Intel(R) Integrated Performance Primitives Cryptography 2021.11.1

Author: ipl_ci

.gitignore

@@ -14,6 +14,12 @@
 .idea
 __pycache__/
 
+_build
+.vscode
+doc/source/nocp-parameters.xml
+nocp-parameters.xml
+
+
 # temporary files if a process still has a handle open of a deleted file
 .fuse_hidden*
 
@@ -31,3 +37,4 @@ Thumbs.db:encryptable
 ehthumbs.db
 ehthumbs_vista.db
 *.lnk
+

BUILD.md

@@ -25,15 +25,14 @@
 - [CMake\*](https://cmake.org/download) 3.18 or higher
 - Python 3.8.1
 - The Netwide Assembler (NASM) 2.15
-- OpenSSL\* 3.0.8 or higher
+- OpenSSL\* 3.0.8 or higher **OR** BoringSSL* [45cf810d](https://github.com/google/boringssl/archive/45cf810dbdbd767f09f8cb0b0fcccd342c39041f.tar.gz) **OR** Tongsuo* 8.2.1
+
 
 ### Linux* OS
 - [Common tools](#common-tools)
 - Intel® C++ Compiler Classic 2021.9 for Linux\* OS
-- GCC 8.3
-- GCC 9.1
-- GCC 10.1
-- GCC 11.1
+- GCC 8.5
+- GCC 11.4
 - Clang 9.0
 - Clang 12.0
 - GNU binutils 2.32
@@ -217,6 +216,8 @@ To build the Intel IPP Cryptography library on macOS\*, complete the following s
 
     - Example for Linux\* OS and the Intel® 64 architecture:
         `-DPLATFORM_LIST="w7;n8;y8;e9;l9;k0"`
+- `-DNO_CRYPTO_MB:BOOL=TRUE` - optional, turns off the build of [Crypto Multi Buffer library](./sources/ippcp/crypto_mb/Readme.md) and, as a consequence, removes all dependencies on OpenSSL library.
+- `-DBABASSL:BOOL=on`, `-DBORINGSSL:BOOL=on` - required only if forks of OpenSSL library are used to resolve OpenSSL dependencies - Tongsuo and BoringSSL respectively. These flags make sense when [Crypto Multi Buffer library](./sources/ippcp/crypto_mb/Readme.md) is built.
 - `-DIPPCP_CUSTOM_BUILD="<CPU features list>"` - optional, works only if `-DMERGED_BLD:BOOL=off` is set, i.e. only for 1CPU libraries. Enables the CPU feature dispatching mask at compile-time based on the provided list.
 
    - Currently supported by the library custom features dispatching:

CHANGELOG.md

@@ -2,6 +2,9 @@
 
 This is a list of notable changes to Intel(R) IPP Cryptography, in reverse chronological order.
 
+## Intel(R) IPP Cryptography 2021.11
+- Minimal supported BoringSSL version was increased to [45cf810d](https://github.com/google/boringssl/archive/45cf810dbdbd767f09f8cb0b0fcccd342c39041f.tar.gz) tag.
+
 ## Intel(R) IPP Cryptography 2021.10
 - Added the verification part of eXtended Merkle Signature Scheme (XMSS) algorithm.
 - Added FIPS-compliance mode for the library. More information can be found in the [Intel(R) IPP Cryptography FIPS Guide](./README_FIPS.md).

CONST_TIME_EXECUTION_TESTING.md

@@ -5,18 +5,10 @@
 - [Scope for crypto_mb library](#cryptomb)
 
 ## General information <div id = 'general'>
-- Testing is conducted under Linux for 64-bit Intel® IPP Cryptography built with the following compilers:
-  -  Intel® C++ Compiler 19.1
-  -  Intel® C++ Compiler Classic 2021.9
-  -  GCC 8.3 
-  -  GCC 9.1 
-  -  GCC 10.1 
-  -  GCC 11.1
-  -  Clang 9.0 
-  -  Clang 12.0 
+- Testing is conducted under Linux for 64-bit Intel® IPP Cryptography built with the compilers listed in [Build](./BUILD.md).
 - Tested platforms: w7, n8, y8, e9, l9, k0 (see the supported platforms list [here](./OVERVIEW.md#target-optimization-codes-in-function-names)).
 - Testing scope described below is guaranteed to pass for **`release`** branches. This is not guaranteed for the **`develop`** branch ([branches description](./OVERVIEW.md#branches-description))
-- Information about Pin-Based Constant Execution Checker can be found [here](https://github.com/intel/pin_based_cec) 
+- Information about Pin-Based Constant Execution Checker can be found [here](https://github.com/intel/pin_based_cec)
 
