ITCM
From Sp305x wiki
The SPMP3050 contains an Instruction Tightly Coupled Memory ROM that contains a whole bunch of callable subroutines. Running code from here is, of course, a lot faster than running it uncached from main RAM. It remains to be proven whether it is considerably faster than running code from main RAM with caches enabled. The routines are baked into the CPU; this is probably what Sunplus passes as "hardware acceleration" of these algorithms.
A dump of the iTCM (32kB) is located here: [1]
Here are some routines that have been identified:
0x4E48 int hmac_init(void *context, char *key, int keylength); 0x4F30 int hmac_input(void *context, char *data, int datalength); 0x4F74 int hmac_finalize(void *context, char *hmac, int hmaclength); 0x500C void sha1_init(void *context); 0x504C void sha1_input(const char *data, int datalength, void *context); 0x531C void sha1_finish(void *context, char *hash); 0x5444 void sha1_transform(unsigned int *h, char *block); //internal, performs SHA-1 base transform on h1-h5 values and a 64-byte block 0x563C void memcpy(void *dst, void *src, size_t len); //sha-1 internal 0x5658 void memset(void *dst, int val, size_t len); //sha-1 internal 0x5670 void rc4_init(void *context, int keylength, char *key); 0x56E4 void rc4_encrypt(void *context, int size, char *buffer); //note: rc4 encrypt and decrypt are identical (stream cipher)
HMAC context size = 0xB0 SHA-1 context size = 0x5C RC4 context size = 0x102
The routines before the crypto are more mathematical in nature and complicated and are almost certainly compression/decompression/image processing algorithms. Segher has commented that some of it looks like DCT.
The routines at 0x5754 and 0x591C are some unknown encryption algorithm. It looks like a stream cipher (XOR-based) that produces the PRNG stream in blocks, has a large state (0x400). It uses the PHI constant 0x9E3779B9, which TEA/XTEA also use, but it's definitely not TEA/XTEA, although some parts resemble it. Is there any PRNG/stream cipher based around (X)TEA?!?
The iTCM actually ends at 0x5EF8.
