=item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <UTF8 string>
Gets or sets the cipher text stealing mode. For all modes the output size is the
-same as the input size.
+same as the input size. The input length must be greater than or equal to the
+block size. (The block size for AES and CAMELLIA is 16 bytes).
Valid values for the mode are:
=item "CS1"
The NIST variant of cipher text stealing.
-For message lengths that are multiples of the block size it is equivalent to
-using a "AES-CBC" cipher otherwise the second last cipher text block is a
-partial block.
+For input lengths that are multiples of the block size it is equivalent to
+using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher otherwise the second last
+cipher text block is a partial block.
=item "CS2"
-For message lengths that are multiples of the block size it is equivalent to
-using a "AES-CBC" cipher, otherwise it is the same as "CS3".
+For input lengths that are multiples of the block size it is equivalent to
+using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher, otherwise it is the same as
+"CS3" mode.
=item "CS3"
The Kerberos5 variant of cipher text stealing which always swaps the last
cipher text block with the previous block (which may be a partial or full block
-depending on the input length).
+depending on the input length). If the input length is exactly one full block
+then this is equivalent to using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher.
=back
The default is "CS1".
-This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS".
+This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
+"CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS".
=item "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) <unsigned integer>
=item "CAMELLIA-128-CBC", "CAMELLIA-192-CBC" and "CAMELLIA-256-CBC"
+=item "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS"
+
=item "CAMELLIA-128-CFB", "CAMELLIA-192-CFB", "CAMELLIA-256-CFB",
"CAMELLIA-128-CFB1", "CAMELLIA-192-CFB1", "CAMELLIA-256-CFB1",
"CAMELLIA-128-CFB8", "CAMELLIA-192-CFB8" and "CAMELLIA-256-CFB8"
=item *
-AES CTS cipher added to EVP layer.
+CTS ciphers added to EVP layer.
-The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS".
+The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
+"CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS".
CS1, CS2 and CS3 variants are supported.
=back
=item *
+CRYPTO_cts128_encrypt_block(), CRYPTO_cts128_encrypt(),
+CRYPTO_cts128_decrypt_block(), CRYPTO_cts128_decrypt(),
+CRYPTO_nistcts128_encrypt_block(), CRYPTO_nistcts128_encrypt(),
+CRYPTO_nistcts128_decrypt_block(), CRYPTO_nistcts128_decrypt()
+
+Use the higher level functions EVP_CipherInit_ex2(), EVP_CipherUpdate() and
+EVP_CipherFinal_ex() instead.
+See the "cts_mode" parameter in
+L<EVP_EncryptInit(3)/Gettable and Settable EVP_CIPHER_CTX parameters>.
+See L<EVP_EncryptInit(3)/EXAMPLES> for a AES-256-CBC-CTS example.
+
+=item *
+
d2i_DHparams(), d2i_DHxparams(), d2i_DSAparams(), d2i_DSAPrivateKey(),
d2i_DSAPrivateKey_bio(), d2i_DSAPrivateKey_fp(), d2i_DSA_PUBKEY(),
d2i_DSA_PUBKEY_bio(), d2i_DSA_PUBKEY_fp(), d2i_DSAPublicKey(),
ALG(PROV_NAMES_CAMELLIA_256_CBC, ossl_camellia256cbc_functions),
ALG(PROV_NAMES_CAMELLIA_192_CBC, ossl_camellia192cbc_functions),
ALG(PROV_NAMES_CAMELLIA_128_CBC, ossl_camellia128cbc_functions),
+ ALG(PROV_NAMES_CAMELLIA_128_CBC_CTS, ossl_camellia128cbc_cts_functions),
+ ALG(PROV_NAMES_CAMELLIA_192_CBC_CTS, ossl_camellia192cbc_cts_functions),
+ ALG(PROV_NAMES_CAMELLIA_256_CBC_CTS, ossl_camellia256cbc_cts_functions),
ALG(PROV_NAMES_CAMELLIA_256_OFB, ossl_camellia256ofb_functions),
ALG(PROV_NAMES_CAMELLIA_192_OFB, ossl_camellia192ofb_functions),
ALG(PROV_NAMES_CAMELLIA_128_OFB, ossl_camellia128ofb_functions),
/* ossl_camellia128ctr_functions */
IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 128, 8, 128, stream)
+#include "cipher_camellia_cts.inc"
--- /dev/null
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for CAMELLIA CBC CTS ciphers */
+
+#include <openssl/proverr.h>
+#include "cipher_cts.h"
+
+#define CTS_FLAGS PROV_CIPHER_FLAG_CTS
+
+static OSSL_FUNC_cipher_encrypt_init_fn camellia_cbc_cts_einit;
+static OSSL_FUNC_cipher_decrypt_init_fn camellia_cbc_cts_dinit;
