Intel(R) Cryptography Primitives Library 1.0.0

CMakeLists.txt

@@ -50,16 +50,15 @@ if("${CMAKE_GENERATOR}" STREQUAL "NMake Makefiles")
   endif()
 endif()
 
-# on ninja/WIN32 the build type fallback mechanism needs to be placed before the `project` call
+project(${PROJECT_FULL_NAME}
+        VERSION ${PROJECT_VERSION}
+        LANGUAGES C CXX)
+
 if("${CMAKE_BUILD_TYPE}" STREQUAL "")
   message(STATUS "CMAKE_BUILD_TYPE is unset, defaulting to Release")
   set(CMAKE_BUILD_TYPE "Release")
 endif()
 
-project(${PROJECT_FULL_NAME}
-        VERSION ${PROJECT_VERSION}
-        LANGUAGES C CXX)
-
 find_package(Python REQUIRED)
 
 if(WIN32 AND (${CMAKE_GENERATOR} MATCHES "Visual Studio"))

include/ippcpversion.h

@@ -27,13 +27,13 @@
 #define CRYPTOLIBVERSION_H__
 
 #define CRYPTO_LIB_VERSION_MAJOR  1
-#define CRYPTO_LIB_VERSION_MINOR  1
+#define CRYPTO_LIB_VERSION_MINOR  0
 #define CRYPTO_LIB_VERSION_PATCH 0
 
 // Major interface version
 #define CRYPTO_LIB_INTERFACE_VERSION_MAJOR 12
 // Minor interface version
-#define CRYPTO_LIB_INTERFACE_VERSION_MINOR 1
+#define CRYPTO_LIB_INTERFACE_VERSION_MINOR 0
 
 #define CRYPTO_LIB_VERSION_STR  STR(CRYPTO_LIB_VERSION_MAJOR) "." STR(CRYPTO_LIB_VERSION_MINOR) "." STR(CRYPTO_LIB_VERSION_PATCH) \
                                 " (" STR(CRYPTO_LIB_INTERFACE_VERSION_MAJOR) "." STR(CRYPTO_LIB_INTERFACE_VERSION_MINOR) ")"

include/ippversion.h

@@ -32,13 +32,13 @@
 #define IPPVERSION_H__
 
 #define IPP_VERSION_MAJOR  1
-#define IPP_VERSION_MINOR  1
+#define IPP_VERSION_MINOR  0
 #define IPP_VERSION_UPDATE 0
 
 // Major interface version
 #define IPP_INTERFACE_VERSION_MAJOR 12
 // Minor interface version
-#define IPP_INTERFACE_VERSION_MINOR 1
+#define IPP_INTERFACE_VERSION_MINOR 0
 
 #define IPP_VERSION_STR  STR(IPP_VERSION_MAJOR) "." STR(IPP_VERSION_MINOR) "." STR(IPP_VERSION_UPDATE) " (" STR(IPP_INTERFACE_VERSION_MAJOR) "." STR(IPP_INTERFACE_VERSION_MINOR) " )"
 

sources/ippcp/crypto_mb/include/crypto_mb/version.h

@@ -22,13 +22,13 @@
 /* crypto_mb name & version */
 #define MBX_LIB_NAME()    "crypto_mb"
 #define MBX_VER_MAJOR  1
-#define MBX_VER_MINOR  1
+#define MBX_VER_MINOR  0
 #define MBX_VER_PATCH  0
 
