Intel IXP400 Cipher Modes, Electronic Code Book ECB, Cipher Block Chaining CBC, Counter Mode CTR

Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

SSL client applications can make use of the ARC4 processing features by registering an encryption-only or decryption-only crypto context and the IxCryptoAccXScaleWepPerform() or IxCryptoAccNpeWepPerform() functions. SSL clients should supply a full 128-bit key to the API.

7.7.2Cipher Modes

There are four cipher modes supported by the NPE:

•Electronic code book (ECB)

•Cipher block chaining (CBC)

•Counter Mode (CTR)

•Counter-Mode / CBC-MAC Protocol (CCMP)

7.7.2.1Electronic Code Book (ECB)

The ECB mode for encryption and decryption is supported for DES, Triple DES and AES. ECB is a direct application of the DES algorithm to encrypt and decrypt data.

When using the DES in ECB mode and any particular key, each input is mapped onto a unique output in encryption and this output is mapped back onto the input in decryption. The DES is an iterative, block, product-cipher system (that is, encryption algorithm). A product-cipher system mixes transposition and substitution operations in an alternating manner.

7.7.2.2Cipher Block Chaining (CBC)

The CBC mode for encryption and decryption is supported for DES, Triple DES, and AES. It requires initialization vector (IV) of size 64-bit for DES and 128-bit for AES initialization vector (IV).

7.7.2.3Counter Mode (CTR)

The counter mode (CTR) is only applicable for AES. The counter block consists of the SPI (the

32-bit value used to distinguish among different SAs terminating at the same destination and using the same IPSec protocol), IV, and a counter that is incremented per input block of plain text. The same AES key is used for the entire encryption process.

The counter block is always constructed by the client.

7.7.2.4Counter-Mode Encryption with CBC-MAC Authentication (CCM) for CCMP in 802.11i

Aprotocol based on AES and Counter-Mode/CBC-MAC is being adopted for providing enhanced security in wireless LAN networks. This protocol is called Counter-Mode/CBC-MAC Protocol (CCMP). The standard defines the CCMP encapsulation/decapsulation processes, CCMP-MPDU formats, CCMP-states and CCMP-procedures. This section provides CCMP-procedure details for constructing CCM initial block (also called MIC-IV), MIC-Headers for performing CCMP MIC computation and CCM-CTR mode IV construction for performing CCM-CTR mode encryption/ decryption.