# DES DATA CIPHERING PROCESSORS (DCP) - Encrypts/Decrypts data using National Bureau of Standards Data Encryption Standard (DES) - High speed, pin and function compatible version of industry standard AMD AM9568, AM9518 and VLSI VM009 - Supports four standard ciphering modes: Electronic Code Book (ECB), Cipher Block Chaining (CBC), as well as 1 and 8 bit Cipher Feedback (CFB) - Data rates greater than 11 Mbytes per second (25 MHz) in ECB or CBC modes - Three separate registers for encryption, decryption and master keys improve system security and throughput by eliminating the need to reload keys frequently - Fully static CMOS, TTL I/O compatible device. operates at up to 25 MHz - Low power consumption allows battery back-up of internal key registers - Three separate programmable ports (master, slave and key data) - Available in 44 pin PLCC and 40 pin PDIP packages The Newbridge Microsystems CA95C68/18/09 DES Data Ciphering Processors (DCPs) implement the National Bureau of Standards Data Encryption Standard (DES), FIPS PUB 46(1-15-1977). The DCPs were designed to be used in a variety of environments where computer and communications security is essential. The DCPs provide a high throughput rate (up to 11 Mbytes per second) using ECB or CBC modes of operation. The DCPs provide a unique 1 bit CFB mode as well as the standard 8 bit mode. Separate ports for key input, clear data and enciphered data enhance security for your application. The system communicates with the DCP using commands entered in the Master Port or through auxiliary control lines. Once the DCP is set up, data can flow through at high speeds since input, output and ciphering activities are performed concurrently. External DMA control can easily be used to enhance throughput in many system configurations. The CA95C68 is designed to interface directly to the iAPX86, 88 CPU bus, and with a minimum of external logic, to the 2900 and 8051 families of processors. The CA95C18 is designed to interface directly with Z8000, 68000 type bus interfaces. The CA95C09 may be configured to behave as either the CA95C68 or the CA95C18 (see OPTION pin in Table 1), the only difference being the order of the signal names on the device package. #### **Table of Contents** | CA95C68/18/09 Block Diagrams | | |------------------------------------------------------------|------| | Table 1 : CA95C68/18/09 Data Transfer Rates | | | Packages | | | Pin Description | | | AC Characteristics | | | Figure 7: CA95C68/18 Clock and Reset Timing | . 16 | | Figure 8 : CA95C68/18 Control and Status Signals Timing | | | (Direct Control Mode) | . 16 | | Figure 9 : CA95C68 Master Port, Multiplexed Control Mode | | | Read/Write Timing | . 17 | | Read/Write Timing | . 17 | | Figure 11: CA95C68 and CA95C18 Auxiliary-Port Key | | | | . 18 | | Figure 12 : CA95C18 Master Port, Multiplexed Control Mode, | | | Read/Write Timing | . 18 | | Read/Write Timing | . 19 | | DC Characteristics | .20 | | Table 5 : Recommended Operating Conditions | .20 | | Table 6 : Absolute Maximum Ratings | .20 | | Functional Description | .21 | | Figure 14: CA95C68 and CA95C18 Data Flow Options | .23 | | Register Description | .24 | | Table 7: Master Port Register Address | .24 | | Figure 15: Mode Register Bit Assignments | .25 | | Table 8: Command Codes in Multiplexed Control Mode | .26 | | Table 9: Implicit Command Sequences in Direct | | | Control Mode | .26 | | Figure 16 : Status Register Bit Assignments | .27 | | Table 10: Association of Master Port Flag (MFLG) and Slave | | | Port Flag ( SFLG) with Input and Output Registers | .28 | | Maximum Throughput | .29 | | Pipelining | .29 | | Figure 17 : Detailed Timing of One Block | 29 | | Figure 18: Pipelining (Minimum Timing Operation) | | | Command Description | | | Mechanicals | .33 | | Ordering Information | 34 | Copyright 1993, Newbridge Networks Corporation. All Rights Reserved. Newbridge and CA95C68/18/09 are registered trademarks of Newbridge Networks Corporation. Document 809568.MD500.02 Figure 1: CA95C68/18/09 Block Diagrams Table 1: CA95C68/18/09 Data Transfer Rates | Product<br>Code | Data Transfer Rates ECB or CBC Mode (Mbytes per second) | System Clock<br>(MHz) | |-----------------|---------------------------------------------------------|-----------------------| | CA95Cxx - 5 | 2.22 | 5 | | CA95Cxx - 10 | 4.44 | 10 | | CA95Cxx - 16 | 7.10 | 16 | | CA95Cxx - 20 | 8.88 | 20 | | CA95Cxx - 25 | 11.10 | 25 | Figure 2: CA95C68 40-Pin PDIP Figure 3: CA95C68 44-Pin PLCC Figure 4: CA95C18 40-Pin PDIP Figure 5: CA95C18 44-Pin PLCC Figure 6: CA95C09 44-Pin PLCC Table 2 : Pin Description | Symbol | Pi<br>PL( | | Pin<br>PDIP | TYPE | Name and Function | | | | | |--------------------------------------|----------------|----------------|----------------|------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--| | | 95C68/18 | 95C09 | FUIF | | | | | | | | CLK | 15 | 16 | 14 | 1 | Clock: An external timing source is input via this pin. The Master and Slave Port data strobe signals (MWR, MRD, SDS for CA95C68 and MDS, SDS for CA95C18) must change synchronously with the clock input. In direct control mode the AUX <sub>5</sub> -S/S must also be synchronous. The output flags for the three ports (AFLG, MFLG, SFLG) will all change synchronously with the clock. | | | | | | c/ĸ̄ | 14 | <del>-</del> | 13 | I | Control/Key Mode Control: This input controls the mode of operation of the DCP. The DCP enters into Multiplexed Control Mode when a low input is placed on the $C/\overline{K}$ pin, enabling programmed access to internal registers through the Master Port and enabling input of keys through the Auxiliary Port. In Direct Control Mode (C/K HIGH), several of the Auxiliary Port pins become direct control/status signals which can be driven/sensed by high-speed controller logic, and access to internal registers through the Master Port is limited to the Input and Output Registers. | | | | | | DCM | _ | 15 | _ | 1 | <b>Direct Control Mode:</b> (For CA95C09) This input functions identical to the $C/\overline{K}$ input. (See $C/\overline{K}$ pin description). | | | | | | MP <sub>7</sub> –<br>MP <sub>0</sub> | 23-26<br>21-18 | 24-27<br>21-18 | 21-24<br>19-16 | I/O | Master Port Bus: These eight bi-directional signals are used to input and output data, as well as specify the internal register addresses in Multiplexed Control Mode. The Master Port provides software access to the Status, Command, Mode, Mask, Input and Output Registers. For the CA95C68, the tri-state Master Port outputs will be enabled only when the Master Port is selected by Master Port Chip Select (MCS) LOW, and when Master Port Read (MRD) is strobed LOW. For the CA95C18, the Master Port outputs are enabled when selected by MCS, and when MR/W is HIGH and MDS is LOW. MPo is the low-order bit. Data and key information are entered into this port with the most significant byte first. | | | | | | MCS | 28 | 28 | 25 | 1 | Master Port Chip Select: This active LOW input signal is used to select the Master Port. In Multiplexed Control Mode (C/K LOW), the level on MCS is latched internally on the falling edge of Master Port Address Latch Enable (MALE). This latched level is maintained as long as MALE is LOW; when MALE is HIGH, the latch becomes transparent and the internal signal will follow the MCS input. No latching of MCS occurs in Direct Control Mode (C/K HIGH). The level on MCS is passed directly to the internal select circuitry regardless of the state of Master Port Address Latch Enable (MALE). | | | | | Table 2 : Pin Description Cont'd | Symbol | Pi<br>PLC | | Pin<br>PDIP | TYPE | Name and Function | |--------|-----------|--------------|-------------|------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | | 95C68/18 | 95C09 | 1 5 | | | | MALE | 30 | - | 27 | ı | Master Port Address Latch Enable: (For CA95C68) In Multiplexed Control Mode (C/ $\overline{K}$ LOW), an active HIGH signal on this pin indicates the presence of valid address and chip select information at the Master Port. This information will be latched internally on the falling edge of MALE. When C/ $\overline{K}$ is HIGH (Direct Control Mode), MALE has no affect on DCP operation. | | MRD | 29 | - | 26 | l | Master Port Read: (For CA95C68) This active LOW input is used with a valid MCS to indicate that data is to be output on the Master Port bus. Master Port Read (MRD) and Master Port Write (MWR) are normally mutually exclusive; if both become active simultaneously, the DCP is reset to ECB Mode and all flags go inactive. | | MWR | 31 | - | 28 | | <b>Master Port Write:</b> (For CA95C68) This active low input signal indicates to the DCP that valid <u>data</u> is present on $MP_{\mathcal{T}}MP_0$ for an input operation. The rising <u>edge</u> of <u>MWR</u> latches the data into the selected internal register. If <u>MWR</u> and <u>MRD</u> both go LOW simultaneously, the DCP is reset. | | MAS | 30 | <del>-</del> | 27 | 1 | Master Port Address Strobe: (For CA95C18) In Multiplexed Control Mode (C/K HIGH), a LOW on MAS indicates the presence of a valid chip select signal and address information. This information will be latched on the rising edge of MAS. In Direct Control Mode, MAS has no affect on the DCP operation. The DCP will be reset if MAS and MDS both go low simultaneously. | | MDS | 29 | _ | 26 | I | <b>Master Port Data Strobe</b> : (For CA95C18) This active low input is used in conjunction with a valid Master Port Chip Select (MCS) to indicate that valid data is present on the $MP_7$ - $MP_0$ bus for an input operation or that $\underline{\text{data}}$ is to be placed on the Master Port Bus during output. MDS and $\underline{\text{MAS}}$ are mutually exclusive; if they both go active