View 5802-DS00-R_9032830.PDF datasheet online --- IC-ON-LINE

Datasheet File OCR Text:

production specification bcm5802 5802-ds03-405-r 16215 alton parkway ? p.o. box 57013 irvine, california 92619-7013 phone: 949-450-8700 fax: 949-450-8710 07/03/02 single-chip security processor general description features the bcm5802 security processor provides industry- standard ietf ipsec encryption and authentication acceleration as well as ike/ssl/tls key setup acceleration. engine throughput is over 150 mbps with 3des strong encryption and md5/sha1 authentication enabled. sustained in-system performance with all features enabled ranges up to 100 mbps for crypto/ authentication acceleration and 30 1024-bit diffie-hellman (180-bit exponent) key setups per second. the bcm5802 is ideal for cost-sensitive devices, including cable modem access systems, xdsl a ccess systems, t1/t3 line security, and 10/100 mbps ethernet interfaces. the bcm5802 includes a built-in pci 2.2 compliant interface for easy hardware interfacing. it requires zero external support components, enabling tremendous system cost savings, and it features a streamlined high- performance programming model for easy software integration. ? high-performance, low-cost security processor integrating full ipsec acceleration supports des, 3des, hmac-sha1 and hmac-md5 100 mbps ipsec (3des, sha1) in-system performance, with new security association (sa) per packet unlimited sa support via system memory extensive hardware support for ike/ssl/tls key setup acceleration public key acceleration unit supports over 30 diffie-hellman key exchanges per second compatible with ssh ipsec and ike software true hardware random number generator supports multi-packet processing and pre-fetch of packet data and context aggressive pre-fetch dma allows multi-packet, multi- threaded, dma processing with single pci writes full performance maintained independent of any reasonable pci latency pci 2.2 interface, 32-bit, 33 mhz low-power 3.3v design in 0.35 cmos technology 144-pin dqfp package functional block diagram pci master/slave interface 32-bit 25-33 mhz master controller (dma, sequencing) public key acceleration 3des/des encryption sha-1/md5 authentication true random number generator current context prefetch context buffer pci bus
broadcom corporation p.o. box 57013 16215 alton parkway irvine, california 92619-7013 ? 2002 by broadcom corporation all rights reserved printed in the u.s.a. broadcom ? , the pulse logo ? , and qamlink ? are registered trademarks of broadcom corporation and/or its subsidiaries in the united states and certain other countries. all other trademarks are the property of their respective owners. this data sheet (including, without limitation, the broadcom component(s) identified herein) is not designed, intended, or certified for use in any military, nuclear, medical, mass tran sportation, aviation, navigations, pollution control, hazardous substances management, or other high risk application. broadcom provides this data sheet "as-is", without warranty of any kind. broadcom disclaims a ll warranties, expressed and implied, including, without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. r evision h istory revision # date change description 5802-DS00-R 09-25-00 initial release. 5802-ds01-r 11-15-00 added lead pitch and lead width dimensions to package dimensions table. 5802-ds02-r 07-27-01 made text changes in ?pin definitions? table. made text changes in ?overview of software interface.? added two new bullets under ?invalid encryption/authentication operations.? updated ?pci configuration registers? table. updated ?dma control and status registers? table. updated and added items under ?electrical and timing specifications? section. 5802-ds03-r 07-03-02 changed access for bits 24:23 in table 29 on page 37 .
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r page iii t able of c ontents section 1: functional description ...................................................................................... 1 overview ....................................................................................................................... ................................. 1 key features and statistics .................................................................................................... ....................... 1 streamlined hardware interface ................................................................................................. ............ 1 ietf ipsec compliant acceleration .............................................................................................. .......... 2 ietf ike ....................................................................................................................... .......................... 2 secure socket layer (ssl) v 3.0, transport layer security (tls) ........................................................ 2 streamlined, flexible software command and packet interface............................................................ 2 additional performance enhancing features ...................................................................................... ... 2 advanced testability features.................................................................................................. .............. 2 bcm5802 additional features to bcm5801 ........................................................................................... 3 optimal application areas ...................................................................................................... ........................ 3 processing overview ............................................................................................................ ......................... 3 section 2: hardware system interface and performance ................................................ 6 application examples ........................................................................................................... .......................... 6 hardware interface............................................................................................................. ............................ 7 support for both pci 3.3v and pci 5v signaling environments ..................................................... 7 latency tolerant design ........................................................................................................ .......... 7 support for pci clock rates from 25-33 mhz ................................................................................. 7 in-system performance analysis ................................................................................................. .................. 8 section 3: hardware signal definition table ..................................................................... 9 pinout diagram ................................................................................................................. ........................... 11 section 4: software programming model ........................................................................ 12 overview of software interface ................................................................................................. ................... 12 memory structures .............................................................................................................. ......................... 14 ipsec crypto/authentication processing data structure....................................................................... 14 ike/ssl/tls key setup processing data structure ............................................................................ 16 pictorial illustrations of memory structures................................................................................... ........ 19 ipsec esp and ah (bulk encryption and authentication) processing........................................... 19 key setup processing ........................................................................................................... ........ 22 alignment restrictions ......................................................................................................... ........................ 32
bcm5802 production specification 07/03/02 broadcom corporation page iv document 5802-ds03-405-r invalid encryption/authentication operations ................................................................................... ............33 bcm5802 registers..................................................................................................................... .................34 pci configuration registers .................................................................................................... ..............34 dma control and status registers............................................................................................... .........37 section 5: electrical a nd timing specifications ............................................................. 39 section 6: mechanical information .................................................................................. 40
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r page v l ist of f igures figure 1: packet processing overview ............................................................................................ .............. 4 figure 2: architecture concept.................................................................................................. ..................... 6 figure 3: pci ipsec accelerator board - architecture concept.................................................................... .. 7 figure 4: bcm5802 pin diagram ................................................................................................................. 11 figure 5: structures and linkages used to forward packet/key setup data to chip ................................. 13 figure 6: 144-pin dqfp package drawing.......................................................................................... ........ 40
bcm5802 production specification 07/03/02 broadcom corporation page vi document 5802-ds03-405-r
bcm5802 production specification 07/03/02 broadcom corporation page vii document 5802-ds03-405-r l ist of t ables table 1: bcm5802 key features and statistics................................................................................................ 1 table 2: performance table (mbits/second) ....................................................................................... .............. 8 table 3: pci interface pin definitions.......................................................................................... ...................... 9 table 4: data buffer chain entries.............................................................................................. ....................19 table 5: master command record .................................................................................................. ...............20 table 6: packet context buffer.................................................................................................. ......................21 table 7: data buffer chain entries.............................................................................................. ....................22 table 8: master command record .................................................................................................. ...............23 table 9: diffie-hellman public key generation (x = g x mod n) command context .......................................24 table 10: diffie-hellman shared secret generation (k=y x mod n) command context...................................24 table 11: rsa public key command context ........................................................................................ ..........25 table 12: rsa private key command context....................................................................................... ..........25 table 13: dsa signing command context ........................................................................................... ............26 table 14: dsa verification command context ...................................................................................... ...........27 table 15: rng direct test command context ....................................................................................... ..........27 table 16: rng-sha1 test command context ......................................................................................... ........27 table 17: modadd command context (c = (a+b) mod n) .............................................................................. .28 table 18: modsub command context (c = (a-b) mod n) .............................................................................. ..28 table 19: modmul command context (c = a*b mod n) ................................................................................ ...28 table 20: modrem command context (c = m mod n) .................................................................................. ..29 table 21: modexp command context (c = m e mod n)....................................................................................29 table 22: modinv command context (c = m -1 mod n = m n-2 mod n) .............................................................29 table 23: mcr input/output data buffer chaining ................................................................................. ..........31 table 24: memory-resident data alignment requirements in ipsec crypto/authentication operations .........32 table 25: memory-resident data alignment requirements in dh/rsa/dsa operations................................32 table 26: pci 2.2-compliant configuration space registers ....................................................................... ....34 table 27: pci configuration registers ........................................................................................... ...................35 table 28: pci memory bar0 space dma registers................................................................................... .....37 table 29: dma control and status registers...................................................................................... ..............37 table 30: electrical and timing specifications .................................................................................. ................39 table 31: pci pin dc specifications ............................................................................................. ....................39 table 32: 144-pin dqfp package dimensions ....................................................................................... .........41
bcm5802 production specification 07/03/02 broadcom corporation page viii document 5802-ds03-405-r
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r functional description page 1 section 1: functional description o verview this document describes the bcm5802 security processor. the bcm5802 provides high-performance, low-cost ipsec/ike/ ssl/tls security. the device is especia lly attractive for high-volume, cost-sensitive access products and telecommuter solutions running over xdsl, cable modem, t1 line, t3 line, and 10/100 mb ethernet interfaces. k ey f eatures and s tatistics the feature set of the bcm5802 is optimized to enable cryptographic acceleration for protocols such as ipsec and ike/ ssl/tls acceleration. high in-system performance, low system cost and ease of software development are key goals of the bcm5802 . the following table lists the key features and statistics of the bcm5802 . s treamlined h ardware i nterface direct connect to 32-bit pci 2.2 bus running at 25-33 mhz, 3.3v, or 5v pci zero external components: no external memory, no clock chips/oscillators, no eeprom ideally suited for a shared pci bus: latency-tolerant design, programmable burst size table 1: bcm5802 key features and statistics supply 3.3v supply, 3.3v-driven, and 5v-tolerant i/o. engine throughput, 3des + md5/sha1 >150 mbps, all features on. system throughput, 3des+md5/sha1 100 mbps. system throughput, dh (1024b mod, 180b exp) 30 key setup/s. system throughput, dsa (1024b public key, 160b private key) 50 signing/s and 25 verification/s. system throughput, 1024-bit rsa 20 private key operation/s. external memory usage no additional memory required. external clock supply no additional clock required. the chip is driven by pci clock. external bus pci 2.2, 25-33 mhz, 32-bit, 3.3v, and 5v. package 144-pin dqfp. technology 0.35 m, 5lm standard-cell logic process.
