1984_Am9518_Data_Ciphering_Processors 1984 Am9518 Data Ciphering Processors
User Manual: 1984_Am9518_Data_Ciphering_Processors
Open the PDF directly: View PDF .
Page Count: 160
Download | |
Open PDF In Browser | View PDF |
,.' Data Ciphering Processors ~9518,~9568, ~Z8068 Technical Manual Advanced Micro Devices Am95181 AmZ80681 Am9568 Data Ciphering Processors Technical Manual ©1984 Advanced Micro Devices, Inc. Advanced Micro Devices reserves the right to make changes in its products without notice in order to improve design or performance characteristics. The company assumes no responsibility for the use of any circuits described herein. 901 Thompson Place, P.O. Box 3453, Sunnyvale, California 94088 (408) 732-2400 TWX: 910-339-9280 TELEX: 34-6306 Printed in U.S.A. ACKNOWLEDGEMENTS: This technical manual was written by Juergen Headquarters Applications Engineer. Stelbrink, Chapter 4.12 HIGH SPEED SERIAL DATA CIPHERING IN NETWORK SYSTEMS was contributed by Al Sussman, Field Applications Engineer in Burlington, Massachusetts. TABLE OF CONTENTS Page 1. INTRODUCTION 5 2. DATA CIPHERING 9 DATA ENCRYPTION STANDARD PUBLIC/PRIVATE KEY SYSTEM THE DCP FAMILY 2.1. 2.2. 2.3. 3. FUNCTIONAL DESCRIPTION 3.1. 3.1.1 3.1. 2 3.1. 3. 3.1. 4 3.2. 3.3. 3.4. 3.5. 3.6. 3.6.1. 3.6.2. 3.6.3. 3.7. 3.7.1. 3.7.2. 3.8. 3.9. 3.10 4. 4.1. 4.2. 4.3. 4.4. 4.5. 4.6. 4.7. 4.8. 4.9. 4.10. 4.11. 4.12. PORTS Master Port Slave Port Auxiliary Port Key and Data Load in Direct Control Mode REGISTERS COMMANDS PARITY CHECKING OF KEYS INITIALIZATION MULTIPLEXED CONTROL MODE ECB Operation CBC Operation CFB Operation DIRECT CONTROL MODE ECB Operation CBC and CFB Operation OUTPUT FEEDBACK AND ONE-BIT CFB THROUGHPUT KEY TRANSFER VIA THE COMMUNICATION LINK INTERFACES 8086 iAPX186 iAPX286 68000 Z8000 Z80 8085 Z80-DMA 8088-DMA iSBX Bus 8051 HIGH SPEED 9 14 15 21 21 21 24 25 28 29 33 38 39 41 41 44 44 45 45 48 49 51 55 57 Am9518/AmZ8068/Am9568 AmZ8068 Am9568 AmZ8068 Am9518/AmZ8068 Am9518/AmZ8068 Am9518/AmZ8068 Am9568 AmZ8068 Am9568 Am9518/AmZ8068 SERIAL DATA CIPHERING IN NETWORK SYSTEMS APPENDIXES A. ECB Test Data B. CBC Test Data C. CFB Test Data Certification by National Bureau of Standards D. Timing Diagrams E. Literature F. 61 71 73 79 85 89 101 103 111 119 131 134 141 141 142 143 156 158 Chapter 1 CHAPTER 1. INTRODUCTION Cryptography is almost as old as civilization. The human desire for privacy when communicating leads inevitably to cryptography. Webster's Dictionary describes cryptography as: "the art or practice of preparing messages in a form intended to prevent their being read by those not privy to secrets of the form; also: the science of devising methods and means for this". The word cryptography combines the Greek "kryptos" (secret) and "graphos" (writing) . The Spartans established one of the first military cryptographic systems in the fifth century B.C. They developed a simple tool consisting of a strip of parchment wrapped around a staff of wood. The original message was written on the parchment down the length of the staff. Once unwrapped, the message becomes unreadable and can be transferred by messenger to the receiver, who decrypts the message by rewrapping it around a staff of the same thickness. The Spartans used it to transfer secret information during the Persian Wars. There are two basic kinds of encrypting or ciphering methods: transposi tion and substitution. Data ciphering by transposition takes the characters of the original message (the plain text) and scrambles them to form the encrypted message (the cipher text). The scrambling changes the position of characters in the text only and not the characters themselves. "CIPHER" written as "HCERPI" is an example of transposition ciphering. The substitution method replaces each character of the original text by another character, number or special symbol. Julius Caesar designed a cryptographic algorithm where the characters were shifted a fixed number of positions; for a shift of three positions,an "a" becomes a "d" and a "b" becomes an "e". His name is substituted as "Mxolxv Fdhvdu". He employed this algorithm to protect an exchange of letters with Cicero during the Gallic Wars. The fundamental weakness of Caesar's algorithm is that it always encrypts the same letter in the same manner. Codebreaking techniques introduced in the second half of the nineteenth century take advantage of the fact that each language has its own character frequency spectrum. The most common letter in the English language is the "e"; the most frequently recurring double letters are "th". Spectrum analysis can easily break Caesar's code. More sophisticated algorithms developed in the Renaissance eliminated the weakness of Caesar's code. The encrypted character becomes a function of the original character and its position in the text. The same character in two different text locations is replaced by different encrypted characters. 5 Chapter 1 German intelligence in World War I employed a code where a list of words organized in a dictionary were linked to a set of numbers. The linkage was not organized in numerical or alphabetical order; it was a giant substitution. In January 1917, the German Foreign Minister, A. Zimmermann, sent a top-secret encrypted telegram to his ambassador in washington. The British Post Office intercepted this wireless telegram and sent it to the codebreaking branch of Bri tish Naval Intell igence. The decoding of the "Zimmermann telegram" was probably the most important single codebreaking task in intell igence history. It caused the united States to join the war. until the early Sixties, most cryptographic equipment was based on complicated machines consisting of many mechanical disks and gears. Today, the use of electronic devices increased the capabilities of cryptography. The algorithms are now more sophisticated; but, on the other hand, cryptoanalysts are also able to break more sophisticated codes using computers. The extensive use of data communication over radio or telephone lines makes it easy for someone to listen to masses of sensitive information without being detected. Great quantities of confidential data, stored on disks or transmitted over various communication links, need protection from unauthorized access. Using any home computer with a modem, an outsider can dial many phone numbers automatically to find a connection where a computer system answers. By trying random passwords he might then gain access to the system, but this access would be worthless if the sensitive data were stored in encrypted form. A U.S. government department, the National Bureau of Standards, developed an algorithm designed to protect sensitive computer data. Advanced Micro Devices implemented this algorithm into silicon. The result, the Data Ciphering Processor (DCP), is a one-chip 40-pin LSI device, best suited for use in high-speed electronic data ciphering systems and certified by the National Bureau of Standards. The two major application areas of this device are: to protect mass data storage (files on tape or disk), to protect data communication links to keep the transferred information pri vate (voice encryption, home banking, bank tellers, satellite communication). This handbook is organized into three parts. First, it gi ves the reader an overview about data ciphering in general and the DES algorithm supported by the DCP in particular. Differences between two cryptography systems, the public and the private key system, are discussed. Further, it outl ines the differences between the three members of the AMD DCP family. 6 Chapter 1 Chapter 3 provides a detailed description of all features and functions of the DCP. It introduces the reader to the internal structure of the DCP and explains the data ciphering instruction set. Timing information can be found in Appendix E. Detailed program flowcharts show the operation of the DCP in the different modes. Chapter 4 addresses the system designer, providing hints and ideas for designing the DCP into a specific system environment. It shows interfaces to most 8-bit and l6-bit microprocessors. Chapter 4.11 shows what is probably the simplest data ciphering system. It consists of a microcomputer and a DCP built in a "black box". This box provides data ciphering inserted in a serial communication line, for example between a terminal and a modem. Chapter 4.12 shows an application of the DCP in highspeed, serial data-communication environments such as Ethernet. 7 8 Chapter 2 CHAPTER 2. DATA CIPHERING The data ciphering algorithm supported by the DCP was tested and accepted by the US government. The technique works by passing original data through a circuit whose output is a complex, nonlinear function of the data and a user-supplied, 56-bit key, involving XORing, substitution, block swapping, and key subset selection. The resultant encoded data is called "cipher text". It is virtually impossible to regenerate the original data without knowing the key. The DES specifies that the algorithm be implemented in hardware rather than software for maximum security. The DCP can execute both encryption and decryption. The device can hold three different keys: one for encryption, one to decrypt a received encoded message and a third one called Master Key to generate session keys or to transfer keys over the 1 ine. Refer to Chapter 3.2 (Master Key Register) for more information about the usage of the Master Key. Each key is entered into the DCP as a series of eight bytes, each byte consisting of seven key bits and one parity bit. The chip checks the parity on each byte of the key as entered. To enhance system security, the keys cannot be read back. The DCP supports three data encryption modes to satisfy the requirements of most applications. Electronic Code Book (ECB) is best suited for high-speed disk applications. Chain Block Cipher (CBC) provides an extra degree of data security over ECB in that it detects any insertion or deletion in the cipher text. It also implements one of the basic cryptography rules: Never encode the same message the same way twice. Data ciphering in disk applications cannot follow this rule because it requires that records be decrypted randomly. The third data ciphering mode is Cipher Feedback (CFB). It is designed for medium-speed, character-based applications. Data is handled on a byte-by-byte basis without waiting to form 64-bit blocks, as in the other two methods. 2.1 DATA ENCRYPTION STANDARD In January 1977, the National Bureau of Standards published a Data Encryption Standard (DES) in the Federal Information Processing Standards Publication (FIPS PUB 46). The DES specifies an algorithm to be implemented in electronic hardware devices to protect computer data cryptographically. That publ ication provides a complete description of the mathematical background of the DES algorithm. Although the DES encryption/decryption algorithm is public information, the individual privacy is insured with a private key. The user can chose any 56-bit key; thus, he can select one of 7.2 x 10 16 possible keys. The same key is used for encryption and decryption. The DES is a private key system. 9 ECB ENCRYPTION ECB DECRYPTION INPUT BLOCK INPUT BLOCK DES ENCRYPT DES DECRYPT OUTPUT BLOCK OUTPUT BLOCK 04862A-07 Figure 2.1. Electronic Code book (ECB) Mode TIME = 1 TIME = 2 •••••••• TIME =n IV ENCRYPT In DES ENCRYPT DES ENCRYPT DES ENCRYPT Cn Cn DES DECRYPT DES DECRYPT DES DECRYPT In DECRYPT IV LEGEND DJ DATA BLOCK AT TIME J IJ ENCRYPTION INPUT BLOCK AT TIME J CJ CIPHER BLOCK AT TIME J IV = INITIALIZATION VECTOR = = = 0= EXCLUSIVE·OR Figure 2.2. Cipher Block Chaining (CBC) Mode 10 04862A-08 Chapter 2 The DES algorithm takes a data block through 18 data-manipulation stages. Sixteen of these stages are identical. They execute complex series of bit manipulations depending on the key. The first and the last stage do only simple bit transpositions. This overview of the internal operation makes it obvious that this algorithm is well-suited for implementation in electronic hardware. The DES algorithm translates a 64-bit binary block into a unique 64-bit output block. It is important for some applications that this ciphering algorithm does not add information. Input and output blocks have the same length. Each bit of the result is a function of each and any bit of the input data as well as the key. In other words, a change of any single input bit has approximately equal probability of changing any output bit. The National Bureau of Standards has defined four implementations of the DES algorithm to be used in a wide variety of applications. These implementations are called Modes of Operation. Advanced Micro Devices' Data Ciphering Processor was certified by the National Bureau of Standards in January 1981 (see Appendix D). The DCP has passed the DES test and 4 million iterations of the Monte Carlo test. (Since the DES is a complex nonlinear algorithm, it cannot be fully tested with a limited set of test vectors. To verify the correct hardware implementation, the National Bureau of Standards has created a statistical procedure -- the Monte Carlo routine.) Modes of Operation The National Bureau of Standards has defined four implementations of the DES algorithm. Each of them is designed for specific applications. ECB The Electronic Code Book (Figure 2.1) is a direct implementation of the DES algorithm. The analogy to a code book arises because the same plain text always generates the same ciphered text for a given cryptographic key. The DCP determines the codebook entries each time. A single bit error or change, in either the input text block or the key, causes an average bit error rate of 50% for its output block. However, an error in one text block will not affect any other block. In other words, there is no error extention between ECB blocks. The input and output block size is 64 bits. Since data blocks are independently ciphered, this mode is qualified for disk applications. 11 DECRYPTION ENCRYPTION SHIFT +-INPUT BLOCK INPUT BLOCK I 56 BITS I I I 6 BITS 56 BITS 8 DES ENCRYPT OUTPUT BLOCK OUTPUT BLOCK : I 8 BITS 8 FEEDBACK 8 BITS DES ENCRYPT SELECT 6 BITS : I SELECT 8 BITS DISCARD 56 BITS I DISCARD 56 BITS INPUT BLOCK INITIALLY CONTAINS AN INITIALIZATION VECTOR (IV) RIGHT JUSTIFIED. 04862A-09 Figure 2.3. 8·Bit Cipher Feedback (CFB) Mode ENCRYPTION DECRYPTION SHIFT +-INPUT BLOCK INPUT BLOCK I (64-1<) BITS KBITS (64-1<) BITS: K BITS K K FEEDBACK KBITS DES ENCRYPT DES ENCRYPT OUTPUT BLOCK OUTPUT BLOCK SELECT K BITS I I I DISCARD (64-1<) BITS SELECT K BITS : I DISCARD (64-1<) BITS • INPUT BLOCK INITIALLY CONTAINS AN INITIALIZATION VECTOR (IV) RIGHT JUSTIFIED. 04B62A·10 Figure 2.4. K·Bit Output Feedback (OFB) Mode 12 Chapter 2 The ECB mode has the weakness that identical blocks of plain text generate identical blocks of ciphered text. This violates one of the basic laws of encryption security: Never encrypt information the same way twice because this makes it easier for the opponent to break the code. This problem is solved by the CBC mode. CBC Chain Block Cipher (Figure 2.2) also operates on 64-bit data blocks. The input data block is EXORed with an 64bit Initial Vector (IV) before being processed by the DES algorithm. The resulting ciphered-output block is loaded into the IV Register, to be ORed with the next input block. This chaining of cipher text blocks provides different outputs for identical input blocks. It also gives an error extention characteristic which protects against fraudulent data insertion, deletion or alteration in a block sequence. A one-bit error in the input text block, the key or the Initial Vector causes an average error rate of 50% in all subsequent output blocks. These features make CBC best suited for high-speed data communications. CFB Cipher Feedback (Figure 2.3) operates on n-bit data blocks, "n" being any value from I to 64. The content of the IV Register is processed by the DES algorithm. The most significant n-bits of the result are EXORed with the n-bit input data block. The result is the n-bit ciphered output block. This output block is shifted into the "n" least significant bits of the IV Register. The DCP supports 8-bit CFB. Character-based, lo~-speed to medium-speed data communications is best done by 8-bit CFB. In CFB Mode, the throughput of the DCP is lower than in CBC or ECB because each algorithm pass provides only 8 bits compared to 64 bits in the two high-speed modes. The error extention characteristic is the same as in CBC. OFB Under some circumstances, such as a noisy, narrowband digital signal in an encrypted speech application, it is best to use a data-independent stream cipher. Output Feedback (Figure 2.4) is the best technique in this environment. The advantage of OFB is that the output data is a function of only the input data and the number of preceding blocks. It is independent of the actual data contained in the blocks. An error in an input block causes a 50% bit error probability in its output block, but it does not influence subsequent outputs. There is no error extention. OFB differs from CFB in that the feedback path is dataindependent; a part of the output of the DES algorithm is fed back directly. The DES algorithm operates like a pseudo-random number generator. 13 Chapter 2 The DCP does not support OFB directly, but with some external hardware l-bit and 8-bit OFB can be implemented as shown in Chapter 3.8. No additional hardware is needed to perform 64-bit OFB. 2.2 PUBLIC VERSUS PRIVATE KEY CRYPTOSYSTEMS The classical single-key cryptosystem, such as DES, operates on the premise that the sender and recei ver of messages use the same key for the dual purpose of encryption and decryption. Although such a scheme is adequate for most purposes, it is deficient from the point of view of true "authentication". Authenticity assures that the message has not been tampered with during transmission, and also that the true identity of the sender (also called signature) can be extracted from the encrypted message. In schemes involving sharing of a secret key there is scope for "forgery" since the receiver of a message can generate authenticators that are indistinguishable from those generated by the sender. Furthermore, single-key systems require some form of key distribution prior to activation of the system. Public key cryptosystems have evolved as an answer to the needs of digital signatures and also to overcome some of the shortcomings of DES. They were first introduced by Diffie and Hellman in 1976. In contrast to DES, these systems use a matched pair of keys (one private and the other public) for the sender and the receiver. Both pairs are generated independently. The private keys are retained by the individual users while their respective public keys are maintained in a common directory possibly managed by a network key server. This scheme separates the encryption and decryption keys. It can transmi t encryption messages without prior exchange of keys and can implement digital signatures that are legally binding. Public key cryptosystems are slow since they involve multipleprecision arithmetic on very large numbers (>100 digits). The functional advantages of a public key crypiosystem can, however, be combined with the advantages of a private key cryptosystem (speed and availability of dedicated VLSI circuits) to form a hybrid system (Figure 2.5). To transmit a secret text, the sender (A) first generates a random key for encrypting the clear text by means of the fast DES algorithm. The random key is then encrypted using the complicated and slow public key method. Both the encrypted key and text are then transmitted to the receiver. The receiver first decrypts the key and then uses the decrypted key to decrypt the ciphered text. The authenticity of the text can be checked in a second pass. Splitting the job between the public key and DES algorithm makes sense since the protection of a standard message requires many more DES encryptions than public key encryptions. 14 Chapter 2 For more information on Public Key Systems see: Burton, C. E. "RSA: A Publ ic Key Cryptography System." Dr. Dobb's Journal, Mar 1984, 16-21. Diffie, W. and Hellman, M. "New Directions in Cryptography." ~ Transactions ££ Information Theory, IT-22(6), Nov 1976, Gardner, M. "Mathematical Games." Scientific American, Aug 1977, 120-124 237(2), Mueller-Schloer, Christian. "A Microprocessor-based Cryptoprocessor". ~ Micro, Oct 1983, 5-15. Rivest, R.L., A. Shamir and L. Adleman. "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems." Communications of the ACM, 21(2), Feb 1978, 120-126. PUBLIC KEY OFB PRIVATE KEY OFB ! .-+ --z- PUBLIC KEY (ENCRYPTION) PUBLIC KEY ----I.~I (DECRYPTION) CIPHERED KEY KEY CLEAR TEXT ! ===> DES (ENCRYPTION) J.. r ---' _===> ~ CIPHERED TEXT DES (DECRYPTION) SENDER (A) r----,/ CLEAR TEXT RECEIVER (B) Q4e62A·'1 Figure 2.5. Hybrid System 2.3. THE DCP FAMILY The DCP family consists of three devices: Am9518 3-MHz version, Z8000*-type bus interface up to 1.3 Mbyte/s ciphering throughput AmZ8068* 4-MHz version, Z8000-type bus interface up to 1.7 Mbyte/s ciphering throughput Am9568 4-MHz version, 8086-type bus interface up to 1.5 Mbyte/s ciphering throughput *Z8000 is a trademark of Zilog, Inc. *AmZ8068 is a trademark of Advanced Micro Devices, Inc. 15 AUXILIARY PORT MASTER KEY CPU BUS MASTER PORT COMMANDS, ENCRYPT AND DECRYPT KEYS, CLEAR TEXT, CIPHERTEXT DCP 04862A-01 Figure 2.6. Data Flow for Single Port Configuration, Multiplexed Control Mode AUXILIARY PORT MASTER KEY DCP CPU BUS MASTER PORT COMMANDS, ENCRYPT AND DECRYPT KEYS, CLEAR TEXT SLAVE PORT CIPHERTEXT PERIPHERAL DEVICE OR BUFFER 04862A-02 Figure 2.7. Data Flow for Dual Port Configuration, Multiplexed Control Mode HIGH·SPEED MICROPROGRAMMED (Am2910, PROM, ETC.) ~--.....", DCP MASTER PORT HOST SYSTEM CIPHERTEXT PERIPHERAL DEVICE OR BUFFER ENCRYPT AND DECRYPT KEYS, CLEAR TEXT 04862A-03 Figure 2.8. Data Flow for Dual Port Configuration, Direct Control Mode 16 Chapter 2 General Description Applicable to All Three Devices All three devices are designed to be used in a large variety of environments, including dedicated controllers, communication concentrators, terminals and peripheral task processors in general processor systems. Usually the DCP will be controlled by a standard microprocessor. In this kind of environment, the DCP is interfaced similarly to other peripherals with a multiplexed address/data bus (e.g., AmZ8030, AmZ8036*, and AmZ8073). This mode is called Multiplexed Control Mode. In data storage applications, the data can be passed from the CPU bus through the DCP to the mass storage controller. Most of the tape or hard disk controllers are based on microprogrammed logic. The DCP can be programmed to provide a special microprogrammed interface. This mode is called Direct Control Mode. The Multiplexed Control Mode provides a standard microprocessor interface. Chapters 4.1 to 4.11 show applications where the DCP operates in Multiplexed Control Mode. Figure 2.6 shows the most straightforward interface configuration; it is the single port configuration in Multiplexed Control Mode. In this configuration, all commands and data transferred between the CPU and DCP are passed through the Master Port. The keys for encryption and decryption may be entered through either the Master Port or the Auxiliary Port. The Master Key can only be entered through the Auxiliary Port. The Auxiliary Port is a separate port for key input only. It enhances the system security by separating the data path and the key path. In higher-speed data ciphering applications, the Master Port becomes the bottleneck of the system. Both the original text and the encrypted text have to be passed through this 8-bit port. The dual port configuration (Figure 2.7) eliminates this bottleneck. The text now flows through the devices. The CPU passes the original text through the Master Port, while the peripheral device removes the encrypted text from the Slave Port. The internal architecture of the DCP is highly pipelined. The CPU may enter one block of data, while a previously entered block is ciphered and while a third previously ciphered block may be read out. This pipelining yields data ciphering rates between 10.6 and 14.2 Mbit/s. The Direct Control Mode (Figure 2.8) provides a special microprogrammed logic interface. In Direct Control Mode the Auxiliary Port becomes a control port for the microprogrammed logic. Unlike Multiplexed Control Mode, where the DCP is now controlled by programming internal registers, the DCP is controlled by three pins of the Auxiliary Port. Two pins reflect the status of the device. In this mode, the DCP can execute only a subset of its data ciphering commands, such as loading encryption or decryption keys and initiating encryption or decryption versions. *Z8030 and Z8036 are trademarks of zilog, Inc. 17 PARITY BIT AUXFLAO AUXSTROBE MUXlDIRECT CONTROL CIK CLOCK SLAVE PORT FLAG MASTER PORT CONTROL (!) MPo-MP7 } SLAVE PORT CONTROL INPUTS MASTER PORT NOTE 1: MIlli, MAll, MRIW 1Ao119518/AmZ8O&8) MALE, Miiij, MWR (Am9568) Figure 2.9. DCP Block Diagram MAll RIW \-.I =:::x )( :~ Figure 2.10. Z8000·Type Master Port Timing (Am9518, AmZ8068) MALE ~~_ _ _ _ _ _ _ _ _ __ -J3\;t MRD ClK Figure 2.11. 8OS6·Type Master Port Timing (Am9568) 18 Chapter 2 The Mode Register defines the basic operating parameters such as ciphering mode (ECB, CBC, and CFB) and port configuration. In Direct Control Mode this register cannot be programmed. However, a reset sets this register to its default value (see Chapter 3.5). To operate the DCP in modes different from the default mode, the DCP has to be switched to Multiplexe~ Control Mode to modify the Mode Register. Therefore, the C/K pin (selecting Multiplexed Control Mode or Direct Control Mode) should be mode programmable. Other operations such as loading the Master Key and the Initial Vector (IV) Registers require also that the DCP is switched to Multiplexed Control Mode. In Multiplexed Control Mode, the full data ciphering instruction set is provided. In Multiplexed Control Mode, the devices of the DCP family support two different types of microprocessor interfaces as shown below: Am9518/AmZ8"68 The Am9518 and AmZ8068 (Figure 2.10) support a Z8000-type interface. Figur~b10 shows the basic timing. The Master Port Address Strobe (MAS) is active Low. The rising (i.~railing) edge latches the level of Master Port Chip Select (MCS) and the 2-bit register address on MP I and MP 2 • Master Port Data Strobe (IMDS) provide§.. the timing for the data transfer. The level on Read/Write (R/W) defines the data transfer direction. Timing param~ter ~£_of the product specifLcation defines the set-up time of R/W to MOS. The rising edge of MDS must be synchronous to the falling edge of the clock. Most CPUs do not meet the specified narrow time range, so external synchronization logic must be added to satisfy this parameter. The interfaces in Chapter 4 show some approaches. Am9568 The Am9568 (Figure 2.11) has a host CPU interface which is optimized for the iAPX microprocessor fami lYe Figure 2.11 shows the basic bus timing. Master Port Address Latch Enable (MALE)~ active High. The falling (i.e. trailing) edge of ALE latches MCS and the register address on MP I and MP 2 • Master Port Write (tlWR) provides timing for a data write transfer, Master Port Read (MRD) provides timing for read transfers. Both strobes must be synchronous to the clock. The range is smaller than with the Am9518 or AmZ8068. The Am9568 has advantages in applications requiring narrow address st~obes or where it is difficult to satisfy the set-up time of R/W. 19 Vss vee Vss sPo SP4 SPo SP1 SPs SP1 SP2 SP6 SP2 SP3 SP7 SP3 AUXo AUX4 AUXo AUX1 AUXs AUX1 AUXs AUX2 AUX7 AUXa SFlG AFlG AUX3 AmZ8068 Am9518 AFlG Am9568 DCP DCP ASTB ASTB PAR PAR SDS ClK ClK MFlG MPo MPo MP1 MP1 MP2 MP2 MP3 MP3 Vss TOP VIEW TOP VIEW NOTE: PIN 1 IS MARKED FOR ORIENTATION NOTE: PIN 1 IS MARKED FOR ORIENTATION. 