QorIQ LS1046A Security (SEC) Reference ManualQorIQ LS1046A Security
(SEC) Reference Manual, Rev. 0, 05/2017
2 NXP Semiconductors
Chapter 2 Feature summary
Chapter 3 SEC implementation
Chapter 4 SEC modes of operation
4.1 Security Monitor (SecMon) security
states.................................................................................................................77
4.1.1 The effect of security state on volatile
keys...............................................................................................78
4.1.2 The effect of security state on non-volatile
keys.......................................................................................
79
4.2 Keys available in different security
modes.................................................................................................................79
4.2.1 Keys available in trusted
mode..................................................................................................................
79
4.2.3 Keys available in non-secure
mode...........................................................................................................
80
Chapter 5 SEC hardware functional description
5.1 System Bus
Interfaces.................................................................................................................................................84
5.1.1.3 DMA write-efficient
transactions..........................................................................................
85
5.1.1.4 DMA bursts that may read past the end of data
structures....................................................
86
5.1.2 Register interface (IP
bus)..........................................................................................................................87
5.2 SEC service interface
concepts...................................................................................................................................88
NXP Semiconductors 3
5.3.1.2 Managing the input
rings.......................................................................................................
101
5.3.1.3 Managing the output
rings.....................................................................................................
102
5.3.1.5 Order of job
completion.........................................................................................................103
5.3.2.2 Building job descriptors for QI
jobs......................................................................................
107
5.3.2.4 Tracking the completion order of QI
jobs..............................................................................108
5.3.2.5 Initializing the Queue Manager
Interface..............................................................................
108
5.3.2.6 Done/error notification for QI
jobs........................................................................................
109
5.3.3 Register-based service
interface.................................................................................................................109
4 NXP Semiconductors
5.5.1.1 Alignment
blocks...................................................................................................................
116
6.1 Frame
queues..............................................................................................................................................................
119
6.1.1 Dequeue
response......................................................................................................................................
120
7.1 Job
descriptors............................................................................................................................................................
131
7.3.2.1 Error
sharing..........................................................................................................................
139
NXP Semiconductors 5
7.7.2 Command
properties..................................................................................................................................
152
7.7.4.3 Transferring meta
data...........................................................................................................
157
7.12 ECPARAM
command................................................................................................................................................
192
7.13 STORE
command.......................................................................................................................................................
196
6 NXP Semiconductors
7.18.2 PKHA OPERATION: Arithmetic
Functions.............................................................................................248
7.19 SIGNATURE
command.............................................................................................................................................
260
8.1 Conformance
considerations.......................................................................................................................................287
QorIQ LS1046A Security (SEC) Reference Manual, Rev. 0,
05/2017
NXP Semiconductors 7
8.2.4 Operation of the discrete-log key-pair generation
function.......................................................................
289
8.3 Using the Diffie_Hellman
function............................................................................................................................
294
8.3.4 Outputs from the Diffie-Hellman
function................................................................................................
295
8.3.5 Operation of the Diffie-Hellman
function.................................................................................................
295
8.4 Generating DSA and ECDSA
signatures....................................................................................................................296
8.4.1 Inputs to the DSA and ECDSA signature generation
function..................................................................297
8.4.2 Assumptions of the DSA and ECDSA signature generation
function.......................................................297
8.4.3 Outputs from the DSA and ECDSA signature generation
function...........................................................297
8.4.4 Operation of the DSA and ECDSA signature generation function
...........................................................298
8.4.5 Notes associated with the DSA and ECDSA Signature Generation
function............................................298
8.5 Verifying DSA and ECDSA
signatures......................................................................................................................301
8.5.1 Inputs to the DSA and ECDSA signature verification
function................................................................
302
8.5.2 Assumptions of the DSA and ECDSA signature verification
function.....................................................
302
8.5.3 Outputs from the DSA and ECDSA signature verification
function.........................................................
302
8.5.4 Operation of the DSA and ECDSA signature verification
function .........................................................
302
8.5.5 Notes associated with the DSA and ECDSA Signature
Verification function .........................................
303
8.6 RSA Finalize Key Generation
(RFKG)......................................................................................................................
306
8 NXP Semiconductors
9.1.3.1 PDB format for IPsec ESP Transport (and Legacy Tunnel)
encapsulation...........................321
9.1.3.2 Common PDB format descriptions for IPsec ESP Transport (and
Legacy Tunnel)
decapsulation..........................................................................................................................324
9.1.3.3 Overriding ESP Transport (and legacy Tunnel) PDB content
with the DECO Protocol
Override
Register...................................................................................................................
327
9.1.3.5 Common PDB format descriptions for IPsec ESP Tunnel
decapsulation............................. 331
9.1.3.6 Overriding ESP Tunnel PDB content with the DECO Protocol
Override Register.............. 334
9.1.3.7 IPsec ESP encapsulation CBC-specific PDB segment format
descriptions.......................... 336
9.1.3.8 IPsec ESP encapsulation AES-CTR-specific PDB segment format
descriptions..................336
9.1.3.9 IPsec ESP encapsulation AES-CCM-specific PDB segment format
descriptions................ 337
9.1.3.10 IPsec ESP encapsulation AES-GCM-specific PDB segment
format descriptions................ 337
9.1.3.11 IPsec ESP decapsulation CBC-specific PDB segment format
descriptions.......................... 338
9.1.3.12 IPsec ESP decapsulation AES-CTR-specific PDB segment
format descriptions..................338
9.1.3.13 IPsec ESP decapsulation AES-CCM-specific PDB segment
format descriptions................ 339
9.1.3.14 IPsec ESP decapsulation AES-GCM-specific PDB segment
format descriptions................ 339
9.1.4 IPsec ESP Transport (and Legacy Tunnel) encapsulation
overview.........................................................
340
9.1.4.1 Encapsulating the IP header in tunnel
mode..........................................................................341
9.1.4.2 Encapsulating the IP header in transport
mode......................................................................341
9.1.4.3 Process for IPsec ESP Transport (and Legacy Tunnel)
encapsulation.................................. 341
9.1.5 IPsec ESP Cryptographic
Encapsulation...................................................................................................
343
9.1.5.2 Process for IPsec encapsulation when using
AES-CTR........................................................
344
9.1.5.3 Process for IPsec encapsulation when using
AES-CCM.......................................................
346
9.1.5.4 Process for IPsec encapsulation when using
AES-GCM.......................................................348
9.1.6 IPsec ESP Transport (and Legacy Tunnel) decapsulation
procedure overview........................................
349
9.1.6.1 IPsec ESP Transport Mode outer IP header decapsulation
procedure...................................351
QorIQ LS1046A Security (SEC) Reference Manual, Rev. 0,
05/2017
NXP Semiconductors 9
Section number Title Page
9.1.6.2 IPsec ESP Transport (and Legacy Tunnel) outer IP header
decapsulation procedure
(tunnel
mode).........................................................................................................................
351
9.1.7.2 Process for IPsec decapsulation when using
AES-CTR........................................................
354
9.1.7.3 Process for IPsec decapsulation when using
AES-CCM.......................................................
355
9.1.7.4 Process for IPsec decapsulation when using
AES-GCM.......................................................356
9.1.7.5 Use of SPI and the sequence number in
decapsulation..........................................................357
9.1.7.6 Optional use of ESN in ESP
decapsulation...........................................................................
358
9.1.7.8 ICV checking during IPsec ESP
decapsulation.....................................................................
360
9.1.8.1 Handling the Outer IP Header during ESP Tunnel
encapsulation......................................... 360
9.1.8.2 Outer IP Header handling with
UDP-encapsulated-ESP.......................................................
362
9.1.8.3 ESP Tunnel Outer IP Header
manipulation...........................................................................
362
9.1.9 IPsec ESP tunnel decapsulation
overview.................................................................................................
363
9.1.9.3 Manipulation of the Inner IP Header during ESP Tunnel
decapsulation...............................365
9.1.9.4 Decapsulation Output Frame
Length.....................................................................................
366
9.2 SSL/TLS/DTLS record encapsulation and decapsulation
overview..........................................................................
366
9.2.1 Programming and processing details common to all versions of
SSL, TLS, and DTLS...........................367
9.2.1.1 PDB use and format for SSL, TLS, and DTLS encapsulation and
decapsulation.................368
9.2.1.1.1 PDB for SSL, TLS, and DTLS when a Block Cipher is
used............................ 368
9.2.1.1.2 PDB for SSL, TLS, and DTLS when AES-Counter mode is
used.....................369
9.2.1.1.3 PDB for TLS and DTLS when AES-GCM is
used.............................................370
QorIQ LS1046A Security (SEC) Reference Manual, Rev. 0,
05/2017
10 NXP Semiconductors
9.2.1.1.4 PDB for TLS and DTLS when AES-CCM is
used.............................................371
9.2.1.1.5 Programming the Options byte with the PDB for SSL, TLS
and DTLS............372
9.2.1.2 Overriding the PDB for SSL, TLS, and DTLS
Encapsulation..............................................
374
9.2.1.3 Computing the pre-encrypted record length during
decapsulation........................................375
9.2.1.4 SSL, TLS, DTLS Decapsulation Output frame
options.........................................................376
9.2.1.5 SSL / TLS / DTLS error
codes...............................................................................................378
9.2.2 Process for SSL 3.0 and TLS 1.0 record
encapsulation.............................................................................378
9.2.2.1 Differences between SSL 3.0 and TLS 1.0 (record
encapsulation)....................................... 379
9.2.2.2 Processing SSL 3.0 and TLS 1.0 record encapsulation with
block ciphers...........................380
9.2.3 Process for SSL 3.0 and TLS 1.0 record
decapsulation.............................................................................381
9.2.3.1 SSL 3.0 and TLS 1.0 Record Decapsulation for block
ciphers............................................. 382
9.2.3.2 Differences between SSL 3.0 and TLS 1.0 (record
decapsulation)....................................... 382
9.2.4 Process for TLS 1.1 and TLS 1.2 record
encapsulation.............................................................................383
9.2.4.1 Differences between TLS 1.0, TLS 1.1, and TLS 1.2 Record
Encapsulation....................... 384
9.2.4.2 Support for IV generation in TLS 1.1 and TLS 1.2 record
encapsulation.............................384
9.2.4.3 Processing TLS 1.1 and TLS 1.2 record encapsulation with
block ciphers (AES or DES).. 386
9.2.4.4 Processing TLS 1.1 and TLS 1.2 record encapsulation with
stream ciphers.........................387
9.2.4.5 Processing TLS 1.1 and TLS 1.2 record encapsulation with
AEAD ciphers........................ 388
9.2.5 Process for TLS 1.1 and TLS 1.2 record
decapsulation.............................................................................389
9.2.5.1 Decapsulation of TLS 1.1 and TLS 1.2 records when a stream
cipher is used......................390
9.2.5.2 Decapsulation of TLS 1.1 and TLS 1.2 records when a block
cipher is used....................... 392
9.2.5.3 Decapsulation of TLS 1.2 records when an AEAD is
used................................................... 393
9.2.6 Process for DTLS record
encapsulation.....................................................................................................394
9.2.6.1 Differences between DTLS and
TLS.....................................................................................395
9.2.6.2 Process of DTLS Record Encapsulation when using a Block
Cipher................................... 395
9.2.6.3 Process of DTLS Record Encapsulation when using a Stream
Cipher..................................397
9.2.6.4 DTLS 1.2 Record Encapsulation when using an AEAD
Cipher........................................... 398
9.2.7 Process for DTLS record
decapsulation.....................................................................................................399
9.2.7.1 Differences between DTLS and
TLS.....................................................................................400
QorIQ LS1046A Security (SEC) Reference Manual, Rev. 0,
05/2017
NXP Semiconductors 11
9.2.7.2 Process of DTLS Record Decapsulation when using a Block
Cipher................................... 400
9.2.7.3 Process of DTLS Record Decapsulation when using a Stream
Cipher................................. 402
9.2.7.4 DTLS 1.2 Record Decapsulation when using an AEAD
Cipher........................................... 403
9.3 SRTP packet encapsulation and
decapsulation...........................................................................................................405
9.3.1 Building the initial counter value (Counter
IV).........................................................................................
