From d42d0a4dc7925e3ea398821028a254c94665d733 Mon Sep 17 00:00:00 2001 From: Pauli Date: Wed, 1 Feb 2017 10:10:13 +1000 Subject: [PATCH] Implementation of the ARIA cipher as described in RFC 5794. This implementation is written in endian agnostic C code. No attempt at providing machine specific assembly code has been made. This implementation expands the evptests by including the test cases from RFC 5794 and ARIA official site rather than providing an individual test case. Support for ARIA has been integrated into the command line applications, but not TLS. Implemented modes are CBC, CFB1, CFB8, CFB128, CTR, ECB and OFB128. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2337) --- Configure | 6 +- apps/openssl.c | 5 +- config | 4 +- crypto/aria/aria.c | 454 +++++++++++++++++++++++++++++++++ crypto/aria/build.info | 4 + crypto/evp/build.info | 2 +- crypto/evp/c_allc.c | 32 ++- crypto/evp/e_aria.c | 156 +++++++++++ crypto/evp/evp_err.c | 2 + crypto/include/internal/aria.h | 56 ++++ crypto/objects/obj_dat.h | 105 +++++++- crypto/objects/obj_dat.pl | 4 +- crypto/objects/obj_mac.num | 21 ++ crypto/objects/objects.pl | 4 +- crypto/objects/objects.txt | 35 +++ doc/man1/ciphers.pod | 22 +- doc/man1/dsa.pod | 7 +- doc/man1/gendsa.pod | 7 +- doc/man1/genrsa.pod | 7 +- doc/man1/pkcs12.pod | 8 +- doc/man1/rsa.pod | 7 +- include/openssl/evp.h | 28 ++ include/openssl/obj_mac.h | 103 +++++++- ssl/ssl_ciph.c | 5 +- test/evptests.txt | 124 +++++++++ util/libcrypto.num | 21 ++ util/mkdef.pl | 2 +- 27 files changed, 1197 insertions(+), 34 deletions(-) create mode 100644 crypto/aria/aria.c create mode 100644 crypto/aria/build.info create mode 100644 crypto/evp/e_aria.c create mode 100644 crypto/include/internal/aria.h diff --git a/Configure b/Configure index ac2571f932..1510818bcc 100755 --- a/Configure +++ b/Configure @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -314,7 +314,7 @@ $config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", " $config{sdirs} = [ "objects", "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", - "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes", + "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "chacha", "modes", "bn", "ec", "rsa", "dsa", "dh", "dso", "engine", "buffer", "bio", "stack", "lhash", "rand", "err", "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", @@ -333,6 +333,7 @@ my @dtls = qw(dtls1 dtls1_2); my @disablables = ( "afalgeng", + "aria", "asan", "asm", "async", @@ -433,6 +434,7 @@ my %deprecated_disablables = ( # All of the following is disabled by default (RC5 was enabled before 0.9.8): our %disabled = ( # "what" => "comment" + "aria" => "default", "asan" => "default", "crypto-mdebug" => "default", "crypto-mdebug-backtrace" => "default", diff --git a/apps/openssl.c b/apps/openssl.c index 6e63df1fc2..bb776eb310 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -571,6 +571,9 @@ static int SortFnByName(const void *_f1, const void *_f2) static void list_disabled(void) { BIO_puts(bio_out, "Disabled algorithms:\n"); +#ifdef OPENSSL_NO_ARIA + BIO_puts(bio_out, "ARIA\n"); +#endif #ifdef OPENSSL_NO_BF BIO_puts(bio_out, "BF\n"); #endif diff --git a/config b/config index 641d8f509e..0ddff8abfc 100755 --- a/config +++ b/config @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -855,7 +855,7 @@ case "$GUESSOS" in i386-*) options="$options 386" ;; esac -for i in aes bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha +for i in aes aria bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha do if [ ! -d $THERE/crypto/$i ] then diff --git a/crypto/aria/aria.c b/crypto/aria/aria.c new file mode 100644 index 0000000000..7e17e30396 --- /dev/null +++ b/crypto/aria/aria.c @@ -0,0 +1,454 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* ==================================================================== + * Copyright (c) 2017 Oracle and/or its affiliates. All rights reserved. + */ + +#include +#include +#include +#include "internal/aria.h" + +static const unsigned char sb1[256] = { + 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, + 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, + 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, + 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, + 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, + 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, + 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, + 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, + 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, + 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, + 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, + 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, + 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, + 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, + 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, + 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, + 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, + 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, + 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, + 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, + 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, + 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, + 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, + 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, + 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, + 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, + 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, + 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, + 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, + 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, + 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, + 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 +}; + +static const unsigned char sb2[256] = { + 0xe2, 0x4e, 0x54, 0xfc, 0x94, 0xc2, 0x4a, 0xcc, + 0x62, 0x0d, 0x6a, 0x46, 0x3c, 0x4d, 0x8b, 0xd1, + 0x5e, 0xfa, 0x64, 0xcb, 0xb4, 0x97, 0xbe, 0x2b, + 0xbc, 0x77, 0x2e, 0x03, 0xd3, 0x19, 0x59, 0xc1, + 0x1d, 0x06, 0x41, 0x6b, 0x55, 0xf0, 0x99, 0x69, + 0xea, 0x9c, 0x18, 0xae, 0x63, 0xdf, 0xe7, 0xbb, + 0x00, 0x73, 0x66, 0xfb, 0x96, 0x4c, 0x85, 0xe4, + 0x3a, 0x09, 0x45, 0xaa, 0x0f, 0xee, 0x10, 0xeb, + 0x2d, 0x7f, 0xf4, 0x29, 0xac, 0xcf, 0xad, 0x91, + 0x8d, 0x78, 0xc8, 0x95, 0xf9, 0x2f, 0xce, 0xcd, + 0x08, 0x7a, 0x88, 0x38, 0x5c, 0x83, 0x2a, 0x28, + 0x47, 0xdb, 0xb8, 0xc7, 0x93, 0xa4, 0x12, 0x53, + 0xff, 0x87, 0x0e, 0x31, 0x36, 0x21, 0x58, 0x48, + 0x01, 0x8e, 0x37, 0x74, 0x32, 0xca, 0xe9, 0xb1, + 0xb7, 0xab, 0x0c, 0xd7, 0xc4, 0x56, 0x42, 0x26, + 0x07, 0x98, 0x60, 0xd9, 0xb6, 0xb9, 0x11, 0x40, + 0xec, 0x20, 0x8c, 0xbd, 0xa0, 0xc9, 0x84, 0x04, + 0x49, 0x23, 0xf1, 0x4f, 0x50, 0x1f, 0x13, 0xdc, + 0xd8, 0xc0, 0x9e, 0x57, 0xe3, 0xc3, 0x7b, 0x65, + 0x3b, 0x02, 0x8f, 0x3e, 0xe8, 0x25, 0x92, 0xe5, + 0x15, 0xdd, 0xfd, 0x17, 0xa9, 0xbf, 0xd4, 0x9a, + 0x7e, 0xc5, 0x39, 0x67, 0xfe, 0x76, 0x9d, 0x43, + 0xa7, 0xe1, 0xd0, 0xf5, 0x68, 0xf2, 0x1b, 0x34, + 0x70, 0x05, 0xa3, 0x8a, 0xd5, 0x79, 0x86, 0xa8, + 0x30, 0xc6, 0x51, 0x4b, 0x1e, 0xa6, 0x27, 0xf6, + 0x35, 0xd2, 0x6e, 0x24, 0x16, 0x82, 0x5f, 0xda, + 0xe6, 0x75, 0xa2, 0xef, 0x2c, 0xb2, 0x1c, 0x9f, + 0x5d, 0x6f, 0x80, 0x0a, 0x72, 0x44, 0x9b, 0x6c, + 0x90, 0x0b, 0x5b, 0x33, 0x7d, 0x5a, 