Intel(R) Integrated Performance Primitives Cryptography 2021.11.0

.gitignore

@@ -14,6 +14,12 @@
 .idea
 __pycache__/
 
+_build
+.vscode
+doc/source/nocp-parameters.xml
+nocp-parameters.xml
+
+
 # temporary files if a process still has a handle open of a deleted file
 .fuse_hidden*
 
@@ -31,3 +37,4 @@ Thumbs.db:encryptable
 ehthumbs.db
 ehthumbs_vista.db
 *.lnk
+

BUILD.md

@@ -25,15 +25,14 @@
 - [CMake\*](https://cmake.org/download) 3.18 or higher
 - Python 3.8.1
 - The Netwide Assembler (NASM) 2.15
-- OpenSSL\* 3.0.8 or higher
+- OpenSSL\* 3.0.8 or higher **OR** BoringSSL* [45cf810d](https://github.com/google/boringssl/archive/45cf810dbdbd767f09f8cb0b0fcccd342c39041f.tar.gz) **OR** Tongsuo* 8.2.1
+
 
 ### Linux* OS
 - [Common tools](#common-tools)
 - Intel® C++ Compiler Classic 2021.9 for Linux\* OS
-- GCC 8.3
-- GCC 9.1
-- GCC 10.1
-- GCC 11.1
+- GCC 8.5
+- GCC 11.4
 - Clang 9.0
 - Clang 12.0
 - GNU binutils 2.32
@@ -217,6 +216,8 @@ To build the Intel IPP Cryptography library on macOS\*, complete the following s
 
     - Example for Linux\* OS and the Intel® 64 architecture:
         `-DPLATFORM_LIST="w7;n8;y8;e9;l9;k0"`
+- `-DNO_CRYPTO_MB:BOOL=TRUE` - optional, turns off the build of [Crypto Multi Buffer library](./sources/ippcp/crypto_mb/Readme.md) and, as a consequence, removes all dependencies on OpenSSL library.
+- `-DBABASSL:BOOL=on`, `-DBORINGSSL:BOOL=on` - required only if forks of OpenSSL library are used to resolve OpenSSL dependencies - Tongsuo and BoringSSL respectively. These flags make sense when [Crypto Multi Buffer library](./sources/ippcp/crypto_mb/Readme.md) is built.
 - `-DIPPCP_CUSTOM_BUILD="<CPU features list>"` - optional, works only if `-DMERGED_BLD:BOOL=off` is set, i.e. only for 1CPU libraries. Enables the CPU feature dispatching mask at compile-time based on the provided list.
 
    - Currently supported by the library custom features dispatching:

CHANGELOG.md

@@ -2,6 +2,9 @@
 
 This is a list of notable changes to Intel(R) IPP Cryptography, in reverse chronological order.
 
+## Intel(R) IPP Cryptography 2021.11
+- Minimal supported BoringSSL version was increased to [45cf810d](https://github.com/google/boringssl/archive/45cf810dbdbd767f09f8cb0b0fcccd342c39041f.tar.gz) tag.
+
 ## Intel(R) IPP Cryptography 2021.10
 - Added the verification part of eXtended Merkle Signature Scheme (XMSS) algorithm.
 - Added FIPS-compliance mode for the library. More information can be found in the [Intel(R) IPP Cryptography FIPS Guide](./README_FIPS.md).

CONST_TIME_EXECUTION_TESTING.md

@@ -5,18 +5,10 @@
 - [Scope for crypto_mb library](#cryptomb)
 
 ## General information <div id = 'general'>
-- Testing is conducted under Linux for 64-bit Intel® IPP Cryptography built with the following compilers:
-  -  Intel® C++ Compiler 19.1
-  -  Intel® C++ Compiler Classic 2021.9
-  -  GCC 8.3 
-  -  GCC 9.1 
-  -  GCC 10.1 
-  -  GCC 11.1
-  -  Clang 9.0 
-  -  Clang 12.0 
+- Testing is conducted under Linux for 64-bit Intel® IPP Cryptography built with the compilers listed in [Build](./BUILD.md).
 - Tested platforms: w7, n8, y8, e9, l9, k0 (see the supported platforms list [here](./OVERVIEW.md#target-optimization-codes-in-function-names)).
 - Testing scope described below is guaranteed to pass for **`release`** branches. This is not guaranteed for the **`develop`** branch ([branches description](./OVERVIEW.md#branches-description))
-- Information about Pin-Based Constant Execution Checker can be found [here](https://github.com/intel/pin_based_cec) 
+- Information about Pin-Based Constant Execution Checker can be found [here](https://github.com/intel/pin_based_cec)
 