04862A-12 04862A-13 Figure 3.2 Am9568 Connection Diagram Figure 3.1 Am9518/AmZ8068 Connection Diagram 20 Chapter 3 CHAPTER 3. FUNCTIONAL DESCRIPTION The heart of the DCP is the Data Encryption Standard (DES) algorithm unit that encrypts 64-bit blocks of clear text into corresponding 64-bit blocks of cipher text using a 56-bit key. The DCP can hold three keys simultaneously: a Master Key to generate session keys, an Encryption Key, and a Decryption Key. A block diagram of the internal structure is shown in Figure 2.4. The DCP has two 64-bit data registers: the Input and the Output Register. Transfers between these registers and the Master or Slave Port occur on the 8-bit input/output buses. The dual ports, separate internal buses and separate input and output registers compose a highly pipelined data path that maximizes the throughput by allowing simul taneous input, ciphering and output operation. The 8-bit ports handle the 64-bit blocks of data one byte at a time. Each block is strobed into the Input Register with eight Data Strobes. The most significant byte is entered first. The result block can be read from the 64-bit Output Register, also one byte at a time with the most significant byte first. 3.1. PORTS 3.1.1. MASTER PORT The Master Port is an 8-bit wide (MP0-MP7) bidirectional port. The Mode, Command, and Status Register can be accessed only through this port. The port operation is associated with four control lines, which are defined differently for the two groups of dev ices. Am9518/AmZ8r.J68: MCS Master Port Chip Select MAS Master Port Address Strobe MDS Master Port Data Strobe R/W Read/Write MCS Master Port Chip Select MALE Master Port Address Latch Enable MRD Master Port Read MWR Master Port Write Am9568: 21 Chapter 3 The DCP executes a hardware reset when two specific control lines are pulled active Low simultaneously. Namely: For the Am95l8/AmZ8068 - MAS and MDS For the Am9568 MRD and MWR In Direct Control Mode the address strobe (MAS or MA~ is a "don't care". To prevent hardware resets by mistake, tie MAS High for Am95l8/AmZ8068 Direct Control Mode applications. In Multiplexed Control Mode the address strobe latches the level of MCS and the two-bit pointer address into one of the five internal registers. In systems with a multiplexed address/data bus, this relieves the external address decode circuitry of the responsibility for latching Chip Select. The Master Port Flag (MFLG) shows the status of the device. It corresponds to the Master Port Flag bit of the Status Register. Figure 3.3 shows the association of the Master Port Flag with the Input and Output Register. In dual port configuration, the Flag reflects the status of the Master Port; it is active if data can be transferred to or from the Master Port. Input or Output Operation depends on the Mode (Encryption or Decryption) and clear or ciphered text, at the Master Port. In single port configuration, this flag always reflects the status of the Input Register, independent of the mode. Master Port in Multiplexed Control Mode The terminology of the "strobes" is defined below: Address strobe write strobe Read strobe Am95l8/AmZ8068 MAS is strobed Low Am9568 MALE is strobed High Am95l8/AmZ8068 MDS is strobed LOw, while MR/W is Low Am9568 MWR is strobed Low Am95l8/AmZ8068 MDS is strobed Low, while MR/W is High Am9568 MRD is strobed Low Entering encryption/decryption keys (clear or encrypted): The key registers are loaded by a command/data sequence. The following sequence of operations must be performed: Provide MCS, address the Command Register (MPl=High, MP2=High) and issue address strobe. 22 Chapter 3 Enter command code (see Figure 3.7) by presenting appropriate one-byte command at the Master Port issuing a write strobe. the and Provide MCS, address the Input Register (MP1=Low, MP2=Low) and issue address strobe. Load eight bytes of key data, one byte at a time, through Master Port. Keys are loaded one byte per write strobe, the most significant byte first. If the key is in encrypted form, the Master Key must be loaded first through the Auxiliary Port. Then the encrypted key can be loaded. The DCP decrypts this key internally using the Master Key and the ECB method. The clear session key is then stored in the appropriate key register. After loading the last byte of the encrypted key, no read/write to the internal registers is allowed for the subsequent 70 clock cycles. A key can only be entered into the DCPi for security reasons it cannot be read back. Parity check logic in the DCP verifies that the key is entered correctly. The least significant bit of each byte of key is the parity check bit (odd parity). Flags in the status Register are set if a parity error occurs during a key load sequence. Entering/reading the Initial Decryption (IVD): vector for Encryption (IVE) or When using the Chain Block Cipher (CBC) or Cipher Feed Back (CFB) mode, the 64-bit IV Register must be initialized. The command/data sequence is similar to the sequence for entering keys. Similar to the key, the IV can be loaded in either clear or encrypted form. The encrypted IV is decrypted using the Decryption Key (0 Key) and ECB mode before loading the appropriate IV Register. The 0 Key must be loaded first. When the IV should be read out in encrypted form, it is first encrypted using the E Key and ECB mode. It takes 70 clock cycles to encrypt or decrypt the IV. Entering or removing data: Depending on the Mode, either clear or encrypted data can be entered or removed from the Master Port. Data entered through the Master Port goes into the Input Register. Data removed from the Master Port comes from the Output Register. Data is transferred by the following sequence: Provide MCS, address data register 23 Chapter 3 Transfer data bytes, one byte per write strobe or read strobe, starting with most significant byte. The data transfer is not limited to only one block. The device accepts data whenever the corresponding flag shows that the device is ready for a data transfer. After entering one block of data, the input for 5 clock cycles if the data can be algorithm unit. If the algorithm unit is device is blocked because the output data input flag stays inactive. flag becomes inactive transferred to the still busy or if the is not read out, the The output flag becomes active whenever data is in the Output Register. After removing one block, the output flag becomes inactive for 5 clocks if the algorithm unit can provide another block. If the algorithm unit is empty, the output flag stays inactive until data is ready again. Master Port in Direct Control Mode Master Port Chip Select (M"cS) is not latched internally. It is passed directly to the internal circuitry. Enter clear E or D Key using the following sequence: Prov ide MCS. Set up appropriate code at the Auxiliary Port for E/i) Key load (see Auxiliary Port description). Strobe in eight bytes of the key, one byte per write strobe, most significant byte first. Enter or remove data: Depending on the configuration chosen by loading the Mode Register, the Master Port can be an input port, an output port or both. The mode determines the direction of data flow. The data access must agree with the mode. Thus data can only be read from the Master Port if the mode defines the Master Port as an Output Port, and data can only be written to the Master Port if it is defined as an Input Port. Prov ide MCS. Provide appropriate code at the Auxiliary Port. Read or write one byte of data per read or write strobe starting with the most significant byte of a block. 3.1.2. SLAVE PORT The Slave Port is an 8-bit-wide, bidirectional port controlled by the Slave Port Chip Select (SCS) and the Slave Port Data Strobe (SDS). The direction of the data flow is determined by control 24 Chapter 3 bits in the Mode Register. In both Multiplexed and Direct Control Mode, the Slave Port may be used for either data input or output operation. The Slave Port is only active if the dual port configuration is chosen. In dual port configuration, the Slave Port Flag (SFLG) reflects the status of the Slave Port (Figure 3.3). If the flag is active, data can be strobed in or removed depending on the programmed data flow direction. In single port configuration (Master Port only) the Slave Port Flag represents the status of the Output Register. The Slave Port Flag corresponds to one bit of the Status Register. Prov ide SCS. Read or write one byte of data per strobe (SDS) beginning with the most significant byte. SCS is not latched internally, and may be tied permanently Low without impairing Slave Port operation. 3.1.3. AUXILIARY PORT The Auxiliary Port has fundamentally different functions Multiplexed Control Mode and in Direct Control Mode. in Auxiliary Port in Multiplexed Control Mode The port is 8-bits wide and can be used for key input only. The status signal Auxiliary Port Flag (AFLG) becomes active whenever key data can be entered. The rising edge of the control signal Auxiliar~rt Strobe (ASTB) strobes in th~ key data one byte at a time. ASTB is ignored unless AFLG and CIK are both Low. To use the Auxiliary Port for key entry, the following sequence can be performed: Enter an appropriate command through the Master Port into the Command Register that requires Auxiliary Port operation; e.g., "Load Encrypted E Key through Auxiliary Port". In response to these commands, the Auxiliary Flag (AFLG) becomes active Low. Eight bytes of ke~n then be entered by strobing Auxiliary Strobe (ASTB). AFLG becomes inactive shortly after the falling edge of the eighth strobe. The Master Key, which is needed to generate session keys, can only be loaded through the Auxiliary Port. A key loaded in encrypted form is decrypted using the Master Key and ECB mode. To guarantee the system security, a key cannot be read back. Auxiliary Port in Direct Control Mode In this mode, the Auxiliary Port operates as a control port for the microprogrammed logic. A subset of the cipher processing commands can be executed. Three pins are control inputs, two pins are status outputs: 25 Encryptl Decrypt M4 Port Configuration M3 M2 Input Register Flag Output Register Flag 0 0 0 MFLG SFLG 0 0 1 SFLG MFLG 0 1 0 MFLG SFLG 1 0 0 SFLG MFLG 1 0 1 MFLG SFLG 1 1 0 MFLG SFLG 04862A-14 Figure 3.3. Association of Master Port Flag (MFLG) and Slave Port Flag (SFLG) with Input and Output Registers Am9518/AmZ8068 Register Addressed C/K MP 2 MP 1 MR/W MCS 0 X 0 0 0 0 X 0 1 0 Output Register 0 0 1 0 0 Command Register 0 0 1 1 0 Status Register 0 1 1 X 0 Mode Register X X X X 1 No Register Accessed 1 X X 0 0 Input Register 1 X X 1 0 Output Register Input Register Am9568 C/K MP 2 MP 1 MRD MWR MCS Register Addressed 0 X 0 1 0 0 Input Register 0 X 0 0 1 0 Output Register 0 0 1 1 0 0 Command Register 0 0 1 0 1 0 Status Register 0 1 1 X X 0 Mode Register X X X X X 1 No Register Accessed 1 X X 1 0 0 Input Register 1 X X 0 1 0 Output Reg ister 04862A-15 Figure 3.4. Master Port Register Addresses 26 Chapter 3 AUX7-K/D (Key/Data, Input) When this signal goes High, the DCP initiates a key-data input sequence as if a Load Clear E or D Key through_Master Port command has been entered. The level on AUX 6 -E/D determines whether the subsequently entered clear-key bytes are written into the E Key Register (E/D High) or into the D Key Register (E/D Low) • AUX 7 -K/D and AUXS-S/S are mutually exclusive control lines; when one goes active (High), the other must be and remain inactive (Low) until the first returns to an inactive state. In addition, both lines must be inactive (Low) whenever a transition occurs on C/K (entering or exiting Direct Control Mode). AUX6-E/D (Encrypt/Decrypt, Input) When AUXS-S/S goes High, initiating a normal data ciphering operation, this input specifies whether the ciphering algorithm is to encrypt (E/D High) or decrypt (Low). When AUX7-KjD goes High, initiating entry of key bytes, the level on AUX6-E/D specifies_whether the bytes are to be written into the E Key Register (E/D High) or the D Key Register (E/D Low). The AUX 6 -E/D input is not latched inte~nally, a~ must be held constant whenever one or more of AUXS-S/S, AUX7-K/D, AUX2-BSY, or AUX3-C~ are active. Failure to maintain the proper level on AUX6-E/D during loading or ciphering operations will result in scrambled data in the internal registers. AUXs-S/S (Start/Stop, Input) When this pin goes Low (Stop) the DCP will follow the sequence that would normally occur were a Stop command to be entered. Conversely, when this pin goes High, a sequence equivalent to a Start Encryption or Start Decryption command will be followed. At the time AUXS-S/S goes High, the level on AUX6-E/D (see above) selects either the Start Encryption or Start Decryption interpretation. AUX3-CP (Command Pending Output) This active Low status output gives a hardware indication that the DCP is ready to accept input of key bytes following a Low-toHigh transition on AUX 7 -K/D. AUX3-CP is driven by the CP bit in the Status Register (see Register Description), such that when the CP bit is "1" (active), AUX 3 -CP is Low. 27 Chapter 3 AUX2-SSY (Busy, Output) This active Low status output gives a hardware indication that the ciphering algorithm is in operation. AUX2-BSY is driven by the BSY bit in the Status Register, such that when the BSY bit is "1" (active), AUX2-BSY is Low. The Mode, Command, or Status Registers are not directly accessible in Direct Control Mode. A subset of commands can be executed by controlling pins of the Auxiliary Port as described above. In most Direct Control Mode applications, the C/K input pin, which selects Multiplexed or Direct Control Mode, must be programmable. It allows the user to initialize the DCP in Multiplexed Control Mode, to choose a mode other than the default mode, to load the Master Key, to generate session keys, or to load the Initial vectors. After doing this the device can be switched to Direct Control Mode by raising the level at the C/K input pin to High. C/K can be tied High if the user wants the DCP to operate in the default mode (i.e. ECB, dual port configuration, Master Port handles clear text, and Slave Port handles encrypted text). 3.1.4. KEY AND DATA LOAD IN DIRECT CONTROL MODE In Direct Control Mode, keys can only be entered through the Master Port. This is accomplished in the following manner: Hold AUX 6 -E/D High when loading the encryption key or hold it Low when loading the decryption key. Keep AUXS-S/S Low. Hold AUX7-K/D High and issue eight write strobes at Master Port as described in the Master Port section. the The levels of AUX S _7 should be held constant throughout the entire operation. The data transfer is similar to the key load. AUX6-E/D and the selected mode determine the data flow direction. In the defaul t mode where the Master Port handles clear data while the Slave Port handles encrypted data, a High on AUX6-E/D (encryption mode) defines the Master Port as an input port for the clear data and thg Slave Port as an output port for the ciphered data. If AUX6E/D is switched to Low (decryption mode) the data flow direction is turned around. The Slave Port is now the input port for the encrypted data. The Master Port becomes the output port of the deciphered or clear data. A data ciphering session is set up as follows: 28 Chapter 3 Set AUX6-E!D to the appropriate level. Keep AUX 7 -K/D Low the entire session. Set AUXS-S/S High to start the ciphering session. 3.2. REGISTERS In Multiplexed Control Mode, directly accessed: five internal registers can be Command Register (wr i te onl y) Status Register (read only) Mode Register (read/wri te) Input Register (write only) Output Register (read only) In Direct Control Mode, only the Input and Output Registers are addressable through the Master Port. The register addresses are shown in Figure 3.4. The Input and Output Registers and the Command and Status Registers each have the same address. A read or write access determines which register is selected. To gain access to any of these registers in Multiplexed Control Mode, execute the following sequence: Provide MCS and the register address. Provide address strobe. Read or write the addressed register by issuing a read or write strobe. Command Register Data written to the 8-bit, write-only Command Register through the Master Port is interpreted as an instruction. The commands and their hexadecimal representations are summarized in Figure 3.7. A detailed description of these commands is given in the section "Commands". Status Register The 8-bit, read-only Status Register (see Figure 3.S) has the same address as the Command Register. The status bits PAR, AFLG, SFLG, and MFLG indicate the status on the like-named output pins. Note, however, the status bits are active High, whereas the status pins are active Low. Additionally, in Direct Control Mode two pins of the Auxiliary Port reflect the flag bits CP and BUSY. 29 I I I I I I I I I S7 56 S5 54 S3 S2 S1 So ~ MASTER PORT FLAG 0= INACTIVE 1 = ACTIVE SLAVE PORT FLAG 0= INACTIVE 1 = ACTIVE AUXILIARY PORT FLAG 0= INACTIVE 1 = ACTIVE PARITY (PAR) 0= ODD PARITY 1 = EVEN PARITY LPAR 0= ALL BYTES HAD ODD PARITY 1 = ONE OR MORE BYTE HAD EVEN PARITY BUSY O=NOTBUSY 1 = BUSY COMMAND PENDING O=INACTIVE 1 = ACTIVE START/STOP 0= STOP ENTERED 1 = START ENTERED 04862A-16 Figure 3.5. Status Register Bit Assignments RESERVED ~ CIPHER TYPE 00 = ELECTRONIC CODE BOOK (DEFAULT) 01 = CIPHER FEEDBACK 10 = CIPHER BLOCK CHAIN 11 = RESERVED ' - - - - - - - - - PORT CONFIGURATION 00 = DUAL PORT, MASTER ENCRYPTED, SLAVE CLEAR 01 = DUAL PORT, MASTER CLEAR, SLAVE ENCRYPTED (DEFAULT) 10 = SINGLE PORT, MASTER ONLY 11 = RESERVED ' - - - - - - - - - - - - - - ENCRYPT/DECRYPT 1 = ENCRYPT 0= DECRYPT Figure 3.6. Mode Register Bit Assignments 30 04862A-17 Chapter 3 The parity bit (PAR) indicates the parity of the most recently entered key byte. If this byte had even parity, the parity bit is set to signal a parity error. The second parity bit (LPAR) stores the parity error. It is set if anyone key byte had even parity since the last Reset or Load Key command. The Busy bit wi 11 be a "1" whenever the ciphering algorithm uni t is actively encrypting or decrypting data, either as a response to a command such as Load Encrypted Key (in which case the Command Pending bit will be a "1"), or in the ciphering of regular text (indicated by the Start/Stop bit being a "1"). The Busy bit will remain a "1", even after ciphering is complete, if the ciphered data cannot be transferred to the Output Register because it contains output from a previous ciphering cycle. Busy will be "0" at all other times, including the case where no ciphering is possible because no data has been written to the Input Register. The Command Pending bit will be set to "1" by a command that requires the transfer of data to or from a non-addressable internal register, such as when writing key bytes to the E Key Register or reading bytes from the IVE Register. Thus, Command Pending will be set following all commands except the three Start commands, the Stop command and the Software Reset command. Command Pending will return to "0" after all eight bytes have been transferred following Load Clear, Read Clear or Read Encrypted commands; and after data has been transferred, decrypted and loaded into the desired register following Load Encrypted commands. The Start/Stop bit is set to "1" when one of the Start commands is ~ntered, and is reset to "0" whenever a reset occurs or when a command other than a Start is entered. Mode Register Bit Assignments in the 5-bit read/write register are shown in Fi9ure 3.6. The Cipher Type bits (Ml, M0) indicate to the DCP WhlCh ciphering algorithm is used. On reset, the Cipher Type defaults to Electronic Code Book. Configuration bits (M3, M2) indicate which data ports are associated with the Input and Output Registers and flags. When these bits are set to the Single Port, Master Port-only con~igura,tion (M3, M2=10B) t,he Slave Port is disabled an~o manlpulatlon of Slave Port ChlP Select (SCS) or Data Strobe (SDS) can result in data movement through the Slave Port; all data transfers are accomplished through the Master Port. Both MFLG and SFLG are used in this configuration; MFLG gives the status of the Input Register and SFLG, the status of the Output Register. When the Configuration Bits are set to one of the Dual Port configurations (M 3 , M2=00B or 01B), both the Master and Slave 31 Chapter 3 Ports are available for input and output. When M3 , M2=01B (the default configuration), the Master Port handles clear data while the Slave Port handles encrypted data. Configuration M3 , M2=00B reverses this assignment. Actual data direction at any particular moment is controlled by the Encrypt/Decrypt bit. The Encrypt/Decrypt bit (M4) instructs the DCP algorithm processor to encrypt or decrypt the data from the Input Register using the ciphering method specified by the Cipher Type bits. The Encrypt/Decrypt bit also controls data flow within the DCP. For example, when the configuration bits are "01B" (Dual Port, Master Clear, Slave encrypted) and the Encrypt/Decrypt bit is "1" (encrypt), clear data will flow into the DCP through the Master Port and encrypted data will flow out through the Slave Port. When the Encrypt/Decrypt bit is set to "0" (decrypt), data flow reverses. Input Register The 64-bit, write-only Input Register is organized to appear to the user as eight bytes of push-down storage. A status circuit monitors the number of bytes that have been stored. The register is considered empty when the data stored in it has been or is being processed; it is considered full when one byte of data has been entered in cipher feedback or when eight bytes of data have been entered in Electronic Code Book or Cipher Block Chain. If the user attempts to write data into the Input Register when it is full, the Input Register will disregard this attempt; no data in the register will be destroyed. Output Register The 64-bit, read-only Output Register is organized to appear to the user as eight bytes of pop-up storage. A status circuit detects the number of bytes stored in the Output Register. The register is considered empty when all the data stored in it has been read out. It is considered full if it contains one or more bytes of output data. If a user attempts to read data from the Output Register when it is empty, the buffers driving the output bus will remain in a three-state condition. The following multibyte registers cannot be directly addressed, but are loaded or read in response to commands written to the Command Register. (See Commands.) Master Key Register (write only) Encryption Key Register (wri te on 1 y) Decryption Key Register (wri te only) Initial Vector for Encryption (read/wri tel Initial Vector for Decryption (read/write) 32 Chapter 3 Master Key Register The 56-bit Master Key Register can be loaded only with clear data through the Auxiliary Port. The load has to be preceded by the command "Load Clear M Key through Auxi 1 iary Port". The Master Key is used to generate session keys. The correctness of entering the key can be verified by checking the LPAR bit of the Status Register. Encryption and Decryption Key Register The 56-bit Encryption Key or the 56-bit Decryption Key can be loaded through the Master Port or Auxiliary Port, in clear or in encrypted form. If the key is loaded in encrypted form, it is first routed to the Input Register, to be decrypted using the Master Key. It is then transferred to the appropriate key register. Initial Vector Registers Two 64-bit Initial Vector Registers are provided to store feedback values for CBC and CFB mode. Both registers can be loaded or read out through the Master Port in either clear or encrypted form. The E Key is used to decrypt the IV and the D Key to encrypt the IV utilizing the ECB mode. These registers have to be initialized only for CBC and CFB. The value is exclusive OR'ed with the first data block. Then the register is reloaded or modified. For detailed information refer to the section "Modes of Operation" in Chapter 2.2. For test purposes these registers can be read out. Before reading the Initial Vectors, the Output Register must be flushed out by removing all data or by issuing a Reset. The IVs are eight bytes long and loaded one byte at a time with the most significant byte first. No parity check is done on these vectors. 3.3. COMMANDS All operations of the DCP result from command inputs, which are entered in Multiplexed Control Mode by writing a command byte to the Command Register. Commands are entered in Direct Control Mode bYJaising and l_owering the logic levels on the AUX7-K/O, AUX 6 -E/D and AUX 5 -s/S pins. Figure 3.7 shows all commands that may be given in Multiplexed Control Mode. Figure 3.8 shows that subset executable in Direct Control Mode. 33 Hex Code Command 90 91 92 11 12 Load Load Load Load Load Clear Clear Clear Clear Clear M Key through Auxiliary Port E Key through Auxiliary Port D Key through Auxiliary Port E Key through Master Port D Key through Master Port B1 B2 31 32 Load Load Load Load Encrypted Encrypted Encrypted Encrypted 85 84 A5 A4 Load Load Load Load Clear lYE through Master Port Clear IYD through Master Port Encrypted lYE through Master Port Encrypted IYD through Master Port 8D 8C A9 A8 Read Read Read Read Clear lYE through Master Port Clear IYD through Master Port Encrypted lYE through Master Port Encrypted IYD through Master Port 39 41 40 CO Encrypt with Master Key Start Encryption Start Decryption Start EO 00 Stop Software Reset E Key through Auxiliary Port D Key through Auxiliary Port E Key through Master Port D Key through Master Port 04862A-18 Figure 3.7. Command Codes in Multiplexed Control Mode Pins Command Initiated C/K AUXrK/D AUX 6·E/D AUXs·S/S Start Decryption X I I I I L L Load D Key Clear through Master Port H I H L Load E Key Clear through Master Port H j X L End Load Key Command H L L H L H H L H H H X H L Data Data Data Start Encryption Stop Not Allowed AUX Pins Become Key-Byte Inputs 04862A-19 Figure 3.8. Implicit Command Sequences in Direct Control Mode 34 Chapter 3 Load Clear M Key Through Auxiliary Port (99 H) Load Clear E Key Through Auxiliary Port (91 H) Load Clear 0 Key Through Auxiliary Port (92 H) These commands override the data flow specifications set in the Mode Reg i ster and cause the Master (M), Encrypt (E), or Decrypt (D) Key Register to be loaded with eight bytes written to the Auxiliary Port. After the Load command is written to the Command Register, the Auxiliary Port Flag (AFLG) will go active (Low), and the corresponding bit in the Status Register (S2) will go to "1", indicating that the device is able to accept key bytes at the Auxiliary Port pins. Additionally, the Command Pending bit (S6) will go to "1" during the entire loading process. Each byte is written by placing an active Low signal on the Auxiliary Port Strobe (ASTB) once data has been set up on the Auxiliary Port pins. The actual write process occurs on the rising (trai 1 ing) edge of ASTB. The Auxiliary Port Flag (AFLG) will go inactive immediately after the eighth strobe goes active (Low), but, the Command Pending bit (S6) will remain "1" for several more clock cycles, until the key loading process is completed. All key bytes are checked for correct (odd) parity as they are entered (see Parity Checking). Load Clear E Key Through Master Port (llH) Load Clear 0 Key Through Master Port (12 H) These commands are available in both Multiplexed Control and Direct Control Modes. They override the data flow specifications set in the Mode Register and attach the Master Port inputs to the Encrypt (E) or Decrypt (D) Key Register, as appropriate, until eight key bytes have been written. In Multiplexed Control Mode, the command is initiated by writing the Load command to the Command Register. In Direct Control Mode, the command is in~tiated by raising the AUX 7 -K/D control input while the AUX5~ sis input is Low. In this later case, the level on AUX6-EjD determines which key register is written (High=E-Key Register, Low=D-Key Register). Once the command has been recognized, the Command Pending bit (S6 in the Status Register) will go to "1", and in Direct Control Mode AUX 3 -CP will go active (Low), indicating that key entry may proceed. The host system then writes exactly eight bytes to the Master Port (at the Input Register address in Multiplexed Control Mode). When the key register has been loaded, Command Pending will return to "0", and in Direct Control Mode the AUX3-CP output will go inactive, indicating that the DCP can accept the next command. 