/* Dispatch functions for AES CBC CTS ciphers */
#include <openssl/proverr.h>
-#include "cipher_aes_cts.h"
+#include "cipher_cts.h"
-#define AES_CTS_FLAGS PROV_CIPHER_FLAG_CTS
+#define CTS_FLAGS PROV_CIPHER_FLAG_CTS
static OSSL_FUNC_cipher_encrypt_init_fn aes_cbc_cts_einit;
static OSSL_FUNC_cipher_decrypt_init_fn aes_cbc_cts_dinit;
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS_MODE);
if (p != NULL) {
- const char *name = ossl_aes_cbc_cts_mode_id2name(ctx->cts_mode);
+ const char *name = ossl_cipher_cbc_cts_mode_id2name(ctx->cts_mode);
if (name == NULL || !OSSL_PARAM_set_utf8_string(p, name)) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
if (p != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING)
goto err;
- id = ossl_aes_cbc_cts_mode_name2id(p->data);
+ id = ossl_cipher_cbc_cts_mode_name2id(p->data);
if (id < 0)
goto err;
return 0;
}
-/* NOTE: The underlying block cipher is AES CBC so we reuse most of the code */
-#define IMPLEMENT_cts_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \
- blkbits, ivbits, typ) \
-static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \
-static int alg##_cts_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
-{ \
- return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \
- kbits, blkbits, ivbits); \
-} \
-const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = { \
- { OSSL_FUNC_CIPHER_NEWCTX, \
- (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \
- { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \
- { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \
- { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_cbc_cts_einit }, \
- { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_cbc_cts_dinit }, \
- { OSSL_FUNC_CIPHER_UPDATE, \
- (void (*)(void)) ossl_##alg##_##lcmode##_cts_block_update }, \
- { OSSL_FUNC_CIPHER_FINAL, \
- (void (*)(void)) ossl_##alg##_##lcmode##_cts_block_final }, \
- { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \
- { OSSL_FUNC_CIPHER_GET_PARAMS, \
- (void (*)(void)) alg##_cts_##kbits##_##lcmode##_get_params }, \
- { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
- (void (*)(void))ossl_cipher_generic_gettable_params }, \
- { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
- (void (*)(void))aes_cbc_cts_get_ctx_params }, \
- { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
- (void (*)(void))aes_cbc_cts_set_ctx_params }, \
- { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
- (void (*)(void))aes_cbc_cts_gettable_ctx_params }, \
- { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
- (void (*)(void))aes_cbc_cts_settable_ctx_params }, \
- { 0, NULL } \
-};
-
/* ossl_aes256cbc_cts_functions */
-IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 256, 128, 128, block)
+IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 256, 128, 128, block)
/* ossl_aes192cbc_cts_functions */
-IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 192, 128, 128, block)
+IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 192, 128, 128, block)
/* ossl_aes128cbc_cts_functions */
-IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 128, 128, 128, block)
+IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 128, 128, 128, block)
/*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
*/
/*
- * Helper functions for AES CBC CTS ciphers.
+ * Helper functions for 128 bit CBC CTS ciphers (Currently AES and Camellia).
