180
AMD Alchemy Au1550 Security Network Processor Data Book
Security Engine
30283D
16
A
Authentication Fail. If this bit is returned as ‘1’ on an inbound ESP or AH
operation, it indicates that the Integrity Check Value (ICV) did not match
the computed value. The packet is still fully processed, although the SA is
not updated for IPsec ops with header processing enabled.
R0
15:8
NH
Next Header/Pad Value. For the IPsec operations, this field is used to pass
the Next Header value between the host and the security engine. For an
outbound packet, the host must populate this field with the value that is to
be inserted into the Next Header field of the innermost operation’s header
(i.e., ESP, AH, IPcomp headers). After completing the operation, the secu-
rity engine populates the Next Header field with the result of the operation.
For example, if an ESP operation is requested, the result Next Header is
50 decimal; for an AH operation, it is 51.
For an Inbound operation, the host does not need to populate this field.
The security engine returns the Next Header field it detects on the inner-
most operation, which typically is the value for the payload protocol, such
as TCP or UDP. However, in bundling scenarios or in IPv6 with destination
options, another header value could be seen.
In Bulk outbound operations, this field may be used for the host to specify
a fixed pad value. This happens only if the Fixed Pad option is selected in
the SA record for that packet (Command 0, bits 6 and 7). This field is don’t
care for Bulk inbound operations.
R/W
0x00
7:5
—
Reserved, must write 0b010.
R/W
000
4
HF
Hash Final. (This bit is applicable only to bulk hash operations and is not
required for IPsec protocol operations.) A ‘1’ indicates that the data pre-
sented includes the final data to be hashed, and thus after the last data is
read in, the PE should append the required hash pad and complete the
result digest.
R/W
0
3
NK
New Key ARC4. This bit is only applicable for Stateful Bulk ARC4 mode.
Setting this bit to a ‘1’ specifies that this is the first packet to be processed
with a new key. For bulk ARC4, the ‘Current Key’ is read from the SA
record and run-up prior to encrypting/decrypting data. When this bit is
cleared, the State information is read from the SA record to continue
encrypting/decrypting from the previous point.
R/W
0
2
LHD
Load SA Hash Digests. This bit is used to optimize the transfers of data
from the SA database and eliminate an unnecessary hash digest transfer
when not required. A ‘1’ indicates that this operation requires the hash
digests included in the SA database and therefore they must be copied
into the security engine.
R/W
0
Bits
Name
Description
R/W
Default