simultaneously, the DCP is reset to ECB mode and all flags go inactive. | | MR/W | 31 | _ | 28 | | Master Port Read/Write: (For CA95C18) This input signal indicates to the DCP whether the current Master Port operation is a read (HIGH) where data is transferred from the device, or a write (LOW) where data is stored to an internal register. MR/W is not latched internally and must be held stable while MDS is LOW. | Table 2 : Pin Description Cont'd | Symbol | - | in<br>CC | Pin<br>PDIP | TYPE | Name and Function | | | | | |--------------------------------------|--------------|--------------|--------------|------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--| | | 95C68/18 | 95C09 | PUIP | | | | | | | | MRD_<br>MDS | 29 | _ | _ | | Master Port Read or Master Port Data Strobe: (For CA95C09) When the OPTION pin is HIGH this input functions as MRD. When the OPTION pin is LOW this input functions as MDS. (See appropriate pin description). | | | | | | MALE_<br>MAS | 30 | _ | | l | Master Port Address Latch Enable or Master Port Address Strob (For CA95C09) When the OPTION pin is HIGH this input functions a MALE and when OPTION is LOW it functions as MAS. (See the appropriate pin description). | | | | | | MWR_<br>MR/W | 31 | _ | - | - | Master Port Write or Master Port Read/Write: (For CA95C09) When the OPTION pin is HIGH this input functions as MWR and when OPTION is LOW it functions as MR/W. (See the appropriate pin description). | | | | | | MFLG | 17 | . 17 | 15 | 0 | Master Port Flag: This active LOW flag indicates the need for a data transfer into or out of the Master Port during normal ciphering operation. The Master Port will be associated with either the Input or Output Register depending upon the setting of the control bits in the Mode Register (See Register Description). If data is to be transferred through the Master Port to the Input Register, then MFLG reflects the contents of the Input Register. After any Start command is entered, MFLG will go active (LOW) whenever the Input Register is not full. MFLG is forced HIGH by any command other than a Start. Conversely, if the Master Port is associated with the Output Register, MFLG reflects the contents of the Output Register (except in Single Port configuration; see Functional Description). Whenever the Output Register is not empty MFLG will be active (LOW). In Single Port Mode of operation, the Master Port Flag reflects the contents of the Input Register, while the Slave Port Flag (SFLG, see below) is associated with the Output Register. | | | | | | SP <sub>7</sub> -<br>SP <sub>0</sub> | 40-43<br>5-2 | 40-43<br>6-3 | 36-39<br>5-2 | 1/0 | Slave Port Bus: This 8 bit bi-directional data bus provides a second input/output interface to the DCP, allowing overlapped input, ciphering and output operations. The tri-state Slave Port will be accessed only when the Mode Register is configured for Dual Port operation, Slave Port Chip Select (SCS) and Slave Port Data Strobe (SDS) are both LOW and SFLG=0. Data entered or retrieved through this port is the most significant byte in/out first (SP7 is the most significant bit). | | | | | | scs | 33 | 33 | 30 | 1 | Slave Port Chip Select: This active LOW signal is logically combined with the Slave Port Data Strobe (SDS) to facilitate Slave Port data transfers in a bus environment. SCS is not latched internally, and may be tied permanently LOW without impairing Slave Port operation. | | | | | | SDS | 32 | 32 | 29 | ' | Slave Port Data Strobe: This active LOW input, in conjunction with Slave Port Chip Select (SCS) LOW indicates to the DCP that valid data is on the SP <sub>7</sub> -SP <sub>0</sub> lines for an input operation, or that data is to be driven onto SP <sub>7</sub> -SP <sub>0</sub> lines for output. The direction of data flow is determined by control bits in the Mode Register. (See Register Description). | | | | | Table 2 : Pin Description Cont'd | Symbol | Pi<br>PL | | Pin | TYPE | Name and Function | |----------------------------------------|---------------|---------------|--------------|------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | | 95C68/18 | 95C09 | PDIP | | 2 2 | | SFLG | 34 | 35 | 31 | 0 | Slave Port Flag: This active LOW output indicates the state of either the Input Register or the Output Register, depending on the Mode Register configuration. In Single Port Configuration, SFLG will go active whenever the Output Register is not empty during normal processing. In Dual Port Configuration, SFLG will reflect the content of whichever register is associated with the Slave Port. If the Input Register is assigned to the Slave Port, SFLG will go active whenever the Input Register is not full, once any of the Start commands has been entered; SFLG will be forced inactive if any other command is entered. Conversely, if the Slave Port is assigned to the Output Register, SFLG will go active whenever the Output Register is not empty. | | AUX <sub>7</sub> –<br>AUX <sub>0</sub> | 35-38<br>10-7 | 36-39<br>10-7 | 32-35<br>9-6 | 1/0 | Auxiliary Port Bus: In Multiplexed Control Mode (C/ $\overline{K}$ LOW), these eight lines form a key byte input port which may be used to enter the Master and Session Keys. The Master Key can only be entered through this port but Session Keys may alternatively be entered via the Master Port. AUX0 is the low-order bit, and is considered to be the parity bit in key bytes. The most significant byte of the key is entered first. When the DCP is operated in Direct Control Mode, (C/ $\overline{K}$ HIGH), the Auxiliary Port's key-entry function is disabled and five of the eight lines become direct control/status lines for interfacing to high-speed microprogrammed controllers. In this case, AUX0, AUX1 and AUX4 have no function (they may be tied HIGH) and the other pins are defined on the following pages. | | AUX <sub>5</sub> –<br>S/S | 37 | 38 | 34 | [ | <b>Start/Stop</b> : In Direct Control Mode, when this pin goes LOW (Stop) the DCP will follow the sequence that would normally occur when a Stop Command is entered. Conversely, when this input goes HIGH, a sequence equivalent to a Start Encryption or Start Decryption command will be followed. At the time AUX <sub>5</sub> -S/S goes HIGH, the level on AUX <sub>6</sub> -E/D selects either the Start Encryption or Start Decryption ciphering operation. | | AUX <sub>6</sub> –<br>E/D | 36 | 37 | 33 | l | Encrypt/Decrypt: In Direct Control Mode, this input specifies whether the ciphering algorithm is to encrypt (E/D HIGH) or decrypt (E/D LOW) when AUX $_5$ -S/S goes HIGH to initiate a normal data ciphering operation. When AUX $_7$ -K/D goes HIGH, initiating entry of key bytes, the level on AUX $_6$ -E/D specifies whether the bytes are to be written into the E Key Register (E/D HIGH) or the D Key Register (E/D LOW). The AUX $_6$ -E/D input is not latched internally, and must be held constant whenever one or more of AUX $_5$ -S/S, AUX $_7$ -K/D, AUX $_2$ -BSY, or AUX $_3$ -CP are active. Corrupted data in the internal registers will occur if the proper level on AUX $_6$ -E/D is not maintained during loading or ciphering operations. | Table 2 : Pin Description Cont'd | Symbol | Pin<br>PLCC | | Pin<br>PDIP | TYPE | Name and Function | | | | | | |---------------------------|-------------|-------|-------------|------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--|--| | | 95C68/18 | 95C09 | FUIF | | | | | | | | | AUX <sub>7</sub> –<br>K/D | 35 | 36 | 32 | ı | <b>Key/Data:</b> In Direct Control Mode, when this signal goes HIGH, the DCP initiates a key-data input sequence as if a Clear E (or D) Key through the Master Port command had been entered. The level on $AUX_5$ -E/D will determine whether the subsequently entered clear-key bytes are written into the E Key Register (E/D HIGH) or the D Key Register (E/D LOW). $AUX_7$ -K/D and $AUX_5$ -S/S are mutually exclusive control lines. When one goes active HIGH, the other must be inactive (LOW) and remain in this state until the first signal returns to an inactive state. Whenever a transition occurs on C/K (switching between Direct Control Mode and Multiplexed Control Mode) both of these signals must be inactive (LOW). | | | | | | | AUX <sub>2</sub> –<br>BSY | 9 | 9 | . 8 | 0 | <b>Busy:</b> In Direct Control Mode, this active LOW status output gives a hardware indication that BSY the ciphering algorithm is in operation. This status line is driven by the BSY bit in the Status Register, such that when the BSY bit is "1" (active), AUX <sub>2</sub> -BSY is LOW. | | | | | | | AUX <sub>3</sub> – | 10 | 10 | 9 | 0 | Command Pending: In Direct Control Mode, this active LOW status output gives a hardware indication that the DCP is ready to accept input of key bytes following a LOW-to-HIGH transition on AUX <sub>7</sub> -K/D. This signal line is driven by the $\overline{CP}$ bit in the Status Register, such that when the $\overline{CP}$ bit is "1" (active), AUX <sub>3</sub> - $\overline{CP}$ is LOW. | | | | | | | ASTB | 12 | 13 | 11 | į | Auxiliary Port Strobe: The rising edge of ASTB strobes the key-data on pins AUX <sub>7</sub> -AUX <sub>0</sub> into the appropriate internal key register in Multiplexed Control Mode (C/K LOW). This input is ignored unless AFLG and C/K are both LOW. One byte of key-data (most significant byte first) is entered on each ASTB. | | | | | | Table 2 : Pin Description<sup>Cont'd</sup> | | | n<br>CC | Pin<br>PDIP | TYPE | Name and Function | |-----------------|----------|-----------------|-------------|------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | | 95C68/18 | 95C09 | PUIF | | | | ĀFLĢ | 11 | 11 | 10 | 0 | Auxiliary Port Flag: This active LOW output signal indicates that the DCP is expecting key-data to