Filter
Top Products
Intel
®
IXP400 Software
Access-Layer Components: Security (IxCryptoAcc) API
Programmer’s Guide IXP400 Software Version 2.0 April 2005
Document Number: 252539, Revision: 007 101
7.4.3 Hardware Acceleration for IPSec Services
The IxCryptoAcc API is dependant upon hardware resources within NPE C (also known as
Ethernet NPE B) in order to perform many of the cryptographic encryption, decryption, or
authentication functions. Specifically, NPE C provides an AES coprocessor, DES coprocessor and
a hashing coprocessor (for MD5 and SHA1 calculations).
7.4.4 IPSec API Call Flow
Figure 36 on page 102 details the IxCryptoAcc API call flow that occurs when submitted data for
processing using IPSec services. The process listed below assumes that the API has been properly
configured and that a crypto context has been created and registered in the CCD, as described in
“Context Registration and the Cryptographic Context Database” on page 90.
Figure 35. AH Data Flow
payload
Authenticate
Req (SA_ID, ...)
Authenticate
Req (SA_ID, ...)
Forward authentication Operation
payload
IP
Header
Application
IPSec Client
Access Component /
Intel XScale
®
Core
NPE
Processed by
IPSec client
Processed by
NPE
From application
IP
Header
AH
payload
IP
Header
AH
Note :
IP mutable fields are
handled by IPSec client
payload
IP
Header
AH
Auth
Data
payload
IP
Header
AH
Auth
Data
payload
IP
Header
AH
Auth
Data
Note :
ICV is inserted into AH
authentication data field
B2460-02