35 Chapter 3 Load Encrypted E Key Through Auxiliary Port (B1 H) Load Encrypted D Key Through Auxiliary Port (B2H) Execution of these commands (in Multiplexed Control Mode only) is similar to the Load Clear E (D) Key Through Auxiliary Port, except that key bytes are first decrypted using the Electronic Code Book algorithm and the Master (M) key, and then loaded into the appropriate key register, after having passed through the parity check logic (see Parity Checking). The Command Pending bit (8 6 ) will be "1" during the entire decryp,t-and-load operation. In addition, the Busy bit (85) will be "1' during the actual decryption process. Load Encrypted E Key Through Master Port (31H) Load Encrypted D Key Through Master Port (32 H) These commands (in Multiplexed Control Mode only) are similar in effect to the Load Clear E (D) Key Through Master Port, except that key bytes are initially decrypted using the Electronic Code Book algorithm and the Master (M) Key, and then loaded byte-bybyte into the target key register, after having passed through the parity check logic (see Parity Checking). The Command Pending bit (86) wi 11 be "1" during the entire decrypt-and-load operation. In addition, the Busy bit (85) will be "1" during the actual decryption process. Load Clear IVE Register Through Master Port (85 H) Load Clear IVD Register Through Master Port (84H) These commands (in Multiplexed Control Mode only) are almost identical to Load Clear E (or D) Key Through Master Port except that the data written to the Input Register address is routed to the Encryption Initial Vector (IVE) or Decryption Initial Vector (IVD) Register instead of a key register, and no parity checking occurs. Command Pending (86) is a "I" during the entire loading process. Load Encrypted IVE Register Through Master Port (A5 H) Load Encrypted IVD Register Through Master Port (A4H) These commands are analogous to the Load Encrypted E (or D) Key Through Master Port commands. The data flow specifications set in the Mode Register are overridden and the eight vector bytes are decrypted using the Decryption (D) Key and the Electronic Code Book algorithm. The resulting clear vector bytes are loaded into the target Initial Vector Register, and no parity checking occurs. The Busy bit (85) does not go to "I" during the decryption process, but Command Pending (86) will be "I" during the entire decryption-and-load operation. 36 Chapter 3 Read Clear IVE Register Through Master Port (8DH) Read Clear IVD Register Through Master Port (8C H) The effect of these commands (in Multiplexed Control Mode only) is to override the data flow specifications set in the Mode Register and to connect the appropriate Initial vector Register to the Master Port at the Output Register address. In this state, each IV Register appears as eight bytes of FIFO storage. The first byte of data will be available 6 clocks after the loading the Command Register. The Command Pending bit will be set to "1" and will remain a "1" until sometime after the eighth byte is read out. The host system has the responsibility to read out exactly eight bytes. Read Encrypted IVE Register Through Master Port (A9 H) Read Encrypted IVD Register Through Master Port (ABH) The effect of these commands (in Multiplexed Control Mode only) is to override the specifications set in the Mode Register and to encrypt the contents of the specified Initial Vector Register using the Electronic Code Book algorithm and the Encrypt (E) Key. The resulting cipher text is placed in the Output Register, from which it can be read out as eight bytes through the Master Port. During the actual encryption process the Busy bit (Ss) will be "1". When Busy goes to "0", the encrypted vector bytes are ready to be read out. Command Pending (S6) will be "1" during the entire encryption-and-output process, and will go to "0" when the eighth byte is read out. The host system is responsible for reading out exactly eight bytes. Encrypt with Master (M) Key (39 H) This command, in Multiplexed Control Mode only, overrides the data flow specifications set in the Mode Register and causes the DCP to accept eight bytes from the Master Port, written to the Input Register. When eight bytes have been received, the DCP encrypts the input using the Master (M) Key. The encrypted data is loaded into the Output Register, where it may be read out through the Master Port. The Command Pending (S6) and Busy (Ss) bits are used to sense the three phases of this operation. Command Pending goes to "1" as soon as the Input Register can accept data. When exactly eight bytes have been entered, the Busy bit will go to "1" until the encryption process is complete. When Busy goes to "0", the encrypted data is available to be read out. Command Pending will return to "0" when the eighth byte has been read. Start Encryption (41 H) Start Decryption (49H) Start (CI H) The three "Start" commands begin normal data ciphering by setting the Start/Stop bit (S7) in the Status Register to "1". The Start Encryption and Start Decryption commands explicitly specify the 37 Chapter 3 ciphering direction by forcing the Encrypt/Decrypt bit (M4) in the Mode Register to "1" or "0", respectively, whereas Start uses the current state of the Encrypt/Decrypt bit, as specified in a previous Mode Register load. When a Start command has been entered, the Port Status Flag (MFLG or SFLG) associated with the Input Register will become active (Low), indicating that data may be written to the Input Register to begin ciphering. In Direct Control Mode, the Start command is issued by raising the level on the AUX5-S/S input (see Figure 3.8). The ciphering directio~ is specifiea by the ~vel on AUX6-E/O. If AUX6-E/D is High when_AUX5-S/S goes High, the command is Start Encryption. If AUX6-E/D is Low, it is Start Decryption. Stop (Elf H) The stop command clears the Start/Stop_bit (S7~ the Status Register. This causes the input flag (MFLG or SFLG) to become inactive and inhibits the loading of any further input into the algorithm unit. If ciphering is in progress (Busy bit (S5) is "1" or AUX2-BSY is active), the ciphering process is terminated. Any data in the Output Register will remain accessible (except in CFB mode). In CFB mode, the last byte of data must be read out before issuing the Stop command. In Direct Control Mode, the Stop command is implied when the signal level on the AUX5-S/S input goes from High to Low (see Figure 3.8). Software Reset (If If H) This command has the same effect as a hardware reset; it forces the DCP back to its default configuration, and all processing flags go inactive. In the default configuration the Mode Register is set to Electronic Code Book cipher type, and Dual Port Configuration with Master Port clear, Slave Port encrypted. 3.4. PARITY CHECKING OF KEYS To enhance system security, the DCP provides no way to read back the keys. A parity check on each byte of key input guarantees the user that the key is entered correctly. Key bytes are considered to contain seven bits of key information and one parity bit. The parity checking circuit is enabled whenever a byte is written to one of three key registers. The output of the parity detection circuit is connected to pin PAR and the state of this pin is reflected in Status Register bit PAR (S3). Status Register bit PAR goes to "1" whenever a byte with even parity (an even number of "Is") is detected. In addition to the PAR bit, the Status Register has a Latched Parity Bit (LPAR, 38 Chapter 3 S4) which is set to "1" whenever the Status Register PAR bit goes to "1". Once set, the LPAR bit is not cleared unti 1 a reset occurs or a new Load Key command is issued. When an encrypted key is enter"ed, the parity detect logic operates only after the decrypted key is available. The encrypted data is not checked for parity. The PAR signal will reflect the state of the decrypted bytes on a byte-to-byte basis, as they are clocked through the parity check logic on their way to the Key Register. Thus, the time PAR indicates the status of a byte of decrypted key data may be as short as four clock cycles. The LPAR bit in the Status Register will indicate if any erroneous bytes of key were entered. 3.5. INITIALIZATION After power up the DCP must be reset in one of severa 1 poss ib 1 e ways. Under some conditions the DCP is reset automatically (e.g., aborting a command). Hardware Reset: Am95l8/AmZ8068: MAS and MDS are Low simul taneous ly Am9568: MRD and MWR are Low simultaneously Figures 3.9 and 3.10 show the reset timings. Parameter 5 specifies the minimum strobe widths; parameter 6 the hold time to the rising edge of the clock. The strobe width may be wider than specified by parameter 5. In this case the strobe has to meet only the set-up time (parameter 5 minus parameter 6) and hold time (parameter 6) to at least one rising edge of the clock. This means, for strobes wider than one clock period, the trailing edge does not have to be synchronized to the rising edge of the clock. Software Reset: The DCP can be reset by software in three ways: - Issue the Software Reset command (00H)· - Load the Mode Register. - The DCP is reset by aborting any command, Le., by entering any command before the previous command is completely executed or terminated. The abort does not destroy the Mode Register; it only resets the flags. A reset sets the Mode Register to the default value "14 H". It selects encryption, ECB mode, and dual port configuration with Master Port clear data and Slave Port encrypted data. The reserved bits of the Mode Register are read back as "ls". 39 :=fH2=' ',' · MDS _ _ _ _ ~L_ ______ ~~ _ _ _ __ _ NOTE: NUMBERS 1-5 CORRESPOND TO TIMING PARAMETERS OF PRODUCT SPECIFICATION Figure 3.9. Am9518/AmZ8068 Clock and Reset ::=fH2=' ',' , MWR _ _ _ _ ~L_ ________ ~ _ _ _ __ _ NOTE: NUMBERS 1-5 CORRESPOND TO TIMING PARAMETERS OF PRODUCT SPECIFICATION Figure 3.10. Am9568 Clock and Reset MAS Arn95181 ArnZ8068 t----------------------;ClK ClK 04862A-22 Figure 3.11. Am9518/AmZ8068 Reset Logic Arn9568 t----------------------; ClK ClK 04862A·23 Figure 3.12. Am9568 Reset Logic 40 Chapter 3 Figures 3.~1 and 3.12 show hardware reset circuits which guarantee that the strobes are synchronous to the rising edge of the clock. 3.6. MULTIPLEXED CONTROL MODE This chapter describes in detail which steps must be executed to operate the DCP using ECB, CBC, and CFB in Multiplexed Control Mode. All the program sequences are set up for a Master Port-only configuration. The device at the Master Port handles both input and output data. To set the DCP up for pipelined operation, strobe in additional data after initializing the device and before entering the data transfer loop (see Chapter 3.9). For dual port configuration, the same basic program sequence can be executed, modifying only the data transfer session. Now the CPU handles either input or output data, so one transfer task must be removed from the command sequence. The high-speed peripheral connected to the Slave Port executes the remaining task. Data can be put in or read back concurrently. 3.6.1. ECB OPERATION Figure 3.13 shows the program sequence. Step 1: A hardware or software reset clears all Status Register flags and sets the Mode Register to the default condition. Step 2: The Mode Register is loaded via the Master Port. The loaded value determines the port configuration, the mode of operation (ECB, CBC, or CFB) and encryption or decryption. For example, to enter clear data through the Slave Port and remove encrypted data from the Master Port using ECB mode for encryption, the Mode Register is loaded with 10 H (see Chapter 3.2, "Mode Register"). Step 3: The clear encryption or decryption key can be loaded through either the Master Port or the Auxiliary Port. After entering the appropriate command, the Command Pending bit of the Status Register becomes active (High) until the entire B-byte key is entered with the most significant byte first. Step 3A: Step 3A and 3B can be performed as an alternative to Step 3. In these two steps, the keys are loaded in encrypted form. The Master Key Register has to be loaded first for decrypting encrypted keys. The appropriate command is "Load M Key Through Auxiliary Port" (90 H). When this command is entered, the Auxili~lag in the Status Register goes active High and the AFLG output pin goes Low. The DCP expects data input through the 41 3. 3. LOAD CLEAR ElD KEY 3.1 04862A-25 04862A·24 Figure 3.13. ECB Operation Flow Chart Figure 3.14. CBC Operation Flow Chart 42 Chapter 3 Auxiliary Port. The Master Key is entered by strobing in eight bytes, one byte per Auxiliary Strobe (ASTB), most significant byte first. Step 3B: The encrypted E or D Key can be loaded through the Master or Auxiliary Port. Chapter 3.3 lists the commands. Step 4: The DCP recognizes three start commands: "Start Encryption", "Start Decryption" and "Start". The first commands set or reset the Encryption/Decryption bi t of the Mode Register. If the "Start" command is issued, the Mode Register stays unchanged and the DCP is ready to process data according to the existing Mode Register bit configuration. Step 5: After entering a Start command, the DCP indicates readiness for data input by activating the Input Register flag. Data then can be entered through the assigned input port. NOTE: Ports are assigned on a Clear or Encrypted text basis. In dual port configuration, a change from encryption to decryption reverses the data flow direction. The ports are reassigned; the former input port becomes now an output port and vice versa. This reflects the logical situation in most applications. A good example is a hard disk application: For data security the data is stored in encrypted form on the hard disk. When writing to the disk, the data is encrypted by flowing through the DCP to the disk controller. When reading back, the DCP is programmed for decryption mode, and the data flows in the reverse direction from the disk controller to the system memory. Two flags are associated with the data registers, the MFLG and the SFLG. For flag description see Chapter 3.1. These flags can be sensed by software or hardware. The CPU can monitor the bits of the Status Register by software; the two output pins can drive a Ready/Wait or DMA Request logic. Note that the Status Register bits are active High, whereas the flag output pins are active Low. Step 6: Whenever the input flag is active, the DCP is ready to accept data. Data is transferred to the 64-bit Input Register one byte at a time, most significant byte first. When the Input Register is full (Le., all eight bytes of data are entered) the input flag becomes inactive and the data is transferred via the internal bus to the algorithm unit. Step 7: Whenever the output flag becomes active, data can be removed from the Output Register. 43 Chapter 3 Step 8: Data is removed from the output port one byte at a time with the most significant byte first. The output flag becomes inactive when the eighth byte is removed, indicating that the transfer is complete. Step 9: Loop through Step 5 through session should be terminated. 8 unti 1 the ciphering Step 10: The session is terminated by issuing the "Stop" command. After termination, all remaining processed data will be available at the output port until the DCP is reset. Thus the "Stop" command can be issued after transferring the last input block. When all data is removed, all flag bits of the Status Register are inactive (00H)' To resume the ciphering session with the same parameters, issue a Start command as in Step 4 and proceed. Before restart, any data from the previous session must be r em 0 v e d 0 r i t w ill bel 0 st. 3.6.2. CBC OPERATION A flow chart of CBC Operation in Multiplexed Control Mode is given in Figure 3.14. The flow chart of Cipher Block Chaining is very similar to ECB operation except that the IV Register must be loaded. The Initial Vector can be entered in clear (Step 3.1) or encrypted form (Step 3.lA and 3.lB). Listed below are those steps which differ from the ECB instruction sequence: Step 3.1: Issue "Load Clear IV through Master Port" command and strobe in 8 bytes of IV, most significant byte first. The Initial Vector can only be loaded through the Master Port to the address of the Input Register. After the command is issued the Command Pending bit in the Status Register becomes active for the following IV transfer. Step 3.1A: If the Initial Vector is entered in encrypted form, the vector is decrypted utilizing the D-Key before being loaded in the appropriate register. If the D-Key is not entered in Step 3, it must be entered now. Step 3 .1B: Issue "Load Encrypted IV through Master Port" command and strobe 8 bytes of encrypted IV into the Input Register, most significant byte first. The DCP then decrypts this Initial Vector using the D-Key in ECB mode, and loads it into the IV Register. The bits of the Mode Register are not affected. This 'sequence works for entering the IV for encryption (IVE) and decryption (IVD). 3.6.3. CFB OPERATION The flow chart for the instruction sequence in CFB mode is very similar to the CBC mode. The DCP is programmable to execute 44 Chapter 3 single-byte CFB Operation. In CFB, the Input and Output Registers can hold only one byte each. The IV is ciphered by the algorithm unit. The result is then EXORed with the input byte which is treated as the most significant byte. The EXOR result is loaded into the Output Register to be read out by the CPU and is also shifted into the current IV Register. The lower seven bytes of the result block are discarded (see Chapter 2.2.). The Output Register must be emptied in CFB mode before issuing a "Stop" command. The session can be resumed after stop by issuing "Start". If the user has to stop in the middle of a data block input (ECB or CBC) operation in Multiplexed Control Mode, the following instruction sequence should be used to avoid erroneous data: Issue "Stop" command. Read all output data available. Reload the Mode Register. Issue "Start" command. Check for input flag active then resume data input. 3.7. DIRECT CONTROL MODE The DCP operates in Direct Control Mode when the C/K input pin is High. The commands are issued by controlling the pins of the Auxiliary Port (see Chapter 3.1). The Mode Register cannot be accessed in Direct Control Mode. The state of the E/O and K/O pins should be held constant throughou t the ent i re load i ng process. The sta te 0 f Sis must be held constant throughout the entire data ciphering session. 3.7.1. ECB OPERATION A flowchart of ECB operation in Direct Control Mode is shown in Figure 3.15. An explanation of each step is given below: Step 1: It is advisable to have the C/K pin programmable if the DCP is intended to operate in Direct Control Mode. C/K must be pulled Low (Multiplexed Control Mode) to access the Mode and Master Key Register in the initialization phase. 45 04S62A·26 Figure 3.15. Direct Control Mode ECB Operation Figure 3.16. Direct Control Mode CBC/CFB Operation 46 Chapter 3 C/K can be tied High permanently if the application requirement is the same as the default condition of the DCP. In the default condition, the Mode Register is set up for ECB encryption with Master Port assigned to clear data and Slave Port assigned to encrypted data. No session keys can be generated; only clear keys can be entered. The default condition may be a~~ieved b~_~ hardware reset (applying a Low to MAS and MDS (Am95l8/AmZ8068) or MRD and MWR (Am9568) simultaneously). If the default mode is not practical, switch to Multiplexed Control Mode and load the Mode Register. If necessary the Master Key Register can be loaded and session keys may be generated at this time. Then switch back to Direct Control Mode. Step 2: A High on the K/D pin of the Auxiliary Port sets up the DCP for key entry. (S/8 stays Low for the entire key load process. A High at the E/5 pi n se 1 ects the E-Key load, a Low selects the D-Key load. The DCP responds by activating the CP output pin. As soon as CP becomes active, keys can be strobed into the Master Port by providing data write strobes. MCS must be Low. The control lines of the Auxiliary Port should be held steady throughout the entire load process. Step 3: A "Start" command is entered by raising the S/S line. The level at E/D selects encryption (High) or decryption mode (Low). K/D has to be Low throughout the ciphering session. The DCP responds to the start command by activating the input port flag. S/S must be held steady during the ciphering session. For flag assignment information refer to Chapter 3.1. Step 4: Whenever the input flag is active, data can be entered through the Master or Slave Port depending on the selected mode. To achieve the highest throughput, follow the notes given in Chapter 3.9 (pipe1ining). Step 5: When the DCP has processed the data, the output flag wi 11 become active. Data may be removed from the output port when the flag is active. Step 6: At the end of the ciphering command by pulling S/S Low. 47 session, issue a "Stop" Chapter 3 3.7.2. CBC AND CFB OPERATION The instruction sequence to perform CBC or CFB operation in Direct Control Mode is simi lar to ECB operation. In these operation modes the C/K pin must be programmble, because the IV needed for CBC and CFB can only be loaded in Multiplexed Control Mode. Loading the encryption and decryption keys can be performed when C/K is Low (Multiplexed Control Mode) or High (Direct Control Mode) • Figure 3.16 shows a flow chart. Do not issue a stop command if Busy (BSY) or Command Pending (CP) are active. In CFB operation, all output data must be removed from the Output Register before a stop command is entered. In this mode the user is limited to one session at a time. The DCP must be reinitialized before resuming the ciphering session. The steps are shown below: Switch to Multiplexed Control Mode (C/K=Low). Reload the Mode Register to previous configuration. Switch back to Direct Control Mode (C/K=High). Issue Start command. Check for input flag active, then resume data input. If the DCP is stopped in the middle of a data block input, the following steps must be performed to avoid erroneous data and to resume operation: Issue stop command. Read all available output data. Switch to Multiplexed Control Mode (C/K=Low). Reload Mode Register. Switch back to Direct Control Mode (C/K=High). Issue Start command. Check for input flag active, then resume data input. If the data error is detected before input to the DCP, an error signal may be generated from the error detection logic to disable the input port data strobes. In this case the user does not need to switch out of Direct Control Mode. The input can be continued by enabling the input data strobes when correct data is available. 48 Chapter 3 If the input data strobe is of the same frequency as the clock input and the user has to stop in the middle (less than 8 bytes) of an input block load, it is not possible to disable further data strobes by de-selecting the input port (Chip Select=High). 3.8. OUTPUT FEEDBACK (OFB) AND ONE-BIT CIPHER FEEDBACK (CFB) Only the three operation modes that are implemented in the DCP have been discussed in the preceding chapters. Two other types of data ciphering modes recommended by the National Bureau of Standards are OFB and one-bit CFB. These modes of operation are explained in Chapter 2.2. The DCP can achieve 64-bit Output Feedback when the EXOR function is done by software. The DCP operates as a 64-bit pseudo random number generator. Figure 2.10 shows the data flow in this mode. The instruction sequence is: - Set up DCP for CBC operation. - Load Keys. - Load IV with 64-bit initial value. - Issue "Start Encryption". - Load Input Register with zeros (00 H). - Read Output Register. - EXOR DCP result vector with 64-bit data block by software to get the 64-bit encrypted block (ciphered text). - Jump to "Load Input Register" instruction. One-bit CFB may be performed by the DCP with supporting software. Each 64-bit cipher process generates one bit output information. The user must be aware that this implementation of one-bit CFB can be used in fairly low-speed applications only. The DCP is set up for ECB mode. The EXOR and the SHIFT functions are executed in software. The instruction sequence is given below: - Set up DCP for ECB. - Load Keys. - Issue "Start Encryption". - Load 64-bit Input Register with Initial Vector. - Read 64-bit output. 49 ·DATA INPUT AND OUTPUT CONCURRENTLY 04862A·28 Figure 3.17. Operation Flow Diagram for Pipelining 50 Chapter 3 - Take the most significant bit and EXOR it with the clear text. The output of the EXOR function is the ciphered text. - Also left-shift this bit into the Initial vector for the next cycle. - Continue loading the Input Register with the Initial Vector. 