Intel® IXP400 Software
Contents
Programmer’s Guide IXP400 Software Version 2.0 April 2005
Document Number: 252539, Revision: 007
7 Access-Layer Components:
Security (IxCryptoAcc) API............................................................... ..........................................87
7.1 What’s New............................................................................... ..........................................87
7.2 Overview................................................... .......................................................................... 87
7.3 IxCryptoAcc API Architecture .......................................................... ...................................88
7.3.1 IxCryptoAcc Interfaces........................................................... ................................88
7.3.2 Basic API Flow....................................................................... ................................89
7.3.3 Context Registration and the Cryptographic Context Database ............................90
7.3.4 Buffer and Queue Management ............................................................................ 93
7.3.5 Memory Requirements ................................................................ ..........................93
7.3.6 Dependencies........................................ ................................................................ 94
7.3.7 Other API Functionality............................................. ... ... .... ... ... ... .... ......................95
7.3.8 Error Handling........................................................................... .............................96
7.3.9 Endianness........... ................................................................................................. 96
7.3.10 Import and Export of Cryptographic Technology ................................................... 96
7.4 IPSec Services ................................................................................ ... ... ... ..........................96
7.4.1 IPSec Background and Implementation ................................................................ 96
7.4.2 IPSec Packet Formats.............. ... ... ... .... ... ... ... .... ... ... .............................................98
7.4.2.1 Reference ESP Dataflow....................................................................... 99
7.4.2.2 Reference AH Dataflow ....................................................................... 100
7.4.3 Hardware Acceleration for IPSec Services............................................ ..............101
7.4.4 IPSec API Call Flow............................................................................... ... ... .... ... . 101
7.4.5 Special API Use Cases................................................................ ........................103
7.4.5.1 HMAC with Key Size Greater Than 64 Bytes ...................................... 103
7.4.5.2 Performing CCM (AES CTR-Mode Encryption and AES
CBC-MAC Authentication) for IPSec ................................................... 103
7.4.6 IPSec Assumptions, Dependencies, and Limitations...........................................106
7.5 WEP Services........................................................ ... ... .... ... ..............................................106
7.5.1 WEP Background and Implementation..................................... ...........................106
7.5.2 Hardware Acceleration for WEP Services ........................................................... 107
7.5.3 WEP API Call Flow............... .... ... ... ... .... ... ...........................................................1 08
7.6 SSL and TLS Protocol Usage Models .............................................................................. 110
7.7 Supported Encryption and Authentication Algorithms ...................................................... 111
7.7.1 Encryption Algorithms............................................ ..............................................111
7.7.2 Cipher Modes ..................................................................... ... ... ... .... ....................112
7.7.2.1 Electronic Code Book (ECB)................................................................ 112
7.7.2.2 Cipher Block Chaining (CBC) .............................................................. 112
7.7.2.3 Counter Mode (CTR) ........................................................................... 112
7.7.2.4 Counter-Mode Encryption with CBC-MAC Authentication (CCM)
for CCMP in 802.11i............................................................................. 112
7.7.3 Authentication Algorithms............... ... .... ... ... ... .... ... ... ... ... .... .................................113
8 Access-Layer Components:
DMA Access Driver (IxDmaAcc) API........................................................................................ 115
8.1 What’s New............................................................................... ........................................115
8.2 Overview................................................... ........................................................................ 115
8.3 Features.................................................................................... ........................................115
8.4 Assumptions .......................................................................................................... ...........115
8.5 Dependencies................................................. .................................................................. 116
8.6 DMA Access-Layer API .................................................................................................... 116