Cisco C3230-1W-49-K9 Hardware Guide - Page 41

Ethernet Bundling Controller EBC and Cipher Block Chaining CBC modes for both DES, Two-key K1

Get Cisco C3230-1W-49-K9 - 3230 WMIC Card Bundle Router PDF manuals and user guides View all Cisco C3230-1W-49-K9 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 41 highlights

Chapter 2 Cisco 3270 Rugged Router Card The EUs are: • Public Key Execution Unit (PKEU) supporting: - RSA and Diffie-Hellman - Programmable field size up to 2048 bits - Elliptical curve cryptography • Data Encryption Standard Execution Unit (DEU) - Data Encryption Standard (DES) - Triple Data Encryption Standard (3DES) - Two-key (K1, K2) or three-key (K1, K2, K3) - Ethernet Bundling Controller (EBC) and Cipher Block Chaining (CBC) modes for both DES and 3DES • Advanced Encryption Standard Unit (AESU) - Implements the Rinjdael symmetric key cipher - Key lengths of 128, 192, and 256 bits - ECB, CBC, CCM, and AES Counter Mode (a block cipher that encrypts 128-bit blocks of data at a time with a 128-bit encryption key) • ARC Four execution unit (AFEU) - A stream cipher compatible with the RC4 algorithm - 40- to 128-bit programmable key • Message Digest Execution Unit (MDEU) - Secure Hash Algorithm (SHA) with a 160-bit or 256-bit message digest - Message Digest 5 (MD5) with a 128-bit message digest - Hash-based Message Authentication Code (HMAC) with either algorithm • Random Number Generator (RNG) • Four crypto channels, each supporting multi command descriptor chains - Static or dynamic assignment of crypto-execution units through an integrated controller - Buffer size of 256 bytes for each EU, with flow control for large data sizes Caution Zeroization is a feature that erases all potentially sensitive information from the router. It is disabled by default on the router. When Zeroization is not configured on the router, the AUX port functions as a modem port or a terminal port. Zeroization is configured through the command-line interface (CLI), but it cannot be activated through the CLI. Zeroization is activated by actuating a custom switch connected to the GPIO pins or an actuator (such as a push button) that must be attached to the AUX port. There is no way for the router to reliably determine whether a device attached to the AUX port is an actuator. Therefore, any device attached to the AUX port could potentially trigger declassification. When declassification is enabled through the CLI, we recommend that you do not use the AUX port for any function other than declassification. OL-5816-10 Cisco 3200 Series Router Hardware Reference 2-5

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
2-5
Cisco 3200 Series Router Hardware Reference
OL-5816-10
Chapter 2
Cisco 3270 Rugged Router Card
The EUs are:
Public Key Execution Unit (PKEU) supporting:
RSA and Diffie-Hellman
Programmable field size up to 2048 bits
Elliptical curve cryptography
Data Encryption Standard Execution Unit (DEU)
Data Encryption Standard (DES)
Triple Data Encryption Standard (3DES)
Two-key (K1, K2) or three-key (K1, K2, K3)
Ethernet Bundling Controller (EBC) and Cipher Block Chaining (CBC) modes for both DES
and 3DES
Advanced Encryption Standard Unit (AESU)
Implements the Rinjdael symmetric key cipher
Key lengths of 128, 192, and 256 bits
ECB, CBC, CCM, and AES Counter Mode (a block cipher that encrypts 128-bit blocks of data
at a time with a 128-bit encryption key)
ARC Four execution unit (AFEU)
A stream cipher compatible with the RC4 algorithm
40- to 128-bit programmable key
Message Digest Execution Unit (MDEU)
Secure Hash Algorithm (SHA) with a 160-bit or 256-bit message digest
Message Digest 5 (MD5) with a 128-bit message digest
Hash-based Message Authentication Code (HMAC) with either algorithm
Random Number Generator (RNG)
Four crypto channels, each supporting multi command descriptor chains
Static or dynamic assignment of crypto-execution units through an integrated controller
Buffer size of 256 bytes for each EU, with flow control for large data sizes
Caution
Zeroization is a feature that erases all potentially sensitive information from the router. It is disabled by
default on the router. When Zeroization is not configured on the router, the AUX port functions as a
modem port or a terminal port.
Zeroization is
configured
through the command-line interface (CLI), but it cannot be
activated
through
the CLI. Zeroization is activated by actuating a custom switch connected to the GPIO pins or an actuator
(such as a push button) that must be attached to the AUX port.
There is no way for the router to reliably determine whether a device attached to the AUX port is an
actuator. Therefore, any device attached to the AUX port could potentially trigger declassification. When
declassification is enabled through the CLI, we recommend that you do not use the AUX port for any
function other than declassification.