 20    | 19                | 18    | 17    | 16    | 15   | 14    | 13              | 12   | 11    | 10   | 9  | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0  |
|    |                                                | Operation Type Total Command Context Structure Length<br>Modular Addition Operation (0x43) |    |    |    |    |    |    |    |      |       |                   |       |       |       |      |       |                 |      |       |      |    |   |   |   |   |   |   |   |   |    |
|    | Modular Addition Operation (0x43)     Reserved |                                                                                            |    |    |    |    |    |    |    |      |       |                   |       |       |       |      |       |                 |      |       |      |    |   |   |   |   |   |   |   |   |    |
|    |                                                |                                                                                            |    |    |    |    |    |    | l  | Mod  | lulus | 5 N (             | (512  | 2, 76 | 68, 1 | 024  | bite  | s, lo           | wes  | st wo | ord) |    |   |   |   |   |   |   |   |   |    |
|    |                                                |                                                                                            |    |    |    |    |    |    | M  | odul | us N  | ۱ (5 <sup>-</sup> | 12, ' | 768   | , 10  | 24 b | oits, | 2 <sup>nd</sup> | low  | est   | wor  | d) |   |   |   |   |   |   |   |   |    |
|    |                                                |                                                                                            |    |    |    |    |    |    |    |      |       |                   |       |       |       | ••   |       |                 |      |       |      |    |   |   |   |   |   |   |   |   |    |
|    |                                                |                                                                                            |    |    |    |    |    |    | Ν  | Nod  | ulus  | N (               | 512   | , 76  | 8, 1  | 024  | bits  | s, hig          | ghes | st w  | ord) |    |   |   |   |   |   |   |   |   |    |

#### Table 17: ModAdd Command Context (C = (A+B) mod N)





#### Table 19: ModMul Command Context (C = A\*B mod N)

| MS | В  |                                                         |    |    |    |     |       |       |      |       |      |                   |       |       |       |      |        |                 |       |       |      |      |     |      |      |      |      |     |    | L | SB |
|----|----|---------------------------------------------------------|----|----|----|-----|-------|-------|------|-------|------|-------------------|-------|-------|-------|------|--------|-----------------|-------|-------|------|------|-----|------|------|------|------|-----|----|---|----|
| 31 | 30 | 29                                                      | 28 | 27 | 26 | 25  | 24    | 23    | 22   | 21    | 20   | 19                | 18    | 17    | 16    | 15   | 14     | 13              | 12    | 11    | 10   | 9    | 8   | 7    | 6    | 5    | 4    | 3   | 2  | 1 | 0  |
|    |    |                                                         |    |    | C  | Эре | ratio | on Ty | уре  |       |      |                   |       |       |       |      |        | То              | tal ( | Corr  | nma  | nd C | Con | text | Stru | uctu | re L | eng | th |   |    |
|    |    | Operation Type<br>Modular Multiplication Operation(0x45 |    |    |    |     |       |       |      |       | 45)  |                   |       |       |       |      |        |                 |       |       |      |      |     |      |      |      |      |     |    |   |    |
|    |    |                                                         |    |    | M  | odu | lus   | N Le  | ngtł | ٦     |      |                   |       |       |       |      |        |                 |       |       |      | R    | ese | rve  | b    |      |      |     |    |   |    |
|    |    |                                                         |    |    |    |     |       |       | I    | Mod   | ulus | 5 N (             | 512   | 2, 76 | 68, 1 | 024  | bits   | s, Iov          | wes   | t wo  | ord) |      |     |      |      |      |      |     |    |   |    |
|    |    |                                                         |    |    |    |     |       |       | Mo   | odul  | us N | ۲ (5 <sup>-</sup> | 12, 1 | 768,  | 10    | 24 b | its, : | 2 <sup>nd</sup> | low   | est v | voro | d)   |     |      |      |      |      |     |    |   |    |
|    |    |                                                         |    |    |    |     |       |       |      |       |      |                   |       |       |       | ••   |        |                 |       |       |      |      |     |      |      |      |      |     |    |   |    |
|    |    |                                                         |    |    |    |     |       |       | Ν    | /lodi | ulus | N (               | 512   | , 76  | 8, 1  | 024  | bits   | , hig           | ghes  | st w  | ord) |      |     |      |      |      |      |     |    |   |    |

