• For HMAC operations, the host software should pre-compute the IPAD and OPAD
using H(K xor Pad1) and H(K xor Pad2) and then write the data to the 820x.
• For SSL3.0-MAC (MD5 or SHA-256) operations, the host software should pre-
compute the IPAD and OPAD using H(K || Pad1) and H(K || Pad2) and then write
“Seq. No. || Type || Length || Data” to the 820x.
• For SSL3.0-MAC (SHA-1) operations, the host software should not pre-compute the
IPAD and OPAD and write K directly to the 820x using “Seq. No. || Type || Length ||
Data”.
3.1.3.8
AES-GCM and GMAC Operations
AES-GCM operation is different from other AES operations. The output of an AES-GCM
operation has two parts: a cipher text whose length is identical to the plain text, and an
authentication tag.
The cipher text is an output of the encryption engine, and the authentication tag is an
output of the hash engine. When performing AES-GCM operations, the host software must
enable both the encryption and hash engines.
Figure 3-20. AES-GCM Implementation Illustration
GMAC is a special case of AES-GCM mode in which the cipher text size equals zero. When
the 820x performs AES-GCM authenticated encryption, the Encryption engine performs the
encryption operation and then the hash engine performs the authentication operation. For
GMAC mode, the encryption and authentication occurs in the hash engine, using the AAD as
the input data.
3.1.3.9
MAC Operations
The 820x Hash engine supports stateless and stateful MAC operations. The MAC operation
is complex due to the number of parameters and operations, and the cooperation required
between the 820x and the software. Table 3-3 identifies the parameters that must be set
for different types of MAC operations.
820x – Data Sheet, DS-0157-D
Page80
Hifn Confidential