 ## ippcp library <div id = 'ippcp'>
 |     Tested Function      |                                         Parameters                                         |

README.md

@@ -22,7 +22,7 @@ The library provides a comprehensive set of routines commonly used for cryptogra
    - RSA, RSA-OAEP, RSA-PKCS_v15, RSA-PSS
    - DLP, DLP-DSA, DLP-DH
    - ECC (NIST curves), ECDSA, ECDH, EC-SM2
-- Multi-buffer RSA, ECDSA, SM3, x25519
+- Multi-buffer RSA, ECDSA, ECDH, x25519, SM2, SM3, SM4, etc
 - Finite Field Arithmetic Functions
 - Big Number Integer Arithmetic Functions
 - PRNG/TRNG and Prime Numbers Generation

README_FIPS.md

@@ -291,6 +291,7 @@ fips_test_status fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys (int *pKe
 fips_test_status fips_selftest_ippsRSASignVerify_PSS_rmf_get_size (int *pBufferSize Ipp8u *pKeysBuffer);
 fips_test_status fips_selftest_ippsRSASign_PSS_rmf (Ipp8u *pBuffer Ipp8u *pKeysBuffer);
 fips_test_status fips_selftest_ippsRSAVerify_PSS_rmf (Ipp8u *pBuffer Ipp8u *pKeysBuffer);
+fips_test_status fips_selftest_ippsRSA_GenerateKeys (Ipp8u *pBuffer Ipp8u *pKeysBuffer);
 ```
 
 , where `pBuffer` is the valid buffer for selftest of size indicated by
@@ -305,6 +306,8 @@ fips_test_status fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff (int *
 fips_test_status fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff (int *pDataBuffSize Ipp8u *pGFpBuff Ipp8u *pGFpECBuff);
 fips_test_status fips_selftest_ippsGFpECSignDSA (Ipp8u *pGFpBuff Ipp8u *pGFpECBuff Ipp8u *pDataBuff);
 fips_test_status fips_selftest_ippsGFpECVerifyDSA (Ipp8u *pGFpBuff Ipp8u *pGFpECBuff Ipp8u *pDataBuff);
+fips_test_status fips_selftest_ippsGFpECPublicKey (Ipp8u *pGFpBuff Ipp8u *pGFpECBuff Ipp8u *pDataBuff);
+fips_test_status fips_selftest_ippsGFpECSharedSecretDH (Ipp8u *pGFpBuff Ipp8u *pGFpECBuff Ipp8u *pDataBuff);
 ```
 
 , where `pGFpBuff` is the valid buffer for selftest of size indicated by

include/ippcp/fips_cert.h

@@ -93,13 +93,16 @@ IPPAPI(fips_test_status, fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys,
 IPPAPI(fips_test_status, fips_selftest_ippsRSASignVerify_PSS_rmf_get_size, (int *pBufferSize, Ipp8u *pKeysBuffer))
 IPPAPI(fips_test_status, fips_selftest_ippsRSASign_PSS_rmf, (Ipp8u *pBuffer, Ipp8u *pKeysBuffer))
 IPPAPI(fips_test_status, fips_selftest_ippsRSAVerify_PSS_rmf, (Ipp8u *pBuffer, Ipp8u *pKeysBuffer))
+IPPAPI(fips_test_status, fips_selftest_ippsRSA_GenerateKeys, (Ipp8u *pBuffer, Ipp8u *pKeysBuffer))
 
 /* ECDSA sign/verify */
 IPPAPI(fips_test_status, fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFp_buff, (int *pGFpBuffSize))
 IPPAPI(fips_test_status, fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff, (int *pGFpECBuffSize, Ipp8u *pGFpBuff))
 IPPAPI(fips_test_status, fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff, (int *pDataBuffSize, Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff))
 IPPAPI(fips_test_status, fips_selftest_ippsGFpECSignDSA, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff))
 IPPAPI(fips_test_status, fips_selftest_ippsGFpECVerifyDSA, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff))
+IPPAPI(fips_test_status, fips_selftest_ippsGFpECPublicKey, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff))
+IPPAPI(fips_test_status, fips_selftest_ippsGFpECSharedSecretDH, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff))
 