3.9. THROUGHPUT The highly pipelined architecture of the DCP allows simultaneous read, ciphering and write operation. For maximum throughput, the DCP must be programmed for dual port configuration. One port is the input port, the other is the output port. For single port configuration, the throughput is cut in half. Figure 3.18 shows detailed timing of the ciphering of one 64-bit block in ECB or CBC. The input process starts at clock 0. It takes 8 clock periods to strobe in the entire block. One data strobe is issued for each clock period. Five clock cycles are needed to update the flags and transfer the input block from the Input Register to the algorithm unit. The algorithm unit starts ciphering concurrently with the transfer. After updating the flags, another input block may be entered. The block is ciphered 18 clocks after loading the last byte. Transfer of the ciphered block to the Output Register and transfer of the next input block to the algorithm unit can be performed in parallel (see Pipelining Scheme A and B). The entire procedure of ciphering one block takes 39 clock periods. Because parts of this procedure can be overlayed, the DCP can process one block every 18 clocks. Pipelining Figure 3.17 shows a flow chart of the data entry and removal sequence for dual port configuration. After initialization, two data blocks are strobed into the device to fill the Output Register and the algorithm unit. Then blocks are strobed in and out concurrently. When terminating the session, the device must be emptied by reading out two more blocks. The DCP can also be operated in pipelined mode when in single port configuration. After initialization, one block of data is strobed into the device. Then, in a loop, one block is strobed in and one block is read out. The block strobed in before entering the loop is ciphered concurrently with the input of the second block. This guarantees that the user need not wait for the algorithm to perform encryption. The Master Port can be switched between input and outputs without Waits. Pipelining Scheme A (Figure 3.19) shows how to cipher a set of blocks in minimum time. The total time is (n + 1) * 18 + 3 clock periods where "n" is the number of blocks. Pipelining Scheme B (Figure 3.20) is slightly modified compared to Scheme A. The 51 CLOCK START WRITING G4·BIT BLOCK INTO INPUT PORT ALGORITHM UNIT STARTS PROCESSING BLOCK -----------13 INPUT PORT FLAG BECOMES ACTIVE FOR NEXT INPUT BLOCK ~---------- ALGORITHM UNIT FINISHES PROCESSING BLOCK 26 , - - - - - - - - - 31 OUTPUT PORT FLAG BECOMES ACTIVE FINISHED READING G4·BIT BLOCK OUT OF OUTPUT PORT IN PUT 8 BYTES I [ I I I I I I! I ! I I I I I I I I I I I 13 I I I I ! I 26 I I I I I I I I 31 I 39 TIME, IN CLOCK PERIODS Figure 3.18. Detailed Timing of 1 Block CLOCKS: IN 1 R 18 ALGORITHM IN2 IFLAGSI OUT 1 R ALGORITHM IN 3 IFLAGSI IFLAGSI OUT 2 ALGORITHM 5-1 IFLAGSI OUT3 R ALGORITHM IFLAGSI 5 IFLAGSI II IN 0 IN 18 18 18 OUTO ALGORITHM 18 18 FOR NOTE: IN THIS SCHEME, THE READING OUT OF OUTPUT BLOCK n LEADS THE WRfTlNG IN OF INPUT BLOCK n + 2 BY 5 CLOCK CYCLES IFLAGSI 18 n BLOCKS, TOTAL TlME=(n OUTS 1 3 1 + 1) x 18+3 Figure 3.19. Pipelining Scheme A. Minimum Timing Operation CLOCKS: 18 IN1 IFLAGsl 5 ALGORITHM 5 IFLAGSI WAIT I OUT1 I I NOTE: IN THIS SCHEME, A 5·CLOCK WAIT IS INSERTED TO ALLOW THE READING OUT OF OUTPUT BLOCK n TO BE SYNCHRONIZED WITH THE WRITING IN OF INPUT BLOCK n + 2 THIS SIMPLIFIES THE DESIGN OF THE CLOCK SEQUENCING LOGIC ~----'---------------TIF-L-A-G-Srl-W~AI-T'I--O-U-T-2-'1 ALGORITHM IN 2 tlAGSj IN 3 R ALGORITHM IN 0 IFLAGSI WAIT lOUT 3 R ALGORITHM IN 5 18 18 18 18 IFLAGSI WAIT lOUT 0 R ALGORITHM 18 18 FOR n BLOCKS, TOTAL TIME=(n+ 1)x 18+8 Figure 3.20 Pipeline Scheme B: Synchronized Port Operation 52 IFLAGSI WAIT lOUT 5 Chapter 3 total time is slightly longer. It takes (n + 1) * 18 + 8 clock periods to cipher "n" blocks. But it has the advantage that data is put in and removed simultaneously. One signal may strobe data in and out. The interface hardware might be simpler. To get the maximum throughput, block transfers must be executed in the l3-clock time slot between the update of flags. The examples in Figure 3.19 and 3.20 assume a transfer time of eight clock periods. Only Direct Control Mode designs using high-speed control logic can satisfy this requirement. Chapter 4.12 "High Speed Serial Data Ciphering in Network Systems" shows such a design. All other application interfaces drive the DCP in Multiplexed Control Mode. The data transfer capabilities of most microprocessor systems are lower than required by the DCP. Even a design with high speed DMA controller is not able to transfer 8 bytes of data in 8 clock cycles. When the system timing constrains the ciphering speed, this problem can be solved by putting a FIFO buffer between the system bus and the DCP. The system can thus operate asynchronously while the DCP operates at its optimum clock rate. The FIFO buffer also compensates for the time when no data can be transferred while the DCP updates flags. Under ideal circumstances the throughput can be calculated as: T (f * 8) / 18 T f throughput clock rate Am9518: T (3 MHz * 8) / 18 1. 33 MByte/s T (4 MHz * 8) / 18 1. 78 MByte/s AmZSr.J68: Am9568: To meet the minimum High and Low times of the read and write strobes, they cannot be issued every clock when operating at the maximum clock rate. The clock rate must be reduced to 3.33 MHz to have 300 ns strobe periods or strobes must be issued every other clock period. The throughput for both cases is determined below. T (4 MHz * 8) / T (3.33 MHz * (2 * 8 + 5) 8) / 18 53 = = 1.52 MHz 1.48 MHz I M·KEY I I M·KEY I DCP DCP B A 04862A-32 Figure 3.21 Key Transfer 54 Chapter 3 3.19. KEY TRANSFER VIA THE COMMUNICATION LINK The system security can be enhanced by changing keys frequently. These periodically changed keys are called session keys. In order to update the DCP with the new session keys the keys have to be distributed. A convenient way to distribute keys is to use an already existing communication link between the DCPs. The system designer has to make sure that no eavesdropper gets knowledge of the new session keys. Therefore keys should be transmitted in encrypted form. The DCP has two commands and one special key to support key distribution. Commands: Encrypt with Master Key Load Encrypted Key Key: Master Key Figure 3.21 shows the operation sequence when distributing keys: Step 1: "A" generates a 56-bit session key, splits the key into eight 7-bit groups and adds a parity bit to each group. The result (a 64-bit word) is encrypted with the Master Key. Therefore, "A" issues the command "Encrypt with Master Key" and strobes the 64-bit result through the Master Port into the Input Register. The DCP encrypts the 64-bi t word wi th the Master Key and ECB mode. The encrypted key can be removed from the Output Register via the Master Port. Step 2: "A" transmits the encrypted key via the communication 1 ink to "B". Step 3: "B" issues the command "Load Encrypted Key". The received encrypted key is strobed through the Master Port into the Input Register and decrypted with the Master Key. The Master Key of "B" must be identical to the Master Key of "A". After decryption the parity is checked and the decrypted key is loaded into the appropriate register. To enhance the system security "B" cannot read the decrypted key. 55 56 Chapter 4 CHAPTER 4. INTERFACING This chapter contains interfaces between the DCP and the most common 8-bit and 16-bit microprocessors. First, a look at the critical points in interfacing the DCP. Demultiplexed Systems: The DCP uses a multiplexed address/data bus which means that the system des igner has to prov ide th i ski nd of bus to the DCP. I n a non-multiplexed system environment the address and data bus are separated and not time-multiplexed. There are two basic solutions for simulating a multiplexed address/data bus. The interface logic multiplexes at least the two relevant lines (MPl and MP2) addressing an internal DCP register. Multiplexing the other lines (MP0, MP3 to MP7) is optional. The second solution simulates a multiplexed address/data bus under software control. The CPU can access the DCP to latch an internal register address (Address Latch Cycle) or to transfer data (Data Read or Write Cycle). These two kinds of accesses usually are distinguished by the address 1 ine IA0". In the Address Latch Cycle, only an address strobe is generated to strobe in the internal register address supplied via the CPU data bus. In the Data Transfer Cycle, only data strobes are generated to actua 11 y read a former 1 y addressed reg i ster or to wr i te to it. So the Address Latch process and the Data Transfer are totally independent from each other. The advantages of the second solution are that it usually takes less interface logic and that it is faster in most applications because there is no overhead in latching the address. The interfaces in Chapters 4.4, 4.6, 4.9 and 4.10 employ the second solution. A disadvantage of the second solution is a slight software overhead caused by the Address Latch Cyc lese Once the DCP is initialized for a data ciphering session, there is no more need for Address Latch Cycles. During the high speed data ciphering session itself, only Data Transfer Cycles are executed. The first approach has advantages where multiplexing the two above mentioned lines causes no overhead in hardware and timing. The iAPX286 to Am9568 interface is an example. The multiplexing logic can be integrated into the existing PAL* (Programmable Array Logic) interface, and the multiplexing does not extend the Data Transfer Cycle. *PAL is a registered trademark of and is used under license from Monolithic Memories, Inc. 57 Chapter 4 Synchronization: One of the basic problems is to satisfy the synchronization between the clock and data strobe. required The DCP requires that the rising edge of data strobe fall into a certain window after the falling edge of the clock. This window is specified in timing parameter 45 of the Product Specification as listed below: Am95l8: 0 - TWL - 100 ns Am9568: 0 - TWL 85 ns AmZ8068: 0 - TWL 65 ns TWL is the actual clock width (Low) of the interface. Several design techniques can guarantee this parameter. Some CPU's, for example the 8086 in Maximum Mode, have data strobe timing that inherently satisfies the DCP requirements. These interfaces do not need special synchronization logic. In asynchronous systems, the interface control logic usually buffers the data strobe and can easily synchronize it to the clock. PAL devices with registered outputs clocked by the DCP clock simplify this task (Chapter 4.10). Another, sometimes simpler, approach is to make use of the clock Low width dependent specification by delaying the first rising edge of clock following data strobe (Chapter 4.4). Address Strobe: The three members of the DCP family have different specifications for the address strobe width: Am95l8 : AmZ8068: Am9568 : 115 ns 80 ns 40 ns The Am9568 should be used in systems with narrow address strobes (e.g., 8086 CPU at 8 MHz). Read/Write: The Am95l8 and AmZ8068 require a set-up time of 100 ns to data strobe. The Am9568 does not have this specification because of its functionally different bus interface. Read/write and data strobe are replaced by write strobe and read strobe. The Am9568, therefore, has advantages in applications where it is difficult to satisfy the read/write set-up time. 58 Chapter 4 PAL Dev ices: Many of the following applications employ PAL devices to integrate the entire interface logic into one 20-pin device. Registered PAL devices like the AmPAL16R4 have registered and combinatorial outputs which enable the designer to build up small state machines for the interface handshake. An asynchronous bus, such as the i SBX* bus, can eas i 1 Y be adapted to the synchronous requirements of the DCP. A PAL device is a semi-custom device that is supported by computer-aided-design tools like the PAL assembler. All interfaces described in this book that employ PAL devices have a complete listing of the PAL design specification program, the input of the PAL assembler. Each program consists of five sections as described below: 1) The first four lines of the PAL Design Specification list the PAL part number, the user's internal part number, the date, the designer's name, the device application name, and the company name and address. 2) The pin-list gives the symbolic names used for the inputs and outputs in the order of pin 1 to pin 20. Active Low signals are preceded by "/", a symbol used instead of a "bar". 3) The equations are the heart of the program. They define the conditions under which the outputs become active. 4) The function table is a powerful tool to test the correctness of the equations. The designer specifies the signals to be supplied to the inputs and to be seen at the outputs. In the simulation pass, the PAL assembler verifies whether the function table corresponds to the equations. This pass detects the most common errors (typing errors and signal inversions) and checks for logical errors. Each line of the function table represents a test vector containing inputs and outputs. The states are defined by characters as specified below: Input: L H C X Low High Clock registered outputs Don't care Output: L H Low expected High expected High impedance expected Don't test Z X 5) The description documents the operation of the device and its intended application. *iSBX is a trademark of Intel Corporation. 59 ,I DE~ER ADDRESS .•..;;.;;if!.;;~ AOa-AD15 } MCS EN -V IORC MRD AIOWC MWR Am9568 '" CONTROL. , 8086 .;;,.+:;,.;:,, . ":!',;) r 8288 MALE ALE ClK ClK I I osc I =3 MHz (Am9568) CLKMAX 04862A·33 Figure 4.1. Direct Interface 8086·Am9568 (Maximum Mode) MCS ADa-AD15 Am9568 M/iO RJj 8086 MRD ViR MWR ClK ClK ALE MALE CLKMAX = 3 MHz (Am9568) Figure 4.2. Direct Interface 8086·Am9568 (Minimuo;rI'Mode) ADa-AD" b------+I I-.........._-.,{) MCS MDS Am95181 AmZ8068 8086 I-----+) MRiW ALE ClK 1 - - - - - - - -....- - - - - - - + 1 ClK CLKMAX = 2.3 MHz (Am9518) CLKMAX = 3 MHz (AmZ8068) Figure 4.3. Direct Interface 8086·Am9518/AmZ8068 (Maximum Mode) 60 Chapter 4 4.1. 8986/8988 - Am9518/AmZ8968/Am9568 Interfacing the DCP family to 8086 or its 8-bit bus equivalent, the 8088, is straightforward. In systems with CPU clock rates up to 3 MHz, the Am9568 can be directly interfaced to the CPU (Figures 4.1 and 4.2). The clock rate is limited to 3 MHz because of the 33%/66% duty cycle (33% High, 66% Low) of the CPU clock and to satisfy the minimum clock High time of 115 ns of the Am9568. The second critical parameter is the relationship between the clock and data strobe. The Am9568 requires a delay of the rising edge of MRD or MWR to the falling edge of the clock of 0 - TWL - 85 ns. TWL is the clock Low width. In this interface the minimum clock Low width is 207 ns. This determines a maximum delay of up to 122 ns. The CPU is specified to have a "Control Active Delay" of 10 to 110 ns. with a margin of 12 ns, it is obviously impossible to increase the system clock by modifying its duty cycle. Figures 4.3 and 4.4 show a similar interface using the Am9518 and the AmZ8068. This interface needs additional logic to convert the read or write strobes into a Read/Write (R/W) and a Data Strobe (MDS) and to invert the Address Latch Enable to generate a Master Port Address Strobe (MAS). Similar to the interface discussed above, the clock rate is limited by the clock Low and High widths and the requirements of the DCP. The Am9518 needs a minimum clock High width of 150 ns determining a maximum clock rate of 2.3 MHz. The minimum clock Low width of 275 ns and the DCP specification of 9 - TWL - 190 ns provides a margin of 275 ns - 119 ns - 100 ns = 65 ns. The AmZ8068 requires a minimum clock High width of 115 ns, resulting in the same maximum clock rate as in interfacing to the Am9568 (3 MHz). The specification about the synchronization of clock and data strobe is less critical in this interface (9 - TWL - 65 ns) so the margin becomes 32 ns. An 8086/8988 system with clock rates larger than the rates mentioned above requires more sophisticated interface logic: the DCP clock must not exceed 4 MHz (3 MHz for the Am9518), the Address Strobe width has to be satisfied, and the data strobes must be synchronous to the clock. The case in which the DCP clock is divided down by two from the CPU clock is discussed below. An application where the DCP runs asynchronously from the 8086 clock is not discussed here. Ideas can be taken from the Chapter 4.10 iSBX Bus to Am9568 interface. 81a6/alaa - Am951a/AmZal6a (Figures 4.5 and 4.6) The Control/Key Mode input (C/K) is wired Low to select the Multiplexed Control Mode. In this mode the address to the internal registers of the DCP, MPI and MP2' is multiplexed with the data byte on the eight bidirectional lines of the Master 61 ADDRESS/DATA ~ ADo-AD7 Kl/ : :~;7' A1DRE~1 ADa-AD15 8086 . DECODER ~;-C:i?l EN 1 M/iO ~ , '1 I- MCS r Am95181 AmZ8068 -- RD WR MPo-MP7 I MDS DT/R MR/W ClK ClK - ALE I OSC I MAS ClKMAX = 2.3 MHz (Am951 8) ClKMAX = 3 MHz (AmZ8068) 04862A·36 Figure 4.4. Direct Interface 8086·Am9518/AmZ8068 (Minimum Mode) ADO-AD15 I"-~------~--~-~~~---"""'\ A16-A19 '\t-----. MPo-MP7 10-------...1 80861 8088 MCS MIlO r-------IKt-----.J DT(R 1 - - - - - - - - - - - 1 :><>---------+1 MR/W Am95181 MDS AmZ8068 RD WRr----------~~ AlEr---~~----~ ..IMAS ~>--------- -----~-""7 ........ -, I H .....- -...lclK t I I L- _ _ _ ......,_ '_ ,__ Cl.ldWN~~ I ~, ~...:._~J C/K ~ ____......I Vee 04862A-37 Figure 4.5. 8086/8088·Am9518/AmZ8068 Interface (Minimum Mode) 62 Chapter 4 Port bus. MPl and MP2 are latched on the rising edge of MAS (Master Port Address Strobe), to select the internal register for subsequent data transfer cycles. MAS is the inverted Address Latch Enable of the 8086 bus. The state of MCS (Master Port Chip Select) is also latched at the rising edge of MAS. In the Minimum Mode of the 8086 (MN/MX=High) MCS may onl~ go Low during Input/Output cycles (M/IO=Low); therefore, M/IO enables the address decoder in Minimum Mode. The Read/Write input (MR/W) is connected to Data Transmit/Receive (DT/R). DT/R satisfies the set-up and hold time requirements of MR/W. Master Port Data Strobe (MDS) is active if either Input/Output Read Control (IORC) or Advanced Input/Output Write Control (AIOWC) are active. The AIOWC has a wider Low width than IOWC (Input/Output Write Control) and so gives a wider margin in interfacing. In Minimum Mode (Figure 4.5), RD and WR are logical ORed generate MDS. The timing is the same as in Maximum Mode. 8986/8888 - Am9568 to (Figure 4.7) CPU clock rates above 4.44 MHz (above 5.8 MHz for the AmZ8068) require use of the Am9568 instead of the Am9518, because TWA (Master Port Address Strobe width) becomes critical with increased clock rate, as shown below: Am9518 AmZ8068 Am9568 8086/8088 8086/8088 8086/8088 TWA TWA TWA 115 ns 80 ns 40 ns TLHLL TLHLL TLHLL 115 ns at 4.44 MHz 80 ns at 5.80 MHz 48 ns at 8.00 MHz TLHLL is the Address Latch Enable width (ALE) of the 8086. For CPU clock rates above 7 MHz, one Wait state has to be inserted during Control Register Reads (timing parameter 44). Note: In the interfaces shown, the number of Wait states must be the same for a 11 read or wr i te accesses to the DCP, because the Clock Synchronizer is designed for either an even or an odd number of wait states. 63 ClK ClK~----------------~~---- C/K iJil~:;~:ii::J! MN/MX 04862A·38 Figure 4.6. 808618088·Am95181AmZ8068 Interface (No Wait State) ADD-AD" 11"-----------'1.1 ADORESSIDATAO_7 \r____________________ ~ ________ "IM~-M~ A16-A19 ClK MN/MX ClK 1+-----------------4------ C/K 04862A-39 Figure 4.7. 808618088·Am9568 Interface (1 Wait State) 64 Chapter 4 Clock Synchronization A very important factor in designing the interface to the 8086 is that the rising edge of MDS must be synchronous to the falling edge of the DCP clock (timing parameter 45). In a system where the DCP runs at a divided system clock, a clock synchronizer is required. without a synchronizer the rising edge of the Data Strobes (MDS, MRD and MWR) would be synchronous to either the falling or rising edge of the divided clock. Two simple Clock Synchronizers are used in these interfaces; one is designed for an even number, the other is designed for an odd number of wait states. The DCP clock is synchronized to the Data Strobes at the falling edge of the CPU clock at the end of the CPU cycle Tl (Figures 4.8 and 4.9). At this edge, the state of the DCP clock is forced to a Low (CLK SYNC A in Figure 4.8) or to a High (CLK SYNC B in Figure 4.9), depending on the number of Wait states inserted. DCP CLK 1 and 2 show the two possible phases of the DCP clock and how the Clock Synchronizer adjusts the phase. Data Ciphering Speed The data ciphering speed of the DCP is limited by the byte transfer capability of the 8086 bus. A high-performance DMA like the AM9516 increases the throughput as shown in the following table: 8086 clock DMA clock DCP clock 8 MHz 6 MHz 8 MHz 4 MHz 6 MHz no DMA 4 MHz 36 3 MHz 18 70 4 MHz N T 0.78 MByte/s 1.05 MByte/s 0.42 MByte/s The formula for calculating the throughput is: T (8 * f) / (N + 5 ) MByte/s T Throughput in MByte/s N Number of clock cycles per 8 byte transfer 5 Internal operation time (5 clocks per block) f DCP clock in MHz 8 8 data bytes per block The first two cases in the table above are fast enough to encrypt and decrypt the data transferred to or from a 5 1/4-inch Winchester Disk Controller "on the fly" (5 MBit/s=0.625 MByte/s). 65 CPU ClK ~~_________________________________________________ ALE DCP ClK (1)* DCP CLK(2)* \~---------------------* DCP ClK (1) AND (2) SHOW TWO PHASES OF DCP ClK 04862A·40 Figure 4.8. DCP ClK Synchronization Timing (No Wait States, ClK SYNC A) CPU ClK ALE _____ r-\ ~I \~ ____________________________________________ DCP ClK (1)* DCP CLK(2)* 1 Q1 _ _ _ _ _ \~--------------------- * DCP CLK (1) AND (2) SHOW TWO PHASES OF DCP ClK 04862A·41 Figure 4.9. DCP ClK Synchronization Timing (1 Wait State, ClK SYNC B) 66 Chapter 4 Testing The interface of Figures 4.6 and 4.7 and both Clock Synchronizers were built and tested using the software described below. - The DCP is reset by software writing "00 H" to the Command Register. - The ciphering mode is selected by writing "18 H" into the Mode Register. Here the mode is: Master Port-only configuration, Electronic Code Book (ECB) and Encryption. - The Clear Encryption key is loaded through the Master Port by issuing the command "1IH". After the command is entered, the Status Register content is read out. Only the Command Pending bit should be set (40 H). If other bits are set, the program sets the error flag "CODE" to FFH and terminates. If the status is correct, eight bytes of key are strobed in through the Master Port in eight output instructions. The Key is "800101010101010I H". The most significant byte is loaded first. - The status of the DCP is checked, the Command Pending bit and the parity error bits should be reset (00H)· - The encryption is Encryption" (4IH). started by entering the command "Start - One block of data (8 bytes) is strobed into the Master Port. The source is the byte string "PLAIN". In this example, the plain text is: "0000000000000000 H". - Loop3 is executed until the Busy bit of the shows the encryption is done. Status Register - One block of ciphered data is read out of the Master Port and transferred to the program location "CIPHER". The ciphered text should be: "95A8D72813DAA94D H". - The Status Register is checked; should be set (80 H). only the Start Entered bit The encryption session is stopped by issuing the command "Stop Encryption" (E0H)· - After that the status should be 00 H; all flags are reset. The program can be used to decrypt data, if two program locations are changed: - The "Enter Key" command of location 0110 H has to be changed to 12H ("Load Clear D-Key Through Master Port"). - The Start Command of location 013l H has to be changed to ("Start Decryption"). 67 40H Chapter 4 After running the reset (00H). program, the error flag in "CODE" should be This test was performed to verify the communication between the 8086 and the DCP. By providing clear and encrypted data for the key shown, users should be able to verify operation of any variation to the design. The software was kept simple to avoid dependence on other hardware in the system. 68 i\SMS6 VER 1. 0 SOURCE: APPLS06S.ASM ~---------------------------------------------------- JUERGEN STELBRINK 4-12-83 ADVANCED MICRO DEVICES 8086 TO AM951S (AMZS068) INTERFACE TEST PROGRAM j-------------------------------------------------------------------------ADDRESSES OF THE DCP (EVEN ADDRESSES) FC00 FC02 FC02 FC06 FC00 FC00 001S 0080 0001 n013 BA 02 FC 0103 B0 00 0105 EE BEGIN: MPSEL MPCOM MPSTAT MPMODE MPINP MPOUT ECB KEYl KEY2 EQU EQU EQU EQU EQU EQU EQU EQU EQU ORG 1013H 0FC00H MPSEL+2 MPSEL+2 MPSEL+6 MPSEL MPSEL I8H 80H 01H BASE ADDRESS OF MASTER PORT COMMAND REGISTER (WRITE ONLY) STATUS REGISTER (READ ONLY) MODE REGISTER (READ AND WRITE) INPUT REGISTER (WRITE ONLY) OUTPUT REGISTER (READ ONLY) ENCRYPT, MP ONLY, ECB KEY: 800I010I01010101H MOV MOV OUT DX,MPCOM AL,0 DX,AL 0106 BA 06 FC 0109 B0 lS 010B EE MOV MOV OUT DX,MPMODE AL,ECB DX,AL SELECT MODE 010C BA 132 FC 0l0F B0 11 0111 EE MOV MOV OUT DX,MPCOM AL,llH DX,AL LOAD CLEAR E-KEY THROUGH MP 0112 0115 0116 0118 BA 02 FC EC 3C 40 75 SF MOV IN CMP JNE DX,MPSTAT AL,DX AL,40H 'ERROR READ STATUS 40= CP SET 0llA 0llC 0llF 0120 0123 0125 0126 B0 BA EE B9 B0 EE E2 AL,KEYl DX,MPINP DX,AL CX,7 AL,KEY2 DX,AL LOOPl OUTPUT 1. KEY BYTE LOAD COUNTER FOR NEXT 7 BYTES KEY FOLLOWING KEY DATA FD MOV MOV OUT MOV MOV OUT LOOP 0128 012B 012C 012E BA 02 FC EC 3C 00 75 49 MOV IN CMP JNE DX,MPSTAT AL,DX AL,0 ERROR READ STATUS FLAGS RESET? 0130 BA 02 FC 0133 B0 41 0135 EE MOV MOV OUT DX,MPCOM AL,41H DX,AL START ENCRIPTION 0136 B9 0S 00 MOV CX,8 8 BYTES (1 BLOCK) OUTPUT 80 130 FC 07 00 01 LOOPl: DX: POINTER TO PORT ADDRESS SOFTWARE RESET LOAD 1. KEY BYTE 69 ASM86 VER 1.0 0139 013C 013F 0144 0145 0146 BB BA 2E 43 EE E2 0148 014B 014C 014E BA 02 FC EC 24 20 75 FB 0150 0153 0156 0159 015A 015F 0160 B9 BB BA EC 2E 43 E2 0162 0165 0166 0168 SOURCE: APPL8068.ASM MOV MOV MOV INC OUT LOOP BX,0 DX,MPINP AL,PLAIN[BXj BX DX,AL LOOP2 MOV IN AND JNZ DX,MPSTAT AL,DX AL,20H LOOP3 F7 MOV MOV MOV IN MOV INC LOOP CX,8 BX,0 DX,MPOUT AL,DX CIPHER[BXj ,AL BX LOOP4 BA 02 FC EC 3C 80 75 OF MOV IN CMP JNE DX,MPSTAT AL,DX AL,80H ERROR TEST STATUS REGISTER 80= START ENTERED 016A BA 02 FC 016D B0 EO 016F EE MOV MOV OUT DX,MPCOM AL,0E0H DX,AL STOP ENCRYPTION O170 O173 0174 O176 0178 MOV IN CMP JNE RET DX,MPSTAT AL,DX AL,0 ERROR TEST STATUS REGISTER ALL BITS MUST BE RESET MOV MOV RET AL,0FFH CODE,AL DB DB 00H 00H,00H,00H,00H,00H,00H,00H,00H ERROR CODE PLAIN TEXT DB 12H,23H,34H,45H,56H,67H,78H,89H CIPHER TEXT 00 00 00 FC 8A 87 81 01 LOOP2: F7 LOOP3: 08 00 00 00 00 FC LOOP4: 88 87 89 01 BA O2 FC EC 3C OO 75 01 C3 O179 B0 FF 017B 2E A2 80 O1 017F C3 ERROR: 0180 0O CODE 0181 OO 00 00 O0 00 00 PLAIN 0O OO 0189 12 23 34 45 56 67 CIPHER 78 89 END END OF ASSEMBLY. NUMBER OF ERRORS: ° 70 INITIALIZE POINTER LOAD DATA INCREMENT POINTER WRITE PLAIN DATA WAIT UNTIL ENCRYPTION IS DONE TEST BUSY BIT 8 BYTES (1 BLOCK) INPUT INITIALIZE POINTER READ ENCRYPTED DATA STORE DATA INCREMENT POINTER LOAD ERROR CODE Chapter 4 4.2. iAPX186 - AmZ8968 The iAPX186 can operate in two basic modes: Minimum Mode or Maximum Mode. In Maximum Mode the 8288 Bus Controller provides command and control timing. Refer to Chapter 4.1 for examples of this type of interface. In Minimum Mode the bus timing of the iAPX186 is slightly different from the 8086 bus timing. Figure 4.10 shows the interface logic. The maximum clock rate for the DCP is 4 MHz, resulting in a maximum CPU clock rate of 8 MHz. No Wait states are required. An AmZ8068 must be used in this appl ication because of the wider range in delay time from clock to the read or write control signal delay with respect to the clock. This parameter is specified for the iAPX186 as 10 to 55 ns. The AmZ8068 requires a delay of 0 to 50 ns at 4 MHz, the Am9568 0 to 30 ns at 4 MHz. Because of two delays in the clock path (Inverter and DFlip-Flop) and only one delay in the control signal path (AND gate), the timing tolerance of these signals at the DCP is decreased to 0 to 45 ns. At lower CPU clock rates the timing is less critical because the specified time relationship between clock and data strobe becomes wider (timing parameter 45 of the data sheet). The maximum clock for operating without a Wait state can be calculated like this: The RD width is specified as 2 * TCLCL 50 ns for the iAPX186. The WR width is 2 * TCLCL - 40 ns. The smaller RD width is used for the calculation. At an 8-MHz clock, the 186 generates an RD signal 200 ns wide. The AmZ8068 requires a minimum data strobe width of 200 ns for a Status Register access. The system can, therefore, operate up to this clock rate without a Wait state. The Clock Synchronizer in Figure 4.10 is the same as Clock Synchroni zer A in Figure 4.5. Figure 4.11 ill ustrates how thi s logic synchronizes the data strobe to the clock. DCP CLK(l) and DCP CLK(2) show the possible phases of the CPU clock before synchronization. At the end of cycle Tl the clock is synchronized. No Wait state is allowed when accessing the DCP. (An odd number of wait states would synchronize the data strobe to the wrong edge of the clock.) 71 ADO-AD7 MPo-MP7 PCS MCS RD MDS WR MR/W DT/R MAS ALE AmZ8068 iAPX186 ClK ClK OUT 1 - - - -....- - - - 1 04862A-42 Figure 4.10. iAPX186·DCP Interface (Minimum Mode) T3 I T4 ClKOUT ALE ~_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ___ DCP ClK (1)* DCP ClK (2)* --.J L IL....