CSL Notebook EntryTo:Csl NotebookDate:February 5, 1983From:Anthony WestLocation:PARC/CSLSubject:Dorado Auxiliary BoardFile:[Ivy]81CSLN-YYYYXEROX Attributes:Communication, Database, Distributed computing, Dandelion, Dolphin, Dorado, DES,Cryptography, Encryption, Random Number Generators, Noise Diodes, Stable Storage,Atomic Transactions, WWVB, Broadcast Time Standards, Stable Storage, UniversalIdentifiers, Synchronizing Events, I/O Interfaces, Intel/IEEE MultibusReferences:[Ivy]Entries>81CSLN-0050Abstract:This is an early form of the manual describing the Dorado Aux board. It describes thedesign of the board so far.1. OverviewThe Dorado Auxiliary board consists of a number of disjoint device controllers which share acommon interface to the Dorado Slow I/O bus. There are controllers for:DES Cryptography. The controller hardware allows data to be encrypted according to theNBS Proposed Federal Data Encryption Standard, DES. Pipelined LSI MOS encryptionchips, in conjunction with a microcode task, implement memory-to-memory encryption atrates exceeding 12 megabits/second. The encryption logic is duplicated to permitimproved error detection. However, in the event of a failure of one of the units, softwarecan reconfigure the controller to permit operation to continue at full speed, but withouterror detection capability.Random Bit Generator. A thermal noise diode is used as a white-noise source to generatea stream of random bits at rates up to 100 KBaud. The output is amplified by anoperational amplifier to increase the signal level to the point where an ECL comparatorcan turn the noise into a digital bitstream. The output bits are biassed, however, and it isintended that a suitable unbiassing algorithm will be provided in software.Electronic Stable Storage. This controller allows records of information to be written intoexternal electronic stable storage modules with negligable latency and at transfer rates upto 30 megabits/second. The modules, based on CMOS RAM, are provided with automaticbattery-standby capability to ensure data retention in the event of power failure. The on-board bus interface allows additional storage modules to be plugged in to the externalparallel bus cable either to extend the total amount of addressable storage, or to increasethe modular redundancy of the storage subsystem. On writing, all modules with the sameaddresses are written simultaneously; on reading, they are read individually. The externalbus is parity-checked, and each module performs label- and CRC-checking on the recordsfor very high-reliability operation. Modules can be removed from or added to the Doradowithout affecting the data retention or integrity. îïg¡pôiîïc8qîrôXî,ôqî4¥rîï]ûqîrî,ôqî4°rîïYqîrî,ôqî4°qîLïSìsrîïPÁq îxrðPîpïO=ðQîpïM¹ðOîpïL5ðFîïIPq îxrð&îïFkqîxrðWîpïDçî·ï;ˆtô î·ï8]rôÃðTôÄî·ï6ÙôðHîï3tôrôðEîï2)ô¡ð.ô¢ð#îï0¥ô›ðRôœîï/!ô ðJô îï-ôŒ ôðMîï,ôªô«ðJîï*•ôîï'itô‹rôŒð)îï%åôÒ ôÓðEîï$aô«ð!ô¬ð6îï"ÝôðWôŽîï!YôðKîï.tôŠrð>ô‹îïªôžð/ôŸð,îï&ô€ôð8îï¢ô’ðRô“îïô¿ðFôÀîïšôðOôžîïôð1ôŽð&îï‘ô‘ô’ðFîï ôô‘ð@îï‰ô…ð1ô†ð'îïôð3 ®L¾=7ZDHardware Reference Manual210 megabits/second Ethernet Controller. Space has been left on the board for lateraddition of a 10 megabits/second Ethernet controller based on the VLSI group's Ethernetphase decoder, after it has been is fully debugged and tested. Extra capacity has beenprovided in the Dorado I/O interface for this controller.The rest of this manual presents the theory of operation for each controller, and explains theimplementation in detail. The text is intended to be read hand-in-hand with the logic diagrams, towhich frequent reference will be made.