Intel Software NetworkConnecting Developers. Building Community.

Intel® vPro™ Technology Virtual Seminar 2010

Getting to know Intel® Active Management Technology 6.0

Intel® Advanced Encryption Standard (AES) Instructions

AG Ramesh

Software Engineer

Software and Services Group

March 3, 2010

Software and Services Group

3

Advanced Encryption Standard (AES)

•US Standard for symmetric encryption (FIPS 197)

•Block Cipher with 128bit blocks

•Uses variable key lengths -128, 192 or 256 bits.

•Encryption/Decryption takes place in several rounds depending on key length

•Widely used in several networking, storage, content protection applications

Software and Services Group

4

Intel® AES Instructions (AES-NI) • New instructions available in all new 2010 Intel®

microarchitecture codename Westmere

> Provides hardware support for encryption and decryption of the AES functions resulting in faster performance

•AES-NI is faster than software-based AES implementations

>Ever faster memory & storage devices will require encryption engines to keep up as storage read/write speeds exceed encrypt/decrypt engines in software

>High data-rate intensive encryption of content such as very high resolution HD video requires a faster encryption engine than what s/w encryption engines can offer

•Improved protection against potential side-channel attacks to AES

−Key schedule generation & AES rounds are performed in h/w with AES-NI

−No look-up tables used, eliminates software side-channel attacks that rely on timing and cache side channel leakage of sensitive data

Faster, more secure AES engine for a wide variety of encryption applications

Software and Services Group

5

Application for AES-NI

Conditional Access of High

Definition Content

Voice-Over-IP

File Storage Encryption

Whole-disk encryption AES Engine

Internet Security & VPN

Software and Services Group

6

AES-NI Instructions

•Six new instructions to speedup AES

−4 instructions for AES encryption and decryption

>AESENC & AESDEC perform a round of encryption/decryption

>AESENCLAST, AESDECLASTperform last round of encryption/

−2 instructions for key generation

>AESIMC for key expansion (InvMixColumn Transformation)

>AESKEYGENASSIST for round key generation assist

•Significant speedup (at algorithm level)

−More than 3x in CBC(*) encrypt in serial mode

−More than 10x in parallel modes of operation

Software and Services Group

7

AES-NI Instructions

ShiftRows()SubBytes()

MixColumns()AddRoundKey()

ShiftRows()SubBytes()

AddRoundKey()

InvShiftRows()InvSubBytes()

InvMixColumns()AddRoundKey()

InvShiftRows()InvSubBytes()

AddRoundKey()

AESENCAESENCLAST

AESDECAESDECLAST

Also AESIMC, AESKEYGENASSIST

Single AES-NI instructions replace several lines of C/ASM code

Software and Services Group

8

Using AES-NI in applications

• You can take advantage of AES-NI using one of several ways

−Use Standard libraries already optimized for AES-NI

>Open SSL open source libraries (v 1.0, patch available for v0.9.8)

> Microsoft* Microsoft* Crypto Next Generation Libraries (CNG) for Windows* 7

> Intel® Integrated Performance Primitives (IPP) Crypto libraries (6.1) for Linux & Windows*

− Code directly in C/C++ using intrinsics or assembly

>Intel ® C/C++ compiler (v 11.1) for Linux and Windows*

>GCC (v 4.4 )

>Microsoft* Visual C++ 2008 SP1

* Other names and brands may be claimed as the property of others

Software and Services Group

9

Useful Links

•Intel ® Performance Primitives (IPP) web page -http://software.intel.com/en-us/intel-ipp/

•Whitepaper on AES-NI -http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set/

•Intel® C/C++ compiler -http://software.intel.com/en-us/intel-compilers/

•Sample code showing how to use AES-NI in C/C++ and asm code. (To be posted on Intel Software Network - http://software.intel.com/en-us/manageability/ )

•OpenSSL libraries - http://www.openssl.org/

Software and Services Group

10

Summary

•New AES-NI instructions introduced in 2010 Intel® Core™ processor family for accelerating the AES functionality of your applications

• In addition to improved performance, AES-NI also lowers the risk of side channel attacks

• AES-NI is supported by most widely used C/C++ compilers and crypto libraries making it easy to utilize it in your applications

Software and Services Group

11

Call to Action

•Learn more about the new AES-NI instructions and ways you can use it in your application

• Optimize the performance of your application using AES-NI

• If you have questions or feedback on AES-NI please visit the ISN Manageability Forums

Software and Services Group

12

Thank you for attending Intel® vPro™ Technology Virtual

Seminar 2010

Intel® Active Management Technology (Intel ® AMT) Developer Resources

−Intel Software Network Manageability Community: www.software.intel.com/en-us/manageability/

−ISN Manageability Forums: www.intel.com/software/manageability/forums

−ISN Manageability Blogs: www.intel.com/software/manageability/blogs

−Intel ® vPro™ Expert Center: www.communities.intel.com/community/openportit/vproexpert

−Intel Software Partner Program: www.intel.com/partner

Software and Services Group

13

Notices

• Copyright © 2010, Intel Corporation. All rights reserved.

• Intel®, Xeon® and Core Inside are trademarks of Intel Corporation in the U.S. and other countries.

• *Other names and brands may be claimed as the property of others

• Intel processor numbers are not a measure of performance. Processor numbers differentiate features within each processor family, not across different processor families. Go to: http://www.intel.com/products/processor%5Fnumber/

• Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate performance of Intel products as measured by those tests. Any difference in system hardware or software design or configuration may affect actual performance.Buyers should consult other sources of information to evaluate the performance of systems or components they are considering purchasing. For more information on performance tests and on the performance of Intel products, Go to: http://www.intel.com/performance/resources/benchmark_limitations.htm

• Results have been simulated and are provided for informational purposes only. Results were derived using simulations run on an architecture simulator or model. Any difference in system hardware or software design or configuration may affect actual performance.

• Results have been simulated and are provided for informational purposes only. Results were derived using simulations run on an architecture simulator or model. Any difference in system hardware or software design or configuration may affect actual performance.

• INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.

UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR.

Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined." Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information.

The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order.

Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or go to: http://www.intel.com/#/en_US_01