#### 07/03/02

|                     |                                                                                       |    |    |    |    |    | abie | 20   | . /   | Jou   | NCH  | 100   | ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, | an   |      | ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, | ~ (  | <u> </u> |      | 100  |     |    |   |   |   |   |   |   |    |
|---------------------|---------------------------------------------------------------------------------------|----|----|----|----|----|------|------|-------|-------|------|-------|-----------------------------------------|------|------|-----------------------------------------|------|----------|------|------|-----|----|---|---|---|---|---|---|----|
| MSB                 |                                                                                       |    |    |    |    |    |      |      |       |       |      |       |                                         |      |      |                                         |      |          |      |      |     |    |   |   |   |   |   | L | SB |
| 31 30 29            | 28                                                                                    | 27 | 26 | 25 | 24 | 23 | 22   | 21   | 20    | 19    | 18   | 17    | 16                                      | 15   | 14   | 13                                      | 12   | 11       | 10   | 9    | 8   | 7  | 6 | 5 | 4 | 3 | 2 | 1 | 0  |
| Operation Type Tota |                                                                                       |    |    |    |    |    |      |      |       |       |      | tal ( | Com                                     | nma  | nd ( | Cont                                    | text | Stru     | uctu | re L | eng | th |   |   |   |   |   |   |    |
|                     | Modular Reduction Operation(0x46)                                                     |    |    |    |    |    |      |      |       |       |      |       |                                         |      |      |                                         |      |          |      |      |     |    |   |   |   |   |   |   |    |
|                     | Modular Neduction Operation(0x46)           Modulus N Length         Message M Length |    |    |    |    |    |      |      |       |       |      |       |                                         |      |      |                                         |      |          |      |      |     |    |   |   |   |   |   |   |    |
|                     |                                                                                       |    |    |    |    |    |      | Moc  | lulus | s N   | (512 | 2, 76 | 68, 1                                   | 024  | bits | s, Iov                                  | wes  | t wo     | ord) |      |     |    |   |   |   |   |   |   |    |
|                     |                                                                                       |    |    |    |    |    | M    | odul | us I  | N (5  | 12,  | 768   | , 10                                    | 24 b | its, | 2 <sup>nd</sup>                         | low  | est v    | voro | d)   |     |    |   |   |   |   |   |   |    |
|                     |                                                                                       |    |    |    |    |    |      |      |       |       |      |       |                                         |      |      |                                         |      |          |      |      |     |    |   |   |   |   |   |   |    |
|                     |                                                                                       |    |    |    |    |    | Ν    | Nod  | ulus  | 5 N ( | 512  | , 76  | 8, 1                                    | 024  | bits | , hig                                   | ghes | st wo    | ord) |      |     |    |   |   |   |   |   |   |    |

#### Table 20: ModRem Command Context (C = M mod N)

#### Table 21: ModExp Command Context ( $C = M^E \mod N$ )



#### Table 22: ModInv Command Context ( $C = M^{-1} \mod N = M^{N-2} \mod N$ )

| MSB   |                                                                        |   |      |      |       |     |      |       |       |       |      |      |       |       |      |      |        |                   |       |       |      |      |      |      |      |      |      |      |   | L | SB |
|-------|------------------------------------------------------------------------|---|------|------|-------|-----|------|-------|-------|-------|------|------|-------|-------|------|------|--------|-------------------|-------|-------|------|------|------|------|------|------|------|------|---|---|----|
| 31 30 | ) 29                                                                   | 2 | 28 2 | 72   | 26 2  | 25  | 24   | 23    | 22    | 21    | 20   | 19   | 18    | 17    | 16   | 15   | 14     | 13                | 12    | 11    | 10   | 9    | 8    | 7    | 6    | 5    | 4    | 3    | 2 | 1 | 0  |
|       |                                                                        |   |      |      | Ор    | ber | atio | on Ty | /pe   |       |      |      |       |       |      |      |        | То                | tal ( | Corr  | nma  | nd ( | Cont | ext  | Stru | ictu | re L | engi | h |   |    |
|       |                                                                        |   | Mod  | dula | r Inv | /er | se   | Ope   | ratio | on(0: | x48) |      |       |       |      |      |        |                   |       |       |      |      |      |      |      |      |      |      |   |   |    |
|       |                                                                        |   |      |      | Mod   | dul | us   | N Le  | ngth  | ۱     |      |      |       |       |      |      |        |                   |       |       |      | R    | lese | rveo | ł    |      |      |      |   |   |    |
|       | Modulus N Length Reserved Modulus N (512, 768, 1024 bits, lowest word) |   |      |      |       |     |      |       |       |       |      |      |       |       |      |      |        |                   |       |       |      |      |      |      |      |      |      |      |   |   |    |
|       |                                                                        |   |      |      |       |     |      |       | Mo    | odul  | us N | ا (5 | 12, 1 | 768,  | 102  | 24 b | its, : | 2 <sup>nd</sup>   | lowe  | est v | vorc | ł)   |      |      |      |      |      |      |   |   |    |
|       |                                                                        |   |      |      |       |     |      |       |       |       |      |      |       |       |      |      |        |                   |       |       |      |      |      |      |      |      |      |      |   |   |    |
|       |                                                                        |   |      |      |       |     |      |       | Ν     | Nod   | ulus | Ν(   | 512   | , 76  | 8, 1 | 024  | bits   | , hig             | ghes  | st wo | ord) |      |      |      |      |      |      |      |   |   |    |
|       |                                                                        |   |      |      |       |     |      |       | E     | xpor  | nent | N-2  | 2 (51 | 12, 7 | '68, | 102  | 4 bi   | its, l            | owe   | est w | /ord | )    |      |      |      |      |      |      |   |   |    |
|       |                                                                        |   |      |      |       |     |      |       | Exp   | one   | nt N | -2 ( | 512   | , 76  | 8, 1 | 024  | bits   | , 2 <sup>nd</sup> | d lov | vest  | wo   | rd)  |      |      |      |      |      |      |   |   |    |
|       |                                                                        |   |      |      |       |     |      |       |       |       |      |      |       |       |      |      |        |                   |       |       |      |      |      |      |      |      |      |      |   |   |    |
|       |                                                                        |   |      |      |       |     |      |       | E×    | pon   | ent  | N-2  | (51   | 2, 7  | 68,  | 102  | 4 bi   | ts, h             | ighe  | əst v | vorc | ł)   |      |      |      |      |      |      |   |   |    |

