Protocol-IP-197 / EIP-197 Multi-Protocol Engine with Classifier, Look-Aside, >5Gbps

Protocol-IP-197 / EIP-197 Multi-Protocol Engine Information

Key benefits:

• Silicon-proven implementation
• Fast and easy to integrate into SoCs
• Flexible layered design
• Complete range of configurations
• World-class technical support
• Driver development kit

IPsec classification:

• IPsec-ESP header parsing to look-up a flow
• Fetch flow and corresponding transform record based 
on lookup result
• Update flow statistics
• Update transform statistics
• Support for IPv4 and IPv6

IPsec transformation (IPv4 and IPv6):

• Full IPsec packet ESP/AH transforms according to latest RFCs (2403, 2404, 2405, 2410, 3566, 3602, 3686, 4106, 4301, 4303, 4308, 4309, 4543, 4835, 4868, 4869, 6054, 6071 and 6379)
• IPsec ESP and AH tunnel & transport mode
• Autonomous IPsec ESP packet classification and s
ecurity association selection (both inbound and 
outbound)

• Insert ESP/AH header for outbound packets, strip and verify ESP/AH header for inbound packets
• Full sequence number processing, including ESN and full anti-replay check with various mask sizes
• Calculate and insert integrity check value for outbound packets, strip and verify for inbound packets
• Append (outbound) / strip and verify (inbound) padding up to 255 bytes

MACsec

• MACsec frame transforms according to IEEE 802.1AE-2006 and Draft 802.1AEbn/D1.0
• SecTAG insertion and removal,
• PN insertion, removal and verification
• ICV generation, insertion, removal and verification

SSL3.0 / TLS1.0 / TSL1.1 / TLS1.2 / DTLS1.0 / DTLS1.2:

• Full single pass packet transforms according to latest RFCs (246, 4346, 4347, 5246, 6101 and 6347).
• Full Header processing:
  • Insert header for outbound packets,
  • Strip and verify header for inbound packets,
  • Anti-replay check.
  • Trailer processing:
    • Insert padding up to 255 bytes for outbound packets,
    • Strip and verify padding up to 255 bytes for inbound packets,
    • Calculate and insert Message Authentication Code for outbound packets, strip and verify for inbound packets.

SRTP packet transforms according to RFC3711:

• SRTP packet transforms according to RFC3711
• ROC insertion and removal,
• MKI insertion and removal,
• TAG generation and insertion.

Wireless Algorithms and SAR mode of operation 


• Kasumi f8 and f9, 

• SNOW 3G, 

• ZUC. 
Storage algorithms 

• AES-XTS (including CTS mode) 


 SA -Manager

• Optimized Security Association format,
• Supports unlimited number of Security Associations.

The cryptographic engine supports the following cryptographic algorithms:

• (3)DES in ECB and CBC with (3x) 56-bit key,
• AES in ECB, CBC, ICM, CTR mode with 128/192/256 bit keys, GCM, GMAC and CCM modes,
• ARC4 in Stateful and Stateless mode, up to 128-bit key, (EIP-97is, EIP-97ies),
• Kasumi in basic and f8 mode (UEA1),
• SNOW3G in basic and 128-EEA1 mode (UEA2),
• ZUC in basic and 128-EEA3 mode (UEA3)
• AES in XTS mode.

The Hash engine supports the following algorithms:

• SHA-1, SHA-2-224, SHA-2-256, SHA-2-384, SHA-2-512, MD5,
• HMAC transforms for SHA-1, SHA-2, MD5,
• SSL-MAC transforms for SHA-1, MD5,
• AES-CCM, AES-XCBC-MAC, AES-CBC-MAC-PRF,
• GHASH, GCM, AES-GCM and AES-GMAC,
• CRC32.
• Kasumi in f9 mode (UIA1)
• SNOW3G in basic and 128-EIA1 mode (UIA2),
• ZUC in basic and 128-EIA3 mode (UIA3).

The Pseudo Random Number Generator supports:

• ANSI X9.31 compliant; based on the AES cipher,
• Automatic IV generation.

The Host interface with DMA controller supports:

• Multiple Descriptor Rings with individual access for 
multiprocessor support,
• Scatter/Gather processing,
• Automatic arbitration and bus flow control,
• Supports big and little endian host systems.
• Decouples Packet Engine from system bus interface

Master and slave interface:

• Master/Slave interface: AXI/AXI or AXI/APB or AHB/AHB slave interface.
• Input and output buffers decouple Packet Engine from system bus interface,
• Convenient SW debug interface including halt mode.
• Clock switching interface for low power consumption.