diff --git a/.gitignore b/.gitignore index 76f9b988a9..91cdb142f4 100644 --- a/.gitignore +++ b/.gitignore @@ -59,9 +59,6 @@ /include/openssl/x509_vfy.h /include/openssl/core_names.h -# Auto generated parameter name files -/crypto/params_idx.c - # Auto generated doc files doc/man1/openssl-*.pod diff --git a/CHANGES.md b/CHANGES.md index d3437a5e4d..4c5e01aaca 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -52,6 +52,11 @@ OpenSSL 3.6 *Alexandr Nedvedicky* + * Added NIST post-quantum security strength categories for cipher, digests + and public key algorithms. + + *Dr Paul Dale* + * The VxWorks platforms have been removed. These platforms were unadopted, unmaintained and reported to be non-functional. diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 680917da57..21edd5eb13 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -984,9 +984,10 @@ static void set_legacy_nid(const char *name, void *vlegacy_nid) static int evp_md_cache_constants(EVP_MD *md) { int ok, xof = 0, algid_absent = 0; + int seccat_collision = -1, seccat_preimage = -1; size_t blksz = 0; size_t mdsize = 0; - OSSL_PARAM params[5]; + OSSL_PARAM params[7]; /* * Note that these parameters are 'constants' that are only set up @@ -998,13 +999,19 @@ static int evp_md_cache_constants(EVP_MD *md) params[2] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_XOF, &xof); params[3] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_ALGID_ABSENT, &algid_absent); - params[4] = OSSL_PARAM_construct_end(); + params[4] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_SECURITY_CATEGORY_COLLISION, + &seccat_collision); + params[5] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_SECURITY_CATEGORY_PREIMAGE, + &seccat_preimage); + params[6] = OSSL_PARAM_construct_end(); ok = evp_do_md_getparams(md, params) > 0; if (mdsize > INT_MAX || blksz > INT_MAX) ok = 0; if (ok) { md->block_size = (int)blksz; md->md_size = (int)mdsize; + md->security_category_collision = seccat_collision; + md->security_category_preimage = seccat_preimage; if (xof) md->flags |= EVP_MD_FLAG_XOF; if (algid_absent) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index fa9504dad9..5d432617a2 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -419,9 +419,9 @@ static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); # endif /* OPENSSL_NO_OCB */ -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,seccat,nmode,mode,MODE,flags) \ static const EVP_CIPHER aesni_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aesni_init_key, \ @@ -431,7 +431,7 @@ static const EVP_CIPHER aesni_##keylen##_##mode = { \ NULL,NULL,NULL,NULL }; \ static const EVP_CIPHER aes_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize, \ - keylen/8,ivlen, \ + keylen/8,ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aes_init_key, \ @@ -442,11 +442,11 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ +# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,seccat,mode,MODE,flags) \ static const EVP_CIPHER aesni_##keylen##_##mode = { \ nid##_##keylen##_##mode,blocksize, \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ + ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aesni_##mode##_init_key, \ @@ -457,7 +457,7 @@ static const EVP_CIPHER aesni_##keylen##_##mode = { \ static const EVP_CIPHER aes_##keylen##_##mode = { \ nid##_##keylen##_##mode,blocksize, \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ + ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aes_##mode##_init_key, \ @@ -805,9 +805,9 @@ static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, # define aes_t4_siv_cipher aes_siv_cipher # endif /* OPENSSL_NO_SIV */ -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,seccat,nmode,mode,MODE,flags) \ static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aes_t4_init_key, \ @@ -817,7 +817,7 @@ static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ NULL,NULL,NULL,NULL }; \ static const EVP_CIPHER aes_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize, \ - keylen/8,ivlen, \ + keylen/8,ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aes_init_key, \ @@ -828,11 +828,11 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ +# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,seccat,mode,MODE,flags) \ static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ nid##_##keylen##_##mode,blocksize, \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ + ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aes_t4_##mode##_init_key, \ @@ -843,7 +843,7 @@ static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ static const EVP_CIPHER aes_##keylen##_##mode = { \ nid##_##keylen##_##mode,blocksize, \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ + ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aes_##mode##_init_key, \ @@ -2282,12 +2282,12 @@ static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr); # define s390x_aes_siv_ctrl aes_siv_ctrl # endif -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode, \ - MODE,flags) \ +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,seccat, \ + nmode,mode,MODE,flags) \ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize, \ keylen / 8, \ - ivlen, \ + ivlen, seccat, \ flags | EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ s390x_aes_##mode##_init_key, \ @@ -2303,7 +2303,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ nid##_##keylen##_##nmode, \ blocksize, \ keylen / 8, \ - ivlen, \ + ivlen, seccat, \ flags | EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aes_init_key, \ @@ -2321,12 +2321,12 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \ } -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags)\ +# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,seccat,mode,MODE,flags)\ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ nid##_##keylen##_##mode, \ blocksize, \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ - ivlen, \ + ivlen, seccat, \ flags | EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ s390x_aes_##mode##_init_key, \ @@ -2341,7 +2341,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ static const EVP_CIPHER aes_##keylen##_##mode = { \ nid##_##keylen##_##mode,blocksize, \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ - ivlen, \ + ivlen, seccat, \ flags | EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aes_##mode##_init_key, \ @@ -2361,9 +2361,9 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ #else -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,seccat,nmode,mode,MODE,flags) \ static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aes_init_key, \ @@ -2374,11 +2374,11 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return &aes_##keylen##_##mode; } -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ +# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,seccat,mode,MODE,flags) \ static const EVP_CIPHER aes_##keylen##_##mode = { \ nid##_##keylen##_##mode,blocksize, \ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ + ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aes_##mode##_init_key, \ @@ -2391,14 +2391,14 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ #endif -#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ - BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags) +#define BLOCK_CIPHER_generic_pack(nid,keylen,seccat,flags) \ + BLOCK_CIPHER_generic(nid,keylen,16,16,seccat,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,16,0,seccat,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,seccat,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,seccat,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,seccat,cfb1,cfb1,CFB,flags) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,seccat,cfb8,cfb8,CFB,flags) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,seccat,ctr,ctr,CTR,flags) static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -2632,9 +2632,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -BLOCK_CIPHER_generic_pack(NID_aes, 128, 0) - BLOCK_CIPHER_generic_pack(NID_aes, 192, 0) - BLOCK_CIPHER_generic_pack(NID_aes, 256, 0) +BLOCK_CIPHER_generic_pack(NID_aes, 128, 1, 0) +BLOCK_CIPHER_generic_pack(NID_aes, 192, 3, 0) +BLOCK_CIPHER_generic_pack(NID_aes, 256, 5, 0) static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { @@ -3181,11 +3181,11 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_CUSTOM_IV_LENGTH) -BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, +BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, 1, gcm, GCM, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, +BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, 3, gcm, GCM, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, +BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, 5, gcm, GCM, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) @@ -3371,8 +3371,8 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ | EVP_CIPH_CUSTOM_COPY) -BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, 1, xts, XTS, XTS_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, 5, xts, XTS, XTS_FLAGS) static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { @@ -3649,11 +3649,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #define aes_ccm_cleanup NULL -BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, +BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, 1, ccm, CCM, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, +BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, 3, ccm, CCM, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, +BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, 