IPSec API Call Flow | Intel IXP400 specification

Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

Figure 36. IPSec API Call Flow

1.(...NPE init, CryptoAccConfig, CryptoAccInit, CryptoAccCtxRegister, etc...)

create data mBufs, IV

2.ixCryptoAccAuthCryptPerform (cryptoCtxId, *pSrcMbuf, *pDestMbuf, authStartOffset, authDataLen, cryptStartOffset, cryptDataLen, icvOffset, *pIV)

3.

IPSec Client

IxCryptoAcc

6.IxCryptoPerformCompleteCallback (cryptoContextId, mBuf *, IxCryptoAccStatus)

IxQMgr / AQM	Crypto Request Queue		Crypto Complete Queue

SDRAM

5.

NPE - C

4.

B2918-01

1.The proper NPE microcode images must have been downloaded to the NPE and initialized. Additionally, the IxCryptoAcc API must be properly configured, initialized, and the crypto context registration procedure must have completed.

At this point, the client must create the IX_OSAL_MBUFs that will hold the target data and populate the source IX_OSAL_MBUF with the data to be operated on. Depending on the encryption/decryption mode being used, the client must supply an initialization vector for the AES or DES algorithm.

2.The client submits the IxCryptoAccAuthCryptPerform() function, supplying the crypto context ID, pointers to the source and destination buffer, offset and length of the authentication and crypto data, offset to the integrity check value, and a pointer to the initialization vector.

3.IxCryptoAcc uses IxQMgr to place a descriptor for the data into the Crypto Request Queue.

April 2005	IXP400 Software Version 2.0	Programmer’s Guide
102	Document Number: 252539, Revision: 007

