From e1178600cc5d40b1e21c4a01d224afd2d8c7498a Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Thu, 22 Aug 2019 11:42:54 +1000 Subject: [PATCH] Add basic aria and camellia ciphers modes to default provider The aes code has been refactored into generic and algorithn specific parts, so that most of the code can be shared. The cipher related files have been broken up into smaller parts. Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the generic code used by aes). Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9451) --- crypto/evp/e_aes.c | 2 +- crypto/evp/e_camellia.c | 29 +- crypto/evp/evp_enc.c | 42 ++ .../{aes_platform.h => ciphermode_platform.h} | 39 +- providers/common/ciphers/aes.c | 458 ------------- providers/common/ciphers/aes_basic.c | 629 ------------------ providers/common/ciphers/block.c | 6 +- providers/common/ciphers/build.info | 18 +- providers/common/ciphers/cipher_aes.c | 79 +++ providers/common/ciphers/cipher_aes.h | 61 ++ providers/common/ciphers/cipher_aes_ccm.c | 37 ++ .../ciphers/cipher_aes_ccm_hw_aesni.inc | 37 ++ ...cm_s390x.c => cipher_aes_ccm_hw_s390x.inc} | 11 +- .../common/ciphers/cipher_aes_ccm_hw_t4.inc | 36 + providers/common/ciphers/cipher_aes_gcm.c | 37 ++ .../ciphers/cipher_aes_gcm_hw_aesni.inc | 39 ++ ...cm_s390x.c => cipher_aes_gcm_hw_s390x.inc} | 12 +- .../common/ciphers/cipher_aes_gcm_hw_t4.inc | 52 ++ providers/common/ciphers/cipher_aes_hw.c | 138 ++++ .../common/ciphers/cipher_aes_hw_aesni.inc | 83 +++ .../common/ciphers/cipher_aes_hw_s390x.inc | 196 ++++++ providers/common/ciphers/cipher_aes_hw_t4.inc | 94 +++ providers/common/ciphers/cipher_aria.c | 79 +++ providers/common/ciphers/cipher_aria.h | 31 + providers/common/ciphers/cipher_aria_ccm.c | 38 ++ .../common/ciphers/cipher_aria_ccm_hw.inc | 42 ++ providers/common/ciphers/cipher_aria_gcm.c | 38 ++ .../common/ciphers/cipher_aria_gcm_hw.inc | 53 ++ providers/common/ciphers/cipher_aria_hw.c | 48 ++ providers/common/ciphers/cipher_camellia.c | 82 +++ providers/common/ciphers/cipher_camellia.h | 32 + providers/common/ciphers/cipher_camellia_hw.c | 65 ++ .../common/ciphers/cipher_camellia_hw_t4.inc | 83 +++ .../common/ciphers/{ccm.c => cipher_ccm.c} | 97 +-- .../ciphers/{ciphers_ccm.h => cipher_ccm.h} | 11 + .../ciphers/{ccm_hw.c => cipher_ccm_hw.c} | 94 +-- providers/common/ciphers/cipher_common.c | 403 +++++++++++ providers/common/ciphers/cipher_common_hw.c | 192 ++++++ .../common/ciphers/{gcm.c => cipher_gcm.c} | 113 +--- .../ciphers/{ciphers_gcm.h => cipher_gcm.h} | 17 + .../ciphers/{gcm_hw.c => cipher_gcm_hw.c} | 122 +--- providers/common/ciphers/cipher_locl.h | 193 ++++++ providers/common/ciphers/ciphers_common.c | 115 ---- providers/common/ciphers/ciphers_locl.h | 165 ----- .../common/include/internal/provider_algs.h | 44 ++ .../include/internal/providercommonerr.h | 2 +- providers/default/defltprov.c | 44 ++ test/recipes/30-test_evp_data/evpciph.txt | 108 +++ 48 files changed, 2650 insertions(+), 1796 deletions(-) rename crypto/include/internal/{aes_platform.h => ciphermode_platform.h} (91%) delete mode 100644 providers/common/ciphers/aes.c delete mode 100644 providers/common/ciphers/aes_basic.c create mode 100644 providers/common/ciphers/cipher_aes.c create mode 100644 providers/common/ciphers/cipher_aes.h create mode 100644 providers/common/ciphers/cipher_aes_ccm.c create mode 100644 providers/common/ciphers/cipher_aes_ccm_hw_aesni.inc rename providers/common/ciphers/{aes_ccm_s390x.c => cipher_aes_ccm_hw_s390x.inc} (97%) create mode 100644 providers/common/ciphers/cipher_aes_ccm_hw_t4.inc create mode 100644 providers/common/ciphers/cipher_aes_gcm.c create mode 100644 providers/common/ciphers/cipher_aes_gcm_hw_aesni.inc rename providers/common/ciphers/{gcm_s390x.c => cipher_aes_gcm_hw_s390x.inc} (97%) create mode 100644 providers/common/ciphers/cipher_aes_gcm_hw_t4.inc create mode 100644 providers/common/ciphers/cipher_aes_hw.c create mode 100644 providers/common/ciphers/cipher_aes_hw_aesni.inc create mode 100644 providers/common/ciphers/cipher_aes_hw_s390x.inc create mode 100644 providers/common/ciphers/cipher_aes_hw_t4.inc create mode 100644 providers/common/ciphers/cipher_aria.c create mode 100644 providers/common/ciphers/cipher_aria.h create mode 100644 providers/common/ciphers/cipher_aria_ccm.c create mode 100644 providers/common/ciphers/cipher_aria_ccm_hw.inc create mode 100644 providers/common/ciphers/cipher_aria_gcm.c create mode 100644 providers/common/ciphers/cipher_aria_gcm_hw.inc create mode 100644 providers/common/ciphers/cipher_aria_hw.c create mode 100644 providers/common/ciphers/cipher_camellia.c create mode 100644 providers/common/ciphers/cipher_camellia.h create mode 100644 providers/common/ciphers/cipher_camellia_hw.c create mode 100644 providers/common/ciphers/cipher_camellia_hw_t4.inc rename providers/common/ciphers/{ccm.c => cipher_ccm.c} (77%) rename providers/common/ciphers/{ciphers_ccm.h => cipher_ccm.h} (92%) rename providers/common/ciphers/{ccm_hw.c => cipher_ccm_hw.c} (59%) create mode 100644 providers/common/ciphers/cipher_common.c create mode 100644 providers/common/ciphers/cipher_common_hw.c rename providers/common/ciphers/{gcm.c => cipher_gcm.c} (79%) rename providers/common/ciphers/{ciphers_gcm.h => cipher_gcm.h} (86%) rename providers/common/ciphers/{gcm_hw.c => cipher_gcm_hw.c} (69%) create mode 100644 providers/common/ciphers/cipher_locl.h delete mode 100644 providers/common/ciphers/ciphers_common.c delete mode 100644 providers/common/ciphers/ciphers_locl.h diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index a46ac8f92f..39ed528060 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -20,7 +20,7 @@ #include "internal/cryptlib.h" #include "internal/modes_int.h" #include "internal/siv_int.h" -#include "internal/aes_platform.h" +#include "internal/ciphermode_platform.h" #include "evp_locl.h" typedef struct { diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index 9def167bfa..5e66101422 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -19,6 +19,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include "internal/evp_int.h" # include "internal/modes_int.h" +# include "internal/ciphermode_platform.h" static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); @@ -43,34 +44,6 @@ typedef struct { * assembler support was in general requested... */ # include "sparc_arch.h" -extern unsigned int OPENSSL_sparcv9cap_P[]; - -# define SPARC_CMLL_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA) - -void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks); -void cmll_t4_encrypt(const unsigned char *in, unsigned char *out, - const CAMELLIA_KEY *key); -void cmll_t4_decrypt(const unsigned char *in, unsigned char *out, - const CAMELLIA_KEY *key); - -void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); -void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); -void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); -void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); -void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const CAMELLIA_KEY *key, - unsigned char *ivec); -void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const CAMELLIA_KEY *key, - unsigned char *ivec); static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 51a6423c82..e67e20c7ba 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -175,6 +175,48 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_aria_256_ccm: case NID_aria_192_ccm: case NID_aria_128_ccm: + case NID_aria_256_ecb: + case NID_aria_192_ecb: + case NID_aria_128_ecb: + case NID_aria_256_cbc: + case NID_aria_192_cbc: + case NID_aria_128_cbc: + case NID_aria_256_ofb128: + case NID_aria_192_ofb128: + case NID_aria_128_ofb128: + case NID_aria_256_cfb128: + case NID_aria_192_cfb128: + case NID_aria_128_cfb128: + case NID_aria_256_cfb1: + case NID_aria_192_cfb1: + case NID_aria_128_cfb1: + case NID_aria_256_cfb8: + case NID_aria_192_cfb8: + case NID_aria_128_cfb8: + case NID_aria_256_ctr: + case NID_aria_192_ctr: + case NID_aria_128_ctr: + case NID_camellia_256_ecb: + case NID_camellia_192_ecb: + case NID_camellia_128_ecb: + case NID_camellia_256_cbc: + case NID_camellia_192_cbc: + case NID_camellia_128_cbc: + case NID_camellia_256_ofb128: + case NID_camellia_192_ofb128: + case NID_camellia_128_ofb128: + case NID_camellia_256_cfb128: + case NID_camellia_192_cfb128: + case NID_camellia_128_cfb128: + case NID_camellia_256_cfb1: + case NID_camellia_192_cfb1: + case NID_camellia_128_cfb1: + case NID_camellia_256_cfb8: + case NID_camellia_192_cfb8: + case NID_camellia_128_cfb8: + case NID_camellia_256_ctr: + case NID_camellia_192_ctr: + case NID_camellia_128_ctr: break; default: goto legacy; diff --git a/crypto/include/internal/aes_platform.h b/crypto/include/internal/ciphermode_platform.h similarity index 91% rename from crypto/include/internal/aes_platform.h rename to crypto/include/internal/ciphermode_platform.h index 26d9fdd89a..934d8136d3 100644 --- a/crypto/include/internal/aes_platform.h +++ b/crypto/include/internal/ciphermode_platform.h @@ -7,8 +7,10 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_INTERNAL_AES_PLATFORM_H -# define HEADER_INTERNAL_AES_PLATFORM_H +#ifndef HEADER_INTERNAL_CIPHERMODE_PLATFORM_H +# define HEADER_INTERNAL_CIPHERMODE_PLATFORM_H + +# include "openssl/aes.h" # ifdef VPAES_ASM int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, @@ -189,6 +191,37 @@ void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, size_t len); /* Fujitsu SPARC64 X support */ extern unsigned int OPENSSL_sparcv9cap_P[]; # include "sparc_arch.h" + +# ifndef OPENSSL_NO_CAMELLIA +# define SPARC_CMLL_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA) + +void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks); +void cmll_t4_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); +void cmll_t4_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); + +void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec); +void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec); +void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec); +void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const CAMELLIA_KEY *key, + unsigned char *ivec); +void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const CAMELLIA_KEY *key, + unsigned char *ivec); +void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const CAMELLIA_KEY *key, + unsigned char *ivec); +# endif /* OPENSSL_NO_CAMELLIA */ + + # define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) # define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX) # define HWAES_set_encrypt_key aes_fx_set_encrypt_key @@ -398,4 +431,4 @@ void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out, # endif /* HWAES_CAPABLE */ -#endif /* HEADER_INTERNAL_AES_PLATFORM_H */ +#endif /* HEADER_INTERNAL_CIPHERMODE_PLATFORM_H */ diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c deleted file mode 100644 index 1b1074af16..0000000000 --- a/providers/common/ciphers/aes.c +++ /dev/null @@ -1,458 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/provider_algs.h" -#include "ciphers_locl.h" -#include "internal/providercommonerr.h" - -static OSSL_OP_cipher_encrypt_init_fn aes_einit; -static OSSL_OP_cipher_decrypt_init_fn aes_dinit; -static OSSL_OP_cipher_update_fn aes_block_update; -static OSSL_OP_cipher_final_fn aes_block_final; -static OSSL_OP_cipher_update_fn aes_stream_update; -static OSSL_OP_cipher_final_fn aes_stream_final; -static OSSL_OP_cipher_cipher_fn aes_cipher; -static OSSL_OP_cipher_freectx_fn aes_freectx; -static OSSL_OP_cipher_dupctx_fn aes_dupctx; -static OSSL_OP_cipher_get_ctx_params_fn aes_get_ctx_params; -static OSSL_OP_cipher_set_ctx_params_fn aes_set_ctx_params; - -static int PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx, - const unsigned char *iv, - size_t ivlen, - int enc) -{ - if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) { - if (ivlen != AES_BLOCK_SIZE) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); - return 0; - } - memcpy(ctx->iv, iv, AES_BLOCK_SIZE); - } - ctx->enc = enc; - - return 1; -} - -static int aes_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - - if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1)) { - /* ERR_raise already called */ - return 0; - } - if (key != NULL) { - if (keylen != ctx->keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); - return 0; - } - return ctx->ciph->init(ctx, key, ctx->keylen); - } - - return 1; -} - -static int aes_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - - if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0)) { - /* ERR_raise already called */ - return 0; - } - if (key != NULL) { - if (keylen != ctx->keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); - return 0; - } - return ctx->ciph->init(ctx, key, ctx->keylen); - } - - return 1; -} - -static int aes_block_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, size_t inl) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, - &inl); - size_t outlint = 0; - - /* - * If we're decrypting and we end an update on a block boundary we hold - * the last block back in case this is the last update call and the last - * block is padded. - */ - if (ctx->bufsz == AES_BLOCK_SIZE - && (ctx->enc || inl > 0 || !ctx->pad)) { - if (outsize < AES_BLOCK_SIZE) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - ctx->bufsz = 0; - outlint = AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - if (nextblocks > 0) { - if (!ctx->enc && ctx->pad && nextblocks == inl) { - if (!ossl_assert(inl >= AES_BLOCK_SIZE)) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - nextblocks -= AES_BLOCK_SIZE; - } - outlint += nextblocks; - if (outsize < outlint) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - if (!ctx->ciph->cipher(ctx, out, in, nextblocks)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - in += nextblocks; - inl -= nextblocks; - } - if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl)) { - /* ERR_raise already called */ - return 0; - } - - *outl = outlint; - return inl == 0; -} - -static int aes_block_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - - if (ctx->enc) { - if (ctx->pad) { - padblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE); - } else if (ctx->bufsz == 0) { - *outl = 0; - return 1; - } else if (ctx->bufsz != AES_BLOCK_SIZE) { - ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH); - return 0; - } - - if (outsize < AES_BLOCK_SIZE) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - ctx->bufsz = 0; - *outl = AES_BLOCK_SIZE; - return 1; - } - - /* Decrypting */ - if (ctx->bufsz != AES_BLOCK_SIZE) { - if (ctx->bufsz == 0 && !ctx->pad) { - *outl = 0; - return 1; - } - ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH); - return 0; - } - - if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - - if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE)) { - /* ERR_raise already called */ - return 0; - } - - if (outsize < ctx->bufsz) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - memcpy(out, ctx->buf, ctx->bufsz); - *outl = ctx->bufsz; - ctx->bufsz = 0; - return 1; -} - -static int aes_stream_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - - if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - - if (!ctx->ciph->cipher(ctx, out, in, inl)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - - *outl = inl; - return 1; -} -static int aes_stream_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) -{ - *outl = 0; - return 1; -} - -static int aes_cipher(void *vctx, - unsigned char *out, size_t *outl, size_t outsize, - const unsigned char *in, size_t inl) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - - if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - - if (!ctx->ciph->cipher(ctx, out, in, inl)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - - *outl = inl; - return 1; -} - -static void *aes_new_ctx(void *provctx, size_t mode, size_t kbits, - const PROV_AES_CIPHER *ciph) -{ - PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - ctx->pad = 1; - ctx->keylen = kbits / 8; - ctx->ciph = ciph; - ctx->mode = mode; - return ctx; -} - -static void aes_freectx(void *vctx) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - - OPENSSL_clear_free(ctx, sizeof(*ctx)); -} - -static void *aes_dupctx(void *ctx) -{ - PROV_AES_KEY *in = (PROV_AES_KEY *)ctx; - PROV_AES_KEY *ret = OPENSSL_malloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - return NULL; - } - *ret = *in; - - return ret; -} - -static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[]) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, AES_BLOCK_SIZE)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING); - if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); - if (p != NULL - && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, AES_BLOCK_SIZE) - && !OSSL_PARAM_set_octet_string(p, &ctx->iv, AES_BLOCK_SIZE)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->num)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - - return 1; -} - -static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[]) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - const OSSL_PARAM *p; - - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING); - if (p != NULL) { - int pad; - - if (!OSSL_PARAM_get_int(p, &pad)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - ctx->pad = pad ? 1 : 0; - } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM); - if (p != NULL) { - int num; - - if (!OSSL_PARAM_get_int(p, &num)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - ctx->num = num; - } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL) { - int keylen; - - if (!OSSL_PARAM_get_int(p, &keylen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - ctx->keylen = keylen; - } - return 1; -} - -#define IMPLEMENT_cipher(lcmode, UCMODE, flags, kbits, blkbits, ivbits) \ - static OSSL_OP_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params; \ - static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ - { \ - return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ - } \ - static OSSL_OP_cipher_newctx_fn aes_##kbits##_##lcmode##_newctx; \ - static void *aes_##kbits##_##lcmode##_newctx(void *provctx) \ - { \ - return aes_new_ctx(provctx, EVP_CIPH_##UCMODE##_MODE, kbits, \ - PROV_AES_CIPHER_##lcmode(kbits / 8)); \ - } - -/* ECB */ -IMPLEMENT_cipher(ecb, ECB, 0, 256, 128, 0) -IMPLEMENT_cipher(ecb, ECB, 0, 192, 128, 0) -IMPLEMENT_cipher(ecb, ECB, 0, 128, 128, 0) - -/* CBC */ -IMPLEMENT_cipher(cbc, CBC, 0, 256, 128, 128) -IMPLEMENT_cipher(cbc, CBC, 0, 192, 128, 128) -IMPLEMENT_cipher(cbc, CBC, 0, 128, 128, 128) - -/* OFB */ -IMPLEMENT_cipher(ofb, OFB, 0, 256, 8, 128) -IMPLEMENT_cipher(ofb, OFB, 0, 192, 8, 128) -IMPLEMENT_cipher(ofb, OFB, 0, 128, 8, 128) - -/* CFB */ -IMPLEMENT_cipher(cfb, CFB, 0, 256, 8, 128) -IMPLEMENT_cipher(cfb, CFB, 0, 192, 8, 128) -IMPLEMENT_cipher(cfb, CFB, 0, 128, 8, 128) -IMPLEMENT_cipher(cfb1, CFB, 0, 256, 8, 128) -IMPLEMENT_cipher(cfb1, CFB, 0, 192, 8, 128) -IMPLEMENT_cipher(cfb1, CFB, 0, 128, 8, 128) -IMPLEMENT_cipher(cfb8, CFB, 0, 256, 8, 128) -IMPLEMENT_cipher(cfb8, CFB, 0, 192, 8, 128) -IMPLEMENT_cipher(cfb8, CFB, 0, 128, 8, 128) - -/* CTR */ -IMPLEMENT_cipher(ctr, CTR, 0, 256, 8, 128) -IMPLEMENT_cipher(ctr, CTR, 0, 192, 8, 128) -IMPLEMENT_cipher(ctr, CTR, 0, 128, 8, 128) - -#define IMPLEMENT_funcs(mode, kbits, type) \ -const OSSL_DISPATCH aes##kbits##mode##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_##mode##_newctx },\ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##type##_update }, \ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##type##_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void))aes_##kbits##_##mode##_get_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))aes_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))aes_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))cipher_default_gettable_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))cipher_default_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))cipher_default_settable_ctx_params }, \ - { 0, NULL } \ -}; - -/* ECB */ -IMPLEMENT_funcs(ecb, 256, block) -IMPLEMENT_funcs(ecb, 192, block) -IMPLEMENT_funcs(ecb, 128, block) - -/* CBC */ -IMPLEMENT_funcs(cbc, 256, block) -IMPLEMENT_funcs(cbc, 192, block) -IMPLEMENT_funcs(cbc, 128, block) - -/* OFB */ -IMPLEMENT_funcs(ofb, 256, stream) -IMPLEMENT_funcs(ofb, 192, stream) -IMPLEMENT_funcs(ofb, 128, stream) - -/* CFB */ -IMPLEMENT_funcs(cfb, 256, stream) -IMPLEMENT_funcs(cfb, 192, stream) -IMPLEMENT_funcs(cfb, 128, stream) -IMPLEMENT_funcs(cfb1, 256, stream) -IMPLEMENT_funcs(cfb1, 192, stream) -IMPLEMENT_funcs(cfb1, 128, stream) -IMPLEMENT_funcs(cfb8, 256, stream) -IMPLEMENT_funcs(cfb8, 192, stream) -IMPLEMENT_funcs(cfb8, 128, stream) - -/* CTR */ -IMPLEMENT_funcs(ctr, 256, stream) -IMPLEMENT_funcs(ctr, 192, stream) -IMPLEMENT_funcs(ctr, 128, stream) diff --git a/providers/common/ciphers/aes_basic.c b/providers/common/ciphers/aes_basic.c deleted file mode 100644 index f43b8fc605..0000000000 --- a/providers/common/ciphers/aes_basic.c +++ /dev/null @@ -1,629 +0,0 @@ -/* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include "ciphers_locl.h" -#include "internal/evp_int.h" -#include "internal/providercommonerr.h" -#include "internal/aes_platform.h" - -#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) - -#if defined(AESNI_CAPABLE) - -/* AES-NI section. */ - -static int aesni_init_key(PROV_AES_KEY *dat, const unsigned char *key, - size_t keylen) -{ - int ret; - - if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) - && !dat->enc) { - ret = aesni_set_decrypt_key(key, keylen * 8, &dat->ks.ks); - dat->block = (block128_f) aesni_decrypt; - dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aesni_cbc_encrypt : NULL; - } else { - ret = aesni_set_encrypt_key(key, keylen * 8, &dat->ks.ks); - dat->block = (block128_f) aesni_encrypt; - if (dat->mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt; - else if (dat->mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; - else - dat->stream.cbc = NULL; - } - - if (ret < 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED); - return 0; - } - - return 1; -} - -static int aesni_cbc_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - aesni_cbc_encrypt(in, out, len, &ctx->ks.ks, ctx->iv, ctx->enc); - - return 1; -} - -static int aesni_ecb_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - if (len < AES_BLOCK_SIZE) - return 1; - - aesni_ecb_encrypt(in, out, len, &ctx->ks.ks, ctx->enc); - - return 1; -} - -# define aesni_ofb_cipher aes_ofb_cipher -static int aesni_ofb_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aesni_cfb_cipher aes_cfb_cipher -static int aesni_cfb_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aesni_cfb8_cipher aes_cfb8_cipher -static int aesni_cfb8_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aesni_cfb1_cipher aes_cfb1_cipher -static int aesni_cfb1_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aesni_ctr_cipher aes_ctr_cipher -static int aesni_ctr_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define BLOCK_CIPHER_generic_prov(mode) \ -static const PROV_AES_CIPHER aesni_##mode = { \ - aesni_init_key, \ - aesni_##mode##_cipher}; \ -static const PROV_AES_CIPHER aes_##mode = { \ - aes_init_key, \ - aes_##mode##_cipher}; \ -const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ -{ return AESNI_CAPABLE?