Manuals / Intel / Kitchen Appliance / Frozen Dessert Maker

Intel IXP400 manual CCM Operation Flow

Models: IXP400

1 364

Download 364 pages 16.67 Kb

Page 104

Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

2.Use AES-CTR mode to encrypt the payload with counter values 1, 2, 3, …

3.Use AES-CTR mode to encrypt the MIC with counter value 0 (First key stream (S0) from AES-CTR operation)

Figure 37. CCM Operation Flow

E

B0

	...	E	...	E
		padding		padding
B1	… Bk	0 Bk+1	…	Br 0

Header

Payload

MIC

	S1		...	Sm		S0
A1	E	...	Am	E	A0	E
						B3002-01

Legend:

E – Encryption operation

B – Data blocks to be encrypted (data is split into multiple blocks of the size of cipher block length) S – Key stream generated from AES-CTR encryption

A – Counter blocks for AES-CTR encryption MIC – Message Integrity Code

Figure 38. CCM Operation on Data Packet

	Encrypted
Header	payload	MIC
	Authenticated
		B3003-01

The API usage for performing an IPSec-style AES-CCM operation is as follows:

1.Register a crypto context for AES-CBC encryption (cipher context). A crypto context ID (A, in this example) will be obtained in this operation. Non-in-place operation must be chosen (useDifferentSrcAndDestMbufs in IxCryptoAccCtx must set to TRUE) to avoid the original data being overwritten by encrypted data. This crypto context is used only for the purpose of authentication and generating the MIC.

April 2005	IXP400 Software Version 2.0	Programmer’s Guide
104	Document Number: 252539, Revision: 007

