What Hardware Should I Use?

What is the easiest way to use AES-NI hardware encryption in application code on a Linux or BSD system?

  • If I look at OpenSSL, I see that there are aesni_xts_encrypt () and aesni_set_encrypt_key () methods, although those may be internal methods.  Also I write code that uses AES_bi_ige_encrypt () (which is a different mode, I know, but it shows that I can do that in just five lines of setup), but similar code that uses the aesni_* methods results in a failed comparison between the original input and the verified output (after decryption).  This is being run on a (Linux) host that definitely has hardware support for AES-NI.  And I'd like to note that at the application level, OpenSSL itself is able to use AES-NI just fine. It's just that using OpenSSL to do AES-NI may require the use of engine/EVP or more high-level commands.  An example consumer of OpenSSL - that is, OpenVPN - has code that interfaces with OpenSSL and it presumably does AES-NI, but it requires two thousand lines of code to do that.  So I'm looking for the most succinct example that works.  As a second priority I'd like to find code that behaves the same even when hardware encryption is not available. Is there another application or library that makes use of AES-NI?  I looked into crypto++ but the documentation on using it and AES-NI is unclear to me.  As to the reason the aesni_xts_encrypt () and decrypt pair are not working for me, it may be that they're not meant to be called internally, and that some other internal key setup routine needs to be run in order for them to work.  Or it may be that the hardware is not set up properly to do the encryption through that method and aesni_set_encrypt_key () - some further assembler commands might be needed.  If I can find at least one example of any application or library that successfully uses AES-NI where the integration effort is minimal, then this would be a great step forward.  But as mentioned, OpenVPN's use of that code still requires a big file of integration.  And the core of what I'd like to do (take an input buffer and one or more keys and encrypt with AES-NI to an output buffer - optionally with an encryption mode like XTS) is very succinctly stated (it can be assumed that I can provide input in multiples of a certain number of bytes so I don't need padding or unnecessary steps). Any ideas would be appreciated.  AES-NI is clearly a performance win but seems hard to find a succinct use case.

  • Answer:

    If you want a library that works then you might want to check out Intel IPP. I haven't used AES-NI in openssl yet and I presume it is fairly new (>1 and up). I don't think the code of your application should change. The designers of OpenSSL likely provided a nice abstraction layer for this. Did you setup your openssl.cnf to use aes-ni engine? If not try it out when building your application.

William Emmanuel Yu at Quora Visit the source

Was this solution helpful to you?

Other answers

As of early 2015, the easiest way to use hardware acceleration is by using 's high level crypto library, EVP. More info at: https://www.openssl.org/docs/crypto/evp.html This is a quote from the http://EVP%20page%20for%20AES%20256%20GCM: NOTESWhere possible the EVP interface to symmetric ciphers should be used in preference to the low level interfaces. This is because the code then becomes transparent to the cipher used and much more flexible. Additionally, the EVP interface will ensure the use of platform specific cryptographic acceleration such as AES-NI (the low level interfaces do not provide the guarantee). Regarding the details of your question, without knowing the details of your encryption code and parameters it is hard to know for sure. But the first thing that comes to mind when a round trip through encryption/decryption fails is the padding. Find out for sure whether the mode you are using requires padding, and make sure you use it exactly as required. Obviously, you will need to do the reverse thing after decryption, so you can compare the decrypted, un-padded plaintext to the original one. Usually OpenSSL does the whole thing for you, but it might be worth checking to see if that is the source of the discrepancy. If the decryption process is failing without any output, though, your problem is most likely in the encryption step.

Fernando Montenegro

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.