bcm5802 production specification 07/03/02 broadcom corporation page 2 key features and statistics document 5802-ds03-405-r ietf ip sec c ompliant a cceleration 3des cbc encryption and decryption in accordance with fips 46-3 and fips 81. hmac-md5-96 and hmac-sha1-96 authentication in accordance with rfc2403, rfc2404 and fips 180-1. automatic generation of md5/sha1 padding. single-pass encryption and authentication via pipelined application of algorithms over payload in accordance with rfc2402 and rfc2406. automatic sequencing of encryption and authentication: encrypt first for outbound packets, authenticate first for inbound packets in accordance with rfc2401. ietf ike 768-bit and 1024-bit diffie-hellman key generations for ike handshake according to rfc2409 512-bit, 768-bit and 1024-bit rsa signing and verification for ike handshake 1024-bit dsa signing and verification for ike handshake according to fips 186-2 true random number generation for ike keys using on-chip random number generator s ecure s ocket l ayer (ssl) v 3.0, t ransport l ayer s ecurity (tls) 512-bit, 768-bit, and 1024-bit rsa public key and private key processing 512-bit, 768-bit, and 1024-bit diffe-hellman session key generation des and triple-des bulk encryption capability 1024-bit dsa signing and verification hmac-md5/sha1 bulk authentication according to rfc2104 s treamlined , f lexible s oftware c ommand and p acket i nterface flexible command interface allows exchange of multiple packets or public key setups with one pci write zero latency command buffer switching via double-buffered master command register support for big and little endian environments host cpu intervention not required between packets or between key setups intelligent, autonomous dma descriptor based interface to minimize software load scatter/gather support to eliminate packet data or key setup data copying ? handles fragmented data directly support for any number of ipsec security association contexts, limited only by system memory a dditional p erformance e nhancing f eatures latency-tolerant design optimized for shared pci bus environments. the bcm5802 leverages pci burst mode access capability, up to a maximal burst size of 64 bytes. aggressive pre-fetch of command and packet data. full performance is maintained independent of any reasonable pci latency. a dvanced t estability f eatures 100% testability of on-chip ram cells via bist circuitry jtag boundary scan for board-level testing
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r optimal application areas page 3 bcm5802 a dditional f eatures to bcm5801 the bcm5802 adds a number of features as compared to the bcm5801. the notable additional features are: diffie-hellman, rsa, and dsa key setup execution unit to accelerate the public key operations. true random number generator (rng) functional unit to g enerate secure private keys for diffie-hellman key exchanges and dsa signatures. 1024-bit register files to hold the large public key data. the bcm5802 is completely pin and register compatible with bcm5801, and is completely backwards register compatible with the bcm5801. o ptimal a pplication a reas the bcm5802 enables high-speed security support for a variety of cost-sensitive applications and markets, including no compromise vpn support, secure telecommuting and remote access. specific applications areas are as follows: secure telecommuting and soho access devices based on cable or xdsl modem secure enterprise t1 and t3 access devices secure lan access devices pc-based vpn accelerator boards p rocessing o verview the bcm5802 security processor manages ipsec packets in the following stages: 1 fetch command context and data via descriptors. 2 if packet is inbound, authenticate then decrypt in pipelined fashion. 3 if packet is outbound, encrypt then authenticate in pipelined fashion. 4 write (via descriptors) output data and authentication codes if applicable. the command, data descriptor, packet data and context data fetch phases are completely overlapped with engine processing. output packet data writeback is completely overlapped as well.
bcm5802 production specification 07/03/02 broadcom corporation page 4 processing overview document 5802-ds03-405-r the following figure illustrates a high-level view of the bcm5802 packet processing. the bcm5802 provides ssl/tls key exchange using rsa in the following stages: 1 fetch command context, including keys and message through dma. 2 if the required operation is private key decryption, use the private key rsa algorithm with pre-computed components generated using the chinese remainder theorem. 3 if the required operation is public key encryption, use the public rsa algorithm. 4 write the decrypted/encrypted message to the output buffer. the bcm5802 generates keys using the diffie-hellman algorithm for ike handshake in the following stages: 1 fetch command context and message through dma. 2 if the required operation is to generate a message to another party (g x mod n), generate a random number from the random number generator unit on the chip and then pe rform the modular exponentiation with the generated random number as the exponent on the chip. 3 if the required operation is to generate the shared key from the message received (y x mod n), perform the modular exponentiation with a previously generated random number on the chip. the random number is a part of the command context through dma. 4 write the output including the generated random number to the output buffer. note multiple sets of input packets can be specified via a single command descriptor (single pci write). figure 1: packet processing overview packet context header payload encrypt authenticate bcm5802 security processor bcm5802 security processor command buffer header payload hmac codes status
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r processing overview page 5 the bcm5802 performs authentication using the dsa algorithm for an ipsec session during ike handshake in the following stages: 1 fetch command context and message through dma. 2 if the required operation is to sign message, generate a random number and compute r and s values using sha-1 and key setup execution units. 3 if the required operation is to verify signature, compute v value using sha-1 and key setup execution units. 4 write the output to the output buffer.
bcm5802 production specification 07/03/02 broadcom corporation page 6 hardware system interface and performance document 5802-ds03-405-r section 2: hardware system interface and performance a pplication e xamples the bcm5802 is ideally suited for cost-sensitive applications such as vpn appliances, soho routers and appliances, and ipsec acceleration. the following figure illustrates a system architecture concept that integrates the bcm5802 as a vpn accelerator. this architecture allows wire-speed support of secure vpn for a minimal incremental system cost. figure 2: architecture concept wan interface wan interface bcm5802 security processor bcm5802 security processor pci bus cpu cpu bridge & dram controller bridge & dram controller dram dram lan interface lan interface
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r hardware interface page 7 the bcm5802 enables very low-cost pci-based cards that can accelerate ipsec processing up to t3 rate. the following figure shows the architecture of a bcm5802 -based accelerator card. the accelerator card also provides key setup acceleration on the chip as well as a hardware random number generator to generate secret keys. h ardware i nterface the only interface to the bcm5802 is a 32-bit pci 2.2-compliant bus and a clock input. the following sections describe the key features of the hardware interface. support for both pci 3.3v and pci 5v signaling environments single supply voltage of 3.3v 5%. because i/o pins for the bcm5802 are 5v tolerant, the bcm5802 can be used in both pci 3.3v and pci 5v environments. latency tolerant design descriptor for command as well as data buffers are pre-fetched to reduce the impact of pci arbitration and system latency upon overall performance. large burst sizes (up to a maximum of 64 bytes) are used when possible to fetch descriptor, command and packet payload data. command context data is pre-fetched. payload data is also pre-fetched and written back in posted fashion. support for pci clock rates from 25 - 33 mhz pci clock rates from 25-33 mhz are supported. in general, lower clock rates and higher pci system latencies have little impact on system performance, owing to aggressive data pre-fetch. figure 3: pci ipsec accelerator board - architecture concept cpu pci bus bridge memory pci mother board bcm5802 cryptographic processor bcm5802 cryptographic processor pci add-in card lan interface
bcm5802 production specification 07/03/02 broadcom corporation page 8 in-system performance analysis document 5802-ds03-405-r i n -s ystem p erformance a nalysis pci bus clock and latency have little effect on total bcm5802 system performance. this is because the chip aggressively pre-fetches and writes back descriptors, command buffers, co ntext parameters and packet data. this aggressive pre-fetch enables the chip to run encryption and authentication engines at their full potential despite system latencies. standard shared pci bus implementations that run at 20-33 mhz with per-access latencies in the range of 1 ms to 1.5 ms enable the bcm5802 to run at full speed. the chip core clock rate has a major impac t on performance. broadcom recommends that the bcm5802 be clocked at 33 mhz, which is the high end of the core clock frequency, in systems where maximal performance is desired. the chip core clock can be either directly copied from the pci clock for reduced system cost, or generated asynchronously via an external oscillator for maximal performance. the values shown in the following table indicate outbound packet mbps performance for 3des, hmac-sha1, with new the security association per packet. table 2: performance table (mbits/second) pci clock frequency packet sizes (bytes) 64 256 512 1024 2048 33 mhz 28 67 89 104 113
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r hardware signal definition table page 9 section 3: hardware signal definition table the bcm5802 is housed within a 144-pin dqfp package with a 28 mm x 28 mm body size. the pin definitions are shown in the following table. table 3: pci interface pin definitions name i/o pin # description ad[31] io 20 pci multiplexed address/data bus. ad[30] io 21 pci multiplexed address/data bus. ad[29] io 23 pci multiplexed address/data bus. ad[28] io 24 pci multiplexed address/data bus. ad[27] io 25 pci multiplexed address/data bus. ad[26] io 27 pci multiplexed address/data bus. ad[25] io 28 pci multiplexed address/data bus. ad[24] io 29 pci multiplexed address/data bus. ad[23] io 33 pci multiplexed address/data bus. ad[22] io 35 pci multiplexed address/data bus. ad[21] io 36 pci multiplexed address/data bus. ad[20] io 37 pci multiplexed address/data bus. ad[19] io 38 pci multiplexed address/data bus. ad[18] io 39 pci multiplexed address/data bus. ad[17] io 41 pci multiplexed address/data bus. ad[16] io 42 pci multiplexed address/data bus. ad[15] io 59 pci multiplexed address/data bus. ad[14] io 60 pci multiplexed address/data bus. ad[13] io 62 pci multiplexed address/data bus. ad[12] io 63 pci multiplexed address/data bus. ad[11] io 65 pci multiplexed address/data bus. ad[10] io 66 pci multiplexed address/data bus. ad[9] io 67 pci multiplexed address/data bus. ad[8] io 68 pci multiplexed address/data bus. ad[7] io 71 pci multiplexed address/data bus. ad[6] io 72 pci multiplexed address/data bus. ad[5] io 73 pci multiplexed address/data bus. ad[4] io 75 pci multiplexed address/data bus. ad[3] io 76 pci multiplexed address/data bus. ad[2] io 77 pci multiplexed address/data bus. ad[1] io 79 pci multiplexed address/data bus.
