13. AOCL-Cryptography#
AOCL-Cryptography is a library consisting of the core cryptographic functions optimized for AMD “Zen” micro-architecture. This library has multiple implementations of different types:
Advanced Encryption Standard (AES) block ciphers, ChaCha20 stream cipher, Chacha20-Poly1305 Cipher algorithms
Secure Hash Algorithms (SHA-2, SHA-3 and SHAKE)
Cipher, Hash, and Poly1305 based Message Authentication Code (MAC) algorithms
Elliptic-curve Diffie–Hellman (ECDH) Key Generation algorithms, and Rivest, Shamir, and Adleman (RSA)Encryption/Decryption and Sign/Verify algorithms
The AOCL-Cryptography library has the following functions:
AES block cipher encrypt/decrypt routines for the following schemes:
Cipher Block Chaining (CBC)
Cipher Feedback (CFB)
Output Feedback (OFB)
Counter (CTR)
Galois/Counter Mode (GCM)
Ciphertext Stealing Mode (XTS)
Counter with Cipher Block Chaining Message Authentication Code (CCM)
Synthetic Initialization Vector (SIV)
Stream cipher encrypt/decrypt routines - Chacha20, and Chacha20-Poly1305
SHA-2 digest routines for the following schemes:
SHA2_224
SHA2_256
SHA2_384
SHA2_512
SHA2_512_224
SHA2_512_256
SHA-3 digest routines for the following schemes:
SHA3_224, SHA3_256, SHA3_384, and SHA3_512
SHAKE128 and SHAKE256
MAC routines:
Hash-based Message Authentication Code (HMAC)
Cipher-based Message Authentication Code (CMAC)
Poly1305
ECDH x25519 key exchange functions:
Generate Public Key
Compute Secret Key
RSA 1024/2048
Encrypt text with Public Key (Non-Padded, OAEP and PKCS padding modes)
Decrypt text with Private Key (Non-Padded, OAEP and PKCS padding modes)
Sign with Private Key and Verify with Public Key (PKCS and PSS padding modes)
Note
AES Ciphers, RSA and EC algorithms are not supported in pre-AVX2 architectures.
IPP Compat library is in experimental state in 5.0 release.
Behavior might be undefined if AVX512 is disabled in the BIOS configuration on the Zen5 platform.
13.1. Requirements#
CMake 3.22
GCC 11.3.0 through 13.1.0
OpenSSL v3.0.8 through 3.3.0
Clang 15 on Windows
AOCC 4.2 through 5.0
clang 14 on Linux https://clang.llvm.org/
lsb_release utility https://refspecs.linuxbase.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/lsbrelease.html
p7zip-full utility https://p7zip.sourceforge.net/
For more information on supported Linux operating systems, refer to Operating Systems.
AOCL-Crypto API Guide documentation is available at https://docs.amd.com/go/en-US/63862-AOCL-cryptography
13.2. Installation#
13.2.1. Building AOCL-Cryptography from Source on Linux#
Complete the following steps to build AOCL-Cryptography from source on Linux:
GitHub URL: amd/aocl-crypto
Clone the repository aocl-crypto.
cd aocl-cryptomkdir buildcd buildRun the configure command
cmake ../using the following options:Table 13.1 AOCL-Cryptography - Linux Options# Option
Description
ALCP_ENABLE_EXAMPLES (ON/OFF)
Compile the example code
CMAKE_BUILD_TYPE (Debug/Release)
Specify the build type
ENABLE_AOCL_UTILS (ON/OFF)
Enable Zen architecture based dynamic dispatch using the AOCL-Utils library
AOCL_UTILS_INSTALL_DIR
AOCL-Utils library installation path
OPENSSL_INSTALL_DIR
OpenSSL (3.0.8 through 3.3.0) installation path
CMAKE_INSTALL_PREFIX
AOCL-Cryptography library installation path
ALCP_SANITIZE (ON/OFF)
Enable sanitizers to compile the library (asan, ubsan, , and so on)
AOCL_COMPAT_LIBS
Supported values= ipp,openssl/ipp/openssl
Enable compilation of IPP OpenSSL provider libraries.
Notes:
The IPP header files should be added to the CPLUS_INCLUDE_PATH environment variable (working version for IPP is 2021_10.0).
OpenSSL provider support is only enabled for Cipher, CMAC, Poly1305, and RSA Algorithms in 5.0 release.s.
IPP provider support is experimental in 5.0 release
OPENSSL_INSTALL_DIR
Path to openssl installation directory (Supported openssl versions are 3.0.8 through 3.3.0)
ALCP_ENABLE_HTML
Values: ON/OFF
Enable ALCP html documentation generation.
