MCF548x Reference Manual, Rev. 3
22-4 Freescale Semiconductor
4. Wait for EU to complete processing.
5. Upon completion, unload results and context and write them to external memory as indicated by
the data packet descriptor.
6. If multiple services requested, go back to step 2.
7. Reset the appropriate EU if it is dynamically assigned. Note that if statically assigned, an EU is
reset only upon direct command written to the SEC.
8. Perform descriptor completion notification as appropriate. This notification comes in one of two
forms—interrupt or header writeback modification—and can occur at the end of every descriptor,
at the end of a descriptor chain, or at the end of specially designated descriptors within a chain.

22.4.4 Execution Units (EUs)

‘Execution unit’ is the generic term for a functional block that performs the mathematical permutations
required by protocols used in cryptographic processing. The EUs are compatible with IPSec, SSL/TLS,
iSCSI, and SRTP processing and can work together to perform high level cryptographic tasks. The SEC
execution units are as follows:
DEU (data encryption standard execution unit) for performing block cipher, symmetric key
cryptography using DES and 3DES
AFEU for performing RC-4 compatible stream cipher symmetric key cryptography
AESU for performing the advanced encryption standard algorithm
MDEU for performing security hashing using MD-5, SHA-1, or SHA-256
RNG for random number generation

22.4.4.1 Data Encryption Standard Execution Unit (DEU)

The DES Execution Unit (DEU) performs bulk data encryption/decryption, in compliance with the Data
Encryption Standard algorithm (ANSI x3.92). The DEU can also compute 3DES, an extension of the DES
algorithm in which each 64-bit input block is processed three times. The SEC supports two key (K1=K3)
or three key 3DES.
The DEU operates by permuting 64-bit data blocks with a shared 56-bit key and an initialization vector
(IV). The SEC supports two modes of IV operation: Electronic Code Book (ECB) and Cipher Block
Chaining (CBC).
The DEU module computes the Data Encryption Standard algorithm (ANSI X3.92, FIPS 46-2) for block
type bulk data encryption. It can also execute either the 2-key or the 3-key variants of the Triple-DES
algorithm, which is based on DES. The processor supplies data to the DEU block as input, and the data
will be encrypted and subsequently made available to the processor. The session key is input to the block
prior to encryption.
DES is a block cipher that uses a 56-bit key (64 bits with CRC) to encrypt 64-bit blocks of data, one block
at a time. A conceptual diagram of this process is shown in Figure 22-2. DES is a symmetric algorithm, so
each of the two communicating parties share the same 64-bit key for encryption and decryption. DES
processing begins after this shared session key is agreed upon. The text or binary message to be encrypted
(typically called plaintext) is partitioned into n sets of 64-bit blocks. Each block is processed, in turn, by
the DES engine, producing n sets of encrypted (ciphertext) blocks. These blocks may be transmitted to the
other entity. Decryption is handled in the reverse manner. The ciphertext blocks are processed one at a time
by a DES module in the recipient’s system. The same key is used, and the DES block manages the key
processing internally so that the plaintext blocks are recovered.