Multi-Protocol Crypto Engine with Classification

Overview

Key Features

• IPsec Classification:
• IPv4/IPv6 and IPsec-ESP header parsing to look-up a flow or transform,
• Fetch flow and/or corresponding transform record based on lookup result,
• Optionally update flow statistics,
• Optionally update transform statistics,
• For details on the supported L2, L3 and L4 header parsing is referred to the Firmware Reference Manual.
• IPsec transformation:
• Full IPsec packet ESP transforms according to both legacy IPsec v2 (240x) and latest IPsec v3 (430x) RFC’s as well as all relevant cipher suite RFC’s,
• Autonomous IPsec ESP packet classification and Security Association selection (both in- and outbound),
• IPsec ESP tunnel & transport modes,
• Complete IPsec Header/Trailer processing,
• Insert ESP header for outbound packets, strip and verify ESP header for inbound packets,
• Full sequence number processing, including ESN and full anti-replay check with various mask sizes, up to 384 bits
• Calculate and insert Integrity Check Value for outbound packets, strip and verify for inbound packets,
• Append (outbound) / strip and verify (inbound) padding up to 255 bytes.
• Support for processing packets for one SA on multiple processing engines, maintaining SA coherency.
• SSLv3.0 / TLSv1.0 / TLSv1.1 / TLSv1.2 / TLSv1.3:
• Packet transforms according to all relevant RFCs,
• Header processing,
• Full autonomous single pass processing for stream and block cipher modes of operation,
• Padding insertion & removal up to 255 bytes,
• ICV/TAG insertion/verification.
• DTLS v1.0 / DTLS v1.2 / DTLS v1.3
• Packet transforms according to all relevant RFC’s,
• Header processing,
• Full autonomous single pass processing for stream and block cipher modes of operation,
• Padding insertion & removal up to 255 bytes,
• ICV/TAG insertion/verification.
• Support for processing packets for one SA on multiple processing engines, maintaining SA coherency.
• MACsec
• IEEE 802.1AE,
• SecTAG insertion and removal,
• PN insertion, removal and verification,
• ICV generation, insertion, removal and verification.
• Support for processing packets for one SA on multiple processing engines, maintaining SA coherency.
• SRTP packet transforms according to RFC3711,
• Wireless Algorithms
• Kasumi f8 and f9,
• SNOW 3G,
• ZUC.
• Storage algorithms
• AES-XTS (ANSI/IEEE Std P1619-2007),

Benefits

• Complete HW/SW system.
• High-speed Crypto Packet Engine
• Silicon-proven implementation
• Fast and easy to integrate into SoCs.
• Flexible layered design.
• Complete range of configurations.
• World-class technical support.

Applications

• SSL
• TLS
• DLTS
• IPsec
• Communication protocols

Deliverables

• Documentation
• Hardware Reference and Programmer Manual
• Integration Manual
• Verification Specification
• Firmware Reference Manual
• Synthesizable Verilog RTL source code
• Self-checking RTL test bench, including test vectors and expected result vectors
• Simulation scripts
• Many different configurations available:
• Single to Sixteen Processing Engines
• Default support for:
• IPsec, TLS, SSL, MACsec
• AES, (3)DES, SHA-1, SHA-2, MD5
• Optional support for:
• ARC4 + SHA-384 + SHA-512
• Kasumi + SNOW3G + ZUC
• Extended IPsec
• Extended SSL
• AES-XTS
• SHA3-224 + SHA3-256 + SHA3-384 + SHA3-512
• ChaCha20 + Poly1305
• Gate count ranging from: 1 to 7.5k gates
• Up to 1150 MHz
• Up to 64 bits/clk
• For more information about this product or the all the different configurations, please contact Rambus: https://www.rambus.com/contact

Technical Specifications