Support User Manuals

Intel IXP400 Frozen Dessert Maker User Manual

Open as PDF

of 364

Intel

®

IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

Programmer’s Guide IXP400 Software Version 2.0 April 2005

Document Number: 252539, Revision: 007 113

The hardware accelerator component provides an interface for performing a single pass CCMP-

MIC computation and verification with CTR mode encryption /decryption.

Note: The implementation of AES-CCM mode in IxCryptoAcc is designed to support 802.11i type

applications specifically. As noted below, the API expects a 48-byte Initialization Vector and an

8-byte MIC value. These values correspond with an 802.11i AES-CCM implementation. IPSec

implementations are expected to support 16- or 32-bit IV’s and 8- or 16-bit MIC values, which are

not supported by this component. Refer to “Performing CCM (AES CTR-Mode Encryption and

AES CBC-MAC Authentication) for IPSec” on page 103 for details on non-WEP AES-CCM

operations.

The following should be noted regarding the support for CCMP:

• The hardware accelerator component does not provide any support for:

— constructing CCM initial block construction for MIC computation

— constructing MIC-IV and MIC-Headers

— constructing CTR-mode IV.

• The hardware accelerator expects that the initialization vector be 64 bytes of contiguous buffer

consisting of 16 bytes of CTR-mode IV followed by 48 bytes of MIC-IV-HEADER. If the

MIC-IV-HEADER constructed is less than 48 bytes, then it should be padded with zero to

48 bytes (3 AES blocks).

• Computed MIC is always 8 bytes and is not configurable to a different value.

• The hardware accelerator does the padding (with zeros, if required) of the data for the

purposes of MIC computation. Once MIC is computed, and the data has been encrypted, the

pad bytes are discarded and are not appended to the payload.

• CTR-mode IV, MIC-IV and MIC Headers are constructed by the client from RSN Header and

other per-packet information.

7.7.3 Authentication Algorithms

Table 13 summarizes the authentication algorithms supported by IxCryptoAcc. The HMAC

algorithms are accelerated by the hashing coprocessor on NPE C. The WEP-CRC algorithm may

be performed using either NPE A or the Intel XScale core WEP engine.

Table 13. Supported Authentication Algorithms

Authentication Algorithm

Supported

Data Block Size (Bits) Key Size (Bits)

HMAC-SHA1 512 160-512

HMAC-MD5 512 128-512

WEP-CRC 8 -

previous next