0x52, 0xf3, + 0x61, 0xa1, 0xf7, 0xb0, 0xd6, 0x3f, 0x7c, 0x6d, + 0xed, 0x14, 0xe0, 0xa5, 0x3d, 0x22, 0xb3, 0xf8, + 0x89, 0xde, 0x71, 0x1a, 0xaf, 0xba, 0xb5, 0x81 +}; + +static const unsigned char sb3[256] = { + 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, + 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, + 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, + 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, + 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, + 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, + 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, + 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, + 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, + 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, + 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, + 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, + 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, + 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, + 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, + 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, + 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, + 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, + 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, + 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, + 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, + 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, + 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, + 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, + 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, + 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, + 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, + 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, + 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, + 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, + 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d +}; + +static const unsigned char sb4[256] = { + 0x30, 0x68, 0x99, 0x1b, 0x87, 0xb9, 0x21, 0x78, + 0x50, 0x39, 0xdb, 0xe1, 0x72, 0x09, 0x62, 0x3c, + 0x3e, 0x7e, 0x5e, 0x8e, 0xf1, 0xa0, 0xcc, 0xa3, + 0x2a, 0x1d, 0xfb, 0xb6, 0xd6, 0x20, 0xc4, 0x8d, + 0x81, 0x65, 0xf5, 0x89, 0xcb, 0x9d, 0x77, 0xc6, + 0x57, 0x43, 0x56, 0x17, 0xd4, 0x40, 0x1a, 0x4d, + 0xc0, 0x63, 0x6c, 0xe3, 0xb7, 0xc8, 0x64, 0x6a, + 0x53, 0xaa, 0x38, 0x98, 0x0c, 0xf4, 0x9b, 0xed, + 0x7f, 0x22, 0x76, 0xaf, 0xdd, 0x3a, 0x0b, 0x58, + 0x67, 0x88, 0x06, 0xc3, 0x35, 0x0d, 0x01, 0x8b, + 0x8c, 0xc2, 0xe6, 0x5f, 0x02, 0x24, 0x75, 0x93, + 0x66, 0x1e, 0xe5, 0xe2, 0x54, 0xd8, 0x10, 0xce, + 0x7a, 0xe8, 0x08, 0x2c, 0x12, 0x97, 0x32, 0xab, + 0xb4, 0x27, 0x0a, 0x23, 0xdf, 0xef, 0xca, 0xd9, + 0xb8, 0xfa, 0xdc, 0x31, 0x6b, 0xd1, 0xad, 0x19, + 0x49, 0xbd, 0x51, 0x96, 0xee, 0xe4, 0xa8, 0x41, + 0xda, 0xff, 0xcd, 0x55, 0x86, 0x36, 0xbe, 0x61, + 0x52, 0xf8, 0xbb, 0x0e, 0x82, 0x48, 0x69, 0x9a, + 0xe0, 0x47, 0x9e, 0x5c, 0x04, 0x4b, 0x34, 0x15, + 0x79, 0x26, 0xa7, 0xde, 0x29, 0xae, 0x92, 0xd7, + 0x84, 0xe9, 0xd2, 0xba, 0x5d, 0xf3, 0xc5, 0xb0, + 0xbf, 0xa4, 0x3b, 0x71, 0x44, 0x46, 0x2b, 0xfc, + 0xeb, 0x6f, 0xd5, 0xf6, 0x14, 0xfe, 0x7c, 0x70, + 0x5a, 0x7d, 0xfd, 0x2f, 0x18, 0x83, 0x16, 0xa5, + 0x91, 0x1f, 0x05, 0x95, 0x74, 0xa9, 0xc1, 0x5b, + 0x4a, 0x85, 0x6d, 0x13, 0x07, 0x4f, 0x4e, 0x45, + 0xb2, 0x0f, 0xc9, 0x1c, 0xa6, 0xbc, 0xec, 0x73, + 0x90, 0x7b, 0xcf, 0x59, 0x8f, 0xa1, 0xf9, 0x2d, + 0xf2, 0xb1, 0x00, 0x94, 0x37, 0x9f, 0xd0, 0x2e, + 0x9c, 0x6e, 0x28, 0x3f, 0x80, 0xf0, 0x3d, 0xd3, + 0x25, 0x8a, 0xb5, 0xe7, 0x42, 0xb3, 0xc7, 0xea, + 0xf7, 0x4c, 0x11, 0x33, 0x03, 0xa2, 0xac, 0x60 +}; + +static const ARIA_u128 c1 = { + 0x51, 0x7c, 0xc1, 0xb7, 0x27, 0x22, 0x0a, 0x94, + 0xfe, 0x13, 0xab, 0xe8, 0xfa, 0x9a, 0x6e, 0xe0 +}; + +static const ARIA_u128 c2 = { + 0x6d, 0xb1, 0x4a, 0xcc, 0x9e, 0x21, 0xc8, 0x20, + 0xff, 0x28, 0xb1, 0xd5, 0xef, 0x5d, 0xe2, 0xb0 +}; + +static const ARIA_u128 c3 = { + 0xdb, 0x92, 0x37, 0x1d, 0x21, 0x26, 0xe9, 0x70, + 0x03, 0x24, 0x97, 0x75, 0x04, 0xe8, 0xc9, 0x0e +}; + +/* + * Exclusive or two 128 bit values into the result. + * It is safe for the result to be the same as the either input. + */ +static void xor128(ARIA_u128 o, const ARIA_u128 x, const ARIA_u128 y) +{ + int i; + + for (i = 0; i < ARIA_BLOCK_SIZE; i++) + o[i] = x[i] ^ y[i]; +} + +/* + * Generalised circular rotate right and exclusive or function. + * It is safe for the output to overlap either input. + */ +static ossl_inline void rotnr(unsigned int n, ARIA_u128 o, const ARIA_u128 xor, + const ARIA_u128 z) +{ + const unsigned int bytes = n / 8, bits = n % 8; + unsigned int i; + ARIA_u128 t; + + for (i = 0; i < ARIA_BLOCK_SIZE; i++) + t[(i + bytes) % ARIA_BLOCK_SIZE] = z[i]; + for (i = 0; i < ARIA_BLOCK_SIZE; i++) + o[i] = ((t[i] >> bits) | + (t[i ? i - 1 : ARIA_BLOCK_SIZE - 1] << (8 - bits))) ^ xor[i]; +} + +/* + * Circular rotate 19 bits right and xor. + * It is safe for the output to overlap either input. + */ +static void rot19r(ARIA_u128 o, const ARIA_u128 xor, const ARIA_u128 z) +{ + rotnr(19, o, xor, z); +} + +/* + * Circular rotate 31 bits right and xor. + * It is safe for the output to overlap either input. + */ +static void rot31r(ARIA_u128 o, const ARIA_u128 xor, const ARIA_u128 z) +{ + rotnr(31, o, xor, z); +} + +/* + * Circular rotate 61 bits left and xor. + * It is safe for the output to overlap either input. + */ +static void rot61l(ARIA_u128 o, const ARIA_u128 xor, const ARIA_u128 z) +{ + rotnr(8 * ARIA_BLOCK_SIZE - 61, o, xor, z); +} + +/* + * Circular rotate 31 bits left and xor. + * It is safe for the output to overlap either input. + */ +static void rot31l(ARIA_u128 o, const ARIA_u128 xor, const ARIA_u128 z) +{ + rotnr(8 * ARIA_BLOCK_SIZE - 31, o, xor, z); +} + +/* + * Circular rotate 19 bits left and xor. + * It is safe for the output to overlap either input. + */ +static void rot19l(ARIA_u128 o, const ARIA_u128 xor, const ARIA_u128 z) +{ + rotnr(8 * ARIA_BLOCK_SIZE - 19, o, xor, z); +} + +/* + * First substitution and xor layer, used for odd steps. + * It is safe for the input and output to be the same. + */ +static void sl1(ARIA_u128 o, const ARIA_u128 x, const ARIA_u128 y) +{ + unsigned int i; + for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) { + o[i ] = sb1[x[i ] ^ y[i ]]; + o[i + 1] = sb2[x[i + 1] ^ y[i + 1]]; + o[i + 2] = sb3[x[i + 2] ^ y[i + 2]]; + o[i + 3] = sb4[x[i + 3] ^ y[i + 3]]; + } +} + +/* + * Second substitution and xor layer, used for even steps. + * It is safe for the input and output to be the same. + */ +static void sl2(ARIA_u128 o, const ARIA_u128 x, const ARIA_u128 y) +{ + unsigned int i; + for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) { + o[i ] = sb3[x[i ] ^ y[i ]]; + o[i + 1] = sb4[x[i + 1] ^ y[i + 1]]; + o[i + 2] = sb1[x[i + 2] ^ y[i + 2]]; + o[i + 3] = sb2[x[i + 3] ^ y[i + 3]]; + } +} + +/* + * Diffusion layer step + * It is NOT safe for the input and output to overlap. + */ +static void a(ARIA_u128 y, const ARIA_u128 x) +{ + y[ 0] = x[3] ^ x[4] ^ x[6] ^ x[ 8] ^ x[ 9] ^ x[13] ^ x[14]; + y[ 1] = x[2] ^ x[5] ^ x[7] ^ x[ 8] ^ x[ 9] ^ x[12] ^ x[15]; + y[ 2] = x[1] ^ x[4] ^ x[6] ^ x[10] ^ x[11] ^ x[12] ^ x[15]; + y[ 3] = x[0] ^ x[5] ^ x[7] ^ x[10] ^ x[11] ^ x[13] ^ x[14]; + y[ 4] = x[0] ^ x[2] ^ x[5] ^ x[ 8] ^ x[11] ^ x[14] ^ x[15]; + y[ 5] = x[1] ^ x[3] ^ x[4] ^ x[ 9] ^ x[10] ^ x[14] ^ x[15]; + y[ 6] = x[0] ^ x[2] ^ x[7] ^ x[ 9] ^ x[10] ^ x[12] ^ x[13]; + y[ 7] = x[1] ^ x[3] ^ x[6] ^ x[ 8] ^ x[11] ^ x[12] ^ x[13]; + y[ 8] = x[0] ^ x[1] ^ x[4] ^ x[ 7] ^ x[10] ^ x[13] ^ x[15]; + y[ 9] = x[0] ^ x[1] ^ x[5] ^ x[ 6] ^ x[11] ^ x[12] ^ x[14]; + y[10] = x[2] ^ x[3] ^ x[5] ^ x[ 6] ^ x[ 8] ^ x[13] ^ x[15]; + y[11] = x[2] ^ x[3] ^ x[4] ^ x[ 7] ^ x[ 9] ^ x[12] ^ x[14]; + y[12] = x[1] ^ x[2] ^ x[6] ^ x[ 7] ^ x[ 9] ^ x[11] ^ x[12]; + y[13] = x[0] ^ x[3] ^ x[6] ^ x[ 7] ^ x[ 8] ^ x[10] ^ x[13]; + y[14] = x[0] ^ x[3] ^ x[4] ^ x[ 5] ^ x[ 9] ^ x[11] ^ x[14]; + y[15] = x[1] ^ x[2] ^ x[4] ^ x[ 5] ^ x[ 8] ^ x[10] ^ x[15]; +} + +/* + * Odd round function + * Apply the first substitution layer and then a diffusion step. + * It is safe for the input and output to overlap. + */ +static ossl_inline void FO(ARIA_u128 o, const ARIA_u128 d, const ARIA_u128 rk) +{ + ARIA_u128 y; + + sl1(y, d, rk); + a(o, y); +} + +/* + * Even round function + * Apply the second substitution layer and then a diffusion step. + * It is safe for the input and output to overlap. + */ +static ossl_inline void FE(ARIA_u128 o, const ARIA_u128 d, const ARIA_u128 rk) +{ + ARIA_u128 y; + + sl2(y, d, rk); + a(o, y); +} + +/* + * Encrypt or decrypt a single block + * in and out can overlap + */ +static void do_encrypt(ARIA_u128 o, const ARIA_u128 pin, unsigned int rounds, + const ARIA_u128 *keys) +{ + ARIA_u128 p; + unsigned int i; + + memcpy(p, pin, sizeof(p)); + for (i = 0; i < rounds - 2; i += 2) { + FO(p, p, keys[i]); + FE(p, p, keys[i + 1]); + } + FO(p, p, keys[rounds - 2]); + sl2(o, p, keys[rounds - 1]); + xor128(o, o, keys[rounds]); +} + +/* + * Encrypt a single block + * in and out can overlap + */ +void aria_encrypt(const unsigned char *in, unsigned char *out, + const ARIA_KEY *key) +{ + assert(in != NULL && out != NULL && key != NULL); + do_encrypt(out, in, key->rounds, key->rd_key); +} + + +/* + * Expand the cipher key into the encryption key schedule. + * We short circuit execution of the last two + * or four rotations based on the key size. + */ +int aria_set_encrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key) +{ + const unsigned char *ck1, *ck2, *ck3; + ARIA_u128 kr, w0, w1, w2, w3; + + if (!userKey || !key) + return -1; + memcpy(w0, userKey, sizeof(w0)); + switch (bits) { + default: + return -2; + case 128: + key->rounds = 12; + ck1 = c1; + ck2 = c2; + ck3 = c3; + memset(kr, 0, sizeof(kr)); + break; + + case 192: + key->rounds = 14; + ck1 = c2; + ck2 = c3; + ck3 = c1; + memcpy(kr, userKey + ARIA_BLOCK_SIZE, sizeof(kr) / 2); + memset(kr + ARIA_BLOCK_SIZE / 2, 0, sizeof(kr) / 2); + break; + + case 256: + key->rounds = 16; + ck1 = c3; + ck2 = c1; + ck3 = c2; + memcpy(kr, userKey + ARIA_BLOCK_SIZE, sizeof(kr)); + break; + } + + FO(w3, w0, ck1); xor128(w1, w3, kr); + FE(w3, w1, ck2); xor128(w2, w3, w0); + FO(kr, w2, ck3); xor128(w3, kr, w1); + + rot19r(key->rd_key[ 0], w0, w1); + rot19r(key->rd_key[ 1], w1, w2); + rot19r(key->rd_key[ 2], w2, w3); + rot19r(key->rd_key[ 3], w3, w0); + + rot31r(key->rd_key[ 4], w0, w1); + rot31r(key->rd_key[ 5], w1, w2); + rot31r(key->rd_key[ 6], w2, w3); + rot31r(key->rd_key[ 7], w3, w0); + + rot61l(key->rd_key[ 8], w0, w1); + rot61l(key->rd_key[ 9], w1, w2); + rot61l(key->rd_key[10], w2, w3); + rot61l(key->rd_key[11], w3, w0); + + rot31l(key->rd_key[12], w0, w1); + if (key->rounds > 12) { + rot31l(key->rd_key[13], w1, w2); + rot31l(key->rd_key[14], w2, w3); + + if (key->rounds > 14) { + rot31l(key->rd_key[15], w3, w0); + rot19l(key->rd_key[16], w0, w1); + } + } + return 0; +} + +/* + * Expand the cipher key into the decryption key schedule. + */ +int aria_set_decrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key) +{ + ARIA_KEY ek; + const int r = aria_set_encrypt_key(userKey, bits, &ek); + unsigned int i, rounds = ek.rounds; + + if (r == 0) { + key->rounds = rounds; + memcpy(key->rd_key[0], ek.rd_key[rounds], sizeof(key->rd_key[0])); + for (i = 1; i < rounds; i++) + a(key->rd_key[i], ek.rd_key[rounds - i]); + memcpy(key->rd_key[rounds], ek.rd_key[0], sizeof(key->rd_key[rounds])); + } + return r; +} diff --git a/crypto/aria/build.info b/crypto/aria/build.info new file mode 100644 index 0000000000..218d0612f7 --- /dev/null +++ b/crypto/aria/build.info @@ -0,0 +1,4 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ + aria.c + diff --git a/crypto/evp/build.info b/crypto/evp/build.info index bf633dc713..c0df858ae0 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -2,7 +2,7 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ encode.c digest.c evp_enc.c evp_key.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ - e_rc4.c e_aes.c names.c e_seed.c \ + e_rc4.c e_aes.c names.c e_seed.c e_aria.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \ m_md5_sha1.c m_mdc2.c m_ripemd.c \ diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 6ed31edbcb..76edfbd37b 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -181,6 +181,36 @@ void openssl_add_all_ciphers_int(void) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); +#ifndef OPENSSL_NO_ARIA + EVP_add_cipher(EVP_aria_128_ecb()); + EVP_add_cipher(EVP_aria_128_cbc()); + EVP_add_cipher(EVP_aria_128_cfb()); + EVP_add_cipher(EVP_aria_128_cfb1()); + EVP_add_cipher(EVP_aria_128_cfb8()); + EVP_add_cipher(EVP_aria_128_ctr()); + EVP_add_cipher(EVP_aria_128_ofb()); + EVP_add_cipher_alias(SN_aria_128_cbc, "ARIA128"); + EVP_add_cipher_alias(SN_aria_128_cbc, "aria128"); + EVP_add_cipher(EVP_aria_192_ecb()); + EVP_add_cipher(EVP_aria_192_cbc()); + EVP_add_cipher(EVP_aria_192_cfb()); + EVP_add_cipher(EVP_aria_192_cfb1()); + EVP_add_cipher(EVP_aria_192_cfb8()); + EVP_add_cipher(EVP_aria_192_ctr()); + EVP_add_cipher(EVP_aria_192_ofb()); + EVP_add_cipher_alias(SN_aria_192_cbc, "ARIA192"); + EVP_add_cipher_alias(SN_aria_192_cbc, "aria192"); + EVP_add_cipher(EVP_aria_256_ecb()); + EVP_add_cipher(EVP_aria_256_cbc()); + EVP_add_cipher(EVP_aria_256_cfb()); + EVP_add_cipher(EVP_aria_256_cfb1()); + EVP_add_cipher(EVP_aria_256_cfb8()); + EVP_add_cipher(EVP_aria_256_ctr()); + EVP_add_cipher(EVP_aria_256_ofb()); + EVP_add_cipher_alias(SN_aria_256_cbc, "ARIA256"); + EVP_add_cipher_alias(SN_aria_256_cbc, "aria256"); +#endif + #ifndef OPENSSL_NO_CAMELLIA EVP_add_cipher(EVP_camellia_128_ecb()); EVP_add_cipher(EVP_camellia_128_cbc()); diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c new file mode 100644 index 0000000000..8745bfeb26 --- /dev/null +++ b/crypto/evp/e_aria.c @@ -0,0 +1,156 @@ +/* + * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* ==================================================================== + * Copyright (c) 2017 Oracle and/or its affiliates. All rights reserved. + */ + +#include "internal/cryptlib.h" +#ifndef OPENSSL_NO_ARIA +# include +# include +# include"internal/aria.h" +# include "internal/evp_int.h" + +/* ARIA subkey Structure */ +typedef struct { + ARIA_KEY ks; +} EVP_ARIA_KEY; + +/* The subkey for ARIA is generated. */ +static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + int ret; + int mode = EVP_CIPHER_CTX_mode(ctx); + + if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) + ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + EVP_CIPHER_CTX_get_cipher_data(ctx)); + else + ret = aria_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + EVP_CIPHER_CTX_get_cipher_data(ctx)); + if (ret < 0) { + EVPerr(EVP_F_ARIA_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED); + return 0; + } + return 1; +} + +static void aria_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const ARIA_KEY *key, + unsigned char *ivec, const int enc) +{ + + if (enc) + CRYPTO_cbc128_encrypt(in, out, len, key, ivec, + (block128_f) aria_encrypt); + else + CRYPTO_cbc128_decrypt(in, out, len, key, ivec, + (block128_f) aria_encrypt); +} + +static void aria_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const ARIA_KEY *key, + unsigned char *ivec, int *num, const int enc) +{ + + CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, + (block128_f) aria_encrypt); +} + +static void aria_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const ARIA_KEY *key, + unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, + (block128_f) aria_encrypt); +} + +static void aria_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const ARIA_KEY *key, + unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, + (block128_f) aria_encrypt); +} + +static void aria_ecb_encrypt(const unsigned char *in, unsigned char *out, + const ARIA_KEY *key, const int enc) +{ + aria_encrypt(in, out, key); +} + +static void aria_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const ARIA_KEY *key, + unsigned char *ivec, int *num) +{ + CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, + (block128_f) aria_encrypt); +} + +IMPLEMENT_BLOCK_CIPHER(aria_128, ks, aria, EVP_ARIA_KEY, + NID_aria_128, 16, 16, 16, 128, + 0, aria_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) +IMPLEMENT_BLOCK_CIPHER(aria_192, ks, aria, EVP_ARIA_KEY, + NID_aria_192, 16, 24, 16, 128, + 0, aria_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) +IMPLEMENT_BLOCK_CIPHER(aria_256, ks, aria, EVP_ARIA_KEY, + NID_aria_256, 16, 32, 16, 128, + 0, aria_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) + +# define IMPLEMENT_ARIA_CFBR(ksize,cbits) \ + IMPLEMENT_CFBR(aria,aria,EVP_ARIA_KEY,ks,ksize,cbits,16,0) +IMPLEMENT_ARIA_CFBR(128,1) +IMPLEMENT_ARIA_CFBR(192,1) +IMPLEMENT_ARIA_CFBR(256,1) +IMPLEMENT_ARIA_CFBR(128,8) +IMPLEMENT_ARIA_CFBR(192,8) +IMPLEMENT_ARIA_CFBR(256,8) + +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +static const EVP_CIPHER aria_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aria_init_key, \ + aria_##mode##_cipher, \ + NULL, \ + sizeof(EVP_ARIA_KEY), \ + NULL,NULL,NULL,NULL }; \ +const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \ +{ return &aria_##keylen##_##mode; } + +static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + unsigned int num = EVP_CIPHER_CTX_num(ctx); + EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY,ctx); + + CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_buf_noconst(ctx), &num, + (block128_f) aria_encrypt); + EVP_CIPHER_CTX_set_num(ctx, num); + return 1; +} + +BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0) +BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0) +BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0) + +#endif diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 6ff9ec4eae..eb73a5a555 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -25,6 +25,7 @@ static ERR_STRING_DATA EVP_str_functs[] = { {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"}, {ERR_FUNC(EVP_F_AES_WRAP_CIPHER), "aes_wrap_cipher"}, {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"}, + {ERR_FUNC(EVP_F_ARIA_INIT_KEY), "aria_init_key"}, {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"}, {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"}, {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "cmll_t4_init_key"}, @@ -97,6 +98,7 @@ static ERR_STRING_DATA EVP_str_functs[] = { static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"}, + {ERR_REASON(EVP_R_ARIA_KEY_SETUP_FAILED), "aria key setup failed"}, {ERR_REASON(EVP_R_BAD_DECRYPT), "bad decrypt"}, {ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), diff --git a/crypto/include/internal/aria.h b/crypto/include/internal/aria.h new file mode 100644 index 0000000000..4d37189ae4 --- /dev/null +++ b/crypto/include/internal/aria.h @@ -0,0 +1,56 @@ +/* + * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* ==================================================================== + * Copyright (c) 2017 Oracle and/or its affiliates. All rights reserved. + */ + +#ifndef HEADER_ARIA_H +# define HEADER_ARIA_H + +# include + +# ifdef OPENSSL_NO_ARIA +# error ARIA is disabled. +# endif + +# include + +# define ARIA_ENCRYPT 1 +# define ARIA_DECRYPT 0 + +# define ARIA_BLOCK_SIZE 16 /* Size of each encryption/decription block */ +# define ARIA_MAX_KEYS 17 /* Number of keys needed in the worst case */ + +# ifdef __cplusplus +extern "C" { +# endif + +typedef unsigned char ARIA_u128[ARIA_BLOCK_SIZE]; + +struct aria_key_st { + unsigned int rounds; + ARIA_u128 rd_key[ARIA_MAX_KEYS]; +}; +typedef struct aria_key_st ARIA_KEY; + + +int aria_set_encrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key); +int aria_set_decrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key); + +void aria_encrypt(const unsigned char *in, unsigned char *out, + const ARIA_KEY *key); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 8de2592341..93843e16c2 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[6765] = { +static const unsigned char so[6900] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -961,9 +961,24 @@ static const unsigned char so[6765] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13, /* [ 6731] OBJ_id_smime_ct_contentCollection */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17, /* [ 6742] OBJ_id_smime_ct_authEnvelopedData */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C, /* [ 6753] OBJ_id_ct_xml */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x01, /* [ 6764] OBJ_aria_128_ecb */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x02, /* [ 6773] OBJ_aria_128_cbc */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x03, /* [ 6782] OBJ_aria_128_cfb128 */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x04, /* [ 6791] OBJ_aria_128_ofb128 */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x05, /* [ 6800] OBJ_aria_128_ctr */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x06, /* [ 6809] OBJ_aria_192_ecb */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x07, /* [ 6818] OBJ_aria_192_cbc */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x08, /* [ 6827] OBJ_aria_192_cfb128 */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x09, /* [ 6836] OBJ_aria_192_ofb128 */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0A, /* [ 6845] OBJ_aria_192_ctr */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0B, /* [ 6854] OBJ_aria_256_ecb */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0C, /* [ 6863] OBJ_aria_256_cbc */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0D, /* [ 6872] OBJ_aria_256_cfb128 */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0E, /* [ 6881] OBJ_aria_256_ofb128 */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0F, /* [ 6890] OBJ_aria_256_ctr */ }; -#define NUM_NID 1065 +#define NUM_NID 1086 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2030,9 +2045,30 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"SipHash", "siphash", NID_siphash}, {"KxANY", "kx-any", NID_kx_any}, {"AuthANY", "auth-any", NID_auth_any}, + {"ARIA-128-ECB", "aria-128-ecb", NID_aria_128_ecb, 