Image 104

Intel IXP400 manual CCM Operation Flow

Contents

Intel IXP400 Software Programmer’s GuideIntel IXP400 Software IXP400 Software VersionContents 1.1 100 118 152 Contents Access-Layer Components 225 17.9 Operating System Adsl Driver Figures 102 Tables AQM 300 Revision History Date Revision DescriptionIntroduction1 Versions Supported by this DocumentHardware Supported by this Release Intended AudienceChapters Description How to Use this DocumentAbout the Processors Related Documents Document Title Document #Acronym Description AcronymsDocument Title Document # CPU HSS MSB SIP Software Architecture Overview High-Level OverviewDeliverable Model Software Architecture OverviewDevelopment Tools Access Library Source Code DocumentationOperating System Support Release Directory Structure Ixposal Include Src Ixp400xscalesw\---include +---npeMh Statistics and MIBs Threading and Locking PolicyPolled and Interrupt Operation Global Dependency Chart Global DependenciesThis page is intentionally left blank Overview Buffer ManagementWhat’s New Buffer Management Intel IXP400 Software Buffer FlowIxpbuf User Interface Raw BuffersIxpbuf Structure Ixpbuf Structure and MacrosOsal Ixpbuf structure and macros API User Interface to Ixpbuf Pool Management Fields Ixmbuf OS-Dependent Buffer FormatIxpbuf ixctrl Structure Ixne IXP400 NPE Shared StructureMapping of Ixmbuf to Shared Structure Ixpbuf NPE Shared StructureIxmbuf Structure Internal Ixmbuf Field Format Sheet 1Ixnext Ixosalmbufnextbufferinpktptr IxreservedIxmbuf Field Details Sheet 1 Field / Macro Purpose Used by Access-Layer?Internal Ixmbuf Field Format Sheet 2 Ixmbuf Field Details Sheet 2 Mapping to OS Native Buffer TypesVxWorks* Mblk Buffer Linux* skbuff Buffer Ixmbuf to Mblk MappingFollowing fields will get updated in the skbuffer Buffer Translation FunctionsCaching Strategy Tx PathBuffer Management Tx Cache Flushing Example Rx PathCaching Strategy Summary Intel IXP400 Software This page is intentionally left blank Access-Layer Components ATM Driver Access IxAtmdAcc API IxAtmdAcc Component FeaturesAccess-Layer Components ATM Driver Access IxAtmdAcc API ATM Traffic-Shaping Services Configuration ServicesUtopia Port-Configuration Service VC-Configuration Services Transmission Services Scheduled Transmission Buffer Transmission for a Scheduled PortSchedule Table Description Transmission Triggers Tx-Low Notification Transmit-Done ProcessingTx Done Recycling Using a Threshold Level Transmit Done Based on a Threshold LevelTx Done Recycling Using a Polling Mechanism Transmit DisconnectReceive Services Tx DisconnectReceive Based on a Threshold Level Receive Triggers Rx-Free-Low NotificationReceive Processing Rx Using a Threshold Level RX Using a Polling Mechanism Receive DisconnectBuffer Allocation Buffer ContentsBuffer Management Ixpbuf Fields Required for Transmission Ixpbuf Fields of Available Buffers for ReceptionIxpbuf Fields Modified During Reception Sheet 1 Field DescriptionError Handling API-Usage ErrorsBuffer-Size Constraints Buffer-Chaining ConstraintsCause Consequences and Side Effects Corrective Action Real-Time ErrorsReal-Time Errors IxAtmm Overview Access-Layer Components ATM Manager IxAtmm APIIxAtmm Component Features Access-Layer Components ATM Manager IxAtmm API Utopia Level-2 Port InitializationATM-Port Management Service Model Services Provided by Ixatmm Tx/Rx Control Configuration Configuration of Traffic Control Mechanism Error Handling DependenciesManagement Interfaces Memory RequirementsPerformance Access-Layer Components ATM Transmit Scheduler IxAtmSch IxAtmSch Component FeaturesTraffic Type Supported Num VCs Access-Layer Components ATM Transmit Scheduler IxAtmSch APISupported Traffic Types Connection Admission Control CAC Function Scheduling and Traffic Shaping Schedule TableMaximum Cells Value maxCells Schedule Service ModelMinimum Cells Value minCellsToSchedule Timing and Idle Cells Code Size Data MemoryIxAtmSch Data Memory Usage Per VC Data Per Port Data TotalLatency Access-Layer Components Security IxCryptoAcc API IxCryptoAcc Interfaces Access-Layer Components Security IxCryptoAcc APIIxCryptoAcc API Architecture Basic