Filter
Top Products
Intel
®
IXP400 Software
Access-Layer Components: Security (IxCryptoAcc) API
April 2005 IXP400 Software Version 2.0 Programmer’s Guide
98 Document Number: 252539, Revision: 007
7.4.2 IPSec Packet Formats
IPSec standards have defined packet formats. The authentication header (AH) provides data
integrity and the encapsulating security payload (ESP) provides confidentiality and data integrity.
In conjunction with SHA1 and MD5 algorithms, both AH and ESP provide data integrity. The
IxCryptoAcc component supports both different modes of authentication. The ICV is calculated
through SHA1 or MD5 and inserted into the AH packet and ESP packet.
In ESP authentication mode, the ICV is appended at the end of the packet, which is after the ESP
trailer if encryption is required.
Figure 31. Relationship Between IPSec Protocol and Algorithms
ESP AH
Enc r y ptio n
Al gori thm
Authenti cat ion
Al gori thm
B2307-0
2
Figure 32. ESP Packet Structure
Security Parameters Index (SPI)
Sequence Number
Payload Data (Variable Length)
Padding (0-255 Bytes)
Pad Length Next Header
Authentication Data (Variable Length)
B2311-02
Encrypted
Authenticated