Filter
Top Products
Intel
®
EP80579 Software for Security Applications on Intel
®
QuickAssist Technology
August 2009 PG
Order Number: 320183-004US 21
Intel
®
QuickAssist Technology Cryptographic API Architecture Overview—Security Software
the operation is performed over the full packet in a single request. Partial-packet
support is provided for Lookaside Cipher and Hash/Authentication commands only.
Partial-packet support is not provided for any other commands.
The authentication result is not available until after the “final” operation has completed.
The user provided callback will be called in all the cases.
From a user’s perspective, partial packets allow the client to send data to be processed
when they receive it instead of buffering up an entire message. For example, consider
the scenario where a digest needs to be created across gigabytes of data which is being
accessed over a network interface. Rather than copying the entire data set to the
platform, then performing a hash operation across all of the data, the client application
could optimize this process by transferring blocks which are optimal for the network
interface, then sending these chunks to the Lookaside security service for processing as
they are received. This results in higher performance as the acceleration is being
utilized while the transfers are being processed.
4.2.1.4 Out-Of-Place Operation Support
An Out-of-Place operation is when the result of a symmetric operation is written to the
destination buffer. The destination buffer is a different physical location than the source
buffer.
Note: In the current release, Out-of-Place operations are supported for full packets only.
4.2.1.5 Combined Cipher Hash Commands (Algorithm-Chaining)
Chained commands perform a cipher and a hash/authentication operation on the same
input data. These commands are provided to allow more-optimal overall performance
by minimizing the number of memory reads/writes for applications that require both
cipher and hash/authentication operations on the same data. Only standard Cipher and
Standard Hash/Authentication can be chained.
The algorithms mentioned in the Cipher and Hash/Authentication sections can be
placed in any combination of one standard cipher and one standard hash / authenticate
command. Combined Cipher and Hash Commands do not support partial packets.
When performing an authentication/hash prior to a cipher operation using the
combined Cipher-Hash feature, the resultant MAC/digest produced by the
authentication/hash cannot be included in the same cipher operation. The result of the
authentication/hash operation will not be available for the cipher portion of the
operation. This makes this feature unsuitable for SSL type authenticate-then-encrypt
operations, where the MAC is included in the encryption.
4.2.1.6 Authenticated-Encryption Commands
Authenticated-Encryption commands perform chained cipher-and-authenticate
operations. As in the case of other chained operations, these commands are provided
to allow more-optimal overall performance by minimizing the number of memory
reads/writes for applications that require both cipher and authentication operations on
the same data.
The following Authenticated-Encryption algorithms are supported:
• AES algorithm in Galois/Counter mode (GCM)
• AES algorithm in Counter with CBC-MAC mode (CCM)
No partial packet support is provided for authentication encryption commands.