Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

Figure 35. AH Data Flow

Application

IP

Header

payload

IPSec Client

Note :

IP mutable fields are handled by IPSec client

IP

AH

payload

Header

 

 

 

 

 

Authenticate

Req (SA_ID, ...)

IP

AH

Auth

payload

Header

Data

 

 

Access Component / Intel XScale® Core

IP

Header

AH

payload

IP

AH

Auth

payload

Header

Data

 

 

NPE

Processed by

IPSec client

Processed by

NPE

From application

Authenticate

 

 

Req (SA_ID, ...)

 

 

IP

AH

Auth

payload

Header

Data

 

 

Forward authentication Operation

Note :

ICV is inserted into AH authentication data field

B2460-02

7.4.3Hardware Acceleration for IPSec Services

The IxCryptoAcc API is dependant upon hardware resources within NPE C (also known as Ethernet NPE B) in order to perform many of the cryptographic encryption, decryption, or authentication functions. Specifically, NPE C provides an AES coprocessor, DES coprocessor and a hashing coprocessor (for MD5 and SHA1 calculations).

7.4.4IPSec API Call Flow

Figure 36 on page 102 details the IxCryptoAcc API call flow that occurs when submitted data for processing using IPSec services. The process listed below assumes that the API has been properly configured and that a crypto context has been created and registered in the CCD, as described in “Context Registration and the Cryptographic Context Database” on page 90.

Programmer’s Guide

IXP400 Software Version 2.0

April 2005

 

Document Number: 252539, Revision: 007

101

Page 101
Image 101
Intel IXP400 manual Hardware Acceleration for IPSec Services, IPSec API Call Flow