Support User Manuals

Intel IXP400 Frozen Dessert Maker User Manual

Open as PDF

of 364

Intel

®

IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

April 2005 IXP400 Software Version 2.0 Programmer’s Guide

112 Document Number: 252539, Revision: 007

SSL client applications can make use of the ARC4 processing features by registering an

encryption-only or decryption-only crypto context and the IxCryptoAccXScaleWepPerform() or

IxCryptoAccNpeWepPerform() functions. SSL clients should supply a full 128-bit key to the API.

7.7.2 Cipher Modes

There are four cipher modes supported by the NPE:

• Electronic code book (ECB)

• Cipher block chaining (CBC)

• Counter Mode (CTR)

• Counter-Mode / CBC-MAC Protocol (CCMP)

7.7.2.1 Electronic Code Book (ECB)

The ECB mode for encryption and decryption is supported for DES, Triple DES and AES. ECB is

a direct application of the DES algorithm to encrypt and decrypt data.

When using the DES in ECB mode and any particular key, each input is mapped onto a unique

output in encryption and this output is mapped back onto the input in decryption. The DES is an

iterative, block, product-cipher system (that is, encryption algorithm). A product-cipher system

mixes transposition and substitution operations in an alternating manner.

7.7.2.2 Cipher Block Chaining (CBC)

The CBC mode for encryption and decryption is supported for DES, Triple DES, and AES. It

requires initialization vector (IV) of size 64-bit for DES and 128-bit for AES initialization vector

(IV).

7.7.2.3 Counter Mode (CTR)

The counter mode (CTR) is only applicable for AES. The counter block consists of the SPI (the

32-bit value used to distinguish among different SAs terminating at the same destination and using

the same IPSec protocol), IV, and a counter that is incremented per input block of plain text. The

same AES key is used for the entire encryption process.

The counter block is always constructed by the client.

7.7.2.4 Counter-Mode Encryption with CBC-MAC Authentication (CCM)

for CCMP in 802.11i

A protocol based on AES and Counter-Mode/CBC-MAC is being adopted for providing enhanced

security in wireless LAN networks. This protocol is called Counter-Mode/CBC-MAC Protocol

(CCMP). The standard defines the CCMP encapsulation/decapsulation processes, CCMP-MPDU

formats, CCMP-states and CCMP-procedures. This section provides CCMP-procedure details for

constructing CCM initial block (also called MIC-IV), MIC-Headers for performing CCMP MIC

computation and CCM-CTR mode IV construction for performing CCM-CTR mode encryption/

decryption.

previous next