Multi-Protocol Crypto Engine
Overview
The EIP-97 is a Cryptographic Engine designed to offload the Host processor to improve the speed of IPsec ESP, IPsec AH, SRTP, SSL, TLS, DTLS and MACsec protocol operations and reduce power in cost-sensitive networking products, such as: Femtocell, DSL routers, SOHO routers, Cable Modems and VPN Appliances. Besides being optimized for small packet processing the EIP-97 is designed for integration into multiprocessor systems.
Key Features
- IPSec (IPv4 and IPv6):
- Full IPSec packet ESP/AH transforms according to latest RFCs (2403, 2404, 2405, 2410, 3566, 3602, 3686, 4106, 4301, 4303, 4308, 4309, 4543, 4868, 4869, 6054
- and 6379),
- IPSec ESP and AH tunnel & transport mode,
- Complete IPSec (IPv4/IPv6) Header/Trailer processing,
- Insert ESP/AH header for outbound packets, strip and verify ESP/AH header for inbound packets,
- Anti-replay check,
- Calculate and insert Integrity Check Value for outbound packets, strip and verify for inbound packets,
- Append (outbound) / strip and verify (inbound) padding up to 255 bytes.
- MACsec
- MACsec frame transforms according to IEEE
- 802.1AE
- SecTAG insertion and removal,
- PN insertion, removal and verification
- ICV generation, insertion, removal and verification
- SSLv3.01 / TLSv1.0 / TLSv1.1 / TLSv1.2 / DTLS
- Packet transforms according to latest RFCs (2246, 4346, 4347, 5246, 5288, 5289, 6101, 6347 and 6460)
- Full header processing
- All packets are processed autonomous, including length correction based on pad-length.
- SRTP packet transforms according to RFC3711
- Wireless algorithm support
- Kasumi f8 and Kasumi f9
- SNOW 3G integrity or authentication
- ZUC integrity or authentication
- SA (context) records
- Optimized Security Association format (Context Record).
- Supports unlimited number of Security Associations.
- Support for 64-bit addressing.
- Optional support for sequence number masks up to 384 bits wide.
Benefits
- Complete HW/SW system.
- High-speed Crypto Packet Engine
- Silicon-proven implementation
- Fast and easy to integrate into SoCs.
- Flexible layered design.
- Complete range of configurations.
- World-class technical support.
Applications
- NPU SoC
- VPN routers
- MACsec routers
- L2 & L3 Secure Switches
- VoIP
- WiMAX and WiFi
- FTTH (Fiber To The Home)
- Home gateways
- Fronthaul/Backhaul control network boxes
Deliverables
- Documentation
- Hardware Reference and Programmer Manual
- Integration Manual
- Verification Specification
- Operations Manual
- Synthesizable Verilog RTL source code
- Self-checking RTL test bench, including test vectors and expected result vectors
- Simulation scripts
- Synthesis scripts
- Configurations:
- Many different configurations available:
- Gate counts range from : 275-1655k gates, depending on number of supported algorithms
- IPsec 5 Gbps using AES and SHA-1
- MACsec 5.9 Gbps using AES-GCM
- For more information about this product or the all the different configurations, please contact Rambus: https://www.rambus.com/contact
Technical Specifications
Foundry, Node
Any
Maturity
Silicon Proven
Availability
Now
TSMC
Silicon Proven:
7nm
,
16nm
,
28nm
,
40nm
G