MACsec Security Module

eda2022

General Product Description
The DWC_macsec module is used for inline encryption/decryption and authentication of ethernet packets as defined by the IEEE 802.1AE Standard . The DWC_macsec module handles full line rate single port support for the IEEE 802.1AE Standard up to 100 Gb/s . Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC of November 2007 .
The DWC_macsec is developed to be integrated between a MAC (Media Access Controller) and a Physical Coding Sublayer (PCS) or PHY, and it offers GMII, XGMII and XLGMII interfaces as defined in the IEEE 802.3-2018 - IEEE Standard for Ethernet. Reduced interfaces such as RMII and RGMII are also supported and follow the RMII™ specification, RMII consortium, and Reduced Gigabit Media Independent Interface (RGMII) version 2.6 standards.
The DWC_macsec is developed to minimize latency, by offering an optimized AES-GCM cryptographic core for TX/Egress and RX/Ingress paths. Several additional features are also present in the DWC_macsec, such as bypass mode, parametrizable amount of TX and RX secure channels and security associations, support for different VLAN TAG on the clear, separate APB interfaces for general configuration registers and AES critical registers.

                               
登录/注册后可看大图

1.2 Features
■ Supports the following:
❑ IEEE 802.1AE-2018 Standard
❑ Frame Preemption (IEEE 802.1Qbu Standard) for lower performance data rates
❑ Up to 100 Gb/s for egress path
❑ Up to 100 Gb/s for Ingress path
❑ Up to 32 secure channels for TX
❑ Up to 256 secure channels for RX
❑ Up to 64 secure associations for TX
❑ Up to 512 secure associations for RX
❑ Up to two VLAN TAGs on the clear (for Cisco Mode)
❑ VLAN TAG on the clear, copy and replace modes
❑ Jumbo frame
❑ Insertion and removal of SecTAG
❑ RGMII, RMII, SGMII, MII, GMII, XGMII and XLGMII interfaces
❑ USGMII and USXGMII (parallel operation with PCH. For more information, see “Data Interfaces and CRC”
❑ APB for register access and key configuration
❑ Separate APB for AES-GCM register access and key configuration
❑ Asynchronous clock operation between TX and RX
❑ Asynchronous clock operation between APB and datapath clocks (TX, RX)
❑ Two rounds per clock for AES-GCM
❑ Area optimized Galois Field for AES-GCM
❑ Ternary Content Addressable Memory (TCAM) for security association search
❑ Direct or linear search modes for security association lookup
❑ FIPS 140-3 AES-GCM Test Mode
❑ Proprietary tagging for correctly received frames
❑ Configurable filtering rules for non-MACsec frames
❑ SRAM ECC
■ Seamless integration with Synopsys Ethernet controllers and PCS modules