aboutsummaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/evp/e_aes.c99
-rw-r--r--crypto/evp/evp.h6
-rw-r--r--crypto/modes/Makefile4
-rw-r--r--crypto/modes/modes.h6
-rw-r--r--crypto/modes/modes_lcl.h6
-rw-r--r--crypto/modes/xts128.c17
-rw-r--r--crypto/objects/obj_dat.h12
-rw-r--r--crypto/objects/obj_mac.h8
-rw-r--r--crypto/objects/obj_mac.num2
-rw-r--r--crypto/objects/objects.txt2
10 files changed, 141 insertions, 21 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index b1a701b..a6d1b5d 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -458,5 +458,104 @@ static const EVP_CIPHER aes_256_gcm_cipher=
const EVP_CIPHER *EVP_aes_256_gcm (void)
{ return &aes_256_gcm_cipher; }
+
+typedef struct
+ {
+ /* AES key schedules to use */
+ AES_KEY ks1, ks2;
+ XTS128_CONTEXT xts;
+ } EVP_AES_XTS_CTX;
+
+static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+ {
+ EVP_AES_XTS_CTX *xctx = c->cipher_data;
+ if (type != EVP_CTRL_INIT)
+ return -1;
+ /* key1 and key2 are used as an indicator both key and IV are set */
+ xctx->xts.key1 = NULL;
+ xctx->xts.key2 = NULL;
+ xctx->xts.block1 = (block128_f)AES_encrypt;
+ xctx->xts.block2 = (block128_f)AES_encrypt;
+ return 1;
+ }
+
+static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+ {
+ EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+ if (!iv && !key)
+ return 1;
+
+ if (key)
+ {
+ AES_set_encrypt_key(key, ctx->key_len * 8, &xctx->ks1);
+ AES_set_encrypt_key(key + ctx->key_len, ctx->key_len * 8,
+ &xctx->ks2);
+
+ xctx->xts.key1 = &xctx->ks1;
+ xctx->xts.block1 = (block128_f)AES_encrypt;
+ xctx->xts.block2 = (block128_f)AES_encrypt;
+ }
+
+ if (iv)
+ {
+ xctx->xts.key2 = &xctx->ks2;
+ memcpy(ctx->iv, iv, 16);
+ }
+
+ return 1;
+ }
+
+static int aes_xts(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+ {
+ EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+ if (!xctx->xts.key1 || !xctx->xts.key2)
+ return -1;
+ if (!out || !in)
+ return -1;
+ if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
+ ctx->encrypt))
+ return -1;
+ return len;
+ }
+
+static const EVP_CIPHER aes_128_xts_cipher=
+ {
+ NID_aes_128_xts,16,32,16,
+ EVP_CIPH_XTS_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1
+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
+ aes_xts_init_key,
+ aes_xts,
+ 0,
+ sizeof(EVP_AES_XTS_CTX),
+ NULL,
+ NULL,
+ aes_xts_ctrl,
+ NULL
+ };
+
+const EVP_CIPHER *EVP_aes_128_xts (void)
+{ return &aes_128_xts_cipher; }
+
+static const EVP_CIPHER aes_256_xts_cipher=
+ {
+ NID_aes_256_xts,16,64,16,
+ EVP_CIPH_XTS_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1
+ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
+ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
+ aes_xts_init_key,
+ aes_xts,
+ 0,
+ sizeof(EVP_AES_XTS_CTX),
+ NULL,
+ NULL,
+ aes_xts_ctrl,
+ NULL
+ };
+
+const EVP_CIPHER *EVP_aes_256_xts (void)
+{ return &aes_256_xts_cipher; }
#endif
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 8e041c5..d51e0d3 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -83,7 +83,7 @@
#define EVP_RC5_32_12_16_KEY_SIZE 16
*/
#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */
-#define EVP_MAX_KEY_LENGTH 32
+#define EVP_MAX_KEY_LENGTH 64
#define EVP_MAX_IV_LENGTH 16
