Releases: intel/cryptography-primitives
Intel Cryptography Primitives Library 1.2.0
Functionality
- Crypto Multi buffer library was extended with Intel® AVX-IFMA implementation of ECDSA (Sign and Verify), public key generation, ECDHE over NIST p256r1 curve
- Added support for HKDF, Hashed Message Authentication Code (HMAC)-based key derivation function as defined by RFC-5869
- Added support for SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and SHAKE256 hash algorithms as defined by FIPS PUB 202
Experimental Features
- Added support of Key and signature generations for the eXtended Merkle Signature Scheme (XMSS) algorithm
Limitations
ippsXMSSSign()andippsXMSSKeyGen()API were not validated with Constant-time execution tests due to a limitation of the testing methodology, so the resistance to side-channel attacks cannot be guaranteed for this API. This limitation will be eliminated in one of the next product releases by changing the testing methodologyippsXMSSKeyGen()API by default works with RDRAND-based Pseudo Random Number Generator (PRNG). If this instruction is not available on a target CPU, a third-party PRNG should be provided toippsXMSSKeyGen()API, see more details in the function's documentation
Usability and Documentation
- Minimal supported BoringSSL version was increased to 0.20250114.0 tag
- Minimal supported Python version was increased to 3.12.0
- reStructuredText (.rst) documentation is now published to
docfolder, with corresponding rendered GitHub Pages for each commit
Bug fixes
- Fixed memory release issue in FIPS selftests which appears when FIPS module of the library is built with
-DIPPCP_SELFTEST_USE_MALLOC:BOOL=onoption - Fixed build issue for 1cpu crypto_mb which appears when specifying a target platforms set with -
DMERGED_BLD:BOOL=off and -DMBX_PLATFORM_LIST="<platform list>"
Known Limitations
The thread safety is not guaranteed for the following API:
ippsHashMethod_<hash>(),ippsHashMethod_<hash>_NI()andippsHashMethod_<hash>_TT(), where possible values of are MD5, SM3, SHA1, SHA256, SHA512, SHA384, 512_256, 512_224, SHA3_224, SHA3_256, SHA3_384, SHA3_512, SHAKE128, SHAKE256
Intel Cryptography Primitives Library 1.1.0
Functionality
- Added single buffer SM4 (former SMS4) algorithm with the new SM4 instructions for Lunar Lake and Arrow Lake S CPUs.
- Added single buffer SHA384, SHA512, SHA512/224, SHA512/256 hash algorithm optimizations with the new SHA512 instructions for Lunar Lake and Arrow Lake S CPUs.
- Enabled support of specific ISA library build for Crypto Multi buffer library. Cmake build options
-DMERGED_BLD:BOOL=off -DMBX_PLATFORM_LIST="k1;l9"may be used. Please refer to BUILD.md for the details
Bug fixes
- Fixed an issue with invalid memory access for AES-GCM algorithm with Intel® Advanced Vector Extensions 2 (Intel® AVX2) vector extensions of Intel® AES New Instructions (Intel® AES-NI) in case of corner sizes.
- Fixed AVX512 IFMA implementation (k1 branch) of SM2 signature and verification single-buffer algorithm. The optimized path is re-enabled.
Deprecated Functionality
fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size_keysandfips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size. Please see DEPRECATION_NOTES.md for more details.
Thanks to the Contributors
Release includes contributions from the project team as well @taviso, @berrange and @Jingkai
Contributors
Assets 2
Intel Cryptography Primitives Library 1.0.1
Bug fixes
Fixed an issue with invalid memory access for AES-GCM algorithm with Intel® Advanced Vector Extensions 2 (Intel® AVX2) vector extensions of Intel® AES New Instructions (Intel® AES-NI) in case of corner sizes.
Intel Cryptography Primitives Library 1.0.0
Intel® Integrated Performance Primitives Cryptography (Intel® IPP Cryptography) was renamed to Intel(R) Cryptography Primitives Library.
Functionality
-
Added IPPCP SM3 hash algorithm optimization with the new instruction set (SM3-NI) for Lunar Lake and Arrow Lake CPUs.
-
Added Intel® AVX-IFMA RSA implementation to Crypto Multi buffer library.
-
Added FIPS selftest for Leighton-Micali Hash-Based Signatures(LMS) verification algorithm.
-
Added examples for SM3 Hash / LMS post-quantum verification / NIST Curve P-256 ECDSA signature generation algorithms.
-
Changed
-DBABASSL:BOOL=onCMake build option to-DTONGSUO:BOOL=onfor Tongsuo library.
Bug fixes
- Fixed bug in IceLake optimization (k1 branch) of ECDSA signature function caused by incorrect processing of R and S component's size and sign.
Disconnected Features
- Removed API that were deprecated in Intel® Integrated Performance Primitives Cryptography 2020 Update1. More details can be found in DEPRECATION_NOTES.md. Please note that
ippsHash<GetSize/Init/Duplicate/Pack/Unpack/Update/GetTag/Final/HashMessage>API still remain in the library. - Removed support for SSSE3(
s8for ia32 andn8for intel64) and AVX(g9for ia32 ande9for intel64) code-paths. Execution was moved to SSE3(w7for ia32 andm7for intel64) and SSE4.2(p8for ia32 andy8for intel64) respectively. There is still the possibility to use 1cpu headers and 1cpu libraries without breaking change for 1 year but some performance drops are expected.
CAVP certification
- Intel® Cryptography Primitives Library optimized for Intel® AVX512 ISA
- Intel® Cryptography Primitives Library optimized for Intel® AVX2 ISA
- Intel® Crypto Multi-buffer Library optimized for Intel® AVX512 ISA
- Intel® Crypto Multi-buffer Library optimized for Intel® AVX2 ISA
Thanks to the Contributors
Release includes contributions from the project team as well as @wbeck10.
Contributors
Assets 2
IPP Crypto 2021.12.1
Intel(R) Integrated Performance Primitives Cryptography 2021.12.1
IPP Crypto 2021.12.0
Intel(R) Integrated Performance Primitives Cryptography 2021.12.0
IPP Crypto 2021.11.1
Update of Custom Library Tool version
IPP Crypto 2021.11.0
Intel(R) Integrated Performance Primitives Cryptography 2021.11.0
IPP Crypto 2021.10.0
Intel(R) Integrated Performance Primitives Cryptography 2021.10.0
CAVP certification
IPP Crypto 2021.9.0
Intel(R) Integrated Performance Primitives Cryptography 2021.9.0