API Flow Context Registration and the Cryptographic Context Database Basic IxCryptoAcc API FlowIntel IXP400 Software IxCryptoAcc API Call Process Flow for CCD Updates Buffer and Queue Management Memory RequirementsIxCryptoAcc Data Memory Usage Sheet 1 Structure Size in Bytes Total Size in BytesDependencies IxCryptoAcc Data Memory Usage Sheet 2Other API Functionality IxCryptoAccHashKeyGenerateIPSec Services EndiannessImport and Export of Cryptographic Technology IPSec Background and ImplementationIxCryptoAcc, NPE and IPSec Stack Scope IPSec Packet Formats Relationship Between IPSec Protocol and AlgorithmsAuthentication Header Reference ESP DataflowReference AH Dataflow ESP Data FlowHardware Acceleration for IPSec Services IPSec API Call FlowIPSec API Call Flow Special API Use Cases Hmac with Key Size Greater Than 64 BytesCCM Operation Flow AES CBC Encryption For MIC WEP Background and Implementation WEP ServicesIPSec Assumptions, Dependencies, and Limitations Hardware Acceleration for WEP Services WEP Frame with Request ParametersWEP API Call Flow IxCryptoAccNpeWepPerformIxCryptoAccXscaleWepPerform NPE Microcode ImagesWEP Perform API Call Flow Authentication Combined Mode OperationsSSL and TLS Protocol Usage Models Encryption/DecryptionSupported Encryption and Authentication Algorithms Encryption AlgorithmsSupported Encryption Algorithms Cipher Key Sizes Parity Bit Actual Key SizeCounter Mode CTR Cipher ModesElectronic Code Book ECB Cipher Block Chaining CBCAuthentication Algorithm Data Block Size Bits Key Size Bits Authentication AlgorithmsSupported Authentication Algorithms 114 Document Number 252539, Revision Assumptions Access-Layer Components DMA Access Driver IxDmaAcc APIFeatures DMA Access-Layer API Access-Layer Components DMA Access Driver IxDmaAcc APIIxDmaAcc Component Overview Parameters Description IxDmaAccDescriptorManagerTransfer Mode Source AddressDestination Address Transfer WidthAddressing Modes Transfer LengthIncrement Transfer ModeSupported Modes 122 Document Number 252539, Revision Data Flow Control FlowDMA Initialization IxDmaAcc Control FlowDMA Configuration and Data Transfer IxDMAcc InitializationDMA Transfer Operation Restrictions of the DMA Transfer Little Endian Access-Layer Components Ethernet Access IxEthAcc API IxEthAcc OverviewRole of the Ethernet NPE Microcode Ethernet Access Layers Architectural OverviewAccess-Layer Components Ethernet Access IxEthAcc API Learning/Filtering Database 4 MAC/PHY ConfigurationQueue Manager Ethernet Access Layers Component Features Ethernet Access Layers Block Diagram Data PlaneTransmission Flow Port InitializationEthernet Frame Transmission Transmit Buffer Management and Priority Ethernet Transmit Frame Data Buffer Flow TxEnetDoneTx Fifo Priority Using Chained IXOSALMBUFs for Transmission / Buffer SizingEthernet Frame Reception Receive Flow Ethernet Receive Frame API OverviewSupplying Buffers Receive Buffer Management and PriorityBuffer Sizing Programmer’s Guide Codelet or client applicationRecycling Buffers Rx Fifo Priority QoS ModeFreeing Buffers Additional Receive Path Information No Receive PollingMaximum Ethernet Frame Size Control PathData-Plane Endianness IxEthAcc and Secondary Components MAC Duplex Settings Ethernet MAC ControlMII I/O Frame Check SequencePromiscuous Mode Non-Promiscuous ModeMAC Filtering 1.6 802.3x Flow ControlInitialization Shared Data StructuresNPE Loopback Emergency Security Port ShutdownIxosalmbuf Structure Format Ixpneflags Field FormatQueue Field Description Eth 150 Document Number 252539, Revision Ixosalmbuf Port ID Field Format Management Information Ixosalmbuf Port ID Field ValuesIxpneflags.linkprot Field Values Field Bit ValuesManaged Objects for Ethernet Receive Object Increment CriteriaManaged Objects for Ethernet Transmit Access-Layer Components Ethernet Database IxEthDB API IxEthDB Functional BehaviorLearning and Filtering Access-Layer Components Ethernet Database IxEthDB APIMAC Address Learning and Filtering Node Port Definitions Learning/Filtering General CharacteristicsOther MAC Learning/Filtering Usage Models Aging Port Dependency MapProvisioning Static and Dynamic Entries