Filter
Top Products
Intel
®
IXP400 Software
Access-Layer Components: Security (IxCryptoAcc) API
April 2005 IXP400 Software Version 2.0 Programmer’s Guide
90 Document Number: 252539, Revision: 007
7.3.3 Context Registration and the Cryptographic Context
Database
The IxCryptoAcc access component supports up to 1,000 simultaneous security association (SA)
tunnels. While the term SA is well-known in the context of IPSec services, the IxCryptoAcc
component defines these security associations more generically, as they can be used for WEP
services as well. Depending upon the application's requirements, the maximum active tunnels
supported by IxCryptoAcc access-layer component can be changed by the client. The number of
active tunnels will not have any impact on the performance, but will have an impact on the memory
needed to keep the crypto context information. The memory requirement will depend on the
number of tunnels.
Each cryptographic “connection” is defined by registering it as a cryptographic context containing
information such as algorithms, keys, and modes. Each of these connections is given an ID during
the context registration process and stored in the Cryptographic Context Database. The information
stored in the CCD is stored in a structure detailed below, and is used by the NPE or Intel XScale
core WEP Engine to determine the specific details of how to perform the cryptographic processing
on submitted data.
Figure 27. Basic IxCryptoAcc API Flow
AHB Queue Manager (AQM)
Intel XScale
®
Core
z
B2320-02
IXP4XX North AHB
Bus
NPE A
AAL Co-Processor
(for CRC
acceleration)
NPE C
DES
Co-Processor
Hashing
Co-Processor
AES
Co-Processor
IPSec Client
Perform
Callback
WEP Client
Perform
Callback
Access Layer
Authentication/Encryption/
Decryption Request
Callback executed upon
operation complete
Communication between
access component and
NPE via AQM
Client
Access-Layer Component
Co-Processor
IxQMgr
IxCryptoAcc
Intel XScale
WEP Engine