 ## ippcp library <div id = 'ippcp'>
 |     Tested Function      |                                         Parameters                                         |

README.md

@@ -22,7 +22,7 @@ The library provides a comprehensive set of routines commonly used for cryptogra
    - RSA, RSA-OAEP, RSA-PKCS_v15, RSA-PSS
    - DLP, DLP-DSA, DLP-DH
    - ECC (NIST curves), ECDSA, ECDH, EC-SM2
-- Multi-buffer RSA, ECDSA, SM3, x25519
+- Multi-buffer RSA, ECDSA, ECDH, x25519, SM2, SM3, SM4, etc
 - Finite Field Arithmetic Functions
 - Big Number Integer Arithmetic Functions
 - PRNG/TRNG and Prime Numbers Generation

README_FIPS.md

@@ -291,6 +291,7 @@ fips_test_status fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys (int *pKe
 fips_test_status fips_selftest_ippsRSASignVerify_PSS_rmf_get_size (int *pBufferSize Ipp8u *pKeysBuffer);
 fips_test_status fips_selftest_ippsRSASign_PSS_rmf (Ipp8u *pBuffer Ipp8u *pKeysBuffer);
 fips_test_status fips_selftest_ippsRSAVerify_PSS_rmf (Ipp8u *pBuffer Ipp8u *pKeysBuffer);
+fips_test_status fips_selftest_ippsRSA_GenerateKeys (Ipp8u *pBuffer Ipp8u *pKeysBuffer);
 ```
 
 , where `pBuffer` is the valid buffer for selftest of size indicated by
@@ -305,6 +306,8 @@ fips_test_status fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff (int *
 fips_test_status fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff (int *pDataBuffSize Ipp8u *pGFpBuff Ipp8u *pGFpECBuff);
 fips_test_status fips_selftest_ippsGFpECSignDSA (Ipp8u *pGFpBuff Ipp8u *pGFpECBuff Ipp8u *pDataBuff);
 fips_test_status fips_selftest_ippsGFpECVerifyDSA (Ipp8u *pGFpBuff Ipp8u *pGFpECBuff Ipp8u *pDataBuff);
+fips_test_status fips_selftest_ippsGFpECPublicKey (Ipp8u *pGFpBuff Ipp8u *pGFpECBuff Ipp8u *pDataBuff);
+fips_test_status fips_selftest_ippsGFpECSharedSecretDH (Ipp8u *pGFpBuff Ipp8u *pGFpECBuff Ipp8u *pDataBuff);
 ```
 
 , where `pGFpBuff` is the valid buffer for selftest of size indicated by

include/ippcp/fips_cert.h

@@ -93,13 +93,16 @@ IPPAPI(fips_test_status, fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys,
 IPPAPI(fips_test_status, fips_selftest_ippsRSASignVerify_PSS_rmf_get_size, (int *pBufferSize, Ipp8u *pKeysBuffer))
 IPPAPI(fips_test_status, fips_selftest_ippsRSASign_PSS_rmf, (Ipp8u *pBuffer, Ipp8u *pKeysBuffer))
 IPPAPI(fips_test_status, fips_selftest_ippsRSAVerify_PSS_rmf, (Ipp8u *pBuffer, Ipp8u *pKeysBuffer))
+IPPAPI(fips_test_status, fips_selftest_ippsRSA_GenerateKeys, (Ipp8u *pBuffer, Ipp8u *pKeysBuffer))
 