____. . L *DCP ClK (1) AND (2) SHOW TWO PHASES OF DCP ClK 04862A-43 Figure 4.11. DCP ClK Synchronization Timing (No Wait States) 72 Chapter 4 4.3. iAPX286 - Am9568 This chapter shows an iAPX286 (80286) to Am9568 interface (Figure 4.12). The Am9568 is chosen because of the narrower width of address strobe. The address strobe width of a 8-MHz CPU is about 60 ns. This interface is designed for an 8-MHz CPU where the DCP is synchronously operating at the maximum clock rate of 4 MHz. The Interface The Multibus* Mode Select input of the Bus Controller 82288 is tied Low to optimize the command and control signals for short bus cycles. The Command Delay (CMDLY) becomes active High for one 16-MHz clock cycle whenever the DCP is selected to delay the Read and Write strobes by 125 ns. This satisfies the timing requirement of the minimum delay between ALE inactive and Read or Write strobe active of the DCP. An open collector gate must be added to allow other peripherals to drive this input. The ALE, IORC and IOWC outputs of the 82288 are wired directly to the DCP. ALE strobes a D-Flip-Flop to store the state of Chip Select for the whole cycle. 03 and the latched Chip Select CSL are ANDed externally to generate the Synchronous Ready for the 82284. The 82284 samples the line at the falling edge of the clock. The registered output Q3 is clocked with the rising edge of the same clock, thus satisfying the set-up and hold time requirements of the 82284. Two Wait States are inserted. Half of the PAL device operates as a bidirectional Address/Data Multiplexer. During the Address Latch Enable active phase, the state of Al and A2 is transferred to the ADl and AD2 pin of the PAL device. The DCP latches this two-bit address with the falling edge of ALE. When IORC and CSL are active, the states of ADl and AD2 are passed to Dl and D2 respectively. The DCP Register can be read. If IOWC and CSL are active, the data path is turned around; Dl and D2 are inputs, ADl and AD2 are outputs. The address hold time of the PAL device is sufficient, because the address information is passed to ADl and AD2 whenever IORC*CSL or IOWC*CSL are not true, i.e. whenever data is not transferred between the CPU and the DCP. The read data hold time requirement of 5 ns of the Am9568 satisfied by the propagation delay of the PAL device. is The read data hold time requirement of 5 ns of the iAPX286 is also satisfied by the PAL device. *MULTIBUS is a registered trademark of Intel Corporation. 73 MPo-MP7 M/iO Am9568 iAPX286 _-----jelK ADDR 1-,......___..... 1_-~------I_-_r--_r-----~AlE ~----------~--~------.IMRD lowe~-------------~------'IMWR Figure 4.12. iAPX286·Am9568lnlerface Ts (W) (W) Tc Tc Tc Ts 9 I elK 16 MHz PCLK ALE CMDLY IORC/IOWC SRDY 0, 0, Os eSl DATA (READ) DATA VALID DATA (WRITE) ADDRESS cs DATA VALID ADDRESS VALID / Figure 4.13. Timing Diagram 74 Chapter 4 The Master Port Chip Select (MCS) input of the DCP is connected to the unlatched address decoder output. The DCP Clock The PAL device synchronizes the DCP clock to the data strobes IORC and IOWC (Figure 4.13). It also divides the 16-MHz system clock (8-MHz CPU clock) down to the maximum DCP clock rate of 4 MHz. At this clock rate the data strobe delay to the DCP clock must be 0 to 30 ns. The Bus Controller is specified to generate a data strobe timing of 3 to 15 ns to the falling edge of CLK (16 MHz). Because of the higher propagation delay of a standard PAL device, the registered outputs are toggled at the rising edge of CLK before the data strobes become inactive. This gives additional 32.5 ns for the DCP clock signal path. Ql to Q3 are three outputs of the PAL state registered output are clocked with the rising edge 82284 clock. Whenever ALE and CS are active, Ql to the initial state. Ql to Q3 are outputs of counter, with Q3 as the most significant bit. machine. The of the 16-MHz Q3 are set to a 3-bit down Q3 is used to mentioned above. the generate the SRDY signal for 82284 as Q2 is the DCP clock. This design must guarantee that the mlnlmum DCP clock High or Low time is at least 115 ns or two 16-MHz clock cycles. This is done by toggling Q2 only during phase 2 cycles of the CPU. The CPU design guarantees that there is always a phase 1 cycle between two phase 2 cycles. Assuming a typical PAL propagation delay of 25 ns, timing parameter TCDS (Time Clock Data Strobe) is 10.5 to 22.5 ns (3 + 32.5 - 25 ns to 15 + 32.5 - 25 ns). It satisfied the required 0 to 30 ns. The AmPAL16R4 has active Low outputs. But one output, Q2, should be active High. The equation for Q2 was derived to be To compensate for the inversion in the PAL device either de Morgan Theorem or Karnaugh-veitch diagrams can be used to convert it to the form shown in the PAL Design Specification. Improvements The DCP needs two wait states only when the Control Registers are read. Data Register read or writes and Control Register writes can be executed with only one wait state, which improves the Data Ciphering speed of this interface. The more sophisticated Wait control logic and the two external TTL gates can be integrated into one AmPAL22V10 device. 75 Chapter 4 PAL16R4 PAL DESIGN SPECIFICATION JUERGEN STELBRINK 8-23-83 DCP043 iAPX286 - Am9568 (DCP) INTERFACE DEVICE ADVANCED MICRO DEVICES CLK JOE /CS D1 CSL D2 ALE /Q1 /IORC Q2 /IOWC /Q3 A1 CMDLY A2 AD1 NC AD2 GND VCC Q1 := ALE*CS + /Q1 /Q2 := Q1*/Q2*/ALE + Q1*/Q2*/CS + /Q1*Q2*/ALE + /Q1*Q2*/CS Q3 := ALE*CS + Q1*Q2*Q3 + /Q1*Q2*Q3 + Q1*/Q2*Q3 + /Q1*/Q2*/Q3 /CMDLY := /ALE+/CS IF(CSL*IORC) /D1 /AD1 IF(CSL*IORC) /D2 /AD2 IF(CSL*/IORC) /AD1 /A1*ALE + /D1*/ALE IF (CSL*/IORC) /AD2 /A2*ALE + /D2*/ALE FUNCTION TABLE CLK /CS CSL ALE /IORC A1 A2 D1 D2 AD1 AD2 /Q1 /Q2 /Q3 CMDLY / I C L K / C S C S L A L E 0 R C A 1 H H H H L L A 2 D 1 D 2 A D 1 A D 2 / Q 1 / Q 2 / Q 3 C M D L Y COMMENT --------------------------------------------------------------C X X C X C C C C C C C L L L L H H H H H H H H H H H H H H H H H H H H H H L H L L L L L L L L Z Z Z Z Z Z L L L L L L H H H L L L L L H H H H H H H H H L L L L L L L L H H H H L H L L H X X Z Z L L L L H H L L H H H L H H H H H L L L H H L L L L L L H H L L L L L L L L H H H H H H L H L L H H H H H H H Z Z L L L 76 L L L L H H H 1 (/CS ACTIVE) L L L L L L L L ; 2 (WRITE CYCLE) (READ CYCLE) 3 4 5 6 L 1 (NO /CS) 7 8 Chapter 4 DESCRIPTION: INPUT SIGNALS: CLK 16 MHZ SYSTEM CLOCK OF THE 82284 SYSTEM TIMING CONTROLLER. THIS CLOCKS TRIGGERS THE D-FLIP-FLOPS OF FOUR PAL OUTPUTS /CS ACTIVE LOW UNLATCHED CHIP SELECT OF THE ADDRESS DECODER CSL ACTIVE HIGH LATCHED CHIP SELECT. IT HAS TO BE ACTIVE TO THE RISING EDGE OF ALE OF THE NEXT CYCLE ALE ADDRESS LATCH ENABLE OF THE 82288 BUS CONTROLLER A1,A2 DEMULTIPLEXED ADDRESS INPUTS. THEY CARRY THE 2-BIT REGISTER ADDRESS FOR THE DCP /IORC INPUT/OUTPUT READ CONTROL OF THE 82288 /IOWC INPUT/OUTPUT WRITE CONTROL OF THE 82288 OUTPUT SIGNALS: /Q1 INTERNAL STATE SIGNAL. IT IS DIVIDED BY TWO FROM CLK AND SYNCHRONIZED TO ALE /Q2 INTERNAL STATE SIGNAL. IT IS DIVIDED BY TWO FROM /Q1 AND SYNCHRONIZED TO ALE. IT IS THE INVERTED DCP CLOCK (4MHZ). THE RIGHT EDGE OF Q2 IS SYNCHRONOUS TO THE DATA STROBES /IORC AND /IOWC, IF TWO WAIT STATES ARE INSERTED. /Q3 INTERNAL STATE SIGNAL. IT IS DIVIDED BY TWO FROM /Q2 AND SYNCHRONIZED TO ALE. IT IS USED TO GENERATE THE SYNCHRONOUS READY (/SRDY) FOR THE 82284. EXTERNALLY IT HAS TO BE LOGICALLY AND'ED WITH THE THE LATCHED CHIP SELECT (CSL). CMDLY COMMAND DELAY GOES ACTIVE FOR ONE CLOCK WIDTH TO DELAY THE DATA STROBES. THE AM9568 REQUIRES A DELAY BETWEEN ALE INACTIVE AND DATA STROBE ACTIVE. BIDIRECTIONAL SIGNALS: D1,D2 DEMULTIPLEXED DATA BUS LINES TO 8086 CPU AD1,AD2 MULTIPLEXED ADDRESS/DATA BUS LINES FOR THE DCP 77 0, 0 0 Do R/W ~ ,8 ~ ,. , 0 ~ 28 9 !6 MP, 0 0 0 MPo MR/W R/W 11.23 0 0 0 -.l.. i<'>:'··' . ,1 ,. 11.2 PROM, COMPARATOR, OR OTHER DECODER 2 CS DCPClK 14 14 12 27 13 26 ClK AmPAL16R4 68000 A, AS UDS lOS 29 7 6 3 7 4 8 5 A, MAS AmZ8068 AS AS UDS lOS MDS MDS -.- Vee DTACK 10 19 (OC) DTACK2 ClK, !!. DTACK1 ClK2 NC ClK 8 15 T OSC 8 MHz ClK DE P 11 r 13 C/K MCS 04862A-46 Figure 4.14. AmZ8068 to 68000 Connection Using a PAL So S, ClK A1-A23 AS cs lOS, MAS R/W DCP ClK DTACK1,2 Figure 4.15. 68000-AmZ8068 Address Latch Cycle (A1 78 = Low) 04862A-47 Chapter 4 4.4. 68ItJf.H~ - AmZ81tJ68 This two-chip solution adds high-speed data ciphering to a 68000based system. About 500 kByte/s are possible in a CPU-controlled transfer. The ciphering rate can be increased with a sophisticated DMA controller or with several DCPs operating in parallel. In the application described below, the CPU operates at 8 MHz and the DCP operates synchronously at 4 MHz. The interface controller, a PAL device, generates the Address and Data Strobes for the DCP and the Data Acknowledge for the CPU. It also divides the CPU clock by two and synchronizes it to the Data Strobes. Programming Data transfers between the CPU and the DCP are accomplished by a two-cycle operation. First the address of an internal register is latched in, then the data is transferred. This causes a small overhead in the initialization phase, but improves the ciphering rate in a high-speed data ciphering session. The rate of 500 kByte/s can be reached only if a high-speed peripheral device is connected to the Slave Port and the DCP is programmed for dualport configuration. The I/O Addresses The PAL device is programmed to allow only CPU transfers to the DCP. A0 must be odd to make the CPU transfer the data on the Low byte of the data bus. A "0" on Al indicates an Address Latch Cycle, whereas a "1" on Al indicates a Data Transfer Cycle. A0 must be "1" in both cycles. Interface Descriptions Figure 4.14 shows the 68000-DCP interface. and 4.17 show the interface timing. Figures 4.15, 4.16, An address decoder generates the Chip Select for the DCP. The Address Strobe indicates a valid address. The PAL device is only activated if the Lower Data Strobe becomes active while the Upper Data Strobe stays inactive. This means that data is transferred in MOVE.B instructions with an odd peripheral address. The PAL device provides two Data Acknowledge outputs. DT~is an active Low TTL output. DTACK2 has the same timing as DTACK~, but is an Open Collector output. (The Open Collector output IS realized by a three-state output which assumes only two states, Low or Floating.) 79 So ClK RfW DCP ClK DTACK1,2 -----------------' Figure 4.16. 68000-AmZ8068 Data Read Cycle (A 1 = High) So 53 54 5w 5w 55 04862A-48 56 ClK RfW DCP ClK DTACK1,2 ________________________J 04862A·49 Figure 4.17. 68000-AmZ8068 Data Write Cycle (A1 = High) 80 Chapter 4 Address Latch Cycle In this cycle only a Master Port Address Strobe (MAS) is generated. Master Port Chip Select (MCS) is tied to Low. LOS is sent to the MAS output. The minimum pulse width of LOS is 115 ns; 8~ ns are required for the AmZ8~68. OTACK is activated with the falling edge of the CPU clock after cycle S2' The CPU inserts no wai....t.. states. OTACK is deactivated with the first edge of CLK after AS becomes inactive. Data write Cycle A Oata write Cycle is performed when ~is High, AS, CS and LOS are Low. The minimum pulse width of LOS is not sufficient for the OCP which requires at least 125 ns. One wait state or a slower system clock will satisfy this parameter. One Wait State is inserted by activating OTACK at the end of S4. The OCP clock is synchronized in Oata Read or Write Cycles by forcing it Low when OTACK becomes active. This g~antees that the OCP clock has a falling edge just before LOS (MOS) rises. The delay of the OCP clock to CLK i~pic~LlY 8 ns for a normalspeed PAL device. The delay of LOS to MOS is typically 12 ns. The delay of LOS to the system clock is ~ to 7~ ns for the 8-MHz version. This results in a delay of 4 to 74 ns of MOS to the OCP clock. The OCP requires ~ to 5~ ns when operating at the maximum clock rate. This problem is solved by stretching the clock one cycle. The OCP clock stays Low for two cycles in the end of a transfer cycle. This is done automatically by the PAL device (see Figure 4.17) • Data Read Cycle The generation of MOS in a Data Read Cycle is similar to the Oata Write Cycle. Because the CPU activates LOS one cycle earlier, there is no need for a wait State. The minimum pulse width of LOS is 24~ ns; the OCP requires 2~~ ns for a Status Register read. OTACK is activated using the same logical condition as in the Oata Write Cycle. Because of the earlier activation of LOS, OTACK becomes active earlier and the CPU inserts no Wait States. 81 Chapter 4 PAL16R4 DCP044 68000 - ArnZ8068 (DCP) INTERFACE DEVICE ADVANCED MICRO DEVICES CLK2 IOE ICS IMAS IUDS DCPCLK lAS IMDS RW NC ILDS NC ICLK1 CLK MAS AS*LDS*/uDS*/RW*/A1*CS MDS AS*LDS*/uDS*A1*CS A1 IDTACK1 CLK CLK1 NC IDTACK2 GND VCC INVERT CLOCK TO TRIGGER THE REGISTERED OUTPUTS WITH THE FALLING EDGE OF CLK IDCPCLK := DCPCLK + IDTACK1*CS*AS*LDS*/UDS + DTACK1*/AS*/LDS*/uDS DTACK1 PAL DESIGN SPECIFICATION JUERGEN STELBRINK 8-24-83 DIVIDE BY TWO TWO CLOCKS LOW IN THE END OF A DATA CYCLE := AS*LDS*/uDS*A1*CS + DATA TRANSFER CYCLE ADDRESS LATCH CYCLE AS*/RW*/A1*CS IF (DTACK1*AS*CS) DTACK2 DTACK1 FUNCTION TABLE CLK2 CLK CLK1 ICS lAS ILDS IUDS RW A1 DCPCLK IMAS IMDS IDTACK1 IDTACK2 I C L K 2 C L K C L K 1 I I C S I A S L 0 S I U 0 S R W A 1 I 0 0 0 C P C L K T A C K 1 T A C K 2 I M A S I M 0 S COMMENT ----------------------------------------------------------------CLOCK INVERT X H X X X L X H L X X X DATA WRITE CYCLE C X X L H H C X X L L H C X X L L L C X X L L L C X X L L L X X L H H X C X X H H H C X X H L X DATA READ CYCLE C X X H H H C X X L L L C X X L L L X X X X X X X X X X X X X X X X H H L L L L L H H H H X X H H H H H H H X X L H H H L X H H H H H H Z Z L L L Z Z Z H H H H H H H H X H H H H L L H L L Z ; S0 S2 L L S4 H H H H H H H H L H L L L H 82 L H H H L L L L H L L S0 S2 S4 SW (1 WAIT STATE) S6 S7 S0 S2 Chapter 4 C X X L L L H X X X L H H H C X X L H H H C X X X H H H ADDRESS LATCH CYCLE C X X L L H H C X X L L L H C X X L L L H X X X L H H H C X X X H H H H H H H H H H H L L L H H H H H L H H H L L H H L Z Z Z S6 S7 S0 S2 L L L L L L L L L L X X X X X H L L H H H H H H H L L L L H L L L Z Z S2 S4 S6 S7 S0 ------------------------------------------------------------------- DESCRIPTION: INPUT SIGNALS: CLK2 CLOCK FOR THE REGISTERED OUTPUTS OF THE PAL. IT IS CONNECTED TO CLKI CLK 8 MHZ 68000 SYSTEM CLOCK /CS CHIP SELECT FOR DCP (A2-A23 ARE RELEVANT) /AS ADDRESS STROBE /LDS LOWER DATA STROBE USED TO TIME THE MASTER PORT DATA STROBE IUDS UPPER DATA STROBE HAS TO BE INACTIVE DURING ALL TRANSFERS Al ADDRESS BIT I DISTINGUISHES BETWEEN ADDRESS LATCH AND DATA TRANSFER CYCLES AI=LOW AI=HIGH RW ADDRESS LATCH DATA TRANSFER READ/ WRITE CONTROL OUTPUT SIGNALS: /MAS MASTER PORT ADDRESS STROBE /MDS MASTER PORT DATA STROBE CLKI INVERTED CLOCK CLK /DTACKI LOW ACTIVE DATA ACKNOWLEDGE FOR 68000 ONE WAIT STATE IS INSERTED IN A DATA WRITE CYCLE /DTACK2 LOW ACTIVE DATA ACKNOWLEDGE FOR 68000 (OPEN COLLECTOR) DCPCLK 4 MHZ DCP CLOCK, IT IS SYNCHRONIZED TO THE MASTER PORT DATA STROBE. IN A DATA TRANSFER CYCLE DCPCLK STAYS TWO CLK CYCLES LOW TO DELAY THE FIRST RISING EDGE OF THE DCPCLK TO TH DATA STROBES. IT IS DONE TO SATISFY TIMING PARAMETER 45 OF THE DCP PRODUCT SPECIFICATION. 83 ClK2 • vee OTACK2 AS ClK1 UOS lOS OTACK1 AmPAL16R4 R/W NC NC AI OCP ClK ClK MOS NC MAS GNO OE TOP VIEW 04862A-50 Figure 4.18. AmPAL 16R4 Connection Diagram 84 Chapter 4 4.5. Z8000 - AmZ8068 Figure 4.19 shows an interface between a 4-MHz Z8001/2* microprocessor and the AmZ8068. The CPU and the DCP can operate synchronously at a clock rate up to 3.5 MHz. All control and strobe signals can be connected directly to the DCP. The clock rate is reduced to 3.5 MHz to satisfy timing~arameter 45. The delay time from clock falling to Data Strobe (DS) rising is specified at 0 to 70 ns; the DCP requires 0 to 50 ns at 4 MHz. By reducing the clock rate, this parameter becomes 0 to 70 ns at 3.5 MHz. The system can operate at 4 MHz, if a lO-MHz Z8001/2 is used. This faster version is specified for 0 to 45 ns. A Sample Program A universal program for testing the DCP is included at the end of this chapter. The program is written in Z8002 (nonsegmented) assembly language. The DCP must be initialized for Multiplexed Control Mode and "Master Port only" configuration. The ciphering mode can be ECB or CBC. The mode is defined by the variable "MODE". A one-cycle operation of the interface is assumed. For a two-cycle operation interface, instructions to latch the register address must be added. Structure of the Program Some variable fields are located in the beginning of the program: DCP-OUT 32-byte buffer for the ciphered text DCP-IN 32-byte buffer for the clear input text; information to be ciphered must be loaded before starting the program CIVE 8-byte buffer encryption CE-KEY 8-byte buffer for the encryption key (fo r ECB MODE defin~s DATAREG address of Data Register (AD I =0, AD2=0) CSREG address of Command/Status Register (ADI =1, AD2=0) MODEREG address of Mode Register (ADI =1, AD2=1) fo r the CBC Initial mode of operation (18 H = ECB, *Z8001/2 are trademarks of Zilog, Inc. 85 Vector (I V) the here fo r and CBC) lAH = CBC) Chapter 4 First, the DCP is reset by loading the Mode Register. The IVE Register is loaded by issuing command "8SH"' "Load Clear IVE through Master Port", and strobing in eight bytes of data. The E Key Register is loaded in a similar way. The command is "lIH"' "Load Clear E Key through Master Port". Loading of the IVE Register is not required for ECB. After entering these load commands, the Command pending bit of the Status Register becomes active until the eighth byte is strobed in. The data ciphering session is started by writing "4l H", "Start Encryption" to the Command Register. The Command Pending bit becomes active and stays active until a stop command is entered or the DCP is reset. The Master Port Flag (MFLG) and the Slave Port Flag (SFLG) can be monitored to see whether the DCP is ready for input or output of data. In this sample program, these flags are not monitored because the structure of the program and the speed of the CPU guarantee tha t there are a t I east S DCP clocks between input or output of succeeding blocks. This program operates the DCP in pipelined mode. First, two blocks of clear data are loaded into the chip, then the first block is read out. During input of the second b,lock, the algorithm unit ciphers the first block. When the eight bytes of the second block are loaded, the first block is ready to be read out. The CPU can put data in and read data out without having to wait for the algorithm unit to cipher the data. After ciphering four blocks, a stop command is entered. result is stored in the field "DCP-OUT". The Improvements If the DCP should be interfaced to a faster Z8@@@, the designer must take particular care that: - the Address Strobe width does not become too narrow, - the Data Strobe width does not become too narrow for Status Register read operations (a wait State might be inserted), - MDS is synchronous to the DCP clock. Three approaches are discussed in more detail below. The interface logic of these interfaces may be integrated into one PAL device. Ideas of realization can be found in the other chapters. 8-MHz zalll - AmZal68 - Use two-cycle operation. - Divide clock by two. - Synchronize clock to OS. 86 Chapter 4 - For Status Register reads, one additional wait state must be inserted. a-MHz zaggg - Am956a - Use multiplexed address/data bus of CPU; the Am9568 accepts the narrow Address Strobe directly. - Transform R/W and DS into MRD and MWR. - Divide system clock by two and synchronize it to MRD or MWR. - Keep the DCP clock Low for two clock cycles at the end of the transfer cycle to satisfy the critical timing parameter 45 (0 to 30 ns) (see 68000-DCP interface). - Insert wait State for Status Register read operations. Zag88 - AmZ886a - DCP and CPU operate asynchronously with separate clocks. - Design interface analogous to "iSBX Bus - DCP". - Use two-cycle transfer mode. - Less efficient CPU-DCP transfer, but no restrictions for system clock rate. siw G STATUS DECODER . STo-ST3 :i')!,(>;;" ;>1 I] r LG ArnZ8000 ADa-AD,s ';' ,',:,:'• ,",i",xSi;S\ ,} ArnZ8068 1/0 ADDRESS DECODER MCS AD3-AD7 ie"~, ADo-AD7 :"",,;,.~ .. ~l\~l"',',',,"';, Y ., ,""', r AS MAS OS MDS R/W ClK MPo-MP7 MR/W T ClK OSCillATOR (3.5 MHz) CIK ~ 04862A-51 Figure 4.19. Z8000·ArnZ8068 Interface 87 MACR08000: 0000 0000 0000 0000 0000 0000 0000 0000 1000 1000 1020 1040 1048 1050 1051 1052 1054 1056 1058 1058 1058 105C 1060 1064 1068 106A 106A 106A 106C 106E 1072 1076 107A 107A 107A 107C 107E 1082 1086 108A 108A 108A 108C 108E 1092 1096 109A 109E 10A2 10A6 10AA 10AE 10B2 10B6 10BA lOBE 10C2 10C6 10CA 10CE 1002 1006 1006 1006 1008 10DA 10DA Version 2.0 9/19/80 Page 1 %********************************************************************* %* %* %* ENCRYPTION EXAMPLE FOR Z8000 JS 3/12/84 * * * %********************************************************************* PROGRAM DCP SHOW; ORIG IN 1il0DO; DCP OUT: DCP-IN: BYTE (32); BYTE 32); BYTE BYTE 8 . BYTE (1) ~ % DCP OUTPUT STORAGE AREA % DCP INPUT STORAGE AREA % CLEAR IV STORAGE FOR CBC/CFB ENCRYPTION % CLEAR ENCRYPTION KEY % MODE VALUE CSR EG: MODEREG: WORD (1); WORD (1); WORD (1): % DATA REGISTER ADDRESS (MASTER PORT) % COMMAND/STATUS REGISTER ADDRESS % MODE REGISTER ADDRESS DCP SHOW: LD LD LD LOB OUTB R3,DATAREG: R1,CSREG: R2,MODEREG: RL7,MODE: R2,RL7; % LOAD DATA REGISTER ADDRESS % LOAD COMMAND/STATUS REGISTER ADDRESS % LOAD MODE REGISTER ADDRESS % LOAD MODE VALUE % SET MODE (INCLUDES SOFTWARE RESET) !8l; CIVf: CE KEY: MODE: 00 DATAREG: 6103 6101 6102 600F 3E2F 1052 1054 1056 1050 CFA5 3E1F 2108 0008 2109 1040 3A92 0830 % LOAD IVE REGISTER LDB RL7,I/A5: OUTB R1,RL7: LD R8,'8: LD R9, CIVE: OTIRB R3,R9 ,R8; CFll 3ElF 2108 0008 2109 1048 3A92 0830 % LOAD E KEY REGISTER LOB RL7,,11; R1,RL7; OUTB LD R8,'8; LD R9, CE KEY: OTIRB R3,R9 :-R8: % BYTE COUNTER % ADDRESS OF CLEAR E KEY FIELD % STROBE 8 BYTES KEY IN CF41 3ElF 2108 2109 3A92 2108 3A92 2108 210A 3A30 2108 3A92 2108 3A30 2108 3A92 2108 3A30 2108 3A30 % ENCRYPTION SESSION LOB RL7,,41: OUTB R1,RL7: LD R8,'8; LD R9, DCP IN: OTIRB R3,R9 ,R8; LD R8,'8: OTIRB R3,R9 ,R8; LD R8,'8: LD RIO, DCP OUT: INIRB RIO ,R3,R8: LD R8,'8: OTiRB R3,R9 ,R8: R8,#8: LD INIRB R10 ,R3,R8: LD R8,#8: OTiRB R3,R9 ,R8: LD R8,'8: INIRB R10 ,R3,R8: LD R8,1I8; INIRB RIO ,R3,R8: % BYTE COUNTER % DATA INPUT fIELD % TRANSFER FIRST BLOCK % BYTE COUNTER % TRANSFER SECONO BLOCK % BYTE COUNTER % DATA OUTPUT FIELO % READ FIRST CIPHERED BLOCK BACK % BYTE COUNTER' % TRANSFER THIRD BLOCK % BYTE COUNTER % READ SECOND CIPHERED BLOCK BACK % BYTE COUNTER % TRANSFER FOURTH BLOCK % BYTE COUNTER % READ THIRD CIPHERED BLOCK BACK % BYTE COUNTER % READ FOURTH CIPHERED BLOCK BACK CFEO 3ElF 0008 1020 0830 0008 0830 0008 1000 08AO 0008 0830 0008 08AO 0008 0830 0008 08AO 0008 08AO %IVE LOAD COMMAND % BYTE COUNTER % ADDRESS OF CLEAR IVE FIELD % STROBE 8 BYTE IV IN % LOAD E KEY COMMAND % START ENCRYPTION COMMAND % TERMINATE CIPHERING SESSION LOB RL7,'EO: % LOAD STOP COMMAND OUTB R1,RL7: % ISSUE STOP COMMAND ENO. 88 Chapter 4 4.6. Z89* - Am9518/AmZ8968 This chapter shows in two examples how the Data Ciphering Processor (DCP) can be interfaced to a Z89 (Z89A, Z80B) CPU. All interface control signals are generated by one PAL device. In CPU transfer mode a ciphering speed up to 280 kByte/s can be reached. A Z80A DMA controller can double this value. Chapter 4.8 (Z80-DMA-DCP) shows how to increase the speed to 1.1 MByte/s. The multiplexed address/data bus of the DCP is simulated using a two-cycle operation mode. An output instruction to an even address (A 0 =Low) selects one of the internal registers of the DCP. In all subsequent I/O operations with A0=High, the CPU can transfer data to or from DCP registers. The register address stays latched in the chip until the next Address Strobe latches in a new address. The Address Latch Cycle does not represent significant overhead in an encryption or decryption session because, once the DCP is initialized and the data register is selected, no further Address Latch Cycle is needed. I/O addresses: XXXX XXX0 XXXX XXXl X Address Latch Cycle Data Transfer Cycle user definable The AmPAL16R4 device controls the interface timing. It generates the synchronized strobe signals for the DCP and the Wait for the CPU to extend the cycles. The PAL device is programmed to allow two operation modes. In Mode A the DCP works with the same clock rate as the CPU. Mode B increases the ciphering speed by allowing higher than 4-MHz system clock rates for the CPU. In this mode, the PAL device provides half the system clock rate for the DCP. A system with a Z80B at 6 MHz and an AmZ8068 at 3 MHz increases the ciphering speed compared to a system where both the CPU and the DCP clock are 4 MHz; the limiting factor is the data transfer capability of the CPU. The key requirement in interfacing the DCP to a Z80 CPU is to meet the timing relationship between the Master Port Data Strobe (MDS) and the DCP clock. The rising edge of MDS must be synchronous to the falling edge of the clock. The Operation Modes Mode A: Both the Z80 CPU and the DCP are operating synchronously at the same frequency. The DCP clock is inverted. This mode can be used with system clocks up to 4 MHz. No extra Wait states are inserted. *Z80 is a trademark of Zilog, Inc. 89 OSC ClK Ao-A7 DECODER WAIT Z80 Z80A Z80B ClK1 CS Ao ClK AmPAL 16R4 MCS MCS MAS MAS MDS MDS WAIT IORQ IORQ ClK2 ClK Ao WR OE ClKB Am95181 AmZ8068 Q AlB NO'TE 1 WR MR/W Do-D7 Note 1: A/B=HIGH: A/B=lOW: Z80·9518/Z80A·8068 Z80B·8068 Figure 4.20. Z80·DCP Interface 913 (MODE A) (MODE B) 04862A·52 Chapter 4 Mode B: To get higher ciphering throughput, the data transfer speed of the Z8~ bus should be increased by using a higher system clock rate. In Mode B the PAL device divides the system clock by two to generate the DCP clock. The DCP clock is synchronized to the MDS by delaying the clock one half cycle if they are not in phase (Figures 4.23 and 4.24). During a Data Write Cycle, one extra wait state is inserted. An AmZ8068 must be used in this mode even at a DCP clock rate of 3 MHz because of its faster register access time. Figure 4.20 shows the interface. The A/B input of the PAL device is wired High to select Mode A or Low to select Mode B. The Interface Timing Address Latch Cycle: (Figures 4.21 and 4.22) Master Port Chip Select (MCS) is active when IORQ and CS are a£tive Low and A0=Low (even address). Master Port Address Strobe (MAS) is strobed Low for one system clock cycle during the automatically inserted wait ~le TW to meet the hold time requirement of MAS High to MCS High (parameter 35). Data Read Cycle: (Figures 4.21 and 4.22) A Data Read Cycle reads the register whose address was latched in the previous Address Latch Cycle. MCS and MAS are inactive the whole cycle. MDS is active during the last two clock cycles, TW and T3. In both A and B Modes, no wait state is inserted. WR and.A0.must be High. In Mode B the DCP cl~ck is set Hig~ in the beglnnlng of T3 using an internal signal Q to synchronlze _the falling edge of the DCP clock to the rising edge of MDS. Q is only active in Mode B during Wait state TW. This interface meets the data hold time of the Z80, because the data is stable to the beginning of Tl of the next machine cycle. Data Write Cycle: In this cycle, the CPU can write one byte into the addressed register. MCS and MAS are inactive. WR is active and A0 is High. Mode A (Figure 4.20) MDS is strobed Low for TW. The DCP reads the data in at the beginning of T3. No Wait state is inserted. Mode B (Figure 4.23) MDS is strobed Low for the Wait cycle TW and the additional wait cycle TW' to meet the minimum data strobe active time (parameter 44) of the DCP. The DCP reads the data in at the begin of T3· 91 T1 T2 TW* T3 CPU ClK IORQ A1-A7 WAIT ==x I \ VALID PORT ADDRESS x:= 7 \ , _____....JI ,\-____----'1 ADDRESS CYCLE \~----,I , _____--JI WRITE DATA CYCLE READ DATA CYCLE * AUTOMATICAllY INSERTED BY THE Z80 CPU, (NO MORE WAIT'S ARE AllOWED) 04862A·53 Figure 4.21. Z80·Am9518/Z80A·AmZ8068 Timing Diagram (Mode A) 92 Chapter 4 Data Ciphering Speed The byte transfer capability of the Z80 system bus limits the data ciphering throughput of the DCP. A Z80 DMA controller doubles the maximum throughput compared to a CPU-controlled transfer as indicated in the following table: System Clk DCP Clk CPU 6 MHz 4 MHz 2.5 MHz 3 MHz Z80B Z80A Z80 4 MHz 2.5 MHz DCP Mode N T AmZ8068 AmZ8068 Am9518 B A A 168/176 168 168 0.28/0.27 0.19 0.14 N Number of DCP clock cycles to transfer and cipher 8 bytes of data. In CPU-controlled modes the use of the Z80 block transfer commands like INIR, INDR, OTIR or OTDR is assumed. T Throughput in MByte/s The formula for calculating the throughput is: T = (8 * f) / (N + m) MByte/s f DCP clock in MHz 8 8 bytes per block m Number of extra DCP clock cyc 1 es to get a minimum delay time of five clocks between transferring the last byte of one block and the first byte of the next block. In CPU controlled transfers m=0 can be assumed, because the CPU has to evaluate instruction fetches and memory data transfers between two I/O accesses. MFLG indicates if the DCP accepts data transfer. 93 Tw· CPU ClK Ao --~--~--~----~-- DCPClK(1)~ OR DCPClK(2)~ Figure 4.22. Address Latch Cycle (Mode 8) (No Clock Synchronization) DCP ClK(1) OR DCP ClK (2) • AUTOMATICAllY INSERTED WAIT STATE Figure 4.23. Data Read Cycle (Mode 8) 94 Tw Tw (NOTE I)(NOTE 2) T2 To CPU ClK Ao WAIT - - - - - - " " " " (NOTE 3) DCP ClK (1) OR DCP ClK (2) NOTE; 1. AUTOMATICAllY INSERTED WAIT STATE 2. EXTRA WAIT STATE 3. OPEN COllECTOR OUTPUT 04862A-56 Figure 4.24. Data Write Cycle (Mode B) MODEA MODEB ClK1,ClK2~ AB 1_ ClK: _ _ _ _ ' ClK ----J_-----,: L..-_ -_ G--- ~ 1 . . ._-----' ClK-u-LJ .J Figure 4.25. Clock Timing Diagram (Mode A and B) 95 Chapter 4 PAL16R4 PAL DESIGN SPECIFICATION DCP!346 JUERGEN STELBRINK 5/2/83 Z8!3- AM9518/AMZ8!368 INTERFACE CONTROLLER ADVANCED MICRO DEVICES CLKI JOE CLK2 NC MCS /CS /WAIT /IORQ /CLKB A!3 /Q /WR /MDS NC CLK GND VCC MASTER PORT CHIP SELECT MASTER PORT ADDRESS STROBE := IORQ*CS*/A0*WR*/MAS MDS := IORQ*CS*WR*/MDS*A!3*AB IORQ*CS*WR*A!3*/MDS*/Q*/AB IORQ*CS*WR*A!3*MDS*Q*/AB IORQ*CS*/WR*A!3 CLKB := /CLKB*/Q*/AB /CLK CLK2*AB CLKB + + + WRITE WRITE WRITE READ + IF (Q*WR) WAIT DATA DATA DATA DATA STROBE STROBE STROBE STROBE (MODE (MODE (MODE (MODE A) B) B) A+B) CLOCK FOR MODE B (MODE A) (MODE B) IORQ*CS*/MDS*/Q*A!3*/AB := NC /MCS IORQ*CS*/A0 MAS Q AB /MAS USED TO GENERATE MDS AND WAIT Q*WR WAIT TO Z8!3 FUNCTION TABLE CLKI CLK2 AB C L K 1 C L K 2 /CS /IORQ A!3 / I A B MODE A: / C S / 0 R Q /WR A 13 / W R C L K / M M C A S S CLK /MCS /MAS /MDS /WAIT / W M A D I S T / / Q C L K B COMMENT Z8!3- AM9518 OR Z8!3A- AMZ8!368 INTERFACE (DCP CLOCK = CPU CLOCK) CLOCK GENERATION X X L H H H X X X X X X X X H L X X X X X X Z Z H H H H X L L L L L L L H H H X X X X X X X X H H H L L L H H H H H H L H H H H H H H H H H H Z Z Z Z Z Z Z Z H H H H H H H H H H H H H H H ADDRESS LATCH H L C H C C H C X X X X X X X X H H H H H H H H H L L L L L L L H H H L L L H H L L L H H 96 H MACHINE CYCLE Tl CYCLE T2 CYCLE TW CYCLE T3 /Q /CLKB Chapter 4 WRITE DATA OPERATION C C C C X X X X H H H H L L L L H L L H H H H H H L L H X H H X X X H H H H H H H L H H Z Z Z Z H H H H H H H H CYCLE CYCLE CYCLE CYCLE Tl T2 TW T3 X X H H X H X H H H H H H L L H Z Z Z Z H H H H H H H H CYCLE CYCLE CYCLE CYCLE Tl T2 TW T3 NO /MAS READ DATA OPERATION C C C C X X X X H H H H L H L L L L L H H H H H H H H H INVALID OPERATION (READ IN ADDRESS LATCH) C X C C L K L K 1 2 H L L L H X L H H H H / / / W M A D I I S T Q L K B / / I / o A C B S R Q Z A 10 / C M M W R L K C S A S C COMMENT i----------------------------------------------------- -------------------MODE B: Z81OB- AMZ81068 INTERFACE (DCP CLOCK = CPU CLOCK/2) WRITE DATA OPERATION C C C C C X X X X X L L L L L H H L L L H H L L L H H H H H H H L L L L H H H H H H H Z Z H H L H L H H L L L L H L H H H H L H Z Z H H H L CYCLE Tl CYCLE T2 FIRST WAIT CYCLE (CLK=L) SECOND WAIT CYCLE CYCLE T3 C C C X X X L L L L L L L L L H H H L L L H H H H H H L L L H H L H Z Z L H H H H L FIRST WAIT CYCLE (CLK=H) SECOND WAIT CYCLE (SYNC !) CYCLE T3 H L H H L H H H H H H H H H H H H L L H Z Z Z Z Z H H L H H H L H H L CYCLE Tl CYCLE T2 WAIT CYCLE CYCLE T3 (SYNC!) NEXT CYCLE READ DATA OPERATION C C C C C X X X X X L L L L L H H L L L H H L L H H H H H H H H H H H 97 Chapter 4 DESCRIPTION: THIS PAL GENERATES ALL NECESSARY BUS CONTROL SIGNALS, TO INTERFACE THE AM9518 OR AMZ8068 TO THE Z80 CPU WITH A SYSTEM CLOCK UP TO 6 MHZ. 2 INPUT AND 1 INPUT/ OUTPUT PINS ARE NOT USED, SO THAT FOR EXAMPLE A DATA BUS TRANSCEIVER CONTROL LOGIC CAN BE ADDED. IN SYSTEMS WITH A CLOCK UP TO 4 MHZ, THE DCP RUNS DIRECTLY AT THIS FREQUENCY (MODE A, INPUT AB = HIGH). IF THE FREQUENCY IS HIGHER, THE DCP IS DIVIDED BY TWO FROM THE SYSTEM CLOCK (MODE B, AB = LOW). INPUT PINS: CLKl, CLK2 CLKI IS THE CLOCK INPUT FOR THE FOUR INTERNAL D-FLIP-FLOPS. THEY ARE CLOCKED BY THE RISING EDGE OF CLKI. THE DCP DATA STROBE MUST BE SYNCHRONOUS TO THE FALLING EDGE OF THE CLOCK; THE INVERTED CLK2 IS THEREFORE SENT TO THE OUTPUT CLK. IN MODE B CLK2 IS SYNCHRONIZED BEFORE IT APPEARS ON THE CLK OUTPUT. BOTH INPUTS ARE CONNECTED TO THE Z80 SYSTEM CLOCK. /CS CHIP SELECT GENERATED BY AN ADDRESS DECODER LOGIC (ACTIVE LOW). IF /CS IS ONLY ACTIVE IN I/O CYCLES, THE /IORQ INPUT CAN BE WIRED LOW. /IORQ INPUT/ OUTPUT REQUEST OF THE Z80 (LOW ACTIVE) A0 LEAST SIGNIFICANT BIT OF THE Z80 ADDRESS BUS TO SELECT TYPE OF OPERATION: SELECT REGISTER FOR NEXT DATA CYCLES A0= LOW (ADDRESS LATCH) A0= HIGH READ OR WRITE INTERNAL REGISTER (DATA TRANSFER TO CONTROL, MODE, INPUT OR OUTPUT REGISTER) /WR WRITE SIGNAL OF THE Z80, DEFINES DATA TRANSFER DIRECTION AB AB= HIGH AB= LOW MODE A MODE B OUTPUT SIGNALS: /WAIT ACTIVE LOW DURING FIRST WAIT CYCLE IN WRITE DATA OPERATION IN MODE B, TO GENERATE AN EXTRA WAIT STATE. THE OTHER TIME /WAIT IS IN THREE STATE. /MCS MASTER PORT CHIP SELECT, ONLY ACTIVE IN ADDRESS LATCH CYCLES /MAS MASTER PORT ADDRESS STROBE, ACTIVE IN ADDRESS CYCLES TO LATCH THE REGISTER ADDRESS AND /MCS IN. THE DCP STORES INTERNALLY THE ADDRESS AND THE CHIP SELECT TO THE NEXT ADDRESS LATCH CYCLE 98 Chapter 4 /MDS MASTER PORT DATA STROBE TO ENABLE DATA TRANSFER TO THE INTERNAL REGISTERS OF THE DCP CLK DCP CLOCK, IN MODE B SYNCHRONIZED TO THE MASTER PORT DATA STROBE (/MDS) /CLKB DCP CLOCK OUTPUT INTERNALLY USED FOR MODE B (NOT CONNECT) /Q INTERNAL STATUS SIGNAL (NOT CONNECT) 99 ADo-AD7 101M 8085 MPo-MP7 ~-----L-~ JOo-----+. MCS Am9518, AmZ8068 RD WR MDS ~-...._ S I I - - - - - - - - - - - - -.... MR/W ALE ~---~~'~IO----..... MAS CLK~----~~,~K?---__~CLK X2 ~20.F 04862A·58 Figure 4.26. 8085·DCP Interface 11313 Chapter 4 4.7. 8085A - Am95l8 Figure 4.26 shows the interface diagram between the 8085 microprocessor and the Am9518 Data Encryption device. The DCP and the CPU operate synchronously at a maximum clock rate of 2.2 MHz, considerably simplifying the interface requirements. Interface Description The 8-bi t address/da ta bus of the CPU is di rect 1 y connected to the Master Port of the DCP. The Master Port Data Strobe is driven by RD or WR. The MR/W input of the DCP is connected to the status line Sl of the 8085. This line is High whenever the CPU executes a read instruction. The Master Port Address Strobe (MAS) is the inverted Address Latch Enable (ALE). A decoded address and M/IO=LOW produces an active Low Master Port Chip Select. It is latched by MAS. The Clock The DCP can operate with the inverted CPU clock if the clock is slowed down to satisfy the minimum High time requirement of the DCP. The 8085A data sheet gives a formula to determine the minimum clock High and Low times for slower clocks. Minimum High time: 0.5 * T - 80 ns (T=clock cycle width) This time must be at least 150 ns for a Am9518 and 115 ns for a AmZ8068, resulting in a maximum clock rate of 2.2 MHz and 2.5 MHz respectively. Minimum Low time: 0.5 * T - 40 ns It is 190 ns at 2.2 MHz. The DCP requires that the MDS is synchronous to the clock. The range is 0 - TWL - 100 ns for the Am9518. TWL is the real Low time of the clock. The 8085 timing specification does not specify a timing relationship between the clock and RD or WR; the designer must verify. Improvements A more sophisticated interface avoids the missing timing specification and allows interfacing to a faster CPU. Ideas can be found in the iSBX Bus Interface (Chapter 4.10) or 68131313 Interface (Chapter 4.4). The first shows a totally asynchronous operation of the DCP and the CPU; the second shows how to delay the rising edge of the clock following MDS. 1131 MREQ ] WR iW MEMRD ~ MEMW )74LS244 r IORQ '"1)- lORD ~ IOWR Y ~ ;hlh' 00-07 DATAO_' ", ADDRESS'_15 " "~Ii' "I Z80A ~ ~ ~ 74LS373 OE ~ As-A1S } r-- f- I I , AO-A7 -Q ADDAESSO_7 } : ---l , CLK Vee RESET BUSRQ BUSAK ~ ~ HREQ HACK RESET ~~ DECODER I I OSC I-- CLK AEN SPoSP, MEMR MEMW lOR lOW PERIPHE RAL DEVICE L " DATA 00-07 ~ Am9517 ~ Ao-A7 r .f ADDRESSo_, ADSTB DACK MPoMP, Am9568 MCS CS f-+ CLK L. CLK2 AmPAL16R:ALE f-+ MALE ~ MRD f-+ MRD lOR lOW MWR f-+ MWR DACK SFLG CLK CLK1 Vee EOP DREQ SCS SDS MFLG C/K V Figure 4.27. Logic Diagram 1132 -- Chapter 4 4.8. Z80 - DMA - Am9568 This application design shows how to increase the ciphering throughput to 890 kByte/s using the advanced 8-bit OMA Controller Am9517A-5 (also called the 8237-5). The host CPU is a Z80A (Figure 4.27). The CPU sets up a data block in memory and programs the OMA controller to transfer this data block to the OCP via the Master Port. The OCP encrypts the data. A high-speed peripheral device can read out the ciphered data from the Slave Port. This dualport configuration allows data input and output simul taneously and increases the throughput compared to a single-port configuration by a factor two. In the single-port configuration, only the Master Port is used for data transfer; it handles both the clear and ciphered data. The multiplexed address/data bus of the OCP is simulated in a two-cycle operation. For output operation to an even address the PAL interface timing controller generates a Master Port Address Strobe (MAS) to select one of the internal registers. Subsequent I/O operations to an odd address (A 0 =High) transfer data to or from the preselected DCP register. During I/O operations to an odd address, the PAL device generates Master Port Data Strobes (MRD or MWR). Before the DMA block transfer is started, the CPU must preselect the DCP data register. The register address of the data register is 00H· The OMA controller operates in "flyby" mode. Data is transferred on the system data bus one byte at a time from memory to the OCP or vice versa without going through a DMA register. An I/O Read (lOR) and Memory Write (MEMW) or I/O Write (lOW) and Memory Read (M""E"M"R) are active at the same time. The DCP is selected by DMA Acknowledge (DACK). The PAL device treats DACK as CS active and A0=High. In this design the DMA controller can only execute data transfer cycles; it is not able to change the internal register address of the DCP. The DMA controller is set up for Demand Transfer Mode. It releases the bus when the data request input goes inactive. The Master Port Flag (MFLG) is wired to the data request input. The flag output goes active when the DCP is ready to accept data or the output data is ready to be read out. After transferring one block of data (8 bytes), this flag goes inactive until a new block can be put in or read out. The inactive time depends on the response time of the peripheral logic at the Slave Port. This flag is inactive a minimum of five clocks. Speed The OMA controller needs three clock cycles to transfer one byte. After each block transfer (8 bytes) the DMA controller releases the bus and requests it back if MFLG goes active again. This time is assumed to be 12 clocks. The ciphering of one block is 103 1134 Chapter 4 done concurrently with the input of the next block; the internal operation is pipelined. The maximum throughput can be calculated as: T = 8 / (8 * 3 + 12) * 4 MHz = 0.89 MByte/s The Compressed Transfer mode of the DMA controller cannot be used, because the PAL synchronization logic needs normal timing to synchronize the Data Strobes to the DCP clock. Initialization The Multiplexed Control Mode (C/K=Low) of the DCP is selected to enable access to the internal registers. The CPU first programs the Mode Register to reset the DCP and to set up the port configuration and ciphering mode. After that, the keys and initial vectors can be loaded. To initialize the DCP for DMA transfer, the CPU executes one Address Latch Cycle, to pre-select the data register. The DMA controller must be programmed such that DREQ and DACK are acti ve Low. Timing The PAL device simulates the multiplexed address/data bus of the DCP assuming a two-cycle operation mode. In the first cycle the CPU latches the address of the internal register into the DCP; subsequent cycles transfer data to or from the selected register. Address A0 distinguishes the two cycles (Figure 4.28). An I/O instruction with A0=Low generates an address latch cycle; an I/O instruction with A0=High generates a data transfer cycle. The DMA controller must be initialized for "extended" I/O write in order to have a similar I/O bus timing to the Z80A CPU. A "late" I/O write delays the Master Port write Strobe (MWR) to the DCP by one clock cycle. If a late write is used, the data bus will not be valid at the time data is latched. To execute a DCP-to-memory transfer, the DMA does an I/O read and memory write. The DMA controller can be programmed for an "extended" or "late" write, depending on the memory design. In "flyby" mode the DMA controller generates no I/O address, so the CPU has to preselect the data Input or Output Register. A DMA Acknowledge (DACK) enables MRD or MWR to control the data transfer. Figure 4.29 shows the DMA-DCP data transfer timing. When the DMA Controller has transferred one block of data, the data transfer has to be stopped until the DCP is ready for the next block transfer. The DCP makes the DMA Controller stop the transfer by deactivating MFLG. If MFLG is LOw, data may be transferred; if MFLG is High, the DCP does not accept data transferred. The timing of the MFLG to DREQ path is the most critical in this 105 I --i125nS/-- CPU ClK Dci>CiJ< 1--25Ons-1 r---~----------------~ MEMORY ADDRESS VALID DATA WRITE CYCLE DATA lOR MRD DATA READ CYCLE Q1 Q2 DATA 04862A-61 Figure 4.29. DMA·DCP Timing Diagram 106 Chapter 4 application. If MFLG is deactivated too late, the DMA Controller will issue another data transfer which will be disregarded by the DCP. The critical signal path will be analyzed below. To prevent the DMA from issuing another cycle the Data Request input has to go inactive by the falling edge of the DMA clock at the end of cycle 83. The DMA controller samples the input at this time and instigates another cycle if the request is still active. The set-up time of DREQ is 0 ns. The Master Port Flag which is connected to the DREQ input goes inactive in the eighth cycle with a maximum delay time of 150 ns after the Data Strobes. The Data Strobe itself has a maximum delay time of 190 ns (Am95l7A-5) after the rising edge of the clock in cycle 82. That gives a time window of 375 ns of which 340 ns are already used for the two delays (190 ns + 150 ns). The propagation delay of a fast PAL device is 25 ns. This leaves 10 ns for other delays in the signal path. The PAL design assumes that the system memory needs no Wait states. The peripheral logic at the Slave Port can use the S.lave Port Flag (SFLG) to time the transfer. If SFLG is active Low, data can be written to or read from the data register. 107 Chapter 4 PAL16R4 DCP1348 Z8I3A- AM9517 (DMA)- AM9568 (DCP) ADVANCED MICRO DEVICES CLK1 JOE CLK2 /MWR /MALE := /IOW /Q2 AI3 /Q3 /MFLG MALE /DACK NC NC CLK GND VCC ; MASTER PORT ADDRESS STROBE + CS*AI3*IOR*/IOW*/Q2 CS*AI3*IOW*/IOR*/Q3 DACK*IOR*/IOW*/Q2 DACK*IOW*/IOR*/Q3 := Q2 /IOR /Q1 /IOW+IOR+/CS+AI3+MALE := Q1 /CS /MRD PAL DESIGN SPECIFICATION JUERGEN STELBRINK 8-9-83 INTERFACE DEVICE + + + CS*AI3*IOR*/IOW*Q1 CS*AI3*IOR*/IOW*Q2 DACK*IOR*/IOW*Q1 DACK*IOR*/IOW*Q2 + + CS*AI3*IOW*/IOR*Q1 CS*AI3*IOW*/IOR*Q2 DACK*IOW*/IOR*Q1 DACK*IOW*/IOR*Q2 + MRD CS*AI3*IOR*/IOW DACK*IOR*/IOW Q2 + + MASTER PORT READ MWR CS*AI3*IOW*/IOR*/Q3 DACK*IOW*/IOR*/Q3 + MASTER PORT WRITE /CLK CLK2 := Q3 + + DCP CLOCK FUNCTION TABLE CLK1 CLK2 /CS /IOR /IOW /DACK AI3 C L K 1 C L K 2 / C S / I 0 R / D I A 0 C W K / A 13 C L K M A L E / CLK MALE /MRD /MWR /Q1 /Q2 /Q3 / M M / R W Q D R 1 / Q 2 / Q 3 COMMENT --------------------------------------------------------CLOCK GENERATION X L X X X X H X X X X X ADDRESS LATCH C X H H H H C X L H L H C X L H L H C X H H H H READ DATA X X H H H H X X H L X X X X X X X X X X X X L L L L X X X X L H L L H H H H H H H H H H H H H H H H H H H H CYCLE CYCLE CYCLE CYCLE H X L H H H H H CYCLE TW (CPU) 1138 T2 (CPU) TW T3 T1 Chapter 4 L L L L L L L L H H H L X H L C H L C H H C WRITE DATA X X L H C X L H C X L H C X H H X X H H C X H H C X H H C X H H X C C C C X X X X X X X X X H H H H H H H H H H H H H H L L L H H H H H H X L L L H L L L H H H H H L L L H H H H H H H H H X X X X X X X X X X X X L L L L L L L L L L L L L H L L L H H H H H H H H H H H L L H H H L L H H H L L H H H L H H H H H H H H H H X L L L L L L L L H H H H H H H H L L H H L L H H H L L H H L L H H H H H H H H H H H L H H H L H X X X X X X X CYCLE CYCLE CYCLE CYCLE TW (EXTRA WAIT STATE) T3 Tl S3 (DMA) CYCLE S4 CYCLE S2 CYCLE TW (CPU) CYCLE T3 CYCLE Tl CYCLE S3 (DMA) CYCLE S4 CYCLE S2 DESCRIPTION: THIS PAL GENERATES ALL NECESSARY BUS CONTROL SIGNALS, TO INTERFACE A Z80A CPU AND A AM9517 DMA CONTROLLER TO THE AM9568 DATA CIPHERING PROCESSOR. THE MAXIMUM SYSTEM CLOCK FOR ALL PARTS IS 4 MHZ. 1 INPUT AND 3 INPUT/ OUTPUT PINS ARE NOT USED. INPUT SIGNALS: CLK1, CLK2 Z80 SYSTEM CLOCK /CS CHIP SELECT FOR THE DCP, GENERATED BY A DECODER LOGIC /IOR INPUT/OUTPUT READ /IOW INPUT/OUTPUT WRITE A0 LEAST SIGNIFICANT BIT OF THE Z80 ADDRESS BUS TO SELECT THE TYPE OF OPERATION: A0 LOW SELECT DCP REGISTER FOR NEXT DATA CYCLES (ADDRESS LATCH) A0 HIGH READ OR WRITE INTERNAL REGISTER (DATA TRANSFER TO CONTROL, MODE, INPUT OR OUTPUT REGISTER) /DACK DMA ACKNOWLEDGE FROM DMA CONTROLLER, TREATED AS /CS=LOW AND A0=HIGH 109 Chapter 4 OUTPUT SIGNALS: CLK INVERTED SYSTEM CLOCK FOR THE DCP MALE MASTER PORT ADDRESS LATCH ENABLE, ACTIVE DURING ADDRESS LATCH CYCLES TO LATCH THE REGISTER ADDRESS ON MP1 AND MP2 (2 LINES OF THE MASTER PORT BUS) AND THE STATE OF /MCS IN. THE DCP STORES INTERNALLY THE ADDRESS AND CHIP SELECT TO THE NEXT ADDRESS LATCH CYCLE /MRD MASTER PORT READ, TO ENABLE REGISTER READ OPERATIONS /MWR MASTER PORT WRITE, TO ENABLE REGISTER WRITE OPERATIONS /Q1, /Q2, /Q3 INTERNAL USED STATE SIGNALS (DO NOT CONNECT). Q1 IS ACTIVE 2 CLOCK CYCLES IN EACH DATA TRANSFER OR DMA ACKNOWLEDGE CYCLE. IT IS USED TO GENERATE THE DELAYED Q2 AND Q3. Q2 IS USED TO HOLD /MRD ACTIVE UNTIL /IOR IS GONE INACTIVE. Q3 MASKS /MWR OFF. 110 Chapter 4 4.9. 81388 - DMA - AmZ81368 This interface design is similar to that of the previous chapter. The differences are that the Am9568 is replaced by the ArnZ8068 and the PAL device is reprogrammed for the 8088 CPU bus timing (READY). In this chapter, only the differences in the Z80-DMA-DCP interface are discussed. For additional information refer to Chapter 4.8. Figure 4.30 shows the CPU-DMA interface. The CPU is operating in Maximum Mode. The bus arbitration handshake of the DMA controller (HREQ and HACK) must be translated into the Bus Request/Grant handshake of the 8088 CPU, as described in the application note, "A Tested Design for the Evaluation of the Am9516 UDC in an 8086 Environment" published in the Am9516/AmZ8016* Technical Manual. If the CPU is programmed to operate in Minimum Mode, both devices have the same bus arbitration handshake. The HREQ and HACK of the DMA controller can be connected directly to the corresponding pins of the CPU (HREQ to HACK). The central part of this interface is a PAL device. The Chip Select 2 (Cs 2 ) input of the PAL device must be stable during the entire I/O transfer. This is guaranteed by decoding CS 2 from the latched address/data bus of the 8088 (A0 to A15 in Figure 4.30) • Master Port Read/Write is latched in the D-Flip-Flop. It is clocked in an output operation with CS3 active. One of the data lines is latched in to define the status on the MR/W input. This is necessary because the DCP requires a set-up time of 100 ns of MR/W to the Data Strobe. Generation of MR/W for each cycle of a high-speed data transfer session of the DMA controller would extend each cycle and slow down the maximum throughput. This logic cannot be integrated into the PAL device because of the flip~flop's asynchronous clock. Before executing an access to the DCP the CPU must latch the MR/W. The transfer itself is evaluated in a two-cycle operation. Master Port Address Strobe (MAS) is only generated if the CPU executes an output instruction to a specific I/O address (CS2 acti ve, A0=Low) (Figure 4.31). Addre~s LatcE~nable of the CPU (ALE) cannot be used for the generatIon of MAS because the CPU must set up the DCP for data transfer before a DMA transfer session is started. The DCP is set up by putting out a 00 H (data register address) to the I/O address mentioned above. Figures 4.32 and 4.33 show data read and write cycles. 4.34 shows DMA data read and writes cycles. *AmZ8016 is a trademark of Advanced Micro Devices, Inc. 111 Figure MRDC ~ I':>, r (5-8 MHz) RO/GT 8284 f--. READY 10RC 10WC AEN 8088 --10 ClK MRWC 8288 ~ (4 MHz) HACK 1) ~ ADs-AD15 HREO cs CS, DECODER CS3 cs, 1 .4 ADo-AD, Am9517A-5 ! 1<:::,' j. ',,1 " ~ ~~ 00-D7 DACK DREO 01 ... J L I cs ~ R/W 10WC 10RC READY r DACK CLK1 CLK2 ClK MAS ~ f4-1 ~ MR/W MPo-MP7 AmPAL16R4A MFlG AmZ8068 (4 MHz) f MCS ClK MCS C/K VV NOTE 1: SEE Am9516/8016 TECHNICAL MANUAL 04862A62 Figure 4.30. 8088·Am9517·AmZ8068 Interface R/W AO (lATCHED) READY (ASYNCHRONOUS TO CPU) =:::::x VALID J MAS MDS MDS ADDRESS OSC 4 MHz X'-__________________ --------------------------------------------------~~----------r_--------~----- -------+, \ .....---...../ Figure 4.31. Address Latch Cycle Timing (CPU·OCP) 112 04862A·63 ADDRESS ===x: VALID X ~------------------------- DMACLK. DCPCLK R/W ~ 1 AO_--J j / I~'--------' ----------,r--_. READY 04862A·S4 Figure 4.32. Data Write Cycle Timing (CPU·DCP) ADDRESS ===x: VALID X. . ___________________________ DMACLK. DCPCLK R/W READY Figure 4.33. Data Read Cycle Timing 113 i----t-125 ns C'CU ClK, D PClK R/W 190 ns - j + - - . j DATA WRITE CYCLE DATA R/W DATA READ CYCLE 215 ns DATA DATA VALID Figure 4.34. DMA·DCP Timing Diagram 114 04862A-66 Chapter 4 PAL16R4 DCP049 8088- AM9517 (DMA)- AMZ8068 (DCP) ADVANCED MICRO DEVICES PAL DESIGN SPECIFICATION JUERGEN STELBRINK 8-12-83 INTERFACE DEVICE CLK1 JOE CLK2 /MDS MAS := IOW*/IOR*CS*/A0*/Q3*/MAS Q1 := CS*IOR*/IOW*RW*/Q2 + CS*IOW*/IOR*/RW*/Q3 + DACK*IOR*/IOW*RW*/Q2 + DACK*IOW*/IOR*/RW*/Q3 Q2 := CS*IOR*/IOW*RW*Q1 CS*IOR*/IOW*RW*Q2 DACK*IOR*/IOW*RW*Q1 DACK*IOR*/IOW*RW*Q2 Q3 := CS*IOW*/IOR*/RW*Ql CS*IOW*/IOR*/RW*Q2 DACK*IOW*/IOR*/RW*Q1 DACK*IOW*/IOR*/RW*Q2 MDS /CS /IOR READY /Q1 /IOW /Q2 RW /MAS A0 /Q3 /DACK NC NC CLK GND VCC ; MASTER PORT ADDRESS STROBE + + + + + + CS*A0*IOR*/IOW*RW + DACK*IOR*/IOW*RW + Q2*A0 + CS*A0*IOW*/IOR*/RW*/Q3+ DACK*IOW*/IOR*/RW*/Q3 MASTER PORT READ /READY CS*/A0*IOW*/IOR*/RW*/Q3+ CS*A0*IOW*/IOR*/RW*/Q3 + CS*A0*IOR*/IOW*RW*/Q2 ADDRESS LATCH CYCLE DATA WRITE CYCLE /CLK CLK2 DCP CLOCK MASTER PORT WRITE FUNCTION TABLE CLKl CLK2 /CS /IOR /IOW /DACK A0 RW C L K 1 C L K 2 / C S / I 0 R C L K R E M M A A D D S S Y Q 1 / D I A 0 C W K / A III R W CLK /MAS /MDS READY /Q1 /Q2 /Q3 / / / / Q 2 / Q 3 COMMENT ------------------------------------------------------------CLOCK GENERATION X L X X X X H X X X X X ADDRESS LATCH C X H H H H X X L H L H C X L H L H X X X X H L X X X X X X X X X X X X L L L L L L X H H L H H H H L L H H L H H H H H H X X 115 CPU Chapter 4 C X L H L C X H H H READ DATA X X H H H X X L L H C X L L H C X L L H C X L L H C X H H H X X H L H C X H L H C X H L H C X H H H WRITE DATA X X L H L C X L H L C X L H L C X H H H X X H H L C X H H L C X H H L C X H H H INVALID CYCLES X X L L L X X L L H X X L H L H H L L L L X X H H H H H H L H H H L H H H H H H H L L L H H H H H H H X X X X H H H H H H H H H H X X X X X X X X X X H H H H H H H H H H H L L L L H L L L H H L L H H H H H H H H H L L H H H L L H H H H L L H H H L H H H H H H H H H H H H H H H L L L H H H H H H H H H L L L L L L L L X X X X X X X X H H H H H H H H L L H H L L H H L L H H H H H H H L L H H L L H H H H H H H H H H H L H H H L H H H H H H H H L H X X H H H H H H H H H H H H H H H H H H X CPU CYCLE S3 (DMA) CYCLE S4 CYCLE S2 CPU CYCLE S3 (DMA) CYCLE S4 CYCLE S2 DESCRIPTION: THIS PAL GENERATES ALL NECESSARY BUS CONTROL SIGNALS, TO INTERFACE A 8088 CPU AND A AM9517 DMA CONTROLLER TO THE AMZ8068 DATA CIPHERING PROCESSOR. THE MAXIMUM SYSTEM CLOCK FOR THE DMA CONTROLLER AND THE DCP IS 4 MHZ, THE SYSTEM CLOCK OF THE CPU CAN BE UP TO 8 MHZ. THE DEVICES ARE WORKING ASYNCHRONOUSLY. INPUT SIGNALS: CLK1, CLK2 DMA CLOCK /CS CHIP SELECT FOR THE DCP, GENERATED BY A DECODER LOGIC /IOR INPUT/ OUTPUT READ /IOW INPUT/ OUTPUT WRITE A0 LEAST SIGNIFICANT BIT OF THE Z80 ADDRESS BUS TO SELECT THE TYPE OF OPERATION: A0 LOW SELECT DCP REGISTER FOR NEXT DATA CYCLES (ADDRESS LATCH) A0 HIGH READ OR WRITE INTERNAL REGISTER (DATA TRANSFER TO CONTROL, MODE, INPUT OR OUTPUT REGISTER) 116 Chapter 4 /DACK DMA ACKNOWLEDGE FROM DMA CONTROLLER, TREATED AS /CS=LOW AND A@=HIGH RW READ/ WRITE SIGNAL STORED IN A DMA OPERATION WITHOUT WAIT PROBLEM OF THE SETUP TIME OF MDS GOING ACTIVE. THE STATUS WITH /IOR OR /IOW OR THE PAL A EXTERNAL LATCH, TO ALLOW STATES. THIS SOLVES THE MR/W OF THE MASTER PORT TO OF THIS SIGNAL MUST AGREE GENERATES NO STROBES. OUTPUT SIGNALS: CLK INVERTED DMA CLOCK FOR THE DCP /MAS MASTER PORT ADDRESS LATCH ENABLE, ACTIVE DURING ADDRESS LATCH CYCLES TO LATCH THE REGISTER ADDRESS ON MP1 AND MP2 (2 LINES OF THE MASTER PORT BUS) AND THE STATE OF /MCS IN. THE DCP STORES INTERNALLY THE ADDRESS AND CHIP SELECT TO THE NEXT ADDRESS LATCH CYCLE /MDS MASTER PORT DATA STROBE, TO TIME DCP DATA TRANSFERS /Q1, /Q2, INTERNAL USED STATE SIGNALS (DO NOT CONNECT). Q1 IS ACTIVE 2 CLOCK CYCLES IN ALL CYCLES. IT IS USED TO GENERATE THE DELAYED Q2 AND Q3. Q2 IS ACTIVE IN A DATA READ CYCLE. IT ALLOWS /MDS TO BE ACTIVE UNTIL /IOR HAS GONE INACTIVE. Q3 IS ACTIVE IN AN ADDRESS LATCH OR DATA WRITE CYCLE. Q3 DISABLES READY AND /MDS IN THE SECOND HALF OF THE CYCLE. ~3 117 KEV CONNECTOR -36 Vee 18 33 31 29 27 25 23 21 19 f40 20 Vee 19 16 2 3 4 5 17 18 Am2949 18 17 16 15 6 7 U2 1 8 T I J9 13 22 12 21 23 ii GND V I. 19 2. MCSi lORD IOWRT MAo RESET /3 i\lCSO Vee • MCSi 20 15 13 5 fORjj 6 10WRT 7 MAo 8 RESET 11 5 11 16f: SIGNAL GND '----- 8~ (Y f1L. ~ '17 Ul MPs MPs MP, AUXs AUX6 AUX7 2 ~ MD, MRD 16 2 7'lS02 I. U3 11 74LS02 MWAIT CLK1 AClR 13 2 1 Vee ~ 8 9 10 34 33 10 Is I, 32 1 2 • 3 16 Vee Ao 6 5 0, 04 00 01 02 10 as I, 7 25527 U6 (MASTER KEY PROM) A1 A2 A3 A4 CS 11 9 '--- 06 07 GND 8 12~5 MALE ClK C/K A 13 B 12 C U' lOAD Vee t..::Ji6 GND~ ~ CK ~ENT ...!. ASTB 1" 1 97.lS02 0 RCO~ ENP GND 7 8 A VCCl1s Vee 2 B 3 C 11 74L5161 Vee 7 I, I, I, MCS CLEAR 1 CLOCK GENERATOR 4MHz 6 MRD 28 MWR 27 MWR 15 r9=>3 1 5 26 MALE 17 a t!!NC • 9 35 5 OE AmPAL16R6 GND 3 7 Am9568 CP 14 MPST AUX2 AUX3 AUX4 6 8 Vee ACK 19 MWAIT AUXo AUX1 25 ~ MeSo Vee MPo MP, MP, MP, MP, 11 O vee,;(I,~ 22 9 x 4.7kD U7 Vee l 4 MDs MD, MD, Lvcc 1 ~"-i MOo MD, MD, MD, MD, Vee Vee iSBX BUS US Vee 74L5138 ~ ~ f 5 Yo V, V, ~' , G1 Ys G,A G,B V, V, ~ I. 15 13 12 11 10 9 7 00 0, 0, 0, 0, Os 0, 0, ~GND Figure 4.35. iSBX Bus-Am9568 Interface 118 Chapter 4 4.19. iSBX BUS - Am9568 The iSBX board described below adds high-speed data ciphering capability to a Multibus-based system. This iSBX board can be plugged into any Multibus board with an iSBX connector. The iSBX bus timing and bus signals are described in the "iSBX Bus Specification" (see Literature List). The Master Port of the DCP is interfaced to the iSBX bus. The multiplexed address/data bus of the DCP is simulated in a twocycle operation. The interface timing controller, a PAL device, generates the address and data strobes for the DCP and the Wait signal for the host CPU. The Auxiliary Port enhances the security of the system by preventing a CPU access to the keys. The keys can be loaded from a small bipolar PROM or from a device connected to the Key Connector. This device can be an optical or magnetic key reader. The Key Connector provides two power supply lines for the external device, Ground and +5 V. Two address buses (a 3-bit encoded bus (A13 to A2) and an 8-bi t decoded bus (013 to 07)) select one of the eight key bytes (Figure 4.35). The user can choose one of these two address buses. At any time, only one of the eight lines of the decoded bus (013 to 07) is active Low. Eight input lines (113 to 17) carry the key byte to the Auxiliary Port. Pull-up resistors force the data lines High if no device is connected to the Key Connector. The ciphering throughput of this particular design is limited by the iSBX bus byte transfer capability. In the single-port operation mode chosen, the maximum throughput is about 21313 kBytes/s, high enough even for speech ciphering applications. The throughput can be doubled if the interface design is changed to allow dual-port operation. The two-cycle operation mode is chosen in this interface design because it allows a faster ciphering speed and needs less interface logic. The whole interface logic fits into one PAL device. The disadvantage of this approach is software overhead for initializing the device. Under software control two types of cycles are generated, an Address Latch Cycle and a data transfer cycle. The address latch cycle is started by an output operation of the CPU to an even I/O address which selects this iSBX board. The internal DCP register address to be accessed by the CPU is transferred via the Master Port data bus. MPl and MP2 carry the relevant address information. In this cycle only MALE is generated. 