Support User Manuals

Intel EP80579 Security Camera User Manual

Open as PDF

of 76

Security Software—Intel

®

QuickAssist Technology Cryptographic API Architecture Overview

Intel

®

EP80579 Software for Security Applications on Intel

®

QuickAssist Technology

PG August 2009

26 Order Number: 320183-004US

GCM

“Galois/Counter Mode (GCM) is a block cipher mode of operation that uses universal

hashing over a binary Galois field to provide authenticated encryption.” This is an

excerpt from the GCM specification which can be accessed at: http://www.nist.gov/

4.4.2 Key Generation

The Cryptographic API module provides TLS and SSL key generation operation along

with a Mask Generation Function (MGF).

TLS/SSL Generation: For both algorithms functions are provided for the generation of

the Master-Secret and Key Materials. These are optimized accelerations for use in SSL/

TLS key negotiation and generation applications.

MGF: Takes a seed of specified length and produces a generated mask, which is

pseudorandom, of the specified size.

4.4.3 Lookaside PKE Overview

This section gives a brief overview of Public Key algorithms and standards relevant for

EP80579 security software. The following is a list of Public key algorithms/standards:

• Diffie-Hellman (DH) Key Exchange – PKCS #3 v1.4

• RSA Cryptography Standard – PKCS #1 v2.1 and ANSI X9.31

• Digital Signature Algorithm (DSA) – FIPS-186-2

• GCD, Miller-Rabin, Lucas and Fermat primality testing (ANSI X9.80)

4.4.3.1 Diffie-Hellman Key Exchange

DH is used to create a “shared secret”, from which symmetric key information may be

derived. This Key can be used to encrypt subsequent communications using a

symmetric key cipher.

The protocol has two system parameters p and g. They are both public and may be

used by all the users in a system. Parameter p is a prime number and parameter g

(usually called a generator) is an integer less than p, with the following property: for

every number n between 1 and p-1 inclusive, there is a power k of g such that n = g

k

mod p.

The underlying mathematical principle is the identity: (g

a

mod p)

b

mod p = (g

b

mod p)

a

mod p. DH cryptographic strength is derived from the fact that logarithms are difficult

to do in a MODP group. A set of standard DH (MODP) groups are defined in RFC-2409

and RFC-3526. Modulus sizes range from 768 to 4096 bits.

There are two modes of Diffie-Hellman:

• Normal Diffie-Hellman: DH parameters are contained within a certificate, signed

by a certificate authority (CA).

• Ephemeral Diffie-Hellman: DH parameters are created “on the fly” by the

negotiating parties. These parameters are then signed using a DSS or RSA

certificate, which is itself signed by a CA.

previous next