Key Features
Glueless integration to the 1G/2.5G/10G Anyspeed MAC.
Based on the popular GCM5-32 engine
Small size combined with high performance:
- Starting at 80K ASIC gates
- 10 Gbps performance at 312.5 MHz
|
Very low latency
Back-to-back packet processing:
- Full, 10 Gbps data rate processing the shortest 64-byte-long packet
|
Supports encryption and decryption
Provides MACsec header parsing and modification:
- Insertion and removal of the SecTag including the packet number (PN) and an optional SCI
- Rx packet validation
- Insertion, validation and removal of the ICV
- Replay protection based on the PN windowing
|
Optional MKP1 key processor (storage with associative lookup)
Optional MSC1 statistic counters
Support for Galois Counter Mode Encryption and authentication (GCM), Galois Message Authentication (GMAC)
Flow-through design
Driver software for 802.1X-2010 (a.k.a. 802.1af, KEYsec, 802.1x-REV) key agreement (MKA)
Function Description
The MSP5 implementation fully supports the IEEE 802.1ae (MACsec) algorithm for 128-bit bit keys, including AES support in Galois Counter Mode (GCM) per NIST publication SP800-38D http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf.
The core is designed for flow-through operation. MSP5 supports encryption and decryption modes (encrypt-only and decrypt-only options are available). |
Tx Processing
On encryption, for each frame the core:
- Inserts the SecTag, including the PN and an optional SCI
- Encrypts and authenticates the frame
- Appends the ICV tag to the packets
- Updates the PN
- Updates the statistics counters
|
Rx Processing
On decryption, for each frame the core:
- Allows pass-through for KaY frames
- Validates the SecTag and SCI, if present
- Checks that the packet number PN is within the PN window
- Decrypts the frame, if encrypted
- Calculates the ICV tag, if the frame is authenticated, and compares to the one in the frame
- Removes the ICV tag, appended to the frame
- Updates the PN window
- Updates the statistics counters
|
|