Table 3-3. MAC Operation Table (Sheet 2 of 2)
AES_ SSL3 XCB
GCM .0- C-
Key MAC MAC
Key Key
MAC Type FB
LB
IPAD OPA SO_I IHV
File Data
Size
State
D
V
SSL3.0-
Arbitrary
Stateless
1
1
√
√
√
√
√
√
X
X
X
√
MAC
length
(SHA1)
512-bit
aligned
First
Block
1
0
0
0
0
1
512-bit
aligned
Middle
Block
Arbitrary
length
Last
Block
√
3.1.3.10
IPsec Packet Processing
The 820x has been optimized to maximize IPsec packet processing performance.
The 820x has four processing engines: compression, encryption, pad, and hash. The
processing order depends on whether the operation is encode or decode and the position of
the hash engine using the PS bits in the hash descriptor. Please refer to Chapter 4, “Data
Flow" for a detailed description of the operation sequence.
Each processing engine may be enabled or disabled. A disabled processing engine simply
passes data forward to the next processing unit without altering the data or modifying the
context.
Each processing engine has two counters: a Header Counter and a Source Counter. The
Header Counter is used to determine how many bytes the processing engine will pass
through before processing the data. This counter is useful to skip header fields in many
network communication protocols. The Source Counter determines how many bytes will be
processed by that processing engine. The Source Counter may be programmed to start
from the first byte to be processed, or after the last byte processed by the previous
processing engine. This flexibility takes into account the variable output sizes produced by
the compression and pad engines. Once the source count of a processing engine reaches
zero, any remaining bytes in the input data stream will be passed through the processing
engine without altering the data or modifying the context.
Figure 3-21 shows an example of how the 820x would processes an IPsec packet in
conjunction with the host software. This IPsec example illustrates how to apply IPPCP and
ESP in tunnel mode.
820x – Data Sheet, DS-0157-D
Page82
Hifn Confidential