The selection of IPsec crypto/authentication operation versus IPsec key setup operation can be made on a per MCR basis. Within one MCR, no mix of crypto/authentication and IPsec key setup operations is allowed. The mode the current MCR operates on is determined by which DMA register the MCR address is written into. If it is written into the first DMA register (Master Command Record 1), then the chip performs crypto/authentication operations. If it is written into the fifth DMA register (Master Command Record 2), then the chip performs key setup operations.

The Operation Type bits must be set as follows:

- 0x01 Diffie-Hellman public key generation operation
- 0x02 Diffie-Hellman shared secret generation operation
- 0x03 RSA public key operation
- 0x04 RSA private key operation (RSA operation with Chinese Remainder Theory)
- 0x05 DSA signing operation
- 0x06 DSA verification operation
- 0x41 RNG direct test mode
- 0x42 RNG-SHA1 test mode
- 0x43 Modular Addition
- 0x44 Modular Subtraction
- 0x45 Modular Multiplication
- 0x46 Modular Reduction (Remainder)
- 0x47 Modular Exponentiation
- 0x48 Modular Inverse
- Other values Reserved for future use

The number of entries a command context has depends on Operation Type and number of bits used for the operation. The total\_command\_\_context\_length field provides the total number of bytes required for the command context structure for a given key setup or an atomic arithmetic operation. Since the minimum number of bytes required for a PCI access is 64 bytes, the field should have 64 bytes for the RNG test modes.

For DH public key generation and DSA signing operation, either the on-chip Random Number Generator can be used to generate x for DH and k for DSA or else the values can be obtained from the software. If they are generated by RNG, the Provided/RNG Generated (RNG Enable) bits in command context are set to one. Otherwise, they are set to 0. If they are provided by the application software, then they are stored in data buffers. The chip retrieves them during processing of MCR structure.

For DSA signing and verification operations, message hash can either be provided by software (CPU does the hashing) or be performed by SHA1 unit on the chip. If hash is done by SHA1, the Message Hash Provided/Generated (SHA1 Enable) bits are set to one. Otherwise, they are set to zero. Either the message or the message hash is stored in the input data buffer. The chip retrieves them during MCR structure processing.

For DH send mode, both public key and private key are generated and stored in the output data buffers in a linked list fashion.

For DH receive mode, both public key and private key are provided for shared secret computation and stored in the input data buffers in a linked list fashion.

For DSA signing mode, both r and s are generated and stored in output data buffers in a linked list fashion.

For DSA verification mode, both r and s are provided by application and stored in input data buffers in a linked list fashion.

For RNG bypass and RNG-SHA1 modes, there is no input data buffer required and one output data buffer containing the random numbers. The length of the data buffer is contained in the output buffer length field in MCR.

For atomic operations ModAdd, ModSub, ModMul, ModRem, ModExp, and ModInv, the modulus is passed to the chip via command context structure and other operands are stored in the input data buffers in a linked list fashion. In typical applications, modulus does not change for each operation. For ModInv, a modular inverse operation was converted to a modular exponentiation operation. Because of that, (N-2) is stored where N is the modulus, in the command context.



#### 07/03/02

The following table shows the data chaining in the MCR structure for various key setup algorithms. Symbol  $A \rightarrow B$  is used to represent that the next field in data buffer A points to the data buffer for B.