be entered on the Auxiliary Port Bus. This can occur only when C/K is LOW (Multiplexed Control Mode) and a Load Key Through AUX Port command has been entered. AFLG will remain active (LOW) during input of all eight bytes, and will go inactive with the falling edge of the eighth ASTB. | | PAR | 13 | 14 | 12 | 0 | Parity: The DCP checks all key bytes for correct (odd) parity as they are entered through either the Master Port (Multiplexed or Direct Control Mode) or the Auxiliary Port (Multiplexed Control Mode only). If any key byte contains even parity, the PAR bit in the Status Register is set to a "1" and PAR goes active (LOW). (See Parity Checking of Keys.). The parity bit is the least significant bit of the key byte. | | OPTION | _ | 1 | _ | l | Option: (For CA95C09) This input allows the user to configure the Master Port Control interface to function as either a CA95C68 or a CA95C18. When the OPTION pin is tied to $V_{DD}$ , the device will function with the interface of a CA95C68. Conversely, tying the OPTION pin to $V_{SS}$ will cause the DCP to function as a CA95C18. This OPTION pin must be tied to either $V_{SS}$ or $V_{DD}$ , or erratic operation of the device will occur. The CA95C09 DCP will perform identically to the CA95C68 or the CA95C18 (depending on the OPTION pin) with the only difference being the order of the signal names on the device package. | | V <sub>DD</sub> | 44 | 44,22 | 40 | PWR | Power Supply: +5 Volts. | | V <sub>SS</sub> | 1, 22 | 2, 12<br>23, 34 | 1, 20 | GND | Ground: 0 Volts. | Table 3a : AC Characteristics (T<sub>A</sub> = 0 to 70°C, $V_{DD}$ = +5.0V ±10%, $V_{SS}$ = 0V) | Number | Description | |-----------------|----------------------------------------------------------------------------------------------------------------------------| | Clock | | | t <sub>1</sub> | CLK Width HIGH (twh) | | t <sub>2</sub> | CLK Width LOW (t <sub>WL</sub> ) | | t <sub>3</sub> | CLK HIGH to Next Clock HIGH (Clock Cycle, t <sub>C</sub> ) | | Reset | | | t <sub>5</sub> | MRD • MWR LOW to MRD • MWR HIGH (Reset Pulse Width), (Note 11) | | Direct Contr | ol Mode | | t <sub>9</sub> | S/S LOW to C/K HIGH (Setup), (Note 11) | | t <sub>10</sub> | K/D LOW to C/K HIGH (Setup), (Note 11) | | t <sub>11</sub> | C/K HIGH to S/S HIGH (Note 11) | | t <sub>12</sub> | C/K HIGH to K/D HIGH (Note 11) | | t <sub>14</sub> | E/D VALID to K/D HIGH (Setup) (Note 11) | | t <sub>15</sub> | K/D HIGH • CLK ↓ to CP LOW | | t <sub>17</sub> | K/D LOW to E/D INVALID (Hold), (Note 11) | | t <sub>19</sub> | CLK LOW to S/S VALID (Note 10) | | t <sub>20</sub> | E/D VALID to S/S HIGH (Setup), (Note 11) | | t <sub>21</sub> | S/S HIGH • CLK ↓ to MFLG (SFLG) LOW (Port Input Flag) | | t <sub>22</sub> | CLK LOW to MFLG (SFLG) LOW (Port Input Flag) (Note 2) | | t <sub>24</sub> | CLK LOW to BSY LOW | | t <sub>25</sub> | CLK LOW to BSY HIGH | | t <sub>27</sub> | CLK LOW to MFLG (SFLG) LOW (Port Output Flag) | | t <sub>28</sub> | S/S LOW • CLK ↓ to MFLG (SFLG) HIGH (Port Input Flag), (Note 3) | | Multiplexed ( | Control Mode - Master Port | | t <sub>32</sub> | For CA95C68: MALE Width (HIGH) For CA95C18: MAS Width (LOW) | | t <sub>34</sub> | For CA95C68: MCS LOW to MALE LOW (Setup) For CA95C18: MCS LOW to MAS HIGH (Setup) | | t <sub>35</sub> | For CA95C68: MALE LOW to MCS HIGH (Hold) For CA95C18: MAS HIGH to MCS HIGH (Hold) | | t <sub>36</sub> | For CA95C68: Address INVALID to MALE LOW (Address Setup Time For CA95C18: Address INVALID to MAS HIGH (Address Setup Time) | | t <sub>37</sub> | For CA95C68: MALE LOW to Address INVALID (Address Hold Time) For CA95C18: MAS HIGH to Address INVALID (Address Hold Time) | Table 3b : AC Characteristics (T<sub>A</sub> = 0 to 70°C, V<sub>DD</sub> = +5.0V $\pm 10\%$ , V<sub>SS</sub> = 0V) | Number | 5 MHz | 5 MHz Limits | | 10 MHz Limits | | z Limits | 20 MHz | Limits | 25 MH: | z Limits | 11-24- | |-----------------|-----------------|-----------------|-----------------|-------------------|-----------------|-------------|-----------------|----------|-----------------|-------------|--------------| | | Min | Max | Min | Max | Min | Max | Min | Max | Min | Max | Units | | Clock | | | | | | <del></del> | L | <u> </u> | | .1 | 1, | | t <sub>1</sub> | 85 | _ | 40 | _ | 27 | _ | 20 | _ | 17 | _ | ns | | $t_2$ | 85 | _ | 40 | _ | 27 | <u> </u> | 20 | _ | 17 | - | ns | | t <sub>3</sub> | 200 | _ | 100 | - | 62.5 | T - | 50 | _ | 40 | _ | ns | | Reset | | | | | | - | | | <del></del> | <del></del> | <del> </del> | | t <sub>5</sub> | tc | _ | tc | _ | tc | - | tc | - | tc | - | ns | | Direct Contro | ol Mode | | | | | · | | | | | <u> </u> | | tg | tc | _ | tc | _ | tc | T - | tc | - | tc | _ | ns | | t <sub>10</sub> | tc | _ | tc | _ | t <sub>C</sub> | - | t <sub>C</sub> | - | tc | _ | ns | | t <sub>11</sub> | 2t <sub>C</sub> | _ | 2t <sub>C</sub> | - | 2t <sub>C</sub> | _ | 2t <sub>C</sub> | - | 2t <sub>C</sub> | _ | ns | | t <sub>12</sub> | 2t <sub>C</sub> | - | 2t <sub>C</sub> | _ | 2t <sub>C</sub> | - | 2t <sub>C</sub> | - | 2t <sub>C</sub> | - | ns | | t <sub>14</sub> | t <sub>C</sub> | - | tc | _ | tc | _ | t <sub>C</sub> | <u> </u> | tc | - | ns | | t <sub>15</sub> | _ | 75 | _ | 50 | - | 25 | _ | 20 | _ | 15 | ns | | t <sub>17</sub> | tc | - | tc | _ | t <sub>C</sub> | - | tc | - | t <sub>C</sub> | - | ns | | t <sub>19</sub> | 0 | t <sub>WL</sub> | 0 | t <sub>WL</sub> | 0 | twL | 0 | twL | 0 | twL | ns | | t <sub>20</sub> | tc | _ | tc | - | tc | _ | t <sub>C</sub> | _ | tc | - | ns | | t <sub>21</sub> | - | 75 | - | 50 | _ | 25 | _ | 20 | _ | 15 | ns | | t <sub>22</sub> | - | 75 | - | 50 | _ | 25 | _ | 20 | - | 15 | ns | | t <sub>24</sub> | - | 75 | - | 50 | _ | 25 | - | 20 | _ | 15 | ns | | t <sub>25</sub> | - | 75 | i - | 50 | _ | 25 | - | 20 | - | 15 | ns | | t <sub>27</sub> | - | 75 | - | 50 | _ | 25 | - | 20 | - | 15 | ns | | t <sub>28</sub> | - | 75 | _ | 50 | _ | 25 | _ | 20 | _ | 15 | ns | | Multiplexed ( | Control M | ode - Ma | ster Port | | | | | | | | | | t <sub>32</sub> | 75<br>75 | - | 50<br>50 | - | 30<br>30 | - | 20<br>20 | - | 15<br>15 | | ns<br>ns | | t <sub>34</sub> | 25<br>25 | - | 15<br>15 | - | 5<br>5 | - | 0 | - | 0 | - | ns<br>ns | | t <sub>35</sub> | 35<br>35 | <del>-</del> | 30<br>30 | <del>-</del><br>- | 20<br>20 | _ | 15<br>15 | - | 15<br>15 | - | ns<br>ns | | t <sub>36</sub> | 35<br>35 | - | 30<br>30 | _ | 20<br>20 | - | 15<br>15 | - | 15<br>15 | - | ns<br>ns | | t <sub>37</sub> | 35<br>35 | - | 30<br>30 | -<br>- | 20<br>20 | - | 15<br>15 | <u>-</u> | 15<br>15 | - | ns<br>ns | Table 3a : AC Characteristics (T<sub>A</sub> = 0 to 70°C, $V_{DD}$ = +5.0V $\pm 10\%$ , $V_{SS}$ = 0V) $^{Cont'd}$ | Number | Description | | | | | | | | | | | |-----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--|--|--|--|--|--|--| | Master/Slave | Port Read/Write | | | | | | | | | | | | t <sub>40</sub> | For CA95C68: MCS LOW to MRD, MWR LOW (Select Setup), (Note 4) For CA95C18: MCS LOW to MDS LOW (Select Setup), (Note 4) For CA95C68/18: SCS LOW to SDS LOW (Select Setup), (Note 4) | | | | | | | | | | | | t <sub>41</sub> | For CA95C68: MRD, MWR HIGH to MCS HIGH (Select Hold), (Note 4) For CA95C18: MDS HIGH to MCS HIGH (Select Hold), (Note 4) For CA95C68/18: SDS HIGH to SCS HIGH (Select Hold), (Note 4) | | | | | | | | | | | | t <sub>42</sub> | MR/W VALID to MDS LOW (Setup) | | | | | | | | | | | | t <sub>43</sub> | MDS HIGH to MR/W INVALID (Hold) | | | | | | | | | | | | t <sub>44</sub> | For CA95C68: MRD, MRW LOW to MRD, MRW HIGH (Width-Write, Read) For CA95C18: MDS LOW to MDS HIGH (Width-Write, Read) For CA95C68/18: SDS LOW to SDS HIGH (Read, Write) | | | | | | | | | | | | t <sub>45</sub> | For CA95C68: CLK LOW to MRD, MWR HIGH (Note 10) For CA95C18: CLK LOW to MDS HIGH (Note 10) For CA95C68/18: CLK LOW to SDS HIGH (Note 10) | | | | | | | | | | | | t <sub>46</sub> | For CA95C68: MRD, MWR HIGH to MRD, MWR LOW (Data Strobe Recovery Time) For CA95C18: MDS HIGH to MDS LOW (Data Strobe Recovery Time) For CA95C68/18: SDS HIGH to SDS LOW (Data Strobe Recovery Time) | | | | | | | | | | | | t <sub>47</sub> | For CA95C68: Write Data VALID to MWR (SDS) HIGH (Write Setup Time) For CA95C18: Write Data VALID to MDS (SDS) HIGH (Write Setup Time) | | | | | | | | | | | | t <sub>48</sub> | For CA95C68: MWR HIGH to Write Data INVALID (Hold Time) For CA95C18: MDS HIGH to Write Data INVALID (Hold Time) For CA95C68/18: SDS HIGH to Write Data INVALID (Hold Time) | | | | | | | | | | | | t <sub>49</sub> | For CA95C68: MRD LOW to Read Data VALID (Read Access Time) For CA95C18: MDS LOW to Read Data VALID (Read Access Time) For CA95C68/18: SDS LOW to Read Data VALID (Read Access Time) | | | | | | | | | | | | t <sub>50</sub> | For CA95C68: MRD (SDS) HIGH to Read Data INVALID (Hold Time) For CA95C18: MRD (SDS) HIGH to Read Data INVALID (Hold Time) | | | | | | | | | | | | t <sub>51</sub> | For CA95C68: MRD, MWR LOW • CLK ↓ to MFLG (SFLG) HIGH (Last Strobe), (Note 5) For CA95C18: MDS LOW • CLK ↓ to MFLG (SFLG) HIGH (Last Strobe), (Note 5) | | | | | | | | | | | | t <sub>52</sub> | For CA95C68: MWR HIGH • CLK ↓ to CP HIGH (Note 4,11), (Last Strobe-Key Load) For CA95C18: MDS HIGH • CLK ↓ to CP HIGH (Note 4,11), (Last Strobe-Key Load) | | | | | | | | | | | | t <sub>53</sub> | For CA95C68: MRD, MWR (SDS) HIGH to S/S LOW (Hold Time) (Note 11) For CA95C18: MDS (SDS) HIGH to S/S LOW (Hold Time) (Note 11) | | | | | | | | | | | | t <sub>54</sub> | For CA95C68: MWR HIGH • CLK ↓ to PAR VALID (Key Write) For CA95C18: MDS HIGH • CLK ↓ to PAR VALID (Key Write) | | | | | | | | | | | | t <sub>57</sub> | MRD, MWR HIGH to MALE HIGH | | | | | | | | | | | | t <sub>58</sub> | MALE LOW to MRD, MWR LOW | | | | | | | | | | | | t <sub>59</sub> | Address Valid to MRD, MWR LOW (to guarantee