+1 613 254 5456
adjust font size Increase Font Size Reset Font Size Decrease Font Size

ESS-03: Linux IPSec Reference Design

ESS-03 offers a reference design for integrating the CLP-30: High Throughput Pipelined IPsec Core into Linux IPsec. Linux IPsec is a robust, open platform that has been widely adopted by embedded software developers. The challenge in integrating hardware offload has been finding the optimum method of substituting hardware offload function for software processes. The ESS-03 facilitates an offload solution for both IPv4 and IPv6 implementations of IPsec and is available in C source code to speed time to market through a complete reference solution from Elliptic.

Linux offers a complete IPsec solution which is tightly integrated into the TCP/IP stack and offers a complete solution for the data plane packet manipulation required for IPsec. Ellipsys Linux IPsec offers a reference design for data plane IPsec and supports fast data path hardware offload for both IPv4 and IPv6 implementations. IPv4 IPsec offload is done through the substitution of hardware ESP/AH header processing for the native software functions. IPv6 IPsec offload is done through crypto offload of the base algorithms such as AES, 3DES and HMAC/SHA-1.

 

Features

  • Supports IPv4 IPsec PDU processing hardware offload
    • Replacement of fast path ESP/AH function with hardware
  • Supports IPv6 IPsec hardware offload
    • Replacement of fast path cipher and hash operations with hardware
  • Reference code licensed in C Source Code
  • Developed for Linux Fedora Core 15 with Kernel 2.6.39 or newer versions

 

Benefits

  • Complete solution
  • Highly configurable, flexible and reliable
  • NIST CAVP Certified
  • Optimized for size and performance
  • GPL-Free Code
  • Platform/OS agnostic
  • Significantly reduces development cycles
  • Optional support for hardware acceleration and offload for embedded processors

Downloads

IPsec/SRTP (ESP/AH) Offload Engine

Featured Products

media ETS-020: tVault HDCP 2.2
A proven HDCP-based content protection solution that provides robust security inside Trusted Execution Environments (TEEs) and enforces the protection of sensitive information to ensure that it is stored, processed and accessed only by authorized applications.The solution integrates seamlessly within frameworks such as ARM TrustZone™, where the critical security components are embedded in a trusted and secure OS environment. The non-critical components are executed by the rich OS, such as Android.
tower CLP-630: Multi-Packet Manager Security Engine
A highly programmable and unique Security Protocol Accelerator specifically designed to efficiently process data for high capacity wireless and network applications. The engine is perfectly suited for applications that deal with multiple active connections and significant traffic load on different contexts, such as 4G LTE-Advanced wireless cellular base stations and femtocells.