 /*
 // Enumerator that contains information about FIPS-approved
@@ -135,8 +138,11 @@ enum FIPS_IPPCP_FUNC {
     RSAVerify_PKCS1v15_rmf,
     RSASign_PSS_rmf,
     RSAVerify_PSS_rmf,
+    RSA_GenerateKeys,
     GFpECSignDSA,
     GFpECVerifyDSA,
+    GFpECSharedSecretDH,
+    GFpECPublicKey,
     HashUpdate_rmf,
     HashGetTag_rmf,
     HashFinal_rmf,
@@ -151,8 +157,8 @@ enum FIPS_IPPCP_FUNC {
     RSAEncrypt_OAEP_rmf,
     RSADecrypt_OAEP_rmf,
 
-  /* Not approved functions or 
-   * FIPS-mode is not yet implemented, < 0 
+  /* Not approved functions or
+   * FIPS-mode is not yet implemented, < 0
    */
     SMS4EncryptCBC = -0xFFF,
     SMS4EncryptCBC_CS1,
@@ -173,7 +179,7 @@ enum FIPS_IPPCP_FUNC {
     SMS4_CCMDecrypt,
     SMS4_CCMGetTag,
     /* XTS APIs didn't pass CAVP testing */
-    AES_XTSEncrypt, 
+    AES_XTSEncrypt,
     AES_XTSDecrypt,
     AESEncryptXTS_Direct,
     AESDecryptXTS_Direct,
@@ -193,7 +199,6 @@ enum FIPS_IPPCP_FUNC {
     PrimeGen_BN,
     RSA_Encrypt,
     RSA_Decrypt,
-    RSA_GenerateKeys,
     DLPGenKeyPair,
     DLPPublicKey,
     DLPSignDSA,
@@ -203,8 +208,6 @@ enum FIPS_IPPCP_FUNC {
     DLPGenerateDH,
     GFpECVerify,
     GFpECPrivateKey,
-    GFpECPublicKey,
-    GFpECSharedSecretDH,
     GFpECSharedSecretDHC,
     GFpECSignNR,
     GFpECVerifyNR,

include/ippversion.h

@@ -28,12 +28,12 @@
 
 #define IPP_VERSION_MAJOR  2021
 #define IPP_VERSION_MINOR  11
-#define IPP_VERSION_UPDATE 0
+#define IPP_VERSION_UPDATE 1
 
 // Major interface version
 #define IPP_INTERFACE_VERSION_MAJOR 11
 // Minor interface version
-#define IPP_INTERFACE_VERSION_MINOR 12
+#define IPP_INTERFACE_VERSION_MINOR 13
 
 #define IPP_VERSION_STR  STR(IPP_VERSION_MAJOR) "." STR(IPP_VERSION_MINOR) "." STR(IPP_VERSION_UPDATE) " (" STR(IPP_INTERFACE_VERSION_MAJOR) "." STR(IPP_INTERFACE_VERSION_MINOR) " )"
 

sources/include/owndefs.h

@@ -48,7 +48,7 @@
 #if !defined(__NOINLINE)
 #if defined(__INTEL_COMPILER) || defined(_MSC_VER)
   #define __NOINLINE __declspec(noinline)
-#elif defined( __GNUC__ )
+#elif defined( __GNUC__ ) || defined(__INTEL_LLVM_COMPILER)
   #define __NOINLINE __attribute__((noinline))
 #else
   #define __NOINLINE

sources/ippcp/CMakeLists.txt

@@ -106,7 +106,7 @@ set(DEFAULT_Clang_COMPILER_VER 9.0.0)
 set(DEFAULT_Intel18_COMPILER_VER 18.0.0)
 set(DEFAULT_Intel19_COMPILER_VER 19.0.0)
 set(DEFAULT_MSVC19_COMPILER_VER 19.14)
-set(DEFAULT_IntelLLVM2023_COMPILER_VER 2023.1.0)
+set(DEFAULT_IntelLLVM_COMPILER_VER 2023.1.0)
 
 string(REGEX REPLACE "^([0-9]+)\\.([0-9]+)\\.([0-9]+).*$" "\\1.\\2.\\3" CMAKE_C_COMPILER_VERSION_SHORT ${CMAKE_C_COMPILER_VERSION})
 string(REGEX REPLACE "^([0-9]+)\\..*$" "\\1" CMAKE_C_COMPILER_VERSION_MAJOR ${CMAKE_C_COMPILER_VERSION})