Visible to Intel only — GUID: GUID-40763F37-0510-4D0F-B9EA-D6AE97B4AC13
Introducing Intel® Cryptography Primitives Library
Getting Help and Support
Notational Conventions
Getting Started with Intel® Cryptography Primitives Library
Theory of Operation
Linking Your Application with Intel® Cryptography Primitives Library
Using Custom Library Tool for Intel® Cryptography Primitives Library
Programming with Intel® Cryptography Primitives Library in the Microsoft* Visual Studio* IDE
Performance Test Tool (perfsys) Command Line Options
Preview Features
Intel® Cryptography Primitives Library API Reference
Notices and Disclaimers
Related Products
Overview
Symmetric Cryptography Primitive Functions
One-Way Hash Primitives
Data Authentication Primitive Functions
Public Key Cryptography Functions
Finite Field Arithmetic
Mitigation for Frequency Throttling Side-Channel Attack
Multi-buffer Cryptography Functions
Support Functions and Classes
Deprecated Functions
Bibliography
AESGetSize
AESInit
AESSetKey
AESPack, AESUnpack
AESEncryptECB
AESDecryptECB
AESEncryptCBC
AESDecryptCBC
AESEncryptCBC_CS
AESDecryptCBC_CS
AESEncryptCFB
AES_EncryptCFB16_MB
AESDecryptCFB
AESEncryptOFB
AESDecryptOFB
AESEncryptCTR
AESDecryptCTR
AESEncryptXTS_Direct, AESDecryptXTS_Direct
Example of Using AES Functions
RSA_GetSizePublicKey, RSA_GetSizePrivateKeyType1, RSA_GetSizePrivateKeyType2
RSA_InitPublicKey, RSA_InitPrivateKeyType1, RSA_InitPrivateKeyType2
RSA_SetPublicKey, RSA_SetPrivateKeyType1, RSA_SetPrivateKeyType2
RSA_GetPublicKey, RSA_GetPrivateKeyType1, RSA_GetPrivateKeyType2
RSA_GetBufferSizePublicKey, RSA_GetBufferSizePrivateKey
RSA_MB_GetBufferSizePublicKey, RSA_MB_GetBufferSizePrivateKey
RSA_GenerateKeys
RSA_ValidateKeys
DLPGetSize
DLPInit
DLPPack, DLPUnpack
DLPSet
DLPGet
DLPSetDP
DLPGetDP
DLPGenKeyPair
DLPPublicKey
DLPValidateKeyPair
DLPSetKeyPair
DLPGenerateDSA
DLPValidateDSA
DLPSignDSA
DLPVerifyDSA
Example of Using Discrete-logarithm Based Primitive Functions
DLPGenerateDH
DLPValidateDH
DLPSharedSecretDH
DLGetResultString
GFpECESGetSize_SM2
GFpECESInit_SM2
GFpECESSetKey_SM2
GFpECESStart_SM2
GFpECESEncrypt_SM2
GFpECESDecrypt_SM2
GFpECESFinal_SM2
GFpECESGetBufferSize_SM2
GFpECEncryptSM2_Ext_EncMsgSize
GFpECDecryptSM2_Ext_DecMsgSize
GFpECEncryptSM2_Ext
GFpECDecryptSM2_Ext
GFpECMessageRepresentationSM2
GFpECUserIDHashSM2
GFpECKeyExchangeSM2_GetSize
GFpECKeyExchangeSM2_Init
GFpECKeyExchangeSM2_Setup
GFpECKeyExchangeSM2_SharedKey
GFpECKeyExchangeSM2_Confirm
GFpECGetSize
GFpECInit
GFpECSet
GFpECSetSubgroup
GFpECInitStd
GFpECGet
GFpECGetSubgroup
GFpECScratchBufferSize
GFpECVerify
GFpECPointGetSize
GFpECPointInit
GFpECSetPointAtInfinity
GFpECSetPoint, GFpECSetPointREgular
GFpECSetPointOctString
GFpECSetPointRandom
GFpECMakePoint
GFpECSetPointHash, GFpECSetPointHashBackCompatible, GFpECSetPointHash_rmf, GFpECSetPointHashBackCompatible_rmf
GFpECGetPoint , GFpECGetPointRegular
GFpECGetPointOctString
GFpECTstPoint
GFpECTstPointInSubgroup
GFpECCpyPoint
GFpECCmpPoint
GFpECNegPoint
GFpECAddPoint
GFpECMulPoint
GFpECPrivateKey, GFpECPublicKey, GFpECTstKeyPair
GFpECPublicKey
GFpECTstKeyPair
GFpECPSharedSecretDH, GFpECPSharedSecretDHC
GFpECSharedSecretDHC
GFpECPSignDSA, GFpECPSignNR, GFpECPSignSM2
GFpECPVerifyDSA, GFpECPVerifyNR, GFpECPVerifySM2
GFpECSignNR
GFpECVerifyNR
GFpECSignSM2
GFpECVerifySM2
GFpInit
GFpMethod
GFpGetSize
GFpxInitBinomial
GFpxInit
GFpxMethod
GFpxGetSize
GFpScratchBufferSize
GFpElementGetSize
GFpElementInit
GFpSetElement
GFpSetElementOctString
GFpSetElementRandom
GFpSetElementHash
GFpCpyElement
GFpGetElement
GFpGetElementOctString
GFpCmpElement
GFpIsZeroElement
GFpIsUnityElement
GFpConj
GFpNeg
GFpInv
GFpSqrt
GFpAdd
GFpSub
GFpMul
GFpSqr
GFpExp
GFpMultiExp
GFpAdd_PE
GFpSub_PE
GFpMul_PE
RSA Algorithm Functions (MBX)
NIST Recommended Elliptic Curve Functions
Montgomery Curve25519 Elliptic Curve Functions
Edwards Curve25519 Elliptic Curve Functions
SM2 Elliptic Curve Functions
SM3 Hash Functions
SM4 Algorithm Functions
SM4 XTS Algorithm Functions
SM4 CCM Algorithm Functions
SM4 GCM Algorithm Functions
Modular Exponentiation
Visible to Intel only — GUID: GUID-40763F37-0510-4D0F-B9EA-D6AE97B4AC13
Security Validation of Library Functions
Most of Intel® Cryptography Primitives Library functions use secret data, such as keys, directly. For example, AES functions convert an input secret key into key schedule, which is used by all the cipher modes. The secret data might leak when code processes various secrets with the different executed instructions sequences or memory access patterns.
