Silicon IP Cores
MAC-SEC-1G
MACsec Protocol Engine for 10/100/1000 Ethernet
The MAC-SEC-1G IP core implements a compact and configurable custom-hardware protocol engine for the IEEE 802.1AE (MACsec) standard. It supports all cipher suites provisioned by the MACsec standard and the VLAN-in-Clear improvement and is silicon- and performance-optimized for networks operating up to 1Gbps.
Featuring a configurable number of Security Associations (up to 64k), this protocol engine supports multiple security channels and can implement multiple Security Entities (SecYs). It operates in full duplex mode, at line speed per direction for 1000/100/10 Mbps connections. It does so by implementing a 32-bit wide data path, which provides adequate performance while minimizing silicon resources.
Designed for ease of integration, the MAC-SEC-1G core is a fully synchronous, single-clock domain design that uses standardized interfaces and can be optionally pre-integrated with companion cores available from CAST.
The control and status registers of the core are accessible via a generic 32-bit memory-mapped slave interface. Interface bridges delivered with the core can convert this generic host interface to a generic 8-bit memory-mapped interface or a 32-bit APB, AHB-Lite, Avalon-MM, or Wishbone interface. Packet data are input and output via AXI Stream interfaces with configurable data width, enabling direct connection to Ethernet MACs, PTP timestamping units, or other higher-layer protocol engines. Interface bridges and a DMA engine capable of driving the AXI Stream interfaces are available separately. They can be used in cases where moving data to and from the core is preferable over a memory-mapped bus. The core can be delivered pre-integrated with the Low-Latency Ethernet MAC or any Ethernet TSN cores available from CAST.
Consistent with CAST’s quality standards, this core has been rigorously verified, is LINT-clean and scan-ready, and is delivered with everything required for a trouble-free implementation. It is available in System Verilog RTL source code or as a targeted FPGA netlist, and its deliverables include a sophisticated testbench, sample synthesis and simulation scripts, and comprehensive documentation.
The MAC-SEC-1G core provides hardware-accelerated MACsec protection for end-to-end transmission in industrial, automotive, IoT edge, and other devices with Ethernet connectivity. While it works well with third-party cores, the MAC-SEC-1G is especially well suited for use with the Low-Latency eMAC, the UDP/IP and TCP/IP hardware stacks, and the TSN Endpoint and Switch cores available from CAST. These can be licensed as a pre-integrated subsystem, enabling the rapid, low-risk development of secure Ethernet connections.
This core implements encryption functions and as such it is subject to export control regulations. Export to your country may or may not require a special export license. Please contact CAST to determine what applies in your specific case.
Engineered by Fraunhofer IPMS.