AES-GCM key storage increase being planned

[tkanteck]

As part of ongoing works on AES-GCM we are planning to increase overall key storage for AVX512 type 2 implementation

So what?

Applications would need to be recompiled to leverage new library version. For example, an application binary compiled with v1.3 will not work correctly (for AES-GCM) with v1.4.

More details

Today, key storage for AVX512 type2 consists of:

• 15 AES round keys, 16 bytes each
• 48 hash key powers, 16 byte each
• 1,008 bytes in total

The plan is to increase hash key storage by 256 bytes bringing the total to 1,264 bytes.

GCM key storage is defined as a structure in intel-ipsec-mb.h header file and there is no API to obtain size of this structure at runtime.

Since the key storage increases in v1.4, memory allocated for key storage with older library versions (i.e. v1.3) is not big enough and will lead to memory corruption when using AES-GCM or AES-GMAC with AVX512 type 2 architectures (Sunny Cove, Golden Cove cores).

[tkanteck]

See https://github.com/intel/intel-ipsec-mb/commit/b6631fe35b59b1bb7665be9b1f33d244e26a8fa5

48 hash key powers have been reduced to 32. However, new multiply & reduce needs two 128-bit hash key values (not one). Storage for hash keys goes from 48 to 64 (32 x 2) words (256 bytes up).