Security Software—Using the Intel
®
QuickAssist Technology Cryptographic API
Intel
®
EP80579 Software for Security Applications on Intel
®
QuickAssist Technology
PG August 2009
74 Order Number: 320183-004US
2. Allocate memory for the operation
3. Populate the appropriate Large Number operation data structure, see the API
manual
• Fill in the Flat Buffers; pointer to data and length
4. Call the Large Number operation perform API
5. Completion of the operation, see Section 12.8.1
12.9 Using a Cryptographic Framework
Note: The EP80579 security software release package version 1.0.3 does not support
OpenBSD/FreeBSD Cryptographic Framework (OCF), OCF-Linux, or any open source
projects such as Openswan*, OpenSSL*, or Racoon*. If your application requires OCF,
you must use security software package version 1.0.2 which includes shim software to
enable OCF support.
A number of cryptographic frameworks exist within the industry and/or the open source
community. These frameworks typically provide software implementations of various
cryptographic operations, and allow vendors of cryptographic accelerators to “plug in”
their hardware-based implementation underneath. One such cryptographic framework
is the OpenBSD/FreeBSD Cryptographic Framework (OCF). OCF is a service
virtualization layer that facilitates asynchronous access to cryptographic hardware
accelerators. OCF-Linux is a port of this framework to Linux.
A driver has been created which enables the Lookaside Cryptographic features to be
accessed via OCF. See the [GET_STARTED_GD] for your operating system for more
detailed information.
For customers who already program to the OCF API, this “shim” offers a simple way to
utilize the Cryptographic API without changing application code. Programming against a
portable API such as OCF protects your software investment, allowing your application
to run on any processor supported by OCF, while still taking advantage of the lookaside
cryptographic acceleration services when running on Intel
®
EP80579 Integrated
Processor or future silicon supporting the Intel
®
QuickAssist Technology.
Further information on OCF-Linux can be found here: http://ocf-linux.sourceforge.net
12.10 Accelerating Cryptographic Protocols
Note: The EP80579 security software release package version 1.0.3 does not support
OpenBSD/FreeBSD Cryptographic Framework (OCF), OCF-Linux, or any open source
projects such as Openswan*, OpenSSL*, or Racoon*. If your application requires OCF,
you must use security software package version 1.0.2 which includes shim software to
enable OCF support.
Cryptographic protocols, such as IPSec/IKE or SSL, can consume significant computing
cycles executing cryptographic operations such as:
• encryption/decryption to ensure confidentiality
• message digests for authentication
• modular exponentiation for key exchange via public key cryptography
These operations can be very compute-intensive, so accelerating these by off-loading
the processing from the main processor core, can allow higher throughput or free up
cycles for other, higher-value applications.