406
9.3.2 Building the AEAD
Nonce........................................................................................................................
406
9.3.3 Constructing the AESA context from the SRTP AEAD Nonce for
AES-CCM mode..............................407
9.3.4 SRTP
encapsulation...................................................................................................................................
408
9.4.1 Process for 802.1AE MACsec
encapsulation............................................................................................
416
9.4.3.2 Additional notes for GMAC support
(decapsulation)............................................................424
9.4.4 MACsec decapsulation PDB format
descriptions......................................................................................424
9.5 IEEE 802.11-2012 WPA2 MPDU encapsulation and decapsulation
........................................................................
425
9.5.1 Processing Common to WPA2 Encapsulation and
Decapsulation............................................................
426
9.5.1.1 Constructing the AAD for WPA2 encapsulation and
decapsulation..................................... 426
9.5.1.2 Constructing the CCMP Nonce for WPA2 encapsulation and
decapsulation....................... 427
QorIQ LS1046A Security (SEC) Reference Manual, Rev. 0,
05/2017
12 NXP Semiconductors
9.5.1.3 Constructing the AESA context for WPA2 CCMP encapsulation
and decapsulation.......... 427
9.5.2 Process for WPA2
encapsulation...............................................................................................................428
9.5.2.2 WPA2 Payload
Encapsulation...............................................................................................
430
9.6.2 IEEE 802.16 WiMAX encapsulation PDB format
descriptions................................................................
439
9.6.3 WiMax encapsulation error
conditions......................................................................................................
440
9.6.4.1 Transforming the GMH (WiMAX
decapsulation).................................................................442
9.6.4.2 Automatic key switching (WiMAX
decapsulation)...............................................................443
9.6.5 IEEE 802.16 WiMAX decapsulation PDB format
descriptions................................................................
443
9.6.6 WiMAX decapsulation error
conditions....................................................................................................
444
9.8.1 3G double-CRC encapsulation
process......................................................................................................448
9.8.1.1 Calculating the 7-bit CRC of the PDU header for
encapsulation.......................................... 448
9.8.1.2 Calculating the 11-bit CRC of the PDU header for
encapsulation........................................ 449
9.8.1.3 Calculating the 16-bit payload CRC for
encapsulation.........................................................
450
9.8.2 3G double-CRC encapsulation PDB format
descriptions..........................................................................450
9.8.3 3G double-CRC decapsulation
process......................................................................................................450
NXP Semiconductors 13
9.8.3.1 Calculating the 7-bit CRC of the PDU header for
decapsulation.......................................... 451
9.8.3.2 Calculating the 11-bit CRC of the PDU header for
decapsulation........................................ 451
9.8.3.3 Calculating the 16-bit payload CRC for
decapsulation.........................................................
452
9.8.4 3G double-CRC decapsulation PDB format
descriptions..........................................................................452
9.9 3G RLC PDU Encapsulation and Decapsulation
overview........................................................................................453
9.9.1 3G RLC PDU encapsulation
overview......................................................................................................
453
9.9.7 Overriding the PDB for 3G RLC PDU encapsulation and
decapsulation.................................................
458
9.10 LTE PDCP PDU encapsulation and decapsulation
overview.....................................................................................459
9.10.1 LTE PDCP PDU IV
generation.................................................................................................................
460
9.10.6 LTE PDCP shared descriptor PDB format
descriptions............................................................................
469
Chapter 10 Key agreement functions
10.1 IKEv2 PRF
overview..................................................................................................................................................471
10.1.1 Using IKE PRF to generate
SKEYSEED..................................................................................................
472
10.1.2 Using IKE PRF+ to generate keying material for the IKEv2
SA..............................................................
472
10.1.3 Using IKE PRF+ to generate Child SA key
material.................................................................................473
10.1.4 Restrictions on programming control
blocks.............................................................................................
473
10.1.5 IKE PRF PDB format
descriptions............................................................................................................
474
14 NXP Semiconductors
10.2.3 SSL 3.0 PRF PDB format
descriptions......................................................................................................481
10.2.4 TLS 1.0/TLS 1.1/DTLS PRF
overview.....................................................................................................
484
10.2.5.1 How TLS uses PRF
material..................................................................................................487
10.2.5.2 Concatenating input material into one input string (TLS
1.0/1.1/DTLS)..............................488
10.2.6 TLS 1.0, TLS 1.1, DTLS PRF PDB format
descriptions...........................................................................489
10.2.7 TLS 1.2 PRF
overview...............................................................................................................................492
10.2.8.1 Concantenating input material into one input string (TLS
1.2)............................................. 494
10.2.8.2 How TLS uses PRF material (TLS
1.2).................................................................................494
10.2.9 TLS 1.2 PRF PDB format
descriptions......................................................................................................495
10.3 Implementation of the derived key
protocol...............................................................................................................497
10.3.1 Using DKP with HMAC
keys....................................................................................................................498
10.3.2 Implementation of the Blob
Protocol.........................................................................................................499
Chapter 11 Cryptographic hardware accelerators (CHAs)
11.1 Public-key hardware accelerator (PKHA)
functionality.............................................................................................502
11.1.1 Modular
math.............................................................................................................................................503
QorIQ LS1046A Security (SEC) Reference Manual, Rev. 0,
05/2017
NXP Semiconductors 15
11.1.6.5 Integer Modular Multiplication
(MOD_MUL)......................................................................513
11.1.6.7 Integer Modular Multiplication with Montgomery Inputs and
Outputs
(MOD_MUL_IM_OM)
Function..........................................................................................
515
11.1.6.9 Integer Modular Exponentiation, Montgomery Input
(MOD_EXP_IM and
MOD_EXP_IM_TEQ)
Function............................................................................................516
11.1.6.11 Integer Modular Square (MOD_SQR and
MOD_SQR_TEQ)..............................................
518
11.1.6.12 Integer Modular Square, Montgomery inputs (MOD_SQR_IM
and
MOD_SQR_IM_TEQ)...........................................................................................................518
MOD_SQR_IM_OM_TEQ)..................................................................................................
