Intel IXP400 - page 5

Intel® IXP400 Software

Contents

Programmer’s Guide IXP400 Software Version 2.0 April 2005

Document Number: 252539, Revision: 007

7 Access-Layer Components:

Security (IxCryptoAcc) API............................................................... ..........................................87

7.1 What’s New............................................................................... ..........................................87

7.2 Overview................................................... .......................................................................... 87

7.3 IxCryptoAcc API Architecture .......................................................... ...................................88

7.3.1 IxCryptoAcc Interfaces........................................................... ................................88

7.3.2 Basic API Flow....................................................................... ................................89

7.3.3 Context Registration and the Cryptographic Context Database ............................90

7.3.4 Buffer and Queue Management ............................................................................ 93

7.3.5 Memory Requirements ................................................................ ..........................93

7.3.6 Dependencies........................................ ................................................................ 94

7.3.7 Other API Functionality............................................. ... ... .... ... ... ... .... ......................95

7.3.8 Error Handling........................................................................... .............................96

7.3.9 Endianness........... ................................................................................................. 96

7.3.10 Import and Export of Cryptographic Technology ................................................... 96

7.4 IPSec Services ................................................................................ ... ... ... ..........................96

7.4.1 IPSec Background and Implementation ................................................................ 96

7.4.2 IPSec Packet Formats.............. ... ... ... .... ... ... ... .... ... ... .............................................98

7.4.2.1 Reference ESP Dataflow....................................................................... 99

7.4.2.2 Reference AH Dataflow ....................................................................... 100

7.4.3 Hardware Acceleration for IPSec Services............................................ ..............101

7.4.4 IPSec API Call Flow............................................................................... ... ... .... ... . 101

7.4.5 Special API Use Cases................................................................ ........................103

7.4.5.1 HMAC with Key Size Greater Than 64 Bytes ...................................... 103

7.4.5.2 Performing CCM (AES CTR-Mode Encryption and AES

CBC-MAC Authentication) for IPSec ................................................... 103

7.4.6 IPSec Assumptions, Dependencies, and Limitations...........................................106

7.5 WEP Services........................................................ ... ... .... ... ..............................................106

7.5.1 WEP Background and Implementation..................................... ...........................106

7.5.2 Hardware Acceleration for WEP Services ........................................................... 107

7.5.3 WEP API Call Flow............... .... ... ... ... .... ... ...........................................................1 08

7.6 SSL and TLS Protocol Usage Models .............................................................................. 110

7.7 Supported Encryption and Authentication Algorithms ...................................................... 111

7.7.1 Encryption Algorithms............................................ ..............................................111

7.7.2 Cipher Modes ..................................................................... ... ... ... .... ....................112

7.7.2.1 Electronic Code Book (ECB)................................................................ 112

7.7.2.2 Cipher Block Chaining (CBC) .............................................................. 112

7.7.2.3 Counter Mode (CTR) ........................................................................... 112

7.7.2.4 Counter-Mode Encryption with CBC-MAC Authentication (CCM)

for CCMP in 802.11i............................................................................. 112

7.7.3 Authentication Algorithms............... ... .... ... ... ... .... ... ... ... ... .... .................................113

8 Access-Layer Components:

DMA Access Driver (IxDmaAcc) API........................................................................................ 115

8.1 What’s New............................................................................... ........................................115

8.2 Overview................................................... ........................................................................ 115

8.3 Features.................................................................................... ........................................115

8.4 Assumptions .......................................................................................................... ...........115

8.5 Dependencies................................................. .................................................................. 116

8.6 DMA Access-Layer API .................................................................................................... 116