Skip to content

Intel Cryptography Primitives Library 1.3.0

Latest
Latest
Compare
Choose a tag to compare
@itopinsk itopinsk released this 01 Oct 13:54
v1.3.0
c5d40ad

New Features and Optimizations

  • Added support for ML-KEM scheme with Key Generation, Encapsulation and Decapsulation functionality implemented according to the FIPS 203.
  • Added API for hash squeezing for Extendable-output functions (XOF) from the Keccak family.
  • Optimized performance for SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and SHAKE256 hash algorithms.
  • Optimized stack memory usage for Leighton-Micali Signatures LMS Verification algorithm.
  • Added split HKDF API HKDF_Extract() and HKDF_Expand() for the more granular usage of the HKDF functionality.

Fixed issues

Known Issues and Limitations

  • Crypto multi-buffer library linked with OpenSSL 3.5 and built with Intel ICX Compiler was not fully validated with Constant-time execution tests. There is no such issue for other tested configurations.
  • ippsXMSSSign() and ippsXMSSKeyGen() API were not validated with Constant-time execution tests due to a limitation of the testing methodology, so the resistance to side-channel attacks cannot be guaranteed for this API. This limitation will be eliminated in one of the next product releases by changing the testing methodology
  • ippsXMSSKeyGen(), ippsMLKEM_KeyGen() and ippsMLKEM_Encaps() API by default works with RDRAND-based Pseudo Random Number Generator (PRNG). If this instruction is not available on a target CPU, a third-party PRNG should be provided to this API, see more details in the functions documentation.

Deprecation

  • The code paths m7 (Intel® SSE3) and w7 (Intel® SSE2) are deprecated and will be removed from the merged build of Intel® Cryptography Primitives Library in the future releases. 1cpu headers are still available for all code paths. These branches can also be built as 1cpu libraries if specified in the platform list, e.g. -DMERGED_BLD:BOOL=off -DPLATFORM_LIST=s8;e9.
  • Due to a bug in the CMake configuration, libraries built with MB_STANDALONE=true are incorrectly installed to lib/intel64/ instead of the correct lib/ directory. Users should be aware that the installation path may not match the expected location for standalone builds. This issue will be fixed in the next major release.
  • IppsLMSBufferGetSize was deprecated and will be removed in the future releases. Please use ippsLMSVerifyBufferGetSize instead

Thanks to the Contributors

Release includes contributions from the project team as well @murali-i

Contributors

murali-i
Assets 2
Loading