aligned_16bytes tmp_in;
size_t residue;
- if (len <= CTS_BLOCK_SIZE) /* CS3 requires 2 blocks */
+ if (len < CTS_BLOCK_SIZE) /* CS3 requires at least one block */
return 0;
+ /* If we only have one block then just process the aligned block */
+ if (len == CTS_BLOCK_SIZE)
+ return ctx->hw->cipher(ctx, out, in, len) ? len : 0;
+
residue = len % CTS_BLOCK_SIZE;
if (residue == 0)
residue = CTS_BLOCK_SIZE;
aligned_16bytes mid_iv, ct_mid, pt_last;
size_t residue;
- if (len <= CTS_BLOCK_SIZE) /* CS3 requires 2 blocks */
+ if (len < CTS_BLOCK_SIZE) /* CS3 requires at least one block */
return 0;
+ /* If we only have one block then just process the aligned block */
+ if (len == CTS_BLOCK_SIZE)
+ return ctx->hw->cipher(ctx, out, in, len) ? len : 0;
+
/* Process blocks at the start - but leave the last 2 blocks */
residue = len % CTS_BLOCK_SIZE;
if (residue == 0)
Plaintext = 0102030405060708090A0B0C0D0E0F
Result = CIPHERUPDATE_ERROR
-# 16 bytes should fail for CS3 (since it always needs 2 blocks).
+# 16 bytes input
+Cipher = AES-128-CBC
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 0102030405060708090A0B0C0D0E0F00
+Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e
+
+# 16 bytes with CS3 should return the same as plain CBC mode.
+Cipher = AES-128-CBC-CTS
+CTSMode = CS1
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 0102030405060708090A0B0C0D0E0F00
+Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e
+
+Cipher = AES-128-CBC-CTS
+CTSMode = CS2
+Key = 636869636b656e207465726979616b69
+IV = 00000000000000000000000000000000
+Plaintext = 0102030405060708090A0B0C0D0E0F00
+Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e
+
Cipher = AES-128-CBC-CTS
CTSMode = CS3
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 0102030405060708090A0B0C0D0E0F00
-Result = CIPHERUPDATE_ERROR
+Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e