Record Management Database MaintenanceFrame Size Filtering MAC Address Block/Admission Source MAC Address FirewallFiltering Example Based Upon Maximum Frame Size 10.3.4 802.1Q Vlan Invalid MAC Address FilteringVlan Tagged MAC Frame Format Background Vlan Data in Ethernet FramesUntagged MAC Frame Format Vlan Tag Format Database Records Associated With Vlan IDsAcceptable Frame Type Filtering Ingress Tagging and Tag Removal Port-Based Vlan Membership FilteringPort and VLAN-Based Egress Tagging and Tag Removal Special Conditions Tag Mode Frame Status Action Egress Vlan Tagging/Untagging Behavior MatrixPriority Aware Transmission 10.3.5 802.1Q User Priority / QoS SupportPort ID Extraction Receive Priority Queuing QoS on Receive for 802.1Q Tagged FramesPriority to Traffic Class Mapping QoS on Receive for Untagged FramesDefault Priority to Traffic Class Mapping 10.3.6 802.3 / 802.11 Frame ConversionBackground 802.3 and 802.11 Frame Formats IEEE802.11 Frame FormatIEEE802.11 Frame Control FC Field Format AP-STA and AP-AP ModesHow the 802.3 / 802.11 Frame Conversion Feature Works Receive PathTransmit Path Field AP to STA mode AP to AP modeTo 802.11 Header Conversion Rules 10.3.6.3 802.3 / 802.11 API Details 11 to 802.3 Header Conversion RulesInput 802.11 Frame Values Output 802.3 Frame Field Values Frame TypeInitialization Spanning Tree Protocol Port SettingsIxEthDB API Feature Set Additional Database FeaturesIxEthDB Feature Set User-Defined FieldDependencies on IxEthAcc Configuration Database ClearPromiscuous-Mode Requirement FCS Appending180 Document Number 252539, Revision Access-Layer Components Ethernet PHY IxEthMii API Supported PHYsAccess-Layer Components Ethernet PHY IxEthMii API PHYs Supported by IxEthMiiAccess-Layer Components Feature Control IxFeatureCtrl API Hardware Feature ControlUsing the Product ID-Related Functions Access-Layer Components Feature Control IxFeatureCtrl APIProduct ID Values Bits DescriptionUsing the Feature Control Register Functions Feature Control Register Values Sheet 1Component Check by Other APIs Software ConfigurationFeature Control Register Values Sheet 2 Document Number 252539, Revision 187 188 Document Number 252539, Revision Access-Layer Components HSS-Access IxHssAcc API IxHssAcc Interfaces Access-Layer Components HSS-Access IxHssAcc API FeaturesIxHssAcc API Overview Access-Layer Components HSS-Access IxHssAcc API HSS and Hdlc Theory and Coprocessor Operation Intel X S cale C oreHSS Tx Freq Pj Max ns Cj Max ns Aj Max ns HSS Output Clock Jitter and Error CharacterizationHSS Tx Clock Output frequencies and PPM Error Jitter Definitions HSS Frame Output CharacterizationJitter Type Jitter Definition Actual Frame Length µsHigh-Level API Call Flow Key Assumptions IxHssAcc Component DependenciesHSS Port Initialization Details IxHssAccPortInit198 Document Number 252539, Revision IxHssAccChanConnect Channelized Connect and EnableHSS Channelized Operation 200 Document Number 252539, Revision Channelized Tx/Rx Methods Channelized ConnectCallBack PolledChannelized Transmit and Receive Packetized Connect and Enable HSS Packetized OperationChannelized Disconnect IxHssAccPktPortConnectDocument Number 252539, Revision 205 Packetized Tx Packetized ConnectDocument Number 252539, Revision 207 Packetized Rx Packetized TransmitDocument Number 252539, Revision 209 Packetized Receive 13.6.5 56-Kbps, Packetized Raw Mode Data Flow in Packetized ServiceBuffer Allocation Data-Flow Overview Packetized Disconnect212 Document Number 252539, Revision HSS Packetized Receive Buffering Data Flow in Channelized Service HSS Packetized Transmit BufferingDocument Number 252539, Revision 215 HSS Channelized Receive Operation HSS Channelized Transmit Operation 218 Document Number 252539, Revision Loading NPE Microcode from a File Versus Loaded from Memory Access-Layer Components NPE-Downloader IxNpeDl APIMicrocode Images Access-Layer Components NPE-Downloader IxNpeDl API Standard Usage ExampleNPE Microcode Library Customization NPE Image CompatibilityNPE-A Images Image Name DescriptionNPE-B Images NPE-C Images Sheet 1NPE-C Images Sheet 2 Custom Usage ExampleIxNpeDl Uninitialization Deprecated