 /* ECDSA sign/verify */
 IPPAPI(fips_test_status, fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFp_buff, (int *pGFpBuffSize))
 IPPAPI(fips_test_status, fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff, (int *pGFpECBuffSize, Ipp8u *pGFpBuff))
 IPPAPI(fips_test_status, fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff, (int *pDataBuffSize, Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff))
 IPPAPI(fips_test_status, fips_selftest_ippsGFpECSignDSA, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff))
 IPPAPI(fips_test_status, fips_selftest_ippsGFpECVerifyDSA, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff))
+IPPAPI(fips_test_status, fips_selftest_ippsGFpECPublicKey, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff))
+IPPAPI(fips_test_status, fips_selftest_ippsGFpECSharedSecretDH, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff))
 
 /*
 // Enumerator that contains information about FIPS-approved
@@ -135,8 +138,11 @@ enum FIPS_IPPCP_FUNC {
     RSAVerify_PKCS1v15_rmf,
     RSASign_PSS_rmf,
     RSAVerify_PSS_rmf,
+    RSA_GenerateKeys,
     GFpECSignDSA,
     GFpECVerifyDSA,
+    GFpECSharedSecretDH,
+    GFpECPublicKey,
     HashUpdate_rmf,
     HashGetTag_rmf,
     HashFinal_rmf,
@@ -151,8 +157,8 @@ enum FIPS_IPPCP_FUNC {
     RSAEncrypt_OAEP_rmf,
     RSADecrypt_OAEP_rmf,
 
-  /* Not approved functions or 
-   * FIPS-mode is not yet implemented, < 0 
+  /* Not approved functions or
+   * FIPS-mode is not yet implemented, < 0
    */
     SMS4EncryptCBC = -0xFFF,
     SMS4EncryptCBC_CS1,
@@ -173,7 +179,7 @@ enum FIPS_IPPCP_FUNC {
     SMS4_CCMDecrypt,
     SMS4_CCMGetTag,
     /* XTS APIs didn't pass CAVP testing */
-    AES_XTSEncrypt, 
+    AES_XTSEncrypt,
     AES_XTSDecrypt,
     AESEncryptXTS_Direct,
     AESDecryptXTS_Direct,
@@ -193,7 +199,6 @@ enum FIPS_IPPCP_FUNC {
     PrimeGen_BN,
     RSA_Encrypt,
     RSA_Decrypt,
-    RSA_GenerateKeys,
     DLPGenKeyPair,
     DLPPublicKey,
     DLPSignDSA,
@@ -203,8 +208,6 @@ enum FIPS_IPPCP_FUNC {
     DLPGenerateDH,
     GFpECVerify,
     GFpECPrivateKey,
-    GFpECPublicKey,
-    GFpECSharedSecretDH,
     GFpECSharedSecretDHC,
     GFpECSignNR,
     GFpECVerifyNR,

sources/include/owndefs.h

@@ -48,7 +48,7 @@
 #if !defined(__NOINLINE)
 #if defined(__INTEL_COMPILER) || defined(_MSC_VER)
   #define __NOINLINE __declspec(noinline)
-#elif defined( __GNUC__ )
+#elif defined( __GNUC__ ) || defined(__INTEL_LLVM_COMPILER)
   #define __NOINLINE __attribute__((noinline))
 #else
   #define __NOINLINE

sources/ippcp/CMakeLists.txt

@@ -106,7 +106,7 @@ set(DEFAULT_Clang_COMPILER_VER 9.0.0)
 set(DEFAULT_Intel18_COMPILER_VER 18.0.0)
 set(DEFAULT_Intel19_COMPILER_VER 19.0.0)
 set(DEFAULT_MSVC19_COMPILER_VER 19.14)
-set(DEFAULT_IntelLLVM2023_COMPILER_VER 2023.1.0)
+set(DEFAULT_IntelLLVM_COMPILER_VER 2023.1.0)
 