t <sub>49</sub> ) | | | | | | | | | | | | t <sub>60</sub> | MALE HIGH to MRD, MWR LOW | | | | | | | | | | | Table 3b : AC Characteristics (T<sub>A</sub> = 0 to 70°C, $V_{DD}$ = +5.0V ±10%, $V_{SS}$ = 0V) $^{Cont'd}$ | Number | 5 MHz | Limits | 10 MHz Limits | | 16 MHz Limits | | 20 MHz Limits | | 25 MHz Limits | | Unito | |-----------------|-----------------|--------------------|-----------------|--------------------|-----------------|--------------------|-----------------|--------------------|-----------------|--------------------|-------| | | Min | Max | Min | Max | Min | Max | Min | Max | Min | Max | Units | | Master/Slave | Port Rea | ad/Write | 1 | | | <u> </u> | 1 | l | l | 1 | | | | 35 | _ | 30 | - | 20 | _ | 15 | T | 15 | T - | ns | | t <sub>40</sub> | 35 | _ | 30 | | 20 | _ | 15 | _ | 15 | _ | ns | | 40 | 35 | _ | 30 | _ | 20 | _ | 15 | _ | 15 | _ | ns | | | 35 | _ | 30 | _ | 20 | _ | 15 | _ | 15 | | ns | | t <sub>41</sub> | 35 | _ | 30 | _ | 20 | _ | 15 | _ | 15 | <u>-</u> | ns | | 71 | 35 | - | 30 | _ | 20 | _ | 15 | _ | 15 | · – | ns | | t <sub>42</sub> | 35 | <del>-</del> | 30 | _ | 20 | - | 15 | <del> </del> | 15 | | ns | | t <sub>43</sub> | 35 | _ | 30 | _ | 20 | - | 15 | _ | 15 | _ | ns | | | 140 | _ | 70 | _ | 45 | | 35 | _ | 30 | - | ns | | t <sub>44</sub> | 140 | _ | 70 | _ | 45 | _ | 35 | _ | 30 | _ | ns | | <del></del> | 140 | _ | 70 | - | 45 | _ | 35 | _ | 30 | _ | ns | | | 0 | twL | 0 | twL | 0 | twL | 0 | t <sub>WL</sub> | 0 | twL | ns | | t <sub>45</sub> | 0 | twL | 0 | twL | 0 | twL | 0 | twL | 0 | twL | ns | | | 0 | twL | 0 | twL | 0 | twL | 0 | twL | 0 | twL | ns | | | 160 | - | 80 | | 50 | | 40 | <u> </u> | 35 | - | ns | | t <sub>46</sub> | 160 | - | 80 | _ | 50 | - | 40 | _ | 35 | _ | ns | | | 160 | - | 80 | - | 50 | - | 40 | _ | 35 | - | ns | | • | 80 | _ | 40 | - | 30 | - | 25 | - | 20 | _ | ns | | t <sub>47</sub> | 80 | - | 40 | _ | 30 | _ | 25 | - | 20 | - | ns | | | 5 | - | 5 | - | 0 | _ | 0 | - | 0 | - | ns | | t <sub>48</sub> | 5 | - | 5 | - | 0 | - | 0 | - | 0 | - | ns | | | 5 | _ | 5 | _ | 0 | _ | 0 | _ | 0 | _ | ns | | - | - | 150 | - | 75 | - | 45 | - | 35 | _ | 30 | ns | | t <sub>49</sub> | - | 150 | - | 75 | _ | 45 | _ | 35 | _ | 30 | ns | | | - | 150 | - | 75 | | 45 | | 35 | _ | 30 | ns | | t <sub>50</sub> | 10 | - | 10 | _ | 5 | - | 5 | - | 5 | - | ns | | | 10 | | 10 | | 5 | _ | 5 | - | 5 | - | ns | | t <sub>51</sub> | - | 75 | - | 50 | _ | 25 | - | 20 | - | 15 | ns | | 101 | - | 75 | - | 50 | - | 25 | - | 20 | | 15 | ns | | t <sub>52</sub> | - | t <sub>C</sub> +75 | _ | t <sub>C</sub> +50 | - | t <sub>C</sub> +25 | _ | t <sub>C</sub> +20 | _ | t <sub>C</sub> +15 | ns | | <b>`52</b> | _ | t <sub>C</sub> +75 | | t <sub>C</sub> +50 | _ | t <sub>C</sub> +25 | _ | t <sub>C</sub> +20 | - | t <sub>C</sub> +15 | ns | | t | 2t <sub>C</sub> | - | 2t <sub>C</sub> | _ | 2t <sub>C</sub> | _ | 2t <sub>C</sub> | _ | 2t <sub>C</sub> | - | ns | | t <sub>53</sub> | 2t <sub>C</sub> | _ | 2t <sub>C</sub> | _ | 2t <sub>C</sub> | - | 2t <sub>C</sub> | _ | 2t <sub>C</sub> | _ | ns | | t | - | 75 | - | 50 | - | 25 | - | 20 | - | 15 | ns | | t <sub>54</sub> | _ | 75 | - | 50 | _ | 25 | - | 20 | - | 15 | ns | | t <sub>57</sub> | 140 | - | 70 | - | 45 | - | 35 | _ | 30 | _ | ns | | t <sub>58</sub> | 90 | - | 50 | - | 30 | - | 25 | - | 20 | _ | пѕ | | t <sub>59</sub> | 130 | - | 70 | - | 45 | - | 35 | _ | 30 | - | ns | | t <sub>60</sub> | 200 | | 100 | _ | 62.5 | _ | 50 | | 40 | - | ns | Table 3a : AC Characteristics (T<sub>A</sub> = 0 to 70°C, $V_{DD}$ = +5.0V $\pm 10\%$ , $V_{SS}$ = 0V) <sup>Cont'd</sup> | Number | Description | | | | | | | |--------------------------|--------------------------------------------------|--|--|--|--|--|--| | Auxiliary Port Key Entry | | | | | | | | | t <sub>61</sub> | ASTB LOW to ASTB HIGH (Width) | | | | | | | | t <sub>62</sub> | CLK LOW to ASTB HIGH (Note 10) | | | | | | | | t <sub>63</sub> | ASTB HIGH to Next ASTB LOW (Recovery Time) | | | | | | | | t <sub>64</sub> | Write-Data VALID to ASTB HIGH (Data Setup Time) | | | | | | | | t <sub>65</sub> | ASTB HIGH to Write-Data INVALID (Data Hold Time) | | | | | | | | t <sub>66</sub> | ASTB HIGH • CLK ↓ to PAR VALID | | | | | | | | t <sub>67</sub> | ASTB LOW • CLK ↓ to AFLG HIGH (Last Strobe) | | | | | | | Table 3b : AC Characteristics (T<sub>A</sub> = 0 to 70°C, $V_{DD}$ = +5.0V ±10%, $V_{SS}$ = 0V) Cont'd | Marina | 5 MHz Limits | | 10 MHz Limits | | 16 MHz Limits | | 20 MHz Limits | | 25 MHz Limits | | Unite | |-----------------|----------------|-----------------|---------------|-----|---------------|-----------------|---------------|-----------------|---------------|-----|-------| | Number | Min | Max | Min | Max | Min | Max | Min | Max | Min | Max | Units | | Auxiliary Por | t Key Ent | ry | <b></b> | l | | J | <u> </u> | | | | ' | | t <sub>61</sub> | 140 | _ | 70 | - | 45 | - | 35 | _ | 30 | _ | ns | | t <sub>62</sub> | 0 | t <sub>WL</sub> | 0 | twL | 0 | t <sub>WL</sub> | 0 | t <sub>WL</sub> | 0 | twL | ns | | t <sub>63</sub> | 160 | _ | 80 | _ | 50 | - | 40 | - | 35 | _ | ns | | t <sub>64</sub> | 80 | _ | 40 | - | 30 | - | 25 | _ | 20 | - | ns | | t <sub>65</sub> | 5 | - | 5 | _ | 0 | - | 0 | - | 0 | - | ns | | t <sub>66</sub> | <del> </del> - | 75 | - | 50 | - | 25 | - | 20 | _ | 15 | ns | | t <sub>67</sub> | - | 75 | - | 50 | - | 25 | _ | 20 | - | 15 | ns | #### Notes: - 1. All input transition times assumed <5ns, except clock which is <3ns (for 25 MHz timing). - 2. Parameter $t_{22}$ applies to all input blocks except the first (when $S/\overline{S}$ first goes HIGH). - 3. When S/S goes inactive (LOW) in direct control mode, the flag associated with the input port will turn off. - Direct control mode only. - 5. In Cipher Feedback, the Port Flag (MFLG or SFLG) will go inactive following the leading edge of the first data strobe (MRD, MWR or SDS); in all other modes and operations, the flags go inactive on the eighth data strobe. - 6. Do not remove K/D until CP is inactive (HIGH). - 7. Do not change E/D until MFLG (SFLG) is inactive (HIGH). - 8. In Cipher Feedback, BSY must be inactive (HIGH) before S/S goes inactive (LOW). - 9. AFLG must go active (LOW) before ASTB goes active (LOW). - 10. $t_{WL}$ is the clock width LOW (number $t_2$ ). - 11. t<sub>C</sub> is the clock cycle time (number t<sub>3</sub>). - 12. All output timing specifications reflect the following: High output 2.0V, Low output 0.8V. - 13. All output timings assume C<sub>LOAD</sub> = 50pF. Figure 7: CA95C68/18 Clock and Reset Timing Figure 8 : CA95C68/18 Control and Status Signals Timing (Direct Control Mode) Figure 9 : CA95C68 Master Port, Multiplexed Control Mode Read/Write Timing Figure 10 : CA95C68 Master (Slave) Port Read/Write Timing Figure 11 : CA95C68/18 Auxiliary-Port Key Entry Tilming Figure 12 : CA95C18 Master Port, Multiplexed Control Mode, Read/Write Timing Figure 13 : CA95C18 Master (Slave) Port Read/Write Timing Table 4 : DC Characteristics ( $T_A = 0$ to $70^{\circ}$ C, $V_{DD} = +5.0V \pm 10\%$ , $V_{SS} = 0V$ ) | 0 | | Test | Lir | Units | | | |-------------------|------------------------------------|------------------------------------------------------------------|-------|-----------------|--------|--| | Symbol | Parameter | Conditions | Min | Max | - Omis | | | I <sub>1</sub> L | Input leakage current | $0 \text{ V} \leq V_{\text{IN}} \leq V_{\text{DD}}$ | -1.0 | +1.0 | μА | | | loz | Output leakage current | $0 \text{ V} \leq V_{1N} \leq V_{DD}$ | -10.0 | +10.0 | μА | | | IDDOP | Operating supply current | - | _ | 3.0 | mA/MHz | | | I <sub>DDSB</sub> | Standby supply current | $V_{IN} = V_{DD}$ or $V_{SS}$<br>$V_{DD} = 5.50V$ , Outputs open | - | 10.0 | μА | | | V <sub>IL</sub> | Input low voltage | Note 2 | -0.5 | 0.8 | V | | | V <sub>IH</sub> | Input high voltage | Note 2 | 2.0 | V <sub>DD</sub> | V | | | V <sub>TL</sub> | Schmitt trigger input low voltage | Note 1 | -0.5 | 0.8 | V | | | V <sub>TH</sub> | Schmitt trigger input high voltage | Note 1 | 2.3 | V <sub>DD</sub> | V | | | V <sub>HY</sub> | Schmitt trigger hysteresis | Note 1 | 0.4 | <u> </u> | V | | | V <sub>OL</sub> | Output low voltage | I <sub>OL</sub> = 4.0mA | - | 0.4 | V | | | V <sub>OH</sub> | Output high voltage | I <sub>OL</sub> = -4.0mA | 2.4 | _ | V | | #### Note: 1. Applies to the following inputs: For CA95C68: CLK, C/K, MCS, MRD, MWR, MALE, SCS, SDS, ASTB. For CA95C18: CLK, C/K, MCS, MAS, MDS, MR/W, SCS, SDS, ASTB. For CA95C09: CLK, DCM, MCS, MRD\_MDS, MALE\_MAS, MWR\_MR/W, SCS, SDS, ASTB, OPTION. 