Manuals / Intel / Kitchen Appliance / Frozen Dessert Maker

Intel IXP400 manual Context Registration and the Cryptographic Context Database

Models: IXP400

1 364

Download 364 pages 16.67 Kb

Page 90

Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

Figure 27. Basic IxCryptoAcc API Flow

	WEP Client	Perform	IPSec Client	Perform
		Perform		Perform
		Callback		Callback
Access	Layer
Intel XScale		IxCryptoAcc
WEPEngine
Intel XScale®			IxQMgr
Core
IXP4XX North AHB	AHB Queue Manager (AQM)
Bus
Authentication/Encryption/
Decryption Request
Callback executed upon	NPE A		NPE C
operation complete
Communication betw een			AES	DES
access component and	AAL	Co-Processor	Co-Processor	Co-Processor
NPE via AQM		(for CRC
Client	acceleration)			Hashing
Client				Hashing
Access-Layer Component				Co-Processor
Access-Layer Component
Co-Processor
				B2320-02

7.3.3Context Registration and the Cryptographic Context Database

The IxCryptoAcc access component supports up to 1,000 simultaneous security association (SA) tunnels. While the term SA is well-known in the context of IPSec services, the IxCryptoAcc component defines these security associations more generically, as they can be used for WEP services as well. Depending upon the application's requirements, the maximum active tunnels supported by IxCryptoAcc access-layer component can be changed by the client. The number of active tunnels will not have any impact on the performance, but will have an impact on the memory needed to keep the crypto context information. The memory requirement will depend on the number of tunnels.

Each cryptographic “connection” is defined by registering it as a cryptographic context containing information such as algorithms, keys, and modes. Each of these connections is given an ID during the context registration process and stored in the Cryptographic Context Database. The information stored in the CCD is stored in a structure detailed below, and is used by the NPE or Intel XScale core WEP Engine to determine the specific details of how to perform the cryptographic processing on submitted data.

April 2005	IXP400 Software Version 2.0	Programmer’s Guide
90	Document Number: 252539, Revision: 007

Image 90

Intel IXP400 manual Context Registration and the Cryptographic Context Database, Basic IxCryptoAcc API Flow