bcm5802 production specification 07/03/02 broadcom corporation page 10 hardware signal definition table document 5802-ds03-405-r ad[0] io 80 pci multiplexed address/data bus. pci_clk i 8 pci clock, 25-33 mhz. gnt# i 17 pci bus grant allowing the chip to use the bus. frame# io 45 pci frame, indicates the beginning and duration of a master transfer. irdy# io 46 pci initiator ready. trdy# io 47 pci target ready. devsel# io 49 pci device select, asserted by an access target. stop# io 50 pci stop, requesting that the current master stop an active transfer. perr# io 53 pci parity error. serr# io 54 pci system error, open drain. par io 55 pci parity. req# o 19 pci bus request. reset# i 16 pci reset, tri-states all pci outputs. int# o 15 pci interrupt output, open drain. idsel i 32 pci initialization device request, used for pci configuration cycles. cbe#[3] io 31 pci command/byte enable, provides pci bus command and data byte enables. cbe#[2] io 43 pci command/byte enable, provides pci bus command and data byte enables. cbe#[1] io 58 pci command/byte enable, provides pci bus command and data byte enables. cbe#[0] io 70 pci command/byte enable, provides pci bus command and data byte enables. vcc i 51 must be pulled up to vcc (pci lock_). vcc power pins, must be connected to a 3.3v source: 10, 18, 26, 40, 48, 57, 61, 74, 81, 90, 92, 93, 102, 103, 109, 110, 126, 127, 133, 134, 135, 143, 144. gnd ground pins: 5, 12, 14, 22, 30, 34, 44, 52, 56, 64, 69, 78, 84, 85, 89, 99, 100, 106, 107, 108, 116, 117, 118, 119, 122, 123, 136, 137, 139, 140. avcc1 i 94 analog vcc for 4x pll. connect to 3.3v. agnd1 i 98 analog ground for 4x pll. avcc2 i 9 analog vcc for deskew pll. connect to 3.3v. agnd2 i 7 analog ground for deskew pll. vio i 111 pci clamp voltage bias. connect to 3.3v for 3.3v signaling environments. connect to 5v for 5v signaling environments. export i 138 export pin (high = 56-bit encryption; low = strong encryption). internally pulled up. test i 1 test pin, internally pulled down, should be grounded for regular operation. when test is high, all outputs are tri-stated. trst# i 131 internally pulled up. should be connected to ground for normal operation. used for boundary scan jtag testing. tms i 120 test mode select for jtag boundary scan. internally pulled up. should be connected to vcc for normal operation. tck i 6 test mode clock for jtag boundary scan. internally pulled up. unused in normal operation; connect to either high or low static level. table 3: pci interface pin definitions name i/o pin # description
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r pinout diagram page 11 p inout d iagram the following figure shows the bcm5802 pin diagram. tdi i 13 test data in for jtag boundary scan. internally pulled up. unused in normal operation; connect to either high or low static level. tdo o 121 test data out for jtag boundary scan. unused in normal operation. rngosc i 113 optional random number generator oscillat or. internally grounded. it can be ex-ored with internal oscillator to provide random number source. don?t connect the pins used for product testability and not used by customers. leave them unconnected: 2, 3, 11, 82, 83, 86, 87, 91, 112, 114, 141. all other pins are no connects, and can be left floating or connected. figure 4: bcm5802 pin diagram table 3: pci interface pin definitions name i/o pin # description test(gnd) gnd tck agnd2 pci_clk avcc2 vcc nc gnd gnd int# reset# gnt# ad31 ad30 gnd ad28 vcc gnd cbe3# idsel ad25 ad16 cbe2# perr# serr# par gnd vcc gnd irdy# trdy# vcc devsel# stop# lock# gnd ad15 gnd gnd nc nc nc gnd nc vcc avcc1 nc nc agnd1 gnd gnd nc vcc vcc nc nc gnd gnd tms tdo gnd gnd nc vcc nc nc nc trst# nc vcc vcc gnd gnd gnd nc nc vcc 37 38 vcc ad13 ad12 ad11 ad10 ad9 ad8 gnd cbe0# ad7 gnd ad5 vcc ad4 ad3 ad2 nc ad1 ad0 vcc nc vcc vcc vio nc rngosc ad23 gnd ad22 ad21 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 vcc req# ad29 ad27 ad26 ad24 ad14 vcc nc gnd nc nc gnd gnd gnd gnd gnd export_pin nc vcc vcc vcc ad6 gnd cbe1# ad20 ad19 ad18 vcc ad17 frame# tdi vcc nc nc nc
bcm5802 production specification 07/03/02 broadcom corporation page 12 software programming model document 5802-ds03-405-r section 4: software programming model this section specifies the programming model of the bcm5802 , shows a sample software processing loop, and provides detailed descriptions of the on-chip registers. o verview of s oftware i nterface the major features of the bcm5802 software interface are as follows: autonomous chip operation via an intelligent, descriptor-based dma interface that minimizes the software processing load. avoid packet or key setup data copying under any condition. supports input packet fragmentation (at an ip level as well as in terms of memory allocation for packet data). input fragments can be of any size (down to 1 byte), and can be aligned on any byte boundary. supports output packet fragmentation (at an ip level as well as in terms of memory allocation for packet data). output fragment size can be controlled in one of two configurable ways: 1) through a length field with each output data descriptor, or 2) through a global output data buffer length field. this offers the flexibility of using a fixed output fragmen t size, or of setting fragment size on a per-packet basis . output fragments must be aligned on 32-bit word boundaries, and must be multiples of a 32-bit word in size. permits flexibility with respect to the granularity of communication between the cpu and the chip. the cpu can instruct the chip to process several packets or key setups via a single pci write. this allows the host cpu to select the degree of overlap between software and chip processing ? one packet or key setup, several packets or key setups, or a very large number of packets or key setups. permits different security processing to be applied to each and every packet or key setup, even though several packets or key setups may be part of a common master command structure. flexible support for all ipsec formats, including esp, ah and combinations with and without tunneling flexible support for ike, ssl, and tls protocols, including dh, rsa, and dsa algorithms the host cpu queues up any number of packets or key setups in system memory, and passes a pointer to a master command structure that identifies these packets or key setups to the chip. after the chip processes all the packets or key setups as specified, it then returns status to the cpu via a done flag per packet, and if enabled, via an interrupt upon global completion of all packets or all key setups within a master command structure. a processing context structure is associated with each packet/key setup that allows various packets/key setups to be processed differently even though they are all part of a common master command structure. in addition, data from each packet can be fragmented on input (gather function) and on output (scatter function) in the ipsec crypto/authentication operations. while there are no data buffer alignment constraints (such as byte alignment only), there are specific constraints upon command and context structure alignment as detailed under memory structures.