ÿî"«ïfñrôXîýî ï_tôÛrtrôÜî ï]’ô•ð:ô–î ï\ô³ô´ð<î ïZŠôð9î ïW^ôÄ ôÅðSî ïUÚô„ð:ô…ð)î ïTVôð&ÿ<ýT=7üHDorado Auxiliary Board32. Dorado Slow I/O Bus InterfaceThe Dorado interface has 5 components:a.TIOA Decoderb.IOB Receivers and Driversc.Control Logicd.Next Bus Decoder and Wakeup Logice.Dorado Clock Distribution2.1 TIOA DecoderRefer to page AUX10. The high-order 4 bits of TIOA are compared against the board's baseaddress, as set by the configuration of the addressing SIP. The output of the comparator, togetherwith the low-order 4 bits of TIOA, enters a MC175 latch, which passes TIOA from t1 to t2, andholds TIOA from t2 to t3. The held versions are decoded by two MC161 decoders to provide for16 register-select signals, 340-357. Although the DES and stable-storage logic does not require 16address selects, the additional flexibility was incorporated to allow other controllers to be addedlater.Note that the inverted versions of the low-order bits of Tioa are also available -- they are used asinputs to the DES input fifo, see below.Additional TIOA decoding logic (MC109) at the bottom of the page decodes the addresses 341-343 asa special case and enables writing into the DES Input fifo, Ififo. The idea here is that the datawritten into Ififo is tagged with the bottom two bits of TIOA, so that it can be routed to a varietyof destinations when it emerges from the output side of the fifo later. (The other half of theMC109 is used in the Wakeup Generator, on page AUX20.)2.2 IOB Receivers and DriversWhen data is transferred from the processor to the board, the I/O bus, IOB, is received by MC195buffers, and is bussed on the board onto the board as RIOB. The parity of RIOB is checked, and, inthe event of a parity error, bit 15 of the board status register, SR15, is set at t3. Further, as anadditional concession to paranoia, parity errors prevent the generation of the various WriteEnable'signals which condition registers to be written at t3.Refer to page AUX17. When data is transferred from the board to the processor, data from theboard is driven onto IOB by MC164 8-way multiplexors which are activated for addresses in therange 340-347. Full control logic is provided at the bottom of the page to allow a second bank ofMC164's to be added for expansion to addresses 350-357 if required later. Again, 8 registers isgenerous for the logic on the board at the moment, but 8-way multiplexors were chosen over 4-way multiplexors to permit the addition of additional registers later.Note that each register which connects to the IOB Multiplexor is expected to generate its ownparity.î"°ïfñrôXîG©î·ï_tôî·ï[êrð&îyïX¿îîyïW;îîyïU·îîyïT3îð!îyïR¯îî·ïMÜuî·ïJ±rôÃôÄð'qrð&î·ïI-ô‰ðJôŠî·ïG¨ô±qrð$qrururî·ïF$ô–qrururô—ðDî·ïD ô¥vrô¦ð1î·ïCô®ð+ô¯ð8î·ïA˜î·ï>môšð9qrô›î·ï<éôð(î·ï9½ôƒ qrð,ô„vrî·ï89ô¢ðCô£î·ï6µô•ð9qrð'î·ï51ô¸ðHô¹î·ï3ôð6î·ï.Úuî·ï*Ûrô‹ðGqrôŒî·ï)Wô€ôð*qrqrî·ï'Óô ð7ô¡urî·ï&Oô³ð0ô´ð&qî·ï$Ërôð3urî·ï ÌôœôðUî·ïHô¨qrô©ðEî·ïÄô—vrð$ô˜ð1î·ï@ô¹ð/vrôºð*î·ï¼ô£ðIô¤î·ï8ôðFî·ï9ô¸ðUô¹î·ïµÿ Î·n=7T'Hardware Reference Manual42.3 Control SignalsRefer to page AUX10. The logic at the bottom of the page consists of the receivers for IOout, IOin,and IOReset, as well as the additional gating which is required to generate the WriteEnable' signals forthe on-board registers. There are two points to note:a.Registers on the board cannot be written if RIOB has bad parity.b.There is additional decoding on the WriteEnable' for the DES Input fifo, Ififo, which willallow writes when TIOA is in the range 341-343.2.4 Next Bus Decoder and Wakeup LogicRefer to page AUX20. The 4 bits of the NEXT bus, which broadcast the task number of the taskwhich will run in the next cycle, are compared against the configuration of the addressing SIP tosee if they match the address of the DES task.When the current task, about to block, executes an instruction which causes a HOLD, however,NEXT is incorrect since the current cycle will be repeated until HOLD is removed and this is onlyknown too late in the cycle to restore the NEXT bus. Therefore, the signal UsNext?', when examinedin the next cycle as UsNow?', has to be gated with