Visible to Intel only — GUID: GUID-92B02F47-A35C-4D4E-A7F7-52B0CE97CE4D
Introducing Intel® Cryptography Primitives Library
Getting Help and Support
Notational Conventions
Getting Started with Intel® Cryptography Primitives Library
Theory of Operation
Linking Your Application with Intel® Cryptography Primitives Library
Using Custom Library Tool for Intel® Cryptography Primitives Library
Programming with Intel® Cryptography Primitives Library in the Microsoft* Visual Studio* IDE
Performance Test Tool (perfsys) Command Line Options
Preview Features
Intel® Cryptography Primitives Library API Reference
Notices and Disclaimers
Related Products
Overview
Symmetric Cryptography Primitive Functions
One-Way Hash Primitives
Data Authentication Primitive Functions
Public Key Cryptography Functions
Finite Field Arithmetic
Mitigation for Frequency Throttling Side-Channel Attack
Multi-buffer Cryptography Functions
Support Functions and Classes
Deprecated Functions
Bibliography
AESGetSize
AESInit
AESSetKey
AESPack, AESUnpack
AESEncryptECB
AESDecryptECB
AESEncryptCBC
AESDecryptCBC
AESEncryptCBC_CS
AESDecryptCBC_CS
AESEncryptCFB
AES_EncryptCFB16_MB
AESDecryptCFB
AESEncryptOFB
AESDecryptOFB
AESEncryptCTR
AESDecryptCTR
AESEncryptXTS_Direct, AESDecryptXTS_Direct
Example of Using AES Functions
RSA_GetSizePublicKey, RSA_GetSizePrivateKeyType1, RSA_GetSizePrivateKeyType2
RSA_InitPublicKey, RSA_InitPrivateKeyType1, RSA_InitPrivateKeyType2
RSA_SetPublicKey, RSA_SetPrivateKeyType1, RSA_SetPrivateKeyType2
RSA_GetPublicKey, RSA_GetPrivateKeyType1, RSA_GetPrivateKeyType2
RSA_GetBufferSizePublicKey, RSA_GetBufferSizePrivateKey
RSA_MB_GetBufferSizePublicKey, RSA_MB_GetBufferSizePrivateKey
RSA_GenerateKeys
RSA_ValidateKeys
DLPGetSize
DLPInit
DLPPack, DLPUnpack
DLPSet
DLPGet
DLPSetDP
DLPGetDP
DLPGenKeyPair
DLPPublicKey
DLPValidateKeyPair
DLPSetKeyPair
DLPGenerateDSA
DLPValidateDSA
DLPSignDSA
DLPVerifyDSA
Example of Using Discrete-logarithm Based Primitive Functions
DLPGenerateDH
DLPValidateDH
DLPSharedSecretDH
DLGetResultString
GFpECESGetSize_SM2
GFpECESInit_SM2
GFpECESSetKey_SM2
GFpECESStart_SM2
GFpECESEncrypt_SM2
GFpECESDecrypt_SM2
GFpECESFinal_SM2
GFpECESGetBufferSize_SM2
GFpECEncryptSM2_Ext_EncMsgSize
GFpECDecryptSM2_Ext_DecMsgSize
GFpECEncryptSM2_Ext
GFpECDecryptSM2_Ext
GFpECMessageRepresentationSM2
GFpECUserIDHashSM2
GFpECKeyExchangeSM2_GetSize
GFpECKeyExchangeSM2_Init
GFpECKeyExchangeSM2_Setup
GFpECKeyExchangeSM2_SharedKey
GFpECKeyExchangeSM2_Confirm
GFpECGetSize
GFpECInit
GFpECSet
GFpECSetSubgroup
GFpECInitStd
GFpECGet
GFpECGetSubgroup
GFpECScratchBufferSize
GFpECVerify
GFpECPointGetSize
GFpECPointInit
GFpECSetPointAtInfinity
GFpECSetPoint, GFpECSetPointREgular
GFpECSetPointOctString
GFpECSetPointRandom
GFpECMakePoint
GFpECSetPointHash, GFpECSetPointHashBackCompatible, GFpECSetPointHash_rmf, GFpECSetPointHashBackCompatible_rmf
GFpECGetPoint , GFpECGetPointRegular
GFpECGetPointOctString
GFpECTstPoint
GFpECTstPointInSubgroup
GFpECCpyPoint
GFpECCmpPoint
GFpECNegPoint
GFpECAddPoint
GFpECMulPoint
GFpECPrivateKey, GFpECPublicKey, GFpECTstKeyPair
GFpECPublicKey
GFpECTstKeyPair
GFpECPSharedSecretDH, GFpECPSharedSecretDHC
GFpECSharedSecretDHC
GFpECPSignDSA, GFpECPSignNR, GFpECPSignSM2
GFpECPVerifyDSA, GFpECPVerifyNR, GFpECPVerifySM2
GFpECSignNR
GFpECVerifyNR
GFpECSignSM2
GFpECVerifySM2
GFpInit
GFpMethod
GFpGetSize
GFpxInitBinomial
GFpxInit
GFpxMethod
GFpxGetSize
GFpScratchBufferSize
GFpElementGetSize
GFpElementInit
GFpSetElement
GFpSetElementOctString
GFpSetElementRandom
GFpSetElementHash
GFpCpyElement
GFpGetElement
GFpGetElementOctString
GFpCmpElement
GFpIsZeroElement
GFpIsUnityElement
GFpConj
GFpNeg
GFpInv
GFpSqrt
GFpAdd
GFpSub
GFpMul
GFpSqr
GFpExp
GFpMultiExp
GFpAdd_PE
GFpSub_PE
GFpMul_PE
RSA Algorithm Functions (MBX)
NIST Recommended Elliptic Curve Functions
Montgomery Curve25519 Elliptic Curve Functions
Edwards Curve25519 Elliptic Curve Functions
SM2 Elliptic Curve Functions
SM3 Hash Functions
SM4 Algorithm Functions
SM4 XTS Algorithm Functions
SM4 CCM Algorithm Functions
SM4 GCM Algorithm Functions