9, &so[6764]}, + {"ARIA-128-CBC", "aria-128-cbc", NID_aria_128_cbc, 9, &so[6773]}, + {"ARIA-128-CFB", "aria-128-cfb", NID_aria_128_cfb128, 9, &so[6782]}, + {"ARIA-128-OFB", "aria-128-ofb", NID_aria_128_ofb128, 9, &so[6791]}, + {"ARIA-128-CTR", "aria-128-ctr", NID_aria_128_ctr, 9, &so[6800]}, + {"ARIA-192-ECB", "aria-192-ecb", NID_aria_192_ecb, 9, &so[6809]}, + {"ARIA-192-CBC", "aria-192-cbc", NID_aria_192_cbc, 9, &so[6818]}, + {"ARIA-192-CFB", "aria-192-cfb", NID_aria_192_cfb128, 9, &so[6827]}, + {"ARIA-192-OFB", "aria-192-ofb", NID_aria_192_ofb128, 9, &so[6836]}, + {"ARIA-192-CTR", "aria-192-ctr", NID_aria_192_ctr, 9, &so[6845]}, + {"ARIA-256-ECB", "aria-256-ecb", NID_aria_256_ecb, 9, &so[6854]}, + {"ARIA-256-CBC", "aria-256-cbc", NID_aria_256_cbc, 9, &so[6863]}, + {"ARIA-256-CFB", "aria-256-cfb", NID_aria_256_cfb128, 9, &so[6872]}, + {"ARIA-256-OFB", "aria-256-ofb", NID_aria_256_ofb128, 9, &so[6881]}, + {"ARIA-256-CTR", "aria-256-ctr", NID_aria_256_ctr, 9, &so[6890]}, + {"ARIA-128-CFB1", "aria-128-cfb1", NID_aria_128_cfb1}, + {"ARIA-192-CFB1", "aria-192-cfb1", NID_aria_192_cfb1}, + {"ARIA-256-CFB1", "aria-256-cfb1", NID_aria_256_cfb1}, + {"ARIA-128-CFB8", "aria-128-cfb8", NID_aria_128_cfb8}, + {"ARIA-192-CFB8", "aria-192-cfb8", NID_aria_192_cfb8}, + {"ARIA-256-CFB8", "aria-256-cfb8", NID_aria_256_cfb8}, }; -#define NUM_SN 1056 +#define NUM_SN 1077 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2067,6 +2103,27 @@ static const unsigned int sn_objs[NUM_SN] = { 960, /* "AES-256-OCB" */ 428, /* "AES-256-OFB" */ 914, /* "AES-256-XTS" */ + 1066, /* "ARIA-128-CBC" */ + 1067, /* "ARIA-128-CFB" */ + 1080, /* "ARIA-128-CFB1" */ + 1083, /* "ARIA-128-CFB8" */ + 1069, /* "ARIA-128-CTR" */ + 1065, /* "ARIA-128-ECB" */ + 1068, /* "ARIA-128-OFB" */ + 1071, /* "ARIA-192-CBC" */ + 1072, /* "ARIA-192-CFB" */ + 1081, /* "ARIA-192-CFB1" */ + 1084, /* "ARIA-192-CFB8" */ + 1074, /* "ARIA-192-CTR" */ + 1070, /* "ARIA-192-ECB" */ + 1073, /* "ARIA-192-OFB" */ + 1076, /* "ARIA-256-CBC" */ + 1077, /* "ARIA-256-CFB" */ + 1082, /* "ARIA-256-CFB1" */ + 1085, /* "ARIA-256-CFB8" */ + 1079, /* "ARIA-256-CTR" */ + 1075, /* "ARIA-256-ECB" */ + 1078, /* "ARIA-256-OFB" */ 1064, /* "AuthANY" */ 1049, /* "AuthDSS" */ 1047, /* "AuthECDSA" */ @@ -3092,7 +3149,7 @@ static const unsigned int sn_objs[NUM_SN] = { 160, /* "x509Crl" */ }; -#define NUM_LN 1056 +#define NUM_LN 1077 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3311,6 +3368,27 @@ static const unsigned int ln_objs[NUM_LN] = { 428, /* "aes-256-ofb" */ 914, /* "aes-256-xts" */ 376, /* "algorithm" */ + 1066, /* "aria-128-cbc" */ + 1067, /* "aria-128-cfb" */ + 1080, /* "aria-128-cfb1" */ + 1083, /* "aria-128-cfb8" */ + 1069, /* "aria-128-ctr" */ + 1065, /* "aria-128-ecb" */ + 1068, /* "aria-128-ofb" */ + 1071, /* "aria-192-cbc" */ + 1072, /* "aria-192-cfb" */ + 1081, /* "aria-192-cfb1" */ + 1084, /* "aria-192-cfb8" */ + 1074, /* "aria-192-ctr" */ + 1070, /* "aria-192-ecb" */ + 1073, /* "aria-192-ofb" */ + 1076, /* "aria-256-cbc" */ + 1077, /* "aria-256-cfb" */ + 1082, /* "aria-256-cfb1" */ + 1085, /* "aria-256-cfb8" */ + 1079, /* "aria-256-ctr" */ + 1075, /* "aria-256-ecb" */ + 1078, /* "aria-256-ofb" */ 484, /* "associatedDomain" */ 485, /* "associatedName" */ 501, /* "audio" */ @@ -4152,7 +4230,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 956 +#define NUM_OBJ 971 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -4797,6 +4875,21 @@ static const unsigned int obj_objs[NUM_OBJ] = { 439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ 440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ 441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ + 1065, /* OBJ_aria_128_ecb 1 2 410 200046 1 1 1 */ + 1066, /* OBJ_aria_128_cbc 1 2 410 200046 1 1 2 */ + 1067, /* OBJ_aria_128_cfb128 1 2 410 200046 1 1 3 */ + 1068, /* OBJ_aria_128_ofb128 1 2 410 200046 1 1 4 */ + 1069, /* OBJ_aria_128_ctr 1 2 410 200046 1 1 5 */ + 1070, /* OBJ_aria_192_ecb 1 2 410 200046 1 1 6 */ + 1071, /* OBJ_aria_192_cbc 1 2 410 200046 1 1 7 */ + 1072, /* OBJ_aria_192_cfb128 1 2 410 200046 1 1 8 */ + 1073, /* OBJ_aria_192_ofb128 1 2 410 200046 1 1 9 */ + 1074, /* OBJ_aria_192_ctr 1 2 410 200046 1 1 10 */ + 1075, /* OBJ_aria_256_ecb 1 2 410 200046 1 1 11 */ + 1076, /* OBJ_aria_256_cbc 1 2 410 200046 1 1 12 */ + 1077, /* OBJ_aria_256_cfb128 1 2 410 200046 1 1 13 */ + 1078, /* OBJ_aria_256_ofb128 1 2 410 200046 1 1 14 */ + 1079, /* OBJ_aria_256_ctr 1 2 410 200046 1 1 15 */ 997, /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */ 998, /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */ 999, /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */ diff --git a/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl index 1cb3d1c9af..947cceed1d 100644 --- a/crypto/objects/obj_dat.pl +++ b/crypto/objects/obj_dat.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -154,7 +154,7 @@ print OUT <<'EOF'; * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 5ca5260fb1..270e7e51a6 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1062,3 +1062,24 @@ poly1305 1061 siphash 1062 kx_any 1063 auth_any 1064 +aria_128_ecb 1065 +aria_128_cbc 1066 +aria_128_cfb128 1067 +aria_128_ofb128 1068 +aria_128_ctr 1069 +aria_192_ecb 1070 +aria_192_cbc 1071 +aria_192_cfb128 1072 +aria_192_ofb128 1073 +aria_192_ctr 1074 +aria_256_ecb 1075 +aria_256_cbc 1076 +aria_256_cfb128 1077 +aria_256_ofb128 1078 +aria_256_ctr 1079 +aria_128_cfb1 1080 +aria_192_cfb1 1081 +aria_256_cfb1 1082 +aria_128_cfb8 1083 +aria_192_cfb8 1084 +aria_256_cfb8 1085 diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index 3b40277a23..6598b5e700 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -129,7 +129,7 @@ print OUT <<'EOF'; * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 0d189f8b4a..442b39caa3 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1363,6 +1363,41 @@ camellia 50 : CAMELLIA-256-CMAC : camellia-256-cmac : CAMELLIA-192-CFB8 : camellia-192-cfb8 : CAMELLIA-256-CFB8 : camellia-256-cfb8 +# Definitions for ARIA cipher + +!Alias aria 1 2 410 200046 1 1 +aria 1 : ARIA-128-ECB : aria-128-ecb +aria 2 : ARIA-128-CBC : aria-128-cbc +!Cname aria-128-cfb128 +aria 3 : ARIA-128-CFB : aria-128-cfb +!Cname aria-128-ofb128 +aria 4 : ARIA-128-OFB : aria-128-ofb +aria 5 : ARIA-128-CTR : aria-128-ctr + +aria 6 : ARIA-192-ECB : aria-192-ecb +aria 7 : ARIA-192-CBC : aria-192-cbc +!Cname aria-192-cfb128 +aria 8 : ARIA-192-CFB : aria-192-cfb +!Cname aria-192-ofb128 +aria 9 : ARIA-192-OFB : aria-192-ofb +aria 10 : ARIA-192-CTR : aria-192-ctr + +aria 11 : ARIA-256-ECB : aria-256-ecb +aria 12 : ARIA-256-CBC : aria-256-cbc +!Cname aria-256-cfb128 +aria 13 : ARIA-256-CFB : aria-256-cfb +!Cname aria-256-ofb128 +aria 14 : ARIA-256-OFB : aria-256-ofb +aria 15 : ARIA-256-CTR : aria-256-ctr + +# There are no OIDs for these ARIA modes... + : ARIA-128-CFB1 : aria-128-cfb1 + : ARIA-192-CFB1 : aria-192-cfb1 + : ARIA-256-CFB1 : aria-256-cfb1 + : ARIA-128-CFB8 : aria-128-cfb8 + : ARIA-192-CFB8 : aria-192-cfb8 + : ARIA-256-CFB8 : aria-256-cfb8 + # Definitions for SEED cipher - ECB, CBC, OFB mode member-body 410 200004 : KISA : kisa diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod index aa8ace2a03..ecd5f9521a 100644 --- a/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod @@ -296,6 +296,11 @@ ciphersuites are only supported in TLS v1.2. B references CCM cipher suites using both 16 and 8 octet Integrity Check Value (ICV) while B only references 8 octet ICV. +=item B, B, B + +cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit +ARIA. + =item B, B, B cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit @@ -579,6 +584,21 @@ Note: these ciphers can also be used in SSL v3. ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8 ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8 +=head2 ARIA ciphersuites from RFC6209, extending TLS v1.2 + + TLS_RSA_WITH_ARIA_128_CBC_SHA256 ARIA128-CBC-SHA256 + TLS_RSA_WITH_ARIA_256_CBC_SHA384 ARIA256-CBC-SHA384 + TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 DHE-DSS-ARIA128-CBC-SHA256 + TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 DHE-DSS-ARIA256-CBC-SHA384 + TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 DHE-RSA-ARIA128-CBC-SHA256 + TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 DHE-RSA-ARIA256-CBC-SHA384 + TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 DH-anon-ARIA128-CBC-SHA256 + TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 DH-anon-ARIA256-CBC-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 ECDHE-ECDSA-ARIA128-CBC-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 ECDHE-ECDSA-ARIA256-CBC-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 ECDHE-RSA-ARIA128-CBC-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 ECDHE-RSA-ARIA256-CBC-SHA384 + =head2 Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 @@ -733,7 +753,7 @@ The B<-V> option for the B command was added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/dsa.pod b/doc/man1/dsa.pod index 0e4f508fab..b85298773e 100644 --- a/doc/man1/dsa.pod +++ b/doc/man1/dsa.pod @@ -17,6 +17,9 @@ B B [B<-aes128>] [B<-aes192>] [B<-aes256>] +[B<-aria128>] +[B<-aria192>] +[B<-aria256>] [B<-camellia128>] [B<-camellia192>] [B<-camellia256>] @@ -85,7 +88,7 @@ filename. the output file password source. For more information about the format of B see the B section in L. -=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> +=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> These options encrypt the private key with the specified cipher before outputting it. A pass phrase is prompted for. @@ -168,7 +171,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/gendsa.pod b/doc/man1/gendsa.pod index 4fd1714792..a148b208d4 100644 --- a/doc/man1/gendsa.pod +++ b/doc/man1/gendsa.pod @@ -12,6 +12,9 @@ B B [B<-aes128>] [B<-aes192>] [B<-aes256>] +[B<-aria128>] +[B<-aria192>] +[B<-aria256>] [B<-camellia128>] [B<-camellia192>] [B<-camellia256>] @@ -40,7 +43,7 @@ Print out a usage message. Output the key to the specified file. If this argument is not specified then standard output is used. -=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> +=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> These options encrypt the private key with specified cipher before outputting it. A pass phrase is prompted for. @@ -81,7 +84,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/genrsa.pod b/doc/man1/genrsa.pod index 38e83f7261..153602ad56 100644 --- a/doc/man1/genrsa.pod +++ b/doc/man1/genrsa.pod @@ -13,6 +13,9 @@ B B [B<-aes128>] [B<-aes192>] [B<-aes256>] +[B<-aria128>] +[B<-aria192>] +[B<-aria256>] [B<-camellia128>] [B<-camellia192>] [B<-camellia256>] @@ -47,7 +50,7 @@ standard output is used. the output file password source. For more information about the format of B see the B section in L. -=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> +=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> These options encrypt the private key with specified cipher before outputting it. If none of these options is @@ -105,7 +108,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/pkcs12.pod b/doc/man1/pkcs12.pod index 3dea46cdcf..82e64daacf 100644 --- a/doc/man1/pkcs12.pod +++ b/doc/man1/pkcs12.pod @@ -23,7 +23,7 @@ B B [B<-cacerts>] [B<-nokeys>] [B<-info>] -[B<-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -camellia128 | -camellia192 | -camellia256 | -nodes>] +[B<-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -aria128 | -aria192 | -aria256 | -camellia128 | -camellia192 | -camellia256 | -nodes>] [B<-noiter>] [B<-maciter | -nomaciter | -nomac>] [B<-twopass>] @@ -132,6 +132,10 @@ use IDEA to encrypt private keys before outputting. use AES to encrypt private keys before outputting. +=item B<-aria128>, B<-aria192>, B<-aria256> + +use ARIA to encrypt private keys before outputting. + =item B<-camellia128>, B<-camellia192>, B<-camellia256> use Camellia to encrypt private keys before outputting. @@ -368,7 +372,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/rsa.pod b/doc/man1/rsa.pod index 8e9943fe58..22c3e330f2 100644 --- a/doc/man1/rsa.pod +++ b/doc/man1/rsa.pod @@ -17,6 +17,9 @@ B B [B<-aes128>] [B<-aes192>] [B<-aes256>] +[B<-aria128>] +[B<-aria192>] +[B<-aria256>] [B<-camellia128>] [B<-camellia192>] [B<-camellia256>] @@ -86,7 +89,7 @@ filename. the output file password source. For more information about the format of B see the B section in L. -=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> +=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> These options encrypt the private key with the specified cipher before outputting it. A pass phrase is prompted for. @@ -206,7 +209,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/evp.h b/include/openssl/evp.h index f34f30ecf7..a8284e38a5 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -818,6 +818,32 @@ const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); +# ifndef OPENSSL_NO_ARIA +const EVP_CIPHER *EVP_aria_128_ecb(void); +const EVP_CIPHER *EVP_aria_128_cbc(void); +const EVP_CIPHER *EVP_aria_128_cfb1(void); +const EVP_CIPHER *EVP_aria_128_cfb8(void); +const EVP_CIPHER *EVP_aria_128_cfb128(void); +# define EVP_aria_128_cfb EVP_aria_128_cfb128 +const EVP_CIPHER *EVP_aria_128_ctr(void); +const EVP_CIPHER *EVP_aria_128_ofb(void); +const EVP_CIPHER *EVP_aria_192_ecb(void); +const EVP_CIPHER *EVP_aria_192_cbc(void); +const EVP_CIPHER *EVP_aria_192_cfb1(void); +const EVP_CIPHER *EVP_aria_192_cfb8(void); +const EVP_CIPHER *EVP_aria_192_cfb128(void); +# define EVP_aria_192_cfb EVP_aria_192_cfb128 +const EVP_CIPHER *EVP_aria_192_ctr(void); +const EVP_CIPHER *EVP_aria_192_ofb(void); +const EVP_CIPHER *EVP_aria_256_ecb(void); +const EVP_CIPHER *EVP_aria_256_cbc(void); +const EVP_CIPHER *EVP_aria_256_cfb1(void); +const EVP_CIPHER *EVP_aria_256_cfb8(void); +const EVP_CIPHER *EVP_aria_256_cfb128(void); +# define EVP_aria_256_cfb EVP_aria_256_cfb128 +const EVP_CIPHER *EVP_aria_256_ctr(void); +const EVP_CIPHER *EVP_aria_256_ofb(void); +# endif # ifndef OPENSSL_NO_CAMELLIA const EVP_CIPHER *EVP_camellia_128_ecb(void); const EVP_CIPHER *EVP_camellia_128_cbc(void); @@ -1490,6 +1516,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_AES_T4_INIT_KEY 178 # define EVP_F_AES_WRAP_CIPHER 170 # define EVP_F_ALG_MODULE_INIT 177 +# define EVP_F_ARIA_INIT_KEY 185 # define EVP_F_CAMELLIA_INIT_KEY 159 # define EVP_F_CHACHA20_POLY1305_CTRL 182 # define EVP_F_CMLL_T4_INIT_KEY 179 @@ -1558,6 +1585,7 @@ int ERR_load_EVP_strings(void); /* Reason codes. */ # define EVP_R_AES_KEY_SETUP_FAILED 143 +# define EVP_R_ARIA_KEY_SETUP_FAILED 176 # define