Intel® IXP400 Software
Access-Layer Components: Security (IxCryptoAcc) API
April 2005 IXP400 Software Version 2.0 Programmer’s Guide
88 Document Number: 252539, Revision: 007
—ECB
— CBC
CTR (for AES algorith m on ly)
Sing le-Pass AES-CCM encryption and security for 802.11i.
Authentication algorithms:
HM AC-SHA1 (512-bit data block size, from 20-byte to 64-byte key size)
HM AC-MD5 (512-bit data block size, from 16-byte to 64-byte key size)
SHA1 /MD5 (basic hashing functionality)
WEP ICV generation and verification using the 802.11 WEP standard 32-bit CRC
polynomial.
Supports a maximum of 1,000 security associations (tunnel) simultaneously. (A Security
Association [SA] is a simplex “connection” that affords security services to the traffic carried
by it.)
7.3 IxCryptoAcc API Architecture
The IxCryptoAcc API is an access-layer component that provides cryptographic services to a client
application. This section describes the overall architecture of the API. Subsequent sections
describe the component parts of the API in more detail and describe usage models for the IxCrypto
API.

7.3.1 IxCryptoAcc Interfaces

IxCryptoAcc is the API that provides cyrptography acceleration features in software release 2.0.
This API contains functions that can generally be grouped into two distinct “services.” One service
is for IPSec-type cryptography protocols that utilize a combination of encryption (e.g., 3DES or
AES) and/or authentication processing (e.g., SHA-1, MD5) in a variety of different operating
modes (ECB, CBC, etc.). Throughout this document, the term “IPSec client” is used to refer to the
type of application that uses the IxCryptoAcc API in this manner. There are specific API features to
support this type of client.
The second service type is designed for 802.11-based WEP security client implementations. The
IxCryptoAcc API provides specific features that perform WEP ICV generation and ARC4 stream
cipher encryption and decryption. The “WEP services” in the API are used by “WEP clients”.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol clients can use some of
the features of both types of services.
The IPSec and WEP clients are application-level code executing on the Intel XScale core that
utilize the services provided by IxCryptoAcc. In this software release, the IxCryptoAccCodelet is
provided as an example of client software.
The API utilizes a number of other access-layer components, as well as hardware-based
acceleration functionality available on the NPEs and Intel XScale core. Figure 27 on page 90
shows the high-level architecture of IxCryptoAcc.