+static OSSL_FUNC_cipher_get_ctx_params_fn camellia_cbc_cts_get_ctx_params;
+static OSSL_FUNC_cipher_set_ctx_params_fn camellia_cbc_cts_set_ctx_params;
+static OSSL_FUNC_cipher_gettable_ctx_params_fn camellia_cbc_cts_gettable_ctx_params;
+static OSSL_FUNC_cipher_settable_ctx_params_fn camellia_cbc_cts_settable_ctx_params;
+
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(camellia_cbc_cts)
+OSSL_PARAM_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, NULL, 0),
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(camellia_cbc_cts)
+
+static int camellia_cbc_cts_einit(void *ctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen,
+ const OSSL_PARAM params[])
+{
+ if (!ossl_cipher_generic_einit(ctx, key, keylen, iv, ivlen, NULL))
+ return 0;
+ return camellia_cbc_cts_set_ctx_params(ctx, params);
+}
+
+static int camellia_cbc_cts_dinit(void *ctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen,
+ const OSSL_PARAM params[])
+{
+ if (!ossl_cipher_generic_dinit(ctx, key, keylen, iv, ivlen, NULL))
+ return 0;
+ return camellia_cbc_cts_set_ctx_params(ctx, params);
+}
+
+static int camellia_cbc_cts_get_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+ PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+ OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS_MODE);
+ if (p != NULL) {
+ const char *name = ossl_cipher_cbc_cts_mode_id2name(ctx->cts_mode);
+
+ if (name == NULL || !OSSL_PARAM_set_utf8_string(p, name)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ }
+ return ossl_cipher_generic_get_ctx_params(vctx, params);
+}
+
+CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(camellia_cbc_cts)
+OSSL_PARAM_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, NULL, 0),
+CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(camellia_cbc_cts)
+
+static int camellia_cbc_cts_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+ PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+ const OSSL_PARAM *p;
+ int id;
+
+ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_CTS_MODE);
+ if (p != NULL) {
+ if (p->data_type != OSSL_PARAM_UTF8_STRING)
+ goto err;
+ id = ossl_cipher_cbc_cts_mode_name2id(p->data);
+ if (id < 0)
+ goto err;
+
+ ctx->cts_mode = (unsigned int)id;
+ }
+ return ossl_cipher_generic_set_ctx_params(vctx, params);
+err:
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+}
+
+/* ossl_camellia256cbc_cts_functions */
+IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 256, 128, 128, block)
+/* ossl_camellia192cbc_cts_functions */
+IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 192, 128, 128, block)
+/* ossl_camellia128cbc_cts_functions */
+IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 128, 128, 128, block)
extern const OSSL_DISPATCH ossl_camellia256cbc_functions[];
extern const OSSL_DISPATCH ossl_camellia192cbc_functions[];
extern const OSSL_DISPATCH ossl_camellia128cbc_functions[];
+extern const OSSL_DISPATCH ossl_camellia256cbc_cts_functions[];
+extern const OSSL_DISPATCH ossl_camellia192cbc_cts_functions[];
+extern const OSSL_DISPATCH ossl_camellia128cbc_cts_functions[];
extern const OSSL_DISPATCH ossl_camellia256ofb_functions[];
extern const OSSL_DISPATCH ossl_camellia192ofb_functions[];
extern const OSSL_DISPATCH ossl_camellia128ofb_functions[];
#define PROV_NAMES_CAMELLIA_256_CBC "CAMELLIA-256-CBC:CAMELLIA256:1.2.392.200011.61.1.1.1.4"
#define PROV_NAMES_CAMELLIA_192_CBC "CAMELLIA-192-CBC:CAMELLIA192:1.2.392.200011.61.1.1.1.3"
#define PROV_NAMES_CAMELLIA_128_CBC "CAMELLIA-128-CBC:CAMELLIA128:1.2.392.200011.61.1.1.1.2"
+#define PROV_NAMES_CAMELLIA_256_CBC_CTS "CAMELLIA-256-CBC-CTS"
+#define PROV_NAMES_CAMELLIA_192_CBC_CTS "CAMELLIA-192-CBC-CTS"
+#define PROV_NAMES_CAMELLIA_128_CBC_CTS "CAMELLIA-128-CBC-CTS"
#define PROV_NAMES_CAMELLIA_256_OFB "CAMELLIA-256-OFB:0.3.4401.5.3.1.9.43"
#define PROV_NAMES_CAMELLIA_192_OFB "CAMELLIA-192-OFB:0.3.4401.5.3.1.9.23"
#define PROV_NAMES_CAMELLIA_128_OFB "CAMELLIA-128-OFB:0.3.4401.5.3.1.9.3"
evpciph_aria.txt
evpciph_bf.txt
evpciph_camellia.txt
+ evpciph_camellia_cts.txt
evpciph_cast5.txt
evpciph_chacha.txt
evpciph_des.txt
--- /dev/null
+#
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+Title = Camellia CTS tests from RFC6803
+
+# The encryption test vectors in RFC6803 specify the base_key,
+# not the derived encryption key.
