Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

Figure 31. Relationship Between IPSec Protocol and Algorithms

ESP

AH

Encryption

Authentication

Algorithm

Algorithm

 

B2307-02

7.4.2IPSec Packet Formats

IPSec standards have defined packet formats. The authentication header (AH) provides data integrity and the encapsulating security payload (ESP) provides confidentiality and data integrity. In conjunction with SHA1 and MD5 algorithms, both AH and ESP provide data integrity. The IxCryptoAcc component supports both different modes of authentication. The ICV is calculated through SHA1 or MD5 and inserted into the AH packet and ESP packet.

In ESP authentication mode, the ICV is appended at the end of the packet, which is after the ESP trailer if encryption is required.

Figure 32. ESP Packet Structure

Security Parameters Index (SPI)

 

Sequence Number

 

Payload Data (Variable Length)

Authenticated

 

Encrypted

Padding (0-255 Bytes)

Pad Length

Next Header

Authentication Data (Variable Length)

 

B2311-02

April 2005

IXP400 Software Version 2.0

Programmer’s Guide

98

Document Number: 252539, Revision: 007

 

Page 98
Image 98
Intel IXP400 manual IPSec Packet Formats, Relationship Between IPSec Protocol and Algorithms