Multi-Protocol Crypto Engine with Classification

Overview

The EIP-197 is a family of high speed Cryptographic Accelerators with embedded Classification Engine, Virtualization, Latency compensation to maintain performance under stress conditions in the system and embedded Cache, designed to efficientlyoff-load NPU’s and CPU’s in servers from security related tasks to improve the speed of IPsec, SRTP, SSL, TLS, DTLS and MACsec protocol operations and reduce power consumption.

Key Features

  • IPsec Classification:
    • IPv4/IPv6 and IPsec-ESP header parsing to look-up a flow or transform,
    • Fetch flow and/or corresponding transform record based on lookup result,
    • Optionally update flow statistics,
    • Optionally update transform statistics,
    • For details on the supported L2, L3 and L4 header parsing is referred to the Firmware Reference Manual.
  • IPsec transformation:
    • Full IPsec packet ESP transforms according to both legacy IPsec v2 (240x) and latest IPsec v3 (430x) RFC’s as well as all relevant cipher suite RFC’s,
    • Autonomous IPsec ESP packet classification and Security Association selection (both in- and outbound),
    • IPsec ESP tunnel & transport modes,
    • Complete IPsec Header/Trailer processing,
    • Insert ESP header for outbound packets, strip and verify ESP header for inbound packets,
    • Full sequence number processing, including ESN and full anti-replay check with various mask sizes, up to 384 bits
    • Calculate and insert Integrity Check Value for outbound packets, strip and verify for inbound packets,
    • Append (outbound) / strip and verify (inbound) padding up to 255 bytes.
    • Support for processing packets for one SA on multiple processing engines, maintaining SA coherency.
  • SSLv3.0 / TLSv1.0 / TLSv1.1 / TLSv1.2 / TLSv1.3:
    • Packet transforms according to all relevant RFCs,
    • Header processing,
    • Full autonomous single pass processing for stream and block cipher modes of operation,
    • Padding insertion & removal up to 255 bytes,
    • ICV/TAG insertion/verification.
  • DTLS v1.0 / DTLS v1.2 / DTLS v1.3
    • Packet transforms according to all relevant RFC’s,
    • Header processing,
    • Full autonomous single pass processing for stream and block cipher modes of operation,
    • Padding insertion & removal up to 255 bytes,
    • ICV/TAG insertion/verification.
    • Support for processing packets for one SA on multiple processing engines, maintaining SA coherency.
  • MACsec
    • IEEE 802.1AE,
    • SecTAG insertion and removal,
    • PN insertion, removal and verification,
    • ICV generation, insertion, removal and verification.
    • Support for processing packets for one SA on multiple processing engines, maintaining SA coherency.
  • SRTP packet transforms according to RFC3711,
  • Wireless Algorithms
    • Kasumi f8 and f9,
    • SNOW 3G,
    • ZUC.
  • Storage algorithms
    • AES-XTS (ANSI/IEEE Std P1619-2007),

Benefits

  • Complete HW/SW system.
  • High-speed Crypto Packet Engine
  • Silicon-proven implementation
  • Fast and easy to integrate into SoCs.
  • Flexible layered design.
  • Complete range of configurations.
  • World-class technical support.

Applications

  • SSL
  • TLS
  • DLTS
  • IPsec
  • Communication protocols

Deliverables

  • Documentation
    • Hardware Reference and Programmer Manual
    • Integration Manual
    • Verification Specification
    • Firmware Reference Manual
  • Synthesizable Verilog RTL source code
  • Self-checking RTL test bench, including test vectors and expected result vectors
  • Simulation scripts
  • Many different configurations available:
    • Single to Sixteen Processing Engines
    • Default support for:
      • IPsec, TLS, SSL, MACsec
      • AES, (3)DES, SHA-1, SHA-2, MD5
    • Optional support for:
      • ARC4 + SHA-384 + SHA-512
      • Kasumi + SNOW3G + ZUC
      • Extended IPsec
      • Extended SSL
      • AES-XTS
      • SHA3-224 + SHA3-256 + SHA3-384 + SHA3-512
      • ChaCha20 + Poly1305
    • Gate count ranging from: 1 to 7.5k gates
    • Up to 1150 MHz
    • Up to 64 bits/clk
  • For more information about this product or the all the different configurations, please contact Rambus: https://www.rambus.com/contact

Technical Specifications

Foundry, Node
Any
Maturity
Silicon Proven
Availability
Now
TSMC
Silicon Proven: 7nm , 16nm , 28nm , 40nm G
×
Semiconductor IP