The HSC Subsystem supports BulkCrypto, BulkECB, MACsec and IPsec crypto modes. The core also allows packets to bypass the encryption/decryption functions.
In Fixed Port mode, the crypto mode for each port of the encryption path is set
using the enc_igr_prtif_crypto_mode_p0
through enc_igr_prtif_crypto_mode_p3
input ports. Likewise, for the
decryption path it is set using the dec_igr_prtif_crypto_mode_p0
through dec_igr_prtif_crypto_mode_p3
input ports.
Crypto mode is not qualified by enc/dec_igr_axis_tvalid_<3-0>
,
enc/dec_igr_axis_tuser_ena<7-0>
,
enc/dec_igr_axis_tuser_sop<7-0>
, and so on. The crypto mode must
remain static at all times regardless of the state of other interface signals. Once the
crypto mode has been set for a given port, it can only be changed after the
corresponding flush (reset) is asserted for that port. On the encryption path, this is
accomplished using the enc_igr_ch_flush
input port and
on the decryption path this is accomplished using the dec_igr_ch_flush
input port. Encryption and decryption ports can also be
flushed through registers as described previously.
In Channelized mode, the crypto mode is configurable on a per-channel basis.
For the encryption path it is set using the enc_igr_prtif_crypto_mode_p0
input port, which must be driven correctly
each time that channel ID appears on the AXI4-Stream
interface. If the corresponding flush (reset) is not asserted for the channel indicated
by enc_igr_axis_tid/dec_igr_axis_tid
, the crypto mode
must be driven to the correct value for the channel regardless of the state of other
interface signals. Note that crypto mode is not qualified by
enc/dec_igr_axis_tvalid_0
,
enc/dec_igr_axis_tuser_ena<7-0>
,
enc/dec_igr_axis_tuser_sop<7-0>
, and so on.
Once the crypto mode has been set for a given channel, it can only be changed
after the corresponding flush (reset) is asserted for that channel. On encryption path
this is accomplished using c0_ctrl_tx_soft_flush
through c39_ctrl_tx_soft_flush
(see C0_CTL_TX_MAIN_REG
through C39_CTL_TX_MAIN_REG registers). On decryption path this is accomplished using
c0_ctrl_rx_soft_flush
through c39_ctrl_rx_soft_flush
(see C0_CTL_RX_MAIN_REG through
C39_CTL_RX_MAIN_REG registers). In channelized mode, flush (reset) can also be applied
to the channel identified by enc_igr_axis_tid/dec_igr_axis_tid
when
bit-0 of enc_igr_ch_flush/dec_igr_ch_flush
is asserted.