*
* The function dispatch tables are embedded into cipher_aes.c
- * using cipher_aes_cts.inc
+ * and cipher_camellia.c using cipher_aes_cts.inc and cipher_camellia_cts.inc
*/
/*
#include "e_os.h" /* strcasecmp */
#include <openssl/core_names.h>
-#include <openssl/aes.h>
#include "prov/ciphercommon.h"
#include "internal/nelem.h"
-#include "cipher_aes_cts.h"
+#include "cipher_cts.h"
/* The value assigned to 0 is the default */
#define CTS_CS1 0
#define CTS_CS2 1
#define CTS_CS3 2
+#define CTS_BLOCK_SIZE 16
+
typedef union {
size_t align;
- unsigned char c[AES_BLOCK_SIZE];
+ unsigned char c[CTS_BLOCK_SIZE];
} aligned_16bytes;
typedef struct cts_mode_name2id_st {
{ CTS_CS3, OSSL_CIPHER_CTS_MODE_CS3 },
};
-const char *ossl_aes_cbc_cts_mode_id2name(unsigned int id)
+const char *ossl_cipher_cbc_cts_mode_id2name(unsigned int id)
{
size_t i;
return NULL;
}
-int ossl_aes_cbc_cts_mode_name2id(const char *name)
+int ossl_cipher_cbc_cts_mode_name2id(const char *name)
{
size_t i;
aligned_16bytes tmp_in;
size_t residue;
- residue = len % AES_BLOCK_SIZE;
+ residue = len % CTS_BLOCK_SIZE;
len -= residue;
if (!ctx->hw->cipher(ctx, out, in, len))
return 0;
memset(tmp_in.c, 0, sizeof(tmp_in));
memcpy(tmp_in.c, in, residue);
- if (!ctx->hw->cipher(ctx, out - AES_BLOCK_SIZE + residue, tmp_in.c,
- AES_BLOCK_SIZE))
+ if (!ctx->hw->cipher(ctx, out - CTS_BLOCK_SIZE + residue, tmp_in.c,
+ CTS_BLOCK_SIZE))
return 0;
return len + residue;
}
aligned_16bytes mid_iv, ct_mid, pt_last;
size_t residue;
- residue = len % AES_BLOCK_SIZE;
+ residue = len % CTS_BLOCK_SIZE;
if (residue == 0) {
/* If there are no partial blocks then it is the same as CBC mode */
if (!ctx->hw->cipher(ctx, out, in, len))
return len;
}
/* Process blocks at the start - but leave the last 2 blocks */
- len -= AES_BLOCK_SIZE + residue;
+ len -= CTS_BLOCK_SIZE + residue;
if (len > 0) {
if (!ctx->hw->cipher(ctx, out, in, len))
return 0;
out += len;
}
/* Save the iv that will be used by the second last block */
- memcpy(mid_iv.c, ctx->iv, AES_BLOCK_SIZE);
+ memcpy(mid_iv.c, ctx->iv, CTS_BLOCK_SIZE);
/* Decrypt the last block first using an iv of zero */
- memset(ctx->iv, 0, AES_BLOCK_SIZE);
- if (!ctx->hw->cipher(ctx, pt_last.c, in + residue, AES_BLOCK_SIZE))
+ memset(ctx->iv, 0, CTS_BLOCK_SIZE);
+ if (!ctx->hw->cipher(ctx, pt_last.c, in + residue, CTS_BLOCK_SIZE))
return 0;
/*
* of the partial second last block.
*/
memcpy(ct_mid.c, in, residue);
- memcpy(ct_mid.c + residue, pt_last.c + residue, AES_BLOCK_SIZE - residue);
+ memcpy(ct_mid.c + residue, pt_last.c + residue, CTS_BLOCK_SIZE - residue);
/*
* Restore the last partial ciphertext block.
* Now that we have the cipher text of the second last block, apply
* that to the partial plaintext end block. We have already decrypted the
* block using an IV of zero. For decryption the IV is just XORed after
- * doing an AES block - so just XOR in the cipher text.
+ * doing an Cipher CBC block - so just XOR in the cipher text.
*/
- do_xor(ct_mid.c, pt_last.c, residue, out + AES_BLOCK_SIZE);
+ do_xor(ct_mid.c, pt_last.c, residue, out + CTS_BLOCK_SIZE);
/* Restore the iv needed by the second last block */
- memcpy(ctx->iv, mid_iv.c, AES_BLOCK_SIZE);
+ memcpy(ctx->iv, mid_iv.c, CTS_BLOCK_SIZE);
/*
* Decrypt the second last plaintext block now that we have rebuilt the
* ciphertext.
