Claims
- 1. A cryptography accelerator, comprising:
a plurality of cryptography processing engines; classification circuitry configured to receive header information associated with a packet and determine state and security association information associated with the packet, the state and security association information comprising a key, a sequence number, and a byte count, wherein the state and security association information is determined by identifying a flow to which the packet belongs; and packet distribution circuitry coupled to the plurality of cryptography processing engines and the classification circuitry, the packet distribution circuitry configured to receive data, state, and security association information associated with the packet and forward the data associated with the packet to one of the plurality of cryptography processing engines for cryptographic processing of the data.
- 2. The cryptography accelerator of claim 1, wherein the classification circuitry is further configured to determine whether the packet should be dropped.
- 3. The cryptography accelerator of claim 1, wherein the classification circuitry is further configured to determine whether the packet should be processed.
- 4. The cryptography accelerator of claim 1, wherein the byte count is used to determine how much more data associated with the flow can be processed using the state and security association information.
- 5. The cryptography accelerator of claim 1, wherein header information comprises source and destination identifiers.
- 6. The cryptography accelerator of claim 5, wherein header information further comprises source and destination port numbers.
- 7. The cryptography accelerator of claim 1, wherein the data associated with the packet forwarded to one of the plurality of cryptography processing engines is the payload of the packet.
- 8. The cryptography accelerator of claim 1, wherein the data associated with the packet forwarded to one of the plurality of cryptography processing engines is a portion of the packet.
- 9. A network device comprising the cryptography accelerator of claim 1.
- 10. A method for performing cryptography processing, comprising:
receiving header information associated with a packet at a classification engine in a cryptography accelerator; and determining state and security association information at the classification engine, the state and security association information comprising a key, a sequence number, and a byte count, wherein the state and security association information is determined by identifying a flow to which the packet belongs.
- 11. The method of claim 10, further comprising:
forwarding the state and security association information along with the data associated with the packet to a packet distribution unit.
- 12. The method of claim 11, wherein the packet distribution unit is coupled to a plurality of cryptography processing engines.
- 13. The method of claim 12, wherein the data associated with the packet is distributed to one of the plurality of cryptography processing engines.
- 14. The method of claim 10, wherein the classification engine determines whether the packet should be dropped.
- 15. The method of claim 10, wherein the classification engine determines whether the packet should be processed.
- 16. The method of claim 10, wherein the byte count is used to determine how much more data associated with the flow can be processed using the state and security association information.
- 17. The method of claim 10, wherein header information comprises source and destination identifiers.
- 18. The method of claim 17, wherein header information further comprises source and destination port numbers.
- 19. A cryptography accelerator, comprising:
means for receiving header information associated with a packet at a classification engine in a cryptography accelerator; and means for determining state and security association information at the classification engine, the state and security association information comprising a key, a sequence number, and a byte count, wherein the state and security association information is determined by identifying a flow to which the packet belongs.
- 20. The cryptography accelerator of claim 19, further comprising:
means for forwarding the state and security association information along with the data associated with the packet to a packet distribution unit.
- 21. A computer readable medium comprising microcode for configuring an integrated circuit, the computer readable medium comprising:
microcode for receiving header information associated with a packet at a classification engine in a cryptography accelerator; and microcode for determining state and security association information at the classification engine, the state and security association information comprising a key, a sequence number, and a byte count, wherein the state and security association information is determined by identifying a flow to which the packet belongs.
- 22. The computer readable medium of claim 21, further comprising:
microcode for forwarding the state and security association information along with the data associated with the packet to a packet distribution unit.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application claims priority from U.S. patent application Ser. No. 09/610,722 entitled CLASSIFICATION ENGINE IN A CRYPTOGRAPHY ACCELERATION CHIP, filed on Jul. 6, 2000; U.S. Provisional Application No. 60/142,870, entitled NETWORKING SECURITY CHIP ARCHITECTURE AND IMPLEMENTATIONS FOR CRYPTOGRAPHY ACCELERATION, filed Jul. 8, 1999; and U.S. Provisional Application No. 60/159,012, entitled UBIQUITOUS BROADBAND SECURITY CHIP, filed Oct. 12, 1999, the disclosures of which are herein incorporated by reference herein for all purposes.
[0002] This application is related to concurrently filed U.S. application Ser. No. ______ (Atty. Docket No. BRCMP003C1), entitled DISTRIBUTED PROCESSING IN A CRYPTOGRAPHY ACCELERATION CHIP, the disclosure of which is incorporated by reference herein for all purposes.
Provisional Applications (2)
|
Number |
Date |
Country |
|
60142870 |
Jul 1999 |
US |
|
60159011 |
Oct 1999 |
US |
Continuations (1)
|
Number |
Date |
Country |
Parent |
09610722 |
Jul 2000 |
US |
Child |
10218206 |
Aug 2002 |
US |