LastRepeating to determine if it really is our taskrunning now, or whether we are experiencing an extension of the previous cycle, with NEXT beingincorrect.There are actually two conditions to check to see if our task is actually running in this cycle (seethe MC117):a.NEXT says that it might be our task running now and the last task is not repeating (UsNow?'and NOT LastRepeating), orb.Our task was running in the last cycle, and executed an instruction which Blocked andHeld at the same time, causing a repeat (UsLast' and LastRepeating').These signals are used below in the Wakeup Generator. Wakeup Requests are only permitted togenerate a wakeup if our task is not running or pre-empted (OurTaskIsBlocked'), is not running now(UsNow), is not suspected of being about to run next (UsNext?), and Wakeups are enabled in theboard control register, (WakeupsEnabled').Note that this particular scheme might not permit a wakeup to be generated when NEXT andtherefore UsNext? is incorrect. This is hardly critical, however, since all that will happen is that thewakeup will be generated a little later. There are no time-critical controllers on the board (except,maybe, the 10 megabits/second Ethernet interface, which would be buffered).The idea behind the Wakeup Generator is that the wakeup request will be removed as soon as ourtask services the board. Presumably the microcode or software will cause the signal whichgenerated the wakeup in the first place to be removed.It was originally intended to allow a microcode task to be multiplexed between several controllersby latching the Wakeup-request signals entering the MC106 in a WakeupDispatch register, whichcould be read and dispatched-upon by microcode in one or two microinstrucions. This has notbeen implemented.î"«ïfñrôXîýî ï_uôî ï[êrô…ô†ð9qrqrî ïZfô…qrô†ðJô›qrôœqrð&î ï<ÆôŽôð7qrî ï;A î ï8ôšðIô›î ï6’ô îÙï3gî qrô„ô…ð6qî ï1ãrôqrqrîÙï.·î ô´ôµð>î ï-3ôð)qrq rî ï*ô—ð5ô˜ð'î ï(„ð7üOHardware Reference Manual63. DES CryptographyThe DES hardware consists of 7 major parts:a.A shared 16-word DES input fifo, Ififob.Dual redundant DES cipher chipsc.A DES input finite-state machined.An 8-bit Counter Timere.A 16-word DES output fifo, Ofifof.A DES output finite-state machineg.A 64-bit Checksum Unit3.1 DES Input FifoRefer to block diagram page AUX01. RIOB data for the DES hardware is written into the 16-wordDES input fifo, Ififo. The control logic for this fifo is on page AUX11. The fifo is constructed ofFairchild F10145A 16-word by 4-bit RAMS (page AUX12), which are dual-ported by the MC158address multiplexor. The dual-porting is arranged such that RAM cycles take one Dorado Clock,or ~32 nS, with read cycles taking place from t1 to t2, and write cycles from t2 to t3. Each time aread or write occurs, the corresponding Read or Write address counter is incremented.The logic at the bottom of page AUX11 prevents overflow or underflow of the fifo from occurringas follows:If the Write address counter and the Read address counter become equal (see the MC166), theneither this has happened because the last word was just read out of the fifo and the fifo is empty,or else the 16th word has just been written into the fifo and the fifo is full. The lower MC135flip-flop, clocked with Clock2', remembers whether the last cycle was a Read cycle or a Write cycle,thus allowing the Full case to be distinguished from the Empty case. IfifoFull and IfifoEmpty arethen used at the top left of the page to inhibit further writes or reads respectively. A similartechnique is used for the DES output fifo, discussed below.EnableIfifoWrite', generated by the control logic on page AUX10 when TIOA is in the range 341-343,allows writes to take place in the fifo at t3. Reads from the fifo occur when there is some data inthe fifo (ie. NOT IfifoEmpty), and the upper MC135 status flip-flop is not set. As soon as a word