Releases: intel/cryptography-primitives
Releases · intel/cryptography-primitives
Intel Cryptography Primitives Library 1.3.0
New Features and Optimizations
- Added support for ML-KEM scheme with Key Generation, Encapsulation and Decapsulation functionality implemented according to the FIPS 203.
- Added API for hash squeezing for Extendable-output functions (XOF) from the Keccak family.
- Optimized performance for SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and SHAKE256 hash algorithms.
- Optimized stack memory usage for Leighton-Micali Signatures LMS Verification algorithm.
- Added split HKDF API HKDF_Extract() and HKDF_Expand() for the more granular usage of the HKDF functionality.
Fixed issues
- Fixed the mbx_get_algo_info() , now its output reflects the latest state of the library.
Known Issues and Limitations
- Crypto multi-buffer library linked with OpenSSL 3.5 and built with Intel ICX Compiler was not fully validated with Constant-time execution tests. There is no such issue for other tested configurations.
- ippsXMSSSign() and ippsXMSSKeyGen() API were not validated with Constant-time execution tests due to a limitation of the testing methodology, so the resistance to side-channel attacks cannot be guaranteed for this API. This limitation will be eliminated in one of the next product releases by changing the testing methodology
- ippsXMSSKeyGen(), ippsMLKEM_KeyGen() and ippsMLKEM_Encaps() API by default works with RDRAND-based Pseudo Random Number Generator (PRNG). If this instruction is not available on a target CPU, a third-party PRNG should be provided to this API, see more details in the functions documentation.
Deprecation
- The code paths m7 (Intel® SSE3) and w7 (Intel® SSE2) are deprecated and will be removed from the merged build of Intel® Cryptography Primitives Library in the future releases. 1cpu headers are still available for all code paths. These branches can also be built as 1cpu libraries if specified in the platform list, e.g. -DMERGED_BLD:BOOL=off -DPLATFORM_LIST=s8;e9.
- Due to a bug in the CMake configuration, libraries built with MB_STANDALONE=true are incorrectly installed to lib/intel64/ instead of the correct lib/ directory. Users should be aware that the installation path may not match the expected location for standalone builds. This issue will be fixed in the next major release.
- IppsLMSBufferGetSize was deprecated and will be removed in the future releases. Please use ippsLMSVerifyBufferGetSize instead
Thanks to the Contributors
Release includes contributions from the project team as well @murali-i
Contributors
murali-i
Assets 2
Intel Cryptography Primitives Library 1.2.0
Functionality
- Crypto Multi buffer library was extended with Intel® AVX-IFMA implementation of ECDSA (Sign and Verify), public key generation, ECDHE over NIST p256r1 curve
- Added support for HKDF, Hashed Message Authentication Code (HMAC)-based key derivation function as defined by RFC-5869
- Added support for SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and SHAKE256 hash algorithms as defined by FIPS PUB 202
Experimental Features
- Added support of Key and signature generations for the eXtended Merkle Signature Scheme (XMSS) algorithm
Limitations
ippsXMSSSign()andippsXMSSKeyGen()API were not validated with Constant-time execution tests due to a limitation of the testing methodology, so the resistance to side-channel attacks cannot be guaranteed for this API. This limitation will be eliminated in one of the next product releases by changing the testing methodologyippsXMSSKeyGen()API by default works with RDRAND-based Pseudo Random Number Generator (PRNG). If this instruction is not available on a target CPU, a third-party PRNG should be provided toippsXMSSKeyGen()API, see more details in the function's documentation
Usability and Documentation
- Minimal supported BoringSSL version was increased to 0.20250114.0 tag
- Minimal supported Python version was increased to 3.12.0
- reStructuredText (.rst) documentation is now published to
docfolder, with corresponding rendered GitHub Pages for each commit
Bug fixes
- Fixed memory release issue in FIPS selftests which appears when FIPS module of the library is built with
-DIPPCP_SELFTEST_USE_MALLOC:BOOL=onoption - Fixed build issue for 1cpu crypto_mb which appears when specifying a target platforms set with -
DMERGED_BLD:BOOL=off and -DMBX_PLATFORM_LIST="<platform list>"
Known Limitations
The thread safety is not guaranteed for the following API:
ippsHashMethod_<hash>(),ippsHashMethod_<hash>_NI()andippsHashMethod_<hash>_TT(), where possible values of are MD5, SM3, SHA1, SHA256, SHA512, SHA384, 512_256, 512_224, SHA3_224, SHA3_256, SHA3_384, SHA3_512, SHAKE128, SHAKE256
Intel Cryptography Primitives Library 1.1.0
Functionality
- Added single buffer SM4 (former SMS4) algorithm with the new SM4 instructions for Lunar Lake and Arrow Lake S CPUs.
