Name |
Date |
Size |
#Lines |
LOC |
||
|---|---|---|---|---|---|---|
| .. | - | - | ||||
| lib/include/ | H | - | - | 8,085 | 7,127 | |
| LICENSE | H A D | 15-Apr-2024 | 1.5 KiB | 25 | 21 | |
| README.md | H A D | 15-Apr-2024 | 30.7 KiB | 597 | 513 |
README.md
1 2 3 4[](https://scan.coverity.com/projects/intel-ipsec-mb) 5 6# Intel(R) Multi-Buffer Crypto for IPsec Library 7 8The library provides software crypto acceleration primarily targeting packet processing 9applications. It can be used for application such as: IPsec, TLS, Wireless (RAN), Cable or MPEG DRM. 10 11The library is hosted on [GitHub](https://github.com/intel/intel-ipsec-mb) and is used as software crypto 12provider in [DPDK](https://www.dpdk.org/), [Intel(R) QAT Engine](https://github.com/intel/QAT_Engine) 13and [FD.io](https://fd.io/). 14 15Using crypto interfaces from the above frameworks gives freedom to change providers 16without subsequent application modifications. The library can also be used directly 17through its native API. 18 19Key differentiating features: 20 21- operation chaining (encryption and authentication) 22- advanced cryptographic pipelining 23 - job manager with scheduling and dispatching functions 24 - API hides underlying implementation details from an application 25- multi-buffer and function stitching innovations 26- low level implementations using latest instruction extensions 27 28## Contents 29 301. Overview 312. Processor Extensions 323. Recommendations 334. Package Content 345. Documentation 356. Compilation 367. Installation 378. Security Considerations & Options for Increased Security 389. Backwards compatibility 3910. Disclaimer (ZUC, KASUMI, SNOW3G) 4011. Legal Disclaimer 4112. FIPS Compliance 4213. DLL Injection 43 44## 1. Overview 45 46Intel Multi-Buffer Crypto for IPsec Library is highly-optimized software 47implementations of the core cryptographic processing for IPsec, 48which provides industry-leading performance on a range of Intel(R) Processors. 49 50For information on how the library works, see the Intel White Paper: 51["Fast Multi-buffer IPsec Implementations on Intel Architecture Processors". Jim Guilford, Sean Gulley, et. al.](https://github.com/intel/intel-ipsec-mb/wiki/doc/fast-multi-buffer-ipsec-implementations-ia-processors-paper.pdf) 52 53Table 1. List of supported cipher algorithms and their implementations. 54``` 55+----------------------------------------------------------------------+ 56| | Implementation | 57| Encryption +-----------------------------------------------------| 58| | x86_64 | SSE | AVX | AVX2 | AVX512 | VAES(5)| 59|----------------+--------+--------+--------+--------+--------+--------| 60| AES128-GCM | N | Y by8 | N | Y(10) | Y by8 | Y by32 | 61| AES192-GCM | N | Y by8 | N | Y(10) | Y by8 | Y by32 | 62| AES256-GCM | N | Y by8 | N | Y(10) | Y by8 | Y by32 | 63| AES128-CCM | N | Y by8 | Y by8 | N | N | Y by16 | 64| AES256-CCM | N | Y by8 | Y by8 | N | N | Y by16 | 65| AES128-CBC | N | Y(1) | Y(3) | N | N | Y(6) | 66| AES192-CBC | N | Y(1) | Y(3) | N | N | Y(6) | 67| AES256-CBC | N | Y(1) | Y(3) | N | N | Y(6) | 68| AES128-CTR | N | Y by8 | Y by8 | Y(10) | N | Y by16 | 69| AES192-CTR | N | Y by8 | Y by8 | Y(10) | N | Y by16 | 70| AES256-CTR | N | Y by8 | Y by8 | Y(10) | N | Y by16 | 71| AES128-ECB | N | Y(1) | Y by8 | Y(10) | N | Y by16 | 72| AES192-ECB | N | Y(1) | Y