diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info index 9199ae0a92..a278c2182b 100644 --- a/providers/implementations/ciphers/build.info +++ b/providers/implementations/ciphers/build.info @@ -46,12 +46,13 @@ SOURCE[$AES_GOAL]=\ cipher_aes_ccm.c cipher_aes_ccm_hw.c \ cipher_aes_wrp.c \ cipher_aes_cbc_hmac_sha.c \ - cipher_aes_cbc_hmac_sha256_hw.c cipher_aes_cbc_hmac_sha1_hw.c + cipher_aes_cbc_hmac_sha256_hw.c cipher_aes_cbc_hmac_sha1_hw.c \ + cipher_aes_cts.c # Extra code to satisfy the FIPS and non-FIPS separation. # When the AES-xxx-XTS moves to legacy, cipher_aes_xts_fips.c can be removed. -SOURCE[../../libfips.a]=cipher_aes_xts_fips.c cipher_aes_cts_fips.c -SOURCE[../../libnonfips.a]=cipher_aes_xts_fips.c cipher_aes_cts_fips.c +SOURCE[../../libfips.a]=cipher_aes_xts_fips.c +SOURCE[../../libnonfips.a]=cipher_aes_xts_fips.c IF[{- !$disabled{siv} -}] SOURCE[$SIV_GOAL]=\ diff --git a/providers/implementations/ciphers/cipher_aes_cts_fips.c b/providers/implementations/ciphers/cipher_aes_cts.c similarity index 96% rename from providers/implementations/ciphers/cipher_aes_cts_fips.c rename to providers/implementations/ciphers/cipher_aes_cts.c index 48d3ea8b09..1eafa39abb 100644 --- a/providers/implementations/ciphers/cipher_aes_cts_fips.c +++ b/providers/implementations/ciphers/cipher_aes_cts.c @@ -7,7 +7,12 @@ * https://www.openssl.org/source/license.html */ -/* Helper functions for AES CBC CTS ciphers related to fips */ +/* + * Helper functions for AES CBC CTS ciphers. + * + * The function dispatch tables are embedded into cipher_aes.c + * using cipher_aes_cts.inc + */ /* * Refer to SP800-38A-Addendum @@ -66,10 +71,8 @@ typedef struct cts_mode_name2id_st { static CTS_MODE_NAME2ID cts_modes[] = { { CTS_CS1, OSSL_CIPHER_CTS_MODE_CS1 }, -#ifndef FIPS_MODULE { CTS_CS2, OSSL_CIPHER_CTS_MODE_CS2 }, { CTS_CS3, OSSL_CIPHER_CTS_MODE_CS3 }, -#endif }; const char *ossl_aes_cbc_cts_mode_id2name(unsigned int id) @@ -185,7 +188,6 @@ static size_t cts128_cs1_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, return len + AES_BLOCK_SIZE + residue; } -#ifndef FIPS_MODULE static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len) { @@ -305,11 +307,10 @@ static size_t cts128_cs2_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, /* For partial blocks CS2 is equivalent to CS3 */ return cts128_cs3_decrypt(ctx, in, out, len); } -#endif int ossl_aes_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl) + size_t outsize, const unsigned char *in, + size_t inl) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; size_t sz = 0; @@ -331,27 +332,19 @@ int ossl_aes_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl, return 0; if (ctx->enc) { -#ifdef FIPS_MODULE - sz = cts128_cs1_encrypt(ctx, in, out, inl); -#else if (ctx->cts_mode == CTS_CS1) sz = cts128_cs1_encrypt(ctx, in, out, inl); else if (ctx->cts_mode == CTS_CS2) sz = cts128_cs2_encrypt(ctx, in, out, inl); else if (ctx->cts_mode == CTS_CS3) sz = cts128_cs3_encrypt(ctx, in, out, inl); -#endif } else { -#ifdef FIPS_MODULE - sz = cts128_cs1_decrypt(ctx, in, out, inl); -#else if (ctx->cts_mode == CTS_CS1) sz = cts128_cs1_decrypt(ctx, in, out, inl); else if (ctx->cts_mode == CTS_CS2) sz = cts128_cs2_decrypt(ctx, in, out, inl); else if (ctx->cts_mode == CTS_CS3) sz = cts128_cs3_decrypt(ctx, in, out, inl); -#endif } if (sz == 0) return 0; @@ -361,7 +354,7 @@ int ossl_aes_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl, } int ossl_aes_cbc_cts_block_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) + size_t outsize) { *outl = 0; return 1; diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index df343d4109..44ea3d01f3 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -40,7 +40,7 @@ push @configs, 'fips-and-base.cnf' unless $no_fips; my @files = qw( evpciph_aes_ccm_cavs.txt evpciph_aes_common.txt - evpciph_aes_cts1.txt + evpciph_aes_cts.txt evpciph_aes_wrap.txt evpciph_des3_common.txt evpkdf_hkdf.txt @@ -71,7 +71,6 @@ push @files, qw( # A list of tests that only run with the default provider # (i.e. The algorithms are not present in the fips provider) my @defltfiles = qw( - evpciph_aes_cts23.txt evpciph_aes_ocb.txt evpciph_aes_siv.txt evpciph_aria.txt diff --git a/test/recipes/30-test_evp_data/evpciph_aes_cts23.txt b/test/recipes/30-test_evp_data/evpciph_aes_cts.txt similarity index 57% rename from test/recipes/30-test_evp_data/evpciph_aes_cts23.txt rename to test/recipes/30-test_evp_data/evpciph_aes_cts.txt index f4865a880a..0c22e9d905 100644 --- a/test/recipes/30-test_evp_data/evpciph_aes_cts23.txt +++ b/test/recipes/30-test_evp_data/evpciph_aes_cts.txt @@ -9,6 +9,142 @@ # Original test vectors were taken from https://www.ietf.org/rfc/rfc3962.txt for CS3 # These have an IV of all zeros, for a 128 bit AES key. +Title = AES CBC Test vectors + +#------------------------------------------------------ +# AES_CBC results for aligned block lengths. (Result should be the same as 32 byte CTS1 & CTS2) + +# 32 bytes input +Cipher = AES-128-CBC +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8 + +# 48 bytes input +Cipher = AES-128-CBC +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20 +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd8 + +# 64 bytes input +Cipher = AES-128-CBC +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840 + +Title = AES CBC CTS1 Test vectors + +#------------------------------------------------------ +# Manually edited using the same inputs to also produce CS1 ciphertext +# where aligned blocks are the same as CBC mode, and partial lengths +# have the last 2 blocks swapped compared to CS3. + +# 17 bytes Input((Default is CS1 if CTSMode is not specified) +Cipher = AES-128-CBC-CTS +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b652074686520 +Ciphertext = 97c6353568f2bf8cb4d8a580362da7ff7f + +# 31 bytes input +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 +Ciphertext = 97687268d6ecccc0c07b25e25ecfe5fc00783e0efdb2c1d445d4c8eff7ed22 + +# 32 bytes input +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8 + +# 47 bytes input +Cipher = AES-128-CBC-CTS +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5b3fffd940c16a18c1b5549d2f838029e + +# 64 bytes input (CS1 is equivalent to CBC when the last block in full) +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840 + +#------------------------------------------------------------------------------- +# Generated test values using an IV. + +# 47 bytes input +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV =000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c +Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472426da5c54a9990f5ae0b7825f51f0060 + +# 127 bytes +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f7570 +Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d652a4721bf0f082ede80b6399800a92f + +# 129 bytes +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e49 +Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d14fde9fd1098b9b1db788b5868a8d009eeef + +# 17 Bytes +Cipher = AES-192-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69636869636b656e20 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b652074686520 +Ciphertext = e9de1b402de8f79f947cc6b5880588d9b6 + +# 31 Bytes +Cipher = AES-192-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69636869636b656e20 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 +Ciphertext = e9de17d6248fb492bdea1fb2e09c8edea2b610546f3b1e1d231821e283e153 + +# 32 Bytes +Cipher = AES-192-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69636869636b656e20 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 +Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1 + +#------------------------------------------------------------------------------ +# Failure test + +# 15 bytes should fail for CS1 +Cipher = AES-128-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 0102030405060708090A0B0C0D0E0F +Result = CIPHERUPDATE_ERROR + +# Original test vectors were taken from https://www.ietf.org/rfc/rfc3962.txt for CS3 +# These have an IV of all zeros, for a 128 bit AES key. + Title = AES CBC CTS2 Test vectors #------------------------------------------------------ @@ -91,7 +227,6 @@ Plaintext = 0102030405060708090A0B0C0D0E0F Result = CIPHERUPDATE_ERROR - Title = AES CBC CTS3 Test vectors # 17 bytes Input @@ -216,3 +351,4 @@ Key = 636869636b656e207465726979616b69 IV = 00000000000000000000000000000000 Plaintext = 0102030405060708090A0B0C0D0E0F00 Result = CIPHERUPDATE_ERROR + diff --git a/test/recipes/30-test_evp_data/evpciph_aes_cts1.txt b/test/recipes/30-test_evp_data/evpciph_aes_cts1.txt deleted file mode 100644 index 73da12b043..0000000000 --- a/test/recipes/30-test_evp_data/evpciph_aes_cts1.txt +++ /dev/null @@ -1,143 +0,0 @@ -# -# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# Original test vectors were taken from https://www.ietf.org/rfc/rfc3962.txt for CS3 -# These have an IV of all zeros, for a 128 bit AES key. - -Title = AES CBC Test vectors - -#------------------------------------------------------ -# AES_CBC results for aligned