IEEE 802.1ae (MACsec) Security Processor

Overview

Key Features

• Small size combined with high performance:
• Starting at less than 180K ASIC gates
• 16 Gbps performance at 250 MHz with 180K gates
• Self-contained, uses two external memories for key storage and statistic counters
• Very low latency
• 12 clocks input-to-output
• Back-to-back packet processing
• 64 bytes shortest packet
• Supports encryption and decryption
• Provides MACsec header parsing and modification:
• Insertion and removal of the SecTag including the packet number (PN) and an optional SCI
• RX packet validation
• Insertion, validation and removal of the ICV
• Replay protection based on the PN windowing
• Includes key storage, lookup, and expansion
• Key lookup is based on LLID (other option of packet classifications are available)
• Ability to lookup the key using built-in associative memory (parameterized size, default 16 entries) or using the LLID directly as an index
• Support for Galois Counter Mode Encryption and authentication (GCM), Galois Message Authentication (GMAC)
• Flow-through design
• Test bench provided
• Sample software for 802.1X-2010 (a.k.a. 802.1af, KEYsec, 802.1x-REV) key agreement (MKA) is provided
• Deliverables include test benches and optional NIST algorithm validation

Block Diagram

Applications

• WLAN 802.1ae MACsec
• RFC 4869

Deliverables

• HDL Source Licenses
• Synthesizable Verilog RTL source code
• Self-checking Test environment
• Test-bench
• Test-vectors
• Expected results
• User Documentation
• Optional GCMVS NIST validation
• Netlist Licenses
• Post-synthesis EDIF
• Testbench (self-checking)
• vectors for testbenches
• Expected results

Technical Specifications