In-line Multi-Protocol Cipher Engine
Overview
The EIP-96 is an Inline Cryptographic Accelerator designed to accelerate and offload the very CPU intensive IPsec, MACsec, SRTP, SSL, TLS and DTLS protocol operations. The In-line Multi-Protocol Engine is suited for communications processors and other general-purpose processors that require maximum data plane offload to dedicated security hardware. The Multi-Protocol Engine accommodates designs that already include Packet Classifiers (such as NPUs) as well as designs that require bulk crypto processing without any flow processing. In addition, the Multi-Protocol Engine can be used in various SoC architectures, even 'look-a-side' architectures.
Key Features
- IPSec (IPv4 and IPv6):
- Full IPSec packet ESP/AH transforms according to latest RFCs (2403, 2404, 2405, 2410, 3566, 3602, 3686, 4106, 4301, 4303, 4308, 4309, 4543, 4868, 4869, 6054
- and 6379),
- IPSec ESP and AH tunnel & transport mode,
- Complete IPSec (IPv4/IPv6) Header/Trailer processing,
- Insert ESP/AH header for outbound packets, strip and verify ESP/AH header for inbound packets,
- Anti-replay check,
- Calculate and insert Integrity Check Value for outbound packets, strip and verify for inbound packets,
- Append (outbound) / strip and verify (inbound) padding up to 255 bytes.
- MACsec
- MACsec frame transforms according to IEEE
- 802.1AE
- SecTAG insertion and removal,
- PN insertion, removal and verification
- ICV generation, insertion, removal and verification
- SSLv3.01 / TLSv1.0 / TLSv1.1 / TLSv1.2 / DTLS
- Packet transforms according to latest RFCs (2246, 4346, 4347, 5246, 5288, 5289, 6101, 6347 and 6460)
- Full header processing
- All packets are processed autonomous, including length correction based on pad-length.
- SRTP packet transforms according to RFC3711
- Wireless algorithm support
- Kasumi f8 and Kasumi f9
- SNOW 3G integrity or authentication
- ZUC integrity or authentication
- SA (context) records
- Optimized Security Association format (Context Record).
- Supports unlimited number of Security Associations.
- Support for 64-bit addressing.
- Optional support for sequence number masks up to 384 bits wide.
Benefits
- Complete HW/SW system.
- High-speed Crypto Packet Engine
- Silicon-proven implementation
- Fast and easy to integrate into SoCs.
- Flexible layered design.
- Complete range of configurations.
- World-class technical support.
Applications
- SSL
- TLS
- DLTS
- IPsec
- Communication protocols
Deliverables
- Documentation
- Hardware Reference and Programmer Manual
- Integration Manual
- Verification Specification
- Operations Manual
- Synthesizable Verilog RTL source code
- Self-checking RTL test bench, including test vectors and expected result vectors
- Simulation scripts
- Synthesis scripts
- Configurations:
- Many different configurations available:
- Gate counts range from : 300-609k gates, depending on number of supported algorithms
- IPsec 5000Mbps using AES and SHA-1
- MACsec 6000Mbps using AES-GCM
- SSL/TLS/DTLS 5000Mbps using AES and SHA-1
- For more information about this product or the all the different configurations, please contact Rambus: https://www.rambus.com/contact
Technical Specifications
Foundry, Node
Any
Maturity
Silicon Proven
Availability
Now
TSMC
Silicon Proven:
7nm
,
16nm
,
28nm
,
40nm
G
Related IPs
- ICE-IP-338 High-speed XTS-GCM Multi Stream Inline Cipher Engine
- ICE-IP-358 High-speed XTS-GCM Multi Stream Inline Cipher Engine, DPA resistant
- Multi-Protocol Crypto Packet Engine, Low Power, Bus Attached
- Multi-Protocol Crypto Engine
- Multi-Protocol Crypto Engine with Classification
- Multi-Protocol Engine with Classifier, Look-Aside, 5-10 Gbps