Datasheet

ManualsBrandsMicrochip ManualsEmbedded Processors & ControllersMicrocontroller 32 Bit TQFP-64

401

402

403

404

405

406

407

408

409

410

 2015 Microchip Technology Inc. Preliminary DS60001320B-page 403

PIC32MZ Embedded Connectivity with Floating Point Unit (EF) Family

26.0 CRYPTO ENGINE

The Crypto Engine is intended to accelerate applica-

tions that need cryptographic functions. By execut-

ing these functions in the hardware module, software

overhead is reduced, and actions such as encryp

tion, decryption, and authentication can execute

much more quickly.

The Crypto Engine uses an internal descriptor-based

DMA for efficient programming of the security associ

ation data and packet pointers (allowing scatter/

gather data fetching). An intelligent state machine

schedules the Crypto Engines based on the protocol

selection and packet boundaries. The hardware

engines can perform the encryption and authentica

tion in sequence or in parallel.

Key features of the Crypto Engine are:

• Bulk ciphers and hash engines

• Integrated DMA to off-load processing:

- Buffer descriptor-based

- Secure association per buffer descriptor

• Some functions can execute in parallel

Bulk ciphers that are handled by the Crypto Engine

include:

• AES:

- 128-bit, 192-bit, and 256-bit key sizes

- CBC, ECB, CTR, CFB, and OFB modes

• DES/TDES:

- CBC, ECB, CFB, and OFB modes

Authentication engines that are available through the

Crypto Engine include:

•SHA-1

•SHA-256

•MD-5

• AES-GCM

• HMAC operation (for all authentication engines)

The rate of data that can be processed by the Crypto

Engine depends on a number of factors, including:

• Which engine is in use

• Whether the engines are used in parallel or in series

• The demands on source and destination memories

by other parts of the system (i.e., CPU, DMA, etc.)

• The speed of PBCLK5, which drives the Crypto

Engine

Table 26-1 shows typical performance for various

engines.

TABLE 26-1: CRYPTO ENGINE

PERFORMANCE

FIGURE 26-1: CRYPTO ENGINE BLOCK DIAGRAM

Note: This data sheet summarizes the

features of the PIC32MZ EF family of

devices. It is not intended to be a

comprehensive reference source. To

complement the information in this data

sheet, refer to Section 49. “Crypto

Engine (CE) and Random Number

Generator (RNG)” (DS60001246) in

the “PIC32 Family Reference Manual”

which is available from the Microchip

web site (www.microchip.com/PIC32).

Engine/

Algorithm

Performance

Factor

(Mbps/MHz)

Maximum Mbps

(PBCLK5 = 100 MHz)

DES 14.4 1440

TDES 6.6 660

AES-128 9.0 900

AES-192 7.9 790

AES-256 7.2 720

MD5 15.6 1560

SHA-1 13.2 1320

SHA-256 9.3 930

DMA

Controller

System

INB

FIFO

OUTB

FIFO

Crypto

FSM

Packet

AES

TDES

SHA-1

MD5

Local Bus

SFR

System

Bus

PBCLK5

SHA-256