by8 | Y(10) | N | Y by16 | 73| AES256-ECB | N | Y(1) | Y by8 | Y(10) | N | Y by16 | 74| NULL | Y | N | N | N | N | N | 75| AES128-DOCSIS | N | Y(2) | Y(4) | N | Y(7) | Y(8) | 76| AES256-DOCSIS | N | Y(2) | Y(4) | N | Y(7) | Y(8) | 77| DES-DOCSIS | Y | N | N | N | Y x16 | N | 78| 3DES | Y | N | N | N | Y x16 | N | 79| DES | Y | N | N | N | Y x16 | N | 80| KASUMI-F8 | Y | N | N | N | N | N | 81| ZUC-EEA3 | N | Y x4 | Y x4 | Y x8 | Y x16 | Y x16 | 82| ZUC-EEA3-256 | N | Y x4 | Y x4 | Y x8 | Y x16 | Y x16 | 83| SNOW3G-UEA2 | N | Y x4 | Y | Y | Y x16 | Y x16 | 84| AES128-CBCS(9) | N | Y(1) | Y(3) | N | N | Y(6) | 85| Chacha20 | N | Y | Y | Y | Y | N | 86| Chacha20 AEAD | N | Y | Y | Y | Y | N | 87| SNOW-V | N | Y | Y | N | N | N | 88| SNOW-V AEAD | N | Y | Y | N | N | N | 89| PON-CRC-BIP | N | Y by8 | Y by8 | N | N | Y | 90| SM4-ECB | N | Y | N | N | N | N | 91| SM4-CBC | N | Y | N | N | N | N | 92+----------------------------------------------------------------------+ 93``` 94Notes: 95(1,2) - By default, decryption is by4 and encryption is x4. 96 On CPU's supporting GFNI, decryption is by8 and encryption is x8. 97(3,4) - decryption is by8 and encryption is x8 98(5) - AVX512 plus VAES, VPCLMULQDQ and GFNI extensions 99(6) - decryption is by16 and encryption is x16 100(7) - same as AES128-CBC for AVX, combines cipher and CRC32 101(8) - decryption is by16 and encryption is x16 102(9) - currently 1:9 crypt:skip pattern supported 103(10) - by default, decryption and encryption are AVX by8. 104 On CPUs supporting VAES, decryption and encryption might use AVX2-VAES by16, 105 if beneficial. 106 107Legend: 108` byY` - single buffer Y blocks at a time 109` xY` - Y buffers at a time 110 111As an example of how to read table 1 and 2, if one uses AVX512 interface 112to perform AES128-CBC encryption then there is no native AVX512 113implementation for this cipher. In such case, the library uses best 114available implementation which is AVX for AES128-CBC. 115 116 117Table 2. List of supported integrity algorithms and their implementations. 118``` 119+-------------------------------------------------------------------------+ 120| | Implementation | 121| Integrity +-----------------------------------------------------| 122| | x86_64 | SSE | AVX | AVX2 | AVX512 | VAES(3)| 123|-------------------+--------+--------+--------+--------+--------+--------| 124| AES-XCBC-96 | N | Y x4 | Y x8 | N | N | Y x16 | 125| HMAC-MD5-96 | Y(1) | Y x4x2 | Y x4x2 | Y x8x2 | N | N | 126| HMAC-SHA1-96 | N | Y(2)x4 | Y(2)x4 | Y(2)x8 | Y x16 | N | 127| HMAC-SHA2-224_112 | N | Y(2)x4 | Y(2)x4 | Y(2)x8 | Y x16 | N | 128| HMAC-SHA2-256_128 | N | Y(2)x4 | Y(2)x4 | Y(2)x8 | Y x16 | N | 129| HMAC-SHA2-384_192 | N | Y x2 | Y x2 | Y x4 | Y x8 | N | 130| HMAC-SHA2-512_256 | N | Y x2 | Y x2 | Y x4 | Y x8 | N | 131| SHA1 | N | Y(2)x4 | Y(2)x4 | Y(2)x8 | Y x16 | N | 132| SHA2-224 | N | Y(2)x4 | Y(2)x4 | Y(2)x8 | Y x16 | N | 133| SHA2-256 | N | Y(2)x4 | Y(2)x4 | Y(2)x8 | Y x16 | N | 134| SHA2-384 | N | Y x2 | Y x2 | Y x4 | Y x8 | N | 135| SHA2-512 | N | Y x2 | Y x2 | Y x4 | Y x8 | N | 136| AES128-GMAC | N | Y by8 | N | Y by8 | Y by8 | Y by32 | 137| AES192-GMAC | N | Y by8 | N | Y by8 | Y by8 | Y by32 | 138| AES256-GMAC | N | Y by8 | N | Y by8 | Y by8 | Y by32 | 139| NULL | Y | N | N | N | N | N | 140| AES128-CCM | N | Y(5)x4 | Y x8 | N | N | Y x16 | 141| AES256-CCM | N | Y(5)x4 | Y x8 | N | N | Y x16 | 142| AES128-CMAC-96 | Y | Y(5)x4 | Y x8 | N | N | Y x16 | 143| AES256-CMAC-96 | Y | Y(5)x4 | Y x8 | N | N | Y x16 | 144| KASUMI-F9 | Y | N | N | N | N | N | 145| ZUC-EIA3 | N | Y x4 | Y x4 | Y x8 | Y x16 | Y x16 | 146| ZUC-EIA3-256 | N | Y x4 | Y x4 | Y x8 | Y x16 | Y x16 | 147| SNOW3G-UIA2(8) | N | Y by4 | Y by4 | N | Y by32 | Y by32 | 148| DOCSIS-CRC32(4) | N | Y | Y | N | Y | Y | 149| HEC | N | Y | Y | N | N | N | 150| POLY1305 | Y | N | N | Y(9) | Y | Y | 151| POLY1305 AEAD | Y | N | N | Y(9) | Y | Y | 152| SNOW-V AEAD | N | Y by8 | Y by8 | Y by8 | Y by8 | Y by32 | 153| GHASH | N | Y by8 | N | Y by8 | Y by8 | Y by32 | 154| CRC(6) | N | Y by8 | Y by8 | N | N | Y by16 | 155| PON-CRC-BIP(7) | N | Y | Y | N | N | Y | 156| SM3 | Y | N | N | N | N | N | 157| HMAC-SM3 | Y | N | N | N | N | N | 158+-------------------------------------------------------------------------+ 159``` 160Notes: 161(1) - MD5 over one block implemented in C 162(2) - Implementation using SHANI extensions is x2 163(3) - AVX512 plus VAES, VPCLMULQDQ, GFNI and IFMA extensions 164(4) - used only with AES256-DOCSIS and AES128-DOCSIS ciphers 165(5) - x8 on selected CPU's supporting GFNI 166(6) - Supported CRC types: 167 - CRC32: Ethernet FCS, SCTP, WIMAX OFDMA 168 - CRC24: LTE A, LTE B 169 - CRC16: X25, FP data 170 - CRC11: FP header 171 - CRC10: IUUP data 172 - CRC8: WIMAX OFDMA HCS 173 - CRC7: FP header 174 - CRC6: IUUP header 175(7) - used only with PON-AES128-CTR cipher 176(8) - x4/x16 for init keystream generation, then by4/by32 177(9) - Only if AVX-IFMA instructions are supported 178 179Legend: 180` byY`- single buffer Y blocks at a time 181` xY`- Y buffers at a time 182 183Table 3. Encryption and integrity algorithm combinations 184``` 185+---------------------------------------------------------------------+ 186| Encryption | Allowed Integrity Algorithms | 187|---------------+-----------------------------------------------------| 188| AES128-GCM | AES128-GMAC | 189|---------------+-----------------------------------------------------| 190| AES192-GCM | AES192-GMAC | 191|---------------+-----------------------------------------------------| 192| AES256-GCM | AES256-GMAC | 193|---------------+-----------------------------------------------------| 194| AES128-CCM | AES128-CCM | 195|---------------+-----------------------------------------------------| 196| AES256-CCM | AES256-CCM | 197|---------------+-----------------------------------------------------| 198| AES128-CBC, | AES-XCBC-96, | 199| AES192-CBC, | HMAC-SHA1-96, HMAC-SHA2-224_112, HMAC-SHA2-256_128, | 200| AES256-CBC, | HMAC-SHA2-384_192, HMAC-SHA2-512_256, | 201| AES128-CTR, | AES128-CMAC-96, | 202| AES192-CTR, | NULL, | 203| AES256-CTR, | KASUMI-F9, | 204| AES128-ECB, | ZUC-EIA3, ZUC-EIA3-256, | 205| AES192-ECB, | SNOW3G-UIA3, | 206| AES256-ECB, | POLY1305, | 207| NULL, | AES128-GMAC, AES192-GMAC, AES256-GMAC, GHASH, | 208| AES128-DOCSIS,| SM3, HMAC-SM3 | 209| AES256-DOCSIS,| | 210| DES-DOCSIS, | | 211| 3DES, | | 212| DES, | | 213| Chacha20, | | 214| KASUMI-F8, | | 215| ZUC-EEA3, | | 216| ZUC-EEA3-256, | | 217| SNOW3G-UEA3 | | 218| SNOW-V | | 219| SM4-ECB | | 220| SM4-CBC | | 221|---------------+-----------------------------------------------------| 222| AES128-DOCSIS,| DOCSIS-CRC32 | 223| AES256-DOCSIS | | 