Security Software—Using the Intel
®
QuickAssist Technology Cryptographic API
Intel
®
EP80579 Software for Security Applications on Intel
®
QuickAssist Technology
PG August 2009
68 Order Number: 320183-004US
Note: The session context memory must be available to the API for the duration of the
session. Other session memory may be freed once the session is initialized.
3. Populate the symmetric session setup data structure
a. Session priority (normal or high)
b. Symmetric operation (Cipher, Hash, Auth-Cipher, chained)
c. Operation setup data structure (Cipher and/or Hash)
d. Algorithm chaining order
4. Populate the operation setup data structure
•Cipher and/or Hash
• Refer to the API manual for full parameter details
5. Populate the symmetric session setup structure
6. Call the symmetric session initialize API
Now the session is initialized it can be used to perform symmetric operations.
12.8.2.2 Session Removal
When the session is no longer required it may be removed by calling the session
removal API.
After the session has been removed the memory allocated for the session context may
be freed.
12.8.2.3 Cipher, Hash, Nested and Authentication (Full Packet)
Sample code is provided for Cipher and Hash operations, see [SAMPLE_CODE] and the
API manual. The basic steps involved in performing an operation are detailed below. A
symmetric operation requires a session for that operation type to be initialized before
performing an operation.
1. Initialize a session, see Section 12.8.2.1
2. Allocate memory for the source and destination buffer lists
• For an in-place operation only one buffer list needs to be allocated
3. Allocate memory for the symmetric operation data
Cipher Only:
• Allocate memory for the Initialization Vector (IV)
— 8-byte aligned for optimal performance
4. Populate the appropriate symmetric operation data structure, see the API manual
5. Call the symmetric operation perform API one or more times
6. Completion of operation, see Section 12.8.1
7. Remove session, see Section 12.8.2.2
12.8.2.4 Partial Packet Variation (Cipher, Hash, Authentication)
The following partial packet variation applies to the full packet sequences described for
Cipher, Hash and Authentication (Section 12.8.2.3). Partial packets may be used in a
situation where a large packet was segmented on the network.
Change the following steps from full packet requests: