Add Intel Key Locker intrinsics to core::arch::x86_64

The Intel Key Locker Specification defines several new functions for hardware-level encryption of information and secure storage of cryptographic keys using handles. This post proposes to add Intel Key Locker intrinsics to Rust.

Intel defines the following compiler intrinsics for Intel Key Locker:

unsigned char _mm_aesdec128kl_u8 (__m128i* __odata, __m128i __idata, const void* __h);
unsigned char _mm_aesdec256kl_u8 (__m128i* __odata, __m128i __idata, const void* __h);
unsigned char _mm_aesdecwide128kl_u8 (__m128i* __odata, const __m128i* __idata, const void* __h);
unsigned char _mm_aesdecwide256kl_u8 (__m128i* __odata, const __m128i* __idata, const void* __h);
unsigned char _mm_aesenc128kl_u8 (__m128i* __odata, __m128i __idata, const void* __h);
unsigned char _mm_aesenc256kl_u8 (__m128i* __odata, __m128i __idata, const void* __h);
unsigned char _mm_aesencwide128kl_u8 (__m128i* __odata, const __m128i* __idata, const void* __h);
unsigned char _mm_aesencwide256kl_u8 (__m128i* __odata, const __m128i* __idata, const void* __h);
unsigned int _mm_encodekey128_u32 (unsigned int __htype, __m128i __key, void* __h);
unsigned int _mm_encodekey256_u32 (unsigned int __htype, __m128i __key_lo, __m128i __key_hi, void* __h);
void _mm_loadiwkey (unsigned int __ctl, __m128i __intkey, __m128i __enkey_lo, __m128i __enkey_hi);

These intrinsics map to the following instructions:

  • AESDEC128KL: Perform Ten Rounds of AES Decryption Flow with Key Locker Using 128-Bit Key
  • AESDEC256KL: Perform 14 Rounds of AES Decryption Flow with Key Locker Using 256-Bit Key
  • AESDECWIDE128KL: Perform Ten Rounds of AES Decryption Flow with Key Locker on 8 Blocks Using 128-Bit Key
  • AESDECWIDE256KL: Perform 14 Rounds of AES Decryption Flow with Key Locker on 8 Blocks Using 256-Bit Key
  • AESENC128KL: Perform Ten Rounds of AES Encryption Flow with Key Locker Using 128-Bit Key
  • AESENC256KL: Perform 14 Rounds of AES Encryption Flow with Key Locker Using 256-Bit Key
  • AESENCWIDE128KL: Perform Ten Rounds of AES Encryption Flow with Key Locker on 8 Blocks Using 128-Bit Key
  • AESENCWIDE256KL: Perform 14 Rounds of AES Encryption Flow with Key Locker on 8 Blocks Using 256-Bit Key
  • ENCODEKEY128: Encode 128-Bit Key with Key Locker
  • ENCODEKEY256: Encode 256-Bit Key with Key Locker
  • LOADIWKEY: Load Internal Wrapping Key with Key Locker

I'm not submitting this as an RFC because it doesn't seem necessary; its a small addition to libcore/libstd. However, I've no idea how to actually define new intrinsics, and so I'm coming here for advice. But these are the ones I want to add -- after these are added I don't think Rust will be missing any intrinsics and will be up to date with Intel C/C++ (though I might be wrong).

I was going to submit this as an RFC, describing how Intel KL works, but I felt like I'd be duplicating the specification, which already goes into depth about OS-level and application-level usage. The spec also defines the opcodes and operational pseudocode, which can also be found in the Intel SDMs, vol. 2A.

Should I submit this as an RFC anyway? If not, how does adding intrinsics work?

1 Like

A pull request adding them as unstable should suffice, and then we can evaluate further when they're up for stabilization.

1 Like