224|---------------+-----------------------------------------------------| 225| PON-AES128-CTR| PON-CRC-BIP | 226|---------------+-----------------------------------------------------| 227| CHACHA20 AEAD | POLY1305 AEAD | 228+---------------+-----------------------------------------------------+ 229| SNOW-V AEAD | SNOW-V AEAD (GHASH) | 230+---------------+-----------------------------------------------------+ 231``` 232 233## 2. Processor Extensions 234 235Table 4. Processor extensions used in the library 236``` 237+-------------------------------------------------------------------------+ 238| Algorithm | Interface | Extensions | 239|-------------------+-----------+-----------------------------------------| 240| HMAC-SHA1-96, | AVX512 | AVX512F, AVX512BW, AVX512VL | 241| HMAC-SHA2-224_112,| | | 242| HMAC-SHA2-256_128,| | | 243| HMAC-SHA2-384_192,| | | 244| HMAC-SHA2-512_256 | | | 245|-------------------+-----------+-----------------------------------------| 246| DES, 3DES, | AVX512 | AVX512F, AVX512BW | 247| DOCSIS-DES | | | 248|-------------------+-----------+-----------------------------------------| 249| HMAC-SHA1-96, | SSE | SHANI | 250| HMAC-SHA2-224_112,| | - presence is autodetected and library | 251| HMAC-SHA2-256_128,| | falls back to SSE implementation | 252| HMAC-SHA2-384_192,| | if not present | 253| HMAC-SHA2-512_256 | | | 254+-------------------+-----------+-----------------------------------------+ 255``` 256 257## 3. Recommendations 258 259Legacy or to be avoided algorithms listed in the table below are implemented 260in the library in order to support legacy applications. Please use corresponding 261alternative algorithms instead. 262``` 263+--------------------------------------------------------------+ 264| # | Algorithm | Recommendation | Alternative | 265|---+---------------------+----------------+-------------------| 266| 1 | DES encryption | Avoid | AES encryption | 267|---+---------------------+----------------+-------------------| 268| 2 | 3DES encryption | Avoid | AES encryption | 269|---+---------------------+----------------+-------------------| 270| 3 | HMAC-MD5 integrity | Legacy | HMAC-SHA256 | 271|---+---------------------+----------------+-------------------| 272| 4 | AES-ECB encryption | Avoid | AES-CBC, AES-CNTR | 273|---+---------------------+----------------+-------------------| 274| 3 | HMAC-SHA1 integrity | Avoid | HMAC-SHA256 | 275+--------------------------------------------------------------+ 276``` 277Intel(R) Multi-Buffer Crypto for IPsec Library depends on C library and 278it is recommended to use its latest version. 279 280Applications using the Intel(R) Multi-Buffer Crypto for IPsec Library rely on 281Operating System to provide process isolation. 282As the result, it is recommended to use latest Operating System patches and 283security updates. 284 285## 4. Package Content 286 287- test - Library test applications 288- perf - Library performance application 289- lib - Library source files 290- lib/x86_64 - Non-SIMD routines 291- lib/sse_* - Intel(R) SSE optimized routines 292- lib/avx_* - Intel(R) AVX optimized routines 293- lib/avx2_* - Intel(R) AVX2 optimized routines 294- lib/avx512_* - Intel(R) AVX512 optimized routines 295- lib/no-aesni - Non-AESNI accelerated routines 296 297**Note:** 298There is just one branch used in the project. All development is done on the main branch. 