isread out from the fifo into the MC176 latches in the middle of page AUX12, the MC135 statusflip-flop is set, inhibiting further reads until the IfifoAck' signal arrives from the DES input finite-state machine, signifying that the data has been consumed.Refer now to page AUX12. Note that, apart from the RIOB data being written into the F145ARAMS, the bottom two bits of TIOA are also being remembered. Thus, when the data emergesfrom the fifo, the DES input fifo can discriminate between three different types of data (not four,since TIOA=340 is illegal, as explained above).If the data is tagged with TIOA[6..7]=01 or 10, then it is for the DES encryption units.If the data is tagged with TIOA[6..7]=11, then it is for the Counter/Timer.(TIOA[6..7]=00 should never occur.)î"«ïfñrôXîýî ï_tôî ï[êrð+îÙïX¿î ð&îÙïW;î îÙïU·î îÙïT3î îÙïR¯î îÙïQ+î ð!îÙïO§î î ïJÔuî ïG¨rô„ð$qrô…ð6î ïF$ôŒqrôð8î ïD ô—ô˜ð?î ïCô•ð)ô–ð5î ïA˜ô„ð.urururur î ï@ôðUî ï<éô†ð:ô‡ð%î ï;eô î ï89ô¡ô¢ð<î ï6µôðLôî ï51ô£ðTô¤î ï3ôŠqrð"ô‹ð#î ï2)ô¯ð/ô°qrq rî ï0¥ô¸ô¹ðUî ï/!ôð;î ï+öqrô–ð(ô—ð!vrî ï*rô‹ð+urð7î ï(îôôŽqrq rðIî ï'iô£ð;ô¤î ï%åôð5qrð"ôžî ï$aôð:î ï!6ô«ô¬ð(qrð"î ï²ôðLôžî ï.ôôð[î ïªôqvrð!î ï~ôó ôôðJî ïSôðKî ï(ð#ÿ šýá=7U*.Dorado Auxiliary Board73.2 Dual DES Encryption UnitsThe heart of the Encryption logic consists of two AMD Am Z8068 MOS LSI DES Encryptionchips, shown on page AUX14. Careful reading of the AMD specifications for these chips reveals anumber of important points -- read these carefully:a.The Am Z8068 is capable of being used in two modes, Direct-Control Mode, DCM, forAm2900 bit-slice architectural applications, and Multiplexed-Control Mode, MCM, formore bus-oriented applications. The Dorado design uses MCM exclusively.In MCM, the Master Port is multiplexed between data input and register address input.The processor commands the device to perform various operations by writing commandsinto internal mode- and command-registers, previously selected by supplying a 2-bitregister address on Master Port bits 1 and 2 and pulsing Master Port Address Strobe, MAS'.In DCM, the Auxiliary Port is unavailable, and its signals are used instead for controllinginternal functions directly by external hardware. Unfortunately, although it might, at firstglance, appear that this would be more appropriate for a Dorado design, the fullfunctionality of the chip is not available in DCM. In particular, Cipher-Block-Chainingoperations in DCM are complicated, since one can't load the CBC Initialisation Vector inDCM, only in MCM.b.The Am Z8068 has 3 data ports, Master, Slave, and Auxiliary. The device can operatewith 2 different encryption keys, a Master Key and a Session Key. The Auxiliary port,sometimes referred to in the AMD documentation as the Key port, is used for enteringthe Master Encryption Key, which is intended for use in encrypting session keys fortransmission to remote DES equipment. We don't use this feature, so we don't use theAuxiliary port at all.c.In the AMD literature, the Z8068 is usually shown placed between a computer data busand a communications link. Thus, the clear text is always on one side of the chip (eg.Master port), and the cipher text on the communication link, on the other (eg. Slave port).On encryption, data is written into the Master port by the CPU (say), and is read from theSlave port by the communication link controller. On decryption, the direction of data flowis reversed, with cipher text being written into the Slave port by the communication link,and being read from the Master port by the CPU.Examination of the commands which can be issued in MCM reveals that the ports are notsymmetrical in that:1.You can't load keys or vectors through the Slave port.2.You can't access internal registers through the Slave port.In the Dorado design, we have chosen to configure the Master port permanently for datainput, and the Slave port