Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

The ixCryptoAccAuthCryptPerform() functionality described in “IPSec Services” on page 96 offers capabilities to perform encrypt /decrypt AND authentication calculations in one submission for IPSec style clients only. This “single-pass” method does not work for SSL and TLS clients. SSL and TLS clients must register two contexts; one for encryption/decryption only and the other for authentication create / verify.

7.7Supported Encryption and Authentication Algorithms

7.7.1Encryption Algorithms

IxCryptoAcc supports four different ciphering algorithms

Data Encryption Standard (DES)

Triple DES

Advanced Encryption Standard (AES)

ARC4 (Alleged RC4)

Table 12 summarizes the supported cipher algorithms and the key sizes. The actual key size in DES and 3DES is less because every byte has one parity bit. The parity bit is not used in the encryption process.

Table 12. Supported Encryption Algorithms

Cipher

Key Sizes

Parity Bit

Actual Key Size

Plaintext / Ciphertext Block Size

Algorithm

(Bits)

(Bits)

(Bits)

(Bits)

 

 

 

 

 

DES

64

8

56

64

 

 

 

 

 

3DES

192

24

168

64

 

 

 

 

 

 

128

 

128

 

AES

192

NA

192

128

 

256

 

256

 

 

 

 

 

 

ARC4

128

NA

128

8

 

 

 

 

 

The order expected by the Security Hardware Accelerator is in the network byte order (big endian). It is the responsibility of the client to ensure order.

3DES

The order the keys are passed in should be Key 1, Key 2, and Key 3.

ARC4

The ARC4 algorithm can only be used in standalone mode or along with WEP-CRC algorithm. It cannot be combined with any other authentication algorithms, like HMAC-SHA1 and HMAC- MD5. ARC4 keys used in WEP are generally 8 bytes (64-bit) or 16 bytes (128-bit). The ARC4 engine expects to be passed a key of 16 bytes in length, where it then copies the key to fill a

256-byte buffer. Therefore, if the key being used by the client is 8 bytes long, then the client should repeat it to fill the 16 bytes of key buffer.

Programmer’s Guide

IXP400 Software Version 2.0

April 2005

 

Document Number: 252539, Revision: 007

111

Page 111
Image 111
Intel IXP400 manual Supported Encryption and Authentication Algorithms, Supported Encryption Algorithms