119 04862A·68 Figure 4.36. Address Latch Cycle Timing (MAo = Low) 04862A·69 Figure 4.37. Data Write Cycle (MAo = High) 1213 Chapter 4 A data transfer cycle is executed in an output operation to an odd address. The transfer is made from or to the register that was selected in the previous Address Latch Cycle. This approach is faster than simulating a multiplexed bus because a Master Port Address Latch Enable (MALE) need not be generated in a high-speed data transfer session. The data register address is latched in the chip by an Address Latch Cycle at the beginning of the session. The data session itself has no address latch overhead. Address Latch Cycle The Master Port Address Latch Enable (MALE) latches the state of Master Port Chip Select (MCS) and the internal register address on MP l and MP2. Subsequent data cycles use this 2-bit address. The PAL device starts generating an Address Latch Cycle if the iSBX signals indicate a CPU output operation to an even port add 7ess. IOWRT (I/O write command) and MCS 0 (M Chip Select 0) are actIve, MA0 (M Address 0) is Low and MCSl is inactive. The portion of the PAL device generating MALE operates as a state machine. MALE is set at the first falling edge of CLK, when MCS0 and IOWRT are active. The next f2lling edge resets MALE and sets the internal state variable Q which inhibits MALE from being set again. MWAIT inserts CPU wait states until the register address is latched onthefallingedgeofMALE. The rest of the cycle is unavoidable overhead because the iSBX bus timing specifies no minimum delay time between MWAIT inactive and the end of the I/O cycle. If MCS glitches, MWAIT also glitches. The delax is less than 35 ns, which meets the iSBX timing specification. Q removes MWAIT, after MALE became inactive. Figure 4.36 illustrates an Address Latch Cycle. Data write Cycle The CPU can write commands, data or keys to the previously selected internal register. Data is latched with the rising edge of Master Port Write (MWR). The generation is that an initiates the of MWR is one of MWR is similar to that of MALE. The difference output operation to an even address (MA0=High) state machine of the PAL device. The pulse width clock cycle. MWR is synchronous to the falling edge of the clock (CLK) to meet the critical timing parameter 45 of the Am9568 product specification. Figure 4.37 illustrates a Data write Cycle. 121 04862A-70 Figure 4.38. Data Read Cycle (MAo = High) 04862A-71 Figure 4.39. Auxiliary Port Key Load Timing 122 Chapter 4 Data Read Cycle A data read cycle~ initiated when MCS 0 and lORD are active, MA0 is High and MCS I is inactive. The CPU then can read the addressed internal register. MCS 0 cau~es MWAlT to be asserted Low in order to extend the cycle. MWAlT guarantees a minimum of one clock access time to the DCP register (min. 250 ns at 4-MHz DCP clock). This satisfies timing parameter 49 (200 ns minimum). The CPU can latch the data bus any time between MWAlT and lORD becoming inactive. The data on the DCP data bus is valid until the first fall ing edge of CLK after lORD becomes inactive. MRD changes to High synchronous with that edge to satisfy timing parameter 45 (0 to 30 ns). The iSBX bus timing specifies that the data bus has to be floating within 150 ns after MCS inactive. To satisfy this parameter and to prevent data bus contention in the end of a data read cycle, the data bus transceiver U2 in Figure 4.35 disconnects the DCP data bus from the CPU data bus. Two NOR gates (74LS02) combine MCS and MRD, to generate the receive control signal for U2. Figure 4.38 illustrates a data read cycle. Key Load Logic The DCP has three keys stored on the chip: one key for encryption, one key for decryption, and a Master Key. Each of these 56-bit keys can be loaded through either the Master Port or the Auxiliary Port. The keys are transferred in eight cycles, one byte at a time. Note that the least significant bit of each byte is a parity bit for odd parity «8 - 1) * 8 = 56). This application note offers two methods of loading the keys through the Auxiliary Port: - A 32 * 8-bit PROM can hold one key, either the Master Key or one key used for both encryption and decryption. - A wide variety of devices from a simple 8 by 8 jumper matrix to an advanced card reader can be plugged into the Key Connector. Software compensates the speed of the device. Sequencer U4, a 74LS161 4-bit up counter, generates a 3-bit address sequence for the Master Key PROM U6 and the Key Connector. The least significant bit of the sequencer is wired to the Auxiliary Port Strobe input ASTB of the DCP. The two sequencer control signals, ACLR and CP, are controlled by software. 123 Chapter 4 The Asynchronous Clear input CLEAR initializes U4 with outputs A to D Low. The first key byte is addressed. Ripple Carry output RCO is inactive High. The first pulse on the clock input CK produces a rising edge at ASTB to strobe in the first key byte. The rising edge of ASTB is synchronous to the clock CLK to satisfy timing parameter 62 (0 to 50 ns). The software controlled delay time between ACLR and CP or between the following CPs allows interfacing to any external key device. In the case of reading from the Master Key PROM, no software wait loop is required because the access time of this PROM meets any CP sequence. The acknowledge input ACK can be pulled Low by the Key Load Device to signal the CPU that the key byte at the Auxiliary Port is valid. The PAL device transfers the state of this input to the iSBX data bus line 0 during an I/O read operation with MCS I active. The second pulse on CP increments the address output of the sequencer. The delay time between the first and second pulse satisfies the data hold time requirement of 80 ns (timing parameter 65) of the Auxiliary Port. A sequence of 15 pulses on CP transfers all 8 bytes of the key into the DCP. After the 15th pulse RCO becomes active to disable further key strobes (ASTB). The 3 to 8 line decoder U5 creates a decoded address for the Connector. Key Figure 4.39 illustrates the key load sequence. The PAL Device The interface timing circuit, a PAL device, is programmed to generate: Four control signals for the DCP (CLK, MALE, MRD and MWR), the Wait signal for the CPU, and the ACLR and CP to control the key load logic. The PAL device used in this application note is an AmPAL16R6 device. It has eight inputs and eight outputs. Two outputs are combinatorial, six are registered. The input Output Enable OE is wired Low to enable all outputs. CLK and MWAIT are combinatorial outputs of the PAL device. MWAIT must be a combinatorial output to meet the timing relationship to MCS as specified in the iSBX specification (see the paragraph "Address Latch Cycle"). The other outputs -- MAS, MRD, MWR, Q, CP and ACLR are registered outputs. They are synchronous to the rising edge of the CLKI input and, therefore, to the falling edge of the eLK output. 124 Chapter 4 The ACLR is strobed Low when executing an output operation to an even I/O address with MCSl active. The CP is strobed low when executing an output operation to an odd address with MCS l active. The loading of keys is softwarecontrolled so that a wide variety of devices can be plugged into the Key Connector. 125 Chapter 4 PAL DESIGN SPECIFICATION PAL16R6 DCP0410 JUERGEN STELBRINK 6/28/83 ISBX- BUS TO AM9568 INTERFACE DEVICE ADVANCED MICRO DEVICES CLK JOE /ACK /MWAIT /MCS0 /ACLR /MCS1 CP /IORD /MWR /IOWRT /MRD MWAIT MCS0*/MCSl*/Q Q MCS0*/MCSl*/MA0*IOWRT*MALE*/Q + MCS0*/MCSl*MA0*IOWRT*MWR*/Q + MCS0*/MCSl*MA0*IORD*MRD*/Q + MCS0*/MCSl*Q /MALE := /MCS0+MCSl+MA0+/IOWRT+MALE+Q MWR := MCS0*/MCS1*MA0*IOWRT*/MWR*/Q MRD := MCS0*/MCSl*MA0*IORD IF (/MCS0*MCS1*IORD) /MD7 MA0 MALE NC /Q NC MD7 GND VCC ADDRESS LATCH WRITE DATA READ DATA ACK /CP := /MCS0*MCSl*MA0*IOWRT ACLR := /MCS0*MCS1*/MA0*IOWRT FUNCTION TABLE CLK /ACK /MCS0 /MCSI /IORD /IOWRT MA0 MD7 MALE /MRD /MWR /MWAIT /Q CP /ACLR C L K / / / I I 0 M / R W R M A M D A C L D T 0 7 H H H H H H L L H H H H H H H H L L L H L L L L z z z z H H H H L L L H H H H H L L L H H H H H H H H H / / / M M A C C o C K S 0 S 1 C X H H C C C C X X X X X L L L L H C C C X X X L L L C X H H H H H C C C C X X X X L L L H H H H H / / W L E M R D M W R A I T L L H L L L H H H H H H z z z z L L z z z M A / Q C P H H H H H H H H L H H H H H L H H H H L L H H H L L H H H L L H L H H H H H L H L L H L H z L L H H L z L L L H H H H H L H z 126 R COMMENT ; ADDRESS LATCH H H H H H H H H H H H H H H H H DATA WRITE H H H H H H H H DATA READ Chapter 4 C C C C X X X X H H H H L L L L H H H H L H L H L L H H Z Z Z Z L L L L H H H H H H H H H H H H H H H H H H L H L H H H X X L H H H L L L L H H X X L H L L H H H H H H H H H H H H RESET COUNTER CLOCK COUNTER ; ACKNOWLEDGE READ ----------------------------------------------------------------------DESCRIPTION: GENERATION OF ALL NECESSARY BUS CONTROL SIGNALS, TO INTERFACE THE AM9568 (DCP) TO ISBX- BUS. INPUTS: CLK 4 MHZ DCP CLOCK /MCS(3 DCP CHIP SELECT MA(3 LOW ADDRESS LATCH CYCLE MA(3 = HIGH DATA TRANSFER CYCLE /MCS1 KEY COUNTER SELECT WRITE: MA(3 LOW MA(3 = HIGH READ: COUNTER RESET COUNTER STROBE (8 TIMES 2 STROBES, TO LOAD THE 8 KEY- BYTES PUT STATE OF ACKNOWLEDGE INPUT TO MD7 /IORD INPUT/ OUTPUT READ /IOWRT INPUT/ OUTPUT WRITE MA(3 ADDRESS LINE (3 /ACK ACKNOWLEDGE SIGNAL FROM EXTERNAL KEY LOAD DEVICE OUTPUTS: /MWAIT WAIT SIGNAL TO THE CPU, TO EXPAND THE 10 TRANSFER /MRD MASTER PORT READ /MWR MASTER PORT WRITE MALE MASTER PORT ADDRESS LATCH ENABLE MD7 MASTER PORT DATA LINE 7 CP CLOCK PULSE FOR THE KEY ADDRESS COUNTER /ACLR RESET KEY ADDRESS COUNTER 127 Chapter 4 Testing The DCP iSBX board was tested in a CP/M 86 system. It was hooked up to the Module 2 connector of an AMD iSBX Motherboard (PWA 009520014). This Motherboard has to be configured for byte mode with the Module 2 addresses from 90 to 9F H in order to run the test program without any changes. Therefore, jumper HDRI is removed and HDR2 is installed. Jumpers 1-2 and 11-12 are installed. The test program is written in 8086 Assembly structure of the program is described below. Language. The It programs the DCP for ECB (Electronic Code Book) encryption mode and single-port operation by loading l8 H into the Mode Register. Then 8 bytes of encryption key are put in and one block is ciphered. The 8 result bytes are stored at location "CIPHER". The result should be: 95H,A8H,D7H,28H,13H,DAH,A9H and 4DH. writing a 9l H to the Command Register sets the DCP up for key input through the Auxiliary Port. A following Status Register read should show a 44 H: Command Pending and Auxiliary Port Flag (AFLG) are acti ve. The instruction "OUT ACLR,AL" initializes the key load logic. The loop LABI sends 16 strobes to the sequencer to strobe in encryption key (Figure 4.39). If all the key bytes do not have odd parity, the LPAR flag in the Status Register is set. If everything is correct after strobing the key in, the Status Register will contain 00 H• The start command C0 H sets the Start/Stop bit of the Status Register and sets the device up for a data encryption session. Loop2 loads 8 bytes of plain data into the Input Register. When this block is loaded, a Status Register read will show 83 H : Start/Stop is active, the input flag is active to indicate that more blocks of data can be put in, and the output flag is active to indicate that data can be read out. Loop3 reads one block of cipher data out of the Output Register and transfers it to the memory location "CIPHER". A following status read shows that the output flag is indicating the Output Register is empty. inactive The Stop command E0 H terminates the ciphering session; of the Status Register are reset. all bi ts 128 ASM86 VER 1. II SOURCE: TESTISBX.A86 JUERGEN STELBRINK 6/13/83 ADVANCED MICRO DEVICES 9568 INTERFACE TO THE ISBX-BUS TEST PROGRAM (KEY LOAD THROUGH AUXILLARY PORT) CSEG ORG 1110H ""90 0"91 0"98 01199 ASTROBE DSTROBE ACLR CP EQU EQU EQU EQU 911H 9lH 98H 99H """" DATA EQU CONTROL EQU MODE EQU IlIIH 1l2H 06H 111102 "0116 ADDRESS STROBE (EVEN ADDRESS) DATA STROBE (ODD ADDRESS) RESET LOAD KEY LOGIC 1.0UTPUT: LOAD KEY 2. OUTPUT: INCREMENT ADDRESS (;11"11 0102 (;11114 0106 BII E6 BII E6 116 911 18 91 MOV OUT MOV OUT AL,MODE ASTROBE,AL AL,18H DSTROBE,AL DEFINE MODE: MASTER ONLY, ECB, ENCRYPTION (;11118 010A 010C (;I111E B" E6 B0 E6 112 90 91 91 MOV OUT MOV OUT AL,CONTROL ASTROBE,AL AL,91H DSTROBE,AL LOAD CLEAR E KEY THROUGH AUX PORT IN AL,DSTROBE READ STATUS REGISTER (AL=44H) OUT MOV OUT LOOPNZ ACLR,AL CX,16 CP,AL LABI DUMMY OUTPUT, TO RESET KEY LOAD LOGIC 16 CLOCKS DUMMY OUTPUT 011B E4 91 IN AL,DSTROBE READ STATUS REGISTER (AL=IlIIH) 011D B" 112 011F E6 90 (;1121 E4 91 MOV OUT IN AL,CONTROL ASTROBE,AL AL,DSTROBE LATCH CONTROL REGISTER ADDRESS 0123 BII CII 13125 E6 91 MOV OUT AL,IICIIH DSTROBE,AL ENTER START COMMAND 0127 012A 012D 1l12F 0131 11136 11138 11139 MOV MOV MOV OUT MOV OUT INC LOOPNZ BX,0 CX,8 AL,DATA ASTROBE,AL AL,CS:CLEAR[BXj DSTROBE,AL BX LAB2 MOV OUT AL,CONTROL ASTROBE,AL 1111" E4 91 11112 0114 0117 0119 E6 98 B9 HI 1111 E6 99 Ell FC BB B9 BO E6 2E E6 43 110 II" 08 00 1111 91l 8A 87 6A III 91 Ell F6 1113B B0 112 1113D E6 90 LABl: LAB2: 129 READ STATUS REGISTER (AL=81H) LATCH DATA REGISTER ADDRESS WRITE 1 BLOCK DATA TO INPUT REGISTER LATCH CONTROL REGISTER ADDRESS ASM86 VER 1.1il SOURCE: TESTISBX.A86 READ STATUS REGISTER (AL=83H) Iil13F E4 91 IN AL,DSTROBE 1il141 1il144 1il147 13149 1314B 1il14D 1il152 13153 MOV MOV MOV OUT IN MOV INC LOOPNZ BX,1il CX,8 AL,DATA ASTROBE,AL AL,DSTROBE CS:CIPHER[BX] ,AL BX LAB3 13155 Blil 1il2 13157 E6 913 13159 E4 91 MOV OUT IN AL,CONTROL ASTROBE,AL AL,DSTROBE 1315B Blil EI3 1315D E6 91 MOV OUT AL,IilEIilH DSTROBE,AL ENTER STOP COMMAND 1315F E4 91 IN AL,DSTROBE READ STATUS REGISTER (AL=IilIilH) 1il161 CB RETF BB B9 Blil E6 E4 2E 43 Elil 0162 81il Iill 1il16A Iillil Iillil 1il172 Iillil Iillil 1il8 Iillil Iillil 91il 91 88 87 72 131 LAB3: F6 Iill 1il1 1il1 Iill Iill KEY 1il1 IilI3 IilI3 Iillil Iillil Iillil CLEAR Iillil CIPHER ; READ 1 BLOCK DATA FROM OUTPUT REG! STEF LATCH CONTROL REGISTER ADDRESS READ STATUS REGISTER (AL=81H) INTERSEGMENT RETURN DB 8IilH,1,1,1,1,1,1,1 DB 0',0',0,0',0',0,0,0 RB 8 END END OF ASSEMBLY. NUMBER OF ERRORS: LATCH DATA REGISTER ADDRESS Iil 130 Chapter 4 4.11. 8051 - Am9s18/AmZ8068 The 8031/8051/8751 Single-Component 8-Bit Microcomputer family can easily be interfaced to the DCP. Both devices together with TTL logic can form a stand-alone data ciphering system for lowto medium-speed data communication networks. Clear and ciphered data is handled serially with a programmable handshake protocol. using the Am9568 eliminates the need of Port l.x to control Master Port Read/Write. RD and WR can directly be connected to the corresponding inputs of the DCP (MRD and MWR). ALE does not have to be inverted when connected to MALE. Figure 4.40 shows the 8051-DCP interface. The 8051 must be programmed so that Port 0 provides a multiplexed address/data bus. Port 0 is connected to the Master Port of the DCP. RD and WR are logically ORed to generate the Master Port Data Strobe. Port l.x controls the Master Port Read/Write input (MR/W). This satisfies the set-up time requirement of MR/W to MOS. Master Port Chip Select can be tied Low if it is guaranteed that RD or WR only become active in a DCP access cycle. Otherwise it must be generated by an address decoder. Clock Divider The DCP clock divider logic as shown in Figure 4.40 divides the CPU clock by four or six depending on the type of instruction the CPU executes (See the timing diagram in Figure 4.41). If the CPU generates an ALE every sixth clock, the CPU clock is divided by six. This is the normal case. The speed calculation of the DCP should be done for this clock rate. If the CPU executes "MOVX" instructions, every second ALE is left out and the divide factor is four. For both cases the minimum DCP clock High or Low width is two CPU clock periods which guarantees that even a CPU clock of 12 MHz satisfies the minimum clock requirement for the Am9518 as well as the ArnZ8068. The AmZ8068 gives a wider range for the Data Strobe to RD or WR delay. The typical value for the 8051 at room temperature with a full load at these outputs is 50 ns. At a CPU clock rate of 10 MHz, this timing requirement is 0 to 100 ns (two clocks minus 100 ns) for the Arn95l8 and 0 to 135 ns (two clocks minus 65 ns) for the AmZ8068 at a CPU clock rate of 10 MHz. Programming Port l.x must be High for a read access and Low for a write access. Data is transferred using a "MOVX @Ri,A" or "MOVX A,@Ri" instruction. Ri is register R0 or Rl. Only this 131 I I OSC (12 MHz) ~ D ClK XTAl, 0 0, ~D I Q~ ~ 'ClK - - - 0, MCS ClK ALE MAS AD WR MDS Am95181 AmZ8068 8051 -. SERIAL IN - SERIAL OUT SER I Al COMMUNICATIO NS INTERFACE MRIW MFlG SFlG PORT1.X PORT1.Y PORT1.Z A ADDRESSI DATA BUS ,~ J .... PORTO r ~ MPo-MP7 c/j{ ~ Figure 4.40. 8051·DCP Interface S5 P1 I P2 I XTAl1 ALE 0, 02 ~I.....-------------I ----I~L-------I 1...-------11 1 1 ....__.....1 \~--------------~/ PORTo = : : = X A D D R E S S V A L l D _ X\..._____ DATA VALID \~------------~/ -JX'-_____ PORTO =::=XADDRESS VALlDX'-_ _ _ _ _ _ _ _ _ DA_!_A_VA_l_ID_ _ _ _ _ _ _ _ 04862A-73 Figure 4.41. 8051·DCP Timing Diagram 132 ~ASE Chapter 4 instruction generates the interface timing needed for the DCP. The internal register address is loaded into Rn before executing this instruction. Data Input or Output Register 02 Command or Status Register 06 Mode Register The Flags can be monitored by two input pins of the CPU, Port l.y and l.z. One Flag corresponds to the status of the Input Register, the other one to the status of the Output Register. They become active Low if the CPU can perform a data transfer. For deta i I s refer to Chapter 3.1. In high-speed data ciphering applications, i t might be too time consuming to toggle Port l.x (MR/W). The toggling can be avoided by choosing the dual port configuration of the DCP. Both the Master and Slave Port are connected to Port 0 of the CPU. During the data ciphering session, one port operates as the data input port, the other port operates as the data output port. This means that during the whole session, the data flow direction does not ha ve to be turned around; MR/W can stay Low or High for the whole session. MCS and SCS select the appropriate port. 133 DCP ALGORITHM UNIT (ECB, ENCRYPTION) OUTPUT BUFFER INPUT BUFFER DCPCLOCK EXTERNAL BUFFER EXTERNAL BUFFER NETWORK CLOCK @e@ @e@ @ PIS @ DIN SIP DOUT (CIPHER TEXn (CLEARTEXn 04862A-74 Figure 4.42. Network Transmitter DCP ,. ,. '8 OUTPUT BUFFER ALGORITHM UNIT (ECB, ENCRYPTION) INPUT BUFFER A K~ ,. ,. ...8 ~ EXTERNAL BUFFER '" " ~ DCPCLOCK EXTERNAL BUFFER NETWORK CLOCK AII,"""':.,.. . . . .JPIS DIN '" @e@ @ @e@ I (CIPHER TEXn jD @ SIP C>Dou T (CLEARTEXn Figure 4.43. Network Receiver 134 ,. '8 04862A-75 Chapter 4 4.12. HIGH SPEED SERIAL DATA CIPHERING IN NETWORK SYSTEMS This chapter discusses the use of the data encryption chip (Am9518/AmZ8f368) in local area networks. In some of these applications, it is desirable to use encryption as an option to an existing system. When this happens, the option board may have to take serial data from the former network driver and reprocess the data to transmit and receive cipher test. The following discussion should shed some light on a practical approach to this problem. First, the system must meet the required level of security. This is a system philosophy problem related to the handling of keys, CRC generation, and system partitioning. Secondly, data must meet transmission requirements such as continuous transmission of data, non-block size packet length, and transparency. The second requirement, which is the concern of this note, is a hardware configuration problem. The DCP (Am9518/AmZ8f386) can be configured to cipher data at up to 14.2 Mbits/s. This can be accomplished by using the device in Direct Control Mode with a feedback path between the output port of the unit and its input port. The DCP may be looked upon as a three stage system: the input buffer, the output buffer and the algorithm unit. The DCP handles data in 64-bit (ECB and CBC) or 8-bit (CFB) blocks. Between block transfers the system has to provide a recovery time of five clocks to allow the DCP to update its internal flags. External Buffers smooth this discontinuous data flow to provide a continuous data flow onto the network (see Figures 4.42 and 4.43). The system may be looked upon as a closed system in which the number of bytes in the system remain constant. Therefore, if nine bytes are rotated, the system would be initialized with eight bytes in the output buffer and one in the input buffer. At some time there would be eight bytes in the input buffer ready to move into the algorithm unit and one byte in the output buffer ready to be loaded into the P/S-XOR-S/P feedback circuit. Operation on the data will take eight network clocks. The data moving through the algorithm unit will take 23 DCP clocks (5.75 microseconds for the 4-MHz 8(386). This would allow a frequency of 1.39 MHz for the network clock. If 113 bytes were allowed to circulate in the system, one byte would still be available in the output buffer while one was being shifted through the feedback circuit, and a block was being processed in the algorithm unit. This would allow 16 network clocks to transpire during the 5.75 microseconds that data moved through the algorithm unit. This would allow a network clock of 2.78 MHz. This reasoning buffer during DCP buffers. microseconds network clock holds until the data must be stored in an external the flag inactive period of the input and output The inactive period is five DCP clocks of 1.25 for the 4-MHz AmZ8f368. This happens when the is 6.4 MHz. At this rate additional buffering, 135 Number of Initialization Bytes Number of Bits in Circulation Minimum Period inJ.lsec (5.75 J.ls/# bits) Maximum Network Clock in MHz 9 8 0.718 1.39 10 16 0.359 2.78 11 24 0.220 4.17 12 32 0.180 5.75 13 40 0.144 6.9 14 48 0.112 8.33 15 56 0.103 9.74 16 64 0.0899 11.13 04862A-76 Figure 4.44. Maximum Network Clock as a Function of the Number of Bits in Circulation DCP OUTPUT BUFFER EXTERNAL BUFFER ALGORITHM UNIT (ECB, ENCRYPTION) INPUT BUFFER 1 DCPCLOCK EXTERNAL BUFFER NETWORK CLOCK (CLEAR TEXT) ~®~E9~®!IIt~2:I NETWORK (CIPHER BUS HOST ':;;:2I-~~rII BUS [: TEXT) DIR ---~~-....- - - -...- - _....- -...~ 04862A·77 Figure 4.45. Bidirectional Interface, Transmit Mode 136 Chapter 4 external to the DCP, is required. This would allow data to be stored in the external buffer while data is transferred from the algorithm unit to the output buffer on the output port, or from the external input buffer to the input buffer on the input port, while data from the input buffer is being transferred to the algorithm unit. The foregoing analysis holds up to 11 MHz (See Figure 4.44). To operate at the maximum frequency of 1.78 Mbytes/s, or 14.2 Mbi ts/s, three additional initial ization bytes must be added to the system, making a total of 19 bytes. This scheme is based on pipelining scheme A: minimum timing operation. The idea is to have enough data in the system to allow transfers through the algorithm unit in 18 DCP clocks. During the time data is being moved to or from the algorithm unit (1.25 microseconds) the external buffers must store 18 bits. This would require two registers in addition to the feedback circuit. The maximum number of bytes that can be used to initialize the DCP results from the need to minimize buffering while providing continuous data to the network. During the period when the DCP is in a lockout phase, there are 16 bytes in the DCP and the remaining number of bytes reside in the external buffers. This would correspond to a condition in which the output buffer has just been emptied and the algorithm unit and input buffer are full. The lockout period takes five DCP clocks or 1.25 microseconds. During this time, 18 bits must be transferred in order to meet network requirements. This requires that three buffer locations be available. Since there are six to begin, only 3 bytes can be stored externally; therefore, the maximum number of initialization bytes allowed would be 19. Figures 4.45, 4.46, and 4.47 show a block diagram of a system that will handle data from the bus or network side of the board. The controller must be able to handle some of the link functions. In particular, it must be able to respond to clear text or cipher text on a real-time basis. It must synchronize data transfers between the DCP, the buffers and the host or network buses, and initialize the DCP. Data is most rapidly transferred in Direct Control Mode; however, the DCP must also be able to manipulate keys and Initial Vectors. This requires switching to Multiplexed Control Mode, as these functions are not supported in Direct Control Mode. It must also be able to set the DCP to ECB, CBC, or CFB encrypt or decrypt modes. Because the cipher text may inadvertently contain control characters, it must be deciphered before it is decoded or the system must be operated in Transparent Mode. In addition to the normal transmission characters, it is usually desirable to add a message number or date stamp to the front of the encrypted data and include the destination address. The initialization time required would be at least 31 clocks x 0.25 microseconds/clock or 7.75 microseconds. This could be done during the clock time when the network is recovering from the previous transmission. 