Skip to content

Latest commit

 

History

History

tofino-crypto

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
aes_1pipe
aes_1pipe
 
 
aes_2pipes
aes_2pipes
 
 
cmac_1pipe
cmac_1pipe
 
 
cmac_2pipes
cmac_2pipes
 
 
reference
reference
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile.inc
Makefile.inc
 
 
README.md
README.md
 
 

README.md

Cryptographic Algorithms for Tofino 2

AES-ECB-2Pipes and AES-ECB-1Pipes

Encrypt one or two 128-bit blocks with a 128-bit key using AES in ECB mode. The key is expanded dynamically in the data plane and can be different for every packet.

AES-CMAC-2Pipes and AES-CMAC-1Pipe

Calculate the AES-CMAC of one or two separate 128-bit data blocks and compare to an expected CMAC provided in the packet. If the CMACs do not match the expected values the packet is dropped, otherwise it is forwarded to a port read from the packet header. The AES key expansion and subkey derivation for AES-CMAC are handled by the control plane.

Contributors

  • Lars-Christian Schulz, NetSys Lab OvGU Magdeburg