*/
- if (!ctx->hw->cipher(ctx, out, ct_mid.c, AES_BLOCK_SIZE))
+ if (!ctx->hw->cipher(ctx, out, ct_mid.c, CTS_BLOCK_SIZE))
return 0;
- return len + AES_BLOCK_SIZE + residue;
+ return len + CTS_BLOCK_SIZE + residue;
}
static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
aligned_16bytes tmp_in;
size_t residue;
- if (len <= AES_BLOCK_SIZE) /* CS3 requires 2 blocks */
+ if (len <= CTS_BLOCK_SIZE) /* CS3 requires 2 blocks */
return 0;
- residue = len % AES_BLOCK_SIZE;
+ residue = len % CTS_BLOCK_SIZE;
if (residue == 0)
- residue = AES_BLOCK_SIZE;
+ residue = CTS_BLOCK_SIZE;
len -= residue;
if (!ctx->hw->cipher(ctx, out, in, len))
memset(tmp_in.c, 0, sizeof(tmp_in));
memcpy(tmp_in.c, in, residue);
- memcpy(out, out - AES_BLOCK_SIZE, residue);
- if (!ctx->hw->cipher(ctx, out - AES_BLOCK_SIZE, tmp_in.c, AES_BLOCK_SIZE))
+ memcpy(out, out - CTS_BLOCK_SIZE, residue);
+ if (!ctx->hw->cipher(ctx, out - CTS_BLOCK_SIZE, tmp_in.c, CTS_BLOCK_SIZE))
return 0;
return len + residue;
}
aligned_16bytes mid_iv, ct_mid, pt_last;
size_t residue;
- if (len <= AES_BLOCK_SIZE) /* CS3 requires 2 blocks */
+ if (len <= CTS_BLOCK_SIZE) /* CS3 requires 2 blocks */
return 0;
/* Process blocks at the start - but leave the last 2 blocks */
- residue = len % AES_BLOCK_SIZE;
+ residue = len % CTS_BLOCK_SIZE;
if (residue == 0)
- residue = AES_BLOCK_SIZE;
- len -= AES_BLOCK_SIZE + residue;
+ residue = CTS_BLOCK_SIZE;
+ len -= CTS_BLOCK_SIZE + residue;
if (len > 0) {
if (!ctx->hw->cipher(ctx, out, in, len))
out += len;
}
/* Save the iv that will be used by the second last block */
- memcpy(mid_iv.c, ctx->iv, AES_BLOCK_SIZE);
+ memcpy(mid_iv.c, ctx->iv, CTS_BLOCK_SIZE);
/* Decrypt the Cn block first using an iv of zero */
- memset(ctx->iv, 0, AES_BLOCK_SIZE);
- if (!ctx->hw->cipher(ctx, pt_last.c, in, AES_BLOCK_SIZE))
+ memset(ctx->iv, 0, CTS_BLOCK_SIZE);
+ if (!ctx->hw->cipher(ctx, pt_last.c, in, CTS_BLOCK_SIZE))
return 0;
/*
* the decrypted C(n) block + replace the start with the ciphertext bytes
* of the partial last block.
*/
- memcpy(ct_mid.c, in + AES_BLOCK_SIZE, residue);
- if (residue != AES_BLOCK_SIZE)
- memcpy(ct_mid.c + residue, pt_last.c + residue, AES_BLOCK_SIZE - residue);
+ memcpy(ct_mid.c, in + CTS_BLOCK_SIZE, residue);
+ if (residue != CTS_BLOCK_SIZE)
+ memcpy(ct_mid.c + residue, pt_last.c + residue, CTS_BLOCK_SIZE - residue);
/*
* Restore the last partial ciphertext block.
* Now that we have the cipher text of the second last block, apply
* block using an IV of zero. For decryption the IV is just XORed after
* doing an AES block - so just XOR in the ciphertext.
*/
- do_xor(ct_mid.c, pt_last.c, residue, out + AES_BLOCK_SIZE);
+ do_xor(ct_mid.c, pt_last.c, residue, out + CTS_BLOCK_SIZE);
/* Restore the iv needed by the second last block */
- memcpy(ctx->iv, mid_iv.c, AES_BLOCK_SIZE);
+ memcpy(ctx->iv, mid_iv.c, CTS_BLOCK_SIZE);
/*
* Decrypt the second last plaintext block now that we have rebuilt the
* ciphertext.