299Code taken from the tip of the main branch should not be considered fit for production. 300 301Refer to the releases tab for stable code versions: 302https://github.com/intel/intel-ipsec-mb/releases 303 304## 5. Documentation 305 306Full documentation can be found at: https://intel.github.io/intel-ipsec-mb 307 308To generate documentation locally, run: 309`> make doxy` 310 311## 6. Compilation 312 313Refer to the compilation section of the [INSTALL](https://github.com/intel/intel-ipsec-mb/blob/main/INSTALL.md#compilation) file for instructions. 314 315## 7. Installation 316 317Refer to the installation section of the [INSTALL](https://github.com/intel/intel-ipsec-mb/blob/main/INSTALL.md#installation) file for instructions. 318 319## 8. Security Considerations & Options for Increased Security 320 321Refer to the [SECURITY](https://github.com/intel/intel-ipsec-mb/blob/main/SECURITY.md#security-considerations--options-for-increased-security) file for security related information. 322 323## 9. Backwards compatibility 324 325In version 1.4, backward compile time symbol compatibility with 326library version 0.53 has been removed. 327 328Applications are encouraged to use new symbol names introduced in version 0.54. 329 330If required, compatibility symbol mapping can be implemented in the application. 331See compatibility symbol mapping in v1.3 header file: 332https://github.com/intel/intel-ipsec-mb/blob/v1.3/lib/intel-ipsec-mb.h#L246 333 334## 10. Disclaimer (ZUC, KASUMI, SNOW3G) 335 336Please note that cryptographic material, such as ciphering algorithms, may be 337subject to national regulations. What is more, use of some algorithms in 338real networks and production equipment can be subject to agreement or 339licensing by the GSMA and/or the ETSI. 340 341For more details please see: 342- GSMA https://www.gsma.com/security/security-algorithms/ 343- ETSI https://www.etsi.org/security-algorithms-and-codes/cellular-algorithm-licences 344 345## 11. Legal Disclaimer 346 347THIS SOFTWARE IS PROVIDED BY INTEL"AS IS". NO LICENSE, EXPRESS OR 348IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS 349ARE GRANTED THROUGH USE. EXCEPT AS PROVIDED IN INTEL'S TERMS AND 350CONDITIONS OF SALE, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL 351DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR 352USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO 353FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT 354OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. 355 356## 12. FIPS Compliance 357 358The library does not fulfill technical requirements to achieve Cryptographic Module (CMVP) certification as a standalone component. It is fit for Cryptographic Algorithm validation and certification (CAVP) and it can be part of CMVP as one of the components. 359 360### CAVP 361 362ACVP test application located in `test` directory is to support CAVP process. It implements validation of the following algorithms: 363- AES-GCM 364- AES-GMAC 365- AES-CCM 366- AES-CBC 367- AES-EBC 368- TDES-EDE-CBC 369- AES-CTR 370- AES-CMAC 371- SHA1 (SHA-1) 372- SHA224 (SHA2-224) 373- SHA256 (SHA2-256) 374- SHA384 (SHA2-384) 375- SHA512 (SHA2-512) 376- HMAC-SHA1 (HMAC-SHA-1) 377- HMAC-SHA224 (HMAC-SHA2-224) 378- HMAC-SHA256 (HMAC-SHA2-256) 379- HMAC-SHA384 (HMAC-SHA2-384) 380- HMAC-SHA512 (HMAC-SHA2-512) 381 382Note: the acvp-app requires libacvp 2.0+ to be built. 