| Algorithms                        | Input Data Chaining                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | Output Data Chaining                                 |
|-----------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------|
| DH Send                           | <b>Private Key x Provided by SW.</b> If the private key is generated by RNG, no input data is needed. Input data buffer length is zero.                                                                                                                                                                                                                                                                                                                                                                                                                                        | Public Key data buffer → Private Key data buffer     |
| DH Receive                        | Public Key data buffer → Private Key data<br>buffer . The SW driver must keep track of the<br>corresponding private keys to generate the<br>shared secret.                                                                                                                                                                                                                                                                                                                                                                                                                     | Shared secret buffer                                 |
| RSA Public Key                    | Message data buffer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | Message data buffer                                  |
| RSA Private Key                   | Message data buffer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | Message data buffer                                  |
| DSA Signing                       | <ul> <li>m data buffer → Random number k</li> <li>Provided by SW. If k is generated by RNG, only message data is stored in the input data buffer.</li> <li>The M data buffer can contain multiple fragments. In this case, random number k provided by software follows the last fragment of m data buffer. The dlength field of the key setup is the total length (in bytes) of m data buffer (does not include the random number k). However, the fragments other than the last one must be integer multiple of 512 bits. The last fragment can be in any length.</li> </ul> | r parameter data buffer → s parameter<br>data buffer |
| DSA Verification                  | m data buffer → r parameter data buffer →<br>s parameter data buffer. The M data buffer<br>can contain multiple fragments. In this case, r<br>parameter data buffer follows the last fragment<br>of m data buffer. The dlength field of the key<br>setup is the total length (in bytes) of m data<br>buffer (does not include r and s parameter data<br>buffers). However, the fragments other than<br>the last one must be integer multiple of 512<br>bits. The last fragment can be in any length.                                                                           | v parameter buffer                                   |
| RNG Bypass Mode                   | None                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | Random number buffer                                 |
| RNG SHA1<br>Randomized Mode       | None                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | Random number buffer                                 |
| ModAdd ((A+B) mod N)              | A data buffer → B data buffer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | Output data buffer                                   |
| ModSub ((A-B) mod N)              | A data buffer → B data buffer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | Output data buffer                                   |
| ModMul (A*B mod N)                | A data buffer → B data buffer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | Output data buffer                                   |
| ModRem<br>(A mod N)               | A data buffer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | Output data buffer                                   |
| ModExp<br>(A <sup>E</sup> mod N)  | A data buffer → E data buffer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | Output data buffer                                   |
| ModInv<br>(A <sup>-1</sup> mod N) | A data buffer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | Output data buffer                                   |

#### Table 23: MCR Input/Output Data Buffer Chaining

#### **ALIGNMENT RESTRICTIONS**

The following table shows alignment requirements for all memory-resident data in IPsec crypto/authentication operations.

 Table 24:
 Memory-Resident Data Alignment Requirements in IPsec Crypto/Authentication Operations

| Memory-Resident Data Type                   | Alignment Requirement, Size Requirement          |
|---------------------------------------------|--------------------------------------------------|
| Packet Payload Data                         |                                                  |
| Packet Input Data Buffers (per descriptor)  | None (byte), None (byte)                         |
| Packet Output Data Buffers (per descriptor) | 32-bit, length multiple of 32 bits               |
| Control and Command Structures              |                                                  |
| Descriptors (Input and Output)              | 32-bit, fixed size (3 words of 32 bits)          |
| Command Context Structure                   | 32-bit, fixed size (19 words of 32 bits)         |
| Master Command Record                       | 32-bit, variable size (1 + #pkts*8 32-bit words) |

The flexibility with respect to input packet payload data allows extreme combinations to be supported. For instance, a packet with 16,000 bytes of input payload data could be described as a chain of 16,000 descriptors, with each descriptor holding one single byte. The BCM5802 handles such an extreme situation correctly from a functional standpoint, albeit with reduced performance from the huge number of descriptor fetches.

The following table shows alignment requirements for all memory-resident data in DH/RSA/DSA operations.

#### Table 25: Memory-Resident Data Alignment Requirements in DH/RSA/DSA Operations

| Memory-Resident Data Type            | Alignment Requirement, Size Requirement               |
|--------------------------------------|-------------------------------------------------------|
| Packet Payload Data                  |                                                       |
| Input Data Buffers (per descriptor)  | 32-bit, length multiple of 32 bits                    |
| Output Data Buffers (per descriptor) | 32-bit, length multiple of 32 bits                    |
| Control and Command Structures       |                                                       |
| Descriptors (Input and Output)       | 32-bit, fixed size (3 words of 32 bits)               |
| Command Context Structure            | 32-bit, fixed size (variable words of 32 bits)        |
| Master Command Record                | 32-bit, variable size (1 + #key setup*8 32-bit words) |

Because IKE/SSL/TLS key setups operate at or above Layer 4 of the network stack, users have full control of the data memory allocation. Aligning data at the 32-bit boundary is relatively easy to do for software.



### **INVALID ENCRYPTION/AUTHENTICATION OPERATIONS**

This section details scenarios that the software should never request the chip to process. These can cause unknown results being written to memory, or possibly a chip hang condition.

