The HSC Subsystem supports BulkCrypto, BulkECB, MACsec and IPsec crypto modes. The core also allows packets to bypass the encryption/decryption functions.
In Fixed Port mode, the crypto mode for each port of the encryption path is set
using the enc_igr_prtif_crypto_mode_p0 through enc_igr_prtif_crypto_mode_p3 input ports. Likewise, for the
decryption path it is set using the dec_igr_prtif_crypto_mode_p0 through dec_igr_prtif_crypto_mode_p3 input ports.
Crypto mode is not qualified by enc/dec_igr_axis_tvalid_<3-0>,
enc/dec_igr_axis_tuser_ena<7-0>,
enc/dec_igr_axis_tuser_sop<7-0>, and so on. The crypto mode must
remain static at all times regardless of the state of other interface signals. Once the
crypto mode has been set for a given port, it can only be changed after the
corresponding flush (reset) is asserted for that port. On the encryption path, this is
accomplished using the enc_igr_ch_flush input port and
on the decryption path this is accomplished using the dec_igr_ch_flush input port. Encryption and decryption ports can also be
flushed through registers as described previously.
In Channelized mode, the crypto mode is configurable on a per-channel basis.
For the encryption path it is set using the enc_igr_prtif_crypto_mode_p0 input port, which must be driven correctly
each time that channel ID appears on the AXI4-Stream
interface. If the corresponding flush (reset) is not asserted for the channel indicated
by enc_igr_axis_tid/dec_igr_axis_tid, the crypto mode
must be driven to the correct value for the channel regardless of the state of other
interface signals. Note that crypto mode is not qualified by
enc/dec_igr_axis_tvalid_0,
enc/dec_igr_axis_tuser_ena<7-0>,
enc/dec_igr_axis_tuser_sop<7-0>, and so on.
Once the crypto mode has been set for a given channel, it can only be changed
after the corresponding flush (reset) is asserted for that channel. On encryption path
this is accomplished using c0_ctrl_tx_soft_flush
through c39_ctrl_tx_soft_flush (see C0_CTL_TX_MAIN_REG
through C39_CTL_TX_MAIN_REG registers). On decryption path this is accomplished using
c0_ctrl_rx_soft_flush through c39_ctrl_rx_soft_flush (see C0_CTL_RX_MAIN_REG through
C39_CTL_RX_MAIN_REG registers). In channelized mode, flush (reset) can also be applied
to the channel identified by enc_igr_axis_tid/dec_igr_axis_tid when
bit-0 of enc_igr_ch_flush/dec_igr_ch_flush is asserted.