2. Applies to the following inputs: MP<sub>7-0</sub>, SP<sub>7-0</sub>, AUX<sub>7-0</sub>. Table 5: Recommended Operating Conditions | DC Supply Voltage (V <sub>DD</sub> ) | +4.5V to +5.5V | | |-----------------------------------------------------------|----------------|--| | Power Dissipation (P <sub>DD</sub> ), (Note 1) | 1 W | | | Ambient Operating Temperature (T <sub>A</sub> Commercial) | 0 to 70° C | | ## Note: The power dissipation figure is based on typical internal logic dissipation plus the worst case set of outures simultaneously active with maximum rated loads. Table 6: Absolute Maximum Ratings | DC Supply Voltage (V <sub>DD</sub> ) | -0.3 to +7.0V | | |--------------------------------------------------|----------------|--| | Input Voltage (V <sub>IN</sub> ) | -0.3 to +7.0V | | | DC Input Current (I <sub>IN</sub> ) | -10 to +10 mA | | | Storage Temperature, plastic (T <sub>STG</sub> ) | -65° to +150°C | | Stresses beyond those listed above may cause permanent damage to the device. These are stress ratings only, and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of this specification is not implied. Exposure to maximum rating conditions for extended periods may affect device reliability. #### **FUNCTIONAL DESCRIPTION** The design of the DCP, as shown in Figure 1 is optimized for high data throughput. The cryptography key bytes can be written through both the Auxiliary and Master Ports. Three 56-bit, write-only key registers are provided for the Master (M) Key, the Encryption (E) Key and the Decryption (D) Key. Parity checking is provided on each incoming key byte. Two 64-bit registers are provided for the initialization Vectors (IVE and IVD) required for chained (feedback) ciphering modes. Clear and cipher data bytes can be transferred through both the Master and Slave Ports to the Input Register; conversely, data can be transferred from the Output Register to either port. Four 8-bit registers (Mode, Command, Status and Mask) are accessible through the Master Port for interfacing to a host microprocessor. #### Algorithm Processing The DCP's Algorithm Processing Unit (see Figure 1) is designed to encrypt and decrypt data according to the National Bureau of Standards Data Encryption Standard (DES), as specified in Federal Information Processing Standards Publication FIPS PUB 46 (1-15-1977). The DES specifies a method for encrypting 64-bit blocks of clear data (plain text) into corresponding 64-bit blocks of cipher text. The DCP offers four ciphering methods: Electronic Code Book (ECB), Cipher Block Chaining (CBC), one (CFB-1) and eight bit Cipher Feedback (CFB-8). Electronic Code Block (ECB) is a straightforward implementation of the DES algorithm; 64 bits of clear data in, 64 bits of cipher text out, with no cryptographic dependence between blocks. Cipher Block Chaining (CBC) also operates on blocks of 64 bits, but includes a feedback step which chains consecutive blocks so that repetitive data in the plain text (such as ASCII blanks) does not yield identical cipher text. CBC also provides an error extension characteristic which protects against fraudulent data insertions and deletions. Cipher Feedback is an additive stream cipher method in which the DES generates a pseudo random binary stream which is then exclusive-OR'd with the clear text to form the cipher text. The cipher text is then fed back to form a portion of the next DES input block. The DCP implements both 1-bit and 8-bit cipher feedback which is useful for low speed bit and byte oriented serial communications. ## Multiple Key Registers The DCP provides the necessary registers to implement a multiple-key system. In such an arrangement, a single Master Key, stored in the DCP M Key Register, is used only to encrypt session keys for transmission to remote DES equipment, and to decrypt session keys received from such equipment. The M Key Register may only be loaded with plain text through the Auxiliary Port, using the Load Clear M Key command. In addition to the Master Key Register, the DCP contains two Session Key Registers; the E Key Register, used to encrypt clear text, and the D Key Register, used to decrypt cipher text. All three registers are loaded by writing commands through the Master Port (Multiplexed Control Mode) into the Command Register, and then writing the eight bytes of key data to the port when the Command Pending bit = "1" in the Status Register (see Command Description Section). #### Operating Modes: Multiplexed Control vs. Direct Control The DCP can be operated in either of two basic interfacing modes, determined by the logic level on the C/K input pin. In Multiplexed Control Mode (C/K LOW), the DCP is internally connected to allow a host CPU to directly address six internal (Mode, Command, Status, Mask, Input, Output) registers and thereby control the device by writing and reading these registers. In Multiplexed Control Mode, the Auxiliary Port is also enabled for entering keys. If the logic level of $C/\overline{K}$ is brought HIGH, the DCP enters Direct Control Mode, and the Auxiliary Port pins are converted into direct hardware control or status signals that are capable of instructing the DCP to perform a functionally complete subset of its cipher processing at very high throughputs. This operating mode is especially well suited for ciphering data for high-speed peripheral devices. #### Initialization The DCP can be reset in several ways: - 1. By the "Software Reset" command, - 2. By a hardware reset: (CA95C68) Assertion of MRD and MWR LOW simultaneously for 1 clock cycle, (CA95C18) Assertion of MAS and MDS LOW simultaneously for 1 clock cycle. - 3. By writing to the Mode Register, - 4. By aborting any command. All these sequences are identical internally, except that loading the Mode Register doesn't subsequently reset the Mode Register. Once the reset process starts, the DCP is unable to respond to any further commands for approximately five clock cycles. If a power-up reset is used, the rising edge of the reset signal should not occur until approximately 1 ms after V<sub>DD</sub> has reached the normal operating voltage. This delay time is required for internal nodes to stabilize. #### Master Port Read/Write Timing The DCP's Master Port is designed to operate with multiplexed address-data buses. The Master Port can be optimized to interface with either a Latched Address Enable (CA95C68) or a Strobed (CA95C18) microprocessor. Several features of the CA95C68 interface should be stressed. - The level on Master Port Chip Select (MCS) is latched internally on the falling edge of Master Port Address Latch: Enable (MALE) in Multiplexed Control Mode only. This relieves external address decode circuitry of the responsibility for latching chip select at address time. - The levels on MP1, MP2 are also latched internally on the falling edge of MALE and are subsequently decoded to enable reading and writing of the DCP's internal registers (Mode, Command, Status, Mask, Input and Output). Again, this eliminates the need for external address latching and decoding. The Mask register is only accessible when the DCP is programmed for one-bit CFB mode via the Mode register's cipher type bits. - Data transfers through the Master Port are controlled by the levels and transitions on the Master Port Read (MRD) and Master Port Write (MWR) pins. Master Port data transfers do not disturb either the chip-select or address latches, so that once the DCP and a particular register have been selected, unlimited writing and reading of that register can be done without intervening address cycles. Given the required transfer control external to the DCP, this feature could greatly speed up loading keys and data. The CA95C18 interface is similar with the following exceptions: - The level on MCS is latched internally on the rising edge of MAS in Multiplexed Control Mode only. - The levels on MP1, MP2 are also latched internally on the rising edge of MAS and are then decoded to enable reading and writing of internal registers. Data transfers through the Master Port are controlled by Master Port Data Strobe (MDS) and Master Port Read/Write (MR/W). The chip-select and address latches aren't affected by data transfers. Any number of reads or writes to this selected register can be accomplished without intervening address cycles. # Loading Key and Initialization Vector (IV) Registers The key and initialization vector registers are not directly addressable through any of the DCP's ports. therefore keys and vector data must be loaded through sequences" (see "command data Command Description Section). Most of the commands recognized by the DCP are of this type: a load or read command is written to the Command Register through the Master Port; the command processor responds by asserting the Command Pending bit in the Status Register; the user then either writes eight bytes of key or initial vector data through the Master or Auxiliary Port, as selected by the specific command, or reads eight bytes of initial vector data from the Master port. In Direct Control Mode, only the E Key and D Key Registers can be loaded; the M Key and IV Registers are inaccessible. Loading the E and D Key Registers is accomplished by asserting the proper state on the AUX6-E/D input (HIGH for E Key, LOW for D Key) and subsequently raising the AUX7-K/D input, indicating that key loading is required. The command processor will assert the AUX3-CP (Command Pending) signal, then the eight key bytes may be written through the Master Port to the appropriate register. In Multiplexed key and initial vector registers, Control Mode, all except the Master (M) Key, may be loaded with encrypted, as well as clear, data. Before loading an encrypted key or initial vector, the clear Master Key must first be loaded through the Auxiliary Port. If the operation is a Load Encrypted command, the subsequent data is written to either the Master or Auxiliary Port and is routed first to the Input Register and decrypted before being stored in the specified Key or Initial Vector Register. After loading the last byte of an encrypted key or initial vector, no reading or writing of internal registers is allowed for the subsequent 70 clock cycles. #### Parity Checking of Keys Key bytes are considered to contain seven bits of key information and one parity bit. By DES designation, the low-order bit is the parity bit. The parity checking circuit is enabled whenever a byte is written to one of the three Key Registers. The output of the parity detection circuit is connected to the PAR pin, as well as the state of this pin being reflected by the Status Register PAR (S3) bit. Status Register bit PAR goes to "1" whenever a byte with even parity (an even number of "1"s) is detected. The Status Register also has a Latched Parity bit (LPAR, S4) which is set to "1" whenever the Status Register PAR bit goes to "1". Once it is