- Zero-length packets: These can arise in several ways, all of which should be avoided. One way is to have a zero total
  packet length in a MCR structure. Another is to have a non-zero packet length, but to set the crypto offset equal to or
  greater than the entire length of the packet.
- Zero-length descriptors: All data buffer entries in input and output descriptor chains should have a non-zero length. Similarly, requesting the chip to use a zero output fragment size from the output fragment register would lead to unpredictable results.
- Erroneous parameter specifications: Situations such as illegal authentication specifiers, misaligned structure members, and misaligned output packet payload data, should be guaranteed to never occur.
- Output descriptors that point to misaligned output data buffers: All output data should be aligned on 32-bit boundaries.
- Output descriptors that indicate an output buffer byte length that is not a multiple of four: All output data buffers must have a length that is multiple of 32-bits.
- Non-zero crypto offset with crypto disabled.
- Packets with both authentication and crypto disabled.
- Packets with crypto disabled, but with an output descriptor chain of length > 1 specified: For packets that have no crypto
  output (hence *must* have an authentication output), there must be one, and exactly one output descriptor specified in
  the Master Command Record. Only the next field of this descriptor is used to write out the HMAC codes. Other fields of
  this descriptor (in particular the data buffer address and size) are ignored.
- Incorrect packet size for cryptography: Whenever 3DES is enabled, the length of input data to be encrypted must be a
  multiple of eight bytes. The input data length is calculated as total packet size minus the number of 32-bit dwords
  specified by the crypto offset context field. Giving the chip a crypto data length that is not a multiple of eight bytes could
  hang the chip. IPsec padding guarantees that this never happens.
- Crypto offset that leads to a data length for encryption or decryption that is not multiple of 64-bits: For instance, a crypto
  offset of one word with a total packet length of 40 words would force the crypto unit to process 39 words, which is not a
  multiple of eight bytes. However, a crypto offset of one word with a packet length of 41 words is fine, as is a crypto offset
  of two words with a packet length of 40 words.
- Non-zero crypto offset for packets that do not have both crypto and authentication enabled: If authentication is disabled, the crypto offset *must* be set to zero. Crypto offset can not be used as a programmable skip length for crypto-only packets.
- Writing to the MCR register with PCI master mode disabled: Doing so causes the control microcode to start processing and hang, waiting for a PCI master mode access that never begins.
- The #Packet or #Key Setup in the first field in an MCR cannot be zero.
- The Flags field (second field) in an MCR must be zeroed out before sending the MCR pointer to DMA register on the BCM5802.

#### **BCM5802** REGISTERS

The BCM5802 registers are divided into two categories.

- 1 PCI configuration registers implement control and status information that is specific to the PCI bus, as well as registers required by the PCI specification revision 2.2.
- 2 DMA control and status registers correspond to master command, data and packet context fetch and write back operations.

Unused bits read as an unknown value which could be zero or one, and should be masked off prior to further processing. Unused bits should be written as zeroes. The following mnemonics are used to describe the types of access allowed for each register bit:

- RW: bit is read/write
- WO: bit is write only
- RO: read only bit (i.e. status flag)
- RSVD: reserved bit, ignore upon read, write 0s upon write

A value of X upon reset means that the state of the register is undefined and should not be relied upon after a reset occurs.

#### **PCI CONFIGURATION REGISTERS**

The BCM5802 provides PCI 2.2-compliant configuration space registers as follows. In addition, the BCM5802 uses PCI Memory BAR0 for all slave control and status registers. The registers use a total memory space of 64 KB in one memory BAR region. This region is non-pre-fetchable, and must be relocated only in 32-bit space.

Configuration registers not shown in the table below are reserved.

| ADDR | 31      | Bits      | 16          | 15             | Bits        | 00              |
|------|---------|-----------|-------------|----------------|-------------|-----------------|
| 0x00 |         | Device I  | )           |                | Vendor      | ID              |
| 0x04 |         | Status    |             |                | Comma       | nd              |
| 0x08 |         |           | Class code  |                |             | Rev ID          |
| 0x0C | BIST    |           | Header Type | Master Latence | cy Timer    | Cache line Size |
| 0x10 |         |           | Mem         | ory BAR0       |             |                 |
| 0x2C | 5       | Subsystem | ID          | S              | Subsystem V | endor ID        |
| 0x3C | MAX_LAT |           | MIN_GNT     | Interrupt      | Pin         | Interrupt Line  |
| 0x40 |         | Reserved  | d           | Retry Time     | eout        | TRDY Timeout    |

#### Table 26: PCI 2.2-Compliant Configuration Space Registers

**BCM5802** 

The various registers within PCI configuration space are as follows.