Modular Exponentiation
Visible to Intel only — GUID: GUID-92B02F47-A35C-4D4E-A7F7-52B0CE97CE4D
TDES Functions
NOTE:
The TDES algorithm is considered weak due to known attacks on it. The functionality remains in the library, but the implementation will no longer be optimized and no security patches will be applied. A more secure alternative is available: AES. For more information, see Transitioning the Use of Cryptographic Algorithms and Key Lengths (https://csrc.nist.gov/CSRC/media/Publications/sp/800-131a/rev-2/draft/documents/sp800-131Ar2-draft.pdf), Update to Current Use and Deprecation of TDEA (https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA), Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN.
The Triple Data Encryption Algorithm (TDEA) is a revised symmetric algorithm scheme built on the Data Encryption Standard (DES) system. The Triple DES (TDES) encryption process includes three consecutive DES operations in the encryption, decryption, and encryption (E-D-E) sequence again in accordance with the American standard FIPS 46-3. While AES (Rijndael) is preferred, TDEA is an approved cipher. Use implementations of AES where possible. In cases where using AES is impossible or inconvenient, use TDES functions.
Although the functions that support TDES operations require three sets of round keys, the functions can operate under TDES cipher system with a two-set round keys by simply setting the third set of round keys to be the same as the first set.
You can use the functions described in this section for performing various operational modes under the TDES cipher systems.
NOTE:
Intel® Cryptography Primitives Library functions do not allocate memory internally. The GetSize function does not require allocated memory. You need to call the GetSize function to find out how much available memory you need to have to work with the selected algorithm and after that you call the initialization function to create a memory buffer and initialize it.
Intel® Cryptography Primitives Library supports ECB, CBC, CFB, and CTR modes. You can tell which algorithm a given function supports from the function base name, for example, the TDESEncryptECB function operates under the ECB mode.
The encryption function TDESEncryptCBC operates under the CBC mode using its cipher scheme and requires to have an initialization vector iv. Since there are a number of ways to initialize the initialization vector iv, you should remember which of them you used to be able to decrypt the message when needed.
The encryption function TDESEncryptCFB operates under the CFB mode using its cipher scheme and requires having the initialization vector pIV and CFB block size cfbBlkSize.
All functions described in this section use the context IppsDESSpec to serve as an operational vehicle that carries a set of round keys.
Application code for conducting a typical encryption under CBC mode using the TDES scheme must perform the following sequence of operations:
Get the size required to configure the context IppsDESSpec by calling the function DESGetSize.
Call operating system memory allocation service function to allocate three buffers whose sizes are not less than the one specified by the function DESGetSize. Initialize pointers to contexts pCtx1, pCtx2, and pCtx3 by calling the function DESInit three times, each with the allocated buffer and the respective DES key.
Specify the initialization vector and then call the function TDESEncryptCBC to encrypt the input data stream under CBC mode using TDES scheme.
Clean up secret data stored in the contexts.
Free the memory allocated to the buffer once TDES encryption under the CBC mode has been completed and the data structures allocated for set of round keys are no longer required.
NOTE:
Similar procedure can be applied for ECB, CFB, and CTR mode operation.
The IppsDESSpec context is position-dependent. The DESPack/DESUnpack functions transform the position-dependent context to a position-independent form and vice versa.
Related Information