Contents

Intel IXP400 Software Programmer’s GuideIntel IXP400 Software IXP400 Software VersionContents 1.1 100 118 152 Contents Access-Layer Components 225 17.9 Operating System Adsl Driver Figures 102 Tables AQM 300 Revision History Date Revision DescriptionHardware Supported by this Release Introduction1Versions Supported by this Document Intended AudienceHow to Use this Document About the ProcessorsChapters Description Related Documents Document Title Document #Acronyms Document Title Document #Acronym Description CPU HSS MSB SIP Software Architecture Overview High-Level OverviewDeliverable Model Software Architecture OverviewAccess Library Source Code Documentation Operating System SupportDevelopment Tools Release Directory Structure Ixposal Include Src Ixp400xscalesw\---include +---npeMh Threading and Locking Policy Polled and Interrupt OperationStatistics and MIBs Global Dependency Chart Global DependenciesThis page is intentionally left blank Buffer Management What’s NewOverview Buffer Management Intel IXP400 Software Buffer FlowIxpbuf User Interface Raw BuffersIxpbuf Structure Ixpbuf Structure and MacrosOsal Ixpbuf structure and macros API User Interface to Ixpbuf Pool Management Fields Ixmbuf OS-Dependent Buffer FormatIxpbuf ixctrl Structure Ixne IXP400 NPE Shared StructureMapping of Ixmbuf to Shared Structure Ixpbuf NPE Shared StructureIxnext Ixosalmbufnextbufferinpktptr Ixmbuf StructureInternal Ixmbuf Field Format Sheet 1 IxreservedField / Macro Purpose Used by Access-Layer? Internal Ixmbuf Field Format Sheet 2Ixmbuf Field Details Sheet 1 Mapping to OS Native Buffer Types VxWorks* Mblk BufferIxmbuf Field Details Sheet 2 Linux* skbuff Buffer Ixmbuf to Mblk MappingFollowing fields will get updated in the skbuffer Buffer Translation FunctionsCaching Strategy Tx PathRx Path Caching Strategy SummaryBuffer Management Tx Cache Flushing Example Intel IXP400 Software This page is intentionally left blank Access-Layer Components ATM Driver Access IxAtmdAcc API IxAtmdAcc Component FeaturesAccess-Layer Components ATM Driver Access IxAtmdAcc API Configuration Services Utopia Port-Configuration ServiceATM Traffic-Shaping Services VC-Configuration Services Transmission Services Scheduled Transmission Buffer Transmission for a Scheduled PortSchedule Table Description Transmission Triggers Tx-Low Notification Transmit-Done ProcessingTx Done Recycling Using a Threshold Level Transmit Done Based on a Threshold LevelTx Done Recycling Using a Polling Mechanism Transmit DisconnectReceive Services Tx DisconnectReceive Triggers Rx-Free-Low Notification Receive ProcessingReceive Based on a Threshold Level Rx Using a Threshold Level RX Using a Polling Mechanism Receive DisconnectBuffer Contents Buffer ManagementBuffer Allocation Ixpbuf Fields Modified During Reception Sheet 1 Ixpbuf Fields Required for TransmissionIxpbuf Fields of Available Buffers for Reception Field DescriptionBuffer-Size Constraints Error HandlingAPI-Usage Errors Buffer-Chaining ConstraintsReal-Time Errors Real-Time ErrorsCause Consequences and Side Effects Corrective Action Access-Layer Components ATM Manager IxAtmm API IxAtmm Component FeaturesIxAtmm Overview Access-Layer Components ATM Manager IxAtmm API Utopia Level-2 Port InitializationATM-Port Management Service Model Services Provided by Ixatmm Tx/Rx Control Configuration Configuration of Traffic Control Mechanism Management Interfaces Error HandlingDependencies Memory RequirementsPerformance Access-Layer Components ATM Transmit Scheduler IxAtmSch IxAtmSch Component FeaturesAccess-Layer Components ATM Transmit Scheduler IxAtmSch API Supported Traffic TypesTraffic Type Supported Num VCs Connection Admission Control CAC Function Scheduling and Traffic Shaping Schedule TableSchedule Service Model Minimum Cells Value minCellsToScheduleMaximum Cells Value maxCells Timing and Idle Cells IxAtmSch Data Memory Usage Code SizeData Memory Per VC Data Per Port Data TotalLatency Access-Layer Components Security IxCryptoAcc API Access-Layer Components Security IxCryptoAcc API IxCryptoAcc API ArchitectureIxCryptoAcc Interfaces Basic API Flow Context Registration and the