Intel
®
EP80579 Software for Security Applications on Intel
®
QuickAssist Technology
August 2009 PG
Order Number: 320183-004US 25
Intel
®
QuickAssist Technology Cryptographic API Architecture Overview—Security Software
Note: A stream cipher operates on individual digits each one at a time.
(A)RC4
(A)RC4 generates a pseudorandom stream of bits (a “keystream”) which, for
encryption, is combined with the plaintext using XOR a decryption is performed the
same way. To generate the keystream, the cipher makes use of a secret internal state
which consists of two parts:
• A permutation of all 256 possible bytes (denoted "S" below)
• Two 8-bit index-pointers (denoted "i" and "j")
The permutation is initialized with a variable length key, typically between 40 and 256
bits, using the key-scheduling algorithm (KSA). Once this has been completed, the
stream of bits is generated using the Pseudo-Random Generation Algorithm (PRGA).
For as many iterations as are needed, the PRGA modifies the state and outputs a byte
of the keystream. In each iteration, the PRGA increments i, adds the value of S pointed
to by i to j, exchanges the values of S[i] and S[j], and then outputs the value of S at
the location S[i] + S[j] (modulo 256). Each value of S is swapped at least once every
256 iterations.
i := 0
j := 0
while GeneratingOutput:
i := (i + 1) mod 256
j := (j + S[i]) mod 256
swap(S[i],S[j])
output S[(S[i] + S[j]) mod 256]
NULL-ECB
The NULL cipher in ECB mode of operation simply produces the same plaintext as was
passed into the algorithm.
Hashing/MAC/HMAC
A hash operation takes arbitrary binary data as input and produces a fixed-sized binary
string as output called a hash or message digest. A cryptographic message
authentication code (MAC) is a short piece of information used to authenticate a
message. A MAC algorithm accepts as input a secret key and an arbitrary-length
message to be authenticated, and outputs a MAC. The MAC value protects both a
message's integrity as well as its authenticity, by allowing verifiers (who also possess
the secret key) to detect any changes to the message content. MAC functions are
similar to keyed hash functions.
MAC algorithms can be constructed from other cryptographic primitives, such as
cryptographic hash functions (as in the case of HMAC) or from block cipher algorithms
(CBC-MAC and XCBC-MAC).
CCM
By definition, CCM is CTR Encryption and CBC-MAC Authentication. So AES-CCM is AES-
CTR Encryption, AES-CBC-MAC Authentication. The valid key sizes for CTR mode are -
128/192/256 and for Authentication are 128 keys.