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r overview of software interface page 13 the following figure shows an overview of the various structures and linkages used to forward packet/key setup data to the chip. fields indicated by an @ sign correspond to pointers. the # pkt field in the master command structure allows up to 2 16 -1 packets to be queued up for processing (the high order 16 bits of this field are not used). the output fields within each entry in a master command buffer specify the start of a buffer chain into which output (encrypted or decrypted) data is written . the master command structure is a single point of communication between the host cpu and the chip. chip processing of any number of packets is initiated by writing the address of a master command structure to the on-chip master command address register (master command register 1). the chip signal s completion of processing by writing status information to the flags entry at the beginning of the master command structure and by posting an interrupt per master command structure (if enabled). figure 5: structures and linkages used to forward packet/key setup data to chip note the next@ field of the last output data buffer pointer is never used to access data for ipsec crypto/ authentication operations. this field instead contains the address of a buffer to which hmac information is written to or read from, if hmac processing is specified for a given packet. for hmac-md5, the entire 16 bytes of hash result is written to the buffer. for hmac-sha1, the entire 20 bytes of hash result is written to the buffer. for the ipsec hmac-96, the software must discard the last four bytes of the data for hmac- md5 and the last eight bytes of the data for hmac-sha1. flags, # pkt cmd @ input pkt @ input pkt next @ pkt len context buffer for packet #1 packet #1, data buf #1 packet #1, data buf #2 packet #1, output data buf #1 packet #1, output data buf #2 context buffer for packet #2 output pkt @ output pkt nxt@ output data len data @ next @ data @ next @ master cmd data len data len input data len input pkt @ cmd @ input pkt next@ packet #2, data buf #1 packet #1, hmac data
bcm5802 production specification 07/03/02 broadcom corporation page 14 memory structures document 5802-ds03-405-r for key setup operations, the same mcr structure is used as for ipsec crypto/authentication operations. the only difference is that chip processing of any number of key setups is init iated by writing the address of a master command structure to a different on-chip master command address register (master command register 2). both operations still share dma control register, status register, and error address register. m emory s tructures all structures used for communication between the cpu and the chip are defined by their .h pseudo-code c language representation. for ipsec crypto/authentication processing, the only ali gnment restriction placed upon all command and descriptor (not packet data) memory structures is that they must start on 32-bit (4-byte) boundaries. beyond that, aligning structures to their natural boundaries may increase performance in certain systems. ip sec c rypto /a uthentication p rocessing d ata s tructure ------------------------------------------------------------------------------------------ /* little endian command structures for ubsec chip */ typedef unsigned char u8; /* 8-bit data type */ typedef unsigned short u16; /* 16-bit data type */ /* data buffer chain entry */ typedef struct databufchain_struct { unsigned char *dataaddr; struct databufchain_struct *next; u16 datalength; u16 reserved; } databufchain; /* context buffer */ typedef struct pktctxbuf_struct { /* keys for 3des -- three keys of 8 bytes each (56 bits plus parity) */ uint cryptokeys[6]; /* * pre-computed hmac inner & outer state * (2x16b for md5, 2x20b for sha1). */ uint hmacinnerstate[5];//hmacinnerstate[0-3] for md5, hmacinnerstate[0-4] for sha1 uint hmacouterstate[5];//hmacouterstate[0-3] for md5, hmacouterstate[0-4] for sha1 /* * crypto iv (copied from payload if explicit, byte swapped if needed) */ uint computediv[2]; /* * processing control flags */ unsigned int reserved:12; /* reserved */ unsigned int auth:2; /* md5, sha1, none */ unsigned int inbound:1; /* inbound packet */ unsigned int crypto:1; /* 3des-cbc or none */ /* offset to skip authenticated but non-encrypted header words. goes to start of iv data. in units of 32-bit words */ u16 cryptooffset;
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r memory structures page 15 } pktctxbuf; /* master command record */ typedef struct mastercmd_struct { u16 numpkt; /* number of packets in this mcr*/ u16 flags; /* completion and error status from chip, per mcr */ /* flags[0] = 1 if processing of the mcr is finished 0 otherwise flags[1] = 1 if an error occurred 0 if no error occurred flags[7:2]: reserved flags[15:8] = error code if an error occurred (i.e. flags[1] == 1), undefined otherwise*/ /* following 5 fields occur once per packet in the mcr */ uint firstpktcmdaddr; databufchain firstpktdata; /* first descriptor for input packet data */ u16 reserved; /* includes per packet done status */ u16 pktlength; databufchain firstoutputdata; /* first descriptor for output packet data */ /* followed by as many sets of above 5 fields as there are packets in this mcr */ } mastercmd; ------------------------------------------------------------------------------------------ an implicit (pre-computed) iv is never used as part of the hmac computation ? even if specified. however, an explicit iv is always part of the authentication computation. further details regarding iv material handling follow the pictorial illustration of the packet context structure. the following is the data structure (.h file) for key setup processing.
bcm5802 production specification 07/03/02 broadcom corporation page 16 memory structures document 5802-ds03-405-r ike/ssl/tls k ey s etup p rocessing d ata s tructure ------------------------------------------------------------------------------------------ /* little endian command structures for ubsec chip */ typedef unsigned char u8; /* 8-bit data type */ typedef unsigned short u16; /* 16-bit data type */ typedef unsigned int u32; /* 32-bit data type */ /* data buffer chain entry */ typedef struct databufchain_struct { unsigned char *dataaddr; struct databufchain_struct *next; u16 datalength; u16 reserved; } databufchain; /* context buffer */ /* different algorithms have different command context buffers */ /*diffie-hellman send*/ typedef struct dh_send_ctxcmdbuf_struct { u16 total_command_structure_length; u16 operation_type; /* send mode for dh (0x1) */ u16 rng_enable; /* private key x generated by rng or provided by sw rng_enable = 0x0 -> x provided by sw rng_enable = 0x1 -> x generated by rng */ u16 private_key_length; /* private key x length in bits*/ u16 generator_length; /*generator g length in bits*/ u16 modulus_length; /* modulus n length in bits */ u32 n[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* modulus n */ u32 g[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* generator g */ /* private key is stored in the data buffer */ } dh_send_ctxcmdbuf; /*diffie-hellman receive*/ typedef struct dh_rec_ctxcmdbuf_struct { u16 total_command_structure_length; u16 operation_type; /* receive mode for dh (0x2) */ u16 exponent_length; /* exponent (private key x) length in bits */ u16 modulus_length; /* modulus n length in bits */ u32 n[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* modulus n */ } dh_rec_ctxcmdbuf; /*public key rsa*/ typedef struct pub_rsa_ctxcmdbuf_struct { u16 total_command_structure_length; u16 operation_type; /* public mode for rsa (0x3) */ u16 exponent_length; /* exponent e length in bits*/ u16 modulus_length; /* modulus n length in bits */ u32 n[modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* modulus n */ u32 e [exponent_length + 31)/32]; /* exponent e */ } pub_rsa_ctxcmdbuf: /*private key rsa*/ typedef struct pri_rsa_ctxcmdbuf_struct { u16 total_command_structure_length;
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r memory structures page 17 u16 operation_type; /* private mode for rsa (0x4) */ u16 q_length; /* prime q length in bits */ u16 p_length; /* prime p length in bits */ u32 p[max_length <= 256 ? 8 : max_length <= 384 ? 12 : 16]; /* prime p */ u32 q[max_length <= 256 ? 8 : max_length <= 384 ? 12 : 16]; /* prime q */ u32 dp[max_length <= 256 ? 8 : max_length <= 384 ? 12 : 16];/* crt private exponent dp */ u32 dp[max_length <= 256 ? 8 : max_length <= 384 ? 12 : 16];/* crt private exponent dq */ u32 pinv[max_length <= 256 ? 8 : max_length <= 384 ? 12 : 16]; /* crt coefficient */ } pri_rsa_ctxcmdbuf; where max_length = (p_length > q_length) ? p_length : q_length; /*dsa signing */ typedef struct dsa_sign_ctxcmdbuf_struct { u16 total_command_structure_length; u16 operation_type; /* signing mode for dsa (0x5) */ u16 sha1_enable; /* hash of message performed by sha1 unit or provided by sw sha1_enable = 0x0 -> hash provided by sw sha1_enable = 0x1 -> hash performed by sha1 unit */ u16 reserved; u16 rng_enable; /* random number k generated by rng or provided by sw rng_enable = 0x0 -> k provided by sw rng_enable = 0x1 -> k generated by rng */ u16 p_length; /* modulus p length in bits */ u32 q[5]; /* modulus q */ u32 p[(p_length <= 512)? 16 : (p_length <= 768)? 24 : 32]; /* modulus p */ u32 g[(p_length <= 512)? 16 : (p_length <= 768)? 24 : 32]; /* generator g */ u32 x[5]; /* private key x */ } dsa_sign_ctxcmdbuf; /*dsa verification */ typedef struct dsa_verify_ctxcmdbuf_struct { u16 total_command_structure_length; u16 operation_type; /* verification mode for dsa (0x6)*/ u16 sha1_enable; /* hash of message performed by sha1 unit or provided by sw sha1_enable = 0x0 -> hash provided by sw sha1_enable = 0x1 -> hash performed by sha1 unit */ u16 reserved; u16 reserved; u16 p_length; /* modulus p length in bits */ u32 q[5]; /* modulus q */ u32 p[(p_length <= 512)? 16 : (p_length <= 768)? 24 : 32]; /* modulus p */ u32 g[(p_length <= 512)? 16 : (p_length <= 768)? 24 : 32]; /* generator g */ u32 y[(p_length <= 512)? 16 : (p_length <= 768)? 24 : 32]; /* public key y */ } dsa_verify_ctxcmdbuf /* rng bypass */ typedef struct rng_bypass_ctxcmdbuf_struct { u16 total_command_structure_length; /* 64 bytes long as required by pci access */ u16 operation_type; /* bypass rng mode for rng (0x41) */ } rng_bypass_ctxcmdbuf /* rng sha1 */
