Visible to Intel only — GUID: GUID-26DD7C3C-C58B-4FB4-AD7A-587FD06DE460
Introducing Intel® Integrated Performance Primitives Cryptography
Getting Help and Support
Notational Conventions
Getting Started with Intel® Integrated Performance Primitives Cryptography
Theory of Operation
Linking Your Application with Intel® Integrated Performance Primitives Cryptography
Using Custom Library Tool for Intel® Integrated Performance Primitives
Programming with Intel® Integrated Performance Primitives Cryptography in the Microsoft* Visual Studio* IDE
Performance Test Tool (perfsys) Command Line Options
Threading and OpenMP* Support
Preview Features
Intel® Integrated Performance Primitives Cryptography API Reference
Notices and Disclaimers
Related Products
Overview
Symmetric Cryptography Primitive Functions
One-Way Hash Primitives
Data Authentication Primitive Functions
Public Key Cryptography Functions
Finite Field Arithmetic
Mitigation for Frequency Throttling Side-Channel Attack
Multi-buffer Cryptography Functions
Support Functions and Classes
Removed Functions
Bibliography
AESGetSize
AESInit
AESSetKey
AESPack, AESUnpack
AESEncryptECB
AESDecryptECB
AESEncryptCBC
AESDecryptCBC
AESEncryptCBC_CS
AESDecryptCBC_CS
AESEncryptCFB
AES_EncryptCFB16_MB
AESDecryptCFB
AESEncryptOFB
AESDecryptOFB
AESEncryptCTR
AESDecryptCTR
AESEncryptXTS_Direct, AESDecryptXTS_Direct
Syntax
Include Files
Parameters
Description
Return Values
Example of Using AES Functions
HashGetSize
HashInit
HashPack, HashUnpack
HashDuplicate
HashUpdate
HashFinal
HashGetTag
HashMethod
HashMethodSet
HashStateMethodSet
HashMethodGetSize
SM3GetSize
SM3Init
SM3Pack, SM3Unpack
SM3Duplicate
SM3Update
SM3Final
SM3GetTag
MD5GetSize
MD5Init
MD5Pack, MD5Unpack
MD5Duplicate
MD5Update
MD5Final
MD5GetTag
SHA1GetSize
SHA1Init
SHA1Pack, SHA1Unpack
SHA1Duplicate
SHA1Update
SHA1Final
SHA1GetTag
SHA224GetSize
SHA224Init
SHA224Pack, SHA224Unpack
SHA224Duplicate
SHA224Update
SHA224Final
SHA224GetTag
SHA256GetSize
SHA256Init
SHA256Pack, SHA256Unpack
SHA256Duplicate
SHA256Update
SHA256Final
SHA256GetTag
SHA384GetSize
SHA384Init
SHA384Pack, SHA384Unpack
SHA384Duplicate
SHA384Update
SHA384Final
SHA384GetTag
SHA512GetSize
SHA512Init
SHA512Pack, SHA512Unpack
SHA512Duplicate
SHA512Update
SHA512Final
SHA512GetTag
RSA_GetSizePublicKey, RSA_GetSizePrivateKeyType1, RSA_GetSizePrivateKeyType2
RSA_InitPublicKey, RSA_InitPrivateKeyType1, RSA_InitPrivateKeyType2
RSA_SetPublicKey, RSA_SetPrivateKeyType1, RSA_SetPrivateKeyType2
RSA_GetPublicKey, RSA_GetPrivateKeyType1, RSA_GetPrivateKeyType2
RSA_GetBufferSizePublicKey, RSA_GetBufferSizePrivateKey
RSA_MB_GetBufferSizePublicKey, RSA_MB_GetBufferSizePrivateKey
RSA_GenerateKeys
RSA_ValidateKeys
DLPGetSize
DLPInit
DLPPack, DLPUnpack
DLPSet
DLPGet
DLPSetDP
DLPGetDP
DLPGenKeyPair
DLPPublicKey
DLPValidateKeyPair
DLPSetKeyPair
DLPGenerateDSA
DLPValidateDSA
DLPSignDSA
DLPVerifyDSA
