Filter
Top Products
Intel
®
IXP400 Software
Access-Layer Components: Security (IxCryptoAcc) API
Programmer’s Guide IXP400 Software Version 2.0 April 2005
Document Number: 252539, Revision: 007 93
8. IxCryptoAcc will return a context Id to the client application upon successful context
registration, and will call the Register Complete callback function.
7.3.4 Buffer and Queue Management
The IX_OSAL_MBUF buffer format is for use between the IxCryptoAcc access component and
the client. All buffers used between the IxCryptoAcc access component and clients are allocated
and freed by the clients. The client will allocate the IX_OSAL_MBUFs and the buffers will be
passed to IxCryptoAcc. The CryptoAcc access-layer component will allocate memory for the
CCD. The client passes a buffer to IxCryptoAcc when it requests hardware-accelerator services,
and the IxCryptoAcc component returns the buffer to the client when the requested job is done.
The component assumes that the allocated IX_OSAL_MBUFs are sufficient in length and no
checking has been put in place for the IX_MBUF length within the IX_OSAL_MBUF structure.
There is, however, IX_MBUF checking when the code is compiled in DEBUG mode. When
appending the ICV at the end of the payload, it is assumed that the IX_OSAL_MBUF’s length is
sufficient and will not cause memory segmentation. The ICV offset should be within the length of
the IX_MBUF.
Depending on the transfer mode in-place before returning the buffer to the client, the encrypted /
decrypted payload is written into the source buffer or destination buffer. This selection of in-place
versus non-in-place buffer operation may be defined for each crypto context prior to context
registration.
When the AHB Queue Manager is full, the hardware accelerator will return
IX_CRYPTO_ACC_QUEUE_FULL to the client. The client will have to re-send the data to be
encrypted or decrypted or authenticated after a random interval.
7.3.5 Memory Requirements
This section shows the amount of data memory required by IxCryptoAcc for it to operate under
peak call-traffic load. The IxCryptoAcc component allocates its own memory for the CCD to store
the required information, and for the NPE queue descriptors required when using NPE-based
acceleration. The total memory allocation follows this general formula:
Total Memory Allocation = (Size of NPE queue descriptor + size of additional authentication data)
* Number of descriptors + (size of crypto context) * (number of crypto contexts
).
This shows the memory requirements for 1,000 security associations, the default value set by
IX_CRYPTO_ACC_MAX_ACTIVE_SA_TUNNELS. This value can be increased or decreased as
needed by the client.
Table 11. IxCryptoAcc Data Memory Usage (Sheet 1 of 2)
Structure Size in Bytes Total Size in Bytes
NPE Queue Descriptor 96
Additional Authentication Data 64
Total Memory per NPE Descriptor 96+64=160
Number of NPE Descriptors 278
Total Memory Allocated for NPE Descriptors 160 * 278= 44,480
Crypto Context 152