#define EVP_MAX_BLOCK_LENGTH 32
@@ -330,6 +330,8 @@ struct evp_cipher_st
#define EVP_CIPH_OFB_MODE 0x4
#define EVP_CIPH_CTR_MODE 0x5
#define EVP_CIPH_GCM_MODE 0x6
+#define EVP_CIPH_CCM_MODE 0x7
+#define EVP_CIPH_XTS_MODE 0x10001
#define EVP_CIPH_MODE 0xF0007
/* Set if variable length cipher */
#define EVP_CIPH_VARIABLE_LENGTH 0x8
@@ -788,6 +790,7 @@ const EVP_CIPHER *EVP_aes_128_cfb128(void);
const EVP_CIPHER *EVP_aes_128_ofb(void);
const EVP_CIPHER *EVP_aes_128_ctr(void);
const EVP_CIPHER *EVP_aes_128_gcm(void);
+const EVP_CIPHER *EVP_aes_128_xts(void);
const EVP_CIPHER *EVP_aes_192_ecb(void);
const EVP_CIPHER *EVP_aes_192_cbc(void);
const EVP_CIPHER *EVP_aes_192_cfb1(void);
@@ -806,6 +809,7 @@ const EVP_CIPHER *EVP_aes_256_cfb128(void);
const EVP_CIPHER *EVP_aes_256_ofb(void);
const EVP_CIPHER *EVP_aes_256_ctr(void);
const EVP_CIPHER *EVP_aes_256_gcm(void);
+const EVP_CIPHER *EVP_aes_256_xts(void);
#endif
#ifndef OPENSSL_NO_CAMELLIA
const EVP_CIPHER *EVP_camellia_128_ecb(void);
diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile
index 28ee07c..57433fd 100644
--- a/crypto/modes/Makefile
+++ b/crypto/modes/Makefile
@@ -21,9 +21,9 @@ TEST=
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c
+LIBSRC= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c xts128.c
LIBOBJ= cbc128.o ctr128.o cts128.o cfb128.o ofb128.o gcm128.o \
- $(MODES_ASM_OBJ)
+ xts128.o $(MODES_ASM_OBJ)
SRC= $(LIBSRC)
diff --git a/crypto/modes/modes.h b/crypto/modes/modes.h
index 0a41b23..1ef78ce 100644
--- a/crypto/modes/modes.h
+++ b/crypto/modes/modes.h
@@ -104,3 +104,9 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
size_t len);
void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
+
+typedef struct xts128_context XTS128_CONTEXT;
+
+int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char *iv,
+ const unsigned char *inp, unsigned char *out,
+ size_t len, int enc);
diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h
index a789e85..1ac0e01 100644
--- a/crypto/modes/modes_lcl.h
+++ b/crypto/modes/modes_lcl.h
@@ -116,3 +116,9 @@ struct gcm128_context {
block128_f block;
void *key;
};
+
+struct xts128_context {
+ void *key1, *key2;
+ block128_f block1,block2;
+};
+
diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c
index de1f5a1..aaa44e0 100644
--- a/crypto/modes/xts128.c
+++ b/crypto/modes/xts128.c
@@ -58,12 +58,7 @@
#endif
#include <assert.h>
-typedef struct {
- void *key1, *key2;
- block128_f block1,block2;
-} XTS128_CONTEXT;
-
-int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, u64 secno,
+int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char *iv,
const unsigned char *inp, unsigned char *out,
size_t len, int enc)
{
@@ -73,15 +68,7 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, u64 secno,
if (len<16) return -1;
- if (is_endian.little) {
- tweak.u[0] = secno;
- tweak.u[1] = 0;
- }
- else {
- PUTU32(tweak.c,secno);
- PUTU32(tweak.c+4,secno>>32);
- tweak.u[1] = 0;
- }
+ memcpy(tweak.c, iv, 16);
(*ctx->block2)(tweak.c,tweak.c,ctx->key2);
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 1477c78..8d1100b 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -62,9 +62,9 @@
* [including the GNU Public Licence.]