| Table 27: | PCI Config | guration | Registers |
|-----------|------------|----------|-----------|
|-----------|------------|----------|-----------|

| Bits      | Access      | Reset       | Purpose                                                                                        |
|-----------|-------------|-------------|------------------------------------------------------------------------------------------------|
| PCI Vend  | lor ID: 0x0 | 0           |                                                                                                |
| 15:0      | RO          | 14E4        | Hard-wired device identifier (0x14E4), Broadcom ID assigned by PCISIG.                         |
| PCI Devi  | ce ID: 0x02 | 2           |                                                                                                |
| 31:16     | RO          | 5802        | Hard-wired device identifier (0x5802).                                                         |
| PCI Com   | mand Reg    | ister: 0x04 |                                                                                                |
| 15:10     | RSVD        | 0           | Reserved.                                                                                      |
| 9         | RW          | 0           | Fast back to back master enable.                                                               |
| 8         | RW          | 0           | System error enable.                                                                           |
| 7         | RSVD        | 0           | Reserved.                                                                                      |
| 6         | RW          | 0           | Parity error enable.                                                                           |
| 5         | RSVD        | 0           | Reserved.                                                                                      |
| 4         | RW          | 0           | Memory write and Invalidate enable.                                                            |
| 3         | RSVD        | 0           | Reserved.                                                                                      |
| 2         | RW          | 0           | Bus master enable.                                                                             |
| 1         | RW          | 0           | Memory access enable.                                                                          |
| 0         | RW          | 0           | I/O access enable (ignored, leave at 0).                                                       |
| PCI State | us Register | r: 0x04     |                                                                                                |
| 31        | RO          | 0           | Detect parity error.                                                                           |
| 30        | RO          | 0           | Signaled system error.                                                                         |
| 29        | RO          | 0           | Received master abort status.                                                                  |
| 28        | RO          | 0           | Received target abort status.                                                                  |
| 27        | RO          | 0           | Signaled target abort status.                                                                  |
| 26:25     | RO          | 01          | DEVSEL timing.                                                                                 |
| 24        | RO          | 0           | Data parity detected.                                                                          |
| 23        | RO          | 1           | Fast back-to-back capable status.                                                              |
| 22        | RSVD        | 0           | Reserved.                                                                                      |
| 21        | RO          | 0           | 66-MHz capable.                                                                                |
| 20:16     | RSVD        | 0           | Reserved.                                                                                      |
| PCI Rev   | ID: 0x08    |             |                                                                                                |
| 7:0       | RO          | 01/E1       | Hard-wired device revision identifier (0x01 for domestic version and 0xE1 for export version). |

|          |             | Ta              | ble 27: PCI Configuration Registers (Cont.)                                                     |
|----------|-------------|-----------------|-------------------------------------------------------------------------------------------------|
| Bits     | Access      | Reset           | Purpose                                                                                         |
| PCI Clas | s Code Re   | gister: 0x08    |                                                                                                 |
| 31:8     | RO          | 0B4000          | <b>Class code value (hard-wired).</b> 0x0B4000 (processor class, coprocessor subclass).         |
| PCI BIS  | T Register, | Cache line, Mas | ater Latency, Header: 0x0C                                                                      |
| 31       | RO          | 0               | <b>BIST capable.</b> The BCM5802 is not capable of performing PCI configuration BIST operation. |
| 30       | RW          | 0               | BIST Start. Not supported on BCM5802.                                                           |
| 29:28    | RO          | 0               | Reserved.                                                                                       |
| 27:24    | RO          | 0               | BIST completion code. Not supported on BCM5802.                                                 |
| 23:16    | RW          | 0               | Header type.                                                                                    |
| 15:0     | RW          | 0               | Master latency timer.                                                                           |
| 7:0      | RW          | 0               | Cache line size.                                                                                |
| PCI Men  | nory BAR: ( | 0x10            |                                                                                                 |
| 31:0     | RW          | 0xFFFF0000      | Memory Base Address Register, 64 KB region, non-prefetchable, relocate in 32-bit space only.    |
| PCI MAX  | LAT, MIN    | _GNT, Interrupt | : 0x3C                                                                                          |
| 31:24    | RO          | 0               | PCI MAX_LAT parameter.                                                                          |
| 23:16    | RO          | 0               | Length of burst period MIN_GNT.                                                                 |
| 15:8     | RO          | 0x1             | Interrupt pin register.                                                                         |
| 7:0      | RW          | 0               | Interrupt line register.                                                                        |
| PCI Retr | y Timeout,  | TRDY Timeout:   | 0x40                                                                                            |
| 15:8     | RW          | 0x80            | Number of retries that the PCI interface performs.                                              |
| 7:0      | RW          | 0x80            | TRDY timeout value.                                                                             |

#### **DMA CONTROL AND STATUS REGISTERS**

The DMA registers control how master command structures, packet context and packet data are fetched and then stored after processing. All of the following registers are located in PCI Memory BAR0 space. A second MCR register has been added in the BCM5802 to handle the key setup operations. The BCM5802 is completely compatible with the BCM5801 for crypto/authentication operations. The BCM5801 software driver also works on the BCM5802 without modification.

