Filter
Top Products
Intel
®
IXP400 Software
Access-Layer Components: Security (IxCryptoAcc) API
April 2005 IXP400 Software Version 2.0 Programmer’s Guide
96 Document Number: 252539, Revision: 007
ixCryptoAccCtxCipherKeyUpdate()
This function is called to change the key value of a previously registered context. Key change for a
registered context is only supported for CCM cipher mode. This is done in order to quickly change
keys for CCM mode, without going through the process of context deregistration and registration.
Changes to the key lengths are not allowed for a registered context. This function should only be
used if one is invoking cryptographic operations using CCM as cipher mode.
The client should make sure that there are no pending requests on the “cryptoCtxtId” for the key
change to happen successfully. If there are pending requests on this context the result of those
operations are undefined.
For contexts registered with other modes, the client should unregister and re-register a context for
the particular security association in order to change keys and other parameters.
7.3.8 Error Handling
IxCryptoAcc returns an error type to the client and the client is expected to handle the error.
Internal errors will be reported using an IxCryptoAcc-specific, error-handling mechanism listed in
IxCryptoAccStatus.
7.3.9 Endianness
The mode supported by this component is both big endian and little endian.
7.3.10 Import and Export of Cryptographic Technology
Some of the cryptographic technologies provided by this software (such as 3DES and AES) may be
subjected to both export controls from the United States and import controls worldwide. Where
local regulations prohibit, some described modes of operation may be disabled.
7.4 IPSec Services
This section describes the way that IxCryptoAcc is used in an IPSec usage model.
7.4.1 IPSec Background and Implementation
When deploying IPSec-related applications, the generalized architecture in Figure 30 is used. The
figure shows the scope and the roles played by the NPE and the IxCryptoAcc component in an
IPSec application.