Claims
- 1. A cryptography accelerator, comprising:
a plurality of input ports on a cryptography accelerator configured to receive data from an entity external to the cryptography accelerator; a data input unit input controller coupled to the plurality of input ports, the data input unit input controller configured to write data blocks from the plurality of input ports into an input buffer and write entries corresponding to the data blocks into a buffer pointer table, wherein the buffer pointer table is configurable to vary the allocation of input buffer space available to each of the plurality of input ports; a plurality of cryptographic processing cores.
- 2. The cryptography accelerator of claim 1, further comprising a data input unit load distributor operable to select entries from the buffer pointer table.
- 3. The cryptography accelerator of claim 2, further comprising a data input unit output controller configured to identify buffer pointer table entries from the data input unit load distributor, pull data blocks corresponding to the entries from the input buffer, and forward the data blocks to a plurality of data paths associated with cryptographic processing cores.
- 4. The cryptography accelerator of claim 3, further comprising a policy security association lookup unit coupled to the data input unit output controller.
- 5. The cryptography accelerator of claim 3, further comprising a merge data unit coupled to the merge data unit and the data input unit output controller.
- 6. The cryptography accelerator of claim 3, wherein the data input unit output controller is further configured to forward security association information on a first data path and the associated data block on a second data path.
- 7. The cryptography accelerator of claim 3, wherein the output controller is further configured to set an entry in the buffer pointer table as available after the associated data block has been forwarded to a merge data unit.
- 8. A method for receiving data in a cryptography accelerator, comprising:
receiving a plurality of data sequences at one of a plurality of input ports; writing the plurality of data sequences into a shared resource; providing references to the data sequences in the shared resource, wherein the references identify the data sequences as well as the type of the data sequences; determining if policy security association information is associated with the plurality of data sequences; and forwarding the plurality of data sequences to cryptographic processing circuitry.
- 9. The method of claim 8, wherein cryptographic processing circuitry comprises a plurality of cryptographic processing cores.
- 10. The method of claim 8, wherein the cryptographic processing cores are grouped into a plurality of cryptographic processing blocks.
- 11. The method of claim 8, wherein each cryptographic processing block comprises four cryptographic processing cores.
- 12. The method of claim 8, wherein the plurality of input ports comprise a streaming interface port;
- 13. The method of claim 12, wherein the plurality of input ports further comprise a memory mapped port;
- 14. The method of claim 8, further comprising performing policy security association lookups using the references to the data sequences in the shared resource;
- 15. The method of claim 8, further comprising merging the data sequences with the results from the policy security association lookups;
- 16. The method of claim 8, wherein the shared resource is a buffer shared by the plurality of input ports.
- 17. An apparatus for receiving data in an integrated circuit, comprising:
means for receiving a plurality of data sequences at one of a plurality of input ports; means for writing the plurality of data sequences into a shared resource; means for providing references to the data sequences in the shared resource, wherein the references identify the data sequences as well as the type of the data sequences; means for determining if policy security association information is associated with the plurality of data sequences; and means for forwarding the plurality of data sequences to cryptographic processing circuitry.
- 18. The apparatus of claim 17, wherein cryptographic processing circuitry comprises a plurality of cryptographic processing cores.
- 19. The apparatus of claim 17, wherein the cryptographic processing cores are grouped into a plurality of cryptographic processing blocks.
- 20. The apparatus of claim 17, wherein each cryptographic processing block comprises four cryptographic processing cores.
- 21. The apparatus of claim 17, wherein the plurality of input ports comprise a streaming interface port;
- 22. The apparatus of claim 21, wherein the plurality of input ports further comprise a memory mapped port.
- 23. The apparatus of claim 17, further comprising performing policy security association lookups using the references to the data sequences in the shared resource.
- 24. A cryptography processor, comprising:
a plurality of input ports configured to receive packets from an entity external to the cryptography processor; a shared input buffer coupled to the plurality of input ports, the shared input buffer operable to store packets received through the plurality of input ports, wherein allocation of the shared input buffer is reallocable based on the particular characteristics of the various input ports; a plurality of cryptographic processing cores coupled to the shared input buffer, the plurality of cryptographic processing cores configured to receive data associated with the packets and perform cryptographic processing on the data.
- 25. The cryptography processing of claim 3, wherein the external entity is a host CPU.
- 26. The cryptography processor of claim 3, wherein the cryptographic processing cores are organized as two separate cryptographic processing blocks.
- 27. The cryptography processor of claim 3, further comprising a policy security association lookup unit configured to receive header information associated with the packet and perform a policy security association lookup.
CROSS REFERENCE TO RELATED APPLICATIONS
[0001] This application claims priority under U.S.C. 119(e) from U.S. Provisional Application No. 60/434,456, filed Dec. 18, 2002, entitled Methods And Apparatus For Cryptography Accelerator Data Handling, by Mark Buer and Donald P. Matthews, (Attorney Docket No. BRCMP027P), the entirety of which is incorporated by reference for all purposes. The present application is also related to concurrently filed U.S. patent application Ser. No. ______ entitled Methods And Apparatus For Ordering Data In A Cryptography Accelerator, by Tim Paaske and Mark Buer (Attorney Docket No. BRCMP026), U.S. patent application Ser. No. ______, entitled Cryptography Accelerator Interface Decoupling From Cryptography Processing Cores, by Mark Buer and Don Matthews (Attorney Docket No. BRCMP029), and U.S. patent application Ser. No. ______, entitled Cryptography Accelerator Data Routing Unit, by Mark Buer and Don Matthews (Attorney Docket No. BRCMP028), the entireties of which are incorporated by reference for all purposes.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60434456 |
Dec 2002 |
US |