bcm5802 production specification 07/03/02 broadcom corporation page 18 memory structures document 5802-ds03-405-r typedef struct rng_sha1_ctxcmdbuf_struct { u16 total_command_structure_length; /* 64 bytes long as required by pci access */ u16 operation_type; /* rng-sha1 modes for rng (0x42)*/ } rng_sha1_ctxcmdbuf /*modular addition atomic operation*/ typedef struct modadd_ctxcmdbuf_struct { u16 total_command_structure_length; u16 operation_type; /* modadd (0x43)*/ u16 reserved; u16 modulus_length; /* modulus n length in bits */ u32 n[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* modulus n */ } modadd_ctxcmdbuf; /*modular subtraction atomic operation*/ typedef struct modsub_ctxcmdbuf_struct { u16 total_command_structure_length; u16 operation_type; /* modsub (0x44) */ u16 reserved; u16 modulus_length; /* modulus n length in bits */ u32 n[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* modulus n */ } modsub_ctxcmdbuf; /*modular multiplication atomic operation*/ typedef struct modmul_ctxcmdbuf_struct { u16 total_command_structure_length; u16 operation_type; /* modmul (0x45) */ u16 reserved; u16 modulus_length; /* modulus n length in bits */ u32 n[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* modulus n */ } modmul_ctxcmdbuf; /*modular reduction atomic operation */ typedef struct modrem_ctxcmdbuf_struct { u16 total_command_structure_length; u16 operation_type; /* modrem (0x46) */ u16 message_length; /* message m length in bits */ u16 modulus_length; /* modulus n length in bits */ u32 n[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* modulus n */ } modrem_ctxcmdbuf; /*modular exponentiation atomic operation */ typedef struct modexp_ctxcmdbuf_struct { u16 total_command_structure_length; u16 operation_type; /* modexp (0x47) */ u16 exponent_length; /* exponent e length in bits */ u16 modulus_length; /* modulus n length in bits */ u32 n[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* modulus n */ } modexp_ctxcmdbuf; /*modular inverse atomic operation */ typedef struct modinv_ctxcmdbuf_struct { u16 total_command_structure_length;
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r memory structures page 19 u16 operation_type; /* modinv (0x48)*/ u16 reserved; u16 modulus_length; /* modulus n length in bits */ u32 n[(modulus_length <= 512)? 16 : (modulus_length <= 768)? 24 : 32]; /* modulus n */ u32 e[(modulus_length + 31)/32]; /* exponent (n-2) */ } modinv_ctxcmdbuf; /* master command record */ typedef struct mastercmd_struct { u16 numkeysetup; /* number of key setups in this mcr*/ u16 flags; /* completion/error status from chip, per mcr */ /* flags[0] = 1 if processing of the mcr is finished 0 otherwise flags[1] = 1 if an error occurred 0 if no error occurred flags[7:2]: reserved flags[15:8] = error code if an error occurred (i.e. flags[1] == 1), undefined otherwise */ /* * following 5 fields occur once per key setup in the mcr */ uint firstkeysetupcmdaddr; databufchain firstkeysetupdata; /* first descriptor for input key setup data */ u16 reserved; u16 dlength; /* total length of the input data for the first key setup */ databufchain firstoutputdata; /* first descriptor for output key setup data */ /* * followed by as many sets of above 5 fields as there * are key setups in this mcr */ } mastercmd; ------------------------------------------------------------------------------------------ p ictorial i llustrations of m emory s tructures the tables below illustrate memory-based structures used for cpu to chip communication. fields in quotes refer to structure names from the description on the previous pages. ipsec esp and ah (bulk encryption and authentication) processing data buffer chain entries. this structure is used to build up a linked list of data buffers for every input and output packet. each entry in the linked list points at a data buffer that contains actual packet data, a next field that points to the next descriptor entry in the linked list, and a length field that contains the number of bytes stored in the data buffer. table 4: data buffer chain entries msb lsb 313029282726252423222120191817161514131211109876543210 data buffer address dataaddr next entry in linked list of data buffers next reserved data buffer length datalen
bcm5802 production specification 07/03/02 broadcom corporation page 20 memory structures document 5802-ds03-405-r master command record. this structure is used to hand off a number of packets to the chip for processing. the structure is variable-length, and contains up to 2 16 -1 sets of fields where each field describes one packet. this degree of flexibility allows the host cpu to queue up any number of packets, and to initiate hardware processing of all queued up packets via a single pci write. table 5: master command record msb lsb 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 flags # packets in this mcr command context address for 1 st packet firstpktcmdaddr data buffer address dataaddr for 1 st packet next entry in linked list of data buffers for 1 st packet next reserved data buffer length datalen 1 st pkt length for 1 st packet pktlength reserved output buffer address dataaddr for 1 st packet next entry in linked list of output buffers for 1 st packet next reserved output buffer length datalen 1 st pkt command context address for 2 nd to n th packet pktcmdaddr data buffer address dataaddr for 2 nd to n th packet next entry in linked list of data buffers for 2 nd to n th packet next reserved data buffer length datalen 2-n th pkt length for 2-n th packet pktlength reserved output buffer address dataaddr for 2-n th packet next entry in linked list of output buffers for 2-n th packet next reserved output buf length datalen 2-n th pkt
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r memory structures page 21 packet context buffer. this structure defines ipsec crypto and authentication processing to be applied on a per packet basis. table 6: packet context buffer the crypto bit must be 0 for no crypto, or 1 for 3des-cbc. des modes are generated by setting three consecutive 3des keys to be equal. the authentication value must be set as follows: msb lsb 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 1 5 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 crypto 3des keying material, (24 bytes, high word of k1) crypto 3des keying material (24 bytes, low word of k1) crypto 3des keying material (high word of k2) crypto 3des keying material (low word of k2) crypto 3des keying material (high word of k3) crypto 3des keying material (low word of k3) hmac hash inner state (high word) hmacinnerstate hmac hash inner state hmac hash inner state hmac hash inner state (low word for md5) hmac hash inner state (low word only for sha1) hmac hash outer state (high word) hmacouterstate hmac hash outer state hmac hash outer state hmac hash outer state (low word for md5) hmac hash outer state (low word only for sha1) 3des computed iv (8 bytes, high word) 3des computed iv (8 bytes, low word) payload auth to crypto offset cryptooffset in 32-bit words c r y p t o i n b o u n d a u t h (2) reserved 00 no authentication 01 hmac-md5 10 hmac-sha1 11 invalid
bcm5802 production specification 07/03/02 broadcom corporation page 22 memory structures document 5802-ds03-405-r generation of cryptography initial vector (iv). the cryptographic iv is always read from the context structure associated with a given packet. this implies that for situations where the ipsec explicit iv mode is used, the host cpu must copy iv material from packet payload to the context structure. if needed, the host may have to perform byte swapping on the iv to convert between big and little endian. for ipsec explicit iv packets, cryptooffset must point to the word following iv material, and the iv must be copied into packet payload as well as into the context structure. this ensures that the iv is part of the hmac computation. for ipsec implicit iv packets, cryptooffset must point to the first encrypted pay load word, and the iv is not part of packet payload, hence is automatically left out of the hmac computation. key setup processing data buffer chain entries. this structure is used to build up a linked list of data buffers for every input and output message. each entry in the linked list points at a data buffer that contains actual key set up data, a next field that points t o the next descriptor entry in the linked list, and a length field that contains the number of bytes stored in the data buffer. unlike ipsec esp and ah processing, key setup operations do not involve packet fragmentation. the linked list in each set of key setup is used to access different data needed for key setup computations. for diffie-hellman algorithms used in the ike protocol, both the public key y received from a party with whom the secret is shared and its own secret key x are required to compute the shared secret. in this case, the first entry points to y data buffer. the second entry in the data buffer points to a structure that contains the pointer to x data buffer. table 7: data buffer chain entries msb lsb 313029282726252423222120191817161514131211109876543210 data buffer address dataaddr next entry in linked list of data buffers next reserved data buffer length datalen
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r memory structures page 23 master command record. this structure is used to hand off a number of key setups to the chip for processing. the structure is variable-length, and contains up to 2 16 -1 sets of fields where each field describes one key setup. this degree of flexibility allows the host cpu to queue up any number of key setups, and to initiate hardware processing of all queued up key setup sessions via a single pci write. when using the diffie-hellman algorithm to generate shared secrets, two key setup operations must be performed. the first operation is to generate a public key to be sent to a party with whom the secret is shared. the second operation is to generate the shared secret using the received public key from the party. two sets of fields are needed to complete the generation of a shared secret. table 8: master command record msb lsb 313029282726252423222120191817161514131211109876543210 flags # key setups in this mcr command context address for 1 st key setup firstkeysetupcmdaddr data buffer address dataaddr for 1 st key setup next entry in linked list of data buffers for 1 st key setup next reserved data buf length datalen 1 st key setup length for 1 st key setup data dlength reserved output buffer address dataaddr for 1 st key setup next entry in linked list of output buffers for 1 st key setup next reserved output buf length datalen 1 st key setup command context address for 2 nd to n th key setup keysetupcmdaddr data buffer address dataaddr for 2 nd to n th key setup next entry in linked list of data buffers for 2 nd to n th key setup next reserved data buf length datalen 2-n th key setup length for 2-n th keysetup dlength reserved output buffer address dataaddr for 2-n th key setup next entry in linked list of output buffers for 2-n th key setup next reserved output buf length datalen 2-n th key setup
bcm5802 production specification 07/03/02 broadcom corporation page 24 memory structures document 5802-ds03-405-r context buffer. this structure defines dh/rsa/dsa processing to be applied on a per key setup basis. table 9: diffie-hellman public key generation (x = g x mod n) command context table 10: diffie-hellman shared secret generation (k=y x mod n) command context msb lsb 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 operation type diffie-hellman public key operation (0x01) total command context structure length random number x length x provided by sw/x generated by rng modulus n length base g length modulus n (512, 768, 1024 bits, lowest word) modulus n (512, 768, 1024 bits, 2 nd lowest word) ?? modulus n (512, 768, 1024 bits, highest word) base g (512, 768, 1024 bits, lowest word of key) base g (512, 768, 1024 bits, 2 nd lowest word of key) ?? base g (512, 768, 1024 bits, highest word of key) msb lsb 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 operation type diffie-hellman shared secret generation operation (0x02) total command context structure length modulus n length exponent (private key) x length modulus n (512, 768, 1024 bits, lowest word) modulus n (512, 768, 1024 bits, 2 nd lowest word) ?? modulus n (512, 768, 1024 bits, highest word)