Image 102

Intel IXP400 manual IPSec API Call Flow

Contents

Intel IXP400 Software Programmer’s Guide Intel IXP400 Software IXP400 Software Version Contents 1.1 100 118 152 Contents Access-Layer Components 225 17.9 Operating System Adsl Driver Figures 102 Tables AQM 300 Revision History Date Revision Description Hardware Supported by this Release Introduction1Versions Supported by this Document Intended Audience How to Use this Document About the ProcessorsChapters Description Related Documents Document Title Document # Acronyms Document Title Document #Acronym Description CPU HSS MSB SIP Software Architecture Overview High-Level Overview Deliverable Model Software Architecture Overview Access Library Source Code Documentation Operating System SupportDevelopment Tools Release Directory Structure Ixposal Include Src Ixp400xscalesw \---include +---npeMh Threading and Locking Policy Polled and Interrupt OperationStatistics and MIBs Global Dependency Chart Global Dependencies This page is intentionally left blank Buffer Management What’s NewOverview Buffer Management Intel IXP400 Software Buffer Flow Ixpbuf User Interface Raw Buffers Ixpbuf Structure Ixpbuf Structure and Macros Osal Ixpbuf structure and macros API User Interface to Ixpbuf Pool Management Fields Ixmbuf OS-Dependent Buffer Format Ixpbuf ixctrl Structure Ixne IXP400 NPE Shared Structure Mapping of Ixmbuf to Shared Structure Ixpbuf NPE Shared Structure Ixnext Ixosalmbufnextbufferinpktptr Ixmbuf StructureInternal Ixmbuf Field Format Sheet 1 Ixreserved Field / Macro Purpose Used by Access-Layer? Internal Ixmbuf Field Format Sheet 2Ixmbuf Field Details Sheet 1 Mapping to OS Native Buffer Types VxWorks* Mblk BufferIxmbuf Field Details Sheet 2 Linux* skbuff Buffer Ixmbuf to Mblk Mapping Following fields will get updated in the skbuffer Buffer Translation Functions Caching Strategy Tx Path Rx Path Caching Strategy SummaryBuffer Management Tx Cache Flushing Example Intel IXP400 Software This page is intentionally left blank Access-Layer Components ATM Driver Access IxAtmdAcc API IxAtmdAcc Component Features Access-Layer Components ATM Driver Access IxAtmdAcc API Configuration Services Utopia Port-Configuration ServiceATM Traffic-Shaping Services VC-Configuration Services Transmission Services Scheduled Transmission Buffer Transmission for a Scheduled Port Schedule Table Description Transmission Triggers Tx-Low Notification Transmit-Done Processing Tx Done Recycling Using a Threshold Level Transmit Done Based on a Threshold Level Tx Done Recycling Using a Polling Mechanism Transmit Disconnect Receive Services Tx Disconnect Receive Triggers Rx-Free-Low Notification Receive ProcessingReceive Based on a Threshold Level Rx Using a Threshold Level RX Using a Polling Mechanism Receive Disconnect Buffer Contents Buffer ManagementBuffer Allocation Ixpbuf Fields Modified During Reception Sheet 1 Ixpbuf Fields Required for TransmissionIxpbuf Fields of Available Buffers for Reception Field Description Buffer-Size Constraints Error HandlingAPI-Usage Errors Buffer-Chaining Constraints Real-Time Errors Real-Time ErrorsCause Consequences and Side Effects Corrective Action Access-Layer Components ATM Manager IxAtmm API IxAtmm Component FeaturesIxAtmm Overview Access-Layer Components ATM Manager IxAtmm API Utopia Level-2 Port Initialization ATM-Port Management Service Model Services Provided by Ixatmm Tx/Rx Control Configuration Configuration of Traffic Control Mechanism Management Interfaces Error HandlingDependencies Memory Requirements Performance Access-Layer Components ATM Transmit Scheduler IxAtmSch IxAtmSch Component Features Access-Layer Components ATM Transmit Scheduler IxAtmSch API Supported Traffic TypesTraffic Type Supported Num VCs Connection Admission Control CAC Function Scheduling and Traffic Shaping Schedule Table Schedule Service Model Minimum Cells Value minCellsToScheduleMaximum Cells Value maxCells Timing and Idle Cells IxAtmSch Data Memory Usage Code SizeData Memory Per VC Data Per Port Data Total Latency Access-Layer Components Security IxCryptoAcc API Access-Layer Components Security IxCryptoAcc API IxCryptoAcc API ArchitectureIxCryptoAcc Interfaces