Intel IXP400 manual IxCryptoAcc API Architecture, IxCryptoAcc Interfaces

Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

—ECB

—CBC

—CTR (for AES algorithm only)

—Single-Pass AES-CCM encryption and security for 802.11i.

•Authentication algorithms:

—HMAC-SHA1 (512-bit data block size, from 20-byte to 64-byte key size)

—HMAC-MD5 (512-bit data block size, from 16-byte to 64-byte key size)

—SHA1/MD5 (basic hashing functionality)

—WEP ICV generation and verification using the 802.11 WEP standard 32-bit CRC polynomial.

•Supports a maximum of 1,000 security associations (tunnel) simultaneously. (A Security Association [SA] is a simplex “connection” that affords security services to the traffic carried by it.)

7.3IxCryptoAcc API Architecture

The IxCryptoAcc API is an access-layer component that provides cryptographic services to a client application. This section describes the overall architecture of the API. Subsequent sections describe the component parts of the API in more detail and describe usage models for the IxCrypto API.

7.3.1IxCryptoAcc Interfaces

IxCryptoAcc is the API that provides cyrptography acceleration features in software release 2.0. This API contains functions that can generally be grouped into two distinct “services.” One service is for IPSec-type cryptography protocols that utilize a combination of encryption (e.g., 3DES or AES) and/or authentication processing (e.g., SHA-1, MD5) in a variety of different operating modes (ECB, CBC, etc.). Throughout this document, the term “IPSec client” is used to refer to the type of application that uses the IxCryptoAcc API in this manner. There are specific API features to support this type of client.

The second service type is designed for 802.11-based WEP security client implementations. The IxCryptoAcc API provides specific features that perform WEP ICV generation and ARC4 stream cipher encryption and decryption. The “WEP services” in the API are used by “WEP clients”.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol clients can use some of the features of both types of services.

The IPSec and WEP clients are application-level code executing on the Intel XScale core that utilize the services provided by IxCryptoAcc. In this software release, the IxCryptoAccCodelet is provided as an example of client software.

The API utilizes a number of other access-layer components, as well as hardware-based acceleration functionality available on the NPEs and Intel XScale core. Figure 27 on page 90 shows the high-level architecture of IxCryptoAcc.