Cryptographic Context Database Basic IxCryptoAcc API FlowIntel IXP400 Software IxCryptoAcc API Call Process Flow for CCD Updates IxCryptoAcc Data Memory Usage Sheet 1 Buffer and Queue ManagementMemory Requirements Structure Size in Bytes Total Size in BytesDependencies IxCryptoAcc Data Memory Usage Sheet 2Other API Functionality IxCryptoAccHashKeyGenerateImport and Export of Cryptographic Technology IPSec ServicesEndianness IPSec Background and ImplementationIxCryptoAcc, NPE and IPSec Stack Scope IPSec Packet Formats Relationship Between IPSec Protocol and AlgorithmsAuthentication Header Reference ESP DataflowReference AH Dataflow ESP Data FlowHardware Acceleration for IPSec Services IPSec API Call FlowIPSec API Call Flow Special API Use Cases Hmac with Key Size Greater Than 64 BytesCCM Operation Flow AES CBC Encryption For MIC WEP Services IPSec Assumptions, Dependencies, and LimitationsWEP Background and Implementation Hardware Acceleration for WEP Services WEP Frame with Request ParametersIxCryptoAccXscaleWepPerform WEP API Call FlowIxCryptoAccNpeWepPerform NPE Microcode ImagesWEP Perform API Call Flow SSL and TLS Protocol Usage Models AuthenticationCombined Mode Operations Encryption/DecryptionSupported Encryption Algorithms Supported Encryption and Authentication AlgorithmsEncryption Algorithms Cipher Key Sizes Parity Bit Actual Key SizeElectronic Code Book ECB Counter Mode CTRCipher Modes Cipher Block Chaining CBCAuthentication Algorithms Supported Authentication AlgorithmsAuthentication Algorithm Data Block Size Bits Key Size Bits 114 Document Number 252539, Revision Access-Layer Components DMA Access Driver IxDmaAcc API FeaturesAssumptions DMA Access-Layer API Access-Layer Components DMA Access Driver IxDmaAcc APIIxDmaAcc Component Overview Parameters Description IxDmaAccDescriptorManagerDestination Address Transfer ModeSource Address Transfer WidthAddressing Modes Transfer LengthTransfer Mode Supported ModesIncrement 122 Document Number 252539, Revision Data Flow Control FlowDMA Initialization IxDmaAcc Control FlowDMA Configuration and Data Transfer IxDMAcc InitializationDMA Transfer Operation Restrictions of the DMA Transfer Little Endian Access-Layer Components Ethernet Access IxEthAcc API IxEthAcc OverviewEthernet Access Layers Architectural Overview Access-Layer Components Ethernet Access IxEthAcc APIRole of the Ethernet NPE Microcode 4 MAC/PHY Configuration Queue ManagerLearning/Filtering Database Ethernet Access Layers Component Features Ethernet Access Layers Block Diagram Data PlanePort Initialization Ethernet Frame TransmissionTransmission Flow Transmit Buffer Management and Priority Ethernet Transmit Frame Data Buffer Flow TxEnetDoneUsing Chained IXOSALMBUFs for Transmission / Buffer Sizing Ethernet Frame ReceptionTx Fifo Priority Receive Flow Ethernet Receive Frame API OverviewReceive Buffer Management and Priority Buffer SizingSupplying Buffers Programmer’s Guide Codelet or client applicationRx Fifo Priority QoS Mode Freeing BuffersRecycling Buffers Additional Receive Path Information No Receive PollingControl Path Data-Plane EndiannessMaximum Ethernet Frame Size IxEthAcc and Secondary Components MII I/O MAC Duplex SettingsEthernet MAC Control Frame Check SequenceMAC Filtering Promiscuous ModeNon-Promiscuous Mode 1.6 802.3x Flow ControlNPE Loopback InitializationShared Data Structures Emergency Security Port ShutdownIxosalmbuf Structure Format Ixpneflags Field FormatQueue Field Description Eth 150 Document Number 252539, Revision Ixosalmbuf Port ID Field Format Ixpneflags.linkprot Field Values Management InformationIxosalmbuf Port ID Field Values Field Bit ValuesManaged Objects for Ethernet Receive Object Increment CriteriaManaged Objects for Ethernet Transmit Access-Layer Components Ethernet Database IxEthDB API IxEthDB Functional BehaviorAccess-Layer Components Ethernet Database IxEthDB API MAC Address Learning and FilteringLearning and Filtering Node Learning/Filtering General Characteristics Other MAC Learning/Filtering Usage ModelsPort Definitions Port Dependency Map Provisioning Static and Dynamic EntriesAging Database Maintenance Frame Size