 string(REGEX REPLACE "^([0-9]+)\\.([0-9]+)\\.([0-9]+).*$" "\\1.\\2.\\3" CMAKE_C_COMPILER_VERSION_SHORT ${CMAKE_C_COMPILER_VERSION})
 string(REGEX REPLACE "^([0-9]+)\\..*$" "\\1" CMAKE_C_COMPILER_VERSION_MAJOR ${CMAKE_C_COMPILER_VERSION})

sources/ippcp/crypto_mb/Readme.md

@@ -1,7 +1,7 @@
 # Crypto Multi-buffer Library
 
 Currently, the library provides optimized version of the following algorithms:
-1. RSA, ECDSA, ECDH, x25519 multi-buffer algorithms based on Intel® Advanced Vector Extensions 512 (Intel® AVX-512) integer fused multiply-add (IFMA) operations. This CPU feature is introduced with Intel® Microarchitecture Code Named Ice Lake. 
+1. RSA, ECDSA, ECDH, x25519, SM2 multi-buffer algorithms based on Intel® Advanced Vector Extensions 512 (Intel® AVX-512) integer fused multiply-add (IFMA) operations. This CPU feature is introduced with Intel® Microarchitecture Code Named Ice Lake. 
 2. SM4 based on Intel(R) Advanced Vector Extensions 512 (Intel(R) AVX-512) GFNI instructions.
 3. SM3 based on Intel® Advanced Vector Extensions 512 (Intel® AVX-512) instructions.
 
@@ -28,10 +28,8 @@ This library consists of highly-optimized kernels taking advantage of Intel’s
 ### Linux* OS
 
