Crypto Engine Release Notes

1 Introduction

This document identifies important information for the Crypto Engine package for Simics 6. All users of this specific package should review this document carefully.

2 Changes Since Version 6.0.0

The following is a list of changes since the initial 6.0.0 release.

• 6.0.7 (build 6275)

  • Cryptographic and secure hash library
    • OpenSSL has been updated to version 3.2.0.

• 6.0.6 (build 6272)

  • Cryptographic and secure hash library
    • Added method for CRT key generation on the rsa_v2 interface (bug #HSD-22019127853).

• 6.0.4 (build 6233)

  • Cryptographic and secure hash library
    • Added support for the SM4 cipher in the crypto_engine_openssl device (bug #HSD-13010199480).

• 6.0.3 (build 6226)

  • Cryptographic and secure hash library
    • Fixed a problem using the RC4 cipher on Windows (bug #SIMINT-1552).

• 6.0.2 (build 6223)

  • Cryptographic and secure hash library
    • OpenSSL has been updated to version 3.1.1.
    • The OpenSSL libraries are now included in the Simics-Base package instead of the Crypto-Engine package.
    • Fixed a bug in keccak_hash_update function causing it to overwrite the block buffer if not fed with data in chunks equal to the block size (bug #HSD-16020825957).
    • Fix for crypto engine (SIMICS-20961) Unable to fetch cipher implementation for RC4 (bug #SIMINT-1552).
    • OpenSSL has been updated to version 3.1.0.

• 6.0.1 (build 6203)

  • Cryptographic and secure hash library
    • OpenSSL has been updated to version 3.0.8.
    • The included OpenSSL libraries are now stripped of debug symbols.
    • Added support for the SM3 digest and HMAC in the crypto_engine_openssl device (bug #HSD-14017737921).

• 6.0.0 (build 6200)

  • Common
    • Simics no longer comes with documentation in PDF format.
    • Documentation in HTML format has been added.
    • Fixed a problem on Windows where the installer still asked for the Model Builder key (bug #SIMINT-1236).
    • Support for Python 2.7 has been removed. Simics now only embeds a Python 3 interpreter.
    • The separation of source code into separate packages has been removed. Source code is now included directly into each package.
    • The installers for Linux and macOS have been updated. Support for fallback mode of decryption keys has been removed.
  • Cryptographic and secure hash library
    • Fix ECC error handling (bug #HSD-13010148628).
    • OpenSSL has been updated to version 3.0.7.
    • OpenSSL has been updated to version 3.0.5.
    • The rsa interface is deprecated, use the rsa_v2 interface instead.
    • Add ChaCha20-Poly1305 implementation (bug #HSD-22015079405).
    • Added new F8 and F9 interfaces which accept raw IV (bug #HSD-18019345865).
    • Add new GCM interface that can optionally accept pre-counter block (J0) in place of IV in crypto-engine (bug #HSD-18019348100).
    • Fix AES-XTS failed if data not aligned with sector size (bug #HSD-1308689141).
    • Added support for SHA-512/224 and SHA-512/256 (bug #HSD-18015581865).
    • Added new RSA interface which allows use of arbitrary public exponents (bug #HSD-18014529484).
    • Fix AES-XTS decryption bug (bug #HSD-16012293682).
    • Added support for the ZUC-256 algorithm (bug #HSD-14012682216).
    • Fixed a problem where Simics crashed when the crypto-engine module was loaded, on Ubuntu 18 (bug #HSD-16010803916).
    • Add new AES-XTS interface that supports 128-bit initialization vectors (bug #HSD-18011028786).
    • Added support for SHA3-224 and SHA3-384 (bug #HSD-22010396610).
    • Updated ECDSA crypto to store the result even in the case of a failure. This is required because some FW wants to check the result itself. The return code in this case is -2 instead of -1 on failures where the result is not reported.
    • Improved performance by allocating log-strings only when necessary.
    • Reverted a fix from last build causing a regression in AES-CBC crypto when running encrypt/decrypt with zero length. This is now a NOP instead of an ASSERT (bug #HSD-1306290968).
    • Implementation updated to address issues flagged by Coverity static analysis.

3 Changes in version 6

4 Limitations

This section briefly describes the known limitations of the Crypto Engine package. Please refer to section 5 for a more technical description.

For model oriented packages, additional limitations may be found in the model target guides.

5 Detailed List of Limitations

This section describes in detail the known limitations of the Crypto Engine package. Please refer to section 4 for a more general description.

A register or field marked as Not implemented is present with read-write semantics but has no side effects on simulation. A register marked as Not implemented (design limitation) has the same semantics as a "Not implemented" register and there is no plan to extend the model with this functionality. A register with Lack of documentation has not been implemented because there is no available documentation describing its semantics.