&aesni_##mode:&aes_##mode; } - - -#elif defined(SPARC_AES_CAPABLE) - -static int aes_t4_init_key(PROV_AES_KEY *dat, const unsigned char *key, - size_t keylen) -{ - int ret, bits; - - bits = keylen * 8; - if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) - && !dat->enc) { - ret = 0; - aes_t4_set_decrypt_key(key, bits, &dat->ks.ks); - dat->block = (block128_f) aes_t4_decrypt; - switch (bits) { - case 128: - dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aes128_t4_cbc_decrypt : NULL; - break; - case 192: - dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aes192_t4_cbc_decrypt : NULL; - break; - case 256: - dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aes256_t4_cbc_decrypt : NULL; - break; - default: - ret = -1; - } - } else { - ret = 0; - aes_t4_set_encrypt_key(key, bits, &dat->ks.ks); - dat->block = (block128_f)aes_t4_encrypt; - switch (bits) { - case 128: - if (dat->mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f)aes128_t4_cbc_encrypt; - else if (dat->mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f)aes128_t4_ctr32_encrypt; - else - dat->stream.cbc = NULL; - break; - case 192: - if (dat->mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f)aes192_t4_cbc_encrypt; - else if (dat->mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f)aes192_t4_ctr32_encrypt; - else - dat->stream.cbc = NULL; - break; - case 256: - if (dat->mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f)aes256_t4_cbc_encrypt; - else if (dat->mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f)aes256_t4_ctr32_encrypt; - else - dat->stream.cbc = NULL; - break; - default: - ret = -1; - } - } - - if (ret < 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED); - return 0; - } - - return 1; -} - -# define aes_t4_cbc_cipher aes_cbc_cipher -static int aes_t4_cbc_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aes_t4_ecb_cipher aes_ecb_cipher -static int aes_t4_ecb_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aes_t4_ofb_cipher aes_ofb_cipher -static int aes_t4_ofb_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aes_t4_cfb_cipher aes_cfb_cipher -static int aes_t4_cfb_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aes_t4_cfb8_cipher aes_cfb8_cipher -static int aes_t4_cfb8_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aes_t4_cfb1_cipher aes_cfb1_cipher -static int aes_t4_cfb1_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aes_t4_ctr_cipher aes_ctr_cipher -static int aes_t4_ctr_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define BLOCK_CIPHER_generic_prov(mode) \ -static const PROV_AES_CIPHER aes_t4_##mode = { \ - aes_t4_init_key, \ - aes_t4_##mode##_cipher}; \ -static const PROV_AES_CIPHER aes_##mode = { \ - aes_init_key, \ - aes_##mode##_cipher}; \ -const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ -{ return SPARC_AES_CAPABLE?&aes_t4_##mode:&aes_##mode; } - - -#elif defined(S390X_aes_128_CAPABLE) -/* - * IBM S390X support - */ -# include "s390x_arch.h" - -# define s390x_aes_init_key aes_init_key -static int s390x_aes_init_key(PROV_AES_KEY *dat, const unsigned char *key, - size_t keylen); -# define S390X_AES_CBC_CTX PROV_AES_KEY - -# define s390x_aes_cbc_init_key aes_init_key - -# define s390x_aes_cbc_cipher aes_cbc_cipher -static int s390x_aes_cbc_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len); - -static int s390x_aes_ecb_init_key(PROV_AES_KEY *dat, const unsigned char *key, - size_t keylen) -{ - dat->plat.s390x.fc = S390X_AES_FC(keylen); - if (!dat->enc) - dat->plat.s390x.fc |= S390X_DECRYPT; - - memcpy(dat->plat.s390x.param.km.k, key, keylen); - return 1; -} - -static int s390x_aes_ecb_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len) -{ - s390x_km(in, len, out, dat->plat.s390x.fc, - &dat->plat.s390x.param.km); - return 1; -} - -static int s390x_aes_ofb_init_key(PROV_AES_KEY *dat, const unsigned char *key, - size_t keylen) -{ - memcpy(dat->plat.s390x.param.kmo_kmf.cv, dat->iv, AES_BLOCK_SIZE); - memcpy(dat->plat.s390x.param.kmo_kmf.k, key, keylen); - dat->plat.s390x.fc = S390X_AES_FC(keylen); - dat->plat.s390x.res = 0; - return 1; -} - -static int s390x_aes_ofb_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len) -{ - int n = dat->plat.s390x.res; - int rem; - - while (n && len) { - *out = *in ^ dat->plat.s390x.param.kmo_kmf.cv[n]; - n = (n + 1) & 0xf; - --len; - ++in; - ++out; - } - - rem = len & 0xf; - - len &= ~(size_t)0xf; - if (len) { - s390x_kmo(in, len, out, dat->plat.s390x.fc, - &dat->plat.s390x.param.kmo_kmf); - - out += len; - in += len; - } - - if (rem) { - s390x_km(dat->plat.s390x.param.kmo_kmf.cv, 16, - dat->plat.s390x.param.kmo_kmf.cv, dat->plat.s390x.fc, - dat->plat.s390x.param.kmo_kmf.k); - - while (rem--) { - out[n] = in[n] ^ dat->plat.s390x.param.kmo_kmf.cv[n]; - ++n; - } - } - - dat->plat.s390x.res = n; - return 1; -} - -static int s390x_aes_cfb_init_key(PROV_AES_KEY *dat, const unsigned char *key, - size_t keylen) -{ - dat->plat.s390x.fc = S390X_AES_FC(keylen); - dat->plat.s390x.fc |= 16 << 24; /* 16 bytes cipher feedback */ - if (!dat->enc) - dat->plat.s390x.fc |= S390X_DECRYPT; - - dat->plat.s390x.res = 0; - memcpy(dat->plat.s390x.param.kmo_kmf.cv, dat->iv, AES_BLOCK_SIZE); - memcpy(dat->plat.s390x.param.kmo_kmf.k, key, keylen); - return 1; -} - -static int s390x_aes_cfb_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len) -{ - int n = dat->plat.s390x.res; - int rem; - unsigned char tmp; - - while (n && len) { - tmp = *in; - *out = dat->plat.s390x.param.kmo_kmf.cv[n] ^ tmp; - dat->plat.s390x.param.kmo_kmf.cv[n] = dat->enc ? *out : tmp; - n = (n + 1) & 0xf; - --len; - ++in; - ++out; - } - - rem = len & 0xf; - - len &= ~(size_t)0xf; - if (len) { - s390x_kmf(in, len, out, dat->plat.s390x.fc, - &dat->plat.s390x.param.kmo_kmf); - - out += len; - in += len; - } - - if (rem) { - s390x_km(dat->plat.s390x.param.kmo_kmf.cv, 16, - dat->plat.s390x.param.kmo_kmf.cv, - S390X_AES_FC(dat->keylen), dat->plat.s390x.param.kmo_kmf.k); - - while (rem--) { - tmp = in[n]; - out[n] = dat->plat.s390x.param.kmo_kmf.cv[n] ^ tmp; - dat->plat.s390x.param.kmo_kmf.cv[n] = dat->enc ? out[n] : tmp; - ++n; - } - } - - dat->plat.s390x.res = n; - return 1; -} - -static int s390x_aes_cfb8_init_key(PROV_AES_KEY *dat, const unsigned char *key, - size_t keylen) -{ - dat->plat.s390x.fc = S390X_AES_FC(keylen); - dat->plat.s390x.fc |= 1 << 24; /* 1 byte cipher feedback */ - if (!dat->enc) - dat->plat.s390x.fc |= S390X_DECRYPT; - - memcpy(dat->plat.s390x.param.kmo_kmf.cv, dat->iv, AES_BLOCK_SIZE); - memcpy(dat->plat.s390x.param.kmo_kmf.k, key, keylen); - return 1; -} - -static int s390x_aes_cfb8_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len) -{ - s390x_kmf(in, len, out, dat->plat.s390x.fc, - &dat->plat.s390x.param.kmo_kmf); - return 1; -} - -# define s390x_aes_cfb1_init_key aes_init_key - -# define s390x_aes_cfb1_cipher aes_cfb1_cipher -static int s390x_aes_cfb1_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len); -# define S390X_AES_CTR_CTX PROV_AES_KEY - -# define s390x_aes_ctr_init_key aes_init_key - -# define s390x_aes_ctr_cipher aes_ctr_cipher -static int s390x_aes_ctr_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len); - -# define BLOCK_CIPHER_generic_prov(mode) \ -static const PROV_AES_CIPHER s390x_aes_##mode = { \ - s390x_aes_##mode##_init_key, \ - s390x_aes_##mode##_cipher \ -}; \ -static const PROV_AES_CIPHER aes_##mode = { \ - aes_init_key, \ - aes_##mode##_cipher \ -}; \ -const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ -{ \ - if ((keylen == 16 && S390X_aes_128_##mode##_CAPABLE) \ - || (keylen == 24 && S390X_aes_192_##mode##_CAPABLE) \ - || (keylen == 32 && S390X_aes_256_##mode##_CAPABLE)) \ - return &s390x_aes_##mode; \ - \ - return &aes_##mode; \ -} - -#else -/* The generic case */ -# define BLOCK_CIPHER_generic_prov(mode) \ -static const PROV_AES_CIPHER aes_##mode = { \ - aes_init_key, \ - aes_##mode##_cipher}; \ -const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ -{ return &aes_##mode; } - -#endif - -static int aes_init_key(PROV_AES_KEY *dat, const unsigned char *key, - size_t keylen) -{ - int ret; - - if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) - && !dat->enc) { -#ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { - ret = HWAES_set_decrypt_key(key, keylen * 8, &dat->ks.ks); - dat->block = (block128_f)HWAES_decrypt; - dat->stream.cbc = NULL; -# ifdef HWAES_cbc_encrypt - if (dat->mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; -# endif - } else -#endif -#ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) { - ret = AES_set_decrypt_key(key, keylen * 8, &dat->ks.ks); - dat->block = (block128_f)AES_decrypt; - dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt; - } else -#endif -#ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - ret = vpaes_set_decrypt_key(key, keylen * 8, &dat->ks.ks); - dat->block = (block128_f)vpaes_decrypt; - dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) - ?(cbc128_f)vpaes_cbc_encrypt : NULL; - } else -#endif - { - ret = AES_set_decrypt_key(key, keylen * 8, &dat->ks.ks); - dat->block = (block128_f)AES_decrypt; - dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) - ? (cbc128_f)AES_cbc_encrypt : NULL; - } - } else -#ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { - ret = HWAES_set_encrypt_key(key, keylen * 8, &dat->ks.ks); - dat->block = (block128_f)HWAES_encrypt; - dat->stream.cbc = NULL; -# ifdef HWAES_cbc_encrypt - if (dat->mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; - else -# endif -# ifdef HWAES_ctr32_encrypt_blocks - if (dat->mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks; - else -# endif - (void)0; /* terminate potentially open 'else' */ - } else -#endif -#ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) { - ret = AES_set_encrypt_key(key, keylen * 8, &dat->ks.ks); - dat->block = (block128_f)AES_encrypt; - dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks; - } else -#endif -#ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - ret = vpaes_set_encrypt_key(key, keylen * 8, &dat->ks.ks); - dat->block = (block128_f)vpaes_encrypt; - dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) - ? (cbc128_f)vpaes_cbc_encrypt : NULL; - } else -#endif - { - ret = AES_set_encrypt_key(key, keylen * 8, &dat->ks.ks); - dat->block = (block128_f)AES_encrypt; - dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) - ? (cbc128_f)AES_cbc_encrypt : NULL; -#ifdef AES_CTR_ASM - if (dat->mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt; -#endif - } - - if (ret < 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED); - return 0; - } - - return 1; -} - -static int aes_cbc_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len) -{ - if (dat->stream.cbc) - (*dat->stream.cbc) (in, out, len, &dat->ks, dat->iv, dat->enc); - else if (dat->enc) - CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, dat->iv, dat->block); - else - CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, dat->iv, dat->block); - - return 1; -} - -static int aes_ecb_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len) -{ - size_t i; - - if (len < AES_BLOCK_SIZE) - return 1; - - for (i = 0, len -= AES_BLOCK_SIZE; i <= len; i += AES_BLOCK_SIZE) - (*dat->block) (in + i, out + i, &dat->ks); - - return 1; -} - -static int aes_ofb_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len) -{ - int num = dat->num; - CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, dat->iv, &num, dat->block); - dat->num = num; - - return 1; -} - -static int aes_cfb_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len) -{ - int num = dat->num; - CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, dat->iv, &num, dat->enc, - dat->block); - dat->num = num; - - return 1; -} - -static int aes_cfb8_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len) -{ - int num = dat->num; - CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, dat->iv, &num, dat->enc, - dat->block); - dat->num = num; - - return 1; -} - -static int aes_cfb1_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len) -{ - int num = dat->num; - - if ((dat->flags & EVP_CIPH_FLAG_LENGTH_BITS) != 0) { - CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, dat->iv, &num, - dat->enc, dat->block); - dat->num = num; - return 1; - } - - while (len >= MAXBITCHUNK) { - CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, - dat->iv, &num, dat->enc, dat->block); - len -= MAXBITCHUNK; - out += MAXBITCHUNK; - in += MAXBITCHUNK; - } - if (len) - CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, dat->iv, &num, - dat->enc, dat->block); - - dat->num = num; - - return 1; -} - -static int aes_ctr_cipher(PROV_AES_KEY *dat, unsigned char *out, - const unsigned char *in, size_t len) -{ - unsigned int num = dat->num; - - if (dat->stream.ctr) - CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, dat->iv, dat->buf, - &num, dat->stream.ctr); - else - CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, dat->iv, dat->buf, - &num, dat->block); - dat->num = num; - - return 1; -} - -BLOCK_CIPHER_generic_prov(cbc) -BLOCK_CIPHER_generic_prov(ecb) -BLOCK_CIPHER_generic_prov(ofb) -BLOCK_CIPHER_generic_prov(cfb) -BLOCK_CIPHER_generic_prov(cfb1) -BLOCK_CIPHER_generic_prov(cfb8) -BLOCK_CIPHER_generic_prov(ctr) - diff --git a/providers/common/ciphers/block.c b/providers/common/ciphers/block.c index 7014b9d997..73e17e1a11 100644 --- a/providers/common/ciphers/block.c +++ b/providers/common/ciphers/block.c @@ -7,12 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include -#include -#include -#include "ciphers_locl.h" #include -#include "internal/providercommonerr.h" +#include "cipher_locl.h" /* * Fills a single block of buffered data from the input, and returns the amount diff --git a/providers/common/ciphers/build.info b/providers/common/ciphers/build.info index 6702d701ff..4a816d0f4d 100644 --- a/providers/common/ciphers/build.info +++ b/providers/common/ciphers/build.info @@ -1,10 +1,22 @@ LIBS=../../../libcrypto -$COMMON=block.c aes.c aes_basic.c gcm.c gcm_hw.c ciphers_common.c \ - ccm.c ccm_hw.c +$COMMON=cipher_common.c cipher_common_hw.c block.c \ + cipher_aes.c cipher_aes_hw.c \ + cipher_gcm.c cipher_aes_gcm.c cipher_gcm_hw.c \ + cipher_ccm.c cipher_aes_ccm.c cipher_ccm_hw.c SOURCE[../../../libcrypto]=$COMMON +IF[{- !$disabled{aria} -}] + SOURCE[../../../libcrypto]=\ + cipher_aria.c cipher_aria_hw.c \ + cipher_aria_gcm.c cipher_aria_ccm.c +ENDIF + +IF[{- !$disabled{camellia} -}] + SOURCE[../../../libcrypto]=\ + cipher_camellia.c cipher_camellia_hw.c +ENDIF INCLUDE[../../../libcrypto]=. ../../../crypto SOURCE[../../fips]=$COMMON -INCLUDE[../../fips]=. ../../../crypto +INCLUDE[../../fips]=. ../../../crypto \ No newline at end of file diff --git a/providers/common/ciphers/cipher_aes.c b/providers/common/ciphers/cipher_aes.c new file mode 100644 index 0000000000..15433bf326 --- /dev/null +++ b/providers/common/ciphers/cipher_aes.c @@ -0,0 +1,79 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for AES cipher modes ecb, cbc, ofb, cfb, ctr */ + +#include "cipher_locl.h" + +static OSSL_OP_cipher_freectx_fn aes_freectx; +static OSSL_OP_cipher_dupctx_fn aes_dupctx; + +static void aes_freectx(void *vctx) +{ + PROV_AES_CTX *ctx = (PROV_AES_CTX *)vctx; + + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +static void *aes_dupctx(void *ctx) +{ + PROV_AES_CTX *in = (PROV_AES_CTX *)ctx; + PROV_AES_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + + if (ret == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return NULL; + } + *ret = *in; + + return ret; +} + +/* aes256ecb_functions */ +IMPLEMENT_generic_cipher(aes, AES, ecb, ECB, 0, 256, 128, 0, block) +/* aes192ecb_functions */ +IMPLEMENT_generic_cipher(aes, AES, ecb, ECB, 0, 192, 128, 0, block) +/* aes128ecb_functions */ +IMPLEMENT_generic_cipher(aes, AES, ecb, ECB, 0, 128, 128, 0, block) +/* aes256cbc_functions */ +IMPLEMENT_generic_cipher(aes, AES, cbc, CBC, 0, 256, 128, 128, block) +/* aes192cbc_functions */ +IMPLEMENT_generic_cipher(aes, AES, cbc, CBC, 0, 192, 128, 128, block) +/* aes128cbc_functions */ +IMPLEMENT_generic_cipher(aes, AES, cbc, CBC, 0, 128, 128, 128, block) +/* aes256ofb_functions */ +IMPLEMENT_generic_cipher(aes, AES, ofb, OFB, 0, 256, 8, 128, stream) +/* aes192ofb_functions */ +IMPLEMENT_generic_cipher(aes, AES, ofb, OFB, 0, 192, 8, 128, stream) +/* aes128ofb_functions */ +IMPLEMENT_generic_cipher(aes, AES, ofb, OFB, 0, 128, 8, 128, stream) +/* aes256cfb_functions */ +IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 256, 8, 128, stream) +/* aes192cfb_functions */ +IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 192, 8, 128, stream) +/* aes128cfb_functions */ +IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 128, 8, 128, stream) +/* aes256cfb1_functions */ +IMPLEMENT_generic_cipher(aes, AES, cfb1, CFB, 0, 256, 8, 128, stream) +/* aes192cfb1_functions */ +IMPLEMENT_generic_cipher(aes, AES, cfb1, CFB, 0, 192, 8, 128, stream) +/* aes128cfb1_functions */ +IMPLEMENT_generic_cipher(aes, AES, cfb1, CFB, 0, 128, 8, 128, stream) +/* aes256cfb8_functions */ +IMPLEMENT_generic_cipher(aes, AES, cfb8, CFB, 0, 256, 8, 128, stream) +/* aes192cfb8_functions */ +IMPLEMENT_generic_cipher(aes, AES, cfb8, CFB, 0, 192, 8, 128, stream) +/* aes128cfb8_functions */ +IMPLEMENT_generic_cipher(aes, AES, cfb8, CFB, 0, 128, 8, 128, stream) +/* aes256ctr_functions */ +IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 256, 8, 128, stream) +/* aes192ctr_functions */ +IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 192, 8, 128, stream) +/* aes128ctr_functions */ +IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 128, 8, 128, stream) diff --git a/providers/common/ciphers/cipher_aes.h b/providers/common/ciphers/cipher_aes.h new file mode 100644 index 0000000000..6c4a6237c0 --- /dev/null +++ b/providers/common/ciphers/cipher_aes.h @@ -0,0 +1,61 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +typedef struct prov_aes_ctx_st { + PROV_CIPHER_CTX base; /* Must be first */ + union { + OSSL_UNION_ALIGN; + AES_KEY ks; + } ks; + + /* Platform specific data */ + union { + int dummy; +#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) + struct { + union { + OSSL_UNION_ALIGN; + /*- + * KM-AES parameter block - begin + * (see z/Architecture Principles