Intel® Cryptography Primitives Library
Secure, fast, lightweight building blocks for cryptography, optimized for Intel® CPUs.
Develop highly performant and secure applications using our open-source software library.
Federal Information Processing Standards (FIPS)
FIPS is developed and managed by the National Institute of Standards and Technology (NIST) together with the Canadian Communications Security Establishment (CSE).
FIPS 140 provides the standard ensuring the security of cryptographic modules.
- FIPS 140-2: Minimum security requirements for cryptographic modules in information technology products, as defined in Section 5131 of the Information Technology Management Reform Act of 1996.
- FIPS 140-3: Alignment with ISO/IEC 19790:2012. It regulates vendor evidence and testing for validation authority.
- FIPS 140-3 defines four security levels (from level 1, the easiest, to level 4, the most stringent). Software may be certified at up to level 2.
Categories covered: specification; ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference (EMI), electromagnetic compatibility (EMC); self-tests; design assurance; and mitigation of other attacks.
FIPS Certified versus FIPS Compliant
The NIST Information Technology Laboratory operates a program that validates the FIPS-approved cryptographic algorithms in a module:
- Cryptographic Module Validation Program (CVMP) – Certification
- Cryptographic Algorithm Validation Program (CAVP) – Compliance
The Intel® Cryptography Primitives Library provides FIPS-mode API building blocks (such as self-tests and FIPS-approved functionality status query), which can help the end users to fulfill FIPS level 1 requirements.
The Intel Cryptography Primitives Library FIPS Documentation on GitHub provides insight into the implementation and support details.
- For the full list of FIPS-Approved APIs covered by the self-tests, refer to the Covered Algorithms section.
- For CAVP testing results, refer to the Certification chapter.
Check out the details of FIPS support with Intel Cryptography Primitives Library:
National Institute of Standards and Technology
The Intel Cryptography Primitives Library Is FIPS Compliant
Intel Cryptography Primitives Library releases have Cryptographic Algorithm Validation Program (CAVP) testing and certification done but do not have a full Cryptographic Module Validation Program certificate since the context of using its algorithms depends on the higher-level, end-user application.
For more information, see:
- FIPS Documentation for your application's Level 1 Specific Requirements
- Build Instructions
Figure 1. FIPS Cryptography API Flowchart
- Intel Cryptography Primitives Library uses special structures (Spec and States) to store context information and provides service functions to work with context (for example, initialization).
- Cryptographic Algorithms API (both FIPS compliant and not FIPS compliant).
- FIPS self-tests the API and service to query if the algorithm is FIPS compliant.
- Version information, dispatcher control.
- Chooses the optimal code path depending on hardware features and application settings (through the Dispatcher control API).
- The algorithms may have multiple code branches for different hardware architectures, and different compilation flags may be used to achieve better performance.
Get Help
Intel Support
Your success is our success. Access these support resources when you need assistance.
How to Contribute
We welcome community contributions to Intel Cryptography Primitives Library.
If you have an idea of how to improve the product:
- Review the contribution rules.
- Send your proposal directly using a pull request.