| ADDR | 31                       | Bits | 16 | 15 | Bits | 00 |
|------|--------------------------|------|----|----|------|----|
| 0x00 | Master Command Record 1@ |      |    |    |      |    |
| 0x04 | DMA Control              |      |    |    |      |    |
| 0x08 | DMA Status               |      |    |    |      |    |
| 0x0C | DMA Error Address        |      |    |    |      |    |
| 0x10 | Master Command Record 2@ |      |    |    |      |    |

#### Table 28: PCI Memory BAR0 Space DMA Registers

The following table shows the DMA control and status registers.

| Bits                               | Access       | Reset | Purpose                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |  |  |
|------------------------------------|--------------|-------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|
| DMA Master Command Record 1@: 0x00 |              |       |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |  |  |
| 31:0                               | RW           | X     | Writing the address of a valid Master Command Record to this register causes cryptol<br>authentication processing of the packets within that record to begin. This register must<br>only be written when the MCR_FULL bit of the DMA Status register is 0. This register is<br>double buffered, such that the MCR_FULL bit goes to zero very quickly after an initial<br>write. This allows the CPU to write a second MCR address value to this register,<br>effectively queuing up to MCR structures for back to back processing with zero latency<br>Reset state is Unknown. Do not write if PCI master mode is disabled. |  |  |
| DMA C                              | ontrol: 0x04 |       |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |  |  |
| 31                                 | RW           | 0     | <b>RESET.</b> Software reset. Normally, it is unset. If software detects hanging or other undesirable states of BCM5802, it sets this bit to reset. After writing 1 to this bit, you must wait 30 PCI clocks before the chip can be accessed again.                                                                                                                                                                                                                                                                                                                                                                         |  |  |
| 30                                 | RW           | 0     | <b>MCR2INT_EN.</b> Enable interrupt per MCR for MCR2. An interrupt is generated every time an entire MCR completes processing. This is the preferred operational mode. Resets to 0.                                                                                                                                                                                                                                                                                                                                                                                                                                         |  |  |
| 29                                 | RW           | 0     | <b>MCR1INT_EN.</b> Enable interrupt per MCR for MCR1. An interrupt is generated every time an entire MCR completes processing. This is the preferred operational mode. Resets to 0.                                                                                                                                                                                                                                                                                                                                                                                                                                         |  |  |
| 28                                 | RSVD         | 0     | Reserved.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |
| 27                                 | RSVD         | 1     | Reserved. Do not change its reset value.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |  |  |
| 26                                 | RSVD         | 1     | Reserved. Do not change its reset value.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |  |  |
| 25                                 | RW           | 0     | DMAERR_EN. Enable interrupt upon DMA master access error.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |

#### Table 29: DMA Control and Status Registers

| Pite    | Access     | Posot    | Purposo                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |  |
|---------|------------|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|
| ыз      | Access     | Resel    |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |  |
| 24:23   | WO         | 00       | RNG_MODE                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |  |
|         |            |          | OU: 1 bit random number per one slow clock cycle.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |  |
|         |            |          | 01: 1 bit random number per four slow clock cycles                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |  |
|         |            |          | 10: 1 bit random number per eight slow clock cycles                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |  |
|         |            |          | 11: 1 bit random number per sixteen slow clock cycles                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |  |
| 15:0    | RSVD       | 0        | Reserved.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |
| DMA Sta | tus: 0x08  |          |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |  |
| 31      | RO         | 0        | Master access in progress. Resets to 0.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |  |
| 30      | RO         | 0        | <b>MCR1_FULL flag.</b> Master Command Address register is full. When this flag is 1, the CPU must not write to the MCR1@register. When this flag is 0, the PCU may write a value to the MCR1@register to request processing of a master command structure. Resets to 0.                                                                                                                                                                                                                                                                                                                                     |  |
| 29      | RW         | 0        | <b>MCR1_INTR.</b> Completion interrupt status of per-MCR interrupt for MCR1. Cleared by writing a 1 to this bit position.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |
|         |            |          | <b>Note:</b> This bit accurately reflects processing status, even if the corresponding interrupt bit is disabled (in which case a PCI interrupt is not generated).                                                                                                                                                                                                                                                                                                                                                                                                                                          |  |
|         |            |          | This bit is sticky until cleared explicitly. Resets to 0.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |
| 28      | RW         | 0        | <b>DMAERR_INTR.</b> Interrupt status for MCR DMA master access error. Sticky until software reset (DMA control bit 31 is set to 1) or hardware reset. This bit accurately reflects status even if the corresponding interrupt enable bit is off (in which case a PCI interrupt is not generated). Resets to 0.                                                                                                                                                                                                                                                                                              |  |
| 27      | RO         | 0        | <b>MCR2_FULL flag.</b> Master Command Address register is full. When this flag is 1, the CPU must not write to the MCR2@ register. When this flag is 0, the CPU may write a value to the MCR2@ register to request processing of a master command structure. Resets to 0.                                                                                                                                                                                                                                                                                                                                   |  |
| 26      | RW         | 0        | <b>MCR2_INTR.</b> Completion interrupt status of per-MCR interrupt for MCR2. Cleared by writing a 1 to this bit position.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |
|         |            |          | <i>Note:</i> This bit accurately reflects processing status (in which case a PCI interrupt is not generated).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |  |
|         |            |          | This bit is sticky until cleared explicitly. Resets to 0.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |
| DMA Err | or Address | : 0x0C   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |  |
| 31:2    | RO         | Х        | Address of master access that resulted in a PCI fault (32b word address). Reset state unknown.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |  |
| 1       | RO         | Х        | 1 = faulted master access was a read, 0 = was a write. Reset state unknown.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |  |
| DMA Ma  | ster Comm  | and Reco | ord 2@: 0x10                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |  |
| 31:0    | RW         | X        | Writing the address of a valid Master Command Record to this register causes key setup processing of the data within that record to begin. This register must only be written when the MCR_FULL bit of the DMA Status register is 0. This register is double buffered, such that the MCR_FULL bit goes to zero very quickly after an initial write to this register. This allows the CPU to write a second MCR address value to this register, effectively queuing up to MCR structures for back-to-back processing with zero latency. Reset state is unknown. Do not write if PCI master mode is disabled. |  |

