Filter
Top Products
Intel
®
IXP400 Software
Access-Layer Components: Security (IxCryptoAcc) API
Programmer’s Guide IXP400 Software Version 2.0 April 2005
Document Number: 252539, Revision: 007 99
In AH mode, the ICV value is part of the authentication header. AH is embedded in the data to be
protected. This results in AH being included for ICV calculation, which means the authentication
data field (ICV value) must be cleared before executing the ICV calculation. The same applies to
the ICV verification — the authentication data needing to be cleared before the ICV value is
calculated and compared with the original ICV value in the packet. If the ICV values don’t match,
authentication is failed.
NPE determines where to insert the ICV value, based on the ICV offset specified in the perform
function.
7.4.2.1 Reference ESP Dataflow
Figure 34 shows the example data flow for IP Security environment. Transport mode ESP is used
in this example. The IP header is not indicated in the figure.
The IP header is located in front of the ESP header while plain text is the IP payload.
Figure 33. Authentication Header
Security Parameters Index (SPI)
Sequence Number
Payload Length
Next Header
Authentication Data (Variable Length)
(Reserved)
B2312-01