for data output. Thus, for encryption, the port configuration bitsin the Mode register are set to 01b, (Dual-port, Master Clear, Slave Encrypted) beforeissuing a Start Encryption command (41x), whereas for decryption, the port configurationbits in the Mode register are set to 00b, (Dual-port, Master Encrypted, Slave Clear) beforeissuing a Start Decryption command (40x). In the Dorado design, no provision is made for reading data out of the Master port. Thecommand codes show that the data which can be read from the Master port consists of theinitialisation vectors, IVE and IVD, either in clear or ciphered, or the internal Statusregister. However, it is never necessary to read the IV's, and the Status register doesn'tconvey much information which couldn't be deduced by other means. Therefore, notÿî"°ïfñrôXîG©î·ï_uôî·ï[êrô´ð*ôµð+î·ïZfô‚ôƒðTî·ïXâôð3îyïU·îô«ô¬urîïT3ôïôðð!urîïR¯ôðHîïOƒô«ðUîïMÿô¥ðSîïL{ôôðKôõîïJ÷ô‚ðUqrîïGÌô”ð2ô•ð)îïFHô’ô“ð?îïDÄôÿð2ôîïC@ôð3ô®ð%îïA¼ô–ð,ô—ð,îï@7ôîyï=îô¯ð<ô°îï;ˆô¨ð2ô©ð$îï:ô«ô¬ð?îï8€ôÕ ôÖðIîï6üô§ô¨ðFîï5xôîyï2Lîô¤ô¥ðNîï0Èôð0ô®ð'îï/Dô†ð?ô‡îï-Àôƒð>ô„îï,<ô€ðQô îï*¸ô˜ð4ô™ð&îï)4ôð/îï& ô‰ôŠðCîï$…ôî›ï!Yî¬ð6î›ï.î¬ð;îïô—ð$ô˜ð2îï~ôƒð5ô„ð(îïúô½ð$ô¾ð2îïvôœðXîïòô‰ð)ôŠð2îïnôð*îïCôð%ôð3îï¿ôƒð;ô„îï ;ôÒð+ôÓð-îï·ô©ð5ôªð&îï 3ôÇðQÿ ¤· ì=7^ZHardware Reference Manual8being able to read the Master port is no great loss.d.The AMD literature for the Z8068 is not as clear as it might be, and it was necessary tocontact the chip's design engineer for clarification of a number of points. Four points areparticularly important:1.MDS', SDS', and MAS' must change synchronously with CLK.2.MFLG' and SFLG' will change synchronously with CLK.3.After power-up, you must issue a hardware reset (MAS' and MDS' activesimultaneously).4.Any write of a command to the chip must be followed by at least 6 clocks delaybefore performing any other reads of writes on any of the ports. This is the reasonfor the delay counter/timer, described below.e.The AMD specification for the Z8068 indicates a maximum clock period of 250nS. Afterconsidering a design where synchronisers are provided to permit the DES units to operateon their own 250nS clock independent from the Dorado, it was concluded that theadditional complexity was unjustified since the small difference in clock speeds means thatmany delays will be induced by the phase differences. Thus, the DES chips are operatedat Dorado Clock0'/8, namely 256nS. The AMD design engineer expressed confidence thatmost DES devices would continue to run if the Dorado clock rate was increased, possiblydown as far as 240nS. If we ever actually do this, we may also purchase speed-selectedversions of the Am Z8068 from AMD.Now let us consider the overall operation of the DES logic. As mentioned above, data in the DESinput fifo is tagged with the two low-order bits of the TIOA it was written with, corresponding towrites to TIOA's of 341-343. Writes to 340 do not enable the input fifo.Words tagged with 341 or 342 are routed into the DES chips; words tagged with 343 are loaded intothe delay counter/timer.DES data emerges from the input fifo, is converted by the multiplexor into bytes, and latchedagain. Thus, whilst the last byte is being written into the DES chips, the DES input finite-statemachine can cause the next word to be read out of the DES input fifo, enabling fully-pipelinedoperation.The byte data is then converted into TTL and fed into the Master ports of the two AMD AmZ8068 DES chips. The parity is checked (in TTL) just as the data enters these devices, and errorsare signalled as bit 14 in the Board Status Register, SR14.Words tagged with 341 are considered to be control words, and consist of an internal DES chipregister address in the high-order byte, and either a command code or a device mode in the low-order byte. The address byte is entered into the DES chips using MAS', whilst the command ormode byte is entered using MDS'.Words tagged with 342 are considered to be data words, and consist simply of two bytes of data.Both bytes are entered into the DES chips using MDS', MAS' remaining inactive.The DES chips operate in units of blocks, which are 8 bytes (64 bits) long. The devices arepipelined, allowing a block to be loaded into the chips whilst a second is being encrypted, and athird is being read out of the Slave port. See the pipeline timing diagrams on page AUX03 formore detail.