Key Features
Support for IPv4 and IPv6 packets
Support for the IPsec ESP and AH protocols:
- Insertion / removal of headers and trailers; internal padding
- Transport and tunnel modes of operation
- Integrity Check Value (ICV) insertion and validation
- Transport and Tunnel Adjacency (AH+ESP combination) support
|
Support for IPsec ESP encryption algorithms per RFC 4835:
- NULL
- AES-CBC (128- and 256-bit keys)
- TripleDES-CBC
|
Support for IPsec ESP (and AH for –AH option) authentication algorithms per RFC 4835:
- HMAC-SHA1-96
- AES-XCBC-MAC-96
|
Optional support for SSL 2.0, 3.0 and TLS 1.0. 1.1, and 1.2 (-SSL option). Capable of supporting simultaneous SSL/TLS and IPsec data flows. SSL/TLS cipher support includes:
- Block ciphers with hash-based authentication
- AEAD ciphers
|
Support for SSL / TLS block ciphers:
- RC4
- TripleDES-CBC
- AES-CBC (128-, 192- and 256-bit keys)
- AES-GCM (128- and 256-bit) (-GCM option)
|
Support for SSL / TLS hashes:
- MD5 SHA-1
- SHA-256
- SHA-384
- SHA-512
|
Additional cryptographic algorithms available upon request
Built-in cryptographically secure pseudorandom number generator
Replay protection
Scalable high performance. Scaling is achieved through adjustable number of encryption engines inside and configurable throughput of the connection parameters memory .
FIFO-like interface with flexible bit width; simple integration into the datapath.
Dedicated encryption and decryption configurations, duplex option with shared connection context memory available.
Support for Galois Counter Mode Encryption and authentication (GCM), Galois Message Authentication (GMAC)
Flow-through design
Built-in connection parameters database and lookup engine
OpenSSL integration (integration with other packages upon request)
Optional statistics block
No segmentation/reassembly support in the IPsec transport mode
Applications
- IPsec accelerators
- SSL/TLS accelerators
- High performance routers
|
|
