This section describes IxCryptoAcc, the Intel IXP400 software security API. This software component provides support for authentication and encryption/decryption services needed in cryptographic applications, such as IPSec authentication and encryption, secure sockets layer (SSL), and 802.11i wireless LAN security. You can use this API to offload the execution of significant parts of these computationally expensive algorithms, freeing Intel XScale core cycles for your applications.

For background information on authentication, cryptographic algorithms, and cipher modes, see Applied Cryptography (Schneier 1996).

The IxCryptoAcc API supports the following operating modes:

• Encryption only

• Decryption only

• Authentication calculation only

• Authentication check only

• Encryption followed by authentication calculation

• Authentication check followed by decryption

It supports the following cryptographic algorithms:

• Data encryption standard (DES)

• Triple DES

• Advanced encryption standard (AES)

• ARC4

The API supports the following cipher modes:

• NULL for stream ciphers, like ARC4

• Electronic code book (ECB)

• Cipher block chaining (CBC)

• Counter (CTR) for AES algorithm only (RFC 3686)

• Single-Pass AES counter with CBC MAC (AES-CCM) for 802.11i

The API supports the following authentication algorithms:

• Secure hash algorithm 1 (SHA-1)

• Message digest 5 (MD-5)

• WEP integrity check value (ICV)

Finally, the component supports up to 1,000 simultaneous security associations or tunnels.

You have two choices of implementations of the ARC4 and WEP ICV algorithms. You can use a microcode implementation that uses NPEA. If you need NPE A for other functionality, you can use implementations optimized specifically for the Intel XScale core.