As part of INSIDE Secure’s award-winning silicon Intellectual Property (IP) product portfolio, the SafeXcel-IP-93 is Intellectual Property (IP) for accelerating IPSec, SSL/TLS, and SRTP. This engine supports an AHB, TCM or a PLB interface and can be delivered in different configurations as EIP-93ie, EIP-93is, EIP-93 ies and EIP-93iw. World’s only 100k gate IPsec accelerator (excluding interface).
Designed for fast integration, low gate count and full transforms, the SafeXcel IP Packet Engine provide a reliable and cost-effective Embedded IP solution that is easy to integrate into SoC designs.
The EIP-93 Security Packet Engine comprises of a Lookaside Packet Engine and an optional Public Key Processor (PKP). The Packet Engine is used as a bus master in the data plane of the system and processes packets with very little CPU intervention. The optional Public Key Processor is used as a bus slave in the control plane of a system for establishing sessions and setting up security associations.
It comprises of a large number Public Key Accelerator and a True Randum Number Generator. The Packet Engine features a modular interface design, allowing flexible integration into various host systems. The Packet Engine is offered in 5 configurations, each available with an AMBA, PLB or TCM interface.
For more options, such as support for other bus interfaces or alternate configurations of the Public-Key Accelerator and/or the True Random Number Generator, please contact INSIDE Secure.
- Performance > 550 Mbps for large packets:
- Performance for large packet sizes is > 550 Mbps for any supported protocol. IPsec performance for small packet sizes is > 300 Mbps. System clock 250 MHz.
- Gate count 105 k gates:
- Ultra low gate count and compact design for low cost applications. For example, the EIP-93i, excluding interfaces and memories, is about 105 kgates when synthesized at 250 MHz in a typical CMOS 90nm technology.
- IPsec (IPv4 and IPv6):
- Full IPsec packet ESP transforms, for tunnel & transport mode, according to latest RFCs (2403, 2404, 2405, 2410, 3566, 3602, 3686, 4301, 4303, 4308, 4309, 48351 and 4868).
- Complete IPsec (IPv4 and IPv6) Header processing:
- Insert ESP header for outbound packets,
- Strip and verify ESP header for inbound packets,
- Anti-replay check,
- IPsec Trailer processing:
- Insert padding up to 255 bytes for outbound packets,
- Strip and verify padding up to 255 bytes for inbound packets.
- Calculate and insert Integrity Check Value for outbound packets, strip and verify for inbound packets.
- SSLv3.0 / TLSv1.0 / TSLv1.1 / TLSv1.2 / DTLS:
- Full single pass packet transforms according to latest RFCs (2246, 3268, 3546, 4346, 4347, 4366 and 5246).
- Full Header processing:
- Insert header for outbound packets,
- Strip and verify header for inbound packets,
- Anti-replay check.
- Trailer processing:
- Insert padding up to 255 bytes for outbound packets,
- Strip and verify padding up to 255 bytes for inbound packets,
- Calculate and insert Message Authentication Code for outbound packets, strip and verify for inbound packets.
- SRTP packet transforms according to RFC3711:
- Calculate and insert TAG for outbound packets
- Strip and verify TAG for inbound packets
- Optimized Security Association format,
- Supports unlimited number of Security Associations.
- The cryptographic engine supports the following cryptographic algorithms:
- DES in ECB and CBC with 56-bit key,
- Triple-DES in ECB and CBC with 3 x 56-bit key,
- AES in ECB, CBC, ICM, CTR mode with 128-bit 192-bit and 256 bit key,
- ARC4 in stateful, stateless mode, up to 128-bit key,
- Automatic padding up to 255 bytes
- The Hash engine supports the following algorithms:
- SHA-2 with 224-bit, 256-bit digest,
- HMAC transforms for SHA-1, MD5 and SHA-2,
- SSL-MAC transforms for SHA-1, MD5.
- The Pseudo Random Number Generator supports:
- ANSI X9.31 compliant; based on the AES cipher,
- Automatic IV generation.
- The DMA controller supports:
- Source Address and Destination address of 32 bit size,
- Up to 256 bytes per DMA transfer,
- Automatic arbitration and bus flow control,
- Big and little endian host systems.
- Master and slave interface:
- AHB interface.
- Input and output buffers decouple Packet Engine from system bus interface,
- Convenient SW debug interface including halt mode.
- Clock switching interface for low power consumption
- Complete HW/SW system.
- High-speed Crypto Packet Engine
- Silicon-proven implementation
- Fast and easy to integrate into SoCs.
- Flexible layered design.
- Complete range of configurations.
- World-class technical support.
- SafeXcel-IP-93 Hardware Reference Manual
- SafeXcel-IP-93 Integration Manual
- SafeXcel-IP-93 Programmer Manual
- SafeXcel-IP-93 Operations Manual
- SafeXcel-IP-93 Verification Specification
- Synthesizable Verilog RTL source code
- Self-checking RTL test bench, including test vectors and expected result vectors
- Simulation scripts
- Synthesis scripts
- EIP-93i with TCM interface
- EIP-93ie with TCM interface
- EIP-93is with TCM interface
- EIP-93iw with TCM interface
- EIP-93ies with TCM interface
- Supporting AHB interface, compliant to AMBA Spec (Rev2.0), adds 5k gates.
- Supporting PLB interface, compliant to 128-bit PLB architecture Spec (Rev 4.6), adds 18k gates.
- The EIP-93 is a Security Packet Engine, part of the SafeXcel-IP family of cryptographic building blocks. The EIP-93 is designed to off-load the host processor to improve the speed of protocol operations and reduce power in cost-sensitive networking products, such as:
- DSL routers,
- SOHO routers,
- Cable Modems,
- VPN Appliances.