- Internal Ghash subkey (H) generation
- On-the-fly key expansion (key expansion algorithm is done internally)
- Replay protection (checking packet numbers at the receiver to detect
unauthorized access):
- MACsec window size between 0 (strict ordering) and 230-1
- IPsec window sizes of 1 (strict ordering) to 128
- Built-in logic to support Cryptographic Algorithm Validation Program (CAVP):
- AES Algorithm Validation Suite (AESAVS)
- GCM/GMAC/XPN Validation Suite (GCMVS)
- Per channel reset in channelized mode
- Key zeroization after power-on and through management:
- Zeroization of stored keys
- Value of zero is considered as an uninitialized key
- CRC32 digest to validate key writes
- Bypass mode to forward unmodified packets to the output
- 32-bit user spare information carried through both the encryption and decryption
datapaths