#### Table 29: DMA Control and Status Registers (Cont.)

## Section 5: Electrical and Timing Specifications

#### Table 30: Electrical and Timing Specifications

| Parameter                             | Typical             | Description                              |  |
|---------------------------------------|---------------------|------------------------------------------|--|
| PCI Compliance                        | 3.3V and 5V         | Over the range of 25-33 MHz PCI clocks   |  |
| Supply Voltage                        | 3.3V <b>±</b> 5%    |                                          |  |
| Power Consumption                     | 1.2W                | Typical power consumption at 33 MHz      |  |
| I/O Buffers                           | 3.3V                |                                          |  |
| Operating Temperature                 | 0-70C               | Within the commercial temperature range  |  |
| Timing Specification for the I/O Pins |                     | Follows the PCI 2.2 timing specification |  |
| The BCM5802 works in both 3.3V and    | 5V PCI environments |                                          |  |

#### Min Parameter Condition Max

Table 31: PCI Pin DC Specifications

| Symbol                   | Parameter                             | Condition                  | Min                | Max                   | Units |
|--------------------------|---------------------------------------|----------------------------|--------------------|-----------------------|-------|
| V <sub>CC</sub>          | Supply Voltage                        |                            | 3.135              | 3.465                 | V     |
| V <sub>IH</sub> (FRAME#) | Input High Voltage for FRAME# pin     |                            | $0.52V_{CC}$       | V <sub>CC</sub> + 0.5 | V     |
| V <sub>IH</sub> (PERR#)  | Input High Voltage for PERR# pin      |                            | $0.52V_{CC}$       | V <sub>CC</sub> + 0.5 | V     |
| V <sub>IH</sub>          | Input High Voltage for all other pins |                            | $0.50V_{CC}$       | V <sub>CC</sub> + 0.5 | V     |
| V <sub>IL</sub>          | Input Low Voltage                     |                            | -0.5               | 0.3V <sub>CC</sub>    | V     |
| V <sub>IPU</sub>         | Input Pull-up Voltage                 |                            | 0.7V <sub>CC</sub> |                       | V     |
| V <sub>OH</sub>          | Output High Voltage                   | l <sub>OUT</sub> = -0.5 mA | 0.9V <sub>CC</sub> |                       | V     |
| V <sub>OL</sub>          | Output Low Voltage                    | I <sub>OUT</sub> = 1.5 mA  |                    | 0.1V <sub>CC</sub>    | V     |
| C <sub>IN</sub>          | Input Pin Capacitance                 |                            | 5                  | 12                    | pF    |
| C <sub>CLK</sub>         | PCI_CLK Pin Capacitance               |                            |                    | 8                     | pF    |
| L <sub>PIN</sub>         | Pin Inductance                        |                            |                    | 20                    | nH    |

FRAME# and PERR# pins violated VIH PCI specification very slightly at the corners of the operating temperature range. All other pins are within the PCI DC Specifications. All the pins, including FRAME# and PERR#, satisfy the PCI Timing Specifications.



## Section 6: Mechanical Information

Figure 6: 144-Pin DQFP Package Drawing



## **Broadcom Corporation**

Broadcom Corporation P.O. Box 57013 16215 Alton Parkway Irvine, California 92619-7013 © 2002 by Broadcom Corporation All rights reserved Printed in the U.S.A.

Broadcom<sup>®</sup> Corporation reserves the right to make changes without further notice to any products or data herein to improve reliability, function, or design. Information furnished by Broadcom Corporation is believed to be accurate and reliable. However, Broadcom Corporation does not assume any liability arising out of the application or use of this information, nor the application or use of any product or circuit described herein, neither does it convey any license under its patent rights nor the rights of others.

Document 5802-DS03-405-R