block lengths. (Result should be the same as 32 byte CTS1 & CTS2) - -# 32 bytes input -Cipher = AES-128-CBC -Key = 636869636b656e207465726979616b69 -IV = 00000000000000000000000000000000 -Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 -Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8 - -# 48 bytes input -Cipher = AES-128-CBC -Key = 636869636b656e207465726979616b69 -IV = 00000000000000000000000000000000 -Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20 -Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd8 - -# 64 bytes input -Cipher = AES-128-CBC -Key = 636869636b656e207465726979616b69 -IV = 00000000000000000000000000000000 -Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e -Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840 - -Title = AES CBC CTS1 Test vectors - -#------------------------------------------------------ -# Manually edited using the same inputs to also produce CS1 ciphertext -# where aligned blocks are the same as CBC mode, and partial lengths -# have the last 2 blocks swapped compared to CS3. - -# 17 bytes Input((Default is CS1 if CTSMode is not specified) -Cipher = AES-128-CBC-CTS -Key = 636869636b656e207465726979616b69 -IV = 00000000000000000000000000000000 -Plaintext = 4920776f756c64206c696b652074686520 -Ciphertext = 97c6353568f2bf8cb4d8a580362da7ff7f - -# 31 bytes input -Cipher = AES-128-CBC-CTS -CTSMode = CS1 -Key = 636869636b656e207465726979616b69 -IV = 00000000000000000000000000000000 -Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 -Ciphertext = 97687268d6ecccc0c07b25e25ecfe5fc00783e0efdb2c1d445d4c8eff7ed22 - -# 32 bytes input -Cipher = AES-128-CBC-CTS -CTSMode = CS1 -Key = 636869636b656e207465726979616b69 -IV = 00000000000000000000000000000000 -Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 -Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8 - -# 47 bytes input -Cipher = AES-128-CBC-CTS -Key = 636869636b656e207465726979616b69 -IV = 00000000000000000000000000000000 -Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c -Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5b3fffd940c16a18c1b5549d2f838029e - -# 64 bytes input (CS1 is equivalent to CBC when the last block in full) -Cipher = AES-128-CBC-CTS -CTSMode = CS1 -Key = 636869636b656e207465726979616b69 -IV = 00000000000000000000000000000000 -Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e -Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840 - -#------------------------------------------------------------------------------- -# Generated test values using an IV. - -# 47 bytes input -Cipher = AES-128-CBC-CTS -CTSMode = CS1 -Key = 636869636b656e207465726979616b69 -IV =000102030405060708090A0B0C0D0E0F -Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c -Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472426da5c54a9990f5ae0b7825f51f0060 - -# 127 bytes -Cipher = AES-128-CBC-CTS -CTSMode = CS1 -Key = 636869636b656e207465726979616b69 -IV = 000102030405060708090A0B0C0D0E0F -Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f7570 -Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d652a4721bf0f082ede80b6399800a92f - -# 129 bytes -Cipher = AES-128-CBC-CTS -CTSMode = CS1 -Key = 636869636b656e207465726979616b69 -IV = 000102030405060708090A0B0C0D0E0F -Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e49 -Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d14fde9fd1098b9b1db788b5868a8d009eeef - -# 17 Bytes -Cipher = AES-192-CBC-CTS -CTSMode = CS1 -Key = 636869636b656e207465726979616b69636869636b656e20 -IV = 000102030405060708090A0B0C0D0E0F -Plaintext = 4920776f756c64206c696b652074686520 -Ciphertext = e9de1b402de8f79f947cc6b5880588d9b6 - -# 31 Bytes -Cipher = AES-192-CBC-CTS -CTSMode = CS1 -Key = 636869636b656e207465726979616b69636869636b656e20 -IV = 000102030405060708090A0B0C0D0E0F -Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 -Ciphertext = e9de17d6248fb492bdea1fb2e09c8edea2b610546f3b1e1d231821e283e153 - -# 32 Bytes -Cipher = AES-192-CBC-CTS -CTSMode = CS1 -Key = 636869636b656e207465726979616b69636869636b656e20 -IV = 000102030405060708090A0B0C0D0E0F -Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 -Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1 - -#------------------------------------------------------------------------------ -# Failure test - -# 15 bytes should fail for CS1 -Cipher = AES-128-CBC-CTS -CTSMode = CS1 -Key = 636869636b656e207465726979616b69 -IV = 00000000000000000000000000000000 -Plaintext = 0102030405060708090A0B0C0D0E0F -Result = CIPHERUPDATE_ERROR