FilteringRecord Management Source MAC Address Firewall Filtering Example Based Upon Maximum Frame SizeMAC Address Block/Admission 10.3.4 802.1Q Vlan Invalid MAC Address FilteringBackground Vlan Data in Ethernet Frames Untagged MAC Frame FormatVlan Tagged MAC Frame Format Database Records Associated With Vlan IDs Acceptable Frame Type FilteringVlan Tag Format Ingress Tagging and Tag Removal Port-Based Vlan Membership FilteringPort and VLAN-Based Egress Tagging and Tag Removal Special Conditions Tag Mode Frame Status Action Egress Vlan Tagging/Untagging Behavior Matrix10.3.5 802.1Q User Priority / QoS Support Port ID ExtractionPriority Aware Transmission Receive Priority Queuing QoS on Receive for 802.1Q Tagged FramesPriority to Traffic Class Mapping QoS on Receive for Untagged FramesBackground 802.3 and 802.11 Frame Formats Default Priority to Traffic Class Mapping10.3.6 802.3 / 802.11 Frame Conversion IEEE802.11 Frame FormatIEEE802.11 Frame Control FC Field Format AP-STA and AP-AP ModesHow the 802.3 / 802.11 Frame Conversion Feature Works Receive PathField AP to STA mode AP to AP mode To 802.11 Header Conversion RulesTransmit Path Input 802.11 Frame Values Output 802.3 Frame Field Values 10.3.6.3 802.3 / 802.11 API Details11 to 802.3 Header Conversion Rules Frame TypeSpanning Tree Protocol Port Settings IxEthDB APIInitialization IxEthDB Feature Set Feature SetAdditional Database Features User-Defined FieldPromiscuous-Mode Requirement Dependencies on IxEthAcc ConfigurationDatabase Clear FCS Appending180 Document Number 252539, Revision Access-Layer Components Ethernet PHY IxEthMii API Supported PHYsAccess-Layer Components Ethernet PHY IxEthMii API PHYs Supported by IxEthMiiAccess-Layer Components Feature Control IxFeatureCtrl API Hardware Feature ControlProduct ID Values Using the Product ID-Related FunctionsAccess-Layer Components Feature Control IxFeatureCtrl API Bits DescriptionUsing the Feature Control Register Functions Feature Control Register Values Sheet 1Software Configuration Feature Control Register Values Sheet 2Component Check by Other APIs Document Number 252539, Revision 187 188 Document Number 252539, Revision Access-Layer Components HSS-Access IxHssAcc API Access-Layer Components HSS-Access IxHssAcc API Features IxHssAcc API OverviewIxHssAcc Interfaces Access-Layer Components HSS-Access IxHssAcc API HSS and Hdlc Theory and Coprocessor Operation Intel X S cale C oreHSS Output Clock Jitter and Error Characterization HSS Tx Clock Output frequencies and PPM ErrorHSS Tx Freq Pj Max ns Cj Max ns Aj Max ns Jitter Type Jitter Definition Jitter DefinitionsHSS Frame Output Characterization Actual Frame Length µsHigh-Level API Call Flow Key Assumptions IxHssAcc Component DependenciesHSS Port Initialization Details IxHssAccPortInit198 Document Number 252539, Revision Channelized Connect and Enable HSS Channelized OperationIxHssAccChanConnect 200 Document Number 252539, Revision Channelized Tx/Rx Methods Channelized ConnectCallBack PolledChannelized Transmit and Receive Channelized Disconnect Packetized Connect and EnableHSS Packetized Operation IxHssAccPktPortConnectDocument Number 252539, Revision 205 Packetized Tx Packetized ConnectDocument Number 252539, Revision 207 Packetized Rx Packetized TransmitDocument Number 252539, Revision 209 Packetized Receive Buffer Allocation Data-Flow Overview 13.6.5 56-Kbps, Packetized Raw ModeData Flow in Packetized Service Packetized Disconnect212 Document Number 252539, Revision HSS Packetized Receive Buffering Data Flow in Channelized Service HSS Packetized Transmit BufferingDocument Number 252539, Revision 215 HSS Channelized Receive Operation HSS Channelized Transmit Operation 218 Document Number 252539, Revision Access-Layer Components NPE-Downloader IxNpeDl API Microcode ImagesLoading NPE Microcode from a File Versus Loaded from Memory NPE Microcode Library Customization Access-Layer Components NPE-Downloader IxNpeDl APIStandard Usage Example NPE Image CompatibilityNPE-A Images Image Name DescriptionNPE-B Images NPE-C Images Sheet 1Custom Usage Example IxNpeDl UninitializationNPE-C Images Sheet 2 Deprecated APIs Access-Layer