of Operation >= SA22-7832-06) + */ + struct { + unsigned char k[32]; + } km; + /* KM-AES parameter block - end */ + /*- + * KMO-AES/KMF-AES parameter block - begin + * (see z/Architecture Principles of Operation >= SA22-7832-08) + */ + struct { + unsigned char cv[16]; + unsigned char k[32]; + } kmo_kmf; + /* KMO-AES/KMF-AES parameter block - end */ + } param; + unsigned int fc; + int res; + } s390x; +#endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */ + } plat; + +} PROV_AES_CTX; + +#define PROV_CIPHER_HW_aes_ofb PROV_CIPHER_HW_aes_ofb128 +#define PROV_CIPHER_HW_aes_cfb PROV_CIPHER_HW_aes_cfb128 +const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_ecb(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_cbc(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_ofb128(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_cfb128(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_cfb1(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_cfb8(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_ctr(size_t keybits); + diff --git a/providers/common/ciphers/cipher_aes_ccm.c b/providers/common/ciphers/cipher_aes_ccm.c new file mode 100644 index 0000000000..26b508df29 --- /dev/null +++ b/providers/common/ciphers/cipher_aes_ccm.c @@ -0,0 +1,37 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for AES CCM mode */ + +#include "cipher_locl.h" + +static void *aes_ccm_newctx(void *provctx, size_t keybits) +{ + PROV_AES_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) + ccm_initctx(&ctx->base, keybits, PROV_AES_HW_ccm(keybits)); + return ctx; +} + +static OSSL_OP_cipher_freectx_fn aes_ccm_freectx; +static void aes_ccm_freectx(void *vctx) +{ + PROV_AES_CCM_CTX *ctx = (PROV_AES_CCM_CTX *)vctx; + + ccm_finalctx((PROV_CCM_CTX *)ctx); + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +/* aes128ccm_functions */ +IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 128, 8, 96); +/* aes192ccm_functions */ +IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 192, 8, 96); +/* aes256ccm_functions */ +IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 256, 8, 96); diff --git a/providers/common/ciphers/cipher_aes_ccm_hw_aesni.inc b/providers/common/ciphers/cipher_aes_ccm_hw_aesni.inc new file mode 100644 index 0000000000..0ace026a89 --- /dev/null +++ b/providers/common/ciphers/cipher_aes_ccm_hw_aesni.inc @@ -0,0 +1,37 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * AES-NI support for AES CCM. + * This file is included by cipher_ccm_hw.c + */ + +static int ccm_aesni_initkey(PROV_CCM_CTX *ctx, const unsigned char *key, + size_t keylen) +{ + PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx; + + AES_CCM_SET_KEY_FN(aesni_set_encrypt_key, aesni_encrypt, + aesni_ccm64_encrypt_blocks, aesni_ccm64_decrypt_blocks); + return 1; +} + +static const PROV_CCM_HW aesni_ccm = { + ccm_aesni_initkey, + ccm_generic_setiv, + ccm_generic_setaad, + ccm_generic_auth_encrypt, + ccm_generic_auth_decrypt, + ccm_generic_gettag +}; + +const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits) +{ + return AESNI_CAPABLE ? &aesni_ccm : &aes_ccm; +} diff --git a/providers/common/ciphers/aes_ccm_s390x.c b/providers/common/ciphers/cipher_aes_ccm_hw_s390x.inc similarity index 97% rename from providers/common/ciphers/aes_ccm_s390x.c rename to providers/common/ciphers/cipher_aes_ccm_hw_s390x.inc index c5aa6bc309..a5025e5960 100644 --- a/providers/common/ciphers/aes_ccm_s390x.c +++ b/providers/common/ciphers/cipher_aes_ccm_hw_s390x.inc @@ -7,10 +7,15 @@ * https://www.openssl.org/source/license.html */ +/*- + * S390X support for AES CCM. + * This file is included by cipher_ccm_hw.c + */ + #define S390X_CCM_AAD_FLAG 0x40 -static int s390x_aes_ccm_init_key(PROV_CCM_CTX *ctx, - const unsigned char *key, size_t keylen) +static int s390x_aes_ccm_initkey(PROV_CCM_CTX *ctx, + const unsigned char *key, size_t keylen) { PROV_AES_CCM_CTX *sctx = (PROV_AES_CCM_CTX *)ctx; @@ -245,7 +250,7 @@ static int s390x_aes_ccm_auth_decrypt(PROV_CCM_CTX *ctx, } static const PROV_CCM_HW s390x_aes_ccm = { - s390x_aes_ccm_init_key, + s390x_aes_ccm_initkey, s390x_aes_ccm_setiv, s390x_aes_ccm_setaad, s390x_aes_ccm_auth_encrypt, diff --git a/providers/common/ciphers/cipher_aes_ccm_hw_t4.inc b/providers/common/ciphers/cipher_aes_ccm_hw_t4.inc new file mode 100644 index 0000000000..0dc6efcef4 --- /dev/null +++ b/providers/common/ciphers/cipher_aes_ccm_hw_t4.inc @@ -0,0 +1,36 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * Fujitsu SPARC64 X support for AES CCM. + * This file is included by cipher_ccm_hw.c + */ + +static int ccm_t4_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key, + size_t keylen) +{ + PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx; + + AES_CCM_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_encrypt, NULL, NULL); + return 1; +} + +static const PROV_CCM_HW t4_aes_ccm = { + ccm_t4_aes_initkey, + ccm_generic_setiv, + ccm_generic_setaad, + ccm_generic_auth_encrypt, + ccm_generic_auth_decrypt, + ccm_generic_gettag +}; + +const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits) +{ + return SPARC_AES_CAPABLE ? &t4_aes_ccm : &aes_ccm; +} diff --git a/providers/common/ciphers/cipher_aes_gcm.c b/providers/common/ciphers/cipher_aes_gcm.c new file mode 100644 index 0000000000..60df02588f --- /dev/null +++ b/providers/common/ciphers/cipher_aes_gcm.c @@ -0,0 +1,37 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for AES GCM mode */ + +#include "cipher_locl.h" + +static void *aes_gcm_newctx(void *provctx, size_t keybits) +{ + PROV_AES_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) + gcm_initctx(provctx, &ctx->base, keybits, PROV_AES_HW_gcm(keybits), 8); + return ctx; +} + +static OSSL_OP_cipher_freectx_fn aes_gcm_freectx; +static void aes_gcm_freectx(void *vctx) +{ + PROV_AES_GCM_CTX *ctx = (PROV_AES_GCM_CTX *)vctx; + + gcm_deinitctx((PROV_GCM_CTX *)ctx); + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +/* aes128gcm_functions */ +IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_FLAGS, 128, 8, 96); +/* aes192gcm_functions */ +IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_FLAGS, 192, 8, 96); +/* aes256gcm_functions */ +IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_FLAGS, 256, 8, 96); diff --git a/providers/common/ciphers/cipher_aes_gcm_hw_aesni.inc b/providers/common/ciphers/cipher_aes_gcm_hw_aesni.inc new file mode 100644 index 0000000000..c0cb231ff4 --- /dev/null +++ b/providers/common/ciphers/cipher_aes_gcm_hw_aesni.inc @@ -0,0 +1,39 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * AES-NI support for AES GCM. + * This file is included by cipher_gcm_hw.c + */ + +static int aesni_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, + size_t keylen) +{ + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; + AES_KEY *ks = &actx->ks.ks; + + SET_KEY_CTR_FN(ks, aesni_set_encrypt_key, aesni_encrypt, + aesni_ctr32_encrypt_blocks); + return 1; +} + +static const PROV_GCM_HW aesni_gcm = { + aesni_gcm_initkey, + gcm_setiv, + gcm_aad_update, + gcm_cipher_update, + gcm_cipher_final, + gcm_one_shot +}; + +const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits) +{ + return AESNI_CAPABLE ? &aesni_gcm : &aes_gcm; +} + diff --git a/providers/common/ciphers/gcm_s390x.c b/providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc similarity index 97% rename from providers/common/ciphers/gcm_s390x.c rename to providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc index 68b06c870a..ceb733db59 100644 --- a/providers/common/ciphers/gcm_s390x.c +++ b/providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc @@ -7,16 +7,16 @@ * https://www.openssl.org/source/license.html */ -/* - * IBM S390X AES GCM support - * Note this file is included by aes_gcm_hw.c +/*- + * IBM S390X support for AES GCM. + * This file is included by cipher_gcm_hw.c */ /* iv + padding length for iv lengths != 12 */ #define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) -static int s390x_aes_gcm_init_key(PROV_GCM_CTX *ctx, - const unsigned char *key, size_t keylen) +static int s390x_aes_gcm_initkey(PROV_GCM_CTX *ctx, + const unsigned char *key, size_t keylen) { PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; @@ -285,7 +285,7 @@ static int s390x_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, } static const PROV_GCM_HW s390x_aes_gcm = { - s390x_aes_gcm_init_key, + s390x_aes_gcm_initkey, s390x_aes_gcm_setiv, s390x_aes_gcm_aad_update, s390x_aes_gcm_cipher_update, diff --git a/providers/common/ciphers/cipher_aes_gcm_hw_t4.inc b/providers/common/ciphers/cipher_aes_gcm_hw_t4.inc new file mode 100644 index 0000000000..0cb3f811e1 --- /dev/null +++ b/providers/common/ciphers/cipher_aes_gcm_hw_t4.inc @@ -0,0 +1,52 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * Fujitsu SPARC64 X support for AES GCM. + * This file is included by cipher_gcm_hw.c + */ + +static int t4_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, + size_t keylen) +{ + ctr128_f ctr; + PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; + AES_KEY *ks = &actx->ks.ks; + + + switch (keylen) { + case 16: + ctr = (ctr128_f)aes128_t4_ctr32_encrypt; + break; + case 24: + ctr = (ctr128_f)aes192_t4_ctr32_encrypt; + break; + case 32: + ctr = (ctr128_f)aes256_t4_ctr32_encrypt; + break; + default: + return 0; + } + + SET_KEY_CTR_FN(ks, aes_t4_set_encrypt_key, aes_t4_encrypt, ctr); + return 1; +} + +static const PROV_GCM_HW t4_aes_gcm = { + t4_aes_gcm_initkey, + gcm_setiv, + gcm_aad_update, + gcm_cipher_update, + gcm_cipher_final, + gcm_one_shot +}; +const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits) +{ + return SPARC_AES_CAPABLE ? &t4_aes_gcm : &aes_gcm; +} diff --git a/providers/common/ciphers/cipher_aes_hw.c b/providers/common/ciphers/cipher_aes_hw.c new file mode 100644 index 0000000000..d80c63ecf9 --- /dev/null +++ b/providers/common/ciphers/cipher_aes_hw.c @@ -0,0 +1,138 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "cipher_locl.h" + +static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat, + const unsigned char *key, size_t keylen) +{ + int ret; + PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + AES_KEY *ks = &adat->ks.ks; + + dat->ks = ks; + + if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) + && !dat->enc) { +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { + ret = HWAES_set_decrypt_key(key, keylen * 8, ks); + dat->block = (block128_f)HWAES_decrypt; + dat->stream.cbc = NULL; +# ifdef HWAES_cbc_encrypt + if (dat->mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; +# endif + } else +#endif +#ifdef BSAES_CAPABLE + if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) { + ret = AES_set_decrypt_key(key, keylen * 8, ks); + dat->block = (block128_f)AES_decrypt; + dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt; + } else +#endif +#ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + ret = vpaes_set_decrypt_key(key, keylen * 8, ks); + dat->block = (block128_f)vpaes_decrypt; + dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) + ?(cbc128_f)vpaes_cbc_encrypt : NULL; + } else +#endif + { + ret = AES_set_decrypt_key(key, keylen * 8, ks); + dat->block = (block128_f)AES_decrypt; + dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) + ? (cbc128_f)AES_cbc_encrypt : NULL; + } + } else +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { + ret = HWAES_set_encrypt_key(key, keylen * 8, ks); + dat->block = (block128_f)HWAES_encrypt; + dat->stream.cbc = NULL; +# ifdef HWAES_cbc_encrypt + if (dat->mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; + else +# endif +# ifdef HWAES_ctr32_encrypt_blocks + if (dat->mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks; + else +# endif + (void)0; /* terminate potentially open 'else' */ + } else +#endif +#ifdef BSAES_CAPABLE + if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) { + ret = AES_set_encrypt_key(key, keylen * 8, ks); + dat->block = (block128_f)AES_encrypt; + dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks; + } else +#endif +#ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + ret = vpaes_set_encrypt_key(key, keylen * 8, ks); + dat->block = (block128_f)vpaes_encrypt; + dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) + ? (cbc128_f)vpaes_cbc_encrypt : NULL; + } else +#endif + { + ret = AES_set_encrypt_key(key, keylen * 8, ks); + dat->block = (block128_f)AES_encrypt; + dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) + ? (cbc128_f)AES_cbc_encrypt : NULL; +#ifdef AES_CTR_ASM + if (dat->mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt; +#endif + } + + if (ret < 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED); + return 0; + } + + return 1; +} + +#define PROV_CIPHER_HW_aes_mode(mode) \ +static const PROV_CIPHER_HW aes_##mode = { \ + cipher_hw_aes_initkey, \ + cipher_hw_generic_##mode \ +}; \ +PROV_CIPHER_HW_declare(mode) \ +const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_##mode(size_t keybits) \ +{ \ + PROV_CIPHER_HW_select(mode) \ + return &aes_##mode; \ +} + +#if defined(AESNI_CAPABLE) +# include "cipher_aes_hw_aesni.inc" +#elif defined(SPARC_AES_CAPABLE) +# include "cipher_aes_hw_t4.inc" +#elif defined(S390X_aes_128_CAPABLE) +# include "cipher_aes_hw_s390x.inc" +#else +/* The generic case */ +# define PROV_CIPHER_HW_declare(mode) +# define PROV_CIPHER_HW_select(mode) +#endif + +PROV_CIPHER_HW_aes_mode(cbc) +PROV_CIPHER_HW_aes_mode(ecb) +PROV_CIPHER_HW_aes_mode(ofb128) +PROV_CIPHER_HW_aes_mode(cfb128) +PROV_CIPHER_HW_aes_mode(cfb1) +PROV_CIPHER_HW_aes_mode(cfb8) +PROV_CIPHER_HW_aes_mode(ctr) diff --git a/providers/common/ciphers/cipher_aes_hw_aesni.inc b/providers/common/ciphers/cipher_aes_hw_aesni.inc new file mode 100644 index 0000000000..6070939dee --- /dev/null +++ b/providers/common/ciphers/cipher_aes_hw_aesni.inc @@ -0,0 +1,83 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * AES-NI support for AES modes ecb, cbc, ofb, cfb, ctr. + * This file is included by cipher_aes_hw.c + */ + +#define cipher_hw_aesni_ofb128 cipher_hw_generic_ofb128 +#define cipher_hw_aesni_cfb128 cipher_hw_generic_cfb128 +#define cipher_hw_aesni_cfb8 cipher_hw_generic_cfb8 +#define cipher_hw_aesni_cfb1 cipher_hw_generic_cfb1 +#define cipher_hw_aesni_ctr cipher_hw_generic_ctr + +static int cipher_hw_aesni_initkey(PROV_CIPHER_CTX *dat, + const unsigned char *key, size_t keylen) +{ + int ret; + PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + AES_KEY *ks = &adat->ks.ks; + + dat->ks = ks; + + if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) + && !dat->enc) { + ret = aesni_set_decrypt_key(key, keylen * 8, ks); + dat->block = (block128_f) aesni_decrypt; + dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) aesni_cbc_encrypt : NULL; + } else { + ret = aesni_set_encrypt_key(key, keylen * 8, ks); + dat->block = (block128_f) aesni_encrypt; + if (dat->mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt; + else if (dat->mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; + else + dat->stream.cbc = NULL; + } + + if (ret < 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED); + return 0; + } + + return 1; +} + +static int cipher_hw_aesni_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + const AES_KEY *ks = ctx->ks; + + aesni_cbc_encrypt(in, out, len, ks, ctx->iv, ctx->enc); + + return 1; +} + +static int cipher_hw_aesni_ecb(PROV_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + if (len < ctx->blocksize) + return 1; + + aesni_ecb_encrypt(in, out, len, ctx->ks, ctx->enc); + + return 1; +} + +#define PROV_CIPHER_HW_declare(mode) \ +static const PROV_CIPHER_HW aesni_##mode = { \ + cipher_hw_aesni_initkey, \ + cipher_hw_aesni_##mode \ +}; +#define PROV_CIPHER_HW_select(mode) \ +if (AESNI_CAPABLE) \ + return &aesni_##mode; diff --git a/providers/common/ciphers/cipher_aes_hw_s390x.inc b/providers/common/ciphers/cipher_aes_hw_s390x.inc new file mode 100644 index 0000000000..1a8ee07c87 --- /dev/null +++ b/providers/common/ciphers/cipher_aes_hw_s390x.inc @@ -0,0 +1,196 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * IBM S390X support for AES modes ecb, cbc, ofb, cfb, ctr. + * This file is included by cipher_aes_hw.c + */ + +#include "s390x_arch.h" + +#define s390x_aes_cbc_initkey cipher_hw_aes_initkey +#define s390x_aes_cfb1_initkey cipher_hw_aes_initkey +#define s390x_aes_ctr_initkey cipher_hw_aes_initkey +#define s390x_aes_cbc_cipher_hw cipher_hw_generic_cbc +#define s390x_aes_cfb1_cipher_hw cipher_hw_generic_cfb1 +#define s390x_aes_ctr_cipher_hw cipher_hw_generic_ctr + +static int s390x_aes_ecb_initkey(PROV_CIPHER_CTX *dat, + const unsigned char *key, size_t keylen) +{ + PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + + adat->plat.s390x.fc = S390X_AES_FC(keylen); + if (!dat->enc) + adat->plat.s390x.fc |= S390X_DECRYPT; + + memcpy(adat->plat.s390x.param.km.k, key, keylen); + return 1; +} + +static int s390x_aes_ecb_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + + s390x_km(in, len, out, adat->plat.s390x.fc, &adat->plat.s390x.param.km); + return 1; +} + +static int s390x_aes_ofb_initkey(PROV_CIPHER_CTX *dat, + const unsigned char *key, size_t keylen) +{ + PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + + memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->blocksize); + memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen); + adat->plat.s390x.fc = S390X_AES_FC(keylen); + adat->plat.s390x.res = 0; + return 1; +} + +static int s390x_aes_ofb_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + int n = adat->plat.s390x.res; + int rem; + + while (n && len) { + *out = *in ^ adat->plat.s390x.param.kmo_kmf.cv[n]; + n = (n + 1) & 0xf; + --len; + ++in; + ++out; + } + + rem = len & 0xf; + + len &= ~(size_t)0xf; + if (len) { + s390x_kmo(in, len, out, adat->plat.s390x.fc, + &adat->plat.s390x.param.kmo_kmf); + + out += len; + in += len; + } + + if (rem) { + s390x_km(adat->plat.s390x.param.kmo_kmf.cv, 16, + adat->plat.s390x.param.kmo_kmf.cv, adat->plat.s390x.fc, + adat->plat.s390x.param.kmo_kmf.k); + + while (rem--) { + out[n] = in[n] ^ adat->plat.s390x.param.kmo_kmf.cv[n]; + ++n; + } + } + + adat->plat.s390x.res = n; + return 1; +} + +static int s390x_aes_cfb_initkey(PROV_CIPHER_CTX *dat, + const unsigned char *key, size_t keylen) +{ + PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + + adat->plat.s390x.fc = S390X_AES_FC(keylen); + adat->plat.s390x.fc |= 16 << 24; /* 16 bytes cipher feedback */ + if (!dat->enc) + adat->plat.s390x.fc |= S390X_DECRYPT; + + adat->plat.s390x.res = 0; + memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->blocksize); + memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen); + return 1; +} + +static int s390x_aes_cfb_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + int n = adat->plat.s390x.res; + int rem; + unsigned char tmp; + + while (n && len) { + tmp = *in; + *out = adat->plat.s390x.param.kmo_kmf.cv[n] ^ tmp; + adat->plat.s390x.param.kmo_kmf.cv[n] = dat->enc ? *out : tmp; + n = (n + 1) & 0xf; + --len; + ++in; + ++out; + } + + rem = len & 0xf; + + len &= ~(size_t)0xf; + if (len) { + s390x_kmf(in, len, out, adat->plat.s390x.fc, + &adat->plat.s390x.param.kmo_kmf); + + out += len; + in += len; + } + + if (rem) { + s390x_km(adat->plat.s390x.param.kmo_kmf.cv, 16, + adat->plat.s390x.param.kmo_kmf.cv, + S390X_AES_FC(dat->keylen), adat->plat.s390x.param.kmo_kmf.k); + + while (rem--) { + tmp = in[n]; + out[n] = adat->plat.s390x.param.kmo_kmf.cv[n] ^ tmp; + adat->plat.s390x.param.kmo_kmf.cv[n] = dat->enc ? out[n] : tmp; + ++n; + } + } + + adat->plat.s390x.res = n; + return 1; +} + +static int s390x_aes_cfb8_initkey(PROV_CIPHER_CTX *dat, + const unsigned char *key, size_t keylen) +{ + PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + + adat->plat.s390x.fc = S390X_AES_FC(keylen); + adat->plat.s390x.fc |= 1 << 24; /* 1 byte cipher feedback */ + if (!dat->enc) + adat->plat.s390x.fc |= S390X_DECRYPT; + + memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->blocksize); + memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen); + return 1; +} + +static int s390x_aes_cfb8_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + + s390x_kmf(in, len, out, adat->plat.s390x.fc, + &adat->plat.s390x.param.kmo_kmf); + return 1; +} + +#define PROV_CIPHER_HW_declare(mode) \ +static const PROV_CIPHER_HW s390x_aes_##mode = { \ + s390x_aes_##mode##_initkey, \ + s390x_aes_##mode##_cipher_hw \ +}; +#define PROV_CIPHER_HW_select(mode) \ +if ((keybits == 128 && S390X_aes_128_##mode##_CAPABLE) \ + || (keybits == 192 && S390X_aes_192_##mode##_CAPABLE) \ + || (keybits == 256 && S390X_aes_256_##mode##_CAPABLE)) \ + return &s390x_aes_##mode; + diff --git a/providers/common/ciphers/cipher_aes_hw_t4.inc b/providers/common/ciphers/cipher_aes_hw_t4.inc new file mode 100644 index 0000000000..f7e363e5c3 --- /dev/null +++ b/providers/common/ciphers/cipher_aes_hw_t4.inc @@ -0,0 +1,94 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * Sparc t4 support for AES modes ecb, cbc, ofb, cfb, ctr. + * This file is included by cipher_aes_hw.c + */ + +static int cipher_hw_aes_t4_initkey(PROV_CIPHER_CTX *dat, + const unsigned char *key, size_t keylen) +{ + int ret, bits; + PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + + dat->ks = &adat->ks.ks; + + bits = keylen * 8; + if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) + && !dat->enc) { + ret = 0; + aes_t4_set_decrypt_key(key, bits, dat->ks); + dat->block = (block128_f) aes_t4_decrypt; + switch (bits) { + case 128: + dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) aes128_t4_cbc_decrypt : NULL; + break; + case 192: + dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) aes192_t4_cbc_decrypt : NULL; + break; + case 256: + dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) aes256_t4_cbc_decrypt : NULL; + break; + default: + ret = -1; + } + } else { + ret = 0; + aes_t4_set_encrypt_key(key, bits, dat->ks); + dat->block = (block128_f)aes_t4_encrypt; + switch (bits) { + case 128: + if (dat->mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)aes128_t4_cbc_encrypt; + else if (dat->mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)aes128_t4_ctr32_encrypt; + else + dat->stream.cbc = NULL; + break; + case 192: + if (dat->mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)aes192_t4_cbc_encrypt; + else if (dat->mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)aes192_t4_ctr32_encrypt; + else + dat->stream.cbc = NULL; + break; + case 256: + if (dat->mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)aes256_t4_cbc_encrypt; + else if (dat->mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)aes256_t4_ctr32_encrypt; + else + dat->stream.cbc = NULL; + break; + default: + ret = -1; + } + } + + if (ret < 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED); + return 0; + } + + return 1; +} + +#define PROV_CIPHER_HW_declare(mode) \ +static const PROV_CIPHER_HW aes_t4_##mode = { \ + cipher_hw_aes_t4_initkey, \ + cipher_hw_generic_##mode \ +}; +#define PROV_CIPHER_HW_select(mode) \ + if (SPARC_AES_CAPABLE) \ + return aes_t4_##mode; diff --git a/providers/common/ciphers/cipher_aria.c b/providers/common/ciphers/cipher_aria.c new file mode 100644 index 0000000000..5b7e8398bc --- /dev/null +++ b/providers/common/ciphers/cipher_aria.c @@ -0,0 +1,79 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for ARIA cipher modes ecb, cbc, ofb, cfb, ctr */ + +#include "cipher_locl.h" + +static OSSL_OP_cipher_freectx_fn aria_freectx; +static OSSL_OP_cipher_dupctx_fn aria_dupctx; + +static void aria_freectx(void *vctx) +{ + PROV_ARIA_CTX *ctx = (PROV_ARIA_CTX *)vctx; + + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +static void *aria_dupctx(void *ctx) +{ + PROV_ARIA_CTX *in = (PROV_ARIA_CTX *)ctx; + PROV_ARIA_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + + if (ret == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return NULL; + } + *ret = *in; + + return ret; +} + +/* aria256ecb_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 256, 128, 0, block) +/* aria192ecb_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 192, 128, 0, block) +/* aria128ecb_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 128, 128, 0, block) +/* aria256cbc_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 256, 128, 128, block) +/* aria192cbc_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 192, 128, 128, block) +/* aria128cbc_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 128, 128, 128, block) +/* aria256ofb_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 256, 8, 128, stream) +/* aria192ofb_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 192, 8, 128, stream) +/* aria128ofb_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 128, 8, 128, stream) +/* aria256cfb_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 256, 8, 128, stream) +/* aria192cfb_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 192, 8, 128, stream) +/* aria128cfb_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 128, 8, 128, stream) +/* aria256cfb1_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 256, 8, 128, stream) +/* aria192cfb1_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 192, 8, 128, stream) +/* aria128cfb1_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 128, 8, 128, stream) +/* aria256cfb8_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 256, 8, 128, stream) +/* aria192cfb8_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 192, 8, 128, stream) +/* aria128cfb8_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 128, 8, 128, stream) +/* aria256ctr_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 256, 8, 128, stream) +/* aria192ctr_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 192, 8, 128, stream) +/* aria128ctr_functions */ +IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 128, 8, 128, stream) diff --git a/providers/common/ciphers/cipher_aria.h b/providers/common/ciphers/cipher_aria.h new file mode 100644 index 0000000000..2b8015f6d7 --- /dev/null +++ b/providers/common/ciphers/cipher_aria.h @@ -0,0 +1,31 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#if !defined(OPENSSL_NO_ARIA) +# include "internal/aria.h" + +typedef struct prov_aria_ctx_st { + PROV_CIPHER_CTX base; /* Must be first */ + union { + OSSL_UNION_ALIGN; + ARIA_KEY ks; + } ks; +} PROV_ARIA_CTX; + +# define PROV_CIPHER_HW_aria_ofb PROV_CIPHER_HW_aria_ofb128 +# define PROV_CIPHER_HW_aria_cfb PROV_CIPHER_HW_aria_cfb128 +const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_ecb(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cbc(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_ofb128(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cfb128(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cfb1(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cfb8(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_ctr(size_t keybits); + +#endif /* OPENSSL_NO_ARIA */ diff --git a/providers/common/ciphers/cipher_aria_ccm.c b/providers/common/ciphers/cipher_aria_ccm.c new file mode 100644 index 0000000000..061ce53176 --- /dev/null +++ b/providers/common/ciphers/cipher_aria_ccm.c @@ -0,0 +1,38 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for ARIA CCM mode */ + +#include "cipher_locl.h" + +static void *aria_ccm_newctx(void *provctx, size_t keybits) +{ + PROV_ARIA_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) + ccm_initctx(&ctx->base, keybits, PROV_ARIA_HW_ccm(keybits)); + return ctx; +} + +static OSSL_OP_cipher_freectx_fn aria_ccm_freectx; +static void aria_ccm_freectx(void *vctx) +{ + PROV_ARIA_CCM_CTX *ctx = (PROV_ARIA_CCM_CTX *)vctx; + + ccm_finalctx((PROV_CCM_CTX *)ctx); + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +/* aria128ccm functions */ +IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 128, 8, 96); +/* aria192ccm functions */ +IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 192, 8, 96); +/* aria256ccm functions */ +IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 256, 8, 96); + diff --git a/providers/common/ciphers/cipher_aria_ccm_hw.inc b/providers/common/ciphers/cipher_aria_ccm_hw.inc new file mode 100644 index 0000000000..d980fa9b97 --- /dev/null +++ b/providers/common/ciphers/cipher_aria_ccm_hw.inc @@ -0,0 +1,42 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * Generic support for ARIA CCM. + * This file is included by cipher_ccm_hw.c + */ + +#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) + +static int ccm_aria_initkey(PROV_CCM_CTX *ctx, + const unsigned char *key, size_t keylen) +{ + PROV_ARIA_CCM_CTX *actx = (PROV_ARIA_CCM_CTX *)ctx; + + aria_set_encrypt_key(key, keylen * 8, &actx->ks.ks); + CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ks.ks, + (block128_f)aria_encrypt); + ctx->str = NULL; + ctx->key_set = 1; + return 1; +} + +static const PROV_CCM_HW ccm_aria = { + ccm_aria_initkey, + ccm_generic_setiv, + ccm_generic_setaad, + ccm_generic_auth_encrypt, + ccm_generic_auth_decrypt, + ccm_generic_gettag +}; +const PROV_CCM_HW *PROV_ARIA_HW_ccm(size_t keybits) +{ + return &ccm_aria; +} +#endif /* OPENSSL_NO_ARIA */ diff --git a/providers/common/ciphers/cipher_aria_gcm.c b/providers/common/ciphers/cipher_aria_gcm.c new file mode 100644 index 0000000000..c68ad2c3ae --- /dev/null +++ b/providers/common/ciphers/cipher_aria_gcm.c @@ -0,0 +1,38 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for ARIA GCM mode */ + +#include "cipher_locl.h" + +static void *aria_gcm_newctx(void *provctx, size_t keybits) +{ + PROV_ARIA_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) + gcm_initctx(provctx, &ctx->base, keybits, PROV_ARIA_HW_gcm(keybits), 4); + return ctx; +} + +static OSSL_OP_cipher_freectx_fn aria_gcm_freectx; +static void aria_gcm_freectx(void *vctx) +{ + PROV_ARIA_GCM_CTX *ctx = (PROV_ARIA_GCM_CTX *)vctx; + + gcm_deinitctx((PROV_GCM_CTX *)ctx); + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +/* aria128gcm_functions */ +IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 128, 8, 96); +/* aria192gcm_functions */ +IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 192, 8, 96); +/* aria256gcm_functions */ +IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 256, 8, 96); + diff --git a/providers/common/ciphers/cipher_aria_gcm_hw.inc b/providers/common/ciphers/cipher_aria_gcm_hw.inc new file mode 100644 index 0000000000..fcb9bfce2b --- /dev/null +++ b/providers/common/ciphers/cipher_aria_gcm_hw.inc @@ -0,0 +1,53 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * Generic support for ARIA GCM. + * This file is included by cipher_gcm_hw.c + */ + +#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) + +static int aria_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, + size_t keylen) +{ + PROV_ARIA_GCM_CTX *actx = (PROV_ARIA_GCM_CTX *)ctx; + ARIA_KEY *ks = &actx->ks.ks; + + SET_KEY_CTR_FN(ks, aria_set_encrypt_key, aria_encrypt, NULL); + return 1; +} + +static int aria_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, + size_t len, unsigned char *out) +{ + if (ctx->enc) { + if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len)) + return 0; + } else { + if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len)) + return 0; + } + return 1; +} + +static const PROV_GCM_HW aria_gcm = { + aria_gcm_initkey, + gcm_setiv, + gcm_aad_update, + aria_cipher_update, + gcm_cipher_final, + gcm_one_shot +}; +const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits) +{ + return &aria_gcm; +} + +#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */ diff --git a/providers/common/ciphers/cipher_aria_hw.c b/providers/common/ciphers/cipher_aria_hw.c new file mode 100644 index 0000000000..2a89573521 --- /dev/null +++ b/providers/common/ciphers/cipher_aria_hw.c @@ -0,0 +1,48 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "cipher_locl.h" + +static int cipher_hw_aria_initkey(PROV_CIPHER_CTX *dat, + const unsigned char *key, size_t keylen) +{ + int ret, mode = dat->mode; + PROV_ARIA_CTX *adat = (PROV_ARIA_CTX *)dat; + ARIA_KEY *ks = &adat->ks.ks; + + if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) + ret = aria_set_encrypt_key(key, keylen * 8, ks); + else + ret = aria_set_decrypt_key(key, keylen * 8, ks); + if (ret < 0) { + ERR_raise(ERR_LIB_PROV, EVP_R_ARIA_KEY_SETUP_FAILED); + return 0; + } + dat->ks = ks; + dat->block = (block128_f)aria_encrypt; + return 1; +} + +# define PROV_CIPHER_HW_aria_mode(mode) \ +static const PROV_CIPHER_HW aria_##mode = { \ + cipher_hw_aria_initkey, \ + cipher_hw_chunked_##mode \ +}; \ +const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_##mode(size_t keybits) \ +{ \ + return &aria_##mode; \ +} + +PROV_CIPHER_HW_aria_mode(cbc) +PROV_CIPHER_HW_aria_mode(ecb) +PROV_CIPHER_HW_aria_mode(ofb128) +PROV_CIPHER_HW_aria_mode(cfb128) +PROV_CIPHER_HW_aria_mode(cfb1) +PROV_CIPHER_HW_aria_mode(cfb8) +PROV_CIPHER_HW_aria_mode(ctr) diff --git a/providers/common/ciphers/cipher_camellia.c b/providers/common/ciphers/cipher_camellia.c new file mode 100644 index 0000000000..9215346924 --- /dev/null +++ b/providers/common/ciphers/cipher_camellia.c @@ -0,0 +1,82 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for CAMELLIA cipher modes ecb, cbc, ofb, cfb, ctr */ + +#include "cipher_locl.h" + +#if !defined(OPENSSL_NO_CAMELLIA) +static OSSL_OP_cipher_freectx_fn camellia_freectx; +static OSSL_OP_cipher_dupctx_fn camellia_dupctx; + +static void camellia_freectx(void *vctx) +{ + PROV_CAMELLIA_CTX *ctx = (PROV_CAMELLIA_CTX *)vctx; + + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +static void *camellia_dupctx(void *ctx) +{ + PROV_CAMELLIA_CTX *in = (PROV_CAMELLIA_CTX *)ctx; + PROV_CAMELLIA_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + + if (ret == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return NULL; + } + *ret = *in; + + return ret; +} + +/* camellia256ecb_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 256, 128, 0, block) +/* camellia192ecb_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 192, 128, 0, block) +/* camellia128ecb_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 128, 128, 0, block) +/* camellia256cbc_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 256, 128, 128, block) +/* camellia192cbc_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 192, 128, 128, block) +/* camellia128cbc_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 128, 128, 128, block) +/* camellia256ofb_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 256, 8, 128, stream) +/* camellia192ofb_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 192, 8, 128, stream) +/* camellia128ofb_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 128, 8, 128, stream) +/* camellia256cfb_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 256, 8, 128, stream) +/* camellia192cfb_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 192, 8, 128, stream) +/* camellia128cfb_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 128, 8, 128, stream) +/* camellia256cfb1_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 256, 8, 128, stream) +/* camellia192cfb1_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 192, 8, 128, stream) +/* camellia128cfb1_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 128, 8, 128, stream) +/* camellia256cfb8_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 256, 8, 128, stream) +/* camellia192cfb8_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 192, 8, 128, stream) +/* camellia128cfb8_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 128, 8, 128, stream) +/* camellia256ctr_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 256, 8, 128, stream) +/* camellia192ctr_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 192, 8, 128, stream) +/* camellia128ctr_functions */ +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 128, 8, 128, stream) + +#endif /* OPENSSL_NO_CAMELLIA */ diff --git a/providers/common/ciphers/cipher_camellia.h b/providers/common/ciphers/cipher_camellia.h new file mode 100644 index 0000000000..e8e96bad81 --- /dev/null +++ b/providers/common/ciphers/cipher_camellia.h @@ -0,0 +1,32 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_NO_CAMELLIA + +# include + +typedef struct prov_camellia_ctx_st { + PROV_CIPHER_CTX base; /* Must be first */ + union { + OSSL_UNION_ALIGN; + CAMELLIA_KEY ks; + } ks; +} PROV_CAMELLIA_CTX; + +# define PROV_CIPHER_HW_camellia_ofb PROV_CIPHER_HW_camellia_ofb128 +# define PROV_CIPHER_HW_camellia_cfb PROV_CIPHER_HW_camellia_cfb128 +const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_ecb(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cbc(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_ofb128(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cfb128(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cfb1(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cfb8(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_ctr(size_t keybits); + +#endif /* OPENSSL_NO_CAMELLIA */ diff --git a/providers/common/ciphers/cipher_camellia_hw.c b/providers/common/ciphers/cipher_camellia_hw.c new file mode 100644 index 0000000000..dd65b31aef --- /dev/null +++ b/providers/common/ciphers/cipher_camellia_hw.c @@ -0,0 +1,65 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "cipher_locl.h" + +#if !defined(OPENSSL_NO_CAMELLIA) +static int cipher_hw_camellia_initkey(PROV_CIPHER_CTX *dat, + const unsigned char *key, size_t keylen) +{ + int ret, mode = dat->mode; + PROV_CAMELLIA_CTX *adat = (PROV_CAMELLIA_CTX *)dat; + CAMELLIA_KEY *ks = &adat->ks.ks; + + dat->ks = ks; + ret = Camellia_set_key(key, keylen * 8, ks); + if (ret < 0) { + ERR_raise(ERR_LIB_PROV, EVP_R_ARIA_KEY_SETUP_FAILED); + return 0; + } + if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) { + dat->block = (block128_f) Camellia_encrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) Camellia_cbc_encrypt : NULL; + } else { + dat->block = (block128_f) Camellia_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) Camellia_cbc_encrypt : NULL; + } + return 1; +} + +# if defined(SPARC_CMLL_CAPABLE) +# include "cipher_camellia_hw_t4.inc" +# else +/* The generic case */ +# define PROV_CIPHER_HW_declare(mode) +# define PROV_CIPHER_HW_select(mode) +# endif /* SPARC_CMLL_CAPABLE */ + +#define PROV_CIPHER_HW_camellia_mode(mode) \ +static const PROV_CIPHER_HW camellia_##mode = { \ + cipher_hw_camellia_initkey, \ + cipher_hw_generic_##mode \ +}; \ +PROV_CIPHER_HW_declare(mode) \ +const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_##mode(size_t keybits) \ +{ \ + PROV_CIPHER_HW_select(mode) \ + return &camellia_##mode; \ +} + +PROV_CIPHER_HW_camellia_mode(cbc) +PROV_CIPHER_HW_camellia_mode(ecb) +PROV_CIPHER_HW_camellia_mode(ofb128) +PROV_CIPHER_HW_camellia_mode(cfb128) +PROV_CIPHER_HW_camellia_mode(cfb1) +PROV_CIPHER_HW_camellia_mode(cfb8) +PROV_CIPHER_HW_camellia_mode(ctr) +#endif /* OPENSSL_NO_CAMELLIA */ diff --git a/providers/common/ciphers/cipher_camellia_hw_t4.inc b/providers/common/ciphers/cipher_camellia_hw_t4.inc new file mode 100644 index 0000000000..24e104646b --- /dev/null +++ b/providers/common/ciphers/cipher_camellia_hw_t4.inc @@ -0,0 +1,83 @@ +/* + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/*- + * Fujitsu SPARC64 X support for camellia modes. + * This file is included by cipher_camellia_hw.c + */ + +static int cipher_hw_camellia_t4_initkey(PROV_CIPHER_CTX *dat, + const unsigned char *key, + size_t keylen) +{ + int ret = 0, bits, mode = dat->mode; + PROV_CAMELLIA_CTX *adat = (PROV_CAMELLIA_CTX *)dat; + CAMELLIA_KEY *ks = &adat->ks.ks; + + dat->ks = ks; + bits = keylen * 8; + + cmll_t4_set_key(key, bits, ks); + + if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) { + dat->block = (block128_f) cmll_t4_encrypt; + switch (bits) { + case 128: + if (mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f) cmll128_t4_cbc_encrypt; + else if (mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f) cmll128_t4_ctr32_encrypt; + else + dat->stream.cbc = NULL; + break; + case 192: + case 256: + if (mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f) cmll256_t4_cbc_encrypt; + else if (mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f) cmll256_t4_ctr32_encrypt; + else + dat->stream.cbc = NULL; + break; + default: + ret = -1; + break; + } + } else { + dat->block = (block128_f) cmll_t4_decrypt; + switch (bits) { + case 128: + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) cmll128_t4_cbc_decrypt : NULL; + break; + case 192: + case 256: + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) cmll256_t4_cbc_decrypt : NULL; + break; + default: + ret = -1; + break; + } + } + if (ret < 0) { + ERR_raise(ERR_LIB_PROV, EVP_R_CAMELLIA_KEY_SETUP_FAILED); + return 0; + } + return 1; +} + +#define PROV_CIPHER_HW_declare(mode) \ +static const PROV_CIPHER_HW t4_camellia_##mode = { \ + cipher_hw_camellia_t4_initkey, \ + cipher_hw_generic_##mode \ +}; +#define PROV_CIPHER_HW_select(mode) \ +if (SPARC_CMLL_CAPABLE) \ + return &t4_camellia_##mode; diff --git a/providers/common/ciphers/ccm.c b/providers/common/ciphers/cipher_ccm.c similarity index 77% rename from providers/common/ciphers/ccm.c rename to providers/common/ciphers/cipher_ccm.c index 67a127ac20..980c815aa1 100644 --- a/providers/common/ciphers/ccm.c +++ b/providers/common/ciphers/cipher_ccm.c @@ -7,27 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include -#include -#include -#include -#include "internal/provider_algs.h" -#include "internal/providercommonerr.h" -#include "ciphers_locl.h" - -/* TODO(3.0) Figure out what flags are really needed here */ -#define CCM_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \ - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY) - -static OSSL_OP_cipher_encrypt_init_fn ccm_einit; -static