 /* major interface version */
 #define MBX_INTERFACE_VERSION_MAJOR 12
 /* minor interface version */
-#define MBX_INTERFACE_VERSION_MINOR 1
+#define MBX_INTERFACE_VERSION_MINOR 0
 
 typedef struct {
    int    major;          /* e.g. 1               */

sources/ippcp/crypto_mb/include/internal/fips_cert/common.h

@@ -20,7 +20,6 @@
 #define MBX_FIPS_CERT_COMMON_H
 
 #include <crypto_mb/defs.h>
-#include <crypto_mb/fips_cert.h>
 
 #ifndef BN_OPENSSL_DISABLE
     #include <openssl/bn.h>
@@ -55,38 +54,13 @@
  * 
  *  NOTE: This function should not be used for a secure memory comparison (i.e. constant time).
  *
- * \param[in] p1          pointer to first byte array
+ * \param[in] p1 pointer to first byte array
  * \param[in] p1_byte_len length of first array in bytes
- * \param[in] p2          pointer to second byte array
+ * \param[in] p2 pointer to second byte array
  * \param[in] p2_byte_len length of second array in bytes
  * 
  */
 int mbx_is_mem_eq(const int8u *p1, int32u p1_byte_len, const int8u *p2, int32u p2_byte_len);
 
-
-/**
- * \brief
- *
- *  The function maps a mbx_status to a fips_test_status.
- * 
- * \param[in] returned_sts value of the mbx_status that need to be mapped to fips_test_status
- * \param[in] expected_sts expected value of the mbx_status
- * \param[in] error_type   error type to be returned in case of unexpected mbx_status
- * 
- */
-fips_test_status mbx_selftest_map_test_status(const mbx_status returned_sts, const mbx_status expected_sts, const fips_test_status error_type);
-
-/**
- * \brief
- *
- *  The function checks if mbx_status is MBX_SET_STS_ALL(MBX_STATUS_OK) and returns 
- *  the corresponding fips_test_status.
- * 
- * \param[in] returned_sts value of the mbx_status that need to be analysed 
- * \param[in] error_type   error type to be returned in case mbx_status != MBX_SET_STS_ALL(MBX_STATUS_OK)
- * 
- */
-fips_test_status mbx_selftest_check_if_success(const mbx_status returned_sts, const fips_test_status error_type);
-
 #endif // MBX_FIPS_CERT_COMMON_H
 #endif // MBX_FIPS_MODE

sources/ippcp/crypto_mb/src/fips_cert/common.c

@@ -36,24 +36,4 @@ int mbx_is_mem_eq(const int8u *p1, int32u p1_byte_len, const int8u *p2, int32u p
   return 1;
 }
 
-fips_test_status mbx_selftest_map_test_status(const mbx_status returned_sts, const mbx_status expected_sts, const fips_test_status error_type) {
-    fips_test_status test_result;
-
-    if(returned_sts == expected_sts) {
-        test_result = MBX_ALGO_SELFTEST_OK;
-    }
-    else if(returned_sts == MBX_SET_STS_ALL(MBX_STATUS_UNSUPPORTED_ISA_ERR)) {
-        test_result = MBX_ALGO_SELFTEST_UNSUPPORTED_ISA_ERR;
-    }
-    else {
-        test_result = error_type;
-    }
-
-    return test_result;
-}
-
-fips_test_status mbx_selftest_check_if_success(const mbx_status returned_sts, const fips_test_status error_type) {
-    return mbx_selftest_map_test_status(returned_sts, MBX_SET_STS_ALL(MBX_STATUS_OK), error_type);
-}
-
 #endif // MBX_FIPS_MODE

sources/ippcp/crypto_mb/src/fips_cert/selftest_mbx_ed25519_public_key_mb8.c

@@ -78,19 +78,29 @@ fips_test_status fips_selftest_mbx_ed25519_public_key_mb8(void) {
     (ed25519_sign_component *)out_s[6], (ed25519_sign_component *)out_s[7]};
 
   /* test functions */
-  // generate public key
+  mbx_status expected_status_mb8 = MBX_SET_STS_ALL(MBX_STATUS_OK);
   mbx_status sts;
+
+  // generate public key
   sts = mbx_ed25519_public_key_mb8(pa_out_pub_key, pa_prv_key);
-  test_result = mbx_selftest_check_if_success(sts, MBX_ALGO_SELFTEST_BAD_ARGS_ERR);
-  if(test_result != MBX_ALGO_SELFTEST_OK) {
+  if (sts != expected_status_mb8) {
+    if(sts == MBX_SET_STS_ALL(MBX_STATUS_UNSUPPORTED_ISA_ERR)) {
+      test_result = MBX_ALGO_SELFTEST_UNSUPPORTED_ISA_ERR;
+      return test_result;
+    }
+    test_result = MBX_ALGO_SELFTEST_KAT_ERR;
     return test_result;
   }
 
