Filter
Top Products
Intel
®
IXP400 Software
Access-Layer Components: Security (IxCryptoAcc) API
Programmer’s Guide IXP400 Software Version 2.0 April 2005
Document Number: 252539, Revision: 007 95
• IxCryptoAcc depends on the IxQMgr component to configure and use the hardware queues to
access the NPE.
• OS Abstraction Layer access-component is used for error handling and reporting,
IX_OSAL_MBUF handling, endianness handling, mutex handling, and for memory
allocation.
• IxFeatureCtrl access-layer component is used to detect the processor capabilities at runtime, to
ensure the necessary hardware acceleration features are available for the requested
cryptographic context registrations. The IxFeatureCtrl will only issue an warning and will not
return any errors if it detects that the hardware acceleration features are not available on the
silicon. The client should make sure that they do not use the cryptographic features if a
particular version of silicon does not support the cryptographic features.
• In situations where only the Intel XScale core WEP Engine is used, the IxQMgr component is
not utilized. Instead, local memory is used to pass context between the IxCryptoAcc API and
the Intel XScale core WEP Engine.
After the CCD has been updated, the API can then be used to perform cryptographic processing on
client data, for a given crypto context. This service request functionality of the API is described in
“IPSec Services” on page 96 and “WEP Services” on page 106.
7.3.7 Other API Functionality
In addition to crypto context registration, IPSec and WEP service requests, the IxCryptoAcc API
has a number of other features.
• A number of status definitions, useful for determining the cause of registration or
cryptographic processing errors.
• The ability to un-register a specific crypto context from the CCD.
• Two status and statistics functions are provided. These function show information such as the
number of packets returned with operation fail, number of packets encrypted/ decrypted/
authenticated, the current status of the queue, whether the queue is empty or full or current
queue length.
• The ability to halt the API.
The two following functions are used in specific situations that merit further explanation.
ixCryptoAccHashKeyGenerate()
This is a generic SHA-1 or MD5 hashing function that takes as input the specification of a basic
hashing algorithm, some data and the length of the digest output. There are several useful scenarios
for this function.
This function should be used in situations where an HMAC authentication key of greater than
64 bytes is required for a crypto context, and should be called prior to registering that crypto
context in the CCD. An initialization vector is supplied as input.
The function can also be used by SSL client applications as part of the SSL protocol MAC
generation by supplying the record protocol data as input.
ixCryptoAccHashPerform() can
perform this type of operation.