APIs Access-Layer Components NPE Message Handler IxNpeMh API Access-Layer Components NPE Message Handler IxNpeMh API Initializing the IxNpeMhInterrupt-Driven Operation Polled OperationUninitializing IxNpeMh Sending an NPE MessageSending an NPE Message with Response ClientCustomer / Demo Code IxNpeMhIxNpeMh Receiving Unsolicited Messages from NPE to Software Client Client Customer / Demo CodeIxNpeMh Component Dependencies 232 Document Number 252539, Revision Background Access-Layer Components Parity Error Notifier IxParityENAccIntroduction Network Processing Engines Scrubbing/Memory ScrubSwitching Coprocessor in NPE B Swcp AHB Queue Manager AQMDDR Sdram Memory Controller Unit MCU Expansion Bus ControllerParity Error Interrupts Interrupt Bit Default Priority SoftwareInterrupt Prioritization Secondary Effects of Parity InterruptsIxParityENAcc API Details FeaturesFeature Hardware Component Software Support Recoverable IxParityENAcc Dependency Diagram IxParityENAcc API Usage ScenariosSummary Parity Error Notification Scenario Parity Error Notification SequenceParity Error Interrupt Deassertion Conditions Sheet 1 Interrupt Bit Source API Invoked bySummary Parity Error Recovery Scenario Parity Error Interrupt Deassertion Conditions Sheet 2Summary Parity Error Prevention Scenario Parity Error Notification Detailed ScenariosData Abort with No Parity Error Data Abort followed by Unrelated Parity Error Notification Data Abort Caused by Parity Error Data Abort with both Related and Unrelated Parity Errors Access-Layer Components Performance Profiling IxPerfProfAcc Intel XScale Core PMU Internal Bus PMU Counter Buffer OverflowIdle-Cycle Counter Utilities ‘Xcycle’ Interrupt Handling IxPerfProfAcc DependenciesUsing the API ThreadingAPI Usage for Intel XScale Core PMU Event and Clock Counting254 Document Number 252539, Revision Time-Based Sampling Display Performance CountersDisplay Clock Counter Event-Based Sampling Iii. Print out the first five elements258 Document Number 252539, Revision C0112788 No lower symbol found. Module kernel Using Intel XScale Core PMU to Determine Cache Efficiency Internal Bus PMU IxPerfProfAccBusPmuStart Xcycle Idlecycle Counter Perform the same calculation for the rest of the PECsDisplay Xcycle Measurement Access-Layer Components Queue Manager IxQMgr API Features and Hardware Interface Access-Layer Components Queue Manager IxQMgr APIDocument Number 252539, Revision 267 Configuration Values AQM Configuration AttributesDispatcher Attribute Description ValuesDispatcher Modes 270 Document Number 252539, Revision AQM Livelock Prevention Dispatcher in Context of a Polling MechanismDocument Number 252539, Revision 273 274 Document Number 252539, Revision Access-Layer Components Synchronous Serial Port IxSspAcc IxSspAcc API DetailsIxSspAcc Dependencies Initialization and General Data Model Interrupt ModeIxSspAcc API Usage Models 278 Document Number 252539, Revision Interrupt Scenario Polling Mode Init Transmit Receive 282 Document Number 252539, Revision Access-Layer Components Time Sync IxTimeSyncAcc API Synchronization Sequence Access-Layer Components Time Sync IxTimeSyncAcc APIIeee 1588 PTP Protocol Overview Ieee 1588 Hardware Assist Block OverviewBlock Diagram of Intel IXP46X Network Processor Detailed InformationHardware Feature Options Default State IPv6 and VLAN-Tagged Ethernet FramesIxTimeSyncAcc API Details IxTimeSyncAccIeee 1588 PTP Client Application Additional Hardware InformationDocument Number 252539, Revision 289 Polling for Transmit and Receive Timestamps Interrupt Mode OperationsIxTimeSyncAcc API Usage Scenarios Polled Mode Operations Interrupt Servicing of Target Time Reached ConditionPolling for Auxiliary Snapshot Values Access-Layer Components UART-Access IxUARTAcc API Interface DescriptionUart / OS Dependencies Fifo Versus Polled ModeAccess-Layer Components UART-Access IxUARTAcc API Uart Services Models 296 Document Number 252539, Revision Access-Layer Components USB Access ixUSB API USB Controller BackgroundAccess-Layer Components USB Access ixUSB API IN, OUT, and Setup Token Packet FormatPacket Formats SOF Token Packet FormatTransaction Formats