set to "1", the LPAR bit is not cleared until a reset occurs or a new Load Key command is issued. When an encrypted key has been loaded, the parity detect logic operates only after the decrypted key is available. The encrypted data is not checked for parity. The PAR signal will reflect the state of the decrypted bytes on a byte-to-byte basis, as they are clocked through the parity check logic on their way to the appropriate Key Register. Therefore, the time PAR indicates the status of a byte of decrypted key data may be as short as four clock cycles. The LPAR bit in the Status Register will indicate if any byte contained errors. #### **Data Flow** The Mode Register contains two bits, M2 and M3, which control the flow of data into and out of the DCP through the Master and Slave Ports. Three basic configurations are provided: Single Port, and two Dual Port configurations. # Single Port Configuration The simplest configuration occurs when the Mode Register data flow control bits are set to Master Port only. Data to be encrypted/decrypted (depending on the value loaded into the encrypt/decrypt bit (M4) of the Mode Register) is written to the Input Register through the Master Port. To facilitate monitoring of the Input Register status, the MFLG signal goes LOW when the Input Register is not full. Clear or cipher data is ready to be read by the host CPU through the Master Port Output Register address when SFLG goes LOW. Therefore, MFLG is redefined as Master Input Flag and SFLG is redefined as Master Output Flag. #### Dual Port, Master Port Clear Configuration In the Dual Port configurations, entering and removing data is accomplished with both the Master and Slave Ports. In the Master Port Clear configuration, clear text for encryption or clear text resulting from decryption can pass only through the Master Port. Cipher text can be handled only through the Slave Port. The direction of data flow is controlled either by the Encrypt/Decrypt bit (M4) in the Mode register, or by the Start Encryption or Start Decryption commands. For encryption, clear data is written through the Master Port to the Input Register, and cipher data can be read from the Output Register through the Slave Port at the appropriate time. If decryption is selected, the process is reversed. cipher data being written to the Input Register through the Slave Port, and the clear data being read from the Output Register through the Master Port. #### Dual Port, Slave Port Clear Configuration This configuration is identical to the Dual Port, Master Port Clear configuration described above, except that the direction of ciphering is reversed. That is, all data written, or read at the Master Port is cipher text, and all data at the Slave Port is clear text. Figure 14: CA95C68 and CA95C18 Data Flow Options ## REGISTER DESCRIPTION The registers in the DCP which can be directly addressed through the Master Port are shown with their addresses in Table 6. A brief description of these registers and others not directly accessible is given below. Table 7: Master Port Register Address | C/K | Cipher<br>Type | MP2 | MP1 | MRD<br>9568 | MWR<br>9568 | MR/W<br>9518 | мсs | Register<br>Addressed | |-----|-----------------------|-----|--------|-------------|-------------|--------------|-----|-------------------------| | 0 | all | 0 | 0 | 1 | 0 | 0 | 0 | Input Register | | 0 | ali | 0 | 0 | 0 | 1 | 1 | 0 | Output Register | | 0 | ali | 0 | 1 | 1 | 0 | 0 | 0 | Command<br>Register | | 0 | all | 0 | 1 | 0 | 1 | 1 | 0 | Status Register | | 0 | ECB/<br>CBC/<br>CFB-8 | 1 | 0 | 1 | 0 | 0 | 0 | Input Register | | 0 | ECB/<br>CBC/<br>CFB-8 | 1 | ,<br>O | 0 | 1 | 1 | 0 | Output Register | | 0 | CFB-1 | 1 | 0 | Х | Х | Х | 0 | Mask Register | | 0 | ail | 1 | 1 | X | Х | X | 0 | Mode Register | | x | ail | х | x | Х | х | Х | 1 | No Register<br>Accessed | | 1 | ail | Х | Х | 1 | 0 | 0 | 0 | Input Register | | 1 | ail | Х | Х | 0 | 1 | 1 | 0 | Output Register | ## **Mode Register** Figure 15 shows the Bit assignments in this 7-bit read/write register. The Cipher Type bits (M1, M0) indicate to the DCP which ciphering algorithm is to be used. After a reset, the Cipher Type defaults to the Electronic Code Book. Configuration bits (M3, M2) indicate which data ports are to be associated with the Input and Output Registers and flags. When these bits are set to the Single Port, Master Only configuration (M3, M2=10), the Slave Port is disabled and no manipulation of Slave Port Chip Select (SCS) or Slave Port Data Strobe (SDS) can cause data movement through the Slave Port. All data transfers are accomplished through the Master Port, as described more fully in the Functional Description section. In this configuration, MFLG gives the status of the Input Register and SFLG the Output Register. Both the Master and Slave Ports are available for input and output operations when the configuration bits are set to one of the Dual Port configurations (M3,M2 = 00 or 01). When M3,M2 = 01 (the default configuration), the Master Port handles clear data while the Slave Port handles ciphered data. Configuration M3,M2 = 00 reverses this assignment. The data direction at any particular moment is controlled by the Encrypt/Decrypt bit (M4). The Encrypt/Decrypt bit instructs the DCP algorithm processor to encrypt or decrypt the data from the Input Register using the ciphering method specified by the Cipher Type bits. The Encrypt/Decrypt bit also controls the data flow direction within the DCP. For example, when the Encrypt/Decrypt bit is "1" (encrypt) and the configuration bits are "01" (Dual Port, Master Clear, Slave Encrypted), clear data will enter the DCP through the Master Port and encrypted data will be removed from the Slave Port. When the Encrypt/Decrypt bit is set to "0" (decrypt), the direction of data flow reverses. The CFB-1 Mask Direction bit (M5) determines the direction in which the Mask Register's bits and the input data are interpreted. When the CFB-1 Mask Direction bit is set to "1" the DCP will read the Mask Direction and data to be ciphered from most significant bit (MSB) to least significant bit (LSB). When the CFB-1 Mask Direction bit is set to "0" the DCP will read the Mask Register and data from LSB to MSB. The CFB-1 Mask Direction bit is only accessible when the DCP is set to 1-bit Cipher Feedback mode via the Mode Register. The CFB-1 Default Output bit (M6) defines the sense of output bits which are masked off in the Mask Register. If the default Output bit is set to "1" then ouput bits, which are masked (not used), will be set to "1". If the default Output bit is cleared to "0" then ouput bits, which are masked (not used), will be cleared to "0". #### Mask Register The 8-bit read/write Mask Register determines which Input and Output Register bits are significant during One-bit Cipher Feedback mode (CFB-1). If any Mask Register bit is set to "1" then the corresponding bit of the Input Register will be used as an input to the one-bit cipher feedback encryption/decryption process and its one bit result will likewise be placed in the corresponding bit of the Output Register. If any Mask Register bit is cleared to "0" then the corresponding bit of the input Register will be ignored. In one-bit cipher feedback mode, if a single byte is written to the Input Register (when requested by the DCP via the Input Flag) then the ciphering algorithm unit will remain busy until all bits in the Input Register, corresponding to set bits in the Mask Register, are processed. For example, if the Mask Register is set to "01101001" and the Mode Register's CFB-1 Mask Direction bit is set for MSB to LSB Mask interpretation, then the DCP will perform encryption/decryption on bit 6 of the Input Register, followed by bits 5, 3, and 1. The corresponding results will be placed in bits 6, 5, 3 and 1 of the Output Register. All other bits in the Input Register will be ignored and all other bits in the Output Register will be set to the state indicated by the Default Output bit (M6) of the Mode Register. The ciphering algorithm unit will remain busy until all four bits are ciphered. Zero to eight bits of the Mask Register may be set to "1". If zero bits are set to "1" then any subsequent writes to the Input Register will be ignored. - \* The CFB-1 Mask Direction and Default Output bits are only accessible when the DCP is in CFB-1 mode, otherwise these bits are high. - 1.) This mode is Newbridge Microsystems specific. Figure 15: Mode Register Bit Assignments ## **Command Register** Data written to the 8-bit, write only Command Register through the Master Port is interpreted as an instruction. A detailed description of each command is given in the Command Description section, and the commands and their binary representations are summarized in Tables 7 and 8. Table 8: Command Codes in Multiplexed Control Mode | Hex<br>Code | Command | |-------------|---------------------------------------------| | 90 | Load Clear M Key through Auxiliary Port | | 91 | Load Clear E Key through Auxiliary Port | | 92 | Load Clear D Key through Auxiliary Port | | 11 | Load Clear E Key through Master Port | | 12 | Load Clear D Key through Master Port | | B1 | Load Encrypted E Key through Auxiliary Port | | B2 | Load Encrypted D Key through Auxiliary Port | | 31 | Load Encrypted E Key through Master Port | | 32 | Load Encrypted D Key through Master Port | | 85 | Load Clear IVE through Master Port | | 84 | Load Clear IVD through Master Port | | A5 | Load Encrypted IVE through Master Port | | A4 | Load Encrypted IVD through Master Port | | 8D | Read Clear IVE through Master Port | | 8C | Read Clear IVD through Master Port | | A9 | Read Encrypted IVE through Master Port | | A8 | Read Encrypted IVD through Master Port | | 39 | Encrypt with Master Key | | 41 | Start Encryption | | 40 | Start Decryption | | CO | Start | | E0 | Stop | | 00 | Software Reset | Table 9: Implicit Command Sequences in Direct Control Mode | C/K | Aux <sub>7</sub><br>K/D | AUX <sub>6</sub> -<br>E/D | AUX <sub>5</sub> -<br>S/S | Command Initiated | | |-----|-------------------------|---------------------------|---------------------------|-----------------------------------------|--| | Н | L | L | 1 | Start Decryption | | | Н | L | Н | 1 | Start Encryption | | | Н | L | Х | <b>+</b> | Stop | | | Н | 1 | L | L | Load Clear D Key through<br>Master Port | | | Н | 1 | Н | L | Load Clear E Key through<br>Master Port | | | Н | <b>1</b> | X | L | End Load Key Command | | | Н | Н | Х | Н | Not Allowed | | | L | Data | Data | Data | AUX Pins become Key-<br>byte Inputs | | ## Status Register The bit assignments for the read-only Status Register are shown in Figure 16. The PAR, AFLG, SFLG and MFLG bits indicate the status of the similarly named output pins, as do the Busy and Command Pending bits when the DCP is the Direct Control Mode (C/K HIGH). In each case, the output signal will be active LOW when the corresponding status bit is a "1". The Parity bit indicates the parity of the most recently entered key byte. The LPAR bit, on the other hand, indicates whether any key byte with even parity has been encountered since the last Reset or Load Key command. The Busy bit will be a "1" whenever the ciphering algorithm unit is actively encrypting or decrypting data. For example, the Busy bit is set in response to a Load Encrypted Key command (the Command Pending bit will go HIGH as well) or in the ciphering of regular text (indicated by the Start/Stop bit being a "1"). If the ciphered data cannot be transferred to the Output Register (due to the presence of data from a previous ciphering cycle), then the Busy bit will remain a "1". The Busy bit will be "0" at all other times, including if no ciphering is possible because no data has been loaded into the Input Register. The Command Pending bit is set to "1" by any instruction which requires the transfer of data to or from a non-addressable internal register, such as when writing key bytes to the E Key Register or reading bytes from the IVE Register. Therefore, the Command Pending bit will be set following all commands except the three Start Commands, the Stop command and the software Reset command. The Command Pending bit will return to an inactive state ("0") after all eight bytes have been transferred following Load Clear, Read Clear or Read Encrypted commands. In addition the inactive state ("0") only returns after data has been entered, decrypted and placed into the desired register following Load Encrypted commands. The Start/Stop bit is set to "1" when one of the Start commands is entered, and is reset to "0" whenever a reset occurs or when a new command other than a Start is entered. Figure 16: Status Register Bit Assignments ## Input Register The 64-bit, write-only Input Register is organized to appear to the user as eight bytes of push-down storage. The number of bytes stored in the register is monitored by a status circuit. The register is considered full when eight bytes of data have been loaded with the ECB or CBC ciphering algorithm in use, or when one byte of data has been entered in either CFB mode. It is considered empty when the data stored in it has been or is being processed. The data in the register won't be destroyed if the user attempts to write data into the Input Register when it is full. Table 9 gives a summary of the port flag associated with this register depending on the mode of operation. #### **Output Register** The 64-bit, read-only Output Register is setup to appear to the user as eight bytes of pop-up storage. A status circuit detects the number of bytes stored in the Output Register. The register is considered empty when all the data stored in it has been read out by the host CPU, and is considered full if it still contains one or more bytes of output data. If an attempt is made to read data from the Output Register when it is empty, the output buffers will remain in a tri-state condition. Table 10: Association of Master Port Flag (MFLG) and Slave Port Flag (SFLG) with Input and Output Registers | Encrypt/ | Port Con | figuration | Input | Output | | |---------------|----------|------------|------------------|------------------|--| | Decrypt<br>M4 | МЗ | M2 | Register<br>Flag | Register<br>Flag | | | 0 | 0 | 0 | MFLG | SFLG | | | 0 | 0 | 1 | SFLG | MFLG | | | 0 | 1 | 0 | MFLG | SFLG | | | 1 | 0 | 0 | SFLG | MFLG | | | 1 | 0 | 1 | MFLG | SFLG | | | 1 | 1 | 0 | MFLG | SFLG | | #### M,E,D Key Registers There are three 64-bit, write-only key registers in the DCP; the Master (M) Key Register, the Encrypt (E) Key Register, and the Decrypt (D) Key Register. These registers are not directly addressable, but can be loaded or read in response to a command (See Command Descriptions). The Master key can be loaded only with clear data through the Auxiliary Port. The Encrypt and Decrypt Keys can be loaded as either clear or cipher text through the Master or Auxiliary Port. If the key data is encrypted, it is first routed to the Input Register where it is decrypted using the M Key, and then written to the target key register from the Output Register. ## Initialization Vector Registers Two 64-bit registers are provided to store feedback from Cipher Feedback and Cipher Block Chaining modes of operation. One Initialization Vector (IVE) Register is used during encryption, the other (IVD) during decryption. Both registers can be loaded with either clear or encrypted data through the Master Port . If encrypted data is loaded, it is first decrypted before being written into the corresponding IV Register. Both registers may be read out through the Master Port as either clear or encrypted text (see Command Description Section). #### Maximum Throughput The pipelined architecture of the DES DCPs allows simultaneous input, ciphering and output operations. Maximum throughput is obtained when the device is configured for one of the dual port configurations. Figure 17 shows the timing for ciphering one block of 64 bits in either ECB or CBC modes of encryption. The inputting of the 64 bits of data takes 8 clock cycles to complete with one data strobe being issued per clock cycle. This data must then be transferred from the Input Register to the algorithm processing unit and the flags updated, which requires 5 additional clock cycles. The algorithm unit begins ciphering concurrently with the transfer and once the flags have been updated another 64 bit block may be entered. The ciphering of the first block is completed after 18 clock cycles have elapsed from the last byte having been written to the Input Register. Another 5 clock cycles are required to transfer the ciphered data to the Output Register and update flags. Transferring of data from the algorithm processing unit to the Output Register can be performed concurrently with loading new data into the DES algorithm unit. Removing the data from the Output Register involves 8 clock cycles with one data strobe per clock cycle. The whole procedure of ciphering one block takes 39 cycles but because the different operations can be overlapped, the DCP can process one block every 18 clock cycles once fully loaded. #### **Pipelining** Once the device has been initialized for dual port config-uration, two data blocks are loaded into the device to fill the Output Register and the DES algorithm processing unit. Now blocks of data can be strobed in and out con-currently. When the ciphering session is completed the DCP must be emptied by reading out the last two bytes. Figure 18 shows the minimum timing configuration for maximum throughput for this device. The total time to transfer "n" blocks is (n+1)x18+3 clock cycles. The DCP can also be operated in pipelined mode when configured for signal port operation. Once initialized, one block of data is loaded into the device. Then, in a loop, one block of data is strobed in and one block is read out. The first block of data loaded before entering the loop is ciphered while the input of the second block is occuring. Figure 17: Detailed Timing of One Block For n blocks, total number of clock pulses = (n+1)x18+3 Figure 18: Pipelines (Minimum Timing Operation) #### **COMMAND DESCRIPTION** All operations of the DCP result from command inputs, which are entered in Multiplexed Control Mode by writing a command byte to the command Register. Command inputs are entered in Direct Control Mode by raising and lowering the logic levels on the AUX $_7$ - K/D, AUX $_6$ -E/D and AUX $_5$ -S/S pins. Table 7 shows all commands that may be given in Multiplexed Control Mode and Table 8 shows the subset executable in Direct Control Mode. # Load Clear M Key Through Auxiliary Port (90<sub>H</sub>) Load Clear E Key Through Auxiliary Port (91<sub>H</sub>) Load Clear D Key Through Auxiliary Port (92<sub>H</sub>) These commands override data flow specifications set in the Mode Register and cause the Master (M), Encrypt (E), or Decrypt (D) Key Register to be loaded with eight bytes written to the Auxiliary Port. Once the load command is written to the Command Register, the Auxiliary Port Flag (AFLG) pin will go active (LOW), as well as the Auxiliary Port Flag bit (S2) in the Status Register being set to "1", indicating that the device is able to accept key bytes at the Auxiliary Port bus. In addition, the Command Pending bit (S6) will go to "1" during the entire loading process. When data has been setup on the Auxiliary Port pins, each byte is written