Basic API Flow Context Registration and the Cryptographic Context Database Basic IxCryptoAcc API Flow Intel IXP400 Software IxCryptoAcc API Call Process Flow for CCD Updates IxCryptoAcc Data Memory Usage Sheet 1 Buffer and Queue ManagementMemory Requirements Structure Size in Bytes Total Size in Bytes Dependencies IxCryptoAcc Data Memory Usage Sheet 2 Other API Functionality IxCryptoAccHashKeyGenerate Import and Export of Cryptographic Technology IPSec ServicesEndianness IPSec Background and Implementation IxCryptoAcc, NPE and IPSec Stack Scope IPSec Packet Formats Relationship Between IPSec Protocol and Algorithms Authentication Header Reference ESP Dataflow Reference AH Dataflow ESP Data Flow Hardware Acceleration for IPSec Services IPSec API Call Flow IPSec API Call Flow Special API Use Cases Hmac with Key Size Greater Than 64 Bytes CCM Operation Flow AES CBC Encryption For MIC WEP Services IPSec Assumptions, Dependencies, and LimitationsWEP Background and Implementation Hardware Acceleration for WEP Services WEP Frame with Request Parameters IxCryptoAccXscaleWepPerform WEP API Call FlowIxCryptoAccNpeWepPerform NPE Microcode Images WEP Perform API Call Flow SSL and TLS Protocol Usage Models AuthenticationCombined Mode Operations Encryption/Decryption Supported Encryption Algorithms Supported Encryption and Authentication AlgorithmsEncryption Algorithms Cipher Key Sizes Parity Bit Actual Key Size Electronic Code Book ECB Counter Mode CTRCipher Modes Cipher Block Chaining CBC Authentication Algorithms Supported Authentication AlgorithmsAuthentication Algorithm Data Block Size Bits Key Size Bits 114 Document Number 252539, Revision Access-Layer Components DMA Access Driver IxDmaAcc API FeaturesAssumptions DMA Access-Layer API Access-Layer Components DMA Access Driver IxDmaAcc API IxDmaAcc Component Overview Parameters Description IxDmaAccDescriptorManager Destination Address Transfer ModeSource Address Transfer Width Addressing Modes Transfer Length Transfer Mode Supported ModesIncrement 122 Document Number 252539, Revision Data Flow Control Flow DMA Initialization IxDmaAcc Control Flow DMA Configuration and Data Transfer IxDMAcc Initialization DMA Transfer Operation Restrictions of the DMA Transfer Little Endian Access-Layer Components Ethernet Access IxEthAcc API IxEthAcc Overview Ethernet Access Layers Architectural Overview Access-Layer Components Ethernet Access IxEthAcc APIRole of the Ethernet NPE Microcode 4 MAC/PHY Configuration Queue ManagerLearning/Filtering Database Ethernet Access Layers Component Features Ethernet Access Layers Block Diagram Data Plane Port Initialization Ethernet Frame TransmissionTransmission Flow Transmit Buffer Management and Priority Ethernet Transmit Frame Data Buffer Flow TxEnetDone Using Chained IXOSALMBUFs for Transmission / Buffer Sizing Ethernet Frame ReceptionTx Fifo Priority Receive Flow Ethernet Receive Frame API Overview Receive Buffer Management and Priority Buffer SizingSupplying Buffers Programmer’s Guide Codelet or client application Rx Fifo Priority QoS Mode Freeing BuffersRecycling Buffers Additional Receive Path Information No Receive Polling Control Path Data-Plane EndiannessMaximum Ethernet Frame Size IxEthAcc and Secondary Components MII I/O MAC Duplex SettingsEthernet MAC Control Frame Check Sequence MAC Filtering Promiscuous ModeNon-Promiscuous Mode 1.6 802.3x Flow Control NPE Loopback InitializationShared Data Structures Emergency Security Port Shutdown Ixosalmbuf Structure Format Ixpneflags Field Format Queue Field Description Eth 150 Document Number 252539, Revision Ixosalmbuf Port ID Field Format Ixpneflags.linkprot Field Values Management InformationIxosalmbuf Port ID Field Values Field Bit Values Managed Objects for Ethernet Receive Object Increment Criteria Managed Objects for Ethernet Transmit Access-Layer Components Ethernet Database IxEthDB API IxEthDB Functional Behavior Access-Layer Components Ethernet Database IxEthDB API MAC Address Learning and FilteringLearning and Filtering Node Learning/Filtering General Characteristics Other MAC Learning/Filtering Usage ModelsPort Definitions Port Dependency Map Provisioning Static and Dynamic EntriesAging