The Ensigma IPSec core is a complete IPSec protocol processor for IPV4 and IPV6, and forms part of the Ensigma security IP portfolio. The IP is highly flexible with a programmable controller for ESP/AH encapsulation and the crypto engines are implemented in hardware. The high performance engine can process multiple gigabits of traffic with short IP packets (40 byte). Ensigma’s IPSec provides DMA type of interface for programming pointers to the security association data, packet pointers. The DMA performs scatter/gather data fetching and security keys along with the keys. The IPSec processor performs the header (ESP/AH) insertion, padding on the fly, and presents the appropriate packet segments to the hardware engines. The hardware engines perform the encryption and authentication in sequence or in parallel depending on in-bound or out-bound traffic.

 

EnsigmaIPSEC

 

The core can be configured for inline processing of the packets without having to a DMA controller for high performance operations (10 Gbps). The IP is configurable with respect to the encryption and authentication engines instantiated. In addition, the performance of the Security Engines can be traded with the design size.

 

Encryption EnginesSpecifications
AES> 128, 192 and 256 bit modes
> CBC, ECB, CTR, CFB, OFB modes of operation
TDES> Optional DES operation
> CBC, ECB, CTR, CFB, OFB modes of operation
RC4

Features

  • Support high throughput for chained crypto mode of operations.
  • Provides Packet level buffering for larger than 4 Gbps performance for Chained crypto modes.
  • Performs Crypto operations in parallel across the multiple engines.
  • Scalable architecture based on performance requirements.
  • Proprietary internal bus for optimal throughput and highest performance.
  • Separate busses for data transfer and packet communication control.
  • Optionally Separate Interface for Security Associate data (SAD).
  • Performs Anti Replay Checks.
  • Automatic Sequence Number updates.
  • Inline Operation with WSP blocks.
  • Performs Buffer allocation / free as per the WSP architecture.
  • Updates buffer headers to be taken directly by Traffic Manager.

Applications

  • Small/Medium Business Enterprise access devices
  • Residential Gateways
  • Managed Switches
  • Wireless Basestations
  • Micro Servers

 

Authentication engines

  • SHA-1, SHA-256, SHA-512
  • MD-5
  • AES-GCM, AES-xCBC
  • HMAC operation for all the Authentication Engines