519
11.1.6.15 Integer Modular Cube, Montgomery input (MOD_CUBE_IM
and
MOD_CUBE_IM_TEQ)........................................................................................................520
11.1.6.16 Integer Modular Cube, Montgomery input and output
(MOD_CUBE_IM_OM and
MOD_CUBE_IM_OM_TEQ)...............................................................................................
521
QorIQ LS1046A Security (SEC) Reference Manual, Rev. 0,
05/2017
16 NXP Semiconductors
11.1.6.22 Miller_Rabin Primality Test
(PRIME_TEST).......................................................................525
11.1.6.25 Binary Polynomial (F2m) Modular Multiplication with
Montgomery Inputs
(F2M_MUL_IM)
Function....................................................................................................
527
(F2M_MUL_IM_OM)
Function............................................................................................528
11.1.6.28 Binary Polynomial (F2m) Simultaneous Modular
Exponentiation (F2M_SML_EXP)........ 529
11.1.6.29 Binary Polynomial (F2m) Modular Square (F2M_SQR and
F2M_SQR_TEQ)................... 530
11.1.6.30 Binary Polynomial (F2m) Modular Square, Montgomery Input
(F2M_SQR_IM and
F2M_SQR_IM_TEQ)............................................................................................................
531
11.1.6.31 Binary Polynomial (F2m) Modular Square, Montgomery Input
and Output
(F2M_SQR_IM_OM and
F2M_SQR_IM_OM_TEQ)..........................................................531
11.1.6.33 Binary Polynomial (F2m) Modular Cube, Montgomery Input
(F2M_CUBE_IM and
F2M_CUBE_IM_TEQ).........................................................................................................
533
11.1.6.34 Binary Polynomial (F2m) Modular Cube, Montgomery Input
and Output
(F2M_CUBE_IM_OM and
F2M_CUBE_IM_OM_TEQ)....................................................534
11.1.6.37 Binary Polynomial (F2m) R2 Mod N (F2M_R2)
Function...................................................536
11.1.6.38 Binary Polynomial (F2m) Greatest Common Divisor (F2M_GCD)
Function...................... 536
11.1.6.39 ECC Fp Point Add, Affine Coordinates (ECC_MOD_ADD)
Function................................537
11.1.6.40 ECC Fp Point Add, Affine Coordinates, R2 Mod N Input
(ECC_MOD_ADD_R2)
Function.................................................................................................................................
537
11.1.6.42 ECC Fp Point Multiply, Affine Coordinates (ECC_MOD_MUL
and
ECC_MOD_MUL_TEQ)
Function.......................................................................................
539
NXP Semiconductors 17
Section number Title Page
11.1.6.43 ECC Fp Point Multiply, R2 Mod N Input, Affine Coordinates
(ECC_MOD_MUL_R2
and ECC_MOD_MUL_R2_TEQ)
Function..........................................................................540
11.1.6.44 ECC Fp Check Point (ECC_MOD_CHECK_POINT)
Function...........................................541
11.1.6.45 ECC Fp Check Point, R2 Mod N Input, Affine
Coordinates
(ECC_MOD_CHECK_POINT_R2)
Function.......................................................................542
11.1.6.46 ECC F2m Point Add, Affine Coordinates (ECC_F2M_ADD)
Function.............................. 543
11.1.6.47 ECC F2m Point Add, Affine Coordinates, R2 Mod N Input
(ECC_F2M_ADD_R2)
Function.................................................................................................................................
544
11.1.6.49 ECC F2m Point Multiply, Affine Coordinates (ECC_F2M_MUL
and
ECC_F2M_MUL_TEQ)
Function.........................................................................................546
11.1.6.50 ECC F2m Point Multiply, R2 Mod N Input, Affine
Coordinates (ECC_F2M_MUL_R2
and ECC_F2M_MUL_R2_TEQ)
Function...........................................................................
547
11.1.6.52 ECC F2m Check Point, R2 (ECC_F2M_CHECK_POINT_R2)
Function............................549
11.1.6.53 ECM Modular Multiplication (ECM_MOD_MUL and
ECM_MOD_MUL_TEQ)
Function.................................................................................................................................
550
11.1.6.54 ECM Fp Point Multiply, R2 Mod N Input, Affine Coordinates
(ECM_MOD_MUL_R2
and ECM_MOD_MUL_R2_TEQ)
Function.........................................................................
551
11.1.6.55 ECT Modular Multiplication (ECT_MOD_MUL and
ECT_MOD_MUL_TEQ) Function. 552
11.1.6.56 ECT Fp Point Multiply, R2 Mod N Input, Affine Coordinates
(ECT_MOD_MUL_R2 and
ECT_MOD_MUL_R2_TEQ)
Function.................................................................................553
11.1.6.57 ECT Fp Point Add, Affine Coordinates (ECT_MOD_ADD)
Function................................ 555
11.1.6.58 ECT Fp Point Add, Affine Coordinates, R2 Mod N Input
(ECT_MOD_ADD_R2)
Function.................................................................................................................................
555
11.1.6.60 ECT Fp Check Point, R2 (ECT_MOD_CHECK_POINT_R2)
Function..............................557
11.1.6.61 Copy memory, N-Size and Source-Size (COPY_NSZ and
COPY_SSZ)............................. 558
11.1.6.62 Right Shift A (R_SHIFT)
function........................................................................................
559
11.1.6.63 Compare A B (COMPARE)
function....................................................................................
559
18 NXP Semiconductors
11.2 Kasumi f8 and f9 hardware accelerator(KFHA)
functionality...................................................................................
580
11.2.2 KFHA use of the Context
Register............................................................................................................
581
11.2.3 KFHA use of the Key
Register..................................................................................................................
582
11.3.3 DESA use of the Key Size
Register...........................................................................................................584
11.3.4 DESA use of the Data Size
Register..........................................................................................................584
11.3.5 DESA Context
Register.............................................................................................................................
585
11.4 Cyclic-redundancy check accelerator (CRCA)
functionality.....................................................................................