by placing an active LOW signal on the Auxiliary Port Strobe (ASTB). The actual write occurs on the rising edge of ASTB. The Auxiliary Port Flag (AFLG) will go inactive immediately after the eighth strobe goes active (LOW). However, the Command Pending bit (S6) will remain "1" for several more clock cycles, until the key loading process is completed. All key bytes are checked for correct (odd) parity as they are entered. # Load Clear E Key Through Master Port (11<sub>H</sub>) Load Clear D Key Through Master Port (12<sub>H</sub>) These commands are available in both Multiplexed Control and Direct Control Modes. They override the data flow specifications set in the Mode Register and allow eight bytes of data to be written to the appropriate key register through the Master Port. In Multiplexed Control Mode, the command is initiated by writing the instruction to the Command Register. In Direct Control Mode, the command is initiated by raising the AUX<sub>7</sub>-K/ $\overline{D}$ control input while the AUX<sub>5</sub>-S/ $\overline{S}$ input is LOW and the level on AUX<sub>6</sub>-E/ $\overline{D}$ determines which key register is loaded. When the command has been recognized, the Command Pending bit (S6 in the Status Register) will go to "1" and in Direct Control Mode AUX<sub>3</sub>-CP will go active (LOW), indicating that key loading may proceed. The host system then writes exactly eight bytes to the Input Register through the Master Port. When the key register has been loaded, the Command Pending bit will return to "0", and in Direct Control Mode the AUX<sub>3</sub>-CP output will go inactive, indicating that the DCP can accept the next command. # Load Encrypted E Key Through Auxiliary Port (B1<sub>H</sub>) Load Encrypted D Key Through Auxiliary Port (B2<sub>H</sub>) These commands are only available in Multiplexed Control Mode. They are similar to the Load Clear E (or D) Key through Auxiliary Port commands, except that key bytes are initially decrypted using the Electronic Code Book algorithm and the Master (M) Key. The key bytes then pass through the parity checking logic and into the appropriate key register. The Command Pending bit (S6) will be "1" during the entire decrypt-and-load operation. The Busy bit (S5) will be "1" during the actual decrypting of the key. # Load Encrypted E Key Through Master Port (31<sub>H</sub>) Load Encrypted D Key Through Master Port (32<sub>H</sub>) These commands (available in Multiplexed Control Mode only) are similar in effect to Load Clear E (or D) Key Through Master Port, except that key bytes are first decrypted using the Electronic Code Book algorithm and the Master (M) Key. The bytes are then loaded into the target key register, after having passed through the parity checking logic. The Command Pending bit (S6) will be "1" during the entire decrypt-and-load operation. As well, the Busy bit (S5) will be "1" during the actual decryption process. # Load Clear IVE Register Through Master Port (85<sub>H</sub>) Load Clear IVD Register Through Master Port (84<sub>H</sub>) These commands (available in Multiplexed Control Mode only) are virtually identical to Load Clear E (or D) Key Through Master Port, except that the data written to the Input Register address is transferred to either the Initialization Vector for Encryption (IVE) or Decryption (IVD) Register instead of a key register and no parity checking takes place. The Command Pending bit (S6) is a "1" during the entire loading process. # Load Encrypted IVE Register Through Master Port (A5<sub>H</sub>) Load Encrypted IVD Register Through Master Port (A4<sub>H</sub>) These commands are similar to the Load Encrypted E (or D) Key Through Master Port commands. The data flow specification set in the Mode Register is overridden and the eight initial vector bytes are decrypted using the Decryption (D) Key and the Electronic Code Book algorithm. The resulting clear initial vector bytes are routed into the appropriate Initialization Vector Register, and no parity checking occurs. The Busy bit (S5) does not go to "1" during the decryption process, but Command Pending bit (S6) will be "1" during the entire decryption-and-load operation. # Read Clear IVE Register Through Master Port (8D<sub>H</sub>) Read Clear IVD Register Through Master Port (8C<sub>H</sub>) The effect of these commands (available in Multiplexed Control Mode only) is to override the data flow specifications set in the Mode Register and to allow the appropriate Initialization Vector Register to be read from the Output Register through the Master Port. When executing this instruction, each IV Register appears as eight bytes of FIFO storage. The first byte of data will be available six clocks after the loading of the command register. The Command Pending bit will be set to "1" and will remain a "1" until sometime after the eighth byte is read out. The host system has the responsibility to read out exactly eight bytes. # Read Encrypted IVE Register Through Master Port (A9<sub>H</sub>) Read Encrypted IVD Register Through Master Port (A8<sub>H</sub>) The effect of these commands (in Multiplexed Control Mode only) is to override the specifications set in the Mode Register and to encrypt the contents of the specified Initialization Vector Register using the Electronic Code Book algorithm and the Encrypt (E) Key. The resulting eight bytes of cipher text can be read from the Output Register through the Master Port. The Busy bit (S5) will be "1" during the encryption when it goes to "0, " the encrypted initial process, vector bytes are ready to be read out. The Command Pending bit (S6) will be "1" during the entire encryption-and-output process, and will go to "0" when the eighth byte is read out. The host system is responsible for reading out exactly eight bytes. #### Encrypt with Master (M) Key (39H) This command (available in Multiplexed Control Mode only) overrides the data flow specifications set in the Mode Register and causes the DCP to write eight bytes of data to the Input Register via the Master Port. After the eighth byte has been received, the data is encrypted using the Master (M) Key and then routed to the Output Register, where it may be read out through the Master Port. The Command Pending (S6) and Busy (S5) bits are used to sense the three phases of this operation. Command Pending goes to "1" as soon as the Input Register can accept data. When exactly eight bytes have been entered, the Busy bit will got to "1" until the encryption process is complete. When Busy goes to "0", the encrypted data is available to be read out. Command Pending will return to "0" when the eighth byte has been read. #### Start Encryption (41<sub>H</sub>) # Start Decryption (40<sub>H</sub>) # Start (C0<sub>H</sub>) The three "Start" commands begin normal data ciphering by setting the Start/Stop bit (S7) in the Status Register to "1." The Start Encryption and Start Decryption commands specify the ciphering direction by forcing the Encrypt/Decrypt bit (M4) in the Mode Register to "1" or "0", respectively. Whereas Start uses the current state of the Mode Register Encrypt/Decrypt bit, as specified in a previous Mode Register load. When any Start command has been entered, the Port Status Flag (MFLG or SFLG) associated with the Input Register will become active (LOW), indicating that data may be written to the Input Register to begin ciphering. In Direct Control Mode, the Start command is issued by raising the level of the AUX<sub>5</sub>-S/ $\overline{S}$ input . If AUX<sub>6</sub>-E/ $\overline{D}$ is high when AUX<sub>5</sub>-S/ $\overline{S}$ goes HIGH, the command is Start Encryption; if AUX<sub>6</sub>-E/ $\overline{D}$ is low, it is Start Decryption. #### Stop (E0<sub>H</sub>) The Stop command sets the Start/Stop bit (S7) in the Status Register to "0." This causes the input flag (MFLG or SFLG) to become inactive and inhibits the loading of any further data. Any ciphering in progress (Busy bit (S5) is "1" or AUX<sub>2</sub>-BSY is active) will be completed and any data in the Output Register will remain accessible (except in CFB Mode). In either CFB Mode, the last byte of data must be read out before issuing the STOP command. In Direct Control Mode, the Stop command is implied when the signal level on the $AUX_5$ -S/S input goes from HIGH to LOW. # Software Reset (00<sub>H</sub>) This command is similar to a hardware reset (CA95C68: to MRD and MWR low, CA95C18: MAS and MDS low) in that it forces the DCP back to its default configuration, and all the processing flags go inactive. The default configuration for the Mode Register is: Electronic Code Book Cipher Type and Dual Port Configuration withMaster Port clear, Slave Port encrypted. ## **MECHANICALS** All dimensions in inches Figure 19: 40-Pin PDIP Package All dimensions in inches Figure 20: 44-Pin PLCC Package # ORDERING INFORMATION and PRODUCT CODE Newbridge Microsystems products are designated by a Product Code. When ordering, refer to products by their full code. For unusual, and/or specific packaging or processing requirements not covered by the standard product line, please contact our factory directly. MAY 1 8 1993 A Division of Newbridge Networks Corporation 036346 \_ 695 High Glen Dr., San Jose, California 95133 Tel: (408) 258-3600 • Fax: (408) 258-3659 603 March Road, Kanata, Ontario Canada K2K 2M5 Tel: (613) 592-0714 • 1-800-267-7231 • Fax: (613) 592-1320 Newbridge Microsystems does not assume any liability arising out of the application or use of any product or circuit described herein; neither does it convey any licence under its patent right nor the rights of others. Printed in Canada Information in this document is subject to change without notice