Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

Figure 27. Basic IxCryptoAcc API Flow

 

WEP Client

Perform

IPSec Client

Perform

 

 

 

 

 

Callback

 

Callback

Access

Layer

 

 

 

Intel XScale

IxCryptoAcc

 

WEPEngine

 

 

 

Intel XScale®

 

 

IxQMgr

 

Core

 

 

 

 

IXP4XX North AHB

AHB Queue Manager (AQM)

 

 

Bus

 

 

 

 

Authentication/Encryption/

 

 

 

 

Decryption Request

 

 

 

 

Callback executed upon

NPE A

 

NPE C

 

operation complete

 

 

 

 

Communication betw een

 

 

AES

DES

access component and

AAL

Co-Processor

Co-Processor

Co-Processor

NPE via AQM

 

(for CRC

 

 

Client

acceleration)

 

Hashing

 

 

 

Access-Layer Component

 

 

 

Co-Processor

 

 

 

 

Co-Processor

 

 

 

 

 

 

 

 

B2320-02

7.3.3Context Registration and the Cryptographic Context Database

The IxCryptoAcc access component supports up to 1,000 simultaneous security association (SA) tunnels. While the term SA is well-known in the context of IPSec services, the IxCryptoAcc component defines these security associations more generically, as they can be used for WEP services as well. Depending upon the application's requirements, the maximum active tunnels supported by IxCryptoAcc access-layer component can be changed by the client. The number of active tunnels will not have any impact on the performance, but will have an impact on the memory needed to keep the crypto context information. The memory requirement will depend on the number of tunnels.

Each cryptographic “connection” is defined by registering it as a cryptographic context containing information such as algorithms, keys, and modes. Each of these connections is given an ID during the context registration process and stored in the Cryptographic Context Database. The information stored in the CCD is stored in a structure detailed below, and is used by the NPE or Intel XScale core WEP Engine to determine the specific details of how to perform the cryptographic processing on submitted data.

April 2005

IXP400 Software Version 2.0

Programmer’s Guide

90

Document Number: 252539, Revision: 007

 

Page 90
Image 90
Intel IXP400 manual Context Registration and the Cryptographic Context Database, Basic IxCryptoAcc API Flow