383 384### CAVP Algorithm Parameters 385 386**Note:** all sizes in bits 387``` 388+--------------------------------------------------------------------------------------------+ 389| Algorithm | Standard | Parameters | 390|---------------------+-----------+----------------------------------------------------------| 391| AES-GCM | SP800-38D | Key size: 128, 192, 256 | 392| | | Direction: encrypt and decrypt | 393| | | ivLen: [min = 8, max = 1024, increment 8] | 394| | | tagLen: 32, 64, 96, 104, 112, 120, 128 | 395| | | payloadLen: [min = 0, max = 65536, increment = 8] | 396| | | aadLen: [min = 0, max = 65536, increment = 8] | 397|---------------------+-----------+----------------------------------------------------------| 398| AES-CBC | SP800-38A | Key size: 128, 192, 256 | 399| | | Direction: encrypt and decrypt | 400|---------------------+-----------+----------------------------------------------------------| 401| AES-CTR | SP800-38A | Key size: 128, 192, 256 | 402| | | Direction: encrypt and decrypt | 403| | | payloadLen: [min = 8, max = 128, increment = 8] | 404|---------------------+-----------+----------------------------------------------------------| 405| AES-ECB | SP800-38A | Key size: 128, 192, 256 | 406| | | Direction: encrypt and decrypt | 407|---------------------+-----------+----------------------------------------------------------| 408| TDES-EDE-CBC | SP800-38A | Key size: 192 | 409| | | Direction: encrypt and decrypt | 410|---------------------+-----------+----------------------------------------------------------| 411| SHA1 (SHA-1) | FIPS180-4 | messageLength: [min = 0, max = 65528, increment = 8] | 412|---------------------+-----------+----------------------------------------------------------| 413| SHA224 (SHA2-224) | FIPS180-4 | messageLength: [min = 0, max = 65528, increment = 8] | 414|---------------------+-----------+----------------------------------------------------------| 415| SHA256 (SHA2-256) | FIPS180-4 | messageLength: [min = 0, max = 65528, increment = 8] | 416|---------------------+-----------+----------------------------------------------------------| 417| SHA384 (SHA2-384) | FIPS180-4 | messageLength: [min = 0, max = 65528, increment = 8] | 418|---------------------+-----------+----------------------------------------------------------| 419| SHA512 (SHA2-512) | FIPS180-4 | messageLength: [min = 0, max = 65528, increment = 8] | 420|---------------------+-----------+----------------------------------------------------------| 421| AES-CCM | SP800-38C | Key size: 128, 256 | 422| | | Direction: encrypt and decrypt | 423| | | ivLen: [min = 56, max = 104, increment 8] | 424| | | tagLen: 32, 48, 64, 80, 96, 112, 128 | 425| | | payloadLen: [min = 0, max = 256, increment = 8] | 426| | | aadLen: [min = 0, max = 368, increment = 8] | 427|---------------------+-----------+----------------------------------------------------------| 428| AES-GMAC | SP800-38B | Key size: 128, 192, 256 | 429| | | ivLen: [min = 8, max = 1024, increment 8] | 430| | | tagLen: 32, 64, 96, 104, 112, 120, 128 | 431| | | aadLen: [min = 0, max = 65536, increment = 8] | 432|---------------------+-----------+----------------------------------------------------------| 433| AES-CMAC | SP800-38B | Key size: 128, 256 | 434| | | msgLen: [min = 8, max = 65528, increment 