Example of Using Discrete-logarithm Based Primitive Functions
DLPGenerateDH
DLPValidateDH
DLPSharedSecretDH
DLGetResultString
ECCPGetSize
ECCPGetSizeStd
ECCPInit
ECCPInitStd
ECCPBindGxyTblStd
ECCPSet
ECCPSetStd
ECCPGet
ECCPGetOrderBitSize
ECCPValidate
ECCPPointGetSize
ECCPPointInit
ECCPSetPoint
ECCPSetPointAtInfinity
ECCPGetPoint
ECCPCheckPoint
ECCPComparePoint
ECCPNegativePoint
ECCPAddPoint
ECCPMulPointScalar
ECCPGenKeyPair
ECCPPublicKey
ECCPValidateKeyPair
ECCPSetKeyPair
ECCPSharedSecretDH
ECCPSharedSecretDHC
ECCPSignDSA
ECCPVerifyDSA
ECCPSignNR
ECCPVerifyNR
ECCPSignSM2
ECCPVerifySM2
Signing/Verification Using the Elliptic Curve Cryptography Functions over a Prime Finite Field
GFpECESGetSize_SM2
GFpECESInit_SM2
GFpECESSetKey_SM2
GFpECESStart_SM2
GFpECESEncrypt_SM2
GFpECESDecrypt_SM2
GFpECESFinal_SM2
GFpECESGetBufferSize_SM2
GFpECEncryptSM2_Ext_EncMsgSize
GFpECDecryptSM2_Ext_DecMsgSize
GFpECEncryptSM2_Ext
GFpECDecryptSM2_Ext
GFpECMessageRepresentationSM2
GFpECUserIDHashSM2
GFpECKeyExchangeSM2_GetSize
GFpECKeyExchangeSM2_Init
GFpECKeyExchangeSM2_Setup
GFpECKeyExchangeSM2_SharedKey
GFpECKeyExchangeSM2_Confirm
GFpECGetSize
GFpECInit
GFpECSet
GFpECSetSubgroup
GFpECInitStd
GFpECGet
GFpECGetSubgroup
GFpECScratchBufferSize
GFpECVerify
GFpECPointGetSize
GFpECPointInit
GFpECSetPointAtInfinity
GFpECSetPoint, GFpECSetPointREgular
GFpECSetPointOctString
GFpECSetPointRandom
GFpECMakePoint
GFpECSetPointHash, GFpECSetPointHashBackCompatible, GFpECSetPointHash_rmf, GFpECSetPointHashBackCompatible_rmf
GFpECGetPoint , GFpECGetPointRegular
GFpECGetPointOctString
GFpECTstPoint
GFpECTstPointInSubgroup
GFpECCpyPoint
GFpECCmpPoint
GFpECNegPoint
GFpECAddPoint
GFpECMulPoint
GFpECPrivateKey, GFpECPublicKey, GFpECTstKeyPair
GFpECPublicKey
GFpECTstKeyPair
GFpECPSharedSecretDH, GFpECPSharedSecretDHC
GFpECSharedSecretDHC
GFpECPSignDSA, GFpECPSignNR, GFpECPSignSM2
GFpECPVerifyDSA, GFpECPVerifyNR, GFpECPVerifySM2
GFpECSignNR
GFpECVerifyNR
GFpECSignSM2
GFpECVerifySM2
GFpInit
GFpMethod
GFpGetSize
GFpxInitBinomial
GFpxInit
GFpxMethod
GFpxGetSize
GFpScratchBufferSize
GFpElementGetSize
GFpElementInit
GFpSetElement
GFpSetElementOctString
GFpSetElementRandom
GFpSetElementHash
GFpCpyElement
GFpGetElement
GFpGetElementOctString
GFpCmpElement
GFpIsZeroElement
GFpIsUnityElement
GFpConj
GFpNeg
GFpInv
GFpSqrt
GFpAdd
GFpSub
GFpMul
GFpSqr
GFpExp
GFpMultiExp
GFpAdd_PE
GFpSub_PE
GFpMul_PE
RSA Algorithm Functions (MBX)
NIST Recommended Elliptic Curve Functions
Montgomery Curve25519 Elliptic Curve Functions
Edwards Curve25519 Elliptic Curve Functions
SM2 Elliptic Curve Functions
SM3 Hash Functions
SM4 Algorithm Functions
SM4 XTS Algorithm Functions
SM4 CCM Algorithm Functions
SM4 GCM Algorithm Functions
Modular Exponentiation
Visible to Intel only — GUID: GUID-26DD7C3C-C58B-4FB4-AD7A-587FD06DE460
AESEncryptXTS_Direct, AESDecryptXTS_Direct
Encrypts/decrypts a data buffer in the XTS mode.