   // sign and verify with the generated keypair
   sts = mbx_ed25519_sign_mb8(pa_sign_r, pa_sign_s, pa_msg, pa_msg_len, pa_prv_key,
                              (const ed25519_public_key* const*)pa_out_pub_key);
-  test_result = mbx_selftest_check_if_success(sts, MBX_ALGO_SELFTEST_BAD_ARGS_ERR);
-  if(test_result != MBX_ALGO_SELFTEST_OK) {
+  if (sts != expected_status_mb8) {
+    if(sts == MBX_SET_STS_ALL(MBX_STATUS_UNSUPPORTED_ISA_ERR)) {
+      test_result = MBX_ALGO_SELFTEST_UNSUPPORTED_ISA_ERR;
+      return test_result;
+    }
+    test_result = MBX_ALGO_SELFTEST_KAT_ERR;
     return test_result;
   }
 
@@ -100,7 +110,14 @@ fips_test_status fips_selftest_mbx_ed25519_public_key_mb8(void) {
                                (const ed25519_public_key* const*)pa_out_pub_key);
 
   // check the result of verification
-  test_result = mbx_selftest_check_if_success(sts, MBX_ALGO_SELFTEST_KAT_ERR);
+  if (sts != expected_status_mb8) {
+    if(sts == MBX_SET_STS_ALL(MBX_STATUS_UNSUPPORTED_ISA_ERR)) {
+      test_result = MBX_ALGO_SELFTEST_UNSUPPORTED_ISA_ERR;
+      return test_result;
+    }
+    test_result = MBX_ALGO_SELFTEST_KAT_ERR;
+    return test_result;
+  }
 
   return test_result;
 }

sources/ippcp/crypto_mb/src/fips_cert/selftest_mbx_ed25519_sign_mb8.c

@@ -89,10 +89,18 @@ fips_test_status fips_selftest_mbx_ed25519_sign_mb8(void) {
     (ed25519_sign_component *)out_s[6], (ed25519_sign_component *)out_s[7]};
 
   /* test function */
+  mbx_status expected_status_mb8 = MBX_SET_STS_ALL(MBX_STATUS_OK);
+
   mbx_status sts;
   sts = mbx_ed25519_sign_mb8(pa_sign_r, pa_sign_s, pa_msg, pa_msg_len, pa_prv_key, pa_pub_key);
-  test_result = mbx_selftest_check_if_success(sts, MBX_ALGO_SELFTEST_BAD_ARGS_ERR);
-
+  if (expected_status_mb8 != sts) {
+    if (sts == MBX_SET_STS_ALL(MBX_STATUS_UNSUPPORTED_ISA_ERR)) {
+      test_result = MBX_ALGO_SELFTEST_UNSUPPORTED_ISA_ERR;
+    }
+    else {
+      test_result = MBX_ALGO_SELFTEST_KAT_ERR;
+    }
+  }
   // compare output signature to known answer
   int r_output_status;
   int s_output_status;

sources/ippcp/crypto_mb/src/fips_cert/selftest_mbx_ed25519_verify_mb8.c

@@ -73,11 +73,17 @@ fips_test_status fips_selftest_mbx_ed25519_verify_mb8(void) {
     (const ed25519_sign_component *const)s, (const ed25519_sign_component *const)s};
 