+# The encryption key was manually derived using:
+# ke = KBKDF(mac = CMAC, mode = FEEDBACK, base_key,
+# salt = 0000000 || usage || AA,
+# seed = 00000000000000000000000000000000)
+# NOTE: that the usage was not specified in the test vectors,
+# but is listed here in https://www.rfc-editor.org/errata_search.php?rfc=6803
+#
+# e.g: openssl kdf -cipher CAMELLIA-128-CBC
+# -keylen 16
+# -kdfopt hexkey:1DC46A8D763F4F93742BCBA3387576C3
+# -kdfopt hexsalt:00000000AA
+# -kdfopt mode:FEEDBACK
+# -kdfopt hexseed:00000000000000000000000000000000
+# -mac CMAC
+# KBKDF
+#
+# The ciphertext result also contains a MAC result so this was also manually stripped from the test data.
+# The random confounder is also prepended to the plaintext.
+#
+
+# 128-bit Camellia key: 1DC46A8D763F4F93742BCBA3387576C3
+# Key usage: 0
+# Random confounder: B69822A19A6B09C0EBC8557D1F1B6C0A
+# Plaintext: (empty)
+Cipher = CAMELLIA-128-CBC-CTS
+CTSMode = CS3
+Key = E99B82B36C4AE8EA19E95DFA9EDE882C
+IV = 00000000000000000000000000000000
+Plaintext = B69822A19A6B09C0EBC8557D1F1B6C0A
+Ciphertext = C466F1871069921EDB7C6FDE244A52DB
+
+# 128-bit Camellia key: 5027BC231D0F3A9D23333F1CA6FDBE7C
+# Key usage: 1
+# Random confounder: 6F2FC3C2A166FD8898967A83DE9596D9
+# Plaintext: 1 (31)
+Cipher = CAMELLIA-128-CBC-CTS
+CTSMode = CS3
+Key = A7EDCD5397EA6D12B0AFF4CB8DAA57AD
+IV = 00000000000000000000000000000000
+Plaintext = 6F2FC3C2A166FD8898967A83DE9596D931
+Ciphertext = 842D21FD950311C0DD464A3F4BE8D6DA88
+
+# 128-bit Camellia key: A1BB61E805F9BA6DDE8FDBDDC05CDEA0
+# Key usage: 2
+# Random confounder: A5B4A71E077AEEF93C8763C18FDB1F10
+# Plaintext: 9 bytesss (392062797465737373)
+Cipher = CAMELLIA-128-CBC-CTS
+CTSMode = CS3
+Key = DDE42ECA7CD9863FC3CE89CBC94362D7
+IV = 00000000000000000000000000000000
+Plaintext = A5B4A71E077AEEF93C8763C18FDB1F10392062797465737373
+Ciphertext = 619FF072E36286FF0A28DEB3A352EC0D0EDF5C5160D663C901
+
+# 128-bit Camellia key: 2CA27A5FAF5532244506434E1CEF6676
+# Key usage: 3
+# Random confounder: 19FEE40D810C524B5B22F01874C693DA
+# Plaintext: 13 bytes byte (31332062797465732062797465)
+Cipher = CAMELLIA-128-CBC-CTS
+CTSMode = CS3
+Key = C3113A258590B9AEBF721B1AF6B0CBF8
+IV = 00000000000000000000000000000000
+Plaintext = 19FEE40D810C524B5B22F01874C693DA31332062797465732062797465
+Ciphertext = B8ECA3167AE6315512E59F98A7C500205E5F63FF3BB389AF1C41A21D64
+
+# 128-bit Camellia key: 7824F8C16F83FF354C6BF7515B973F43
+# Key usage: 4
+# Random confounder: CA7A7AB4BE192DABD603506DB19C39E2
+# Plaintext: 30 bytes bytes bytes bytes byt (333020627974657320627974657320627974657320627974657320627974)
+Cipher = CAMELLIA-128-CBC-CTS
+CTSMode = CS3
+Key = 8B07EED30149916AA20DB3F5CED8AFAD
+IV = 00000000000000000000000000000000