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r memory structures page 25 table 11: rsa public key command context table 12: rsa private key command context msb lsb 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 operation type rsa public key operation (0x03) total command context structure length modulus n length exponent e length modulus n - rsa keying material, (512, 768, 1024 bits, lowest word of key) modulus n - rsa keying material, (512, 768, 1024 bits, 2 nd lowest word of key) ?? modulus n - rsa keying material, (512, 768, 1024 bits, highest word of key) exponent e - rsa keying material, (lowest word of key) exponent e - rsa keying material, (2 nd lowest word of key) ?? exponent e - rsa keying material, (highest word of key) msb lsb 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 operation type rsa private key operation with crt (0x04) total command context structure length prime p length prime q length prime p - rsa keying material, (256, 384, 512 bits, lowest word of parameter) prime p - rsa keying material, (256, 384, 512 bits, 2 nd lowest word of parameter) ?? prime p - rsa keying material, (256, 384, 512 bits, highest word of parameter) prime q - rsa keying material, (256, 384, 512 bits, lowest word of parameter) prime q - rsa keying material, (256, 384, 512 bits, 2 nd lowest word of parameter) ?? prime q - rsa keying material, (256, 384, 512 bits, highest word of parameter) crt private exponent dp - rsa keying material, (256, 384, 512 bits, lowest word of parameter) crt private exponent dp - rsa keying material, (256, 384, 512 bits, 2 nd lowest word of parameter) ?? crt private exponent dp - rsa keying material, (256, 384, 512 bits, highest word of parameter) crt private exponent dq - rsa keying material, (256, 384, 512 bits, lowest word of parameter) crt private exponent dq - rsa keying material, (256, 384, 512 bits, 2 nd lowest word of parameter) ?? crt private exponent dq - rsa keying material, (256, 384, 512 bits, highest word of parameter) crt coefficient pinv - rsa keying material, (256, 384, 512 bits, lowest word of parameter) crt coefficient pinv - rsa keying material, (256, 384, 512 bits, 2 nd lowest word of parameter) ?? crt coefficient pinv - rsa keying material, (256, 384, 512 bits, highest word of parameter)
bcm5802 production specification 07/03/02 broadcom corporation page 26 memory structures document 5802-ds03-405-r table 13: dsa signing command context msb lsb 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 operation type dsa signing (0x05) total command context structure length reserved message hash provided/generated modulus p length random number k provided/rng generated modulus q (160 bits, lowest word) modulus q (160 bits, 2 nd lowest word) ?? modulus q (160 bits, highest word) modulus p (512, 768, or 1024 bits, lowest word) modulus p (512, 768, or 1024 bits,2 nd lowest word) ?? modulus p (512, 768, or 1024 bits, highest word) base g (512, 768, or 1024 bits, lowest word of key) base g (512, 768, or 1024 bits, 2 nd lowest word of key) ?? base g (512, 768, or 1024 bits, highest word of key) private key y (512, 768, or 1024 bits, lowest word) private key y (512, 768, or 1024 bits, 2 nd lowest word) ?? private key y (512, 768, or 1024 bits, highest word)
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r memory structures page 27 table 14: dsa verification command context table 15: rng direct test command context table 16: rng-sha1 test command context msb lsb 313029282726252423222120191817161514131211109876543210 operation type dsa verification operation (0x06) total command context structure length reserved message hash provided/generated modulus p length reserved modulus q (160 bits, lowest word) modulus q (160 bits, 2 nd lowest word) ?? modulus q (160 bits, highest word) modulus p (512, 768, or 1024 bits, lowest word) modulus p (512, 768, or 1024 bits, 2 nd lowest word) ?? modulus p (512, 768, or 1024 bits, highest word) base g (lowest word of key) base g (2 nd lowest word of key) ?? base g (highest word of key) public key y (512, 768, 1024 bits, lowest word) public key y (512, 768, 1024 bits, 2 nd lowest word) ?? public key y (512, 768, 1024 bits, highest word) msb lsb 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 operation type rng direct test operation (0x41) total command context structure length (minimum length is 64 bytes) msb lsb 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 operation type rng-sha1 test operation (0x42) total command context structure length (minimum length is 64 bytes)
bcm5802 production specification 07/03/02 broadcom corporation page 28 memory structures document 5802-ds03-405-r table 17: modadd command context (c = (a+b) mod n) table 18: modsub command context (c = (a-b) mod n) table 19: modmul command context (c = a*b mod n) msb lsb 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 operation type modular addition operation (0x43) total command context structure length modulus n length reserved modulus n (512, 768, 1024 bits, lowest word) modulus n (512, 768, 1024 bits, 2 nd lowest word) ?? modulus n (512, 768, 1024 bits, highest word) msb lsb 313029282726252423222120191817161514131211109876543210 operation type modular subtraction operation (0x44) total command context structure length modulus n length reserved modulus n (512, 768, 1024 bits, lowest word) modulus n (512, 768, 1024 bits, 2 nd lowest word) ?? modulus n (512, 768, 1024 bits, highest word) msb lsb 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 operation type modular multiplication operation(0x45) total command context structure length modulus n length reserved modulus n (512, 768, 1024 bits, lowest word) modulus n (512, 768, 1024 bits, 2 nd lowest word) ?? modulus n (512, 768, 1024 bits, highest word)
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r memory structures page 29 table 20: modrem command context (c = m mod n) table 21: modexp command context (c = m e mod n) table 22: modinv command context (c = m -1 mod n = m n-2 mod n) the selection of ipsec crypto/authentication operation versus ipsec key setup operation can be made on a per mcr basis. within one mcr, no mix of crypto/authentication and ipsec key setup operations is allowed. the mode the current mcr operates on is determined by which dma register the mcr address is written into. if it is written into the first dma register (master command record 1), then the chip performs crypto/authentication operations. if it is written into the fifth dma register (master command record 2), then the chip performs key setup operations. msb lsb 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 operation type modular reduction operation(0x46) total command context structure length modulus n length message m length modulus n (512, 768, 1024 bits, lowest word) modulus n (512, 768, 1024 bits, 2 nd lowest word) ?? modulus n (512, 768, 1024 bits, highest word) msb lsb 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 operation type modular exponentiation operation(0x47) total command context structure length modulus n length exponent e length modulus n (512, 768, 1024 bits, lowest word) modulus n (512, 768, 1024 bits, 2 nd lowest word) ?? modulus n (512, 768, 1024 bits, highest word) msb lsb 313029282726252423222120191817161514131211109876543210 operation type modular inverse operation(0x48) total command context structure length modulus n length reserved modulus n (512, 768, 1024 bits, lowest word) modulus n (512, 768, 1024 bits, 2 nd lowest word) ?? modulus n (512, 768, 1024 bits, highest word) exponent n-2 (512, 768, 1024 bits, lowest word) exponent n-2 (512, 768, 1024 bits, 2 nd lowest word) ?? exponent n-2 (512, 768, 1024 bits, highest word)
bcm5802 production specification 07/03/02 broadcom corporation page 30 memory structures document 5802-ds03-405-r the operation type bits must be set as follows: 0x01 ? diffie-hellman public key generation operation 0x02 ? diffie-hellman shared secret generation operation 0x03 ? rsa public key operation 0x04 ? rsa private key operation (rsa operation with chinese remainder theory) 0x05 ? dsa signing operation 0x06 ? dsa verification operation 0x41 ? rng direct test mode 0x42 ? rng-sha1 test mode 0x43 ? modular addition 0x44 ? modular subtraction 0x45 ? modular multiplication 0x46 ? modular reduction (remainder) 0x47 ? modular exponentiation 0x48 ? modular inverse other values ? reserved for future use the number of entries a command context has depends on operation type and number of bits used for the operation. the total_command__context_length field provides the total number of bytes required for the command context structure for a given key setup or an atomic arithmetic operation. since the minimum number of bytes required for a pci access is 64 bytes, the field should have 64 bytes for the rng test modes. for dh public key generation and dsa signing operation, either the on-chip random number generator can be used to generate x for dh and k for dsa or else the values can be obtained from the software. if they are generated by rng, the provided/rng generated (rng enable) bits in command context are set to one. otherwise, they are set to 0. if they are provided by the application software, then they are stored in data buffers. the chip retrieves them during processing of mcr structure. for dsa signing and verification operations, message hash can either be provided by software (cpu does the hashing) or be performed by sha1 unit on the chip. if hash is done by sha1, the message hash provided/generated (sha1 enable) bits are set to one. otherwise, they are set to zero. either the message or the message hash is stored in the input data buffer . the chip retrieves them during mcr structure processing. for dh send mode, both public key and private key are generated and stored in the output data buffers in a linked list fashion. for dh receive mode, both public key and private key are provided for shared secret computation and stored in the input data buffers in a linked list fashion. for dsa signing mode, both r and s are generated and stored in output data buffers in a linked list fashion. for dsa verification mode, both r and s are provided by application and stored in input data buffers in a linked list fashion. for rng bypass and rng-sha1 modes, there is no input data buffer required and one output data buffer containing the random numbers. the length of the data buffer is contained in the output buffer length field in mcr. for atomic operations modadd, modsub, modmul, modrem, modexp, and modinv, the modulus is passed to the chip via command context structure and other operands are stored in the input data buffers in a linked list fashion. in typical applications, modulus does not change for each operation. for modinv, a modular inverse operation was converted to a modular exponentiation operation. because of that, (n-2) is stored where n is the modulus, in the command context.