Database Maintenance Frame Size FilteringRecord Management Source MAC Address Firewall Filtering Example Based Upon Maximum Frame SizeMAC Address Block/Admission 10.3.4 802.1Q Vlan Invalid MAC Address Filtering Background Vlan Data in Ethernet Frames Untagged MAC Frame FormatVlan Tagged MAC Frame Format Database Records Associated With Vlan IDs Acceptable Frame Type FilteringVlan Tag Format Ingress Tagging and Tag Removal Port-Based Vlan Membership Filtering Port and VLAN-Based Egress Tagging and Tag Removal Special Conditions Tag Mode Frame Status Action Egress Vlan Tagging/Untagging Behavior Matrix 10.3.5 802.1Q User Priority / QoS Support Port ID ExtractionPriority Aware Transmission Receive Priority Queuing QoS on Receive for 802.1Q Tagged Frames Priority to Traffic Class Mapping QoS on Receive for Untagged Frames Background 802.3 and 802.11 Frame Formats Default Priority to Traffic Class Mapping10.3.6 802.3 / 802.11 Frame Conversion IEEE802.11 Frame Format IEEE802.11 Frame Control FC Field Format AP-STA and AP-AP Modes How the 802.3 / 802.11 Frame Conversion Feature Works Receive Path Field AP to STA mode AP to AP mode To 802.11 Header Conversion RulesTransmit Path Input 802.11 Frame Values Output 802.3 Frame Field Values 10.3.6.3 802.3 / 802.11 API Details11 to 802.3 Header Conversion Rules Frame Type Spanning Tree Protocol Port Settings IxEthDB APIInitialization IxEthDB Feature Set Feature SetAdditional Database Features User-Defined Field Promiscuous-Mode Requirement Dependencies on IxEthAcc ConfigurationDatabase Clear FCS Appending 180 Document Number 252539, Revision Access-Layer Components Ethernet PHY IxEthMii API Supported PHYs Access-Layer Components Ethernet PHY IxEthMii API PHYs Supported by IxEthMii Access-Layer Components Feature Control IxFeatureCtrl API Hardware Feature Control Product ID Values Using the Product ID-Related FunctionsAccess-Layer Components Feature Control IxFeatureCtrl API Bits Description Using the Feature Control Register Functions Feature Control Register Values Sheet 1 Software Configuration Feature Control Register Values Sheet 2Component Check by Other APIs Document Number 252539, Revision 187 188 Document Number 252539, Revision Access-Layer Components HSS-Access IxHssAcc API Access-Layer Components HSS-Access IxHssAcc API Features IxHssAcc API OverviewIxHssAcc Interfaces Access-Layer Components HSS-Access IxHssAcc API HSS and Hdlc Theory and Coprocessor Operation Intel X S cale C ore HSS Output Clock Jitter and Error Characterization HSS Tx Clock Output frequencies and PPM ErrorHSS Tx Freq Pj Max ns Cj Max ns Aj Max ns Jitter Type Jitter Definition Jitter DefinitionsHSS Frame Output Characterization Actual Frame Length µs High-Level API Call Flow Key Assumptions IxHssAcc Component Dependencies HSS Port Initialization Details IxHssAccPortInit 198 Document Number 252539, Revision Channelized Connect and Enable HSS Channelized OperationIxHssAccChanConnect 200 Document Number 252539, Revision Channelized Tx/Rx Methods Channelized Connect CallBack Polled Channelized Transmit and Receive Channelized Disconnect Packetized Connect and EnableHSS Packetized Operation IxHssAccPktPortConnect Document Number 252539, Revision 205 Packetized Tx Packetized Connect Document Number 252539, Revision 207 Packetized Rx Packetized Transmit Document Number 252539, Revision 209 Packetized Receive Buffer Allocation Data-Flow Overview 13.6.5 56-Kbps, Packetized Raw ModeData Flow in Packetized Service Packetized Disconnect 212 Document Number 252539, Revision HSS Packetized Receive Buffering Data Flow in Channelized Service HSS Packetized Transmit Buffering Document Number 252539, Revision 215 HSS Channelized Receive Operation HSS Channelized Transmit Operation 218 Document Number 252539, Revision Access-Layer Components NPE-Downloader IxNpeDl API Microcode ImagesLoading NPE Microcode from a File Versus Loaded from Memory NPE Microcode Library Customization Access-Layer Components NPE-Downloader IxNpeDl APIStandard Usage Example NPE Image Compatibility NPE-A Images Image Name Description NPE-B Images NPE-C Images Sheet 1 Custom Usage Example IxNpeDl UninitializationNPE-C Images Sheet 2 Deprecated