Syntax
IppStatus ippsAESEncryptXTS_Direct(const Ipp8u* pSrc, Ipp8u* pDst, int encBitSize, int aesBlkNo, const Ipp8u* pTweakPT, const Ipp8u* pKey, int keyBitSize, int dataUnitBitSize);
IppStatus ippsAESDecryptXTS_Direct(const Ipp8u* pSrc, Ipp8u* pDst, int encBitSize, int aesBlkNo, const Ipp8u* pTweakPT, const Ipp8u* pKey, int keyBitSize, int dataUnitBitSize);
Include Files
ippcp.h
Parameters
pSrc |
Pointer to the input (plain- or cipher-text) data buffer. |
pDst |
Pointer to the output (cipher- or plain-text) data buffer. |
encBitSize |
Length of the input data being encrypted or decrypted, in bits. The output data length is equal to the input data length. |
aesBlkNo |
The sequential number of the first plain- or cipher-text block for operation inside the data unit. |
pTweakPT |
Pointer to the little-endian 16-byte array that contains the tweak value assigned to the data unit being encrypted/decrypted. |
pKey |
Pointer to the XTS-AES key. |
keyBitSize |
Size of the XTS-AES key, in bits. |
dataUnitBitSize |
Size of the data unit, in bits. |
Description
These functions encrypt or decrypt the inputdata according to the XTS-AES mode IEEE P1619 of the AES blockcipher. The XTS-AES tweakable block cipher can be used forencryption/decryption of sector-based storage. The XTS-AESalgorithm acts on a single data unit or a sectionwithin the data unit and uses AES as the internal cipher. Thelength of the data unit must be 128 bits or more. The data unit isconsidered as partitioned into m+1 blocks:
T = T[0] | T[1] | … |T[m-2] | T[m-1] |T[m]
where
m = ceil(dataUnitBitLen/128)
the first m blocks T[0], T[1], …,T[m-1] areexactly 128 bits long
the last block T[m] is between 0 and 127 bits long(it could be empty, for example, 0 bits long)
The cipher processes thefirst (m-1) blocks T[0], T[1], …, T[m-2] independently of each other. If the last block T[m]is empty, then the block T[m-1] is processed independently too. However, if the last block T[m]is not empty, the cipherprocesses the blocks T[m-1] and T[m] together using a ciphertextstealing mechanism. See IEEE P1619 for details.
With the Intel® IPP Cryptography implementation of XTS-AES, you can select a sequence of adjacent data blocks(section) within the data unit for processing. The section youselect is specified by the aesBlkNo andencBitSize parameters.
The ciphertext stealing mechanism constrainspossible section selections. If the last block T[m] of the dataunit is not empty, the section you select must contain either bothT[m-1] and T[m] or neither of them. Therefore,consider encBitSize, aesBlkNo, and dataUnitBitSize all together when making a function call. The following figure shows valid selections of a section within the data unit:
The XTS-AES block cipher uses tweak values to ensure that each data unit isprocessed differently. A tweak value is a 128-bit integer thatrepresents the logical position of the data unit. The tweak valuesare assigned to the data units consecutively, starting from anarbitrary non-negative integer. Before calling the function, convert the tweak valueinto a 16-byte little-endian array. Forexample, the tweak value 0x123456789A corresponds to the bytearray
Ipp8u twkArray[16] = {0x9A, 0x78, 0x56, 0x34, 0x12, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}.The key for XTS-AES is parsed as aconcatenation of two fields of equal size, called data key and tweak key, so that key = data key|tweakkey.
where
data key is used for dataencryption/decryption
tweak key is used forencryption of the tweak value
The standard allows only AES128 and AES256keys.
Refer to IEEE P1619 for more details.
Return Values
ippStsNoErr |
Indicates no error. Any other value indicates an error or warning. |
ippStsNullPtrErr |
Indicates an error when any of the specified pointers is NULL. |
ippsStsLengthErr |
Indicates an error condition when: dataUnitBitsize < 128 or keyBitsize != 256 or 512 |
ippStsBadArgErr |
aesBlkNo >= dataUnitBitsize/IPP_AES_BLOCK_BITSIZE or aesBlkNo < 0 |
ippsStsBadArgErr |
Indicates an error when: |