585
11.4.3 CRCA Key
Register...................................................................................................................................588
11.5 Random-number generator (RNG)
functionality........................................................................................................589
11.5.2.1 RNG state
handles..................................................................................................................590
NXP Semiconductors 19
11.5.6 RNG use of the Data Size
Register............................................................................................................594
11.6 SNOW 3G f8 accelerator
functionality.......................................................................................................................594
11.6.1 Differences between SNOW 3G f8 and SNOW 3G
f9..............................................................................594
11.6.2 SNOW 3G f8 use of the Mode
Register....................................................................................................
595
11.6.3 SNOW 3G f8 use of the Context
Register.................................................................................................
596
11.6.4 SNOW 3G f8 use of the Data Size
Register..............................................................................................
596
11.6.5 SNOW 3G f8 use of the Key
Register.......................................................................................................
597
11.6.6 SNOW 3G f8 use of the Key Size
Register...............................................................................................
597
11.7 SNOW 3G f9 accelerator
functionality.......................................................................................................................597
11.7.1 SNOW 3G f9 use of the Mode
Register....................................................................................................
598
11.7.2 SNOW 3G f9 use of the Context
Register.................................................................................................
599
11.7.3 SNOW 3G f9 use of the Data Size
Register..............................................................................................
600
11.7.4 SNOW 3G f9 use of the Key
Register.......................................................................................................
600
11.7.5 SNOW 3G f9 use of the Key Size
Register...............................................................................................
601
11.7.6 SNOW 3G f9 use of ICV
check.................................................................................................................601
11.8 Message digest hardware accelerator (MDHA)
functionality....................................................................................
601
11.8.1 MDHA use of the Mode
Register..............................................................................................................
602
11.8.2.1 Using the MDHA Key Register with normal
keys................................................................
603
11.8.2.2 Using the MDHA Key Register with IPAD/OPAD "split
keys"........................................... 603
11.8.2.2.1 Definition and function of IPAD/OPAD split
keys............................................ 604
11.8.2.2.2 Process flow of using the Key Register with split
keys......................................604
11.8.2.2.3 Using padding with the split key type to align with
storage...............................604
11.8.2.2.4 Length of a split
key...........................................................................................
604
11.8.2.2.6 Loading/storing a split key with a FIFO STORE
command...............................605
11.8.2.2.7 Sizes of split
keys................................................................................................605
QorIQ LS1046A Security (SEC) Reference Manual, Rev. 0,
05/2017
20 NXP Semiconductors
11.8.5 Save and restore operations in MDHA context
data..................................................................................607
11.9 AES accelerator (AESA)
functionality.......................................................................................................................607
11.9.2 AESA as both Class 1 and Class 2
CHA...................................................................................................
608
11.9.3 AESA modes of
operation.........................................................................................................................
609
11.9.4 AESA use of
registers................................................................................................................................
610
11.9.6.2 AES ECB mode use of the Context
Register.........................................................................612
11.9.6.3 AES ECB Mode use of the Data Size Register
.....................................................................612
11.9.6.4 AES ECB Mode use of the Key
Register..............................................................................
612
11.9.6.5 AES ECB Mode use of the Key Size
Register.......................................................................612
11.9.7 AES CBC, OFB, CFB128
modes..............................................................................................................
613
11.9.7.1 AES CBC, OFB, and CFB128 modes use of the Mode
Register.......................................... 613
11.9.7.2 AES CBC, OFB, and CFB128 modes use of the Context
Register....................................... 614
11.9.7.3 AES CBC, OFB, and CFB128 modes use of the Data Size
Register.................................... 614
11.9.7.4 AES CBC, OFB, and CFB128 modes use of the Key
Register............................................. 615
11.9.7.5 AES CBC, OFB, and CFB128 modes use of the Key Size
Register..................................... 615
11.9.8 AES CTR
mode.........................................................................................................................................
615
11.9.8.2 AES CTR mode use of the Context
Register.........................................................................616
11.9.8.3 AES CTR mode use of the Data Size
Register......................................................................
616
11.9.8.4 AES CTR mode use of the Key
Register...............................................................................616
11.9.8.5 AES CTR mode use of the Key Size
Register.......................................................................
617
11.9.9 AES XTS
mode..........................................................................................................................................617
NXP Semiconductors 21
11.9.9.3 AES XTS mode use of the Data Size
Register......................................................................
618
11.9.9.4 AES XTS mode use of the Key
Register...............................................................................
618
11.9.9.5 AES XTS mode use of the Key Size
Register.......................................................................
619
11.9.10 AES XCBC-MAC and CMAC
modes.......................................................................................................619
11.9.10.1 AES XCBC-MAC and CMAC modes use of the Mode
Register..........................................619
11.9.10.2 AES XCBC-MAC and CMAC Modes use of the Context
Register......................................621
11.9.10.3 AES XCBC-MAC and CMAC modes use of the Class 1 ICV Size
Register....................... 621
11.9.10.4 AES XCBC-MAC and CMAC modes use of the Data Size
Register................................... 622
11.9.10.5 AES XCBC-MAC and CMAC modes use of the Key
Register............................................ 622
11.9.10.6 AES XCBC-MAC and CMAC modes use of the Key Size
Register.................................... 622
11.9.10.7 ICV checking in AES XCBC-MAC and CMAC
modes.......................................................
622
11.9.11 AESA CCM
mode.....................................................................................................................................
623
11.9.11.1 Generation
encryption............................................................................................................623
11.9.11.4 AES CCM mode use of the Context
Register........................................................................625
11.9.11.5 AES CCM mode use of the Data Size
Register.....................................................................
626
11.9.11.6 AES CCM mode use of the Key
Register..............................................................................626
11.9.11.7 AES CCM mode use of the Key Size
Register......................................................................626
11.9.11.8 AES CCM mode use of the ICV
check..................................................................................627
11.9.12 AES GCM
mode........................................................................................................................................
627
QorIQ LS1046A Security (SEC) Reference Manual, Rev. 0,
05/2017
22 NXP Semiconductors
11.9.12.7 AES GCM Mode use of the Data Size
Register....................................................................
630
11.9.12.8 AES GCM mode use of the Class 1 IV Size
Register...........................................................
631
11.9.12.9 AES GCM mode use of the AAD Size
Register....................................................................631
11.9.12.10 AES GCM mode use of the Class 1 ICV Size
Register.........................................................631
11.9.12.11 AES GCM mode use of the Key
Register..............................................................................631
11.9.12.12 AES GCM mode use of the Key Size
Register......................................................................631
11.9.12.13 AES GCM mode use of the ICV
check.................................................................................