APIs Access-Layer Components NPE Message Handler IxNpeMh API Interrupt-Driven Operation Access-Layer Components NPE Message Handler IxNpeMh APIInitializing the IxNpeMh Polled Operation Uninitializing IxNpeMh Sending an NPE Message Customer / Demo Code Sending an NPE Message with ResponseClient IxNpeMh IxNpeMh Receiving Unsolicited Messages from NPE to Software Client Client Customer / Demo Code IxNpeMh Component Dependencies 232 Document Number 252539, Revision Access-Layer Components Parity Error Notifier IxParityENAcc IntroductionBackground Network Processing Engines Scrubbing/Memory Scrub DDR Sdram Memory Controller Unit MCU Switching Coprocessor in NPE B SwcpAHB Queue Manager AQM Expansion Bus Controller Interrupt Prioritization Parity Error InterruptsInterrupt Bit Default Priority Software Secondary Effects of Parity Interrupts Features Feature Hardware Component Software Support RecoverableIxParityENAcc API Details IxParityENAcc Dependency Diagram IxParityENAcc API Usage Scenarios Summary Parity Error Notification Scenario Parity Error Notification Sequence Parity Error Interrupt Deassertion Conditions Sheet 1 Interrupt Bit Source API Invoked by Summary Parity Error Recovery Scenario Parity Error Interrupt Deassertion Conditions Sheet 2 Summary Parity Error Prevention Scenario Parity Error Notification Detailed Scenarios Data Abort with No Parity Error Data Abort followed by Unrelated Parity Error Notification Data Abort Caused by Parity Error Data Abort with both Related and Unrelated Parity Errors Access-Layer Components Performance Profiling IxPerfProfAcc Intel XScale Core PMU Internal Bus PMU Counter Buffer Overflow Idle-Cycle Counter Utilities ‘Xcycle’ Interrupt Handling IxPerfProfAcc Dependencies Using the API Threading API Usage for Intel XScale Core PMU Event and Clock Counting 254 Document Number 252539, Revision Time-Based Sampling Display Performance Counters Display Clock Counter Event-Based Sampling Iii. Print out the first five elements 258 Document Number 252539, Revision C0112788 No lower symbol found. Module kernel Using Intel XScale Core PMU to Determine Cache Efficiency Internal Bus PMU IxPerfProfAccBusPmuStart Xcycle Idlecycle Counter Perform the same calculation for the rest of the PECs Display Xcycle Measurement Access-Layer Components Queue Manager IxQMgr API Features and Hardware Interface Access-Layer Components Queue Manager IxQMgr API Document Number 252539, Revision 267 Dispatcher Configuration ValuesAQM Configuration Attributes Attribute Description Values Dispatcher Modes 270 Document Number 252539, Revision AQM Livelock Prevention Dispatcher in Context of a Polling Mechanism Document Number 252539, Revision 273 274 Document Number 252539, Revision Access-Layer Components Synchronous Serial Port IxSspAcc IxSspAcc API Details IxSspAcc Dependencies Interrupt Mode IxSspAcc API Usage ModelsInitialization and General Data Model 278 Document Number 252539, Revision Interrupt Scenario Polling Mode Init Transmit Receive 282 Document Number 252539, Revision Access-Layer Components Time Sync IxTimeSyncAcc API Access-Layer Components Time Sync IxTimeSyncAcc API Ieee 1588 PTP Protocol OverviewSynchronization Sequence Ieee 1588 Hardware Assist Block Overview Block Diagram of Intel IXP46X Network Processor Detailed Information Hardware Feature Options Default State IPv6 and VLAN-Tagged Ethernet Frames Ieee 1588 PTP Client Application IxTimeSyncAcc API DetailsIxTimeSyncAcc Additional Hardware Information Document Number 252539, Revision 289 Interrupt Mode Operations IxTimeSyncAcc API Usage ScenariosPolling for Transmit and Receive Timestamps Polled Mode Operations Interrupt Servicing of Target Time Reached Condition Polling for Auxiliary Snapshot Values Access-Layer Components UART-Access IxUARTAcc API Interface Description Fifo Versus Polled Mode Access-Layer Components UART-Access IxUARTAcc APIUart / OS Dependencies Uart Services Models 296 Document Number 252539, Revision Access-Layer Components USB Access ixUSB API USB Controller Background Packet Formats Access-Layer Components USB Access ixUSB APIIN, OUT, and Setup Token Packet Format SOF Token Packet Format Handshake Packet Format