î"«ïfñrôXîýî ï_ôð4îÙï[êî ôðXî ïZfôð4ôŽð(î ïXâôîûïU·îqrqrqrurqrîûïR‹îqrqrqrîûïO`îô@urqrôAqrîïMÜîûïJ±îô«ð"ô¬urð'îïI-ô‹ð.ôŒurîïG¨ôð-îÙïD}î ô’ðNô“î ïBùôôð>î ïAuôæôçðGî ï?ñôŠð@ô‹î ï>mô“ð6ô”ð!î ï<éô qrðBî ï;eô”ð4ô•ð#î ï9áô¥ô¦ðBî ï8]ôð"î ï51ôƒð<ô„ð$î ï3ôð+ô‘ð7î ï2)ôvrvrî ï.þô†vrvrô‡vrî ï-zôî ï*Nô¸ð9ô¹ð$î ï(Êô£ô¤ð[î ï'Fô¥ ô¦ðSî ï%Â î ï"—ô¯ð(ô°ð0î ï!ô‹ðbî ïôð;î ïcô±vrô²urð%î ïßô–ðBô—î ï[ô¤ðBqrô¥ î ï×ôqrî ï¬ô£vru rð*î ï(ôð0qrqrî ïüôÂð"urð2î ïxôœðJôî ïôô¡ðZô¢î ïpô4ý)>7\âdDorado Auxiliary Board9As the data is read from the Slave ports of the DES chips under the control of the DES outputfinite-state machine, parity is generated (using 74S280 parity generators) before the outputs of theduplicate encryptors are compared for differences. The IC's used are three 74LS266 open-collectorquad exclusive-OR gates. Differences indicate hardware errors, and are noted as bit 13 of theBoard Status Register, SR13.Thus, in the Dorado design, parity is carried through right to the point where the data enters theduplicate DES chips, and is generated again immediately the data emerges from the chips, andbefore the outputs are compared for error detection.Finally, the bytes are converted back into ECL, latched for conversion back into 16-bit words, andwritten into the DES output fifo, all under the control of the DES output finite-state machine.When at least 4 16-bit words (ie. at least 1 64-bit DES block) have accumulated in the DES outputfifo, a Dorado DES task-wakeup is generated and microcode transfers the data back into memory.3.3 DES Input Finite-State MachineThe DES input finite-state machine, shown on page AUX22, controls all of the data paths fromthe DES input fifo to the Master ports of the DES encryption chips.The DES chips are clocked at an eighth of the basic Dorado Clock0' rate, namely 256nS. The DESinput finite-state machine is clocked at twice the DES clock rate, namely 128nS, allowing for agrain of two FSM cycles per DES cycle. Thus, it is necessary for DesClock to be an input to theIFSM, so that the IFSM can be made to run in-phase with DesClock. (This is reflected in thesoftware, where, if IFSM gets out-of-phase, either an idle IFSM cycle is inserted (eg. in the IDLEstate), or an IFSM error is generated).Upon GlobalReset, the upper MC149 in the logic diagram is disabled, which effectively forces theIFSM into state 0, the RESET state. The software in the IFSM then tries to transit into stateRESET1, but will be unsuccessful until GlobalReset is removed. All outputs from IFSM are active-high, so the software can default them to LOW.The DES IFSM transits through four states (RESET, RESET1, RESET2, and RESET3) before arriving inthe IDLE state. In the IDLE State, the IFSM loops waiting until the two-bit EVENT input (which isderived from the TIOA tags and the DataValid' indication coming from the input fifo), indicate thatthere is a valid data word waiting in the fifo's output data latch.If the tag is 01b (ififoHasDesData), the IFSM loads the two bytes of data into the DES chips' Masterport, one byte at a time.If the tag is 10b (ififoHasDesControl), the IFSM loads the upper byte (an internal register address)into the DES chips using MAS', then the lower byte (either a command code or a mode) usingMDS'.Finally, if the tag is 11b (ififoHasTimerData), the IFSM loads the lower byte of the word into thecounter-timer, the upper byte being discarded.If any errors are detected by the IFSM, the output IfsmError is generated and appears as bit 12 inthe Board Status Register, SR12.Two points are worthy of note:ÿî"°ïfñrôXîG©î·ï_ôŸô ðWî·ï]’ô–ð]ô—î·ï\ô„ð7ô…ð+î·ïZŠô¹ðWôºî·ïYôî·ïUÚô–ðBô—î·ïTVô´ðMôµî·ïRÒôð4î·ïO§ôŠðPô‹î·ïN#ô³ô´ðSî·ïJ÷ôƒð$ô„ð=î·ïIsôðGôî·ïD uôð"î·ïAurô§ð8ô¨ð$î·ï?