   /* test function */
+  mbx_status expected_status_mb8 = MBX_SET_STS_ALL(MBX_STATUS_OK);
+
   mbx_status sts;
   sts = mbx_ed25519_verify_mb8(pa_sign_r, pa_sign_s, pa_msg, pa_msg_len, pa_pub_key);
-
-  // check the result of verification
-  test_result = mbx_selftest_check_if_success(sts, MBX_ALGO_SELFTEST_KAT_ERR);
+  if (expected_status_mb8 != sts) {
+    if (sts == MBX_SET_STS_ALL(MBX_STATUS_UNSUPPORTED_ISA_ERR)) {
+      test_result = MBX_ALGO_SELFTEST_UNSUPPORTED_ISA_ERR;
+      return test_result;
+    }
+    test_result = MBX_ALGO_SELFTEST_KAT_ERR;
+  }
 
   return test_result;
 }

sources/ippcp/crypto_mb/src/fips_cert/selftest_mbx_nistp256_ecdh_mb8.c

@@ -67,10 +67,18 @@ fips_test_status fips_selftest_mbx_nistp256_ecdh_mb8(void) {
     (int64u *)pub_y, (int64u *)pub_y, (int64u *)pub_y, (int64u *)pub_y};
 
   /* test function */
+  mbx_status expected_status_mb8 = MBX_SET_STS_ALL(MBX_STATUS_OK);
+
   mbx_status sts;
   sts = mbx_nistp256_ecdh_mb8(pa_shared_key, pa_prv_key, pa_pub_x, pa_pub_y, NULL, NULL);
-  test_result = mbx_selftest_check_if_success(sts, MBX_ALGO_SELFTEST_BAD_ARGS_ERR);
-
+  if (expected_status_mb8 != sts) {
+    if (sts == MBX_SET_STS_ALL(MBX_STATUS_UNSUPPORTED_ISA_ERR)) {
+      test_result = MBX_ALGO_SELFTEST_UNSUPPORTED_ISA_ERR;
+    }
+    else {
+      test_result = MBX_ALGO_SELFTEST_KAT_ERR;
+    }
+  }
   // compare output shared key to known answer
   int output_status;
   for (int i = 0; (i < MBX_LANES) && (MBX_ALGO_SELFTEST_OK == test_result); ++i) {
@@ -107,7 +115,13 @@ fips_test_status fips_selftest_mbx_nistp256_ecdh_ssl_mb8(void) {
     MEM_FREE(BN_pub_x, BN_pub_y, BN_prv_key)
     return test_result;
   }
-
+
+  /* function status and expected status */
+  mbx_status sts;
+  mbx_status expected_status_mb8 = MBX_SET_STS_ALL(MBX_STATUS_OK);
+  /* output validity status */
+  int output_status;
+
   // set ssl keys
   BN_lebin2bn(pub_x, MBX_NISTP256_DATA_BYTE_LEN, BN_pub_x);
   BN_lebin2bn(pub_y, MBX_NISTP256_DATA_BYTE_LEN, BN_pub_y);
@@ -131,12 +145,16 @@ fips_test_status fips_selftest_mbx_nistp256_ecdh_ssl_mb8(void) {
     BN_pub_y, BN_pub_y, BN_pub_y, BN_pub_y};
 
   /* test function */
-  mbx_status sts;
   sts = mbx_nistp256_ecdh_ssl_mb8(pa_shared_key, pa_prv_key, pa_pub_x, pa_pub_y, NULL, NULL);
-  test_result = mbx_selftest_check_if_success(sts, MBX_ALGO_SELFTEST_BAD_ARGS_ERR);
-
+  if (expected_status_mb8 != sts) {
+    if (sts == MBX_SET_STS_ALL(MBX_STATUS_UNSUPPORTED_ISA_ERR)) {
+      test_result = MBX_ALGO_SELFTEST_UNSUPPORTED_ISA_ERR;
+    }
+    else {
+      test_result = MBX_ALGO_SELFTEST_KAT_ERR;
+    }
+  }
   // compare output shared key to known answer
-  int output_status;
   for (int i = 0; (i < MBX_LANES) && (MBX_ALGO_SELFTEST_OK == test_result); ++i) {
     output_status = mbx_is_mem_eq(pa_shared_key[i], MBX_NISTP256_DATA_BYTE_LEN, sh_key, MBX_NISTP256_DATA_BYTE_LEN);
     if (!output_status) { // wrong output

sources/ippcp/crypto_mb/src/fips_cert/selftest_mbx_nistp256_ecdsa_sign_mb8.c

@@ -80,10 +80,18 @@ fips_test_status fips_selftest_mbx_nistp256_ecdsa_sign_mb8(void) {
                                  out_s[4], out_s[5], out_s[6], out_s[7]};
 