Note: Doxygen version supported: v1.9.6 or later.
ALCP_ENABLE_DOCS
Values: ON/OFF
Generate PDFs from .MD files using Pandoc utility
(Note: Needs the proprietary font “Klavika” to be installed in the system)
AOCL_UTILS_INSTALL_DIR
Path to AOCL Utils installation directory (If not provided, build system will compile and install aocl utils library from the latest release branch.
make -j$(nproc)make installTo execute tests/benchmarks using KAT framework, run the following commands:
$ git-lfs fetch $ git-lfs checkout
For detailed steps to execute KAT tests/bench, refer to tests_Readme amd/aocl-crypto and bench_Readme amd/aocl-crypto files respectively.
Testing Examples
Navigate to the installed directory.
Ensure that AOCL and OpenSSL lib directories are added to
LD_LIBRARY_PATHandLIBRARY_PATHenvironment variables:
$ export LD_LIBRARY_PATH=<path to aocl crypto lib>:<path to OpenSSL lib>:$LD_LIBRARY_PATH;
$ export LIBRARY_PATH=<path to aocl crypto lib>:<path to OpenSSL lib>:$LIBRARY_PATH;
makeRun the executables generated in
./bin/<module>. For example,./bin/mac/hmac.
13.2.2. Building AOCL-Cryptography from Source on Windows#
AOCL-Cryptography requires CMake and Microsoft Visual Studio for building the binaries from the sources on Windows.
Prerequisites
For more information on CMake versions validated, refer to Build Utilities.
Microsoft Visual Studio 2019 (build 16.8.7) through 2022 (build 17.5.3)
Desktop development with C++: C++ Clang-tools for windows (x64 or x86)
LLVM plug-in for Microsoft Visual Studio (if the latest version of LLVM is installed separately, this plug-in enables linking Microsoft Visual Studio with the installed LLVM toolchain)
Install OpenSSL (3.0.8 through 3.3.0) and add
openssl\binpath to thePATHenvironment variables, if not set
Configure and Build
Clone the repository aocl-crypto.
Open Command Prompt or PowerShell.
cd aocl-cryptomkdir buildRun
cmake configureusing the following options:Table 13.2 AOCL-Cryptography - Windows Options# Option
Description
-A (platform)
x86/x64
-B (build directory)
Build
-T (toolset)
ClangCl/LLVM
-G (specify generator)
Visual Studio 17 2022/ Visual Studio 16 2019 / Ninja
Build the library:
--config=release/debug
PS>cmake --build ./build --config=release -j
To execute tests/benchmarks using the KAT framework, run the following commands:
$ git-lfs fetch $ git-lfs checkout
For detailed steps to execute KAT tests/bench, refer to tests_Readme amd/aocl-crypto and bench_Readme amd/aocl-crypto files respectively.
Testing Examples
Navigate to the build directory.
Ensure that the
lib\Releasedirectory is added to PATH environment variables.If not set already, add
openssl\binpath to thePATHenvironment variables.Run the executables generated in
.\examples\<module>\Release\*.exe. Example:.\examples\cipher\Release\aes-ccm.exe
13.3. Using AOCL-Cryptography in a Sample Application#
A few pointers for using AOCL-Cryptography in a sample application:
For using the encrypt/decrypt routines, use the header file in the test application:
aocl-crypto/include/alcp/alcp.h
For using the cipher routines, use the header file:
aocl-crypto/include/alcp/cipher.h
An example to use the cipher routines can be found in:
aocl-crypto/examples/cipher
For using the digest routines, use the header file:
aocl-crypto/include/alcp/digest.h
An example to use the digest routines can be found in:
aocl-crypto/examples/digest
13.3.1. Compiling and Running Examples#
Complete the following steps to compile and run the AOCL-Cryptography examples from the downloaded packages:
Download and untar the aocl-crypto package.
cd amd-cryptoexport LIBRARY_PATH=<path to aocl crypto lib>:<path to aocl utils lib>:<path to openssl lib>:$LIBRARY_PATH;makeTo run example applications (for digest):
LD_LIBRARY_PATH=<path to aocl crypto lib>:<path to aocl utils
lib>:<path to openssl lib> ./bin/digest/sha2_384_example;
13.3.2. AOCL-Cryptography Library Provider for OpenSSL#
For more information on usage instructions, refer to the following URL:
13.3.3. Integrating AOCL-Crypto Library with Applications that Use IPP#
(Note: IPP Compat library is in experimental state in 5.0 release)