ñôðCî·ï<Æôˆð3ô‰qrî·ï;Aô³ðPô´î·ï9½ôŸðBqrô î·ï89ô¹ð7ôºqrî·ï6µôšðEô›qî·ï51rôð'î·ï2ô¨q rô©ð?î·ï0‚ô¿qrôÀð6î·ï.þqrô¢ð!q rð/î·ï-zôð*qrî·ï*Nôƒð"ô„qrqrqrqrî·ï(Êôqrqr ôŽð&qrî·ï'Fô˜ô™qr q rð6î·ï%ÂôðCî·ï"—ô‹qrôŒð)î·ï!ôî·ïçô¬ôqrð?î·ïcô±qrð=î·ïßqrî·ï´ô¯qrô°ð3î·ï0ôð.î·ïô˜ð3qrô™î·ï€ôî·ïU·=7YýHHardware Reference Manual10a.The AMD specifications show that the duty-cycle for MDS' is not 50%. Thus, the MC231is required to extend the period MDS' is active accordingly. All other DES signals behavenicely with 50% duty-cycles.b.This complicates the DES chip reset procedure, since it is necessary to activate MAS' andMDS' together to perform a reset. The is solved by providing a separate DesReset outputfrom IFSM, which overrides PreMAS and PreMDS by means of the MC105 gates.3.4 DES Delay Counter-TimerThe 8-bit counter-timer, on page AUX24, is clocked with DesClock. To implement the delaysrequired after loading commands into the DES chips, the delay desired is written into the DESIfifo using TIOA=343.When the IFSM sees a data word with a tag of 11b (ififoHasTimerData), it loads the lower byte of theword into the counter-timer, the upper byte being discarded.The MC106 gates, which gate the EVENT inputs to the IFSM on page AUX24, ensure that theIFSM will not see further valid data in the IFIFO output latch until the Counter-Timer hascounted down to zero (Counter=Zero').3.5 DES Output FifoRefer to page AUX16. The DES output fifo, Ofifo, is very similar to the input fifo discussedabove. Again, the memories are dual-ported with a MC158 multiplexor which is switched byFHCP such that write cycles take place ifrom t1 to t2, and read cycles take place from t2 to t3.Again, the type of the last cycle is remembered by the lower MC135, and this piece of state allowsthe fifo-full case to be distinguisghed from the fifo-empty case.Dorado DES task-wakeups are generated when the upper two bits of the read counter and theupper two bits of the write counter differ, indicating that there is at least 4 words of information inthe Ofifo. The DesWakeup signal will go away when the microcode reads sufficient data out fromthe Ofifo to change this.A word of data will fall out of Ofifo into the right-hand bank of MC176 latches whenever theupper MC135 status register on page AUX15 indicates the latches are empty. Further reads areinhibited until the microcode picks up the data (TIOA=Fifo' AND bIoin').3.6 DES Output Finite-State MachineThe DES output finite-state machine, OFSM, is quite simple. The OFSM loops in an IDLE statewaiting until the Des Slave port flag, DesSFLG, indicates that the slave port has a block of dataready to be read out. It then picks up a byte of data at a time until DesSFLG goes inactive, andloads them into the byte-to-word conversion latches before writing them into the output fifo.Again, the grain of OFSM is 2 states per DesClock, so as to easily generate DesSDS with a 50% dutycycle. No special action is required on a GlobalReset, except that the machine is forced into state 0,the IDLE state.î"«ïfñrôXîýîÙï_î ô”ð3ô•qrî ï]’ô ô‘qrð5î ï\ôîÙïXâî ô ð:ô¡qrî ïW^qrô©ðEqrôªî ïUÚôqrqrî ïQuî ïMÜrôÍð8qrôÎî ïLXô¬ð3ôð*î ïJÔôqvî ïG¨rô‚ð)ôƒqrð!î ïF$ôð<î ïBùô´qr ôµð(î ïAuôÏôÐðMî ï?ñôqrî ï;uî ï7órôµð1ô¶ð,î ï6oôÄðVôÅî ï4ëô¤ð&ô¥ð:î ï1¿ô†ô‡ðGî ï0;ôðAî ï-ô´ð.