AES-NI: Hardware Encryption in your Processor

Not long ago, I had to sit through an Intel marketing presentation. Now, I like Intel. I’ve got at least 4 running Intel processors in my apartment. However, I dislike marketing presentations. And this one was a doozy. Had I known any missile launch codes or the location of the secret rebel base, I would have given them up 10 minutes into it. It was PowerPoint waterboarding.

You have my undivided attention. Not by choice.

There was one part of the presentation that did pique my interest: AES-NI. The marketing person giving the presentation didn’t know much about it, so I did some exploring and found an Intel engineer to get some more info. It’s actually quite awesome.

AES-NI is an instruction set added to newer Intel processors that accelerate certain symmetric cryptographic functions, particularly those related to AES. It’s been making its way incrementally into Intel’s processors (desktop, server, mobile).  Intel’s Xeon server processors got them in the 5600 series, however they were not in the 7600 series. The new E7 processors has it, including their new 10-core monster.

One of the earliest lines of processors to get AES-NI was Intel’s laptop processors, which is great for those that encrypt their hard drives. Mac OS X Lion uses the AES-NI extensions automatically if available for File Vault 2 (File Fault 1 in Snow Leopard doesn’t use it), as well as Windows 7’s BitLocker.  You can have Linux use AES-NI for file system encryption as well. The desktop processors are now starting to get AES-NI as well. It removes most of the performance penalty that you get with file system/disk encryption.  My i5-based MacBook Air has the entire hard drive encrypted, and with the AES-NI and the fact that it’s an SSD drive, the performance is amazing.

To see how much faster AES-NI operations are, I ran a quick and dirty test using OpenSSL on Ubuntu Server 11.04 with a i5-2300 processor. The built-in version had AES-NI support compiled into it, and I compiled a version that didn’t include the hooks. The command I ran was openssl speed -evp aes-128-cbc.

The trick is that the software must be told to use the AES-NI instruction set. You can check to see if OpenSSL has AES-NI support built-in by running the command openssl engine. It should list aesni.

openssl engine
(aesni) Intel AES-NI engine
(dynamic) Dynamic engine loading support

Note: That doesn’t mean that AES-NI is available in your processor. That’s a bit harder to determine. Check your CPU model number to see if it’s supported.

An important note, if you’re running VMware or other hypervisor, AES-NI does get passed down to the guest virtual machines. The tests above were done on an Ubuntu VM running inside of ESXi 5.0 (should work with other hypervisors too).

Another benefit is that since it’s in hardware, the algorithms can’t be tampered with. One possible vector would be to have a software library (such as OpenSSL) replaced with a rouge library, that compromises your encryption in some way.

Right now, no AMD processor has this feature (some old Via chips had something similar called Padlock), although the upcoming Bulldozer processors should get it, although I don’t know if it will be a compatible instruction set.

AES-NI is an relatively unknown enhancement, and it should be getting more attention.