OSSL_OP_cipher_decrypt_init_fn ccm_dinit; -static OSSL_OP_cipher_get_ctx_params_fn ccm_get_ctx_params; -static OSSL_OP_cipher_set_ctx_params_fn ccm_set_ctx_params; -static OSSL_OP_cipher_update_fn ccm_stream_update; -static OSSL_OP_cipher_final_fn ccm_stream_final; -static OSSL_OP_cipher_cipher_fn ccm_cipher; +/* Dispatch functions for ccm mode */ + +#include "cipher_locl.h" static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out, size_t *padlen, const unsigned char *in, @@ -80,7 +62,7 @@ static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx) return 15 - ctx->l; } -static int ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +int ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; const OSSL_PARAM *p; @@ -153,7 +135,7 @@ static int ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 1; } -static int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[]) +int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[]) { PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; OSSL_PARAM *p; @@ -233,19 +215,19 @@ static int ccm_init(void *vctx, const unsigned char *key, size_t keylen, return 1; } -static int ccm_einit(void *vctx, const unsigned char *key, size_t keylen, +int ccm_einit(void *vctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen) { return ccm_init(vctx, key, keylen, iv, ivlen, 1); } -static int ccm_dinit(void *vctx, const unsigned char *key, size_t keylen, +int ccm_dinit(void *vctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen) { return ccm_init(vctx, key, keylen, iv, ivlen, 0); } -static int ccm_stream_update(void *vctx, unsigned char *out, size_t *outl, +int ccm_stream_update(void *vctx, unsigned char *out, size_t *outl, size_t outsize, const unsigned char *in, size_t inl) { @@ -263,7 +245,7 @@ static int ccm_stream_update(void *vctx, unsigned char *out, size_t *outl, return 1; } -static int ccm_stream_final(void *vctx, unsigned char *out, size_t *outl, +int ccm_stream_final(void *vctx, unsigned char *out, size_t *outl, size_t outsize) { PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; @@ -277,7 +259,7 @@ static int ccm_stream_final(void *vctx, unsigned char *out, size_t *outl, return 1; } -static int ccm_cipher(void *vctx, +int ccm_cipher(void *vctx, unsigned char *out, size_t *outl, size_t outsize, const unsigned char *in, size_t inl) { @@ -412,8 +394,7 @@ err: return rv; } -static void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, - const PROV_CCM_HW *hw) +void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw) { ctx->keylen = keybits / 8; ctx->key_set = 0; @@ -426,61 +407,7 @@ static void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, ctx->hw = hw; } -static void ccm_finalctx(PROV_CCM_CTX *ctx) +void ccm_finalctx(PROV_CCM_CTX *ctx) { OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv)); } - -/*- Algorithm specific methods for CCM mode */ - -static void *aes_ccm_newctx(void *provctx, size_t keybits) -{ - PROV_AES_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - ccm_initctx(&ctx->base, keybits, PROV_AES_HW_ccm(keybits)); - return ctx; -} - -static OSSL_OP_cipher_freectx_fn aes_ccm_freectx; -static void aes_ccm_freectx(void *vctx) -{ - PROV_AES_CCM_CTX *ctx = (PROV_AES_CCM_CTX *)vctx; - - ccm_finalctx((PROV_CCM_CTX *)ctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); -} - -/*- CCM Dispatch macros */ - -/* aes128ccm_functions */ -IMPLEMENT_aead_cipher(aes, ccm, CCM, CCM_FLAGS, 128, 8, 96); -/* aes192ccm_functions */ -IMPLEMENT_aead_cipher(aes, ccm, CCM, CCM_FLAGS, 192, 8, 96); -/* aes256ccm_functions */ -IMPLEMENT_aead_cipher(aes, ccm, CCM, CCM_FLAGS, 256, 8, 96); - -#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) -static void *aria_ccm_newctx(void *provctx, size_t keybits) -{ - PROV_ARIA_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - ccm_initctx(&ctx->base, keybits, PROV_ARIA_HW_ccm(keybits)); - return ctx; -} - -static OSSL_OP_cipher_freectx_fn aria_ccm_freectx; -static void aria_ccm_freectx(void *vctx) -{ - PROV_ARIA_CCM_CTX *ctx = (PROV_ARIA_CCM_CTX *)vctx; - - ccm_finalctx((PROV_CCM_CTX *)ctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); -} - -/* aria128ccm functions */ -IMPLEMENT_aead_cipher(aria, ccm, CCM, CCM_FLAGS, 128, 8, 96); -/* aria192ccm functions */ -IMPLEMENT_aead_cipher(aria, ccm, CCM, CCM_FLAGS, 192, 8, 96); -/* aria256ccm functions */ -IMPLEMENT_aead_cipher(aria, ccm, CCM, CCM_FLAGS, 256, 8, 96); -#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */ diff --git a/providers/common/ciphers/ciphers_ccm.h b/providers/common/ciphers/cipher_ccm.h similarity index 92% rename from providers/common/ciphers/ciphers_ccm.h rename to providers/common/ciphers/cipher_ccm.h index 1560d28b4f..d91ad0013e 100644 --- a/providers/common/ciphers/ciphers_ccm.h +++ b/providers/common/ciphers/cipher_ccm.h @@ -122,4 +122,15 @@ typedef struct prov_aria_ccm_ctx_st { } PROV_ARIA_CCM_CTX; const PROV_CCM_HW *PROV_ARIA_HW_ccm(size_t keylen); + #endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */ + +OSSL_OP_cipher_encrypt_init_fn ccm_einit; +OSSL_OP_cipher_decrypt_init_fn ccm_dinit; +OSSL_OP_cipher_get_ctx_params_fn ccm_get_ctx_params; +OSSL_OP_cipher_set_ctx_params_fn ccm_set_ctx_params; +OSSL_OP_cipher_update_fn ccm_stream_update; +OSSL_OP_cipher_final_fn ccm_stream_final; +OSSL_OP_cipher_cipher_fn ccm_cipher; +void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw); +void ccm_finalctx(PROV_CCM_CTX *ctx); diff --git a/providers/common/ciphers/ccm_hw.c b/providers/common/ciphers/cipher_ccm_hw.c similarity index 59% rename from providers/common/ciphers/ccm_hw.c rename to providers/common/ciphers/cipher_ccm_hw.c index c59d88d7e0..3036bfaa2e 100644 --- a/providers/common/ciphers/ccm_hw.c +++ b/providers/common/ciphers/cipher_ccm_hw.c @@ -7,9 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include -#include "ciphers_locl.h" -#include "internal/aes_platform.h" +#include "cipher_locl.h" #define AES_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec) \ fn_set_enc_key(key, keylen * 8, &actx->ccm.ks.ks); \ @@ -18,8 +16,8 @@ ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec; \ ctx->key_set = 1; -static int ccm_generic_aes_init_key(PROV_CCM_CTX *ctx, - const unsigned char *key, size_t keylen) +static int ccm_generic_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key, + size_t keylen) { PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx; @@ -100,68 +98,19 @@ static int ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in, } static const PROV_CCM_HW aes_ccm = { - ccm_generic_aes_init_key, + ccm_generic_aes_initkey, ccm_generic_setiv, ccm_generic_setaad, ccm_generic_auth_encrypt, ccm_generic_auth_decrypt, ccm_generic_gettag }; - #if defined(S390X_aes_128_CAPABLE) -# include "aes_ccm_s390x.c" +# include "cipher_aes_ccm_hw_s390x.inc" #elif defined(AESNI_CAPABLE) - -/* AES-NI section */ -static int ccm_aesni_init_key(PROV_CCM_CTX *ctx, - const unsigned char *key, size_t keylen) -{ - PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx; - - AES_CCM_SET_KEY_FN(aesni_set_encrypt_key, aesni_encrypt, - aesni_ccm64_encrypt_blocks, aesni_ccm64_decrypt_blocks); - return 1; -} - -static const PROV_CCM_HW aesni_ccm = { - ccm_aesni_init_key, - ccm_generic_setiv, - ccm_generic_setaad, - ccm_generic_auth_encrypt, - ccm_generic_auth_decrypt, - ccm_generic_gettag -}; - -const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits) -{ - return AESNI_CAPABLE ? &aesni_ccm : &aes_ccm; -} - +# include "cipher_aes_ccm_hw_aesni.inc" #elif defined(SPARC_AES_CAPABLE) -/* Fujitsu SPARC64 X support */ -static int ccm_t4_aes_init_key(PROV_CCM_CTX *ctx, - const unsigned char *key, size_t keylen) -{ - PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx; - - AES_CCM_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_encrypt, NULL, NULL); - return 1; -} - -static const PROV_CCM_HW t4_aes_ccm = { - ccm_t4_aes_init_key, - ccm_generic_setiv, - ccm_generic_setaad, - ccm_generic_auth_encrypt, - ccm_generic_auth_decrypt, - ccm_generic_gettag -}; - -const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits) -{ - return SPARC_AES_CAPABLE ? &t4_aes_ccm : &aes_ccm; -} - +# include "cipher_aes_ccm_hw_t4.inc" #else const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits) { @@ -169,31 +118,4 @@ const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits) } #endif -#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) -/* ARIA CCM Algorithm specific methods */ -static int ccm_aria_init_key(PROV_CCM_CTX *ctx, - const unsigned char *key, size_t keylen) -{ - PROV_ARIA_CCM_CTX *actx = (PROV_ARIA_CCM_CTX *)ctx; - - aria_set_encrypt_key(key, keylen * 8, &actx->ks.ks); - CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ks.ks, - (block128_f)aria_encrypt); - ctx->str = NULL; - ctx->key_set = 1; - return 1; -} - -static const PROV_CCM_HW ccm_aria = { - ccm_aria_init_key, - ccm_generic_setiv, - ccm_generic_setaad, - ccm_generic_auth_encrypt, - ccm_generic_auth_decrypt, - ccm_generic_gettag -}; -const PROV_CCM_HW *PROV_ARIA_HW_ccm(size_t keybits) -{ - return &ccm_aria; -} -#endif /* OPENSSL_NO_ARIA */ +#include "cipher_aria_ccm_hw.inc" diff --git a/providers/common/ciphers/cipher_common.c b/providers/common/ciphers/cipher_common.c new file mode 100644 index 0000000000..9c9047ca52 --- /dev/null +++ b/providers/common/ciphers/cipher_common.c @@ -0,0 +1,403 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Generic dispatch table functions for ciphers. + */ + +#include "cipher_locl.h" + +#define MAXCHUNK ((size_t)1 << (sizeof(long) * 8 - 2)) +#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) + +/*- + * Default cipher functions for OSSL_PARAM gettables and settables + */ +static const OSSL_PARAM cipher_known_gettable_params[] = { + OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL), + OSSL_PARAM_END +}; +const OSSL_PARAM *cipher_default_gettable_params(void) +{ + return cipher_known_gettable_params; +} + +int cipher_default_get_params(OSSL_PARAM params[], int md, unsigned long flags, + int kbits, int blkbits, int ivbits) +{ + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); + if (p != NULL && !OSSL_PARAM_set_int(p, md)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS); + if (p != NULL && !OSSL_PARAM_set_ulong(p, flags)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); + if (p != NULL && !OSSL_PARAM_set_int(p, kbits / 8)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE); + if (p != NULL && !OSSL_PARAM_set_int(p, blkbits / 8)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); + if (p != NULL && !OSSL_PARAM_set_int(p, ivbits / 8)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + return 1; +} + +static const OSSL_PARAM cipher_known_gettable_ctx_params[] = { + OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_NUM, NULL), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), + OSSL_PARAM_END +}; +const OSSL_PARAM *cipher_default_gettable_ctx_params(void) +{ + return cipher_known_gettable_ctx_params; +} + +static const OSSL_PARAM cipher_known_settable_ctx_params[] = { + OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_NUM, NULL), + OSSL_PARAM_END +}; +const OSSL_PARAM *cipher_default_settable_ctx_params(void) +{ + return cipher_known_settable_ctx_params; +} + +/*- + * AEAD cipher functions for OSSL_PARAM gettables and settables + */ +static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = { + OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), + OSSL_PARAM_END +}; +const OSSL_PARAM *cipher_aead_gettable_ctx_params(void) +{ + return cipher_aead_known_gettable_ctx_params; +} + +static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = { + OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0), + OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0), + OSSL_PARAM_END +}; +const OSSL_PARAM *cipher_aead_settable_ctx_params(void) +{ + return cipher_aead_known_settable_ctx_params; +} + +static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx, + const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen, + int enc) +{ + ctx->enc = enc; + + if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) { + if (ivlen != GENERIC_BLOCK_SIZE) { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + return 0; + } + memcpy(ctx->iv, iv, GENERIC_BLOCK_SIZE); + } + if (key != NULL) { + if (keylen != ctx->keylen) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN); + return 0; + } + return ctx->hw->init(ctx, key, ctx->keylen); + } + return 1; +} + +int cipher_generic_einit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) +{ + return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen, + iv, ivlen, 1); +} + +int cipher_generic_dinit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) +{ + return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen, + iv, ivlen, 0); +} + +int cipher_generic_block_update(void *vctx, unsigned char *out, size_t *outl, + size_t outsize, const unsigned char *in, + size_t inl) +{ + size_t outlint = 0; + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, GENERIC_BLOCK_SIZE, &in, + &inl); + + /* + * If we're decrypting and we end an update on a block boundary we hold + * the last block back in case this is the last update call and the last + * block is padded. + */ + if (ctx->bufsz == GENERIC_BLOCK_SIZE && (ctx->enc || inl > 0 || !ctx->pad)) { + if (outsize < GENERIC_BLOCK_SIZE) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + if (!ctx->hw->cipher(ctx, out, ctx->buf, GENERIC_BLOCK_SIZE)) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + ctx->bufsz = 0; + outlint = GENERIC_BLOCK_SIZE; + out += GENERIC_BLOCK_SIZE; + } + if (nextblocks > 0) { + if (!ctx->enc && ctx->pad && nextblocks == inl) { + if (!ossl_assert(inl >= GENERIC_BLOCK_SIZE)) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + nextblocks -= GENERIC_BLOCK_SIZE; + } + outlint += nextblocks; + if (outsize < outlint) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + if (!ctx->hw->cipher(ctx, out, in, nextblocks)) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + in += nextblocks; + inl -= nextblocks; + } + if (!trailingdata(ctx->buf, &ctx->bufsz, GENERIC_BLOCK_SIZE, &in, &inl)) { + /* ERR_raise already called */ + return 0; + } + + *outl = outlint; + return inl == 0; +} + +int cipher_generic_block_final(void *vctx, unsigned char *out, size_t *outl, + size_t outsize) +{ + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + + if (ctx->enc) { + if (ctx->pad) { + padblock(ctx->buf, &ctx->bufsz, GENERIC_BLOCK_SIZE); + } else if (ctx->bufsz == 0) { + *outl = 0; + return 1; + } else if (ctx->bufsz != GENERIC_BLOCK_SIZE) { + ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH); + return 0; + } + + if (outsize < GENERIC_BLOCK_SIZE) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + if (!ctx->hw->cipher(ctx, out, ctx->buf, GENERIC_BLOCK_SIZE)) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + ctx->bufsz = 0; + *outl = GENERIC_BLOCK_SIZE; + return 1; + } + + /* Decrypting */ + if (ctx->bufsz != GENERIC_BLOCK_SIZE) { + if (ctx->bufsz == 0 && !ctx->pad) { + *outl = 0; + return 1; + } + ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH); + return 0; + } + + if (!ctx->hw->cipher(ctx, ctx->buf, ctx->buf, GENERIC_BLOCK_SIZE)) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + + if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, GENERIC_BLOCK_SIZE)) { + /* ERR_raise already called */ + return 0; + } + + if (outsize < ctx->bufsz) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + memcpy(out, ctx->buf, ctx->bufsz); + *outl = ctx->bufsz; + ctx->bufsz = 0; + return 1; +} + +int cipher_generic_stream_update(void *vctx, unsigned char *out, size_t *outl, + size_t outsize, const unsigned char *in, + size_t inl) +{ + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + + if (outsize < inl) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + + if (!ctx->hw->cipher(ctx, out, in, inl)) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + + *outl = inl; + return 1; +} +int cipher_generic_stream_final(void *vctx, unsigned char *out, size_t *outl, + size_t outsize) +{ + *outl = 0; + return 1; +} + +int cipher_generic_cipher(void *vctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) +{ + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + + if (outsize < inl) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + + if (!ctx->hw->cipher(ctx, out, in, inl)) { + ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); + return 0; + } + + *outl = inl; + return 1; +} + +int cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[]) +{ + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); + if (p != NULL && !OSSL_PARAM_set_int(p, GENERIC_BLOCK_SIZE)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING); + if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); + if (p != NULL + && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, GENERIC_BLOCK_SIZE) + && !OSSL_PARAM_set_octet_string(p, &ctx->iv, GENERIC_BLOCK_SIZE)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM); + if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->num)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); + if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + + return 1; +} + +int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING); + if (p != NULL) { + int pad; + + if (!OSSL_PARAM_get_int(p, &pad)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + ctx->pad = pad ? 1 : 0; + } + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM); + if (p != NULL) { + int num; + + if (!OSSL_PARAM_get_int(p, &num)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + ctx->num = num; + } + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); + if (p != NULL) { + int keylen; + + if (!OSSL_PARAM_get_int(p, &keylen)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + ctx->keylen = keylen; + } + return 1; +} + +void cipher_generic_initkey(void *vctx, int kbits, int blkbits, int mode, + const PROV_CIPHER_HW *hw) +{ + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + + ctx->pad = 1; + ctx->keylen = ((kbits) / 8); + ctx->hw = hw; + ctx->mode = mode; + ctx->blocksize = blkbits/8; +} diff --git a/providers/common/ciphers/cipher_common_hw.c b/providers/common/ciphers/cipher_common_hw.c new file mode 100644 index 0000000000..47e14afbbb --- /dev/null +++ b/providers/common/ciphers/cipher_common_hw.c @@ -0,0 +1,192 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "cipher_locl.h" + +#define MAXCHUNK ((size_t)1 << (sizeof(long) * 8 - 2)) +#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) + +/*- + * The generic cipher functions for cipher modes cbc, ecb, ofb, cfb and ctr. + * Used if there is no special hardware implementations. + */ +int cipher_hw_generic_cbc(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + if (dat->stream.cbc) + (*dat->stream.cbc) (in, out, len, dat->ks, dat->iv, dat->enc); + else if (dat->enc) + CRYPTO_cbc128_encrypt(in, out, len, dat->ks, dat->iv, dat->block); + else + CRYPTO_cbc128_decrypt(in, out, len, dat->ks, dat->iv, dat->block); + + return 1; +} + +int cipher_hw_generic_ecb(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + size_t i, bl = dat->blocksize; + + if (len < bl) + return 1; + + for (i = 0, len -= bl; i <= len; i += bl) + (*dat->block) (in + i, out + i, dat->ks); + + return 1; +} + +int cipher_hw_generic_ofb128(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + int num = dat->num; + + CRYPTO_ofb128_encrypt(in, out, len, dat->ks, dat->iv, &num, dat->block); + dat->num = num; + + return 1; +} + +int cipher_hw_generic_cfb128(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + int num = dat->num; + + CRYPTO_cfb128_encrypt(in, out, len, dat->ks, dat->iv, &num, dat->enc, + dat->block); + dat->num = num; + + return 1; +} + +int cipher_hw_generic_cfb8(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + int num = dat->num; + + CRYPTO_cfb128_8_encrypt(in, out, len, dat->ks, dat->iv, &num, dat->enc, + dat->block); + dat->num = num; + + return 1; +} + +int cipher_hw_generic_cfb1(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + int num = dat->num; + + if ((dat->flags & EVP_CIPH_FLAG_LENGTH_BITS) != 0) { + CRYPTO_cfb128_1_encrypt(in, out, len, dat->ks, dat->iv, &num, + dat->enc, dat->block); + dat->num = num; + return 1; + } + + while (len >= MAXBITCHUNK) { + CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, dat->ks, + dat->iv, &num, dat->enc, dat->block); + len -= MAXBITCHUNK; + out += MAXBITCHUNK; + in += MAXBITCHUNK; + } + if (len) + CRYPTO_cfb128_1_encrypt(in, out, len * 8, dat->ks, dat->iv, &num, + dat->enc, dat->block); + + dat->num = num; + + return 1; +} + +int cipher_hw_generic_ctr(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len) +{ + unsigned int num = dat->num; + + if (dat->stream.ctr) + CRYPTO_ctr128_encrypt_ctr32(in, out, len, dat->ks, dat->iv, dat->buf, + &num, dat->stream.ctr); + else + CRYPTO_ctr128_encrypt(in, out, len, dat->ks, dat->iv, dat->buf, + &num, dat->block); + dat->num = num; + + return 1; +} + +/*- + * The chunked cipher functions for cipher modes cbc, ecb, ofb, cfb and ctr. + * Used if there is no special hardware implementations. + */ + +int cipher_hw_chunked_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + while (inl >= MAXCHUNK) { + cipher_hw_generic_cbc(ctx, out, in, MAXCHUNK); + inl -= MAXCHUNK; + in += MAXCHUNK; + out += MAXCHUNK; + } + if (inl > 0) + cipher_hw_generic_cbc(ctx, out, in, inl); + return 1; +} + +int cipher_hw_chunked_cfb8(PROV_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + size_t chunk = MAXCHUNK; + + if (inl < chunk) + chunk = inl; + while (inl > 0 && inl >= chunk) { + cipher_hw_generic_cfb8(ctx, out, in, inl); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + return 1; +} + +int cipher_hw_chunked_cfb128(PROV_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + size_t chunk = MAXCHUNK; + + if (inl < chunk) + chunk = inl; + while (inl > 0 && inl >= chunk) { + cipher_hw_generic_cfb128(ctx, out, in, inl); + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + return 1; +} + +int cipher_hw_chunked_ofb128(PROV_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + while (inl >= MAXCHUNK) { + cipher_hw_generic_ofb128(ctx, out, in, MAXCHUNK); + inl -= MAXCHUNK; + in += MAXCHUNK; + out += MAXCHUNK; + } + if (inl > 0) + cipher_hw_generic_ofb128(ctx, out, in, inl); + return 1; +} diff --git a/providers/common/ciphers/gcm.c b/providers/common/ciphers/cipher_gcm.c similarity index 79% rename from providers/common/ciphers/gcm.c rename to providers/common/ciphers/cipher_gcm.c index 50f79f6293..40c8845eca 100644 --- a/providers/common/ciphers/gcm.c +++ b/providers/common/ciphers/cipher_gcm.c @@ -7,29 +7,11 @@ * https://www.openssl.org/source/license.html */ -#include -#include -#include -#include +/* Dispatch functions for gcm mode */ + +#include "cipher_locl.h" #include "internal/rand_int.h" -#include "internal/provider_algs.h" #include "internal/provider_ctx.h" -#include "internal/providercommonerr.h" -#include "ciphers_locl.h" - -/* TODO(3.0) Figure out what flags are really needed */ -#define AEAD_GCM_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \ - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY) - -static OSSL_OP_cipher_encrypt_init_fn gcm_einit; -static OSSL_OP_cipher_decrypt_init_fn gcm_dinit; -static OSSL_OP_cipher_get_ctx_params_fn gcm_get_ctx_params; -static OSSL_OP_cipher_set_ctx_params_fn gcm_set_ctx_params; -static OSSL_OP_cipher_cipher_fn gcm_cipher; -static OSSL_OP_cipher_update_fn gcm_stream_update; -static OSSL_OP_cipher_final_fn gcm_stream_final; static int gcm_tls_init(PROV_GCM_CTX *dat, unsigned char *aad, size_t aad_len); static int gcm_tls_iv_set_fixed(PROV_GCM_CTX *ctx, unsigned char *iv, @@ -40,8 +22,8 @@ static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned char *out, size_t *padlen, const unsigned char *in, size_t len); -static void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits, - const PROV_GCM_HW *hw, size_t ivlen_min) +void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits, + const PROV_GCM_HW *hw, size_t ivlen_min) { ctx->pad = 1; ctx->mode = EVP_CIPH_GCM_MODE; @@ -54,7 +36,7 @@ static void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits, ctx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx); } -static void gcm_deinitctx(PROV_GCM_CTX *ctx) +void gcm_deinitctx(PROV_GCM_CTX *ctx) { OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv)); } @@ -86,19 +68,19 @@ static int gcm_init(void *vctx, const unsigned char *key, size_t keylen, return 1; } -static int gcm_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen) +int gcm_einit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) { return gcm_init(vctx, key, keylen, iv, ivlen, 1); } -static int gcm_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen) +int gcm_dinit(void *vctx, const unsigned char *key, size_t keylen, + const unsigned char *iv, size_t ivlen) { return gcm_init(vctx, key, keylen, iv, ivlen, 0); } -static int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) +int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) { PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; OSSL_PARAM *p; @@ -149,7 +131,7 @@ static int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) return 1; } -static int gcm_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +int gcm_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; const OSSL_PARAM *p; @@ -231,9 +213,8 @@ static int gcm_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 1; } -static int gcm_stream_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl) +int gcm_stream_update(void *vctx, unsigned char *out, size_t *outl, + size_t outsize, const unsigned char *in, size_t inl) { PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; @@ -249,8 +230,8 @@ static int gcm_stream_update(void *vctx, unsigned char *out, size_t *outl, return 1; } -static int gcm_stream_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) +int gcm_stream_final(void *vctx, unsigned char *out, size_t *outl, + size_t outsize) { PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; int i; @@ -263,9 +244,9 @@ static int gcm_stream_final(void *vctx, unsigned char *out, size_t *outl, return 1; } -static int gcm_cipher(void *vctx, - unsigned char *out, size_t *outl, size_t outsize, - const unsigned char *in, size_t inl) +int gcm_cipher(void *vctx, + unsigned char *out, size_t *outl, size_t outsize, + const unsigned char *in, size_t inl) { PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; @@ -512,59 +493,3 @@ err: *padlen = plen; return rv; } - -static void *aes_gcm_newctx(void *provctx, size_t keybits) -{ - PROV_AES_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx != NULL) - gcm_initctx(provctx, (PROV_GCM_CTX *)ctx, keybits, - PROV_AES_HW_gcm(keybits), 8); - return ctx; -} - -static OSSL_OP_cipher_freectx_fn aes_gcm_freectx; -static void aes_gcm_freectx(void *vctx) -{ - PROV_AES_GCM_CTX *ctx = (PROV_AES_GCM_CTX *)vctx; - - gcm_deinitctx((PROV_GCM_CTX *)ctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); -} - -/* aes128gcm_functions */ -IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_GCM_FLAGS, 128, 8, 96); -/* aes192gcm_functions */ -IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_GCM_FLAGS, 192, 8, 96); -/* aes256gcm_functions */ -IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_GCM_FLAGS, 256, 8, 96); - -#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) - -static void *aria_gcm_newctx(void *provctx, size_t keybits) -{ - PROV_ARIA_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx != NULL) - gcm_initctx(provctx, (PROV_GCM_CTX *)ctx, keybits, - PROV_ARIA_HW_gcm(keybits), 4); - return ctx; -} - -static OSSL_OP_cipher_freectx_fn aria_gcm_freectx; -static void aria_gcm_freectx(void *vctx) -{ - PROV_ARIA_GCM_CTX *ctx = (PROV_ARIA_GCM_CTX *)vctx; - - gcm_deinitctx((PROV_GCM_CTX *)ctx); - OPENSSL_clear_free(ctx, sizeof(*ctx)); -} - -/* aria128gcm_functions */ -IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_GCM_FLAGS, 128, 8, 96); -/* aria192gcm_functions */ -IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_GCM_FLAGS, 192, 8, 96); -/* aria256gcm_functions */ -IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_GCM_FLAGS, 256, 8, 96); - -#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */ diff --git a/providers/common/ciphers/ciphers_gcm.h b/providers/common/ciphers/cipher_gcm.h similarity index 86% rename from providers/common/ciphers/ciphers_gcm.h rename to providers/common/ciphers/cipher_gcm.h index 8b4698f4d2..59bbeee04a 100644 --- a/providers/common/ciphers/ciphers_gcm.h +++ b/providers/common/ciphers/cipher_gcm.h @@ -16,6 +16,11 @@ typedef struct prov_gcm_hw_st PROV_GCM_HW; #define GCM_IV_MAX_SIZE 64 #define GCM_TAG_MAX_SIZE 16 +/* TODO(3.0) Figure out what flags are really needed */ +#define AEAD_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY) #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) /*- @@ -146,3 +151,15 @@ typedef struct prov_aria_gcm_ctx_st { const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits); #endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */ + +OSSL_OP_cipher_encrypt_init_fn gcm_einit; +OSSL_OP_cipher_decrypt_init_fn gcm_dinit; +OSSL_OP_cipher_get_ctx_params_fn gcm_get_ctx_params; +OSSL_OP_cipher_set_ctx_params_fn gcm_set_ctx_params; +OSSL_OP_cipher_cipher_fn gcm_cipher; +OSSL_OP_cipher_update_fn gcm_stream_update; +OSSL_OP_cipher_final_fn gcm_stream_final; +void gcm_deinitctx(PROV_GCM_CTX *ctx); +void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits, + const PROV_GCM_HW *hw, size_t ivlen_min); + diff --git a/providers/common/ciphers/gcm_hw.c b/providers/common/ciphers/cipher_gcm_hw.c similarity index 69% rename from providers/common/ciphers/gcm_hw.c rename to providers/common/ciphers/cipher_gcm_hw.c index e8c5f66e4c..f9ddc4d8a6 100644 --- a/providers/common/ciphers/gcm_hw.c +++ b/providers/common/ciphers/cipher_gcm_hw.c @@ -7,8 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ciphers_locl.h" -#include "internal/aes_platform.h" +#include "cipher_locl.h" static const PROV_GCM_HW aes_gcm; @@ -30,78 +29,11 @@ static int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, ctx->key_set = 1; #if defined(AESNI_CAPABLE) - -/* AES-NI section */ -static int aesni_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key, - size_t keylen) -{ - PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; - AES_KEY *ks = &actx->ks.ks; - - SET_KEY_CTR_FN(ks, aesni_set_encrypt_key, aesni_encrypt, - aesni_ctr32_encrypt_blocks); - return 1; -} - -static const PROV_GCM_HW aesni_gcm = { - aesni_gcm_init_key, - gcm_setiv, - gcm_aad_update, - gcm_cipher_update, - gcm_cipher_final, - gcm_one_shot -}; - -const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits) -{ - return AESNI_CAPABLE ? &aesni_gcm : &aes_gcm; -} - +# include "cipher_aes_gcm_hw_aesni.inc" #elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) - -/* Fujitsu SPARC64 X support */ - -static int t4_aes_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key, - size_t keylen) -{ - ctr128_f ctr; - PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; - AES_KEY *ks = &actx->ks.ks; - - - switch (keylen) { - case 16: - ctr = (ctr128_f)aes128_t4_ctr32_encrypt; - break; - case 24: - ctr = (ctr128_f)aes192_t4_ctr32_encrypt; - break; - case 32: - ctr = (ctr128_f)aes256_t4_ctr32_encrypt; - break; - default: - return 0; - } - - SET_KEY_CTR_FN(ks, aes_t4_set_encrypt_key, aes_t4_encrypt, ctr); - return 1; -} - -static const PROV_GCM_HW t4_aes_gcm = { - t4_aes_gcm_init_key, - gcm_setiv, - gcm_aad_update, - gcm_cipher_update, - gcm_cipher_final, - gcm_one_shot -}; -const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits) -{ - return SPARC_AES_CAPABLE ? &t4_aes_gcm : &aes_gcm; -} - +# include "cipher_aes_gcm_hw_t4.inc" #elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) -# include "gcm_s390x.c" +# include "cipher_aes_gcm_hw_s390x.inc" #else const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits) { @@ -109,8 +41,8 @@ const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits) } #endif -static int generic_aes_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key, - size_t keylen) +static int generic_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, + size_t keylen) { PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; AES_KEY *ks = &actx->ks.ks; @@ -258,7 +190,7 @@ err: } static const PROV_GCM_HW aes_gcm = { - generic_aes_gcm_init_key, + generic_aes_gcm_initkey, gcm_setiv, gcm_aad_update, gcm_cipher_update, @@ -266,42 +198,4 @@ static const PROV_GCM_HW aes_gcm = { gcm_one_shot }; -#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) - -static int aria_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key, - size_t keylen) -{ - PROV_ARIA_GCM_CTX *actx = (PROV_ARIA_GCM_CTX *)ctx; - ARIA_KEY *ks = &actx->ks.ks; - - SET_KEY_CTR_FN(ks, aria_set_encrypt_key, aria_encrypt, NULL); - return 1; -} - -static int aria_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, - size_t len, unsigned char *out) -{ - if (ctx->enc) { - if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len)) - return 0; - } else { - if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len)) - return 0; - } - return 1; -} - -static const PROV_GCM_HW aria_gcm = { - aria_gcm_init_key, - gcm_setiv, - gcm_aad_update, - aria_cipher_update, - gcm_cipher_final, - gcm_one_shot -}; -const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits) -{ - return &aria_gcm; -} - -#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */ +#include "cipher_aria_gcm_hw.inc" diff --git a/providers/common/ciphers/cipher_locl.h b/providers/common/ciphers/cipher_locl.h new file mode 100644 index 0000000000..9d95a7c482 --- /dev/null +++ b/providers/common/ciphers/cipher_locl.h @@ -0,0 +1,193 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include +#include "internal/cryptlib.h" +#include "internal/modes_int.h" +#include "internal/provider_algs.h" +#include "internal/providercommonerr.h" +#include "internal/ciphermode_platform.h" + +#define GENERIC_BLOCK_SIZE 16 +#define IV_STATE_UNINITIALISED 0 /* initial state is not initialized */ +#define IV_STATE_BUFFERED 1 /* iv has been copied to the iv buffer */ +#define IV_STATE_COPIED 2 /* iv has been copied from the iv buffer */ +#define IV_STATE_FINISHED 3 /* the iv has been used - so don't reuse it */ + +#define PROV_CIPHER_FUNC(type, name, args) typedef type (* OSSL_##name##_fn)args + +typedef struct prov_cipher_hw_st PROV_CIPHER_HW; +typedef struct prov_cipher_ctx_st PROV_CIPHER_CTX; + +typedef int (PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len); + +struct prov_cipher_ctx_st { + block128_f block; + union { + cbc128_f cbc; + ctr128_f ctr; + } stream; + + /* + * num contains the number of bytes of |iv| which are valid for modes that + * manage partial blocks themselves. + */ + size_t num; + + int mode; + int enc; /* Set to 1 for encrypt, or 0 otherwise */ + size_t bufsz; /* Number of bytes in buf */ + size_t keylen; /* key size (in bytes) */ + size_t blocksize; + uint64_t flags; + unsigned int pad : 1; /* Whether padding should be used or not */ + + /* Buffer of partial blocks processed via update calls */ + unsigned char buf[GENERIC_BLOCK_SIZE]; + unsigned char iv[GENERIC_BLOCK_SIZE]; + const PROV_CIPHER_HW *hw; /* hardware specific functions */ + const void *ks; /* Pointer to algorithm specific key data */ +}; + +struct prov_cipher_hw_st { + int (*init)(PROV_CIPHER_CTX *dat, const uint8_t *key, size_t keylen); + PROV_CIPHER_HW_FN *cipher; +}; + +OSSL_OP_cipher_encrypt_init_fn cipher_generic_einit; +OSSL_OP_cipher_decrypt_init_fn cipher_generic_dinit; +OSSL_OP_cipher_update_fn cipher_generic_block_update; +OSSL_OP_cipher_final_fn cipher_generic_block_final; +OSSL_OP_cipher_update_fn cipher_generic_stream_update; +OSSL_OP_cipher_final_fn cipher_generic_stream_final; +OSSL_OP_cipher_cipher_fn cipher_generic_cipher; +OSSL_OP_cipher_get_ctx_params_fn cipher_generic_get_ctx_params; +OSSL_OP_cipher_set_ctx_params_fn cipher_generic_set_ctx_params; +OSSL_OP_cipher_gettable_params_fn cipher_default_gettable_params; +OSSL_OP_cipher_gettable_ctx_params_fn cipher_default_gettable_ctx_params; +OSSL_OP_cipher_settable_ctx_params_fn cipher_default_settable_ctx_params; +OSSL_OP_cipher_gettable_ctx_params_fn cipher_aead_gettable_ctx_params; +OSSL_OP_cipher_settable_ctx_params_fn cipher_aead_settable_ctx_params; +int cipher_default_get_params(OSSL_PARAM params[], int md, unsigned long flags, + int kbits, int blkbits, int ivbits); +void cipher_generic_initkey(void *vctx, int kbits, int blkbits, int mode, + const PROV_CIPHER_HW *ciph); + +size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize, + const unsigned char **in, size_t *inlen); +int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize, + const unsigned char **in, size_t *inlen); +void padblock(unsigned char *buf, size_t *buflen, size_t blocksize); +int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize); + +#include "cipher_aes.h" +#include "cipher_aria.h" +#include "cipher_camellia.h" +#include "cipher_gcm.h" +#include "cipher_ccm.h" + +#define IMPLEMENT_generic_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ + blkbits, ivbits, typ) \ +static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ +static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ +{ \ + return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \ + kbits, blkbits, ivbits); \ +} \ +static OSSL_OP_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ +static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \ +{ \ + PROV_##UCALG##_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + if (ctx != NULL) { \ + cipher_generic_initkey(ctx, kbits, blkbits, EVP_CIPH_##UCMODE##_MODE, \ + PROV_CIPHER_HW_##alg##_##lcmode(kbits)); \ + } \ + return ctx; \ +} \ +const OSSL_DISPATCH alg##kbits##lcmode##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, \ + (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))cipher_generic_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))cipher_generic_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))cipher_generic_##typ##_update },\ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))cipher_generic_##typ##_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))cipher_generic_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void)) alg##_##kbits##_##lcmode##_get_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void))cipher_generic_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void))cipher_generic_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))cipher_default_gettable_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))cipher_default_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))cipher_default_settable_ctx_params }, \ + { 0, NULL } \ +}; + +#define IMPLEMENT_aead_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \ +static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \ +static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \ +{ \ + return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ + flags, kbits, blkbits, ivbits); \ +} \ +static OSSL_OP_cipher_newctx_fn alg##kbits##lc##_newctx; \ +static void * alg##kbits##lc##_newctx(void *provctx) \ +{ \ + return alg##_##lc##_newctx(provctx, kbits); \ +} \ +const OSSL_DISPATCH alg##kbits##lc##_functions[] = { \ + { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))alg##kbits##lc##_newctx }, \ + { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_##lc##_freectx }, \ + { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) lc##_einit }, \ + { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) lc##_dinit }, \ + { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void)) lc##_stream_update }, \ + { OSSL_FUNC_CIPHER_FINAL, (void (*)(void)) lc##_stream_final }, \ + { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void)) lc##_cipher }, \ + { OSSL_FUNC_CIPHER_GET_PARAMS, \ + (void (*)(void)) alg##_##kbits##_##lc##_get_params }, \ + { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ + (void (*)(void)) lc##_get_ctx_params }, \ + { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ + (void (*)(void)) lc##_set_ctx_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ + (void (*)(void))cipher_default_gettable_params }, \ + { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ + (void (*)(void))cipher_aead_gettable_ctx_params }, \ + { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))cipher_aead_settable_ctx_params }, \ + { 0, NULL } \ +} + +PROV_CIPHER_HW_FN cipher_hw_generic_cbc; +PROV_CIPHER_HW_FN cipher_hw_generic_ecb; +PROV_CIPHER_HW_FN cipher_hw_generic_ofb128; +PROV_CIPHER_HW_FN cipher_hw_generic_cfb128; +PROV_CIPHER_HW_FN cipher_hw_generic_cfb8; +PROV_CIPHER_HW_FN cipher_hw_generic_cfb1; +PROV_CIPHER_HW_FN cipher_hw_generic_ctr; +PROV_CIPHER_HW_FN cipher_hw_chunked_cbc; +PROV_CIPHER_HW_FN cipher_hw_chunked_cfb8; +PROV_CIPHER_HW_FN cipher_hw_chunked_cfb128; +PROV_CIPHER_HW_FN cipher_hw_chunked_ofb128; +#define cipher_hw_chunked_ecb cipher_hw_generic_ecb +#define cipher_hw_chunked_ctr cipher_hw_generic_ctr +#define cipher_hw_chunked_cfb1 cipher_hw_generic_cfb1 diff --git a/providers/common/ciphers/ciphers_common.c b/providers/common/ciphers/ciphers_common.c deleted file mode 100644 index 1423092c87..0000000000 --- a/providers/common/ciphers/ciphers_common.