ipex-llm
ipex-llm copied to clipboard
[Security] AES related code refine
SDL no longer recommend AES 128/192. Need to change to 256 for AES default key length.
Note: AES-256 is required because use of AES-128 or AES-192 exposes the implementation to pre-computation attacks, reducing the security below the target of 128-bits of security.
https://github.com/intel-analytics/BigDL/blob/main/scala/orca/src/main/scala/com/intel/analytics/bigdl/orca/inference/EncryptSupportive.scala#L38
https://github.com/intel-analytics/BigDL/blob/main/scala/ppml/src/main/scala/com/intel/analytics/bigdl/ppml/crypto/BigDLEncrypt.scala#L58
Need to refine these hard coded value
Default Hmac for AES-256 CBC is SHA256. Default Hamc for AES GCM is "". https://docs.oracle.com/javase/8/docs/api/javax/crypto/Mac.html
Issue addressed by #4968 and #5023
https://github.com/intel-analytics/BigDL/blob/main/scala/orca/src/main/scala/com/intel/analytics/bigdl/orca/inference/EncryptSupportive.scala#L27 Change to 32
https://github.com/intel-analytics/BigDL/blob/main/python/dllib/src/bigdl/dllib/utils/encryption_utils.py#L29 change to 256 https://github.com/intel-analytics/BigDL/blob/main/python/dllib/src/bigdl/dllib/utils/encryption_utils.py#L43 change to 32
Get bytes from string is not a good idea. Entropy is less than pure bytes. https://github.com/intel-analytics/BigDL/blob/main/scala/ppml/src/main/scala/com/intel/analytics/bigdl/ppml/crypto/BigDLEncrypt.scala#L56
Need to byte->base64->byte.
Remove magic numbers in code. May them changeable, add default value.
val signingKey = Arrays.copyOfRange(secret, 0, 16)
val encryptKey = Arrays.copyOfRange(secret, 16, 48)
val r = new SecureRandom()
initializationVector = Array.tabulate(16)(_ => (r.nextInt(256) - 128).toByte)