Intel IXP400 manual WEP Services, IPSec Assumptions, Dependencies, and Limitations

Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

AES-CBC operation into the packet, between header and payload. The payload needs to be moved in order to hold MIC in the packet. An efficient method of doing this could be to split the header and payload into two different IX_MBUFs. Then the MIC can be inserted after the header into the header IX_MBUF for the AES CTR encryption operation.

7.4.6IPSec Assumptions, Dependencies, and Limitations

•Mutable fields in IP headers should be set to a value of 0 by the client.

•The client must pad the IP datagram to be a multiple of the cipher block size, using ESP trailer for encryption (RFC 2406, explicit padding).

•The IxCryptoAcc component handles any necessary padding required during authentication operations, where the IP datagram is not a multiple of the authentication algorithm block size. The NPE pads the IP datagram to be a multiple of the block size, specified by the authentication algorithm (RFC 2402, implicit padding).

•The client must provide an initialization vector to the access component for the DES or AES algorithm, in CBC mode and CTR mode.

•IxCryptoAcc generates the primary and secondary chaining variables which are used in authentication algorithms.

•IxCryptoAcc generates the reverse keys from the keys provided for AES algorithm.

7.5WEP Services

7.5.1WEP Background and Implementation

The Wired Equivalent Privacy (WEP) specification is designed to provided a certain level of security to wireless 802.11 connections at the data-link level. The specification dictates the use of the ARC4 cryptographic algorithm and the use of a CRC-32 authentication calculation (the Integrity Check Value) on the payload and data header.

The IxCryptoAcc API provides both the encryption/decryption and authentication calculation or verification in a single-pass implementation. The API uses two functions for performing WEP service operations, depending on the hardware-acceleration component being utilized. The IxCryptoAcc API features that support a WEP usage model can also be used by client applications to accelerate other cryptography protocols, such as SSL. Refer to “ARC4” on page 111.

ixCryptoAccXScaleWepPerform() is used to submit data for WEP services using the Intel XScale core-based WEP engine.

ixCryptoAccNpeWepPerform() is used to submit data for WEP services using the hardware acceleration services of NPE A.

Both functions operate in a substantially similar manner, taking in the parameters discussed below and shown in Figure 41.