+Plaintext = CA7A7AB4BE192DABD603506DB19C39E2333020627974657320627974657320627974657320627974657320627974
+Ciphertext = A26A3905A4FFD5816B7B1E27380D08090C8EC1F304496E1ABDCD2BDCD1DFFC660989E117A713DDBB57A4146C1587
+
+# 256-bit Camellia key: B61C86CC4E5D2757545AD423399FB7031ECAB913CBB900BD7A3C6DD8BF92015B
+# Key usage: 0
+# Random confounder: 3CBBD2B45917941067F96599BB98926C
+# Plaintext: (empty)
+Cipher = CAMELLIA-256-CBC-CTS
+CTSMode = CS3
+Key = 6CCB3F25D8AE57F4E8F6CA474BDDEFF116CE131B3F71012E756D6B1E3F70A7F1
+IV = 00000000000000000000000000000000
+Plaintext = 3CBBD2B45917941067F96599BB98926C
+Ciphertext = 03886D03310B47A6D8F06D7B94D1DD83
+
+# 256-bit Camellia key: 1B97FE0A190E2021EB30753E1B6E1E77B0754B1D684610355864104963463833
+# Key usage: 1
+# Random confounder: DEF487FCEBE6DE6346D4DA4521BBA2D2
+# Plaintext: 1 (31)
+Cipher = CAMELLIA-256-CBC-CTS
+CTSMode = CS3
+Key = E93173AA01EB3C246231DAFC7802EE32AF24851D8C7387D18CB9B2C5B7F570B8
+IV = 00000000000000000000000000000000
+Plaintext = DEF487FCEBE6DE6346D4DA4521BBA2D231
+Ciphertext = 2C9C1570133C99BF6A34BC1B0212002FD1
+
+# 256-bit Camellia key: 32164C5B434D1D1538E4CFD9BE8040FE8C4AC7ACC4B93D3314D2133668147A05
+# Key usage: 2
+# Random confounder: AD4FF904D34E555384B14100FC465F88
+# Plaintext: 9 bytesss (392062797465737373)
+Cipher = CAMELLIA-256-CBC-CTS
+CTSMode = CS3
+Key = CDA2D39A9B243FFEB56E8D5F4BD528741ECB520C62123FB040B8418B15C7D70C
+IV = 00000000000000000000000000000000
+Plaintext = AD4FF904D34E555384B14100FC465F88392062797465737373
+Ciphertext = 9C6DE75F812DE7ED0D28B2963557A115640998275B0AF51527
+
+# 256-bit Camellia key: B038B132CD8E06612267FAB7170066D88AECCBA0B744BFC60DC89BCA182D0715
+# Key usage: 3
+# Random confounder: CF9BCA6DF1144E0C0AF9B8F34C90D514
+# Plaintext: 13 bytes byte (31332062797465732062797465)
+Cipher = CAMELLIA-256-CBC-CTS
+CTSMode = CS3
+Key = CD8A10E279DADDB6901EC30BDF9873250F6EFC6A77367D74DC3EE7F74BC7774E
+IV = 00000000000000000000000000000000
+Plaintext = CF9BCA6DF1144E0C0AF9B8F34C90D51431332062797465732062797465
+Ciphertext = EEEC85A9813CDC536772AB9B42DEFC5706F726E975DDE05A87EB5406EA
+
+# 256-bit Camellia key: CCFCD349BF4C6677E86E4B02B8EAB924A546AC731CF9BF6989B996E7D6BFBBA7
+# Key usage: 4
+# Random confounder: 644DEF38DA35007275878D216855E228
+# Plaintext: 30 bytes bytes bytes bytes byt (333020627974657320627974657320627974657320627974657320627974)
+Cipher = CAMELLIA-256-CBC-CTS
+CTSMode = CS3
+Key = 1D5147F34BB001A04A68A71346E7654E0223A60D90BC2B79B4D87956D47CD42A
+IV = 00000000000000000000000000000000
+Plaintext = 644DEF38DA35007275878D216855E228333020627974657320627974657320627974657320627974657320627974
+Ciphertext = 0E44680985855F2D1F1812529CA83BFD8E349DE6FD9ADA0BAAA048D68E265FEBF34AD1255A344999AD37146887A6
projects / openssl.git / commitdiff