The difference in code behavior can be observed, analyzed, and, as a result, several bits or the whole secret can be determined. It means the code does not match the constant execution time (CET) design.
To check that the library matches the CET design, a special PINCER (Pin Certification) test suite is used. The PINCER test suite is based on Intel’s dynamic binary instrumentation tool - Pin (see https://www.intel.com/content/www/us/en/developer/articles/tool/pin-a-dynamic-binary-instrumentation-tool.html) and includes a set of tests, where each test is responsible for one separate library function.
The PINCER test runs the validated library function several times with different inputs and collects two kinds of traces:
IP (Instruction Pointer) trace, which contains executed instructions addresses
Memory access trace, which contains memory access addresses and read/write instructions
The function complies with the CET design if collected traces are identical. Otherwise, it does not meet the CET requirements.
Currently, PINCER tests are running on 64-bit Linux architecture and cover a limited list of library functions. The tables below present library functions covered by PINCER tests and their validation status.
Function Name |
Status |
|---|---|
ippsAESSetKey |
passed |
ippsAES{Encrypt/Decrypt}ECB |
passed |
ippsAES{Encrypt/Decrypt}CBC |
passed |
ippsAES{Encrypt/Decrypt}CBC_SC1 |
passed |
ippsAES{Encrypt/Decrypt}CBC_SC2 |
passed |
ippsAES{Encrypt/Decrypt}CBC_SC3 |
passed |
ippsAES{Encrypt/Decrypt}CFB |
passed |
ippsAES{Encrypt/Decrypt}OFB |
passed |
ippsAES{Encrypt/Decrypt}CTR |
passed |
ippsAES{Encrypt/Decrypt}XTS_Direct |
passed |
ippsAES_XTS{Encrypt/Decrypt} |
passed |
ippsAES_GCM{Start/Encrypt/Decrypt} |
passed |
ippsAES_SIV{Encrypt/Decrypt} |
passed |
ippsAES_S2V_CMAC |
passed |
ippsAES_CCM{Encrypt/Decrypt} |
passed |
ippsAES_CMAC{Update/Final} |
passed |
Function Name |
Status |
|---|---|
ippsSMS4SetKey |
passed |
ippsSMS4{Encrypt/Decrypt}ECB |
passed |
ippsSMS4{Encrypt/Decrypt}CBC |
passed |
ippsSMS4{Encrypt/Decrypt}CBC_SC1 |
passed |
ippsSMS4{Encrypt/Decrypt}CBC_SC2 |
passed |
ippsSMS4{Encrypt/Decrypt}CBC_SC3 |
passed |
ippsSMS4{Encrypt/Decrypt}CFB |
passed |
ippsSMS4{Encrypt/Decrypt}OFB |
passed |
ippsSMS4{Encrypt/Decrypt}CTR |
passed |
ippsSMS4_CCM{Encrypt/Decrypt} |
passed |
Function Name |
Status |
|---|---|
ippsHMACInit_rmf |
passed |
Function Name |
Status |
|---|---|
ippsRSA_Decrypt |
passed |
ippsRSADecrypt_OAEP |
passed |
ippsRSADecrypt_OAEP_rmf |
passed |
ipsRSASign_PSS |
passed |
ipsRSASign_PSS_rmf |
passed |
ipsRSASign_PKCS1v15 |
passed |
ipsRSASign_PKCS1v15_rmf |
passed |
ippsRSA_MB_Decrypt |
passed |
Function Name |
Status |
|---|---|
ippsDLPPublicKey |
passed |
ippsDLPSharedSecretDH |
passed |
ippsDLPSignDSA |
passed |
Function Name |
Status |
|---|---|
ippsGFpAdd |
passed |
ippsGFpAdd_PE |
passed |
ippsGFpMul |
passed |
ippsGFpMul_PE |
passed |
ippsGFpSub |
passed |
ippsGFpSub_PE |
passed |
ippsGFpConj |
passed |
ippsGFpNeg |
passed |
ippsGFpSqr |
passed |
ippsGFpExp |
passed |
ippsGFpMultiExp |
passed |
ippsGFpSqrt |
failed |
ippsGFpInv |
passed |
Function Name |
Status |
|---|---|
ippsGFpECAddPoint |
passed |
ippsGFpECNegPoint |
passed |
ippsGFpECMulPoint |
passed |
ippsGFpECPublicKey |
passed |
ippsGFpECSharedSecretDH{C} |
passed |
ippsGFpECSignDSA |
passed |
ippsGFpECSignNR |
passed |
ippsGFpSignSM2 |
passed |
ippsGFpECES{Start/Final}_SM2 |
passed |
ippsGFpECES{Encrypr/Decrypt}_SM2 |
passed |