XIP1211B from Xiphera is a balanced Intellectual Property (IP) core implementing the MACsec protocol as standardized in IEEE Std 802.1AE-2018.
The MACsec protocol defines a security infrastrucure for Layer 2 (as per the OSI model) traffic by assuring that a received frame has been sent by a transmitting station that claimed to send it. Furthermore, the traffic between stations is both encrypted to provide data confidentiality and authenticated to provide data integrity.
XIP1211B uses Advanced Encryption Standard with 128 bits long key in Galois Counter Mode (AES-GCM) to protect data confidentiality, data integrity and data origin authentication. The cipher suite is denoted either as GCM-AES-XPN-128 if the eXtended Packet Numbering (XPN) is in use, or as GCM-AES-XPN-128 if XPN is not in use. Both GCMAES-128 and GCM-AES-XPN-128 use Xiphera’s IP core XIP1111B as the underlying building block for AES-GCM.
XIP1211B is best suited for traffic on 1 Gbps links, and can be deployed using low-cost FPGA families. XIP1211B can also in selected cases be retrofitted to existing FPGA designs without requiring a board re-spin, either if there are enough FPGA resources available or if a pin-compatible FPGA with additional resources can be used.
Key management (including key exchange) lies outside the scope of 802.1AE, and hence the functionality of XIP1211B is based on the assumption that key management is performed by externally to XIP1211B.
XIP1211B has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP1211B does not rely on any FPGA manufacturer-specific features.