IPsec Security Processor

Overview

Key Features

• Support for IPv4 and IPv6 packets
• Support for the IPsec ESP and AH protocols:
• Insertion / removal of headers and trailers; internal padding
• Transport and tunnel modes of operation
• Integrity Check Value (ICV) insertion and validation
• Transport and Tunnel Adjacency (AH+ESP combination) support
• Support for IPsec ESP encryption algorithms per RFC 4835:
• NULL
• AES-CBC (128- and 256-bit keys)
• TripleDES-CBC
• Support for IPsec ESP (and AH for –AH option) authentication algorithms per RFC 4835:
• HMAC-SHA1-96
• AES-XCBC-MAC-96
• Optional support for SSL 2.0, 3.0 and TLS 1.0. 1.1, and 1.2 (-SSL option). Capable of supporting simultaneous SSL/TLS and IPsec data flows. SSL/TLS cipher support includes:
• Block ciphers with hash-based authentication
• AEAD ciphers
• Support for SSL / TLS block ciphers:
• RC4
• TripleDES-CBC
• AES-CBC (128-, 192- and 256-bit keys)
• AES-GCM (128- and 256-bit) (-GCM option)
• Support for SSL / TLS hashes:
• MD5  SHA-1
• SHA-256
• SHA-384
• SHA-512
• Additional cryptographic algorithms available upon request
• Built-in cryptographically secure pseudorandom number generator
• Replay protection
• Scalable high performance. Scaling is achieved through adjustable number of encryption engines inside and configurable throughput of the connection parameters memory .
• FIFO-like interface with flexible bit width; simple integration into the datapath.
• Dedicated encryption and decryption configurations, duplex option with shared connection context memory available.
• Support for Galois Counter Mode Encryption and authentication (GCM), Galois Message Authentication (GMAC)
• Flow-through design
• Built-in connection parameters database and lookup engine
• OpenSSL integration (integration with other packages upon request)
• Optional statistics block
• No segmentation/reassembly support in the IPsec transport mode

Technical Specifications