EVP_R_BAD_DECRYPT 100 # define EVP_R_BUFFER_TOO_SMALL 155 # define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 2e317adad9..d9c45dee01 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -4259,6 +4259,107 @@ #define LN_camellia_256_cfb8 "camellia-256-cfb8" #define NID_camellia_256_cfb8 765 +#define OBJ_aria 1L,2L,410L,200046L,1L,1L + +#define SN_aria_128_ecb "ARIA-128-ECB" +#define LN_aria_128_ecb "aria-128-ecb" +#define NID_aria_128_ecb 1065 +#define OBJ_aria_128_ecb OBJ_aria,1L + +#define SN_aria_128_cbc "ARIA-128-CBC" +#define LN_aria_128_cbc "aria-128-cbc" +#define NID_aria_128_cbc 1066 +#define OBJ_aria_128_cbc OBJ_aria,2L + +#define SN_aria_128_cfb128 "ARIA-128-CFB" +#define LN_aria_128_cfb128 "aria-128-cfb" +#define NID_aria_128_cfb128 1067 +#define OBJ_aria_128_cfb128 OBJ_aria,3L + +#define SN_aria_128_ofb128 "ARIA-128-OFB" +#define LN_aria_128_ofb128 "aria-128-ofb" +#define NID_aria_128_ofb128 1068 +#define OBJ_aria_128_ofb128 OBJ_aria,4L + +#define SN_aria_128_ctr "ARIA-128-CTR" +#define LN_aria_128_ctr "aria-128-ctr" +#define NID_aria_128_ctr 1069 +#define OBJ_aria_128_ctr OBJ_aria,5L + +#define SN_aria_192_ecb "ARIA-192-ECB" +#define LN_aria_192_ecb "aria-192-ecb" +#define NID_aria_192_ecb 1070 +#define OBJ_aria_192_ecb OBJ_aria,6L + +#define SN_aria_192_cbc "ARIA-192-CBC" +#define LN_aria_192_cbc "aria-192-cbc" +#define NID_aria_192_cbc 1071 +#define OBJ_aria_192_cbc OBJ_aria,7L + +#define SN_aria_192_cfb128 "ARIA-192-CFB" +#define LN_aria_192_cfb128 "aria-192-cfb" +#define NID_aria_192_cfb128 1072 +#define OBJ_aria_192_cfb128 OBJ_aria,8L + +#define SN_aria_192_ofb128 "ARIA-192-OFB" +#define LN_aria_192_ofb128 "aria-192-ofb" +#define NID_aria_192_ofb128 1073 +#define OBJ_aria_192_ofb128 OBJ_aria,9L + +#define SN_aria_192_ctr "ARIA-192-CTR" +#define LN_aria_192_ctr "aria-192-ctr" +#define NID_aria_192_ctr 1074 +#define OBJ_aria_192_ctr OBJ_aria,10L + +#define SN_aria_256_ecb "ARIA-256-ECB" +#define LN_aria_256_ecb "aria-256-ecb" +#define NID_aria_256_ecb 1075 +#define OBJ_aria_256_ecb OBJ_aria,11L + +#define SN_aria_256_cbc "ARIA-256-CBC" +#define LN_aria_256_cbc "aria-256-cbc" +#define NID_aria_256_cbc 1076 +#define OBJ_aria_256_cbc OBJ_aria,12L + +#define SN_aria_256_cfb128 "ARIA-256-CFB" +#define LN_aria_256_cfb128 "aria-256-cfb" +#define NID_aria_256_cfb128 1077 +#define OBJ_aria_256_cfb128 OBJ_aria,13L + +#define SN_aria_256_ofb128 "ARIA-256-OFB" +#define LN_aria_256_ofb128 "aria-256-ofb" +#define NID_aria_256_ofb128 1078 +#define OBJ_aria_256_ofb128 OBJ_aria,14L + +#define SN_aria_256_ctr "ARIA-256-CTR" +#define LN_aria_256_ctr "aria-256-ctr" +#define NID_aria_256_ctr 1079 +#define OBJ_aria_256_ctr OBJ_aria,15L + +#define SN_aria_128_cfb1 "ARIA-128-CFB1" +#define LN_aria_128_cfb1 "aria-128-cfb1" +#define NID_aria_128_cfb1 1080 + +#define SN_aria_192_cfb1 "ARIA-192-CFB1" +#define LN_aria_192_cfb1 "aria-192-cfb1" +#define NID_aria_192_cfb1 1081 + +#define SN_aria_256_cfb1 "ARIA-256-CFB1" +#define LN_aria_256_cfb1 "aria-256-cfb1" +#define NID_aria_256_cfb1 1082 + +#define SN_aria_128_cfb8 "ARIA-128-CFB8" +#define LN_aria_128_cfb8 "aria-128-cfb8" +#define NID_aria_128_cfb8 1083 + +#define SN_aria_192_cfb8 "ARIA-192-CFB8" +#define LN_aria_192_cfb8 "aria-192-cfb8" +#define NID_aria_192_cfb8 1084 + +#define SN_aria_256_cfb8 "ARIA-256-CFB8" +#define LN_aria_256_cfb8 "aria-256-cfb8" +#define NID_aria_256_cfb8 1085 + #define SN_kisa "KISA" #define LN_kisa "kisa" #define NID_kisa 773 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 93da3dc19c..2d2395c5c1 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -101,10 +101,7 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, }; -static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL -}; +static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]; #define SSL_COMP_NULL_IDX 0 #define SSL_COMP_ZLIB_IDX 1 diff --git a/test/evptests.txt b/test/evptests.txt index 5c5eb24e20..a320828cc2 100644 --- a/test/evptests.txt +++ b/test/evptests.txt @@ -1604,6 +1604,130 @@ Operation = ENCRYPT Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 Ciphertext = A4DA23FCE6A5FFAA6D64AE9A0652A42CD161A34B65F9679F75C01F101F71276F15EF0D8D + +# ARIA test vectors from RFC5794 +Cipher = ARIA-128-ECB +Key = 000102030405060708090a0b0c0d0e0f +Plaintext = 00112233445566778899aabbccddeeff +Ciphertext = d718fbd6ab644c739da95f3be6451778 + +Cipher = ARIA-192-ECB +Key = 000102030405060708090a0b0c0d0e0f1011121314151617 +Plaintext = 00112233445566778899aabbccddeeff +Ciphertext = 26449c1805dbe7aa25a468ce263a9e79 + +Cipher = ARIA-256-ECB +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +Plaintext = 00112233445566778899aabbccddeeff +Ciphertext = f92bd7c79fb72e2f2b8f80c1972d24fc + +# Additional ARIA mode vectors from http://210.104.33.10/ARIA/doc/ARIA-testvector-e.pdf +Cipher = ARIA-128-ECB +Key = 00112233445566778899aabbccddeeff +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = c6ecd08e22c30abdb215cf74e2075e6e29ccaac63448708d331b2f816c51b17d9e133d1528dbf0af5787c7f3a3f5c2bf6b6f345907a3055612ce072ff54de7d788424da6e8ccfe8172b391be499354165665ba7864917000a6eeb2ecb4a698edfc7887e7f556377614ab0a282293e6d884dbb84206cdb16ed1754e77a1f243fd086953f752cc1e46c7c794ae85537dcaec8dd721f55c93b6edfe2adea43873e8 + +Cipher = ARIA-128-CBC +Key = 00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 49d61860b14909109cef0d22a9268134fadf9fb23151e9645fba75018bdb1538b53334634bbf7d4cd4b5377033060c155fe3948ca75de1031e1d85619e0ad61eb419a866b3c2dbfd10a4ed18b22149f75897f0b8668b0c1c542c687778835fb7cd46e45f85eaa7072437dd9fa6793d6f8d4ccefc4eb1ac641ac1bd30b18c6d64c49bca137eb21c2e04da62712ca2b4f540c57112c38791852cfac7a5d19ed83a + +Cipher = ARIA-128-CFB +Key = 00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 3720e53ba7d615383406b09f0a05a200c07c21e6370f413a5d132500a68285017c61b434c7b7ca9685a51071861e4d4bb873b599b479e2d573dddeafba89f812ac6a9e44d554078eb3be94839db4b33da3f59c063123a7ef6f20e10579fa4fd239100ca73b52d4fcafeadee73f139f78f9b7614c2b3b9dbe010f87db06a89a9435f79ce8121431371f4e87b984e0230c22a6dacb32fc42dcc6accef33285bf11 + +Cipher = ARIA-128-CFB8 +Key = 00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 373c8f6a965599ec785cc8f8149f6c81b632ccb8e0c6eb6a9707ae52c59257a41f94701c1096933127a90195ed0c8e98690547572423bb45c3d70e4a18ee56b967c10e000ba4df5fba7c404134a343d8375d04b151d161ef83417fe1748447d30a6723c406733df7d18aa39a20752d2381942e244811bb97f72eae446b1815aa690cd1b1adcbd007c0088ecdc91cb2e2caf0e11e72459878137eea64ac62a9a1 + +Cipher = ARIA-128-OFB +Key = 00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 3720e53ba7d615383406b09f0a05a2000063063f0560083483faeb041c8adecef30cf80cefb002a0d280759168ec01db3d49f61aced260bd43eec0a2731730eec6fa4f2304319cf8ccac2d7be7833e4f8ae6ce967012c1c6badc5d28e7e4144f6bf5cebe01253ee202afce4bc61f28dec069a6f16f6c8a7dd2afae44148f6ff4d0029d5c607b5fa6b8c8a6301cde5c7033565cd0b8f0974ab490b236197ba04a + +Cipher = ARIA-128-CTR +Key = 00112233445566778899aabbccddeeff +IV = 00000000000000000000000000000000 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = ac5d7de805a0bf1c57c854501af60fa11497e2a34519dea1569e91e5b5ccae2ff3bfa1bf975f4571f48be191613546c3911163c085f871f0e7ae5f2a085b81851c2a3ddf20ecb8fa51901aec8ee4ba32a35dab67bb72cd9140ad188a967ac0fbbdfa94ea6cce47dcf8525ab5a814cfeb2bb60ee2b126e2d9d847c1a9e96f9019e3e6a7fe40d3829afb73db1cc245646addb62d9b907baaafbe46a73dbc131d3d + +Cipher = ARIA-192-ECB +Key = 00112233445566778899aabbccddeeff0011223344556677 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 8d1470625f59ebacb0e55b534b3e462b5f23d33bff78f46c3c15911f4a21809aaccad80b4bda915aa9dae6bcebe06a6c83f77fd5391acfe61de2f646b5d447edbfd5bb49b12fbb9145b227895a757b2af1f7188734863d7b8b6ede5a5b2f06a0a233c8523d2db778fb31b0e311f32700152f33861e9d040c83b5eb40cd88ea49975709dc629365a189f78a3ec40345fc6a5a307a8f9a4413091e007eca5645a0 + +Cipher = ARIA-192-CBC +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = afe6cf23974b533c672a826264ea785f4e4f7f780dc7f3f1e0962b80902386d514e9c3e77259de92dd1102ffab086c1ea52a71260db5920a83295c25320e421147ca45d532f327b856ea947cd2196ae2e040826548b4c891b0ed0ca6e714dbc4631998d548110d666b3d54c2a091955c6f05beb4f62309368696c9791fc4c551564a2637f194346ec45fbca6c72a5b4612e208d531d6c34cc5c64eac6bd0cf8c + +Cipher = ARIA-192-CFB +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 4171f7192bf4495494d2736129640f5c4d87a9a213664c9448477c6ecc2013598d9766952dd8c3868f17e36ef66fd84bfa45d1593d2d6ee3ea2115047d710d4fb66187caa3a315b3c8ea2d313962edcfe5a3e2028d5ba9a09fd5c65c19d3440e477f0cab0628ec6902c73ee02f1afee9f80115be7b9df82d1e28228e28581a20560e195cbb9e2b327bf56fd2d0ae5502e42c13e9b4015d4da42dc859252e7da4 + +Cipher = ARIA-192-CFB8 +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 411d3b4f57f705aa4d13c46e2cf426af7c8c916ed7923d889f0047bbf11471b6d54f8757ef519339105be3cb69babb976a57d5631fc23cc3051fe9d36e8b8e27a2b2c0c4d31928ccbf30ea8239b46ba1b77f6198e7ecd2ce27b35958148e826f06aaf385bd30362ff141583e7c1d8924d44d36a1133094074631e18adafa9d2e55de98f6895c89d4266ebd33f3d4be5153a96fa12132ece2e81e66e55baa7ade + +Cipher = ARIA-192-OFB +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 4171f7192bf4495494d2736129640f5cc224d26d364b5a06ddde13d0f1e74faa846de354c63cda77469d1a2d425c47ff41734c71b3fa1fcdc11e0b2de22bfeed54898e233df652c75ae136e61de6524e62b3f806fb2e8e616eb410a1b9500537e327ffb04f19f7f82fde2b122100261f81b82723bf936be7beaaf3067d1c036001f1ade71422268d274d7dc6c6ae1970b27a5f2c2f39c1d241fe8cac5ccd74e9 + +Cipher = ARIA-192-CTR +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 00000000000000000000000000000000 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 08625ca8fe569c19ba7af3760a6ed1cef4d199263e999dde14082dbba7560b79a4c6b456b8707dce751f9854f18893dfdb3f4e5afa539733e6f1e70b98ba37891f8f81e95df8efc26c7ce043504cb18958b865e4e316cd2aa1c97f31bf23dc046ef326b95a692a191ba0f2a41c5fe9ae070f236ff7078e703b42666caafbdd20bad74ac4c20c0f46c7ca24c151716575c947da16c90cfe1bf217a41cfebe7531 + +Cipher = ARIA-256-ECB +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 58a875e6044ad7fffa4f58420f7f442d8e191016f28e79aefc01e204773280d7018e5f7a938ec30711719953bae86542cd7ebc752474c1a5f6eaaace2a7e29462ee7dfa5afdb84177ead95ccd4b4bb6e1ed17b9534cff0a5fc2941429cfee2ee49c7adbeb7e9d1b0d2a8531d942079596a27ed79f5b1dd13ecd604b07a48885a3afa0627a0e4e60a3c703af292f1baa77b702f16c54aa74bc727ea95c7468b00 + +Cipher = ARIA-256-CBC +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 523a8a806ae621f155fdd28dbc34e1ab7b9b42432ad8b2efb96e23b13f0a6e52f36185d50ad002c5f601bee5493f118b243ee2e313642bffc3902e7b2efd9a12fa682edd2d23c8b9c5f043c18b17c1ec4b5867918270fbec1027c19ed6af833da5d620994668ca22f599791d292dd6273b2959082aafb7a996167cce1eec5f0cfd15f610d87e2dda9ba68ce1260ca54b222491418374294e7909b1e8551cd8de + +Cipher = ARIA-256-CFB +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 26834705b0f2c0e2588d4a7f09009635f28bb93d8c31f870ec1e0bdb082b66fa402dd9c202be300c4517d196b14d4ce11dce97f7aaba54341b0d872cc9b63753a3e8556a14be6f7b3e27e3cfc39caf80f2a355aa50dc83c09c7b11828694f8e4aa726c528976b53f2c877f4991a3a8d28adb63bd751846ffb2350265e179d4990753ae8485ff9b4133ddad5875b84a90cbcfa62a045d726df71b6bda0eeca0be + +Cipher = ARIA-256-CFB8 +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 26baa33651e1f66434fec88ef27fd2b9a79e246dd89a3ffa00e8bdb37155433e6c24bd0b87d9a85baa9f485ccb984f5ec24d6a3ef5e3c81396177f039cf580dfdb55d6e1c47a28921dfe369e12fd357b289ad3a5544e1c1bd616d454db9c5f91f603373f29d5b2ed1b4b51de80f28537bbd43d5e3b5dd071dc91153cbbe732dfc325821b06ed8acaae656dcf2da9f13e4f29db671476f1e644ff06d9b67d6bd4 + +Cipher = ARIA-256-OFB +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 26834705b0f2c0e2588d4a7f0900963584c256815c4292b59f8d3f966a75b52345b4f5f98c785d3f368a8d5ff89b7f950ceab3cd63773c2621d652b8ef98b4196afb2c2b30496bc5b7d9e7f9084f9d855f63a511751c8909e7a6deadbe0a67a4fb89383ca5d209c6f66f793fc471195c476fb9c1eab2ac91e680e454b4f3ed9a67fb52f09c29b965b23cfa6f3f6bbb2a86c6cdbaa2857bf2486f543231892a52 + +Cipher = ARIA-256-CTR +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 00000000000000000000000000000000 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 30026c329666141721178b99c0a1f1b2f06940253f7b3089e2a30ea86aa3c88f5940f05ad7ee41d71347bb7261e348f18360473fdf7d4e7723bffb4411cc13f6cdd89f3bc7b9c768145022c7a74f14d7c305cd012a10f16050c23f1ae5c23f45998d13fbaa041e51619577e0772764896a5d4516d8ffceb3bf7e05f613edd9a60cdcedaff9cfcaf4e00d445a54334f73ab2cad944e51d266548e61c6eb0aa1cd + + # SEED test vectors from RFC4269 Cipher = SEED-ECB Key = 00000000000000000000000000000000 diff --git a/util/libcrypto.num b/util/libcrypto.num index d876ed4666..79dddd1ac0 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4231,3 +4231,24 @@ X509_VERIFY_PARAM_get_time 4181 1_1_0d EXIST::FUNCTION: EVP_PKEY_get0_poly1305 4182 1_1_1 EXIST::FUNCTION:POLY1305 DH_check_params 4183 1_1_0d EXIST::FUNCTION:DH EVP_PKEY_get0_siphash 4184 1_1_1 EXIST::FUNCTION:SIPHASH +EVP_aria_256_ofb 4185 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_cfb128 4186 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_cfb1 4187 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_ecb 4188 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_cfb128 4189 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_ecb 4190 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_cbc 4191 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_ofb 4192 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_cbc 4193 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_cfb1 4194 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_cfb8 4195 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_cfb1 4196 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_cfb8 4197 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_cfb8 4198 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_cbc 4199 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_ofb 4200 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_cfb128 4201 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_ecb 4202 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_ctr 4203 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_ctr 4204 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_ctr 4205 1_1_1 EXIST::FUNCTION:ARIA diff --git a/util/mkdef.pl b/util/mkdef.pl index 99f5c9d011..d82c849290 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -80,7 +80,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", "SHA256", "SHA512", "RMD160", "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "EC2M", - "HMAC", "AES", "CAMELLIA", "SEED", "GOST", + "HMAC", "AES", "CAMELLIA", "SEED", "GOST", "ARIA", "SCRYPT", "CHACHA", "POLY1305", "BLAKE2", "SIPHASH", # EC_NISTP_64_GCC_128 -- 2.25.1