   /* test function */
+  mbx_status expected_status_mb8 = MBX_SET_STS_ALL(MBX_STATUS_OK);
+
   mbx_status sts;
   sts = mbx_nistp256_ecdsa_sign_mb8(pa_sign_r, pa_sign_s, pa_pub_msg_digest, pa_prv_k, pa_prv_d, NULL);
-  test_result = mbx_selftest_check_if_success(sts, MBX_ALGO_SELFTEST_BAD_ARGS_ERR);
-
+  if (expected_status_mb8 != sts) {
+    if(sts == MBX_SET_STS_ALL(MBX_STATUS_UNSUPPORTED_ISA_ERR)) {
+      test_result = MBX_ALGO_SELFTEST_UNSUPPORTED_ISA_ERR;
+    }
+    else {
+      test_result = MBX_ALGO_SELFTEST_KAT_ERR;
+    }
+  }
   // compare output signature to known answer
   int r_output_status;
   int s_output_status;
@@ -117,10 +125,16 @@ fips_test_status fips_selftest_mbx_nistp256_ecdsa_sign_ssl_mb8(void) {
     MEM_FREE(BN_d, BN_k)
     return test_result;
   }
-  
+
   /* output signature */
   int8u out_r[MBX_LANES][MBX_NISTP256_DATA_BYTE_LEN];
   int8u out_s[MBX_LANES][MBX_NISTP256_DATA_BYTE_LEN];
+  /* function status and expected status */
+  mbx_status sts;
+  mbx_status expected_status_mb8 = MBX_SET_STS_ALL(MBX_STATUS_OK);
+  /* output validity statuses */
+  int r_output_status;
+  int s_output_status;
 
   // set ssl key pair
   BN_lebin2bn(d, MBX_NISTP256_DATA_BYTE_LEN, BN_d);
@@ -143,13 +157,16 @@ fips_test_status fips_selftest_mbx_nistp256_ecdsa_sign_ssl_mb8(void) {
                                  out_s[4], out_s[5], out_s[6], out_s[7]};
 
   /* test function */
-  mbx_status sts;
   sts = mbx_nistp256_ecdsa_sign_ssl_mb8(pa_sign_r, pa_sign_s, pa_pub_msg_digest, pa_prv_k, pa_prv_d, NULL);
-  test_result = mbx_selftest_check_if_success(sts, MBX_ALGO_SELFTEST_BAD_ARGS_ERR);
-
+  if (expected_status_mb8 != sts) {
+    if(sts == MBX_SET_STS_ALL(MBX_STATUS_UNSUPPORTED_ISA_ERR)) {
+      test_result = MBX_ALGO_SELFTEST_UNSUPPORTED_ISA_ERR;
+    }
+    else {
+      test_result = MBX_ALGO_SELFTEST_KAT_ERR;
+    }
+  }
   // compare output signature to known answer
-  int r_output_status;
-  int s_output_status;
   for (int i = 0; (i < MBX_LANES) && (MBX_ALGO_SELFTEST_OK == test_result); ++i) {
     r_output_status = mbx_is_mem_eq(pa_sign_r[i], MBX_NISTP256_DATA_BYTE_LEN, r, MBX_NISTP256_DATA_BYTE_LEN);
     s_output_status = mbx_is_mem_eq(pa_sign_s[i], MBX_NISTP256_DATA_BYTE_LEN, s, MBX_NISTP256_DATA_BYTE_LEN);