632
11.9.13 AESA optimization
modes.........................................................................................................................632
11.9.13.4 Authentication-only
data........................................................................................................633
11.9.13.7 AES optimization modes use of the Data Size
Register........................................................
638
11.9.13.8 AES optimization modes use of the AAD Size
Register.......................................................
639
11.9.13.9 AES optimization modes use of the Class 1 ICV Size
Register............................................ 639
11.9.13.10 AES optimization modes use of the Class 1 Key
Register....................................................
640
11.9.13.11 AES optimization modes use of the Class 2 Key
Register....................................................
640
11.9.13.12 AES optimization modes use of the Class 1 Key Size
Register............................................ 640
11.9.13.13 AES optimization modes use of the Class 2 Key Size
Register............................................ 641
11.9.13.14 AES optimization modes use of the ICV
check.....................................................................641
11.9.13.15 AES optimization modes error
conditions.............................................................................
641
11.10 ZUC encryption accelerator (ZUCE)
functionality....................................................................................................
643
11.10.2 ZUCE use of the Mode
Register................................................................................................................
644
11.10.4 ZUCE use of the Data Size
Register..........................................................................................................645
11.10.5 ZUCE use of the Key
Register...................................................................................................................645
QorIQ LS1046A Security (SEC) Reference Manual, Rev. 0,
05/2017
NXP Semiconductors 23
11.11 ZUC authentication accelerator (ZUCA)
functionality..............................................................................................
646
11.11.2 ZUCA use of the Context
Register............................................................................................................
647
12.1 Run-time integrity checker
(RTIC).............................................................................................................................651
12.1.1 RTIC modes of
operation...........................................................................................................................651
12.1.4 RTIC use of command, configuration, and status
registers.......................................................................
652
12.1.5 Initializing
RTIC........................................................................................................................................
653
12.2 SEC virtualization and security domain identifiers
(SDIDs)......................................................................................654
12.2.1
Virtualization.............................................................................................................................................
654
12.3.2 Black keys and
JDKEK/TDKEK...............................................................................................................656
12.3.3 Trusted descriptors and
TDSK...................................................................................................................656
QorIQ LS1046A Security (SEC) Reference Manual, Rev. 0,
05/2017
24 NXP Semiconductors
12.4.6 Encapsulating and decapsulating black
keys.............................................................................................
659
12.5 Trusted
descriptors......................................................................................................................................................662
12.5.5 Configuring the system to create trusted descriptors
properly..................................................................
663
12.5.6 Creating trusted
descriptors.......................................................................................................................
664
12.5.6.2 Trusted-descriptor execution
considerations.........................................................................
665
12.6.5.2.3 Enforcing blob content
type................................................................................672
12.6.6 Blob
encapsulation.....................................................................................................................................673
12.6.7 Blob
decapsulation.....................................................................................................................................674
NXP Semiconductors 25
12.8.1.1 Providing data to the MPPrivK-generation
function.............................................................
677
12.8.1.2 Providing data to the MPPubK-generation
function..............................................................677
12.8.1.3 Providing data to the MPSign
function..................................................................................678
12.8.1.4 Role of the ROM-resident secure boot
firmware...................................................................678
12.8.2 MPPrivK-generation
function....................................................................................................................679
12.8.2.1 Differences between the MPPrivK-generation function and
the DL KEY PAIR GEN
function..................................................................................................................................
679
12.8.2.3 Protocol data block (PDB) for the MPPrivK-generation
function.........................................680
12.8.3 MPPubK-generation
function....................................................................................................................
681
12.8.3.1 Differences between the MPPubK-generation function and the
DL KEY PAIR GEN
function..................................................................................................................................
681
12.8.3.3 Protocol data block (PDB) for the MPPubK-generation
function......................................... 682
12.8.3.4 Running the MPPubK generation function at the OEM's
facility..........................................683
12.8.4 MPSign
function........................................................................................................................................
683
12.8.4.2 Protocol data block (PDB) MPSign
function.........................................................................685
Chapter 13 SEC register descriptions
13.1 SEC Memory
map.......................................................................................................................................................689
26 NXP Semiconductors
13.4 Job Ring a ICID Register - most significant half (JR0ICID_MS -
JR3ICID_MS)....................................................
745
13.4.1
Offset..........................................................................................................................................................745
13.4.2
Function.....................................................................................................................................................
745
13.4.3
Diagram......................................................................................................................................................746
13.4.4
Fields..........................................................................................................................................................746
13.5 Job Ring a ICID Register - least significant half (JR0ICID_LS
-
JR3ICID_LS).......................................................747
13.5.1
Offset..........................................................................................................................................................747
13.5.2
Function.....................................................................................................................................................
747
13.5.3
Diagram......................................................................................................................................................748
13.5.4
Fields..........................................................................................................................................................748
13.6.1
Offset..........................................................................................................................................................749
13.6.2
Function.....................................................................................................................................................
749
13.6.3
Diagram......................................................................................................................................................749
13.6.4
Fields..........................................................................................................................................................750
NXP Semiconductors 27
Section number Title Page
13.9 RTIC ICID Register for Block a - most significant half
(RTICAICID_MS -
RTICDICID_MS)..............................753
13.9.1
Offset..........................................................................................................................................................754
13.9.2
Function.....................................................................................................................................................
754
13.9.3
Diagram......................................................................................................................................................754
13.9.4
Fields..........................................................................................................................................................754
13.10 RTIC ICID Register for Block a - least significant half
(RTICAICID_LS - RTICDICID_LS)................................
755
13.10.1
Offset..........................................................................................................................................................755
13.10.2
Function.....................................................................................................................................................
755
13.10.3
Diagram......................................................................................................................................................755
13.10.4
Fields..........................................................................................................................................................756
13.13.1
Offset..........................................................................................................................................................760
13.13.2
Function.....................................................................................................................................................
760
13.13.3
Diagram......................................................................................................................................................760
13.13.4
Fields..........................................................................................................................................................760
13.14.1
Offset..........................................................................................................................................................761
13.14.2
Function.....................................................................................................................................................
