1. Field
The present invention relates to computer systems. More particularly, the present invention relates to a direct-memory access controller with a data processing core that performs data encryption and decryption.
2. Description of Related Art
Digital data processing is a process of manipulating data based on a computer algorithm. Basic functions such as fixed point arithmetic are performed by the CPU using its arithmetic logic unit module. But complex algorithms demand more computing resources and are executed in dedicated data processing modules with very minimal CPU help. With the advent of System-On-Chip (SOC) technology, engineers are able to implement highly specialized and complex algorithms inside an Application Specific Integrated Circuit (ASIC). This results in very fast computations since the CPU, fast SRAM memory, DMA Controller and data processing modules are all located inside the ASIC.
A DMA Controller (DMAC) is a dedicated device that is programmed by the CPU to perform a sequence of data transfers on behalf of the CPU. It can directly access memory and is used to transfer data from one memory location to another or from an I/O device to memory and vice versa. It manages several DMA Channels, each of which can be programmed to perform a sequence of DMA transfers. A DMAC typically shares the system memory and I/O bus with the CPU. This architecture enables the DMAC to operate in parallel with the CPU to some extent. This however requires that the DMA Channel is first programmed by the CPU using a descriptor table. This table basically contains all the necessary information to initiate, monitor and sustain the DMA operation. DMAC interrupts the CPU whenever a DMA channel terminates. Thus, it requires less CPU time than that of servicing interrupts or polling if DMA is not used. Some DMACs minimize CPU intervention further by having a chain address register that points to a chain table in memory. The chaining allows the DMAC to automatically fetch and load a new descriptor table in its DMA Channel. This feature is useful for transferring blocks of data into noncontiguous buffer areas.
A typical DMAC during a write transaction receives data from an I/O device and writes this data directly to memory. During a read transaction, the DMAC fetches the data from memory and routes it to an I/O device. If data processing is to be performed using a dedicated data processing module, the DMAC reads the input data from memory and then transfers this to the data processing module. The output of the data processing module is then written back to the memory by the DMAC. This constitutes a memory to memory transfer.
For a write transaction with data processing, the DMAC would have to first transfer the data from an I/O device to memory, read the same data from memory, feed the data to the data processing module, and write the output back to memory. For a read transaction with data processing, the DMAC would have to first read the data from memory, feed the data to the data processing module, and transfer the output to an I/O device. An extra memory to memory transfer is thus required.
The DMAC is configured by the CPU to transfer data between memory and one or more I/O devices. For a multiple I/O device configuration, the DMAC has to handle simultaneous transactions with these I/O devices. An additional memory to memory transfer greatly reduces the speed by which multiple transfer-with-data-processing transactions are completed.
A common algorithm implemented in data processing modules is encryption and decryption of digital data. Performing this process greatly enhances the security of data transfer. A typical application of this data processing is for storage of critical data. An external data source would request transfer of data to the storage controller SOC, and additionally would request that the transfer be a write transfer with encryption. To be able to maximize security, data has to be encrypted immediately once it is received. For read operations, an external data destination would request a read transfer with decryption. Another application of this data processing is the cipher engine. The cipher engine provides encryption and decryption services to all the data sources attached to it. In this application, the processed data are not stored but are immediately returned to the source in which case the memory device is only used as a temporary buffer.
Most encryption algorithms such as Advanced Encryption Standard (AES), Data Encryption Standard (DES) and Blowfish require a large amount of computing resources. An architecture that is able to perform multiple encrypt/decrypt operations simultaneously is therefore needed to service multiple transfer requests, without a negative impact on the speed of transfer and processing.
It is therefore the objective of this invention to provide a DMA controller with an encryption and decryption processor that is able to service simultaneous data transfer requests. It is further the objective of this invention to provide a DMA controller with an encryption and decryption processor that eliminates the need for extra memory to memory transfers. It is further the objective of this invention to provide a DMA controller that can process both a normal transfer request and a transfer request with encryption and decryption.