Intel
®
EP80579 Software for Security Applications on Intel
®
QuickAssist Technology
August 2009 PG
Order Number: 320183-004US 23
Intel
®
QuickAssist Technology Cryptographic API Architecture Overview—Security Software
4.4 Lookaside Security Algorithms High Level Overview
The following sections provide a high level overview of the algorithms supported by the
Cryptographic API library. It details the algorithms and tries to pull out key details of
the computations. For the reader who wants to get further details or specifics, it is
recommended to reference the relevant RFC.
4.4.1 Lookaside Symmetric Overview
A block cipher is a symmetric key cipher that operates on fixed-length groups of bits,
termed blocks, with an unvarying transformation. When encrypting, a block cipher
might take a (for example) 128-bit block of plaintext as input, and output a
corresponding 128-bit block of ciphertext. The exact transformation is controlled using
a second input — the secret key. Decryption is similar; the decryption algorithm takes a
128-bit block of ciphertext together with the secret key, and yields the original 128-bit
block of plaintext.
To encrypt messages longer than the block size (128 bits in the above example), a
mode of operation is used.
The simplest of the encryption modes is the electronic codebook (ECB) mode, in
which the message is split into blocks and each is encrypted separately, as shown in
Figure 4. The disadvantage of this method is that identical plaintext blocks are
encrypted to identical cipher text blocks; it does not hide data patterns. Thus, in some
senses it doesn't provide message confidentiality at all, and is not recommended for
cryptographic protocols.
In cipher-block chaining (CBC) mode, each block of plaintext is XORed with the
previous ciphertext block before being encrypted, as shown in Figure 5. This way, each
ciphertext block is dependent on all plaintext blocks up to that point.
Figure 4. Electronic Codebook (ECB) Mode
Plaintext block [0]
(64/128 bits)
Encryption
Ciphertext block
[0]
(64/128 bits)
Key
(64 bits for DES
128, 192 and
256 bits for
AES)
Plaintext block [1]
(64/128 bits)
Encryption
Ciphertext block
[1]
(64/128 bits)
Key
(64 bits for DES
128, 192 and
256 bits for
AES)