761
13.14.3
Diagram......................................................................................................................................................761
28 NXP Semiconductors
NXP Semiconductors 29
13.25.1
Offset..........................................................................................................................................................778
13.25.2
Function.....................................................................................................................................................
778
13.25.3
Diagram......................................................................................................................................................779
13.25.4
Fields..........................................................................................................................................................779
30 NXP Semiconductors
13.27.1
Offset..........................................................................................................................................................782
13.27.2
Function.....................................................................................................................................................
782
13.27.3
Diagram......................................................................................................................................................783
13.27.4
Fields..........................................................................................................................................................783
13.28.1
Offset..........................................................................................................................................................783
13.28.2
Function.....................................................................................................................................................
783
13.28.3
Diagram......................................................................................................................................................784
13.28.4
Fields..........................................................................................................................................................784
13.31.1
Offset..........................................................................................................................................................786
13.31.2
Function.....................................................................................................................................................
787
13.31.3
Diagram......................................................................................................................................................787
13.31.4
Fields..........................................................................................................................................................788
QorIQ LS1046A Security (SEC) Reference Manual, Rev. 0,
05/2017
NXP Semiconductors 31
13.33.1
Offset..........................................................................................................................................................789
13.33.2
Function.....................................................................................................................................................
789
13.33.3
Diagram......................................................................................................................................................790
13.33.4
Fields..........................................................................................................................................................790
13.34.1
Offset..........................................................................................................................................................790
13.34.2
Function.....................................................................................................................................................
790
13.34.3
Diagram......................................................................................................................................................791
13.34.4
Fields..........................................................................................................................................................791
32 NXP Semiconductors
13.40.1
Offset..........................................................................................................................................................799
13.40.2
Function.....................................................................................................................................................
799
13.40.3
Diagram......................................................................................................................................................799
13.40.4
Fields..........................................................................................................................................................800
13.41.1
Offset..........................................................................................................................................................801
13.41.2
Function.....................................................................................................................................................
801
13.41.3
Diagram......................................................................................................................................................802
13.41.4
Fields..........................................................................................................................................................802
13.42.1
Offset..........................................................................................................................................................803
13.42.2
Function.....................................................................................................................................................
803
13.42.3
Diagram......................................................................................................................................................804
13.42.4
Fields..........................................................................................................................................................804
13.43.1
Offset..........................................................................................................................................................805
13.43.2
Function.....................................................................................................................................................
805
13.43.3
Diagram......................................................................................................................................................806
13.43.4
Fields..........................................................................................................................................................806
NXP Semiconductors 33
13.44.1
Offset..........................................................................................................................................................806
13.44.2
Function.....................................................................................................................................................
806
13.44.3
Diagram......................................................................................................................................................807
13.44.4
Fields..........................................................................................................................................................807
13.45.1
Offset..........................................................................................................................................................808
13.45.2
Function.....................................................................................................................................................
808
13.45.3
Diagram......................................................................................................................................................808
13.45.4
Fields..........................................................................................................................................................809
13.46.1
Offset..........................................................................................................................................................810
13.46.2
Function.....................................................................................................................................................
810
13.46.3
Diagram......................................................................................................................................................811
13.46.4
Fields..........................................................................................................................................................811
13.47.1
Offset..........................................................................................................................................................811
13.47.2
Function.....................................................................................................................................................
811
13.47.3
Diagram......................................................................................................................................................812
13.47.4
Fields..........................................................................................................................................................812
13.48.1
Offset..........................................................................................................................................................813
13.48.2
Function.....................................................................................................................................................
813
13.48.3
Diagram......................................................................................................................................................813
13.48.4
Fields..........................................................................................................................................................814
13.49.1
Offset..........................................................................................................................................................814
13.49.2
Function.....................................................................................................................................................
814
13.49.3
Diagram......................................................................................................................................................815
34 NXP Semiconductors
13.52.1
Offset..........................................................................................................................................................819
13.52.2
Function.....................................................................................................................................................
819
13.52.3
Diagram......................................................................................................................................................819
13.52.4
Fields..........................................................................................................................................................820
13.55.1
Offset..........................................................................................................................................................823
13.55.2
Function.....................................................................................................................................................
823
NXP Semiconductors 35
13.57.1
Offset..........................................................................................................................................................825
13.57.2
Function.....................................................................................................................................................
825
13.57.3
Diagram......................................................................................................................................................825
13.57.4
Fields..........................................................................................................................................................826
13.58.1
Offset..........................................................................................................................................................826
13.58.2
Function.....................................................................................................................................................
826
13.58.3
Diagram......................................................................................................................................................826
13.58.4
Fields..........................................................................................................................................................827
13.59.1
Offset..........................................................................................................................................................827
13.59.2
Function.....................................................................................................................................................
827
13.59.3
Diagram......................................................................................................................................................828
13.59.4
Fields..........................................................................................................................................................828
13.60.1
Offset..........................................................................................................................................................828
13.60.2
Function.....................................................................................................................................................
829
13.60.3
Diagram......................................................................................................................................................829
13.60.4
Fields..........................................................................................................................................................829
13.61.1
Offset..........................................................................................................................................................830
36 NXP Semiconductors
13.62 RNG TRNG Statistical Check Run Length 1 Count Register
(RTSCR1C)...............................................................
831
13.62.1
Offset..........................................................................................................................................................831
13.62.2
Function.....................................................................................................................................................
831
13.62.3
Diagram......................................................................................................................................................831
13.62.4
Fields..........................................................................................................................................................832
13.63 RNG TRNG Statistical Check Run Length 1 Limit Register
(RTSCR1L)................................................................
832
13.63.1
Offset..........................................................................................................................................................832
13.63.2
Function.....................................................................................................................................................
833
13.63.3
Diagram......................................................................................................................................................833
13.63.4
Fields..........................................................................................................................................................833
13.64 RNG TRNG Statistical Check Run Length 2 Count Register
(RTSCR2C)...............................................................
834
13.64.1
Offset..........................................................................................................................................................834
13.64.2
Function.....................................................................................................................................................
