This highly configurable implementation of the AES-GCM algorithm implements the full NIST draft SP800-38D specification. AES GCM combines AES in counter mode with a 128 bit Galois field multiplier to provide both encryption and authentication for high speed data streams. AES-GCM is parallelisable unlike the authethicated modes of AES based on the CBC-MAC algorithm. The GCM mode is particularly suitable for multi-gigabit networking applications and is specified in draft IEEE standard 802.1ae, IETF RFC 4106 and draft NIST SP800-38D. This core implements aspects of the NIST SP800-38D specification such as variable length Initial Values and 192 and 256 bit key lengths which are not required by the IEEE 802.1 MACSEC standard and which reduce performance when implemented in hardware. Our AES-GCM-10G core implements AES-GCM with fixed 128 bit keys and fixed 96 bit IVs which allows the use of various optimisations which result in improved performance when the core has to process a stream of minimum sized packets.
The AES-GCM core is based on our AES-G3 implementation and is supplied as a complete package of VHDL or Verilog source code. Data path width is configurable and parallel AES encryptors can be provided allowing a flexible tradeoff of area against performance. Most competitive implementations of AES-GCM have a fixed 64 or 128 bit internal data path width which makes them area inefficient at the lower end of the performance range.