Components NPE Message Handler IxNpeMh API Interrupt-Driven Operation Access-Layer Components NPE Message Handler IxNpeMh APIInitializing the IxNpeMh Polled OperationUninitializing IxNpeMh Sending an NPE MessageCustomer / Demo Code Sending an NPE Message with ResponseClient IxNpeMhIxNpeMh Receiving Unsolicited Messages from NPE to Software Client Client Customer / Demo CodeIxNpeMh Component Dependencies 232 Document Number 252539, Revision Access-Layer Components Parity Error Notifier IxParityENAcc IntroductionBackground Network Processing Engines Scrubbing/Memory ScrubDDR Sdram Memory Controller Unit MCU Switching Coprocessor in NPE B SwcpAHB Queue Manager AQM Expansion Bus ControllerInterrupt Prioritization Parity Error InterruptsInterrupt Bit Default Priority Software Secondary Effects of Parity InterruptsFeatures Feature Hardware Component Software Support RecoverableIxParityENAcc API Details IxParityENAcc Dependency Diagram IxParityENAcc API Usage ScenariosSummary Parity Error Notification Scenario Parity Error Notification SequenceParity Error Interrupt Deassertion Conditions Sheet 1 Interrupt Bit Source API Invoked bySummary Parity Error Recovery Scenario Parity Error Interrupt Deassertion Conditions Sheet 2Summary Parity Error Prevention Scenario Parity Error Notification Detailed ScenariosData Abort with No Parity Error Data Abort followed by Unrelated Parity Error Notification Data Abort Caused by Parity Error Data Abort with both Related and Unrelated Parity Errors Access-Layer Components Performance Profiling IxPerfProfAcc Intel XScale Core PMU Internal Bus PMU Counter Buffer OverflowIdle-Cycle Counter Utilities ‘Xcycle’ Interrupt Handling IxPerfProfAcc DependenciesUsing the API ThreadingAPI Usage for Intel XScale Core PMU Event and Clock Counting254 Document Number 252539, Revision Time-Based Sampling Display Performance CountersDisplay Clock Counter Event-Based Sampling Iii. Print out the first five elements258 Document Number 252539, Revision C0112788 No lower symbol found. Module kernel Using Intel XScale Core PMU to Determine Cache Efficiency Internal Bus PMU IxPerfProfAccBusPmuStart Xcycle Idlecycle Counter Perform the same calculation for the rest of the PECsDisplay Xcycle Measurement Access-Layer Components Queue Manager IxQMgr API Features and Hardware Interface Access-Layer Components Queue Manager IxQMgr APIDocument Number 252539, Revision 267 Dispatcher Configuration ValuesAQM Configuration Attributes Attribute Description ValuesDispatcher Modes 270 Document Number 252539, Revision AQM Livelock Prevention Dispatcher in Context of a Polling MechanismDocument Number 252539, Revision 273 274 Document Number 252539, Revision Access-Layer Components Synchronous Serial Port IxSspAcc IxSspAcc API DetailsIxSspAcc Dependencies Interrupt Mode IxSspAcc API Usage ModelsInitialization and General Data Model 278 Document Number 252539, Revision Interrupt Scenario Polling Mode Init Transmit Receive 282 Document Number 252539, Revision Access-Layer Components Time Sync IxTimeSyncAcc API Access-Layer Components Time Sync IxTimeSyncAcc API Ieee 1588 PTP Protocol OverviewSynchronization Sequence Ieee 1588 Hardware Assist Block OverviewBlock Diagram of Intel IXP46X Network Processor Detailed InformationHardware Feature Options Default State IPv6 and VLAN-Tagged Ethernet FramesIeee 1588 PTP Client Application IxTimeSyncAcc API DetailsIxTimeSyncAcc Additional Hardware InformationDocument Number 252539, Revision 289 Interrupt Mode Operations IxTimeSyncAcc API Usage ScenariosPolling for Transmit and Receive Timestamps Polled Mode Operations Interrupt Servicing of Target Time Reached ConditionPolling for Auxiliary Snapshot Values Access-Layer Components UART-Access IxUARTAcc API Interface DescriptionFifo Versus Polled Mode Access-Layer Components UART-Access IxUARTAcc APIUart / OS Dependencies Uart Services Models 296 Document Number 252539, Revision Access-Layer Components USB Access ixUSB API USB Controller BackgroundPacket Formats Access-Layer Components USB Access ixUSB APIIN, OUT, and Setup Token Packet Format SOF Token Packet FormatHandshake Packet Format Transaction