*/
- if (!ctx->hw->cipher(ctx, out, ct_mid.c, AES_BLOCK_SIZE))
+ if (!ctx->hw->cipher(ctx, out, ct_mid.c, CTS_BLOCK_SIZE))
return 0;
- return len + AES_BLOCK_SIZE + residue;
+ return len + CTS_BLOCK_SIZE + residue;
}
static size_t cts128_cs2_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
unsigned char *out, size_t len)
{
- if (len % AES_BLOCK_SIZE == 0) {
+ if (len % CTS_BLOCK_SIZE == 0) {
/* If there are no partial blocks then it is the same as CBC mode */
if (!ctx->hw->cipher(ctx, out, in, len))
return 0;
static size_t cts128_cs2_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
unsigned char *out, size_t len)
{
- if (len % AES_BLOCK_SIZE == 0) {
+ if (len % CTS_BLOCK_SIZE == 0) {
/* If there are no partial blocks then it is the same as CBC mode */
if (!ctx->hw->cipher(ctx, out, in, len))
return 0;
return cts128_cs3_decrypt(ctx, in, out, len);
}
-int ossl_aes_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl,
- size_t outsize, const unsigned char *in,
- size_t inl)
+int ossl_cipher_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl,
+ size_t outsize, const unsigned char *in,
+ size_t inl)
{
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
size_t sz = 0;
- if (inl < AES_BLOCK_SIZE) /* There must be at least one block for CTS mode */
+ if (inl < CTS_BLOCK_SIZE) /* There must be at least one block for CTS mode */
return 0;
if (outsize < inl)
return 0;
return 1;
}
-int ossl_aes_cbc_cts_block_final(void *vctx, unsigned char *out, size_t *outl,
- size_t outsize)
+int ossl_cipher_cbc_cts_block_final(void *vctx, unsigned char *out, size_t *outl,
+ size_t outsize)
{
*outl = 0;
return 1;
--- /dev/null
+/*
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "crypto/evp.h"
+
+/* NOTE: The underlying block cipher is CBC so we reuse most of the code */
+#define IMPLEMENT_cts_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \
+ blkbits, ivbits, typ) \
+static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \
+static int alg##_cts_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
+{ \
+ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
+ flags, kbits, blkbits, ivbits); \
+} \
+const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = { \
+ { OSSL_FUNC_CIPHER_NEWCTX, \
+ (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \
+ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \
+ { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \
+ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) alg##_cbc_cts_einit }, \
+ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) alg##_cbc_cts_dinit }, \
+ { OSSL_FUNC_CIPHER_UPDATE, \
+ (void (*)(void)) ossl_cipher_cbc_cts_block_update }, \
+ { OSSL_FUNC_CIPHER_FINAL, \
+ (void (*)(void)) ossl_cipher_cbc_cts_block_final }, \
+ { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \
+ { OSSL_FUNC_CIPHER_GET_PARAMS, \
+ (void (*)(void)) alg##_cts_##kbits##_##lcmode##_get_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
+ (void (*)(void))ossl_cipher_generic_gettable_params }, \
+ { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
+ (void (*)(void)) alg##_cbc_cts_get_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
+ (void (*)(void)) alg##_cbc_cts_set_ctx_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
+ (void (*)(void)) alg##_cbc_cts_gettable_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
+ (void (*)(void)) alg##_cbc_cts_settable_ctx_params }, \
+ { 0, NULL } \
+};
+
+OSSL_FUNC_cipher_update_fn ossl_cipher_cbc_cts_block_update;
+OSSL_FUNC_cipher_final_fn ossl_cipher_cbc_cts_block_final;
+
+const char *ossl_cipher_cbc_cts_mode_id2name(unsigned int id);
+int ossl_cipher_cbc_cts_mode_name2id(const char *name);