Multi-Protocol Crypto Engine

Overview

The EIP-97 is a Cryptographic Engine designed to offload the Host processor to improve the speed of IPsec ESP, IPsec AH, SRTP, SSL, TLS, DTLS and MACsec protocol operations and reduce power in cost-sensitive networking products, such as: Femtocell, DSL routers, SOHO routers, Cable Modems and VPN Appliances. Besides being optimized for small packet processing the EIP-97 is designed for integration into multiprocessor systems.

Key Features

  • IPSec (IPv4 and IPv6):
    • Full IPSec packet ESP/AH transforms according to latest RFCs (2403, 2404, 2405, 2410, 3566, 3602, 3686, 4106, 4301, 4303, 4308, 4309, 4543, 4868, 4869, 6054
  • and 6379),
    • IPSec ESP and AH tunnel & transport mode,
    • Complete IPSec (IPv4/IPv6) Header/Trailer processing,
    • Insert ESP/AH header for outbound packets, strip and verify ESP/AH header for inbound packets,
    • Anti-replay check,
    • Calculate and insert Integrity Check Value for outbound packets, strip and verify for inbound packets,
    • Append (outbound) / strip and verify (inbound) padding up to 255 bytes.
  • MACsec
    • MACsec frame transforms according to IEEE
  • 802.1AE
    • SecTAG insertion and removal,
    • PN insertion, removal and verification
    • ICV generation, insertion, removal and verification
  • SSLv3.01 / TLSv1.0 / TLSv1.1 / TLSv1.2 / DTLS
    • Packet transforms according to latest RFCs (2246, 4346, 4347, 5246, 5288, 5289, 6101, 6347 and 6460)
    • Full header processing
    • All packets are processed autonomous, including length correction based on pad-length.
  • SRTP packet transforms according to RFC3711
  • Wireless algorithm support
    • Kasumi f8 and Kasumi f9
    • SNOW 3G integrity or authentication
    • ZUC integrity or authentication
  • SA (context) records
    • Optimized Security Association format (Context Record).
    • Supports unlimited number of Security Associations.
    • Support for 64-bit addressing.
    • Optional support for sequence number masks up to 384 bits wide.

Benefits

  • Complete HW/SW system.
  • High-speed Crypto Packet Engine
  • Silicon-proven implementation
  • Fast and easy to integrate into SoCs.
  • Flexible layered design.
  • Complete range of configurations.
  • World-class technical support.

Applications

  • NPU SoC
  • VPN routers
  • MACsec routers
  • L2 & L3 Secure Switches
  • VoIP
  • WiMAX and WiFi
  • FTTH (Fiber To The Home)
  • Home gateways
  • Fronthaul/Backhaul control network boxes

Deliverables

  • Documentation
    • Hardware Reference and Programmer Manual
    • Integration Manual
    • Verification Specification
    • Operations Manual
  • Synthesizable Verilog RTL source code
  • Self-checking RTL test bench, including test vectors and expected result vectors
  • Simulation scripts
  • Synthesis scripts
  • Configurations:
  • Many different configurations available:
    • Gate counts range from : 275-1655k gates, depending on number of supported algorithms
    • IPsec 5 Gbps using AES and SHA-1
    • MACsec 5.9 Gbps using AES-GCM
  • For more information about this product or the all the different configurations, please contact Rambus: https://www.rambus.com/contact

Technical Specifications

Foundry, Node
Any
Maturity
Silicon Proven
Availability
Now
TSMC
Silicon Proven: 7nm , 16nm , 28nm , 40nm G
×
Semiconductor IP