834
13.64.3
Diagram......................................................................................................................................................834
13.64.4
Fields..........................................................................................................................................................835
13.65 RNG TRNG Statistical Check Run Length 2 Limit Register
(RTSCR2L)................................................................
835
13.65.1
Offset..........................................................................................................................................................835
13.65.2
Function.....................................................................................................................................................
836
13.65.3
Diagram......................................................................................................................................................836
13.65.4
Fields..........................................................................................................................................................836
13.66 RNG TRNG Statistical Check Run Length 3 Limit Register
(RTSCR3L)................................................................
837
13.66.1
Offset..........................................................................................................................................................837
13.66.2
Function.....................................................................................................................................................
837
13.66.3
Diagram......................................................................................................................................................837
13.66.4
Fields..........................................................................................................................................................838
13.67 RNG TRNG Statistical Check Run Length 3 Count Register
(RTSCR3C)...............................................................
838
QorIQ LS1046A Security (SEC) Reference Manual, Rev. 0,
05/2017
NXP Semiconductors 37
13.68 RNG TRNG Statistical Check Run Length 4 Limit Register
(RTSCR4L)................................................................
839
13.68.1
Offset..........................................................................................................................................................840
13.68.2
Function.....................................................................................................................................................
840
13.68.3
Diagram......................................................................................................................................................840
13.68.4
Fields..........................................................................................................................................................840
13.69 RNG TRNG Statistical Check Run Length 4 Count Register
(RTSCR4C)...............................................................
841
13.69.1
Offset..........................................................................................................................................................841
13.69.2
Function.....................................................................................................................................................
841
13.69.3
Diagram......................................................................................................................................................841
13.69.4
Fields..........................................................................................................................................................842
13.70 RNG TRNG Statistical Check Run Length 5 Count Register
(RTSCR5C)...............................................................
842
13.70.1
Offset..........................................................................................................................................................842
13.70.2
Function.....................................................................................................................................................
842
13.70.3
Diagram......................................................................................................................................................843
13.70.4
Fields..........................................................................................................................................................843
13.71 RNG TRNG Statistical Check Run Length 5 Limit Register
(RTSCR5L)................................................................
843
13.71.1
Offset..........................................................................................................................................................844
13.71.2
Function.....................................................................................................................................................
844
13.71.3
Diagram......................................................................................................................................................844
13.71.4
Fields..........................................................................................................................................................844
13.72 RNG TRNG Statistical Check Run Length 6+ Limit Register
(RTSCR6PL)............................................................845
13.72.1
Offset..........................................................................................................................................................845
13.72.2
Function.....................................................................................................................................................
845
13.72.3
Diagram......................................................................................................................................................845
13.72.4
Fields..........................................................................................................................................................846
38 NXP Semiconductors
13.73 RNG TRNG Statistical Check Run Length 6+ Count Register
(RTSCR6PC)...........................................................846
13.73.1
Offset..........................................................................................................................................................846
13.73.2
Function.....................................................................................................................................................
846
13.73.3
Diagram......................................................................................................................................................847
13.73.4
Fields..........................................................................................................................................................847
13.75.1
Offset..........................................................................................................................................................850
13.75.2
Function.....................................................................................................................................................
850
13.75.3
Diagram......................................................................................................................................................851
13.75.4
Fields..........................................................................................................................................................851
13.76 RNG TRNG Statistical Check Poker Count 1 and 0 Register
(RTPKRCNT10).......................................................
851
13.76.1
Offset..........................................................................................................................................................851
13.76.2
Function.....................................................................................................................................................
851
13.76.3
Diagram......................................................................................................................................................852
13.76.4
Fields..........................................................................................................................................................852
13.77 RNG TRNG Statistical Check Poker Count 3 and 2 Register
(RTPKRCNT32).......................................................
852
13.77.1
Offset..........................................................................................................................................................852
13.77.2
Function.....................................................................................................................................................
853
13.77.3
Diagram......................................................................................................................................................853
13.77.4
Fields..........................................................................................................................................................853
13.78 RNG TRNG Statistical Check Poker Count 5 and 4 Register
(RTPKRCNT54).......................................................
853
13.78.1
Offset..........................................................................................................................................................854
13.78.2
Function.....................................................................................................................................................
854
13.78.3
Diagram......................................................................................................................................................854
NXP Semiconductors 39
13.78.4
Fields..........................................................................................................................................................854
13.79 RNG TRNG Statistical Check Poker Count 7 and 6 Register
(RTPKRCNT76).......................................................
855
13.79.1
Offset..........................................................................................................................................................855
13.79.2
Function.....................................................................................................................................................
855
13.79.3
Diagram......................................................................................................................................................855
13.79.4
Fields..........................................................................................................................................................855
13.80 RNG TRNG Statistical Check Poker Count 9 and 8 Register
(RTPKRCNT98).......................................................
856
13.80.1
Offset..........................................................................................................................................................856
13.80.2
Function.....................................................................................................................................................
856
13.80.3
Diagram......................................................................................................................................................856
13.80.4
Fields..........................................................................................................................................................856
13.81 RNG TRNG Statistical Check Poker Count B and A Register
(RTPKRCNTBA)....................................................
857
13.81.1
Offset..........................................................................................................................................................857
13.81.2
Function.....................................................................................................................................................
857
13.81.3
Diagram......................................................................................................................................................857
13.81.4
Fields..........................................................................................................................................................858
13.82 RNG TRNG Statistical Check Poker Count D and C Register
(RTPKRCNTDC)....................................................
858
13.82.1
Offset..........................................................................................................................................................858
13.82.2
Function.....................................................................................................................................................
858
13.82.3
Diagram......................................................................................................................................................859
13.82.4
Fields..........................................................................................................................................................859
13.83 RNG TRNG Statistical Check Poker Count F and E Register
(RTPKRCNTFE)......................................................
859
13.83.1
Offset..........................................................................................................................................................859
13.83.2
Function.....................................................................................................................................................
860
13.83.3
Diagram......................................................................................................................................................860
13.83.4
Fields..........................................................................................................................................................860
13.84.1
Offset..........................................................................................................................................................861
13.84.2
Function.....................................................................................................................................................
861
40 NXP Semiconductors
13.85.1
Offset..................................................................................................