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "ciphers_locl.h" -#include "internal/provider_algs.h" -#include "internal/providercommonerr.h" - -/*- - * Default cipher functions for OSSL_PARAM gettables and settables - */ -static const OSSL_PARAM cipher_known_gettable_params[] = { - OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL), - OSSL_PARAM_END -}; -const OSSL_PARAM *cipher_default_gettable_params(void) -{ - return cipher_known_gettable_params; -} - -int cipher_default_get_params(OSSL_PARAM params[], int md, unsigned long flags, - int kbits, int blkbits, int ivbits) -{ - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); - if (p != NULL && !OSSL_PARAM_set_int(p, md)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS); - if (p != NULL && !OSSL_PARAM_set_ulong(p, flags)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, kbits / 8)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE); - if (p != NULL && !OSSL_PARAM_set_int(p, blkbits / 8)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, ivbits / 8)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - return 1; -} - -static const OSSL_PARAM cipher_known_gettable_ctx_params[] = { - OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL), - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_NUM, NULL), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), - OSSL_PARAM_END -}; -const OSSL_PARAM *cipher_default_gettable_ctx_params(void) -{ - return cipher_known_gettable_ctx_params; -} - -static const OSSL_PARAM cipher_known_settable_ctx_params[] = { - OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_NUM, NULL), - OSSL_PARAM_END -}; -const OSSL_PARAM *cipher_default_settable_ctx_params(void) -{ - return cipher_known_settable_ctx_params; -} - -/*- - * AEAD cipher functions for OSSL_PARAM gettables and settables - */ -static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = { - OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), - OSSL_PARAM_END -}; -const OSSL_PARAM *cipher_aead_gettable_ctx_params(void) -{ - return cipher_aead_known_gettable_ctx_params; -} - -static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = { - OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0), - OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0), - OSSL_PARAM_END -}; -const OSSL_PARAM *cipher_aead_settable_ctx_params(void) -{ - return cipher_aead_known_settable_ctx_params; -} diff --git a/providers/common/ciphers/ciphers_locl.h b/providers/common/ciphers/ciphers_locl.h deleted file mode 100644 index 13a2952326..0000000000 --- a/providers/common/ciphers/ciphers_locl.h +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/modes_int.h" - -#define IV_STATE_UNINITIALISED 0 /* initial state is not initialized */ -#define IV_STATE_BUFFERED 1 /* iv has been copied to the iv buffer */ -#define IV_STATE_COPIED 2 /* iv has been copied from the iv buffer */ -#define IV_STATE_FINISHED 3 /* the iv has been used - so don't reuse it */ - -#define PROV_CIPHER_FUNC(type, name, args) typedef type (* OSSL_##name##_fn)args - -typedef struct prov_aes_cipher_st PROV_AES_CIPHER; - -typedef struct prov_aes_key_st { - union { - OSSL_UNION_ALIGN; - AES_KEY ks; - } ks; - block128_f block; - union { - cbc128_f cbc; - ctr128_f ctr; - } stream; - - /* Platform specific data */ - union { - int dummy; -#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) - struct { - union { - OSSL_UNION_ALIGN; - /*- - * KM-AES parameter block - begin - * (see z/Architecture Principles of Operation >= SA22-7832-06) - */ - struct { - unsigned char k[32]; - } km; - /* KM-AES parameter block - end */ - /*- - * KMO-AES/KMF-AES parameter block - begin - * (see z/Architecture Principles of Operation >= SA22-7832-08) - */ - struct { - unsigned char cv[16]; - unsigned char k[32]; - } kmo_kmf; - /* KMO-AES/KMF-AES parameter block - end */ - } param; - unsigned int fc; - int res; - } s390x; -#endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */ - } plat; - - /* The cipher functions we are going to use */ - const PROV_AES_CIPHER *ciph; - - /* The mode that we are using */ - int mode; - - /* Set to 1 if we are encrypting or 0 otherwise */ - int enc; - - unsigned char iv[AES_BLOCK_SIZE]; - - /* - * num contains the number of bytes of |iv| which are valid for modes that - * manage partial blocks themselves. - */ - size_t num; - - /* Buffer of partial blocks processed via update calls */ - unsigned char buf[AES_BLOCK_SIZE]; - - /* Number of bytes in buf */ - size_t bufsz; - - uint64_t flags; - - size_t keylen; - - /* Whether padding should be used or not */ - unsigned int pad : 1; -} PROV_AES_KEY; - -struct prov_aes_cipher_st { - int (*init)(PROV_AES_KEY *dat, const uint8_t *key, size_t keylen); - int (*cipher)(PROV_AES_KEY *dat, uint8_t *out, const uint8_t *in, - size_t inl); -}; - -#include "ciphers_gcm.h" -#include "ciphers_ccm.h" - -const PROV_AES_CIPHER *PROV_AES_CIPHER_ecb(size_t keylen); -const PROV_AES_CIPHER *PROV_AES_CIPHER_cbc(size_t keylen); -const PROV_AES_CIPHER *PROV_AES_CIPHER_ofb(size_t keylen); -const PROV_AES_CIPHER *PROV_AES_CIPHER_cfb(size_t keylen); -const PROV_AES_CIPHER *PROV_AES_CIPHER_cfb1(size_t keylen); -const PROV_AES_CIPHER *PROV_AES_CIPHER_cfb8(size_t keylen); -const PROV_AES_CIPHER *PROV_AES_CIPHER_ctr(size_t keylen); - -size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize, - const unsigned char **in, size_t *inlen); -int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize, - const unsigned char **in, size_t *inlen); -void padblock(unsigned char *buf, size_t *buflen, size_t blocksize); -int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize); - -OSSL_OP_cipher_gettable_params_fn cipher_default_gettable_params; -OSSL_OP_cipher_gettable_ctx_params_fn cipher_default_gettable_ctx_params; -OSSL_OP_cipher_settable_ctx_params_fn cipher_default_settable_ctx_params; -OSSL_OP_cipher_gettable_ctx_params_fn cipher_aead_gettable_ctx_params; -OSSL_OP_cipher_settable_ctx_params_fn cipher_aead_settable_ctx_params; - -int cipher_default_get_params(OSSL_PARAM params[], int md, unsigned long flags, - int kbits, int blkbits, int ivbits); - -#define IMPLEMENT_aead_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \ - static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \ - static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \ - { \ - return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ - } \ - static OSSL_OP_cipher_newctx_fn alg##kbits##lc##_newctx; \ - static void * alg##kbits##lc##_newctx(void *provctx) \ - { \ - return alg##_##lc##_newctx(provctx, kbits); \ - } \ - const OSSL_DISPATCH alg##kbits##lc##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))alg##kbits##lc##_newctx }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_##lc##_freectx }, \ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) lc##_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) lc##_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void)) lc##_stream_update }, \ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void)) lc##_stream_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void)) lc##_cipher }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void)) alg##_##kbits##_##lc##_get_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void)) lc##_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void)) lc##_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))cipher_default_gettable_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))cipher_aead_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))cipher_aead_settable_ctx_params }, \ - { 0, NULL } \ - } diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index c32fa3b82d..cfa88dff42 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -69,7 +69,51 @@ extern const OSSL_DISPATCH aria128gcm_functions[]; extern const OSSL_DISPATCH aria256ccm_functions[]; extern const OSSL_DISPATCH aria192ccm_functions[]; extern const OSSL_DISPATCH aria128ccm_functions[]; +extern const OSSL_DISPATCH aria256ecb_functions[]; +extern const OSSL_DISPATCH aria192ecb_functions[]; +extern const OSSL_DISPATCH aria128ecb_functions[]; +extern const OSSL_DISPATCH aria256cbc_functions[]; +extern const OSSL_DISPATCH aria192cbc_functions[]; +extern const OSSL_DISPATCH aria128cbc_functions[]; +extern const OSSL_DISPATCH aria256ofb_functions[]; +extern const OSSL_DISPATCH aria192ofb_functions[]; +extern const OSSL_DISPATCH aria128ofb_functions[]; +extern const OSSL_DISPATCH aria256cfb_functions[]; +extern const OSSL_DISPATCH aria192cfb_functions[]; +extern const OSSL_DISPATCH aria128cfb_functions[]; +extern const OSSL_DISPATCH aria256cfb1_functions[]; +extern const OSSL_DISPATCH aria192cfb1_functions[]; +extern const OSSL_DISPATCH aria128cfb1_functions[]; +extern const OSSL_DISPATCH aria256cfb8_functions[]; +extern const OSSL_DISPATCH aria192cfb8_functions[]; +extern const OSSL_DISPATCH aria128cfb8_functions[]; +extern const OSSL_DISPATCH aria256ctr_functions[]; +extern const OSSL_DISPATCH aria192ctr_functions[]; +extern const OSSL_DISPATCH aria128ctr_functions[]; #endif /* OPENSSL_NO_ARIA */ +#ifndef OPENSSL_NO_CAMELLIA +extern const OSSL_DISPATCH camellia256ecb_functions[]; +extern const OSSL_DISPATCH camellia192ecb_functions[]; +extern const OSSL_DISPATCH camellia128ecb_functions[]; +extern const OSSL_DISPATCH camellia256cbc_functions[]; +extern const OSSL_DISPATCH camellia192cbc_functions[]; +extern const OSSL_DISPATCH camellia128cbc_functions[]; +extern const OSSL_DISPATCH camellia256ofb_functions[]; +extern const OSSL_DISPATCH camellia192ofb_functions[]; +extern const OSSL_DISPATCH camellia128ofb_functions[]; +extern const OSSL_DISPATCH camellia256cfb_functions[]; +extern const OSSL_DISPATCH camellia192cfb_functions[]; +extern const OSSL_DISPATCH camellia128cfb_functions[]; +extern const OSSL_DISPATCH camellia256cfb1_functions[]; +extern const OSSL_DISPATCH camellia192cfb1_functions[]; +extern const OSSL_DISPATCH camellia128cfb1_functions[]; +extern const OSSL_DISPATCH camellia256cfb8_functions[]; +extern const OSSL_DISPATCH camellia192cfb8_functions[]; +extern const OSSL_DISPATCH camellia128cfb8_functions[]; +extern const OSSL_DISPATCH camellia256ctr_functions[]; +extern const OSSL_DISPATCH camellia192ctr_functions[]; +extern const OSSL_DISPATCH camellia128ctr_functions[]; +#endif /* OPENSSL_NO_CAMELLIA */ /* MACs */ extern const OSSL_DISPATCH blake2bmac_functions[]; diff --git a/providers/common/include/internal/providercommonerr.h b/providers/common/include/internal/providercommonerr.h index bf8f451d32..da5644b50d 100644 --- a/providers/common/include/internal/providercommonerr.h +++ b/providers/common/include/internal/providercommonerr.h @@ -41,7 +41,7 @@ int ERR_load_PROV_strings(void); # define PROV_F_GMAC_SET_PARAMS 0 # define PROV_F_KMAC_SET_PARAMS 0 # define PROV_F_POLY1305_SET_PARAMS 0 -# define PROV_F_PROV_AES_KEY_GENERIC_INIT 0 +# define PROV_F_PROV_AES_CTX_GENERIC_INIT 0 # define PROV_F_TRAILINGDATA 0 # define PROV_F_UNPADBLOCK 0 # endif diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index a20e7ddb9b..5664fbe3b2 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -128,7 +128,51 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { { "ARIA-256-CCM", "default=yes", aria256ccm_functions }, { "ARIA-192-CCM", "default=yes", aria192ccm_functions }, { "ARIA-128-CCM", "default=yes", aria128ccm_functions }, + { "ARIA-256-ECB", "default=yes", aria256ecb_functions }, + { "ARIA-192-ECB", "default=yes", aria192ecb_functions }, + { "ARIA-128-ECB", "default=yes", aria128ecb_functions }, + { "ARIA-256-CBC", "default=yes", aria256cbc_functions }, + { "ARIA-192-CBC", "default=yes", aria192cbc_functions }, + { "ARIA-128-CBC", "default=yes", aria128cbc_functions }, + { "ARIA-256-OFB", "default=yes", aria256ofb_functions }, + { "ARIA-192-OFB", "default=yes", aria192ofb_functions }, + { "ARIA-128-OFB", "default=yes", aria128ofb_functions }, + { "ARIA-256-CFB", "default=yes", aria256cfb_functions }, + { "ARIA-192-CFB", "default=yes", aria192cfb_functions }, + { "ARIA-128-CFB", "default=yes", aria128cfb_functions }, + { "ARIA-256-CFB1", "default=yes", aria256cfb1_functions }, + { "ARIA-192-CFB1", "default=yes", aria192cfb1_functions }, + { "ARIA-128-CFB1", "default=yes", aria128cfb1_functions }, + { "ARIA-256-CFB8", "default=yes", aria256cfb8_functions }, + { "ARIA-192-CFB8", "default=yes", aria192cfb8_functions }, + { "ARIA-128-CFB8", "default=yes", aria128cfb8_functions }, + { "ARIA-256-CTR", "default=yes", aria256ctr_functions }, + { "ARIA-192-CTR", "default=yes", aria192ctr_functions }, + { "ARIA-128-CTR", "default=yes", aria128ctr_functions }, #endif /* OPENSSL_NO_ARIA */ +#ifndef OPENSSL_NO_CAMELLIA + { "CAMELLIA-256-ECB", "default=yes", camellia256ecb_functions }, + { "CAMELLIA-192-ECB", "default=yes", camellia192ecb_functions }, + { "CAMELLIA-128-ECB", "default=yes", camellia128ecb_functions }, + { "CAMELLIA-256-CBC", "default=yes", camellia256cbc_functions }, + { "CAMELLIA-192-CBC", "default=yes", camellia192cbc_functions }, + { "CAMELLIA-128-CBC", "default=yes", camellia128cbc_functions }, + { "CAMELLIA-256-OFB", "default=yes", camellia256ofb_functions }, + { "CAMELLIA-192-OFB", "default=yes", camellia192ofb_functions }, + { "CAMELLIA-128-OFB", "default=yes", camellia128ofb_functions }, + { "CAMELLIA-256-CFB", "default=yes", camellia256cfb_functions }, + { "CAMELLIA-192-CFB", "default=yes", camellia192cfb_functions }, + { "CAMELLIA-128-CFB", "default=yes", camellia128cfb_functions }, + { "CAMELLIA-256-CFB1", "default=yes", camellia256cfb1_functions }, + { "CAMELLIA-192-CFB1", "default=yes", camellia192cfb1_functions }, + { "CAMELLIA-128-CFB1", "default=yes", camellia128cfb1_functions }, + { "CAMELLIA-256-CFB8", "default=yes", camellia256cfb8_functions }, + { "CAMELLIA-192-CFB8", "default=yes", camellia192cfb8_functions }, + { "CAMELLIA-128-CFB8", "default=yes", camellia128cfb8_functions }, + { "CAMELLIA-256-CTR", "default=yes", camellia256ctr_functions }, + { "CAMELLIA-192-CTR", "default=yes", camellia192ctr_functions }, + { "CAMELLIA-128-CTR", "default=yes", camellia128ctr_functions }, +#endif /* OPENSSL_NO_CAMELLIA */ { NULL, NULL, NULL } }; diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt index 4bff1c2dbf..bd2778e398 100644 --- a/test/recipes/30-test_evp_data/evpciph.txt +++ b/test/recipes/30-test_evp_data/evpciph.txt @@ -1550,34 +1550,40 @@ Title = Camellia tests from RFC3713 # For all ECB encrypts and decrypts, the transformed sequence is # CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec Cipher = CAMELLIA-128-ECB +Availablein = default Key = 0123456789abcdeffedcba9876543210 Plaintext = 0123456789abcdeffedcba9876543210 Ciphertext = 67673138549669730857065648eabe43 Cipher = CAMELLIA-192-ECB +Availablein = default Key = 0123456789abcdeffedcba98765432100011223344556677 Plaintext = 0123456789abcdeffedcba9876543210 Ciphertext = b4993401b3e996f84ee5cee7d79b09b9 Cipher = CAMELLIA-256-ECB +Availablein = default Key = 0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff Plaintext = 0123456789abcdeffedcba9876543210 Ciphertext = 9acc237dff16d76c20ef7c919e3a7509 # ECB-CAMELLIA128.Encrypt Cipher = CAMELLIA-128-ECB +Availablein = default Key = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT Plaintext = 00112233445566778899AABBCCDDEEFF Ciphertext = 77CF412067AF8270613529149919546F Cipher = CAMELLIA-192-ECB +Availablein = default Key = 000102030405060708090A0B0C0D0E0F1011121314151617 Operation = ENCRYPT Plaintext = 00112233445566778899AABBCCDDEEFF Ciphertext = B22F3C36B72D31329EEE8ADDC2906C68 Cipher = CAMELLIA-256-ECB +Availablein = default Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F Operation = ENCRYPT Plaintext = 00112233445566778899AABBCCDDEEFF @@ -1586,21 +1592,25 @@ Ciphertext = 2EDF1F3418D53B88841FC8985FB1ECF2 # ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt Cipher = CAMELLIA-128-ECB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = 432FC5DCD628115B7C388D770B270C96 Cipher = CAMELLIA-128-ECB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 0BE1F14023782A22E8384C5ABB7FAB2B Cipher = CAMELLIA-128-ECB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = A0A1ABCD1893AB6FE0FE5B65DF5F8636 Cipher = CAMELLIA-128-ECB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 Ciphertext = E61925E0D5DFAA9BB29F815B3076E51A @@ -1608,21 +1618,25 @@ Ciphertext = E61925E0D5DFAA9BB29F815B3076E51A # ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt Cipher = CAMELLIA-192-ECB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = CCCC6C4E138B45848514D48D0D3439D3 Cipher = CAMELLIA-192-ECB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 5713C62C14B2EC0F8393B6AFD6F5785A Cipher = CAMELLIA-192-ECB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = B40ED2B60EB54D09D030CF511FEEF366 Cipher = CAMELLIA-192-ECB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 Ciphertext = 909DBD95799096748CB27357E73E1D26 @@ -1630,21 +1644,25 @@ Ciphertext = 909DBD95799096748CB27357E73E1D26 # ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt Cipher = CAMELLIA-256-ECB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = BEFD219B112FA00098919CD101C9CCFA Cipher = CAMELLIA-256-ECB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = C91D3A8F1AEA08A9386CF4B66C0169EA Cipher = CAMELLIA-256-ECB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = A623D711DC5F25A51BB8A80D56397D28 Cipher = CAMELLIA-256-ECB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 Ciphertext = 7960109FB6DC42947FCFE59EA3C5EB6B @@ -1654,24 +1672,28 @@ Ciphertext = 7960109FB6DC42947FCFE59EA3C5EB6B # CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec # CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt Cipher = CAMELLIA-128-CBC +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 000102030405060708090A0B0C0D0E0F Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = 1607CF494B36BBF00DAEB0B503C831AB Cipher = CAMELLIA-128-CBC +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 1607CF494B36BBF00DAEB0B503C831AB Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = A2F2CF671629EF7840C5A5DFB5074887 Cipher = CAMELLIA-128-CBC +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = A2F2CF671629EF7840C5A5DFB5074887 Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 0F06165008CF8B8B5A63586362543E54 Cipher = CAMELLIA-128-CBC +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 36A84CDAFD5F9A85ADA0F0A993D6D577 Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 @@ -1680,24 +1702,28 @@ Ciphertext = 74C64268CDB8B8FAF5B34E8AF3732980 # CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt Cipher = CAMELLIA-192-CBC +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 000102030405060708090A0B0C0D0E0F Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = 2A4830AB5AC4A1A2405955FD2195CF93 Cipher = CAMELLIA-192-CBC +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 2A4830AB5AC4A1A2405955FD2195CF93 Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 5D5A869BD14CE54264F892A6DD2EC3D5 Cipher = CAMELLIA-192-CBC +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 5D5A869BD14CE54264F892A6DD2EC3D5 Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 37D359C3349836D884E310ADDF68C449 Cipher = CAMELLIA-192-CBC +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 37D359C3349836D884E310ADDF68C449 Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 @@ -1706,24 +1732,28 @@ Ciphertext = 01FAAA930B4AB9916E9668E1428C6B08 # CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt Cipher = CAMELLIA-256-CBC +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 000102030405060708090A0B0C0D0E0F Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = E6CFA35FC02B134A4D2C0B6737AC3EDA Cipher = CAMELLIA-256-CBC +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = E6CFA35FC02B134A4D2C0B6737AC3EDA Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 36CBEB73BD504B4070B1B7DE2B21EB50 Cipher = CAMELLIA-256-CBC +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 36CBEB73BD504B4070B1B7DE2B21EB50 Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = E31A6055297D96CA3330CDF1B1860A83 Cipher = CAMELLIA-256-CBC +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = E31A6055297D96CA3330CDF1B1860A83 Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 @@ -1735,6 +1765,7 @@ Ciphertext = 5D563F6D1CCCF236051C0C5C1C58F28F # CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec # CFB128-CAMELLIA128.Encrypt Cipher = CAMELLIA-128-CFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -1742,6 +1773,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = 14F7646187817EB586599146B82BD719 Cipher = CAMELLIA-128-CFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 14F7646187817EB586599146B82BD719 Operation = ENCRYPT @@ -1749,6 +1781,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = A53D28BB82DF741103EA4F921A44880B Cipher = CAMELLIA-128-CFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = A53D28BB82DF741103EA4F921A44880B Operation = ENCRYPT @@ -1756,6 +1789,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96 Cipher = CAMELLIA-128-CFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 