ôµð+î ï+ŒôðOô‚î ï*ô†ð6ô‡ð)î ï(„ôî ï%Xô°ô±ðVî ï#Ôô£ ô¤ðRî ï"Pôð1q rqrî ï}uð#î ïRrô˜ô™ðKqrî ïÎô¯ð'qr ô°ð(î ïJô ôžð7W5Dorado Auxiliary Board113.7 64-bit Checksum UnitThe Dorado design provides additional hardware to enable a higher degree of protection againstparticular forms of cryptographic attack. Consider the equations which describe the cipher-block-chaining algorithm, CBC:On encryption,C[0] = DES[ P[0] EXOR IVE, EKey ]-- 1C[i] = DES[ P[i] EXOR C[i-1], EKey ]-- 2On decryption,P[0] = DES[ C[0], DKey ] EXOR IVD-- 3P[i] = DES[ C[i], DKey ] EXOR C[i-1]-- 4WhereP[i]= Plaintext block i,C[i]= Ciphertext block i,EKey= Encryption keyDKey= Decryption keyIVE= CBC initialisation vector for encryptionIVD= CBC initialisation vector for decryptionNotice, from equation 3, that plaintext block i is only a function of ciphertext block i andciphertext block i-1. Thus, ciphertext blocks can be substituted in the datastream and they maypass unnoticed at the destination.We solve this problem by checksumming the plaintext at the source, and sending the checksum asthe the last ciphertext block. On decryption at the destination, the resulting plaintext is re-checksummed and compared with the decrypted checksum sent from the source, ie:On encryption,C[i+1] = DES[ Checksum[ P[0..i] ] EXOR C[i], EKey ]On decryption,P[i+1] = DES[ C[i+1], DKey ] EXOR C[i] = Checksum[ P[0..i] ]This algorithm, invented by Andrew Birrell, is implemented in hardware on page AUX18. Eitherthe 16-bit plaintext word in the output latch of the input fifo, or the 16-bit plaintext word about tobe written into the output fifo is selected by the MC158 multiplexors, depending on whether weare encrypting or decrypting (a bit in the control register). The word is exclusive-or'd with theword from the corresponding 16-bit position in the shift register and written back into the shiftregister.When encrypting, after the DES chips have finished encrypting the last block, the microcode setsthe ChecksumReset bit in the control register, and reads the 4 checksum words from the checksumunit and writes them back into the Des input fifo. As this is done, the checksum is reset to zero,which it will remain until the ChecksumReset bit is cleared. The checksum is, in turn, encrypted,and is later transferred by the microcode from the DES output fifo back into memory as the lastblock.î"°ïfñrôXîFùî·ï_uôî·ï[êrô§ð^î·ïZfô–ô—ðOî·ïXâôî·ïU· îÙïR‹wô¬ð$î/‹rôXîÙïQwô¬ð$î/‹rôXî·ïMÜô îÙïJ±wô¬ð!î/‹rôXîÙïI-wô¬ð$î/‹rôXî·ïFîÙïBÖwîürîÙïARwîürîÙï?ÎwîürîÙï>JwîürîÙï<Æwîürð*îÙï;Awîürð*î·ï8ôÞðVôßî·ï6’ô¦ô§ðKî·ï5ôð"î·ï1ãôðRôŽî·ï0_ôÕôÖðIî·ï.ÚôðNî·ï+¯ îÙï(§wô¬ð3î·ï%Ÿrô îÙï"—wô¬ð&îÙï!Yî·ïQrô“ðFô”î·ïÍôƒðcô„î·ïIô ðPô¡ î·ïÅô¬ðGôî·ïAô¬ð+ôð6î·ï½î·ï‘ô™ð2ôšð.î·ï ô…ðVô†î·ï‰ôô‘ðTî·ïôð=ôð%î·ï ô˜ô™ðYî·ïýÊ·¶=7\UHardware Reference Manual12When decrypting, the checksum unit accumulates the checksum of the plaintext words as they arewritten into the DES output fifo. The last block through the DES chips will be the encryptedchecksum sent by the source, and, when exclusive-or'd with the recomputed checksum, shouldequal zero. When decryption completes, the microcode reads the 4 checksum words from thechecksum unit and verifies this.ÿî"«ïfñrôXîýî ï_ô‘ð"ô’ð<î ï]’ô®ô¯ðQî ï\ôÃôÄð>î ïZŠô½ô¾ðHî ïYôªýX¾=7M7Dorado Auxiliary Board134. Random Bit GeneratorRefer to page AUX26. The random bit generator has four main components, from top to bottom:a.A white-noise source based on a KN1201 noise diode.b.An operational amplifier to raise the noise signal level.c.An ECL comparator, to turn the noise into a bit stream.d.An isolated power supply, based on a PG505 DC-DC converter.ÿî"°ïfñrôXîFùî·ï_tôî·ï[êrô‡ðQôˆ îyïX¿îôð3îyïW;îð9îyïU·îð7îyïT3îð;ÿr·Sì<7;Hardware Reference Manual145. Electronic Stable StorageTo be added.ÿî"«ïfñrôXîýî ï_tôî ï[êrDý[£khDorado Auxiliary Board156. 10 megabits/second Ethernet ControllerTo be added.ÿî"°ïfñrôXîFùî·ï_tôrtî·ï[êrN·[£Šh TIMESROMAN TIMESROMAN TIMESROMAN LOGO TIMESROMAN TIMESROMAN TIMESROMANGACHAá¸Ù±Ò% ¦. œ7 ¸@ËHáOÉQÅSãUáWÿÿj/ZXšli§ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿAuxManual.bravoTonyWest.PAFebruary 5, 1983 5:36 PM