Manualsbrain.com
  1. Manuals
  2. Brands
  3. Intel
  4. EP80579
  5. User Manual

Intel EP80579 User Manual

Download
Page of 76
Intel
®
 EP80579 Software for Security Applications on Intel
®
 QuickAssist Technology
August 2009
PG
Order Number: 320183-004US
21
Intel
®
 QuickAssist Technology Cryptographic API Architecture Overview—Security Software
the operation is performed over the full packet in a single request. Partial-packet 
support is provided for Lookaside Cipher and Hash/Authentication commands only. 
Partial-packet support is not provided for any other commands. 
The authentication result is not available until after the “final” operation has completed. 
The user provided callback will be called in all the cases.
From a user’s perspective, partial packets allow the client to send data to be processed 
when they receive it instead of buffering up an entire message. For example, consider 
the scenario where a digest needs to be created across gigabytes of data which is being 
accessed over a network interface. Rather than copying the entire data set to the 
platform, then performing a hash operation across all of the data, the client application 
could optimize this process by transferring blocks which are optimal for the network 
interface, then sending these chunks to the Lookaside security service for processing as 
they are received. This results in higher performance as the acceleration is being 
utilized while the transfers are being processed.
4.2.1.4
Out-Of-Place Operation Support
An Out-of-Place operation is when the result of a symmetric operation is written to the 
destination buffer. The destination buffer is a different physical location than the source 
buffer.
Note:
In the current release, Out-of-Place operations are supported for full packets only.
4.2.1.5
Combined Cipher Hash Commands (Algorithm-Chaining)
Chained commands perform a cipher and a hash/authentication operation on the same 
input data. These commands are provided to allow more-optimal overall performance 
by minimizing the number of memory reads/writes for applications that require both 
cipher and hash/authentication operations on the same data. Only standard Cipher and 
Standard Hash/Authentication can be chained.
The algorithms mentioned in the 
 sections can be 
placed in any combination of one standard cipher and one standard hash / authenticate 
command. Combined Cipher and Hash Commands do not support partial packets.
When performing an authentication/hash prior to a cipher operation using the 
combined Cipher-Hash feature, the resultant MAC/digest produced by the 
authentication/hash cannot be included in the same cipher operation. The result of the 
authentication/hash operation will not be available for the cipher portion of the 
operation. This makes this feature unsuitable for SSL type authenticate-then-encrypt 
operations, where the MAC is included in the encryption.
4.2.1.6
Authenticated-Encryption Commands
Authenticated-Encryption commands perform chained cipher-and-authenticate 
operations. As in the case of other chained operations, these commands are provided 
to allow more-optimal overall performance by minimizing the number of memory 
reads/writes for applications that require both cipher and authentication operations on 
the same data.
The following Authenticated-Encryption algorithms are supported: 
• AES algorithm in Galois/Counter mode (GCM)
• AES algorithm in Counter with CBC-MAC mode (CCM)
No partial packet support is provided for authentication encryption commands.