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r memory structures page 31 the following table shows the data chaining in the mcr structure for various key setup algorithms. symbol a b is used to represent that the next field in data buffer a points to the data buffer for b. table 23: mcr input/output data buffer chaining algorithms input data chaining output data chaining dh send private key x provided by sw. if the private key is generated by rng, no input data is needed. input data buffer length is zero. public key data buffer private key data buffer dh receive public key data buffer private key data buffer . the sw driver must keep track of the corresponding private keys to generate the shared secret. shared secret buffer rsa public key message data buffer message data buffer rsa private key message data buffer message data buffer dsa signing m data buffer random number k provided by sw. if k is generated by rng, only message data is stored in the input data buffer. the m data buffer can contain multiple fragments. in this case, random number k provided by software follows the last fragment of m data buffer. the dlength field of the key setup is the total length (in bytes) of m data buffer (does not include the random number k). however, the fragments other than the last one must be integer multiple of 512 bits. the last fragment can be in any length. r parameter data buffer s parameter data buffer dsa verification m data buffer r parameter data buffer s parameter data buffer. the m data buffer can contain multiple fragments. in this case, r parameter data buffer follows the last fragment of m data buffer. the dlength field of the key setup is the total length (in bytes) of m data buffer (does not include r and s parameter data buffers). however, the fragments other than the last one must be integer multiple of 512 bits. the last fragment can be in any length. v parameter buffer rng bypass mode none random number buffer rng sha1 randomized mode none random number buffer modadd ((a+b) mod n) a data buffer b data buffer output data buffer modsub ((a-b) mod n) a data buffer b data buffer output data buffer modmul (a*b mod n) a data buffer b data buffer output data buffer modrem (a mod n) a data buffer output data buffer modexp (a e mod n) a data buffer e data buffer output data buffer modinv (a -1 mod n) a data buffer output data buffer
bcm5802 production specification 07/03/02 broadcom corporation page 32 alignment restrictions document 5802-ds03-405-r a lignment r estrictions the following table shows alignment requirements for all memory-resident data in ipsec crypto/authentication operations. the flexibility with respect to input packet payload data allows extreme combinations to be supported. for instance, a packet with 16,000 bytes of input payload data could be described as a chain of 16,000 descriptors, with each descriptor holding one single byte. the bcm5802 handles such an extreme situation correctly from a functional standpoint, albeit with reduced performance from the huge number of descriptor fetches. the following table shows alignment requirements for all memory-resident data in dh/rsa/dsa operations. because ike/ssl/tls key setups operate at or above layer 4 of the network stack, users have full control of the data memory allocation. aligning data at the 32-bit boundary is relatively easy to do for software. table 24: memory-resident data alignment requirem ents in ipsec crypto/authentication operations memory-resident data type alignment requirement, size requirement packet payload data packet input data buffers (per descriptor) none (byte), none (byte) packet output data buffers (per descriptor) 32-bit, length multiple of 32 bits control and command structures descriptors (input and output) 32-bit, fixed size (3 words of 32 bits) command context structure 32-bit, fixed size (19 words of 32 bits) master command record 32-bit, variable size (1 + #pkts*8 32-bit words) table 25: memory-resident data alignment requirements in dh/rsa/dsa operations memory-resident data type alignment requirement, size requirement packet payload data input data buffers (per descriptor) 32-bit, length multiple of 32 bits output data buffers (per descriptor) 32-bit, length multiple of 32 bits control and command structures descriptors (input and output) 32-bit, fixed size (3 words of 32 bits) command context structure 32-bit, fixed size (variable words of 32 bits) master command record 32-bit, variable size (1 + #key setup*8 32-bit words)
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r invalid encryption/authentication operations page 33 i nvalid e ncryption /a uthentication o perations this section details scenarios that the software should never request the chip to process. these can cause unknown results being written to memory, or possibly a chip hang condition. zero-length packets: these can arise in several ways, all of which should be avoided. one way is to have a zero total packet length in a mcr structure. another is to have a non-zero packet length, but to set the crypto offset equal to or greater than the entire length of the packet. zero-length descriptors: all data buffer entries in input and output descriptor chains should have a non-zero length. similarly, requesting the chip to use a zero output fragment size from the output fragment register would lead to unpredictable results. erroneous parameter specifications: situations such as illegal authentication specifiers, misaligned structure members, and misaligned output packet payload data, should be guaranteed to never occur. output descriptors that point to misaligned output data buffers: all output data should be aligned on 32-bit boundaries. output descriptors that indicate an output buffer byte length that is not a multiple of four: all output data buffers must have a length that is multiple of 32-bits. non-zero crypto offset with crypto disabled. packets with both authentication and crypto disabled. packets with crypto disabled, but with an output descriptor chain of length > 1 specified: for packets that have no crypto output (hence must have an authentication output), there must be one, and exactly one output descriptor specified in the master command record. only the next field of this descriptor is used to write out the hmac codes. other fields of this descriptor (in particular the data buffer address and size) are ignored. incorrect packet size for cryptography: whenever 3des is enabled, the length of input data to be encrypted must be a multiple of eight bytes. the input data length is calcul ated as total packet size minus the number of 32-bit dwords specified by the crypto offset context field. giving the chip a crypto data length that is not a multiple of eight bytes could hang the chip. ipsec padding guarantees that this never happens. crypto offset that leads to a data length for encryption or decryption that is not multiple of 64-bits: for instance, a crypto offset of one word with a total packet length of 40 words would force the crypto unit to process 39 words, which is not a multiple of eight bytes. however, a crypto offset of one word with a packet length of 41 words is fine, as is a crypto offset of two words with a packet length of 40 words. non-zero crypto offset for packets that do not have both crypto and authentication enabled: if authentication is disabled, the crypto offset must be set to zero. crypto offset can not be used as a programmable skip length for crypto-only packets. writing to the mcr register with pci master mode disabled: doing so causes the control microcode to start processing and hang, waiting for a pci master mode access that never begins. the #packet or #key setup in the first field in an mcr cannot be zero. the flags field (second field) in an mcr must be zeroed out before sending the mcr pointer to dma register on the bcm5802 .
bcm5802 production specification 07/03/02 broadcom corporation page 34 bcm5802 registers document 5802-ds03-405-r bcm5802 r egisters the bcm5802 registers are divided into two categories. 1 pci configuration registers implement control and status information that is specific to the pci bus, as well as registers required by the pci specification revision 2.2. 2 dma control and status registers correspond to master command, data and packet context fetch and write back operations. unused bits read as an unknown value which could be zero or one, and should be masked off prior to further processing. unused bits should be written as zeroes. the following mnemonics are used to describe the types of access allowed for each register bit: rw: bit is read/write wo: bit is write only ro: read only bit (i.e. status flag) rsvd: reserved bit, ignore upon read, write 0s upon write a value of x upon reset means that the state of the register is undefined and should not be relied upon after a reset occurs. pci c onfiguration r egisters the bcm5802 provides pci 2.2-compliant configuration space registers as follows. in addition, the bcm5802 uses pci memory bar0 for all slave control and status registers. the registers use a total memory space of 64 kb in one memory bar region. this region is non-pre-fetchable, and must be relocated only in 32-bit space. configuration registers not shown in the table below are reserved. table 26: pci 2.2-compliant configuration space registers addr 31 bits 16 15 bits 00 0x00 device id vendor id 0x04 status command 0x08 class code rev id 0x0c bist header type master latency timer cache line size 0x10 memory bar0 0x2c subsystem id subsystem vendor id 0x3c max_lat min_gnt interrupt pin interrupt line 0x40 reserved retry timeout trdy timeout
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r bcm5802 registers page 35 the various registers within pci configuration space are as follows. table 27: pci configuration registers bits access reset purpose pci vendor id: 0x00 15:0 ro 14e4 hard-wired device identifier (0x14e4), broadcom id assigned by pcisig. pci device id: 0x02 31:16 ro 5802 hard-wired device identifier (0x5802). pci command register: 0x04 15:10 rsvd 0 reserved. 9 rw 0 fast back to back master enable. 8 rw 0 system error enable. 7 rsvd 0 reserved. 6 rw 0 parity error enable. 5 rsvd 0 reserved. 4 rw 0 memory write and invalidate enable. 3 rsvd 0 reserved. 2 rw 0 bus master enable. 1 rw 0 memory access enable. 0 rw 0 i/o access enable (ignored, leave at 0). pci status register: 0x04 31 ro 0 detect parity error. 30 ro 0 signaled system error. 29 ro 0 received master abort status. 28 ro 0 received target abort status. 27 ro 0 signaled target abort status. 26:25 ro 01 devsel timing. 24 ro 0 data parity detected. 23 ro 1 fast back-to-back capable status. 22 rsvd 0 reserved. 21 ro 0 66-mhz capable. 20:16 rsvd 0 reserved. pci rev id: 0x08 7:0 ro 01/e1 hard-wired device revision identifier (0x01 for domestic version and 0xe1 for export version).
bcm5802 production specification 07/03/02 broadcom corporation page 36 bcm5802 registers document 5802-ds03-405-r pci class code register: 0x08 31:8 ro 0b4000 class code value (hard-wired). 0x0b4000 (processor class, coprocessor subclass). pci bist register, cache line, master latency, header: 0x0c 31 ro 0 bist capable. the bcm5802 is not capable of performing pci configuration bist operation. 30 rw 0 bist start. not supported on bcm5802 . 29:28 ro 0 reserved. 27:24 ro 0 bist completion code. not supported on bcm5802 . 23:16 rw 0 header type. 15:0 rw 0 master latency timer. 7:0 rw 0 cache line size. pci memory bar: 0x10 31:0 rw 0xffff0000 memory base address register, 64 kb region, non-prefetchable, relocate in 32-bit space only. pci max_lat, min_gnt, interrupt: 0x3c 31:24 ro 0 pci max_lat parameter. 23:16 ro 0 length of burst period min_gnt. 15:8 ro 0x1 interrupt pin register. 7:0 rw 0 interrupt line register. pci retry timeout, trdy timeout: 0x40 15:8 rw 0x80 number of retries that the pci interface performs. 7:0 rw 0x80 trdy timeout value. table 27: pci configuration registers (cont.) bits access reset purpose
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r bcm5802 registers page 37 dma c ontrol and s tatus r egisters the dma registers control how master command structures, packet context and packet data are fetched and then stored after processing. all of the following registers are located in pci memory bar0 space. a second mcr register has been added in the bcm5802 to handle the key setup operations. the bcm5802 is completely compatible with the bcm5801 for crypto/authentication operations. the bcm5801 software driver also works on the bcm5802 without modification . the following table shows the dma control and status registers. table 28: pci memory bar0 space dma registers addr 31 bits 16 15 bits 00 0x00 master command record 1@ 0x04 dma control 0x08 dma status 0x0c dma error address 0x10 master command record 2@ table 29: dma control and status registers bits access reset purpose dma master command record 1@: 0x00 31:0 rw x writing the address of a valid master command record to this register causes crypto/ authentication processing of the packets within that record to begin. this register must only be written when the mcr_full bit of the dma status register is 0. this register is double buffered, such that the mcr_full bit goes to zero very quickly after an initial write. this allows the cpu to write a second mcr address value to this register, effectively queuing up to mcr structures for back to back processing with zero latency. reset state is unknown. do not write if pci master mode is disabled. dma control: 0x04 31 rw 0 reset. software reset. normally, it is unset. if software detects hanging or other undesirable states of bcm5802 , it sets this bit to reset. after writing 1 to this bit, you must wait 30 pci clocks before the chip can be accessed again. 30 rw 0 mcr2int_en. enable interrupt per mcr for mcr2. an interrupt is generated every time an entire mcr completes processing. this is the preferred operational mode. resets to 0. 29 rw 0 mcr1int_en. enable interrupt per mcr for mcr1. an interrupt is generated every time an entire mcr completes processing. this is the preferred operational mode. resets to 0. 28 rsvd 0 reserved. 27 rsvd 1 reserved. do not change its reset value. 26 rsvd 1 reserved. do not change its reset value. 25 rw 0 dmaerr_en. enable interrupt upon dma master access error.
bcm5802 production specification 07/03/02 broadcom corporation page 38 bcm5802 registers document 5802-ds03-405-r 24:23 wo 00 rng_mode 00: 1 bit random number per one slow clock cycle. 01: 1 bit random number per four slow clock cycles 10: 1 bit random number per eight slow clock cycles 11: 1 bit random number per sixteen slow clock cycles 15:0 rsvd 0 reserved. dma status: 0x08 31 ro 0 master access in progress. resets to 0. 30 ro 0 mcr1_full flag. master command address register is full. when this flag is 1, the cpu must not write to the mcr1@register. when this flag is 0, the pcu may write a value to the mcr1@register to request processing of a master command structure. resets to 0. 29 rw 0 mcr1_intr. completion interrupt status of per-mcr interrupt for mcr1. cleared by writing a 1 to this bit position. note: this bit accurately reflects processing status, even if the corresponding interrupt bit is disabled (in which case a pci interrupt is not generated). this bit is sticky until cleared explicitly. resets to 0. 28 rw 0 dmaerr_intr. interrupt status for mcr dma master access error. sticky until software reset (dma control bit 31 is set to 1) or hardware reset. this bit accurately reflects status even if the corresponding interrupt enable bit is off (in which case a pci interrupt is not generated). resets to 0. 27 ro 0 mcr2_full flag. master command address register is full. when this flag is 1, the cpu must not write to the mcr2@ register. when this flag is 0, the cpu may write a value to the mcr2@ register to request processing of a master command structure. resets to 0. 26 rw 0 mcr2_intr. completion interrupt status of per-mcr interrupt for mcr2. cleared by writing a 1 to this bit position. note: this bit accurately reflects processing status (in which case a pci interrupt is not generated). this bit is sticky until cleared explicitly. resets to 0. dma error address: 0x0c 31:2 ro x address of master access that resulted in a pci fault (32b word address). reset state unknown. 1 ro x 1 = faulted master access was a read, 0 = was a write. reset state unknown. dma master command record 2@: 0x10 31:0 rw x writing the address of a valid master command record to this register causes key setup processing of the data within that record to begin. this register must only be written when the mcr_full bit of the dma status register is 0. this register is double buffered, such that the mcr_full bit goes to zero very quickly after an initial write to this register. this allows the cpu to write a second mcr address value to this register, effectively queuing up to mcr structures for back-to-back processing with zero latency. reset state is unknown. do not write if pci master mode is disabled. table 29: dma control and status registers (cont.) bits access reset purpose
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r electrical and timing specifications page 39 section 5: electrical and timing specifications frame# and perr# pins violated v ih pci specification very slightly at the corners of the operating temperature range. all other pins are within the pci dc specifications. all t he pins, including frame# and perr#, satisfy the pci timing specifications. table 30: electrical and timing specifications parameter typical description pci compliance 3.3v and 5v over the range of 25-33 mhz pci clocks supply voltage 3.3v 5% power consumption 1.2w typical power consumption at 33 mhz i/o buffers 3.3v operating temperature 0-70c within the commercial temperature range timing specification for the i/o pins follows the pci 2.2 timing specification the bcm5802 works in both 3.3v and 5v pci environments table 31: pci pin dc specifications symbol parameter condition min max units v cc supply voltage 3.135 3.465 v v ih (frame#) input high voltage for frame# pin 0.52v cc v cc + 0.5 v v ih (perr#) input high voltage for perr# pin 0.52v cc v cc + 0.5 v v ih input high voltage for all other pins 0.50v cc v cc + 0.5 v v il input low voltage -0.5 0.3v cc v v ipu input pull-up voltage 0.7v cc v v oh output high voltage i out = -0.5 ma 0.9v cc v v ol output low voltage i out = 1.5 ma 0.1v cc v c in input pin capacitance 5 12 pf c clk pci_clk pin capacitance 8 pf l pin pin inductance 20 nh
bcm5802 production specification 07/03/02 broadcom corporation page 40 mechanical information document 5802-ds03-405-r section 6: mechanical information figure 6: 144-pin dqfp package drawing
production specification bcm5802 07/03/02 broadcom corporation document 5802-ds03-405-r mechanical information page 41 table 32: 144-pin dqfp package dimensions symbol dimension remarks ccc max. 0.102 (0.004) planarity ddd max. 0.127 (0.005) bent lead c 0.13 - 0.23 lead thickness l 0.88 (0.15) foot length l1 1.60 (ref) ? e1 28.0 (0.10) package length e 31.2 ( 0.25) lead to lead length d1 28.0 ( 0.10) package width d 31.2 ( 0.25) lead to lead width a2 3.42 ( 0.25) package thickness a1 min. 0.25 standoff a max. 4.07 overall height e 0.65 basic lead pitch b 0.22 - 0.38 lead width
document 5802-ds03-405-r broadcom corporation broadcom corporation p.o. box 57013 16215 alton parkway irvine, california 92619-7013 ? 2002 by broadcom corporation all rights reserved printed in the u.s.a. broadcom ? corporation reserves the right to make changes without further notice to any products or data herein to improve reliability, f unction, or design. information furnished by broadcom corporation is believed to be accurate and reliable. however, broadcom corporation does not assume any liability arising out of the application or use of this information, nor the application or use of any prod uct or circuit described herein, neither does it convey any license under its patent rights nor the rights of others. bcm5802 production specification 07/03/02

▲Up To Search▲

Price & Availability of 5802-DS00-R

	To Download 5802-DS00-R Datasheet File
If you can't view the Datasheet, Please click here to try to view without PDF Reader .