Skip to content

Intel Cryptography Primitives Library 1.2.0

Choose a tag to compare

View all tags
@kiselik kiselik released this 30 May 14:39
v1.2.0
ffc0ccb

Functionality

  • Crypto Multi buffer library was extended with Intel® AVX-IFMA implementation of ECDSA (Sign and Verify), public key generation, ECDHE over NIST p256r1 curve
  • Added support for HKDF, Hashed Message Authentication Code (HMAC)-based key derivation function as defined by RFC-5869
  • Added support for SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and SHAKE256 hash algorithms as defined by FIPS PUB 202

Experimental Features

  • Added support of Key and signature generations for the eXtended Merkle Signature Scheme (XMSS) algorithm

Limitations

  • ippsXMSSSign() and ippsXMSSKeyGen() API were not validated with Constant-time execution tests due to a limitation of the testing methodology, so the resistance to side-channel attacks cannot be guaranteed for this API. This limitation will be eliminated in one of the next product releases by changing the testing methodology
  • ippsXMSSKeyGen() API by default works with RDRAND-based Pseudo Random Number Generator (PRNG). If this instruction is not available on a target CPU, a third-party PRNG should be provided to ippsXMSSKeyGen() API, see more details in the function's documentation

Usability and Documentation

  • Minimal supported BoringSSL version was increased to 0.20250114.0 tag
  • Minimal supported Python version was increased to 3.12.0
  • reStructuredText (.rst) documentation is now published to doc folder, with corresponding rendered GitHub Pages for each commit

Bug fixes

  • Fixed memory release issue in FIPS selftests which appears when FIPS module of the library is built with
    -DIPPCP_SELFTEST_USE_MALLOC:BOOL=on option
  • Fixed build issue for 1cpu crypto_mb which appears when specifying a target platforms set with -DMERGED_BLD:BOOL=off and -DMBX_PLATFORM_LIST="<platform list>"

Known Limitations

The thread safety is not guaranteed for the following API:

  • ippsHashMethod_<hash>(), ippsHashMethod_<hash>_NI() and ippsHashMethod_<hash>_TT(), where possible values of are MD5, SM3, SHA1, SHA256, SHA512, SHA384, 512_256, 512_224, SHA3_224, SHA3_256, SHA3_384, SHA3_512, SHAKE128, SHAKE256
Assets 2
Loading