9C2157A664626D1DEF9EA420FDE69B96 Operation = ENCRYPT @@ -1765,6 +1799,7 @@ Ciphertext = 742A25F0542340C7BAEF24CA8482BB09 # CFB128-CAMELLIA128.Decrypt Cipher = CAMELLIA-128-CFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT @@ -1772,6 +1807,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = 14F7646187817EB586599146B82BD719 Cipher = CAMELLIA-128-CFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 14F7646187817EB586599146B82BD719 Operation = DECRYPT @@ -1779,6 +1815,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = A53D28BB82DF741103EA4F921A44880B Cipher = CAMELLIA-128-CFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = A53D28BB82DF741103EA4F921A44880B Operation = DECRYPT @@ -1786,6 +1823,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96 Cipher = CAMELLIA-128-CFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 9C2157A664626D1DEF9EA420FDE69B96 Operation = DECRYPT @@ -1795,6 +1833,7 @@ Ciphertext = 742A25F0542340C7BAEF24CA8482BB09 # CFB128-CAMELLIA192.Encrypt Cipher = CAMELLIA-192-CFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -1802,6 +1841,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = C832BB9780677DAA82D9B6860DCD565E Cipher = CAMELLIA-192-CFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = C832BB9780677DAA82D9B6860DCD565E Operation = ENCRYPT @@ -1809,6 +1849,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 86F8491627906D780C7A6D46EA331F98 Cipher = CAMELLIA-192-CFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 86F8491627906D780C7A6D46EA331F98 Operation = ENCRYPT @@ -1816,6 +1857,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 69511CCE594CF710CB98BB63D7221F01 Cipher = CAMELLIA-192-CFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 69511CCE594CF710CB98BB63D7221F01 Operation = ENCRYPT @@ -1825,6 +1867,7 @@ Ciphertext = D5B5378A3ABED55803F25565D8907B84 # CFB128-CAMELLIA192.Decrypt Cipher = CAMELLIA-192-CFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT @@ -1832,6 +1875,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = C832BB9780677DAA82D9B6860DCD565E Cipher = CAMELLIA-192-CFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = C832BB9780677DAA82D9B6860DCD565E Operation = DECRYPT @@ -1839,6 +1883,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 86F8491627906D780C7A6D46EA331F98 Cipher = CAMELLIA-192-CFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 86F8491627906D780C7A6D46EA331F98 Operation = DECRYPT @@ -1846,6 +1891,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 69511CCE594CF710CB98BB63D7221F01 Cipher = CAMELLIA-192-CFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 69511CCE594CF710CB98BB63D7221F01 Operation = DECRYPT @@ -1855,6 +1901,7 @@ Ciphertext = D5B5378A3ABED55803F25565D8907B84 # CFB128-CAMELLIA256.Encrypt Cipher = CAMELLIA-256-CFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -1862,6 +1909,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 Cipher = CAMELLIA-256-CFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93 Operation = ENCRYPT @@ -1869,6 +1917,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B Cipher = CAMELLIA-256-CFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B Operation = ENCRYPT @@ -1876,6 +1925,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4 Cipher = CAMELLIA-256-CFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 555FC3F34BDD2D54C62D9E3BF338C1C4 Operation = ENCRYPT @@ -1885,6 +1935,7 @@ Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA # CFB128-CAMELLIA256.Decrypt Cipher = CAMELLIA-256-CFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT @@ -1892,6 +1943,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 Cipher = CAMELLIA-256-CFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93 Operation = DECRYPT @@ -1899,6 +1951,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B Cipher = CAMELLIA-256-CFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B Operation = DECRYPT @@ -1906,6 +1959,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4 Cipher = CAMELLIA-256-CFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 555FC3F34BDD2D54C62D9E3BF338C1C4 Operation = DECRYPT @@ -1917,6 +1971,7 @@ Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA # CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec # OFB-CAMELLIA128.Encrypt Cipher = CAMELLIA-128-OFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -1924,6 +1979,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = 14F7646187817EB586599146B82BD719 Cipher = CAMELLIA-128-OFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 50FE67CC996D32B6DA0937E99BAFEC60 Operation = ENCRYPT @@ -1931,6 +1987,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 25623DB569CA51E01482649977E28D84 Cipher = CAMELLIA-128-OFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = D9A4DADA0892239F6B8B3D7680E15674 Operation = ENCRYPT @@ -1938,6 +1995,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = C776634A60729DC657D12B9FCA801E98 Cipher = CAMELLIA-128-OFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = A78819583F0308E7A6BF36B1386ABF23 Operation = ENCRYPT @@ -1947,6 +2005,7 @@ Ciphertext = D776379BE0E50825E681DA1A4C980E8E # OFB-CAMELLIA128.Decrypt Cipher = CAMELLIA-128-OFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT @@ -1954,6 +2013,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = 14F7646187817EB586599146B82BD719 Cipher = CAMELLIA-128-OFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 50FE67CC996D32B6DA0937E99BAFEC60 Operation = DECRYPT @@ -1961,6 +2021,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 25623DB569CA51E01482649977E28D84 Cipher = CAMELLIA-128-OFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = D9A4DADA0892239F6B8B3D7680E15674 Operation = DECRYPT @@ -1968,6 +2029,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = C776634A60729DC657D12B9FCA801E98 Cipher = CAMELLIA-128-OFB +Availablein = default Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = A78819583F0308E7A6BF36B1386ABF23 Operation = DECRYPT @@ -1977,6 +2039,7 @@ Ciphertext = D776379BE0E50825E681DA1A4C980E8E # OFB-CAMELLIA192.Encrypt Cipher = CAMELLIA-192-OFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -1984,6 +2047,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = C832BB9780677DAA82D9B6860DCD565E Cipher = CAMELLIA-192-OFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = A609B38DF3B1133DDDFF2718BA09565E Operation = ENCRYPT @@ -1991,6 +2055,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339 Cipher = CAMELLIA-192-OFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 52EF01DA52602FE0975F78AC84BF8A50 Operation = ENCRYPT @@ -1998,6 +2063,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = BDD62DBBB9700846C53B507F544696F0 Cipher = CAMELLIA-192-OFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = BD5286AC63AABD7EB067AC54B553F71D Operation = ENCRYPT @@ -2007,6 +2073,7 @@ Ciphertext = E28014E046B802F385C4C2E13EAD4A72 # OFB-CAMELLIA192.Decrypt Cipher = CAMELLIA-192-OFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT @@ -2014,6 +2081,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = C832BB9780677DAA82D9B6860DCD565E Cipher = CAMELLIA-192-OFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = A609B38DF3B1133DDDFF2718BA09565E Operation = DECRYPT @@ -2021,6 +2089,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339 Cipher = CAMELLIA-192-OFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = 52EF01DA52602FE0975F78AC84BF8A50 Operation = DECRYPT @@ -2028,6 +2097,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = BDD62DBBB9700846C53B507F544696F0 Cipher = CAMELLIA-192-OFB +Availablein = default Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B IV = BD5286AC63AABD7EB067AC54B553F71D Operation = DECRYPT @@ -2037,6 +2107,7 @@ Ciphertext = E28014E046B802F385C4C2E13EAD4A72 # OFB-CAMELLIA256.Encrypt Cipher = CAMELLIA-256-OFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT @@ -2044,6 +2115,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 Cipher = CAMELLIA-256-OFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A Operation = ENCRYPT @@ -2051,6 +2123,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 127AD97E8E3994E4820027D7BA109368 Cipher = CAMELLIA-256-OFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = E1C656305ED1A7A6563805746FE03EDC Operation = ENCRYPT @@ -2058,6 +2131,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E Cipher = CAMELLIA-256-OFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 41635BE625B48AFC1666DD42A09D96E7 Operation = ENCRYPT @@ -2067,6 +2141,7 @@ Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20 # OFB-CAMELLIA256.Decrypt Cipher = CAMELLIA-256-OFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT @@ -2074,6 +2149,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 Cipher = CAMELLIA-256-OFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A Operation = DECRYPT @@ -2081,6 +2157,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 Ciphertext = 127AD97E8E3994E4820027D7BA109368 Cipher = CAMELLIA-256-OFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = E1C656305ED1A7A6563805746FE03EDC Operation = DECRYPT @@ -2088,6 +2165,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E Cipher = CAMELLIA-256-OFB +Availablein = default Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 IV = 41635BE625B48AFC1666DD42A09D96E7 Operation = DECRYPT @@ -2097,6 +2175,7 @@ Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20 # Camellia test vectors from RFC5528 Cipher = CAMELLIA-128-CTR +Availablein = default Key = AE6852F8121067CC4BF7A5765577F39E IV = 00000030000000000000000000000001 Operation = ENCRYPT @@ -2104,6 +2183,7 @@ Plaintext = 53696E676C6520626C6F636B206D7367 Ciphertext = D09DC29A8214619A20877C76DB1F0B3F Cipher = CAMELLIA-128-CTR +Availablein = default Key = 7E24067817FAE0D743D6CE1F32539163 IV = 006CB6DBC0543B59DA48D90B00000001 Operation = ENCRYPT @@ -2111,6 +2191,7 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F Ciphertext = DBF3C78DC08396D4DA7C907765BBCB442B8E8E0F31F0DCA72C7417E35360E048 Cipher = CAMELLIA-128-CTR +Availablein = default Key = 7691BE035E5020A8AC6E618529F9A0DC IV = 00E0017B27777F3F4A1786F000000001 Operation = ENCRYPT @@ -2118,6 +2199,7 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021 Ciphertext = B19D1FCDCB75EB882F849CE24D85CF739CE64B2B5C9D73F14F2D5D9DCE9889CDDF508696 Cipher = CAMELLIA-192-CTR +Availablein = default Key = 16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515 IV = 0000004836733C147D6D93CB00000001 Operation = ENCRYPT @@ -2125,6 +2207,7 @@ Plaintext = 53696E676C6520626C6F636B206D7367 Ciphertext = 2379399E8A8D2B2B16702FC78B9E9696 Cipher = CAMELLIA-192-CTR +Availablein = default Key = 7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A IV = 0096B03B020C6EADC2CB500D00000001 Operation = ENCRYPT @@ -2132,6 +2215,7 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F Ciphertext = 7DEF34F7A5D0E415674B7FFCAE67C75DD018B86FF23051E056392A99F35A4CED Cipher = CAMELLIA-192-CTR +Availablein = default Key = 02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE IV = 0007BDFD5CBD60278DCC091200000001 Operation = ENCRYPT @@ -2139,6 +2223,7 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021 Ciphertext = 5710E556E1487A20B5AC0E73F19E4E7876F37FDC91B1EF4D4DADE8E666A64D0ED557AB57 Cipher = CAMELLIA-256-CTR +Availablein = default Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104 IV = 00000060DB5672C97AA8F0B200000001 Operation = ENCRYPT @@ -2146,6 +2231,7 @@ Plaintext = 53696E676C6520626C6F636B206D7367 Ciphertext = 3401F9C8247EFFCEBD6994714C1BBB11 Cipher = CAMELLIA-256-CTR +Availablein = default Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884 IV = 00FAAC24C1585EF15A43D87500000001 Operation = ENCRYPT @@ -2153,6 +2239,7 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F Ciphertext = D6C30392246F7808A83C2B22A8839E45E51CD48A1CDF406EBC9CC2D3AB834108 Cipher = CAMELLIA-256-CTR +Availablein = default Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D IV = 001CC5B751A51D70A1C1114800000001 Operation = ENCRYPT @@ -2193,121 +2280,142 @@ Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0 Title = ARIA test vectors from RFC5794 (and others) Cipher = ARIA-128-ECB +Availablein = default Key = 000102030405060708090a0b0c0d0e0f Plaintext = 00112233445566778899aabbccddeeff Ciphertext = d718fbd6ab644c739da95f3be6451778 Cipher = ARIA-192-ECB +Availablein = default Key = 000102030405060708090a0b0c0d0e0f1011121314151617 Plaintext = 00112233445566778899aabbccddeeff Ciphertext = 26449c1805dbe7aa25a468ce263a9e79 Cipher = ARIA-256-ECB +Availablein = default Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f Plaintext = 00112233445566778899aabbccddeeff Ciphertext = f92bd7c79fb72e2f2b8f80c1972d24fc # Additional ARIA mode vectors from http://210.104.33.10/ARIA/doc/ARIA-testvector-e.pdf Cipher = ARIA-128-ECB +Availablein = default Key = 00112233445566778899aabbccddeeff Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = c6ecd08e22c30abdb215cf74e2075e6e29ccaac63448708d331b2f816c51b17d9e133d1528dbf0af5787c7f3a3f5c2bf6b6f345907a3055612ce072ff54de7d788424da6e8ccfe8172b391be499354165665ba7864917000a6eeb2ecb4a698edfc7887e7f556377614ab0a282293e6d884dbb84206cdb16ed1754e77a1f243fd086953f752cc1e46c7c794ae85537dcaec8dd721f55c93b6edfe2adea43873e8 Cipher = ARIA-128-CBC +Availablein = default Key = 00112233445566778899aabbccddeeff IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 49d61860b14909109cef0d22a9268134fadf9fb23151e9645fba75018bdb1538b53334634bbf7d4cd4b5377033060c155fe3948ca75de1031e1d85619e0ad61eb419a866b3c2dbfd10a4ed18b22149f75897f0b8668b0c1c542c687778835fb7cd46e45f85eaa7072437dd9fa6793d6f8d4ccefc4eb1ac641ac1bd30b18c6d64c49bca137eb21c2e04da62712ca2b4f540c57112c38791852cfac7a5d19ed83a Cipher = ARIA-128-CFB +Availablein = default Key = 00112233445566778899aabbccddeeff IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 3720e53ba7d615383406b09f0a05a200c07c21e6370f413a5d132500a68285017c61b434c7b7ca9685a51071861e4d4bb873b599b479e2d573dddeafba89f812ac6a9e44d554078eb3be94839db4b33da3f59c063123a7ef6f20e10579fa4fd239100ca73b52d4fcafeadee73f139f78f9b7614c2b3b9dbe010f87db06a89a9435f79ce8121431371f4e87b984e0230c22a6dacb32fc42dcc6accef33285bf11 Cipher = ARIA-128-CFB8 +Availablein = default Key = 00112233445566778899aabbccddeeff IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 373c8f6a965599ec785cc8f8149f6c81b632ccb8e0c6eb6a9707ae52c59257a41f94701c1096933127a90195ed0c8e98690547572423bb45c3d70e4a18ee56b967c10e000ba4df5fba7c404134a343d8375d04b151d161ef83417fe1748447d30a6723c406733df7d18aa39a20752d2381942e244811bb97f72eae446b1815aa690cd1b1adcbd007c0088ecdc91cb2e2caf0e11e72459878137eea64ac62a9a1 Cipher = ARIA-128-OFB +Availablein = default Key = 00112233445566778899aabbccddeeff IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 3720e53ba7d615383406b09f0a05a2000063063f0560083483faeb041c8adecef30cf80cefb002a0d280759168ec01db3d49f61aced260bd43eec0a2731730eec6fa4f2304319cf8ccac2d7be7833e4f8ae6ce967012c1c6badc5d28e7e4144f6bf5cebe01253ee202afce4bc61f28dec069a6f16f6c8a7dd2afae44148f6ff4d0029d5c607b5fa6b8c8a6301cde5c7033565cd0b8f0974ab490b236197ba04a Cipher = ARIA-128-CTR +Availablein = default Key = 00112233445566778899aabbccddeeff IV = 00000000000000000000000000000000 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = ac5d7de805a0bf1c57c854501af60fa11497e2a34519dea1569e91e5b5ccae2ff3bfa1bf975f4571f48be191613546c3911163c085f871f0e7ae5f2a085b81851c2a3ddf20ecb8fa51901aec8ee4ba32a35dab67bb72cd9140ad188a967ac0fbbdfa94ea6cce47dcf8525ab5a814cfeb2bb60ee2b126e2d9d847c1a9e96f9019e3e6a7fe40d3829afb73db1cc245646addb62d9b907baaafbe46a73dbc131d3d Cipher = ARIA-192-ECB +Availablein = default Key = 00112233445566778899aabbccddeeff0011223344556677 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 8d1470625f59ebacb0e55b534b3e462b5f23d33bff78f46c3c15911f4a21809aaccad80b4bda915aa9dae6bcebe06a6c83f77fd5391acfe61de2f646b5d447edbfd5bb49b12fbb9145b227895a757b2af1f7188734863d7b8b6ede5a5b2f06a0a233c8523d2db778fb31b0e311f32700152f33861e9d040c83b5eb40cd88ea49975709dc629365a189f78a3ec40345fc6a5a307a8f9a4413091e007eca5645a0 Cipher = ARIA-192-CBC +Availablein = default Key = 00112233445566778899aabbccddeeff0011223344556677 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = afe6cf23974b533c672a826264ea785f4e4f7f780dc7f3f1e0962b80902386d514e9c3e77259de92dd1102ffab086c1ea52a71260db5920a83295c25320e421147ca45d532f327b856ea947cd2196ae2e040826548b4c891b0ed0ca6e714dbc4631998d548110d666b3d54c2a091955c6f05beb4f62309368696c9791fc4c551564a2637f194346ec45fbca6c72a5b4612e208d531d6c34cc5c64eac6bd0cf8c Cipher = ARIA-192-CFB +Availablein = default Key = 00112233445566778899aabbccddeeff0011223344556677 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 4171f7192bf4495494d2736129640f5c4d87a9a213664c9448477c6ecc2013598d9766952dd8c3868f17e36ef66fd84bfa45d1593d2d6ee3ea2115047d710d4fb66187caa3a315b3c8ea2d313962edcfe5a3e2028d5ba9a09fd5c65c19d3440e477f0cab0628ec6902c73ee02f1afee9f80115be7b9df82d1e28228e28581a20560e195cbb9e2b327bf56fd2d0ae5502e42c13e9b4015d4da42dc859252e7da4 Cipher = ARIA-192-CFB8 +Availablein = default Key = 00112233445566778899aabbccddeeff0011223344556677 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 411d3b4f57f705aa4d13c46e2cf426af7c8c916ed7923d889f0047bbf11471b6d54f8757ef519339105be3cb69babb976a57d5631fc23cc3051fe9d36e8b8e27a2b2c0c4d31928ccbf30ea8239b46ba1b77f6198e7ecd2ce27b35958148e826f06aaf385bd30362ff141583e7c1d8924d44d36a1133094074631e18adafa9d2e55de98f6895c89d4266ebd33f3d4be5153a96fa12132ece2e81e66e55baa7ade Cipher = ARIA-192-OFB +Availablein = default Key = 00112233445566778899aabbccddeeff0011223344556677 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 4171f7192bf4495494d2736129640f5cc224d26d364b5a06ddde13d0f1e74faa846de354c63cda77469d1a2d425c47ff41734c71b3fa1fcdc11e0b2de22bfeed54898e233df652c75ae136e61de6524e62b3f806fb2e8e616eb410a1b9500537e327ffb04f19f7f82fde2b122100261f81b82723bf936be7beaaf3067d1c036001f1ade71422268d274d7dc6c6ae1970b27a5f2c2f39c1d241fe8cac5ccd74e9 Cipher = ARIA-192-CTR +Availablein = default Key = 00112233445566778899aabbccddeeff0011223344556677 IV = 00000000000000000000000000000000 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 08625ca8fe569c19ba7af3760a6ed1cef4d199263e999dde14082dbba7560b79a4c6b456b8707dce751f9854f18893dfdb3f4e5afa539733e6f1e70b98ba37891f8f81e95df8efc26c7ce043504cb18958b865e4e316cd2aa1c97f31bf23dc046ef326b95a692a191ba0f2a41c5fe9ae070f236ff7078e703b42666caafbdd20bad74ac4c20c0f46c7ca24c151716575c947da16c90cfe1bf217a41cfebe7531 Cipher = ARIA-256-ECB +Availablein = default Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 58a875e6044ad7fffa4f58420f7f442d8e191016f28e79aefc01e204773280d7018e5f7a938ec30711719953bae86542cd7ebc752474c1a5f6eaaace2a7e29462ee7dfa5afdb84177ead95ccd4b4bb6e1ed17b9534cff0a5fc2941429cfee2ee49c7adbeb7e9d1b0d2a8531d942079596a27ed79f5b1dd13ecd604b07a48885a3afa0627a0e4e60a3c703af292f1baa77b702f16c54aa74bc727ea95c7468b00 Cipher = ARIA-256-CBC +Availablein = default Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 523a8a806ae621f155fdd28dbc34e1ab7b9b42432ad8b2efb96e23b13f0a6e52f36185d50ad002c5f601bee5493f118b243ee2e313642bffc3902e7b2efd9a12fa682edd2d23c8b9c5f043c18b17c1ec4b5867918270fbec1027c19ed6af833da5d620994668ca22f599791d292dd6273b2959082aafb7a996167cce1eec5f0cfd15f610d87e2dda9ba68ce1260ca54b222491418374294e7909b1e8551cd8de Cipher = ARIA-256-CFB +Availablein = default Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 26834705b0f2c0e2588d4a7f09009635f28bb93d8c31f870ec1e0bdb082b66fa402dd9c202be300c4517d196b14d4ce11dce97f7aaba54341b0d872cc9b63753a3e8556a14be6f7b3e27e3cfc39caf80f2a355aa50dc83c09c7b11828694f8e4aa726c528976b53f2c877f4991a3a8d28adb63bd751846ffb2350265e179d4990753ae8485ff9b4133ddad5875b84a90cbcfa62a045d726df71b6bda0eeca0be Cipher = ARIA-256-CFB8 +Availablein = default Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 26baa33651e1f66434fec88ef27fd2b9a79e246dd89a3ffa00e8bdb37155433e6c24bd0b87d9a85baa9f485ccb984f5ec24d6a3ef5e3c81396177f039cf580dfdb55d6e1c47a28921dfe369e12fd357b289ad3a5544e1c1bd616d454db9c5f91f603373f29d5b2ed1b4b51de80f28537bbd43d5e3b5dd071dc91153cbbe732dfc325821b06ed8acaae656dcf2da9f13e4f29db671476f1e644ff06d9b67d6bd4 Cipher = ARIA-256-OFB +Availablein = default Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd Ciphertext = 26834705b0f2c0e2588d4a7f0900963584c256815c4292b59f8d3f966a75b52345b4f5f98c785d3f368a8d5ff89b7f950ceab3cd63773c2621d652b8ef98b4196afb2c2b30496bc5b7d9e7f9084f9d855f63a511751c8909e7a6deadbe0a67a4fb89383ca5d209c6f66f793fc471195c476fb9c1eab2ac91e680e454b4f3ed9a67fb52f09c29b965b23cfa6f3f6bbb2a86c6cdbaa2857bf2486f543231892a52 Cipher = ARIA-256-CTR +Availablein = default Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff IV = 00000000000000000000000000000000 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd -- 2.25.1