Transaction FormatsData Packet Format Bits 023 Bytes Action Token Packet Data Packet Handshake Packet Bulk Transaction FormatsIsochronous Transaction Formats Action Token Packet Data Packet Control Transaction Formats Control Write SetupControl Transaction Formats, Set-Up Stage Interrupt Transaction Formats IxUSB Setup Requests API interfaces Available for Access LayerIxUSB API Interfaces Host-Device Request Summary Sheet 1 Request Name Configuration Host-Device Request Summary Sheet 2 IxUSB Endpoint Stall Feature IxUSB Send and Receive RequestsFrame Synchronization IxUSB Error Handling Stall on OUT Transactions Detailed Error Codes Error due to unknown reasons USB Data Flow USB Dependencies Codelets ATM Codelet IxAtmCodeletCodelets Ethernet Access Codelet IxEthAccCodelet Crypto Access Codelet IxCryptoAccCodeletDMA Access Codelet IxDmaAccCodelet Ethernet AAL-5 Codelet IxEthAal5App HSS Access Codelet IxHssAccCodelet Parity Error Notifier Codelet IxParityENAccCodelet Performance Profiling Codelet IxPerfProfAccCodelet Time Sync Codelet IxTimeSyncAccCodeletUSB Rndis Codelet IxUSBRNDIS Operating System Abstraction Layer Osal Operating System Abstraction Layer Osal Osal Architecture Core Module OS-Independent Core ModuleOS-Dependent Module Buffer Management Module Osal Library Structure Backward Compatibility ModuleBuffer Translation Module Document Number 252539, Revision 317 C lu d e Osal Modules and Related Interfaces Core Module IPC Osal Core Interface Sheet 1 Thread Osal Core Interface Sheet 2 Buffer Management Module 24.6.3 I/O Memory and Endianness Support ModuleOsal Buffer Management Interface Ixosalmmapvirttophys Osal I/O Memory and Endianness Interface Sheet 1 Supporting a New OS Osal I/O Memory and Endianness Interface Sheet 2 Supporting New Platforms Example 1. Global Memory Map Definitions Ixstaticmap Adsl Driver Device SupportAdsl Driver Overview Adsl API Adsl Line Open/Close Overview Example of Adsl Line Open Call Sequence Limitations and Constraints 2C Driver IxI2cDrv 26.3 I2C Driver API Details I2C Driver IxI2cDrv Arbitration Loss Error 2C Driver IxI2cDrv 26.4 I2C Driver API Usage Models Bus ErrorMaster-Interrupt Mode Initialization I2C Driver IxI2cDrv Slave-Interrupt Mode Slave-Polling ModeSupport Functions Example Sequence Flows for Slave Mode Sequence Flow Diagram for Slave Transmit in Interrupt Mode Sequence Flow Diagram for Slave Receive in Polling Mode 26.4.3 I2C Using Gpio Versus Dedicated I2C Hardware Sequence Flow Diagram for Slave Transmit in Polling Mode 340 Document Number 252539, Revision Endianness in Intel IXP400 Software Basics of EndiannessEndianness in Intel IXP400 Software Endianness When Memory is Shared Nature of Endianness Hardware or Software? Software Considerations and Implications Coding Pitfalls Little-Endian/Big-EndianCasting a Pointer Between Types of Different Sizes Network Stacks and Protocols Here is what the macro ntohl looks like in actual code Macro Source Code Best Practices in Coding of Endian-IndependenceMacro Examples Endian Conversion Avoid 346 Document Number 252539, Revision April Document Number 252539, Revision 347 Supporting Little-Endian Mode Reasons for Choosing a Particular LE Coherency Mode Hardware Switches Silicon Endianness Controls Intel XScale Core Endianness Mode MMU Byteswapen Bit Little-Endian Data Coherence Enable/DisableMMU P-Attribute Bit Forcebyteswap Bit Summary of Silicon Controls Silicon VersionsPCI Bus Swap Endian Hardware Summary IXP46X network processors A-0 stepping Part Number Brief Description APB Peripherals April 2005 Ethernet Access Component IxEthAcc NPE Downloader IxNpeDlNPE Message Handler IxNpeMh Data Plane Ixosalmbuf Data Payload One Half-Word-Aligned Ethernet Frame LE Address Coherent Intel XScale Core Read of IP Header LE Data Coherent Ethernet Access MIB Statistics Learning Database FunctionIntel IXP400 Software IxEthAcc and IxEthDB Summary 27.5.4 PCI Intel IXP400 Software OS AbstractionATM and HSS Endian Conversion Macros VxWorks* ConsiderationsIntel IXP400 Software Macros #defines VxWorks* Data Coherent Swap Code Software Versions Intel IXP400 Software VersionsIntel IXP400 Software Version Little-Endian Support Yes/No