FormatsData Packet Format Bits 023 BytesAction Token Packet Data Packet Handshake Packet Bulk Transaction FormatsIsochronous Transaction Formats Action Token Packet Data PacketControl Transaction Formats Control Write SetupControl Transaction Formats, Set-Up Stage Interrupt Transaction FormatsIxUSB Setup Requests API interfaces Available for Access LayerIxUSB API Interfaces Host-Device Request Summary Sheet 1 Request NameConfiguration Host-Device Request Summary Sheet 2IxUSB Endpoint Stall Feature IxUSB Send and Receive RequestsFrame Synchronization IxUSB Error Handling Stall on OUT TransactionsDetailed Error Codes Error due to unknown reasonsUSB Data Flow USB DependenciesCodelets ATM Codelet IxAtmCodeletCodelets Ethernet Access Codelet IxEthAccCodelet Crypto Access Codelet IxCryptoAccCodeletDMA Access Codelet IxDmaAccCodelet Ethernet AAL-5 Codelet IxEthAal5AppHSS Access Codelet IxHssAccCodelet Parity Error Notifier Codelet IxParityENAccCodeletPerformance Profiling Codelet IxPerfProfAccCodelet Time Sync Codelet IxTimeSyncAccCodeletUSB Rndis Codelet IxUSBRNDIS Operating System Abstraction Layer Osal Operating System Abstraction Layer Osal Osal ArchitectureCore Module OS-Independent Core ModuleOS-Dependent Module Buffer Management ModuleOsal Library Structure Backward Compatibility ModuleBuffer Translation Module Document Number 252539, Revision 317 C lu d e Osal Modules and Related Interfaces Core ModuleIPC Osal Core Interface Sheet 1Thread Osal Core Interface Sheet 2Buffer Management Module 24.6.3 I/O Memory and Endianness Support ModuleOsal Buffer Management Interface Ixosalmmapvirttophys Osal I/O Memory and Endianness Interface Sheet 1Supporting a New OS Osal I/O Memory and Endianness Interface Sheet 2Supporting New Platforms Example 1. Global Memory Map DefinitionsIxstaticmap Adsl Driver Device SupportAdsl Driver Overview Adsl API Adsl Line Open/Close OverviewExample of Adsl Line Open Call Sequence Limitations and Constraints 2C Driver IxI2cDrv 26.3 I2C Driver API DetailsI2C Driver IxI2cDrv Arbitration Loss Error 2C Driver IxI2cDrv26.4 I2C Driver API Usage Models Bus ErrorMaster-Interrupt Mode InitializationI2C Driver IxI2cDrv Slave-Interrupt Mode Slave-Polling ModeSupport Functions Example Sequence Flows for Slave Mode Sequence Flow Diagram for Slave Transmit in Interrupt Mode Sequence Flow Diagram for Slave Receive in Polling Mode 26.4.3 I2C Using Gpio Versus Dedicated I2C Hardware Sequence Flow Diagram for Slave Transmit in Polling Mode340 Document Number 252539, Revision Endianness in Intel IXP400 Software Basics of EndiannessEndianness in Intel IXP400 Software Endianness When Memory is Shared Nature of Endianness Hardware or Software?Software Considerations and Implications Coding Pitfalls Little-Endian/Big-EndianCasting a Pointer Between Types of Different Sizes Network Stacks and Protocols Here is what the macro ntohl looks like in actual codeMacro Source Code Best Practices in Coding of Endian-IndependenceMacro Examples Endian Conversion Avoid346 Document Number 252539, Revision April Document Number 252539, Revision 347Supporting Little-Endian Mode Reasons for Choosing a Particular LE Coherency ModeHardware Switches Silicon Endianness ControlsIntel XScale Core Endianness Mode MMUByteswapen Bit Little-Endian Data Coherence Enable/DisableMMU P-Attribute Bit Forcebyteswap BitSummary of Silicon Controls Silicon VersionsPCI Bus Swap Endian Hardware SummaryIXP46X network processors A-0 stepping Part Number Brief DescriptionAPB Peripherals April 2005 Ethernet Access Component IxEthAcc NPE Downloader IxNpeDlNPE Message Handler IxNpeMh Data Plane Ixosalmbuf Data PayloadOne Half-Word-Aligned Ethernet Frame LE Address Coherent Intel XScale Core Read of IP Header LE Data Coherent Ethernet Access MIB Statistics Learning Database FunctionIntel IXP400 Software IxEthAcc and IxEthDB Summary 27.5.4 PCI Intel IXP400 Software OS AbstractionATM and HSS Endian Conversion Macros VxWorks* ConsiderationsIntel IXP400 Software Macros #definesVxWorks* Data Coherent Swap Code Software Versions Intel IXP400 Software VersionsIntel IXP400 Software Version Little-Endian Support Yes/No