8] | 435| | | macLen: [min = 8, max = 128, increment = 8] | 436|---------------------+-----------+----------------------------------------------------------| 437| HMAC-SHA1 | FIPS198-1 | keyLen: [min = 8, max = 524288, increment = 8] | 438| (HMAC-SHA-1) | | macLen: [min = 32, max = 160, increment = 8] | 439|---------------------+-----------+----------------------------------------------------------| 440| HMAC-SHA224 | FIPS198-1 | keyLen: [min = 8, max = 524288, increment = 8] | 441| (HMAC-SHA2-224) | | macLen: [min = 32, max = 224, increment = 8] | 442|---------------------+-----------+----------------------------------------------------------| 443| HMAC-SHA256 | FIPS198-1 | keyLen: [min = 8, max = 524288, increment = 8] | 444| (HMAC-SHA2-256) | | macLen: [min = 32, max = 256, increment = 8] | 445|---------------------+-----------+----------------------------------------------------------| 446| HMAC-SHA384 | FIPS198-1 | keyLen: [min = 8, max = 524288, increment = 8] | 447| (HMAC-SHA2-384) | | macLen: [min = 32, max = 384, increment = 8] | 448|---------------------+-----------+----------------------------------------------------------| 449| HMAC-SHA512 | FIPS198-1 | keyLen: [min = 8, max = 524288, increment = 8] | 450| (HMAC-SHA2-512) | | macLen: [min = 32, max = 512, increment = 8] | 451+--------------------------------------------------------------------------------------------+ 452``` 453### Self-Test 454 455In order to support CMVP, the library implements Self-Test functionality that is available with all compilation options. 456The test is always performed as part of library initialization (power-up). There is no conditional self-test functionality as none of such conditions occur (i.e. pair-wise consistency test, 457software/firmware load test, manual key entry test, continuous random number generator test, and 458bypass test). 459 460Application can register self-test callback function to track test progress. Optionally application can corrupt input message for selected tests and observe change in the test result. 461 462Example sequence of callbacks received by an application is: 463- callback(data.phase = IMB_SELF_TEST_PHASE_START, data.type = IMB_SELF_TEST_TYPE_KAT_CIPHER, data.descr = "AES128-CBC") => return 1 464- callback(data.phase = IMB_SELF_TEST_PHASE_CORRUPT) 465 - return 1: no message corruption 466 - return 0: corrupt single bit in the 1st byte 467- callback(data.phase = IMB_SELF_TEST_PHASE_PASS or IMB_SELF_TEST_PHASE_PASS) => return 1 468- callback(data.phase = IMB_SELF_TEST_PHASE_START, data.type = IMB_SELF_TEST_TYPE_KAT_CIPHER, data.descr = "AES192-CBC") => return 1 469- ... 470Note that value returned by application self-test callback function only matters in the corrupt phase. 471 472The self-test consists of Cryptographic algorithm test (known answer test) on following types and algorithms: 473- KAT_AEAD: 474 - AES-GCM 475 - AES-CCM 476- KAT_Cipher: 477 - AES-CBC 478 - AES-CTR 479 - AES-ECB 480 - TDES-EDE-CBC 481- KAT_Auth: 482 - AES-GMAC 483 - AES-CMAC 484 - SHA1 485 - SHA224 486 - SHA256 487 - SHA384 488 - SHA512 489 - HMAC-SHA1 490 - HMAC-SHA224 491 - HMAC-SHA256 492 - HMAC-SHA384 493 - HMAC-SHA512 494 495KAT_Cipher and KAT_AEAD types conduct tests in encrypt and decrypt cipher directions. However, the corrupt callback is made only for the encrypt direction. No callback is made for the decrypt direction at the moment. 