*/
-#define NUM_NID 913
-#define NUM_SN 906
-#define NUM_LN 906
+#define NUM_NID 915
+#define NUM_SN 908
+#define NUM_LN 908
#define NUM_OBJ 856
static const unsigned char lvalues[5971]={
@@ -2395,6 +2395,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
NID_anyExtendedKeyUsage,4,&(lvalues[5948]),0},
{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5952]),0},
{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5961]),0},
+{"AES-128-XTS","aes-128-xts",NID_aes_128_xts,0,NULL,0},
+{"AES-256-XTS","aes-256-xts",NID_aes_256_xts,0,NULL,0},
};
static const unsigned int sn_objs[NUM_SN]={
@@ -2406,6 +2408,7 @@ static const unsigned int sn_objs[NUM_SN]={
904, /* "AES-128-CTR" */
418, /* "AES-128-ECB" */
420, /* "AES-128-OFB" */
+913, /* "AES-128-XTS" */
423, /* "AES-192-CBC" */
425, /* "AES-192-CFB" */
651, /* "AES-192-CFB1" */
@@ -2420,6 +2423,7 @@ static const unsigned int sn_objs[NUM_SN]={
906, /* "AES-256-CTR" */
426, /* "AES-256-ECB" */
428, /* "AES-256-OFB" */
+914, /* "AES-256-XTS" */
91, /* "BF-CBC" */
93, /* "BF-CFB" */
92, /* "BF-ECB" */
@@ -3459,6 +3463,7 @@ static const unsigned int ln_objs[NUM_LN]={
418, /* "aes-128-ecb" */
895, /* "aes-128-gcm" */
420, /* "aes-128-ofb" */
+913, /* "aes-128-xts" */
423, /* "aes-192-cbc" */
899, /* "aes-192-ccm" */
425, /* "aes-192-cfb" */
@@ -3477,6 +3482,7 @@ static const unsigned int ln_objs[NUM_LN]={
426, /* "aes-256-ecb" */
901, /* "aes-256-gcm" */
428, /* "aes-256-ofb" */
+914, /* "aes-256-xts" */
376, /* "algorithm" */
484, /* "associatedDomain" */
485, /* "associatedName" */
diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
index 9b88cf8..6de8c70 100644
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@@ -2735,6 +2735,14 @@
#define LN_aes_256_ctr "aes-256-ctr"
#define NID_aes_256_ctr 906
+#define SN_aes_128_xts "AES-128-XTS"
+#define LN_aes_128_xts "aes-128-xts"
+#define NID_aes_128_xts 913
+
+#define SN_aes_256_xts "AES-256-XTS"
+#define LN_aes_256_xts "aes-256-xts"
+#define NID_aes_256_xts 914
+
#define SN_des_cfb1 "DES-CFB1"
#define LN_des_cfb1 "des-cfb1"
#define NID_des_cfb1 656
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 5ff1f49..cbd77f3 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -910,3 +910,5 @@ id_camellia256_wrap 909
anyExtendedKeyUsage 910
mgf1 911
rsassaPss 912
+aes_128_xts 913
+aes_256_xts 914
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 7d53d9a..1bf3ad6 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -892,6 +892,8 @@ aes 48 : id-aes256-wrap-pad
: AES-128-CTR : aes-128-ctr
: AES-192-CTR : aes-192-ctr
: AES-256-CTR : aes-256-ctr
+ : AES-128-XTS : aes-128-xts
+ : AES-256-XTS : aes-256-xts
: DES-CFB1 : des-cfb1
: DES-CFB8 : des-cfb8
: DES-EDE3-CFB1 : des-ede3-cfb1
generated by cgit v1.1 at 2024-07-13 15:48:32 +0000