EU Specific Data Packet Descriptors
MCF548x Reference Manual, Rev. 3
Freescale Semiconductor 22-103
performs the HMAC function first, then attaches the HMAC (which is variable size) to the end of the
payload data. The payload data, HMAC, and any padding added after the HMAC are then encrypted.
Parallel encryption and authentication of TLS “records” cannot be performed using the SEC snooping
mechanisms which work for IPSec.
Performing TLS record layer encryption and authentication with the SEC requires two descriptors. For
outbound records, one descriptor is used to calculate the HMAC, and a second is used to encrypt the
record, HMAC, and padding. For inbound records, the first descriptor decrypts the record, while the
second descriptor is used to recalculate the HMAC for validation by the host. With some planning, the user
may create the outbound descriptors and launch them as a chain, leaving the SEC to complete the full
HMAC/encrypt operation before signalling DONE. It is anticipated that for inbound records, the SEC will
signal DONE after decryption, so that the host can determine the location of the HMAC before setting up
the HMAC validation descriptor.
22.14.6.4.1 Outbound TLS Descriptors
Table 22-106 shows the first descriptor used for outbound TLS. The descriptor performs the HMAC of the
record header and the record payload. The primary EU is the MDEU, with its mode bits set to cause the
MDEU to initialize its context registers, perform auto-padding if the data size is not evenly divisible by
512 bits, and calculate an HMAC. The descriptor header does not designate a secondary EU, so the setting
of the snoop type bit is ignored.
At the conclusion of the outbound TLS descriptor 1, the crypto-channel has calculated the HMAC, placed
it in memory, and has reset and released the MDEU.
Table 22-106. Outbound TLS Descriptor One Format
Field Name Value/Type Description
Header see Table 22-107 Header common to several descriptors (TYPE 0001)
LEN_1 Length (not used) NULL
PTR_1 Pointer (not used) NULL
LEN_2 IV Length NULL
PTR_2 IV Pointer NULL
LEN_3 Key Length Number of bytes of HMAC key
PTR_3 Key Pointer Pointer to HMAC key
LEN_4 Data In Length Number of bytes of data to be hashed
PTR_4 Data In Pointer Pointer to data to perform hash upon
LEN_5 Data Out Length NULL
PTR_5 Data Out Pointer NULL
LEN_6 IV Out Length Number of bytes of data after hashing (16, 20, or 32)
PTR_6 IV Out Pointer Pointer to location where hash output is to be written
LEN_7 MAC Out Length NULL
PTR_7 MAC Out Pointer NULL
PTR_NEXT Next Descriptor Pointer Pointer to next data packet descriptor