496 497Example detection of library self-test completion & error in the application: 498``` 499IMB_ARCH arch; 500IMB_MGR *p_mgr = alloc_mb_mgr(0); 501 502init_mb_mgr_auto(p_mgr, &arch); /* or init_mb_mgr_sse/avx/avx2/avx512 */ 503 504/* 505 * check for self-test presence and successful 506 * - requires library version v1.3 or newer 507 */ 508if (p_mgr->features & IMB_FEATURE_SELF_TEST) { 509 /* self-test feature present */ 510 if (p_mgr->features & IMB_FEATURE_SELF_TEST_PASS) { 511 printf("SELF-TEST: PASS\n"); 512 } else { 513 printf("SELF-TEST: FAIL\n"); 514 } 515} else { 516 printf("SELF-TEST: N/A (requires library >= v1.3)\n"); 517} 518 519/* check for initialization self-test error */ 520if (imb_get_errno(p_mgr) == IMB_ERR_SELFTEST) { 521 /* self-test error */ 522 exit(EXIT_FAILURE); 523} 524``` 525 526Example registration of self-test callback function: 527``` 528int self_test_corrupt = 0; 529 530int callback(void *arg, const IMB_SELF_TEST_CALLBACK_DATA *data) 531{ 532 const char *phase = ""; 533 const char *type = ""; 534 const char *descr = ""; 535 536 (void) arg; 537 538 if (data != NULL) { 539 if (data->phase != NULL) 540 phase = data->phase; 541 if (data->type != NULL) 542 type = data->type; 543 if (data->descr != NULL) 544 descr = data->descr; 545 } 546 547 if (strcmp(phase, IMB_SELF_TEST_PHASE_START) == 0) 548 printf("%s : %s : ", type, descr); 549 550 if ((strcmp(phase, IMB_SELF_TEST_PHASE_CORRUPT) == 0) && (self_test_corrupt == 1)) 551 return 0; /* corrupt input message */ 552 553 if (strcmp(phase, IMB_SELF_TEST_PHASE_PASS) == 0 || 554 strcmp(phase, IMB_SELF_TEST_PHASE_FAIL) == 0) 555 printf("%s\n", phase); 556 557 return 1; 558} 559 560... 561 562IMB_ARCH arch; 563IMB_MGR *p_mgr = alloc_mb_mgr(0); 564 565/* 566 * Register self-test callback that will be invoked during 567 * subsequent init operation 568 */ 569imb_self_test_set_cb(p_mgr, callback, NULL); 570 571init_mb_mgr_auto(p_mgr, &arch); /* or init_mb_mgr_sse/avx/avx2/avx512 */ 572 573... 574 575``` 576 577## 13.DLL Injection Attack 578 579### Problem 580 581The Windows OS has an insecure predefined search order and set of defaults when trying to locate a resource. If the resource location is not specified by the software, an attacker need only place a malicious version in one of the locations Windows will search, and it will be loaded instead. Although this weakness can occur with any resource, it is especially common with DLL files. 582 583### Solutions 584 585Applications using intel-ipsec-mb DLL library may need to apply one of the solutions to prevent from DLL injection attack. 586 587Two solutions are available: 588- Using a Fully Qualified Path is the most secure way to load a DLL 589- Signature verification of the DLL 590 591### Resources and Solution Details 592 593- Security remarks section of LoadLibraryEx documentation by Microsoft: <https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexa#security-remarks> 594- Microsoft Dynamic Link Library Security article: <https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security> 595- Hijack Execution Flow: DLL Search Order Hijacking: <https://attack.mitre.org/techniques/T1574/001> 596- Hijack Execution Flow: DLL Side-Loading: <https://attack.mitre.org/techniques/T1574/002> 597
){kind=link}
){kind=link}
){kind=link}
){kind=link}