- Added single buffer SHA384, SHA512, SHA512/224, SHA512/256 hash algorithm optimizations with the new SHA512 instructions for Lunar Lake and Arrow Lake S CPUs.
- Enabled support of specific ISA library build for Crypto Multi buffer library. Cmake build options
-DMERGED_BLD:BOOL=off -DMBX_PLATFORM_LIST="k1;l9"may be used. Please refer to BUILD.md for the details
Bug fixes
- Fixed an issue with invalid memory access for AES-GCM algorithm with Intel® Advanced Vector Extensions 2 (Intel® AVX2) vector extensions of Intel® AES New Instructions (Intel® AES-NI) in case of corner sizes.
- Fixed AVX512 IFMA implementation (k1 branch) of SM2 signature and verification single-buffer algorithm. The optimized path is re-enabled.
Deprecated Functionality
fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size_keysandfips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size. Please see DEPRECATION_NOTES.md for more details.
Thanks to the Contributors
Release includes contributions from the project team as well @taviso, @berrange and @Jingkai
Contributors
taviso, berrange, and Jingkai
Assets 2
Intel Cryptography Primitives Library 1.0.1
Bug fixes
Fixed an issue with invalid memory access for AES-GCM algorithm with Intel® Advanced Vector Extensions 2 (Intel® AVX2) vector extensions of Intel® AES New Instructions (Intel® AES-NI) in case of corner sizes.
Intel Cryptography Primitives Library 1.0.0
Intel® Integrated Performance Primitives Cryptography (Intel® IPP Cryptography) was renamed to Intel(R) Cryptography Primitives Library.
Functionality
-
Added IPPCP SM3 hash algorithm optimization with the new instruction set (SM3-NI) for Lunar Lake and Arrow Lake CPUs.
-
Added Intel® AVX-IFMA RSA implementation to Crypto Multi buffer library.
-
Added FIPS selftest for Leighton-Micali Hash-Based Signatures(LMS) verification algorithm.
-
Added examples for SM3 Hash / LMS post-quantum verification / NIST Curve P-256 ECDSA signature generation algorithms.
-
Changed
-DBABASSL:BOOL=onCMake build option to-DTONGSUO:BOOL=onfor Tongsuo library.
Bug fixes
- Fixed bug in IceLake optimization (k1 branch) of ECDSA signature function caused by incorrect processing of R and S component's size and sign.
Disconnected Features
- Removed API that were deprecated in Intel® Integrated Performance Primitives Cryptography 2020 Update1. More details can be found in DEPRECATION_NOTES.md. Please note that
ippsHash<GetSize/Init/Duplicate/Pack/Unpack/Update/GetTag/Final/HashMessage>API still remain in the library. - Removed support for SSSE3(
s8for ia32 andn8for intel64) and AVX(g9for ia32 ande9for intel64) code-paths. Execution was moved to SSE3(w7for ia32 andm7for intel64) and SSE4.2(p8for ia32 andy8for intel64) respectively. There is still the possibility to use 1cpu headers and 1cpu libraries without breaking change for 1 year but some performance drops are expected.
CAVP certification
- Intel® Cryptography Primitives Library optimized for Intel® AVX512 ISA
- Intel® Cryptography Primitives Library optimized for Intel® AVX2 ISA
- Intel® Crypto Multi-buffer Library optimized for Intel® AVX512 ISA
- Intel® Crypto Multi-buffer Library optimized for Intel® AVX2 ISA
Thanks to the Contributors
Release includes contributions from the project team as well as @wbeck10.
Contributors
wbeck10
Assets 2
IPP Crypto 2021.12.1
Intel(R) Integrated Performance Primitives Cryptography 2021.12.1
IPP Crypto 2021.12.0
Intel(R) Integrated Performance Primitives Cryptography 2021.12.0
IPP Crypto 2021.11.1
Update of Custom Library Tool version
IPP Crypto 2021.11.0
Intel(R) Integrated Performance Primitives Cryptography 2021.11.0
IPP Crypto 2021.10.0
Intel(R) Integrated Performance Primitives Cryptography 2021.10.0