Filter
Top Products
Intel
®
IXP400 Software
Access-Layer Components: Security (IxCryptoAcc) API
April 2005 IXP400 Software Version 2.0 Programmer’s Guide
106 Document Number: 252539, Revision: 007
AES-CBC operation into the packet, between header and payload. The payload needs to be moved
in order to hold MIC in the packet. An efficient method of doing this could be to split the header
and payload into two different IX_MBUFs. Then the MIC can be inserted after the header into the
header IX_MBUF for the AES CTR encryption operation.
7.4.6 IPSec Assumptions, Dependencies, and Limitations
• Mutable fields in IP headers should be set to a value of 0 by the client.
• The client must pad the IP datagram to be a multiple of the cipher block size, using ESP trailer
for encryption (RFC 2406, explicit padding).
• The IxCryptoAcc component handles any necessary padding required during authentication
operations, where the IP datagram is not a multiple of the authentication algorithm block size.
The NPE pads the IP datagram to be a multiple of the block size, specified by the
authentication algorithm (RFC 2402, implicit padding).
• The client must provide an initialization vector to the access component for the DES or AES
algorithm, in CBC mode and CTR mode.
• IxCryptoAcc generates the primary and secondary chaining variables which are used in
authentication algorithms.
• IxCryptoAcc generates the reverse keys from the keys provided for AES algorithm.
7.5 WEP Services
7.5.1 WEP Background and Implementation
The Wired Equivalent Privacy (WEP) specification is designed to provided a certain level of
security to wireless 802.11 connections at the data-link level. The specification dictates the use of
the ARC4 cryptographic algorithm and the use of a CRC-32 authentication calculation (the
Integrity Check Value) on the payload and data header.
The IxCryptoAcc API provides both the encryption/decryption and authentication calculation or
verification in a single-pass implementation. The API uses two functions for performing WEP
service operations, depending on the hardware-acceleration component being utilized. The
IxCryptoAcc API features that support a WEP usage model can also be used by client applications
to accelerate other cryptography protocols, such as SSL. Refer to “ARC4” on page 111.
ixCryptoAccXScaleWepPerform() is used to submit data for WEP services using the Intel XScale
core-based WEP engine.
ixCryptoAccNpeWepPerform() is used to submit data for WEP services using the hardware
acceleration services of NPE A.
Both functions operate in a substantially similar manner, taking in the parameters discussed below
and shown in Figure 41.