 - Intel® C++ Compiler Classic 2021.9 for Linux\* OS
-- GCC 8.3
-- GCC 9.1
-- GCC 10.1
-- GCC 11.1
+- GCC 8.5
+- GCC 11.4
 - Clang 9.0
 - Clang 12.0
 - GNU binutils 2.32
@@ -84,6 +82,7 @@ You can find the installed files in:
     │        ├── ec_sm2.h
     │        ├── ed25519.h
     │        ├── exp.h
+    │        ├── fips_cert.h
     │        ├── rsa.h
     │        ├── sm3.h
     │        ├── sm4_ccm.h
@@ -95,6 +94,14 @@ You can find the installed files in:
     └── lib
         └── libcrypto_mb.so
 ```
+> **Note**: This project uses the default `RPATH` settings:
+>
+> CMake is linking the executables and shared libraries with full `RPATH` to all used 
+> libraries in the build tree. When installing, CMake will clear the `RPATH` of these 
+> targets so they are installed with an empty `RPATH`.  
+> In this case to resolve the Crypto Multi-buffer Library dependency on OpenSSL it is 
+> necessary to update `LD_LIBRARY_PATH` with the path to the target OpenSSL library. 
+
 
 ## How to Build
 

sources/ippcp/crypto_mb/include/internal/fips_cert/common.h

@@ -45,18 +45,6 @@
 #define MBX_RSA3K_DATA_BYTE_LEN ( (MBX_RSA3K_DATA_BIT_LEN) >> 3 )
 #define MBX_RSA4K_DATA_BYTE_LEN ( (MBX_RSA4K_DATA_BIT_LEN) >> 3 )
 
-#ifdef OPENSSL_IS_BORINGSSL
-
-/**
- * \brief
- *
- *  OpenSSL alias for BoringSSL.
- *
- */
-BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
-
-#endif
-
 /**
  * \brief
  *

sources/ippcp/crypto_mb/src/common/ifma_cvt52.c

@@ -167,12 +167,6 @@ __INLINE void transform_8sb_to_mb8(U64 out_mb8[], int bitLen, int8u *inp[8], int
    }
 }
 
-#ifdef OPENSSL_IS_BORINGSSL
-static int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) {
-    return BN_bn2le_padded(to, tolen, a);
-}
-#endif
-
 #ifndef BN_OPENSSL_DISABLE
 // Convert BIGNUM into MB8(Radix=2^52) format
 // Returns bitmask of successfully converted values

sources/ippcp/crypto_mb/src/fips_cert/common.c

@@ -17,15 +17,6 @@
 
 #include <internal/fips_cert/common.h>
 
-#ifdef OPENSSL_IS_BORINGSSL
-
-BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
-{
-    return BN_le2bn(s, len, ret);
-}
-
-#endif
-
 int mbx_is_mem_eq(const int8u *p1, int32u p1_byte_len, const int8u *p2, int32u p2_byte_len)
 {
   if ((p1_byte_len != p2_byte_len) || (p1 == NULL) || (p2 == NULL)) {

sources/ippcp/exports.linux.selftests-export

@@ -610,6 +610,9 @@ EXTERN (fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff)
 EXTERN (fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff)
 EXTERN (fips_selftest_ippsGFpECSignDSA)
 EXTERN (fips_selftest_ippsGFpECVerifyDSA)
+EXTERN (fips_selftest_ippsGFpECPublicKey)
+EXTERN (fips_selftest_ippsRSA_GenerateKeys)
+EXTERN (fips_selftest_ippsGFpECSharedSecretDH)
 
 
 VERSION {
@@ -1227,6 +1230,9 @@ VERSION {
    fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff;
    fips_selftest_ippsGFpECSignDSA;
    fips_selftest_ippsGFpECVerifyDSA;
+   fips_selftest_ippsGFpECPublicKey;
+   fips_selftest_ippsRSA_GenerateKeys;
+   fips_selftest_ippsGFpECSharedSecretDH;
   local: *;
  };
 }

sources/ippcp/exports.macosx.selftests-export

@@ -55,9 +55,13 @@ _fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys
 _fips_selftest_ippsRSASignVerify_PSS_rmf_get_size
 _fips_selftest_ippsRSASign_PSS_rmf
 _fips_selftest_ippsRSAVerify_PSS_rmf
+_fips_selftest_ippsRSA_GenerateKeys
 
 _fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFp_buff
 _fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff
 _fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff
 _fips_selftest_ippsGFpECSignDSA
 _fips_selftest_ippsGFpECVerifyDSA
+_fips_selftest_ippsGFpECPublicKey
+_fips_selftest_ippsGFpECSharedSecretDH
+

sources/ippcp/fips_cert/selftest_aes_enc_dec_cbc.c

@@ -56,7 +56,7 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptDecrypt_get_size, (int *pBu
   int ctx_size = 0;
   sts = ippsAESGetSize(&ctx_size);
   if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; }
-  
+
   ctx_size += IPPCP_AES_ALIGNMENT;
   *pBuffSize = ctx_size;
 
@@ -67,10 +67,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptCBC, (Ipp8u *pBuffer))
 {
   IppStatus sts = ippStsNoErr;
 
-  /* check input pointers and allocate memory in "use malloc" mode */ 
+  /* check input pointers and allocate memory in "use malloc" mode */
   int internalMemMgm = 0;
   int ctx_size = 0;
-  fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size);
+  sts = fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size);
+  if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; }
   BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR)
 
   /* output ciphertext */
@@ -79,7 +80,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptCBC, (Ipp8u *pBuffer))
   IppsAESSpec* spec = (IppsAESSpec*)(IPP_ALIGNED_PTR(pBuffer, IPPCP_AES_ALIGNMENT));
 
   /* context initialization */
-  ippsAESGetSize(&ctx_size);
+  sts = ippsAESGetSize(&ctx_size);
+  if (sts != ippStsNoErr) {
+    MEMORY_FREE(pBuffer, internalMemMgm)
+    return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR;
+  }
   sts = ippsAESInit(key, IPPCP_AES_KEY128_BYTE_LEN, spec, ctx_size);
   if (sts != ippStsNoErr) {
     MEMORY_FREE(pBuffer, internalMemMgm)
@@ -105,10 +110,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESDecryptCBC, (Ipp8u *pBuffer))
 {
   IppStatus sts = ippStsNoErr;
 
-  /* check input pointers and allocate memory in "use malloc" mode */ 
+  /* check input pointers and allocate memory in "use malloc" mode */
   int internalMemMgm = 0;
   int ctx_size = 0;
-  fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size);
+  sts = fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size);
+  if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; }
   BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR)
 
   /* output plaintext */