Data Packet FormatHandshake Packet Format Bits 023 BytesBulk Transaction Formats Isochronous Transaction FormatsAction Token Packet Data Packet Handshake Packet Action Token Packet Data PacketControl Write Setup Control Transaction Formats, Set-Up StageControl Transaction Formats Interrupt Transaction FormatsIxUSB API Interfaces IxUSB Setup RequestsAPI interfaces Available for Access Layer Host-Device Request Summary Sheet 1 Request NameConfiguration Host-Device Request Summary Sheet 2Frame Synchronization IxUSB Endpoint Stall FeatureIxUSB Send and Receive Requests IxUSB Error Handling Stall on OUT TransactionsDetailed Error Codes Error due to unknown reasonsUSB Data Flow USB DependenciesCodelets CodeletsATM Codelet IxAtmCodelet Crypto Access Codelet IxCryptoAccCodelet DMA Access Codelet IxDmaAccCodeletEthernet Access Codelet IxEthAccCodelet Ethernet AAL-5 Codelet IxEthAal5AppHSS Access Codelet IxHssAccCodelet Parity Error Notifier Codelet IxParityENAccCodeletUSB Rndis Codelet IxUSBRNDIS Performance Profiling Codelet IxPerfProfAccCodeletTime Sync Codelet IxTimeSyncAccCodelet Operating System Abstraction Layer Osal Operating System Abstraction Layer Osal Osal ArchitectureOS-Independent Core Module OS-Dependent ModuleCore Module Buffer Management ModuleBuffer Translation Module Osal Library StructureBackward Compatibility Module Document Number 252539, Revision 317 C lu d e Osal Modules and Related Interfaces Core ModuleIPC Osal Core Interface Sheet 1Thread Osal Core Interface Sheet 2Osal Buffer Management Interface Buffer Management Module24.6.3 I/O Memory and Endianness Support Module Ixosalmmapvirttophys Osal I/O Memory and Endianness Interface Sheet 1Supporting a New OS Osal I/O Memory and Endianness Interface Sheet 2Supporting New Platforms Example 1. Global Memory Map DefinitionsIxstaticmap Adsl Driver Overview Adsl DriverDevice Support Adsl API Adsl Line Open/Close OverviewExample of Adsl Line Open Call Sequence Limitations and Constraints 2C Driver IxI2cDrv 26.3 I2C Driver API DetailsI2C Driver IxI2cDrv Arbitration Loss Error 2C Driver IxI2cDrvBus Error Master-Interrupt Mode26.4 I2C Driver API Usage Models InitializationSupport Functions I2C Driver IxI2cDrv Slave-Interrupt ModeSlave-Polling Mode Example Sequence Flows for Slave Mode Sequence Flow Diagram for Slave Transmit in Interrupt Mode Sequence Flow Diagram for Slave Receive in Polling Mode 26.4.3 I2C Using Gpio Versus Dedicated I2C Hardware Sequence Flow Diagram for Slave Transmit in Polling Mode340 Document Number 252539, Revision Endianness in Intel IXP400 Software Endianness in Intel IXP400 SoftwareBasics of Endianness Endianness When Memory is Shared Nature of Endianness Hardware or Software?Casting a Pointer Between Types of Different Sizes Software Considerations and ImplicationsCoding Pitfalls Little-Endian/Big-Endian Network Stacks and Protocols Here is what the macro ntohl looks like in actual codeBest Practices in Coding of Endian-Independence Macro Examples Endian ConversionMacro Source Code Avoid346 Document Number 252539, Revision April Document Number 252539, Revision 347Supporting Little-Endian Mode Reasons for Choosing a Particular LE Coherency ModeHardware Switches Silicon Endianness ControlsIntel XScale Core Endianness Mode MMULittle-Endian Data Coherence Enable/Disable MMU P-Attribute BitByteswapen Bit Forcebyteswap BitSilicon Versions PCI Bus SwapSummary of Silicon Controls Endian Hardware SummaryIXP46X network processors A-0 stepping Part Number Brief DescriptionAPB Peripherals April 2005 NPE Message Handler IxNpeMh Ethernet Access Component IxEthAccNPE Downloader IxNpeDl Data Plane Ixosalmbuf Data PayloadOne Half-Word-Aligned Ethernet Frame LE Address Coherent Intel XScale Core Read of IP Header LE Data Coherent Intel IXP400 Software IxEthAcc and IxEthDB Summary Ethernet Access MIB StatisticsLearning Database Function ATM and HSS 27.5.4 PCIIntel IXP400 Software OS Abstraction VxWorks* Considerations Intel IXP400 Software MacrosEndian Conversion Macros #definesVxWorks* Data Coherent Swap Code Intel IXP400 Software Version Little-Endian Support Yes/No Software VersionsIntel IXP400 Software Versions