Developer Reference

Contents

One-Way Hash Primitives

Hash functions are used in cryptography with digital signatures and for ensuring data integrity.
When used with digital signatures, a publicly available hash function hashes the message and signs the resulting hash value. The party who receives the message can then hash the message and check if the block size is authentic for the given hash value.
Hash functions are also referred to as “message digests” and “one-way encryption functions”. Both terms are appropriate since hash algorithms do not have a key like symmetric and asymmetric algorithms and you can recover neither the length nor the contents of the plaintext message from the ciphertext.
To ensure data integrity, hash functions are used to compute the hash value that corresponds to a particular input. Then, if necessary, you can check if the input data has remained unmodified; you can re-compute the hash value again using the available input and compare it to the original hash value.
The Hash Functions section describes functions that implement the following hash algorithms for streaming messages: MD5 [RFC 1321], SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 [FIPS PUB 180-2]
, and SM3 [SM3]
. These algorithms are widely used in enterprise applications nowadays.
Subsequent sections describe Hash Functions for Non-Streaming Messages, which apply hash algorithms to entire (non-streaming) messages, and Mask Generation Functions, whose algorithms are often based on hash computations.
Additionally, Intel® Integrated Performance Primitives (Intel® IPP) Cryptography supports two relatively new variants of SHA-512, the so called SHA-512/224 and SHA-512/256 algorithms. Both employ much of the basic SHA-512 algorithm but have some specifics. Intel IPP Cryptography does not provide a separate API exactly targeting SHA-512/224 and SHA-512/256. To enable SHA-512/224 and SHA-512/256, Intel IPP Cryptography declares extensions of the Hash Functions, Hash Functions for Non-Streaming Messages, Mask Generation Functions, and Keyed Hash Functions. These extensions use the
IppHashAlgId
enumerator associated with a particular hash algorithm as shown in the table below.
Supported Hash Algorithms
Value of
IppHashAlgId
Associated Hash Algorithm
ippHashAlg_SHA1
SHA-1
ippHashAlg_SHA224
SHA-224
ippHashAlg_SHA256
SHA-256
ippHashAlg_SHA384
SHA-384
ippHashAlg_SHA512
SHA-512
ippHashAlg_SHA512_224
SHA-512/224
ippHashAlg_SHA512_256
SHA-512/256
ippHashAlg_MD5
MD5
ippHashAlg_SM3
SM3

Reduced Memory Footprint Functions

When your application uses the
IppHashAlgId
enumerator, it gets linked to all available hashing algorithm implementations. This results in unnecessary memory overhead if the application does not need all the algorithms. Intel IPP Cryptography includes a number of
reduced memory footprint
functions that allow you to select the exact hashing methods for your application's needs. These functions have the
_rmf
suffix in their names and use pointers to
IppsHashMethod
structure variables instead of
IppHashAlgId
values. To get a pointer to a
IppsHashMethod
structure variable, call an appropriate function from the table below. See
HashMethod
for the syntax.
Functions that have the
_TT
suffix in their names return pointers to dynamically dispatched
IppsHashMethod
structures. These structures check for support of the SHA-NI instruction set at run time and choose the implementation of an algorithm depending on the outcome of the check. Using such
IppsHashMethod
structures leads to a slightly larger memory footprint compared to applications that use non-dynamically dispatched
IppsHashMethod
structures.
HashMethod
Functions
Function name
Returns pointer to implementation of
ippsHashMethod_SHA1
SHA1 (without the SHA-NI instruction set)
ippsHashMethod_SHA1_NI
SHA1 (using the SHA-NI instruction set)
ippsHashMethod_SHA1_TT
SHA1 (using the SHA-NI instructions set if it is available at run time)
ippsHashMethod_SHA256
SHA256 (without the SHA-NI instruction set)
ippsHashMethod_SHA256_NI
SHA256 (using the SHA-NI instruction set)
ippsHashMethod_SHA256_TT
SHA256 (using the SHA-NI instructions set if it is available at run time)
ippsHashMethod_SHA224
SHA224 (without the SHA-NI instruction set)
ippsHashMethod_SHA224_NI
SHA224 (using the SHA-NI instruction set)
ippsHashMethod_SHA224_TT
SHA224 (using the SHA-NI instructions set if it is available at run time)
ippsHashMethod_SHA384
SHA384
ippsHashMethod_SHA512
SHA512
ippsHashMethod_SHA512_256
SHA512-256
ippsHashMethod_SHA512_224
SHA512-224
ippsHashMethod_MD5
MD5
ippsHashMethod_SM3
SM3
The crypto community does not consider SHA-1 or MD5 algorithms secure anymore.
Recommendation: use a more secure hash algorithm (for example, any algorithm from the SHA-2 family) instead of SHA-1 or MD5.

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804