137 DCPCLOCK NETWORK CLOCK HOST BUS NETWORK BUS 04862A·78 Figure 4.46. Bidirectional Interface, Receive Mode DCP ALGORITHM UNIT (ECB, ENCRYPTION) HOST BUS 04862A·79 Figure 4.47. Bidirectional Interface, Transparent Mode 138 Chapter 4 The previous information has discussed the possibility of using the DCP in a link application in which only serial data is transferred between the host and network. We have found that the DCP can run at its maximum transfer rate by adjusting the initialization data and the amount of external buffering. We have also looked at some of the requirements for the controller in a secure network environment. We can conclude that the DCP may be used effectively in a link application at rates up to 14.2 MHz. 139 140 Appendix A APPENDIX E-Key = ~ Electronic Codebook (ECB) Test Data D-Key 0123456789ABCDEF Encryption: Time -1- 2 3 Plain Text 4E6F772069732074 68652074696B6520 666F7220616C6C20 Cipher Text 3FA40E8A984D4815 6A271787AB8883F9 893D51EC4B563B53 Decryption: Time -12 3 Cipher Text 3FA40E8A984D4815 6A271787AB8883F9 893D51EC4B563B53 Plain Text 4E6F772069732074 68652074696B6520 666F7220616C6C20 The plain text is the ASCII code for "Now is the Time for all ••• " These seven-bit characters are written in the hexadecimal notation (0,b6,b5,b4,b3,b2,bl,b0). Appendix B APPENDIX B. Cipher Block Chaining (CBC) Test Data E-Key = D-Key IVE IVD 0123456789ABCDEF 0123456789ABCDEF Encryption: Time -12 3 Plain Text 4E6F772069732074 68652074696D6520 666F7220616C6C20 Cipher Text E5C7CDDE872BF27C 43E934008C389C0F 683788499A7C05F6 Decryption: Time -1- 2 3 Cipher Text E5C7CDDE872BF27C 43E934008C389C0F 683788499A7C05F6 Plain Text 4E6F7720697 3207 4 68652074696D6520 666F7220616C6C20 The plain text is the ASCII code for "Now is the Time for all ••• " These seven-bit characters are written in the hexadecimal notation (0,b6,b5,b4,b3,b2,b1,b0). 141 Appendix C APPENDIX E-Key IVE = ~ Eight-bit Cipher Feedback (CFB) Test Data D-Key = IVD 0123456789ABCDEF 0123456789ABCDEF Encryption: Time -12 3 Plain Text DES Input (IVE) l234567890ABCDEF 34567890ABCDEFF3 567890ABCDEFF31F DES Output BD66l569AE874E25 7039546F9A0F6330 AD1B78B0BB371BE7 Cipher Text 4E+BD F3 6F+70 IF 77+AD = DA Cipher Text DES Input (IVD) l234567890ABCDEF F3 IF 34567890ABCDEFF3 567890ABCDEFF31F DA DES Output BD66l569AE874E25 7039546F9A0F6330 AD1B78B0BB371BE7 Plain Text F3+BD ~ IF+70 6F DA+AD = 77 4E 6F 77 Decryption: Time -1- 2 3 The plain text is the ASCII code for "Now is the Time for all ••• " These seven-bit characters are written in the hexadecimal notation (0,b6,b5,b4,b3,b2,bl,b0). The "+" represents the EXORfunction. 142 Appendi x 0 APPENDIX ~ Certification £y National Bureau of Standards ~ationaI ~ureau of ~tandard5 DATA ENCRYPTION STANDARD (DES) VALIDATION CERTIFICATE The National Bureau of Standards has tested the encryption device identified as ..,:Am..::.;:Z:,:8:.::0..::6..::8-..l..: char buffer[BUFSIZ]; char file [12] ; mode (value) int value; /* initialize mode register of DCP */ { outp(0x80,0x06); outp(0x81,value); /* address mode register */ /* ECB, master port only */ } command (value) int value; /* issue command "value" to the DCP */ { outp(0x80,0x02); outp(0x81,value); /* address command register */ /* load command */ } write block(text) int text[]; /* write one block */ { int i; outp(0x80,0x00); for(i=0;i<=7;i++) outp(0x81,text[i]) ; /* address data register */ /* load 8 bytes */ } read block(text) int text[]; /* read a block */ { int i; outp(0x80,0x00); for(i=0;i<=7;i++) text[i]=inp(0x81); encrypt (clear,cipher) int clear[],cipher[}; /* address data register */ /* read 8 bytes */ /* encrypt one block */ { command (0x41) ; write block(clear); read block(cipher); command (0xe0) ; /* start encryption */ /* stop */ } decrypt (cipher,clear) int clear[],cipher[]; /* decrypt one block */ { command(0x40); write block(cipher); read_block(clear); /* start decryption */ 145 Appendix D command (0xe13) ; /* stop */ } key load(value,key) int-value,key[] ; /* load 56-bit key into DCP */ { command (value); write block(key); - } show(n,textl,text2) int n,textl[],text2[]; /* write one line to the file */ { printf("This is pass %d\n",n); fprintf(buffer," KEY(%4d) = %02x%02x%02x%02x%02x%02x%02x%02x ",n, text! [0] ,text! [1] ,text1 [2] ,textl [3] ,text1 [4] ,textl [5] ,text1 [6], textl [7] ) ; fprintf(buffer,"DATA(%4d) = %02x%02x%132x%132x%02x%02x%02x%132x\n",n, text2[13] ,text2[1] ,text2[2] ,text2[3] ,text2[4] ,text2[5], text2 [6] ,text2 [7]) ; error (keys,rounds) int keys,rounds; /* print error message */ { fprintf(buffer,"Comparison error for keys exit() ; %d and rounds = %d\nfl,keys,round } odd parity(text) int-text[] ; /* generate odd parity of array */ { int i,j,n; for(i=0;i<=7;i++) { n=text[i] &1; for(j=1ij<=7ij++) n=nA((text[i]»j)&l); n=nAli text[i]=text[i]A n ; } main () { #define keys 4130 #define rounds 11301313 int i,j,ic,plnl[8],pln2[8],pln3[8]; strcpy(file,"CERT.DAT"); if(fcreat(file,buffer)==ERROR) /* define filename */ { printf("File already exists\n"); exit() ; } fprintf(buffer,"AMD#2 Am9568 Certification Data: 146 Feb-23-84\n\n" Appendix 0 :>de(f3x18); Inl[f3]=f3x3f;plnl[1]=f3x98;plnl[2]=f3x47;plnl[3]=f3x7a; Inl[4]=f3x85;plnl[5]=f3xb3;plnl[6]=f3xf3f3;plnl[7J=f3xfd; In2[f3]=f3x9d;pln2[1]=f3xfe;pln2[2]=f3x6d;pln2[3]=f3xd3; ln2[4]=f3x45;pln2[5]=f3x7a;pln2[6]=f3x9d;pln2[7]=f3xb9; /* init plain text */ /* init key */ =13; now(i,pln2,plnl); :>r(i=l;i<=keys;i++) { key load(f3xll,pln2); key=load(f3x12,pln2); for(j=l;j<=rounds;j++) /* load encryption key */ /* load decryption key */ { encrypt(plnl,pln2); /* encrypt twice */ encrypt(pln2,plnl); decrypt(plnl,pln3); /* decrypt block to verify */ for(ic=f3;ic<=7;ic++) /* operation of DCP */ i f (pln2 ric] !=pln3 [ic]) error(i,j); } odd parity(pln2); show(i,pln2,plnl); /* modify new key for odd parity */ /* load result into file */ } utc(CPMEOF,buffer); flush(buffer) ; close(buffer) ; /* put EOF mark into file */ /* flush buffer to disk */ /* close file */ 147 Appendix D Feb-23';'84 AMD#2 Am9568 Certification Data: KEY ( KEY ( KEY ( KEY ( KEY( KEY( KEY ( KEY( KEY ( KEY ( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY ( KEY( KEY( KEY ( KEY ( KEY ( KEY( KEY( KEY ( KEY ( KEY( KEY ( KEY ( KEY( KEY( KEY ( KEY ( KEY ( KEY( KEY ( KEY ( KEY( KEY( KEY ( KEY( KEY( KEY( KEY( KEY( KEY ( KEY( KEY( KEY( KEY( KEY( 0) 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) 12) 13) 14) 15) 16 ) 17) 18) 19) 20) 21) 22) 23) 24) 25) 26) 27) 28) 29) 30) 31 ) 32) 33) 34) 35) 36) 37) 38) 39) 40) 41 ) 42) 43) 44 ) 45) 46) 47) 48) 49) 50) 51) 52) 9DFE6DD3457A9DB9 51AD1391CDBF7AAD B9A2FB298AC18C67 DA58E08A3B7CD9D9 38B310161CBCA2A8 6ECEF4756BDCF49D EA45B394683B9DFE B0E023736B89FD83 6D989415073DFE04 lC6E9D4ABA37B35D C797618526CBC49B F4C42CCECDF2ADDC 43080157EFAE04B0 DF5EBFFB5E204C64 32648F9BA8798A5B B531450719343454 6B4CF27A68CBC8Cl 20C84C91F7344351 7C02A79E2C7C38CE 5876 0DA8A8 E3.B089 85A298020D8A6D86 9BFD753D3BDAEA98 626B850431F8B58A FB10F8B985E9B3B0 257FFB70CBADE094 C8F70276D0942AD6 C17038E0FE6B4A94 9829AB75DA5E9401 4AEC01737AE3C767 86264C265DD6EC31 6B1038B367D980E5 70496DCDEC155261 F480E0380B94C45E 40BF5BA1A264F237 5ED0898A68BF455D 4FC1B0BFDA0BE554 4M3616EC89E86D3 F151F8DF1F583DD0 D0BAF42A375DCDD0 02EADACDA7A70861 7075D337EF345D15 013DE9 8M6D9 3E8 3 45CE3D2ABA2076EC 850D23E661D552BA 4361A4A7C76B62E9 1A5DA~6E6B3D4AA4 B07FF~8A290B3B08 072079C740947002 A8EFDAE654BFBCD0 8A675B9EC19204AE D9E9F2F7E39858B0 46F46E91FB7CCE8F BCADF40B94B5204F DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( 148 0) 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) 12) 13) 14) 15) 16) 17) 18) 19) 20) 21) 22) 23) 24 ) 25) 26) 27) 28) 29) 30) 31) 32) 33) 34 ) 35) 36 ) 37) 38) 39) 40) 41) 42) 43) 44) 45) 46) 47) 48) 49) 50) 51) 52) 3F98477A85B300FD 10B447B6B53242C8 8947274835DE2B10 F07774A0985A1426 45CC342BF898B00A F2B6375FAB01839E 6AE3FEEBA7EBB8C9 852ACBF25D8A57AE 4B3586841CBCDC2D 643B492C10E33EAB 9D17D98CDE6BEAEE D0129C0487D56EA3 F37C3BEF5496184F 38BID27307F5BIEA 73B27722687B44D3 880ACED367B543B2 309CB7900E3B61C0 E22871C470836511 A5ADC80285F43777 61693B23CA9AA67E CIF946029706DC2D 4C33767B6EIME4C 03D98B090B901063 85504CF4072BC45F 0C3DFEFBB364657F CF014ADDDD418668 7BB8C2A0B4CD2900 B4A7D98CB0AEBC58 68028F9B1FDF151B 41A3 2D02 21E3 72 65 073F292FB9BC2DDE 56FFA102DE7A2156 E48E2D08DA845585 13 99 74 2A091D7C06 68FA2A0CCAA01464 25D1F75FFDE14A93 5006CE31CC7BA3D9 87DBE71F4B35583F B4AE933196D30A59 D97446565310401E AB2164B792E066C4 DED9E86480E9BF55 A3F26B7B30C86AC6 BABE64BC8B1EA6A9 FC596A1EACFD21B4 F07EB7D219C56CED F62C61D5EE647AA3 CF99A25984AC6454 4BB53BC42CE91E5F 321646D5733BFD67 6F67FBC3A6A3EDF2 2E2965810068EEDB 3BAEE2156A0B2CD5 Appendix D KEY( KEY ( KEY( KEY ( KEY ( KEY ( KEY( KEY ( KEY( KEY ( KEY( KEY( KEY( KEY( KEY( KEY ( KEY( KEY( KEY( KEY ( KEY( KEY( KEY ( KEY ( KEY( KEY( KEY( KEY( KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY ( KEY( KEY ( KEY( KEY( KEY( 53) 54) 55) 56) 57) 58) 59) 613) 61) 62) 63) 64) 65 ) 66) 67) 68) 69) 713) 71) EC4929F42C1324F62 B5D51A629B252CC8 13879731F134713D6EC 4FDFEC267FFEBCD6 68318A3D86649EE9 13EIC13413875436BAB 9B58EC345DD6213B3 2994E65113E213E5E5 75F49B25B3AE13DDA CB31BC3DCB61F245 4A9D2A4C6B5B4AFD BFBCD69898D32C8A 83BAF271326C745Al 6EEABF68EF683EFl 4FBC5E7FE6137E39E A8494C5E732CFl7A F8FDDF5E2F97D1392 618F9132CB6413B137 437C7C34B3FB4F61 72) F2E613BBCB6AD2CB5 73) 948A29B54AA854F2 74) 75BC31134ABA468AD 75 ) A281325541377F832A 76) E9AllAE5 7C01CD8 3 77) 51B5DA7FEC389D6B 78) 52B0976ECIB53113E 79) 37A42F3DF8C75B4A 813) 2C8913E89162C7515 81) C4C713813BC1l5B1343 82) AD5413DA8648394A7 83) 13EB3D5A4AD106D92 84) 6D325EB3C8526D73 85) 581932DAA74C29CB 86) C2DC8FCIE13853E4A 87) AE299BA19280139B 88) 1576DC52EAE13A162 89) 94C2B568E51318F13 913) 761C7526254CFE4C 91) 83CD29D13FB9B2AC2 92) 58571A83CE791A3E 93) 6B3B3B3E7C973D91 94) FE469BBCEF79136E 95) 264C5191C2A29EB3 96) AD6BAED367BF61413 97) 43DC6B316E2F2302 98) = BAE39423A16BAB13 99) 573E267F1348AF7DF 11313) 018 31AA 71A4C0E13B 101) 165243F24C349B19 1132) AB6DC8FB3BBA13B13 1133) 58FE51327F6849D5 1134) F26152EC89A451D6 105) 9413A41F2FCE8F37 1136) F1ADB38AD6EAAED13 107) 61EAC8191C61CBAD DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( 149 53) 54) 55) 56) 57) 58) 59) 613) 61) 62) 63) 64) 65) 66) 67) 68) 69) 713) 71) 72) 73) 74) 75) 76) 77) 78) 79) 813) 81) 82) 83) 84) 85) 86) 87) 88) 89) 913) 91) 92) 93) 94) 95) 96) 97) 98) 99) 11313) 101) 1132) 1133) 1134) 1135) 1136) 107) ED6E45612F3513959 AA76DD7DEBB374132 355933E36FC8A565 AFFE7C41313A8651AD 29C138984FD68F4C4 CA5DED97C813C73F13 71E883DEC86847135 C5B13F6CF2E5464AD 7E246CF8F714E459 238CABABA586136EA. C173137713A7FDC5C3 4C24233FF82341317 6EBE132E3E4F2E396 DA169E824285756D 3771FEC4F271325B 1329DA71E13D9A38D 1394F361B173D25AA 13CBD4112B9F15D4C 66AD98CD4C65344D CB6F597AAC228AAF A13CDB91B41FD8EF2 117BF13613BllABB12 D3E825FFIBF6A175 84F534E613CCICEB8 DE75D313EA5DEF1375 6AL8513A1398E24B138 338364A1373CA6EF5 CE19BIFFD282C78D 1374CCDB7A167ACA C23572131339454DIF EFEl13687C66133191 BE16A9316648E836 A58B713893D2E6B4A 62DAEE9BE5AB2C14 E23ADEIA17B568F2 9AB844FC293A8A5A 4FIF2F7C183C8B7A F334F6BDIB282D61 1316184E731297F4D FA8279C2C91B5343 9984E4E8EF4D6F5A 0E7E16D8A3753134D 969E77813161397595 13162DB13A3131131DID C3AE3D98BE39DF13E FF01213F13CFB99A44 EID9FA313CEC6DA1F 15F4898C2B414582 273816D72C9667B5 E295882E9C6138F5F D331D15BFDE66AF13 3C9B49A5DA25E4Fl CE193A8372D21359A 4B5CDE71D139C96F7 648813B6D1134BFAD6 Appendix D KEY( KEY( KEY ( KEY( KEY( KEY( KEY ( KEY( KEY ( KEY ( KEY( KEY( KEY( KEY( KEY( KEY( KEY ( KEY( KEY( KEY( KEY ( KEY( KEY ( KEY ( KEY( KEY( KEY( KEY( KEY( KEY( KEY ( KEY ( KEY( KEY ( KEY ( KEY( KEY ( KEY( KEY( KEY( KEY ( KEY ( KEY( KEY( KEY ( KEY( KEY ( KEY ( KEY( KEY( KEY( KEY( KEY( KEY( KEY ( 1138) 1139) 1113) 111) 112) 113) 114) 115) 116) 117) 118) 119) 1213) 121) 122) 123) 124) 125) 126) 127) 128) 129) 1313) 131) 132) 133) 134) 135) 136) 137) 138) 139) 1413) 141) 142) 143) 144) 145) 146) 147) 148) 149) 1513) 151) 152) 153) 154) 155) 156) 157) 158) 159) 1613) 161) 162) E37F8A73FDABF41A EAA7113529EBABAC7 DF52E385B64A132FE DF296DAE312976B6 76138DAD67F413765E DAME13C494413FIEC 85B3EA6DD6269467 23D1394D31A571FAE CDE6FB49CB7A9BDC D1368627A1317398AB 4552676E13426B9E13 852A1326419381FD3 5DFD2F9BF213D7AIA 948C3B91D362F7B6 54BA138ECB9AEDCEC 4AF154A26E4135783 E13BC9794C813BBFIA 132A757F7615BAE31 627137CD554453E54 15C4A49BB31382A85 FB98M2AC7AE8FF7 B9D13CB49CB191F92 253B52455446A843 A2C175D5B136BF862 8F25FEAED62AC8D5 75CD134E619346D43 7A6241313D3E3E624A C7D93DA1342134AA8 942F913DC73411379 D134C52138F7B97632 B61A31252CAE345D B9E5576113413898CD A481313AE891C13EEC 327C4C7A467358C7 4CBF491FABFB5131 A467A71FE979BAF8 B13A7D661B5134CD134 8F1374F62413E59B97 8F15ECCDBCIF13D213 D131318FCE343149A8 8A75413E345676D15 CE624C34C185EA26 134E63BB131CIC75C7 68833489151F1315E 7552B3515775EAB5 131F4F813149D6B957 67294632675EEA5E A23E92DFEFCE9D13B BFD3FE51C26823D3 B91AF73B5ED133416 E985134253B97C4EC 8137AC8D958AIDCB3 3245D9E349466489 C8E13132E6D136BABIF 9413ED3213151C45DA DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( 1513 1138) 1139) 1113) Ill) 112) 113) 114) 115) 116) 117) 118) 119) 1213) 121) 122) 123) 124) 125) 126) 127) 128) 129) 1313) 131) 132) 133) 134) 135) 136) 137) 138) 139) 1413) 141) 142) 143) 144) 145) 146) 147) 148) 149) 1513) 151) 152) 153) 154) 155) 156) 157) 158) 159) 1613) 161) 162) 4AEF2213C883C13B25 351366139DC298CD44 45961A64255773F2 D526C13B5899B3519 DB833F7D8132AF4FB 133BD84A3A61B3C89 A7EE146CA8DDFIBB F1949D2CBECA89113 E8696A1382ED64BE9 5ACBFC953A6F51364 A3936766BE3C44E2 DA24F213Al13845E4 BBFB892AIC97135DC 987B5138E5F9DAC22 97C36AF7Bl1413A15 49DBD96B353613264 213132EA1433AE1488 2138F2B28F471332C3 72EA5B2351346513F4 BD8139AD497E54A43 B53ADD87458C17F4 8B5C7A96CFEE413B5 lE77DFB27C7134EEC DFB5213135F5CAF5EC 3738223913C2E3BB9 C4416EF6236B4B71 CE13FB5A7Bl136BIE7 A13748C713DAD49ADA AFD66D1121336E8FA D1464F19AA431C44 491356658733A87AC E45249DBB13386669 BCI133391D32DC1213 9E57FF52B6D73862 114EIC6AB4FA348F 8AE713F2F3136E7819 13BEF21FBE4FDA9EC 448ACDB5725CD63E B72E169136139E613139 17AAD813F12137C524 DA8DCB4D7DFE4FA2 4138713A18FB515AF3 89BFIDFE12EIA227 3137A153565AD45BE BB53A4248831FC16 91322A9413C966CEED 3D7E64DAC813EA48E 3142CB1751A61392D 1374789A18A1336567 69B4D4A5DIB4FA3B 775A13E9F61F4DB47 2139E913BBC6F13F4E 915592B2669DF526 2995DAB13F349E12A 72CB2DF78A2F7FB3 Appendix 0 KEY( KEY ( KEY ( KEY ( KEY ( KEY ( KEY( KEY ( KEY ( KEY ( KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY( KEY ( KEY ( KEY ( KEY( KEY ( KEY( KEY ( KEY ( KEY ( KEY ( KEY ( KEY( KEY( KEY( KEY ( KEY( 163) 164) 165) 166) 167) 168) 169) 170) 171) 172) 173) 174 ) 175) 176) 177) 178) 179) 180) 181) 182) 183) 184) 185) 186) 187) 188) 189) 190) 191) 192) 193) 194) 195) 196) 197) 198) 199) 200) 201) 202) 203) 204) 205) 206) 207) 208) 209) 210) 211) 212) 213) 214) 215) 216) 217) AD20B991C12FDF6E = DC708A3280163D2C D5A783Al1586236B 7A260ED6A2F4E315 5757709DA8155EA8 CD7CA2F72C324FCD 045D25FD2C5E2A02 B39119A73D2C6B5E 85F25EDF91F7CBAl 491F2CECEFB9BA52 5B681F0457D60BDF 67DAEC7F4C755726 52BC2507F88A5B43 F804BA79BA236710 E39162D079A47F8F 19629E808FFBC22F 13CB5D97620279C2 8F02FB7308453157 3702928F047567D0 01893410B52A1F3B 4613BF0D64B0077A 6DFB5849B0A8ECBC 0146CE320E46433B 26C8E5C194CEBAFl DF799234CB1FF1D5 B316B64A5D9B3D32 E0BA0BD62CAEDFAl 979D6E671C255BC4 AD9870AEC854080E E094A21CB6E06D46 FD2A2C37AEC4FDE6 2083F10870F1CEF7 68C2E0A7A157E52A 8F32F1FE8319E31C 4A62EC75A75D31BA A4B6DC267370EA0B 2A708CBC9D43B64F 34864A08DCCE07D6 07A834FB498F61C4 E3ECC70101D60834 1C928061168640F7 E6E37CBFB3541A0B 623BD39B0BE5D62C 799D796BD00443AE 080DCD070446ADA4 67BA6B58E9ECFBD3 3DEFCEADFEE9B07F CEF15B077AE3E0FB 0252C80E20347976 D6D9254F977529C4 7A45E0F2A1DFFBA2 23B6A891BF4C54C2 D9FBCBC791D66D73 F27F3810491F0273 5DB68AEA3723FDCE DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( 151 163) 164 ) 165) 166) 167) 168) 169) 170) 171) 172) 173) 174) 175) 176) 177) 178) 179) 180) 181) 182) 183) 184) 185) 186) 187) 188) 189) 190) 191) 192) 193) 194) 195) 196) 197) 198) 199) 200) 201) 202) 203) 204) 205) 206) 207) 208) 209) 210) 211) 212) 213) 214) 215) 216) 217) 421691BDE21501A5 26EC847D00E4B3C0 7E8F28F6DC9A46E9 CE4CEFEE1CC54BEl 8F31AC9EB64EF458 2DCA8F7A7B076C23 1D923FDE7AABADDE 1E29F3026E1AFFEB 0D1927E668022411 484DF1EEC700CF8F D8702322FCE81358 3FB456D8CAB5FAA8 19A1813E26890530 8FA60ED5D9539F9E 2C3C0A6FBCA01B82 A4S65E2759311EA7 00DA6E9C33F7EE88 B21A824B157C6096 46CAE83950D9A66D 3F520F31C1E89337 CECCE5FBB20D91B4 CECE6EC0D1C4F636 0ECC8C2E93652446 991D5C0EBA481E1A 9CA5E5CBA4E8A6B3 A30B955D83E308B3 F51273B33D6BD2FE 1055F2917A2711E3 2C9D09D281636347 688F251E2376AA24 F425F3785853FF6C 68169137EA09DB32 0E7B2ACE7E28D472 8E8A2F01C3EB2855 F8F9143392D10F1F FAE43BFD1A277297 F52836C43A9D2EB3 728FF595A625C446 2A6FA5EF886489E9 230F7857721131A2 27E87FF540511F17 FD673DB3D3B856AC = 1D98E730BB33EE98 7DFD7EABF5C3F24C BC1B6040AF158C43 EB358ABAB2ECE312 367DCF2C7FC6C854 36811A2B5B9B71C8 907F21B77D3C797B C3DFA06F077F8531 C31E2A8641E85A6A 5820ECC4D6A33176 620653D59C1E3B3A = 1512912307D43B7D 7449877B128D6E68 Appendix D KEY ( KEY( KEY( KEY( KEY( KEY ( KEY ( KEY( KEY ( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY( KEY( KEY( KEY ( KEY( KEY ( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY ( KEY( KEY( KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY( KEY( KEY( KEY( 218) 219) 229) 221) 222) 223) 224) 225) 226) 227) 228) 229) 230) 231) 232) 233) 234) 235) 236) 237) 238) 239) 240) 241) 242) 243) 244) 245) 246) 247) 248) 249) 250) 251) 252) 253) 254) 255) 256) 257) 258) 259) 260) 261) 262) 263) 264) 265) 266) 267) 268) 269) 279) 271) 272) = = = = 76C8F773D9E5FD9D 686DB57CCB79B5F8 2A7543385EEF49B5 9B6B4A0292FB6E3B 80750762E67613EA 7954C8C19ED9C891 646EE02AE9AD4A75 7F5429376407378A F491D93185EC4FFB 32BAIF8A0BCD9E92 2385A89885831AD5 B929F7917516B540 AEC4837AABAE19D6 DCFB8CIA20154916 9E61D5383B2008EF 9D89BAE376FBA7D3 E0236EIAAIEFD90D 319B4334A229198A FDFE7AF2D36E683E 97319D26F87F4FE5 F410FIB320583425 372392EC4A6BEFEF 405DD33D94252A5D 73D0BC8979E59132 2A986E91E9C16E61 5ED973C794D0313D 52572F854C348CEF 5BADC7C2854613EC 253B1064F4EF9BB6 A72AB6D63D922F91 CE9467CEICE0F44F AEDF0l9125CE3852 D364D9D5587C3794 299E8CD91C94AEC2 DFB3BCBAF4C852C2 CIB97A62F489D97F 851615073DIFDCCE B552AB8925B552A7 94949B86B5E91589 D9E3CB1589FBA889 FD58D5A7586D32EC 2C491A4F6857B0C4 942A4C54F183E319 1625E38F343B3B0B 942937D68F7C9813 585D64E5A41634D0 D9C49BIF021361Al 016B8A61EAD0F220 4F75975EFB83629E 918AA4E6CD85514A 45468AE6ABB99D92 4FAE9EC16DDF5891 C26E6B43A792B385 F82397AB3473C2C4 EA94EF94169BA76E DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( 152 218) 219) 220) 221) 222) 223) 224) 225) 226) 227) 228) 229) 230) 231) 232) 233) 234 ) 235) 236) 237) 238) 239) 240) 241) 242) 243) 244) 245) 246) 247) 248) 249) 250) 251) 252) 253) 254) 255) 256) 257) 258) 259) 260) 261) 262) 263) 264) 265) 266) 267) 268) 269) 279) 271) 272) 398DC9D55A297705 = 19B32CBEBCE9223D 9374E66C4BED559D = CB18D8B36F0FA990 57C32D3F732E5981 = 61B8FF52C66CIE5E BCBA709F07F3666A A926398B32227D7F 7E36C7184AAA8316 095299BF4EEDE25B FC9CEF4EC9519AAD 87799D1264E5997D 86BE9818D8D73595 72040AE5D007AD54 750EFEA52AD57666 80B27F2850C114C0 C5696D324621A59C 9A69B18E9C79EA91 DFC23F2C37A23F42 06976B9E2FE26FB3 ACEABD6A0F45ED8D 765A945DBB8D7CAI F4B9A9FD827BD835 473A2ECD2361EBD4 94864ECC36512772 DFE254163E4A8A3B = 020A4BF31DBIDC52 8728405B82A02D7E 91DE63A81C31BE66 E329179E3DEAD31B 478471F4702193D2 D81896BC09F2DAD9 DB01C717A6ABC0C8 ID868151504AB4C5 lC2DC142E6019D7D 255FC314E71796BB AB8A3EF50853B151 AIDFDA861DF8100F 3D08892CCIE63497 7CFE0497DB7530C4 E726184715160E4D 2783EE784B3DDA62 3D636CICDDDFF904 9AIB2B8B49A5192D 02AE62E5DDA6523C 4AID0947EFFE29F6 DD30D58F355EF42C E304520CCA141EE6 48E798E362CF23A6 B948E19456F7E55D = lEB842899BC665EB 167C943457448E6C BE2479A9A3DAD69B 6336E6EE66B99642 77B4C9B7A8187F59 Appendix D KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY ( KEY ( KEY ( KEY ( KEY( KEY ( KEY ( KEY ( KEY( KEY ( KEY( KEY ( KEY ( KEY ( KEY( KEY( KEY( KEY ( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY( KEY( KEY( KEY( KEY( KEY ( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY( KEY( 273) 274) 275) 276) 277) 278) 279 ) 280) 281) 282) 283) 284) 285) 286) 287) 288) 289 ) 290) 291) 292) 293) 294) 295) 296) 297) 298) 299) 300) 301) 302) 303) 304) 305) 306) 307) 308) 309) 310) 311) 312) 313) 314) 315) 316) 317) 318) 319) 320) 321) 322) 323) 324) 325) 326) 327) 7A86Cl10B5CD23F4 FE43FD7C80A43731 CD7CBF0EA4C210CE 3EE60479D575086B 7C5204FEB0FB0710 5E8F155BA8A2ABC1 BA9210E3E96186CB 67A1F47CC83B1CA1 23624983DCFD85CB 49A2A8373D10C446 31CB9407F1C8A8E3 37B35B163D158A73 989DE69BCD73E6C7 9E3EE3372A138A97 4F1007C145F4CBF1 FE2957B56E2A57C7 DAB976B0EAADC7A1 EC37EAF89B611C92 ADC76B688A1C9443 1626167FE39BEA40 A183D90DCE9B8062 26BAD0AD864994AE C7E985754A83FB1C 1F519140FBEF8AF7 6E7086CBBCA19829 155BEA157604074F E99E5897F149C485 E9D5A8DF689B9D0D DFF1084034794945 BABAB06B2F2986E3 455BBF641CFD4A5D AD541F3232F4079B 9DFE29E51F430E83 73EF2A856DB5BA5D DFA4 23E3B91CA4A4 1658C43BF10B8A94 7938D076158673CB D6CBDA5EADBFB025 CDF43B51ADD043D3 7A02D01CE6132A58 E37A98136D08BC38 E62 6 34F8D589 92A 7 DCE6EC32DC31ADA8 1C80CB681A26CD6B 29D67FC798856804 FE7A1A3298A13DEA 9768C71ACBC72FA8 A137A8F770FD76A8 401A1551CD854383 865E7CEF2ADC6BBC 8FB05D322602F1B9 575E76A11CAD254C C22FEA1ABC85B60D B6E5B5FD80460746 6E157AB62F08166E DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( 153 273) 274) 275) 276) 277) 278) 279) 280) 281) 282) 283) 284) 285) 286) 287) 288) 289) 290) 291) 292) 293) 294 ) 295) 296) 297) 298) 299) 300) 301) 302) 303) 304) 305) 306) 307) 308) 309) 310) 311) 312) 313) 314) 315) 316) 317 ) 318) 319) 320) 321) 322) 323) 324) 325) 326) 327) 62093068EBBAD9DC B695948CB58FDB34 5746E10BE003B0C6 BC351F7FDF599619 5A4AAD9E0C705137 E532862BE2C93207 9F7E8DF79E5ABBC6 6762FD1C198DD070 8AC7FEB1l2D2C89B E556340D2607D221 79F3121E1C57C0BF 0B68E7F2DC60937F D0F7E382E3427329 5B8094D8A6EB8364 BA215A97B5A24FD3 6E07F51B761D848F 10020DD698EFCB1D D86CAEC881F8058D F1FEAl1421C3255B 7D4C4B3DA933E9F7 993E29D1570F656C 4DCFA7997190511A 27A65E1556FAD8AD 91798BBD3428F192 29BE686B78E19D13 A375D2077A40E52C E165E74B60E9D0F1 E57B95BC18A6Al14 0E92A3B1E30D1793 3DBF573A415650EA 8B85F05C74087F1D C3F1B903EAE22BE4 EBF5D593E0DEE457 08EFCCDD78EBC1D6 22EE7DA4A47D14C4 F19417EEF5577301 A3E3B4D7FCBCCA7A D8C6A163C3F8632C 88D60BA668F84A9D 7DE0D6024410F097 9B02F91CB56FC6EF D856700C09777605 AADF07DC34AEA3F2 519F214 3BD45 325D 284A2756F05D6EBE C4E646E854335698 35C4C390F46BCA9A EE1418955988B4BD F297A55B06BDEC57 BAB2CAAB7F0FD816 E67B4663820B3D8A FCF121962D2EEE6C 4A7951D248A8BCD1 E51B08274D8A66A8 2A5463F7DE58FB3B Appendix D KEY ( KEY( KEY ( KEY( KEY( KEY( KEY ( KEY ( KEY ( KEY ( KEY ( KEY( KEY ( KEY( KEY( KEY ( KEY( KEY ( KEY ( KEY( KEY ( KEY( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY( KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY( KEY( KEY( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( KEY ( 328) 329) 330) 331) 332) 333) 334) 335) 336) 337) 338) 339) 340) 341) 342) 343) 344) 345) 346) 347) 348) 349) 350) 351) 352) 353) 354) 355) 356) 357) 358) 359) 360) 361) 362) 363) 364) 365) 366) 367) 368) 369) 370) 371) 372) 373) 374) 375) 376) 377) 378) 379) 380) 381) 382) 6152A743B5CE7337 38971FD3645DEA97 5E971A5D75B5D6FE 58F4511AA1DC529D 9B455DDCC1458C40 BF83A2642A9EBABC C883F2A7A8DAB604 1CD34C626BC7C2AB 75B51C3BE5C85B7C 4A574AE6CB837380 46BCFEEAFB54A480 6D196473F2018A97 91C78C807915FE5B 832698F876D9A167 38D96B13B9CDBAA2 4C86625289074C1C 62A1FB2A08160DBC DC9ECBAE10466779 92F8B573B0A825BF 73E579737A01E580 01BA617 6089 213 4 5 8A574C5D8A197067 FE400BB3AB5EBFD5 64EF25FD58A15185 6D2F4FBCE9805440 DFB03BAE04295EF4 A46707DFF285B3FD 16EAE3686B9EA238 4CBFBC91A758EA75 7532BCCB3E0E9E13 67B5CECE40808520 1A5454E6B94A6425 4F91CE625DA10792 BABA674C807C3B3E 648AE5B08F860804 0283C4DF1A57BAA7 D943757CFE1AA445 C1AB58E01AEF7089 7338D01A9D0D7562 83C8041CE020A8E5 9115F889F2BFE0BA 571C01436E68CD29 43437C31970E1AF1 92C1AE4326314A6E F4894629A40DBCFB A4C8FDF298F4382A 6E5231EA7CA20BC2 757613E99BDC5BAD 080D75944A86A876 4CBFC42A6B026EA7 5143AE073D8ADCB5 86E00E1543108A49 E53ED9C2B631C70B 7FD61F3B1070A1D5 2F98B5924364978A DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA( DATA ( DATA( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( 154 328) 329) 330) 331) 332) 333) 334) 335) 336) 337) 338) 339) 340) 341) 342) 343) 344) 345) 346) 347) 348) 349) 350) 351) 352) 353) 354) 355) 356) 357) 358) 359) 360) 361) 362) 363) 364) 365) 366) 367) 368) 369) 370) 371) 372) 373) 374) 375) 376) 377) 378) 379) 380) 381) 382) CA2740CEAB9FD243 3E12F40F53FD97A8 3314157B27FE886C C45DA83F3867FCA2 E009E0BE4BF045A1 BAD9B8A6D2646632 7379D06752FCD161 223E612E8F7CF09F 0C166A5CB8C21C0C FED19F785A5B46A6 A8FF821640BA1A27 2614631CB6301859 B476D87AC727F69B FCC0D2C25D746947 D6FAF1F46C33C51C 49Cl169172F9B9C8 B2F1A13FF25BBA05 3EDDFB3E0FF3D34E 78EA7688E6C4D128 605EF6CAD8EE2C06 95D2039A13D2E688 029FE7ADA291A861 6B6B7FA804AB62C6 CBD52B393D04A27A 3D79EF2EBB226654 5D86923988CDDFD6 146FAECE771F0EEE 4B6F29540693E99D 8782B09EF09767D3 D978892B04C803BA D783A15F95F60CE4 47B6D56768E56CC8 2B9A3E9645E4AF1E 050E700748723FEA E94825AA1605A1AC AB71BA670509E0BC CE8AA4C3D363BFF1 2B9E8E4 E8671D468 7F010D3D11C13A08 E98CBE8D367D36F7 E36DD26D12D27FCC 62EDA377B9DA2589 90E5CFC245A878DE 294FF405C824665B 9F4EB55EC8F3F30A A44BC9D454418FAE 0A93CE7BCFBC8455 B7523D8B2FEF331A 02F4403D86D5ADD1 3Fl19 54 EC2848 277 A01A1A977EAAA109 0881CEACA47E7661 D98449A36BC04DB4 7AFA04C6C0537859 BBA514DD4D189133 Appendix D KEY ( KEY( KEY( KEY ( KEY( KEY ( KEY( KEY ( KEY ( KEY ( KEY( KEY ( KEY( KEY ( KEY ( KEY ( KEY( KEY ( 383) 384) 385) 386) 387) 388) 389) 390) 391) 392) 393) 394) 395) 396) 397) 398) 399) 4(0) 2A6DD3F7BAB69186 4954BAF85489AB8A CE980EAD1513947A 6258FB15F83D9868 B5A86D2585F8492A 8AFB299EADB6526E B9494683F1518FB5 4A265ECB041CD383 83EF834998C49D6B A1F213989B76E976 FB38D60E5401CBM 6468BAFDEAB5E989 D0CB8538F49D9E9D C74989A831D6B69B E6F8CEC8D0C7F12F B361FE800D623B3E 045B6758A89B5732 FB8929CE83A2737C DATA ( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( DATA( DATA ( DATA ( DATA ( DATA ( DATA ( 155 383) 384) 385) 386) 387) 388) 389) 390) 391) 392) 393) 394) 395 ) 396) 397) 398 ) 399) 4(0) 50F0M 8 49AE8 20 24 449016A145CA83BE 9E04B063661AD974 1030770076332729 22161BA03E98801D 8A3BC96A9163DA27 792E72347FA526CC 7AEFB5211B40A208 DBF80F308DE9B048 6A082DFCCDDFEEE3 0CE92FD8EC40EF4D 21CBA8759C1CCA05 2138MF6C106E236 98C45E19F6D6FF31 5CDB0A695686139E 06E0D9924B7060DD 648920D62CC02BFF 404CB50060AE6C04 Appendix E APPENDIX E. Timing Diagrams . _ .. Efo MFLG SFLG MFLG SFLG j(INPI.1T PORn j(OUTPUT PORT) CONTROL AND STATUS SIGNALS (DIRECT CONTROL MODE) M'''0)===X~~~--0$~ Mfliw MR!W MASTER PORT, MULTIPLEXED CONTROL MODE READ/WRITE 156 Appendix E eLK 5.:}- 52 :J- '------_----+--------I_ MFLG SFLG I Mes ses I MRiW WRITE DATA ...lL.->L...JL...>L...;IL...lIL...ll'-" ~~~~-----------------------< ----------------------------f---"""'-------~r-----T"T-------- X X 54 006188-8 MASTER (SLAVE) PORT READ/WRITE eLK AUX 66} ~. -ii--------------l ,....---- ------006188-9 AUXILIARY-PORT KEY ENTRY 157 Appendix F APPENDIX F. Literature (1) Federal Information Processing Standards Publication 81 DES MODES OF OPERATION Standards Information Office Institute for Computer Sciences and Technology National Bureau of Standards Washington, D.C. 20234 (2) NBS Special Publication 500-20 VALIDATING THE CORRECTNESS OF HARDWARE THE NBS DATA ENCRYPTION STANDARD IMPLEMENTATIONS National Bureau of Standards U. S. Department of Commerce Washington, D.C. 20234 (3) Federal Information Processing Standards Publication 46 DATA ENCRYPTION STANDARD National Bureau of Standards (4) Product Specifications: 8086/8086-1/8086-2 AmZ8068 Am95l8 Am9568 AMD 20-pin PAL Family Advanced Micro Devices, Inc. 901 Thompson Place Sunnyvale, CA 94086 (5) iSBX BUS SPECIFICATION Manual Order Number: 142686-002 INTEL Corporation 3065 Bowers Avenue Santa Clara, CA 95051 158 OF ADVANCED MICRO DEVICES, INC. 901 Thompson Place p. 0. Box 3453 Sunnyvale, California 94088 (408) 732-2400 TWX: 910-339-9280 TELEX: 34-6306 TOLL FREE (800) 538-8450 04862A I M-CPI-5 M-9/84-'1
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.3 Linearized : No XMP Toolkit : Adobe XMP Core 4.2.1-c043 52.372728, 2009/01/18-15:56:37 Create Date : 2014:07:16 14:36:21-08:00 Modify Date : 2014:07:16 13:54:37-07:00 Metadata Date : 2014:07:16 13:54:37-07:00 Producer : Adobe Acrobat 9.55 Paper Capture Plug-in Format : application/pdf Document ID : uuid:53000636-e271-5949-b752-af1d31676ab1 Instance ID : uuid:33a97bb3-2c8c-c245-8630-5ecc83cd2376 Page Layout : SinglePage Page Mode : UseNone Page Count : 160EXIF Metadata provided by EXIF.tools