Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

The hardware accelerator component provides an interface for performing a single pass CCMP- MIC computation and verification with CTR mode encryption /decryption.

Note: The implementation of AES-CCM mode in IxCryptoAcc is designed to support 802.11i type applications specifically. As noted below, the API expects a 48-byte Initialization Vector and an 8-byte MIC value. These values correspond with an 802.11i AES-CCM implementation. IPSec implementations are expected to support 16- or 32-bit IV’s and 8- or 16-bit MIC values, which are not supported by this component. Refer to “Performing CCM (AES CTR-Mode Encryption and AES CBC-MAC Authentication) for IPSec” on page 103 for details on non-WEP AES-CCM operations.

The following should be noted regarding the support for CCMP:

The hardware accelerator component does not provide any support for:

constructing CCM initial block construction for MIC computation

constructing MIC-IV and MIC-Headers

constructing CTR-mode IV.

The hardware accelerator expects that the initialization vector be 64 bytes of contiguous buffer consisting of 16 bytes of CTR-mode IV followed by 48 bytes of MIC-IV-HEADER. If the MIC-IV-HEADER constructed is less than 48 bytes, then it should be padded with zero to 48 bytes (3 AES blocks).

Computed MIC is always 8 bytes and is not configurable to a different value.

The hardware accelerator does the padding (with zeros, if required) of the data for the purposes of MIC computation. Once MIC is computed, and the data has been encrypted, the pad bytes are discarded and are not appended to the payload.

CTR-mode IV, MIC-IV and MIC Headers are constructed by the client from RSN Header and other per-packet information.

7.7.3Authentication Algorithms

Table 13 summarizes the authentication algorithms supported by IxCryptoAcc. The HMAC algorithms are accelerated by the hashing coprocessor on NPE C. The WEP-CRC algorithm may be performed using either NPE A or the Intel XScale core WEP engine.

Table 13. Supported Authentication Algorithms

Authentication Algorithm

Data Block Size (Bits)

Key Size (Bits)

Supported

 

 

 

 

 

HMAC-SHA1

512

160-512

 

 

 

HMAC-MD5

512

128-512

 

 

 

WEP-CRC

8

-

 

 

 

Programmer’s Guide

IXP400 Software Version 2.0

April 2005

 

Document Number: 252539, Revision: 007

113

Page 112 Page 114
Page 113
Image 113
Intel IXP400 manual Supported Authentication Algorithms, Authentication Algorithm Data Block Size Bits Key Size Bits
Page 112 Page 114
Top Page Image Contents