5, ccm, CCM, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) typedef struct { @@ -3761,7 +3761,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static const EVP_CIPHER aes_128_wrap = { NID_id_aes128_wrap, - 8, 16, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL, + 8, 16, 8, 1, WRAP_FLAGS, EVP_ORIG_GLOBAL, aes_wrap_init_key, aes_wrap_cipher, NULL, sizeof(EVP_AES_WRAP_CTX), @@ -3775,7 +3775,7 @@ const EVP_CIPHER *EVP_aes_128_wrap(void) static const EVP_CIPHER aes_192_wrap = { NID_id_aes192_wrap, - 8, 24, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL, + 8, 24, 8, 3, WRAP_FLAGS, EVP_ORIG_GLOBAL, aes_wrap_init_key, aes_wrap_cipher, NULL, sizeof(EVP_AES_WRAP_CTX), @@ -3789,7 +3789,7 @@ const EVP_CIPHER *EVP_aes_192_wrap(void) static const EVP_CIPHER aes_256_wrap = { NID_id_aes256_wrap, - 8, 32, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL, + 8, 32, 8, 5, WRAP_FLAGS, EVP_ORIG_GLOBAL, aes_wrap_init_key, aes_wrap_cipher, NULL, sizeof(EVP_AES_WRAP_CTX), @@ -3803,7 +3803,7 @@ const EVP_CIPHER *EVP_aes_256_wrap(void) static const EVP_CIPHER aes_128_wrap_pad = { NID_id_aes128_wrap_pad, - 8, 16, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL, + 8, 16, 4, 1, WRAP_FLAGS, EVP_ORIG_GLOBAL, aes_wrap_init_key, aes_wrap_cipher, NULL, sizeof(EVP_AES_WRAP_CTX), @@ -3817,7 +3817,7 @@ const EVP_CIPHER *EVP_aes_128_wrap_pad(void) static const EVP_CIPHER aes_192_wrap_pad = { NID_id_aes192_wrap_pad, - 8, 24, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL, + 8, 24, 4, 3, WRAP_FLAGS, EVP_ORIG_GLOBAL, aes_wrap_init_key, aes_wrap_cipher, NULL, sizeof(EVP_AES_WRAP_CTX), @@ -3831,7 +3831,7 @@ const EVP_CIPHER *EVP_aes_192_wrap_pad(void) static const EVP_CIPHER aes_256_wrap_pad = { NID_id_aes256_wrap_pad, - 8, 32, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL, + 8, 32, 4, 5, WRAP_FLAGS, EVP_ORIG_GLOBAL, aes_wrap_init_key, aes_wrap_cipher, NULL, sizeof(EVP_AES_WRAP_CTX), @@ -4145,10 +4145,10 @@ static int aes_ocb_cleanup(EVP_CIPHER_CTX *c) return 1; } -BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB, +BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, 1, ocb, OCB, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB, +BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, 3, ocb, OCB, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB, +BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, 5, ocb, OCB, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) #endif /* OPENSSL_NO_OCB */ diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 3b8c5fb479..dae66bbcac 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -912,13 +912,23 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, } } -static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { +/* + * Note about security categories. + * + * The security category of the combined algorithms will be the lower of + * the category for the cipher and the HMAC. NIST has not defined security + * categories for HMACs at this stage but it seems reasonable to equate + * these to the pre-image security category of the underlying digest. The + * pre-image category of SHA1 is less than or equal to the category for the + * AES flavour used, so we use it throughout. + */ +static const EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { # ifdef NID_aes_128_cbc_hmac_sha1 NID_aes_128_cbc_hmac_sha1, # else NID_undef, # endif - AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, + AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, SHA1_PREIMAGE_CATEGORY, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, EVP_ORIG_GLOBAL, @@ -932,13 +942,13 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { NULL }; -static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { +static const EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { # ifdef NID_aes_256_cbc_hmac_sha1 NID_aes_256_cbc_hmac_sha1, # else NID_undef, # endif - AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, + AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, SHA1_PREIMAGE_CATEGORY, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, EVP_ORIG_GLOBAL, diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 8edcbf799a..c4d2116d25 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -889,13 +889,23 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, } } -static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { +/* + * Note about security categories. + * + * The security category of the combined algorithms will be the lower of + * the category for the cipher and the HMAC. NIST has not defined security + * categories for HMACs at this stage but it seems reasonable to equate + * these to the pre-image security category of the underlying digest. + */ +#define SEC_CAT(c) ((c) < SHA256_PREIMAGE_CATEGORY ? (c) : SHA256_PREIMAGE_CATEGORY) + +static const EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { # ifdef NID_aes_128_cbc_hmac_sha256 NID_aes_128_cbc_hmac_sha256, # else NID_undef, # endif - AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, + AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, SEC_CAT(1), EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, EVP_ORIG_GLOBAL, @@ -909,13 +919,13 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { NULL }; -static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = { +static const EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = { # ifdef NID_aes_256_cbc_hmac_sha256 NID_aes_256_cbc_hmac_sha256, # else NID_undef, # endif - AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, + AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, SEC_CAT(5), EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, EVP_ORIG_GLOBAL, diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c index 317808cf73..907f92a42e 100644 --- a/crypto/evp/e_aria.c +++ b/crypto/evp/e_aria.c @@ -132,36 +132,36 @@ static void aria_ofb128_encrypt(const unsigned char *in, unsigned char *out, } IMPLEMENT_BLOCK_CIPHER(aria_128, ks, aria, EVP_ARIA_KEY, - NID_aria_128, 16, 16, 16, 128, + NID_aria_128, 16, 16, 16, 128, 1, 0, aria_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) IMPLEMENT_BLOCK_CIPHER(aria_192, ks, aria, EVP_ARIA_KEY, - NID_aria_192, 16, 24, 16, 128, + NID_aria_192, 16, 24, 16, 128, 3, 0, aria_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) IMPLEMENT_BLOCK_CIPHER(aria_256, ks, aria, EVP_ARIA_KEY, - NID_aria_256, 16, 32, 16, 128, + NID_aria_256, 16, 32, 16, 128, 5, 0, aria_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) -# define IMPLEMENT_ARIA_CFBR(ksize,cbits) \ - IMPLEMENT_CFBR(aria,aria,EVP_ARIA_KEY,ks,ksize,cbits,16,0) -IMPLEMENT_ARIA_CFBR(128,1) -IMPLEMENT_ARIA_CFBR(192,1) -IMPLEMENT_ARIA_CFBR(256,1) -IMPLEMENT_ARIA_CFBR(128,8) -IMPLEMENT_ARIA_CFBR(192,8) -IMPLEMENT_ARIA_CFBR(256,8) +# define IMPLEMENT_ARIA_CFBR(ksize,cbits,seccat) \ + IMPLEMENT_CFBR(aria,aria,EVP_ARIA_KEY,ks,ksize,cbits,16,seccat,0) +IMPLEMENT_ARIA_CFBR(128,1,1) +IMPLEMENT_ARIA_CFBR(192,1,3) +IMPLEMENT_ARIA_CFBR(256,1,5) +IMPLEMENT_ARIA_CFBR(128,8,1) +IMPLEMENT_ARIA_CFBR(192,8,3) +IMPLEMENT_ARIA_CFBR(256,8,5) -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,seccat,nmode,mode,MODE,flags) \ static const EVP_CIPHER aria_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aria_init_key, \ @@ -190,9 +190,9 @@ static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0) -BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0) -BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0) +BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, 1, ctr, ctr, CTR, 0) +BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, 3, ctr, ctr, CTR, 0) +BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, 5, ctr, ctr, CTR, 0) /* Authenticated cipher modes (GCM/CCM) */ @@ -761,10 +761,10 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER \ | EVP_CIPH_CUSTOM_IV_LENGTH) -#define BLOCK_CIPHER_aead(keylen,mode,MODE) \ +#define BLOCK_CIPHER_aead(keylen,seccat,mode,MODE) \ static const EVP_CIPHER aria_##keylen##_##mode = { \ NID_aria_##keylen##_##mode, \ - 1, keylen/8, 12, \ + 1, keylen/8, 12, seccat, \ ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ aria_##mode##_init_key, \ @@ -775,12 +775,12 @@ static const EVP_CIPHER aria_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \ { return (EVP_CIPHER*)&aria_##keylen##_##mode; } -BLOCK_CIPHER_aead(128, gcm, GCM) -BLOCK_CIPHER_aead(192, gcm, GCM) -BLOCK_CIPHER_aead(256, gcm, GCM) +BLOCK_CIPHER_aead(128, 1, gcm, GCM) +BLOCK_CIPHER_aead(192, 3, gcm, GCM) +BLOCK_CIPHER_aead(256, 5, gcm, GCM) -BLOCK_CIPHER_aead(128, ccm, CCM) -BLOCK_CIPHER_aead(192, ccm, CCM) -BLOCK_CIPHER_aead(256, ccm, CCM) +BLOCK_CIPHER_aead(128, 1, ccm, CCM) +BLOCK_CIPHER_aead(192, 3, ccm, CCM) +BLOCK_CIPHER_aead(256, 5, ccm, CCM) #endif diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index 2aeda2ecf0..cb3c08b4c6 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -31,7 +31,7 @@ typedef struct { # define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) -IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, +IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, 0, EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index cb69516bde..95d2dee5cf 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -139,9 +139,9 @@ static int cmll_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,seccat,nmode,mode,MODE,flags) \ static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ cmll_t4_init_key, \ @@ -151,7 +151,7 @@ static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \ NULL,NULL,NULL,NULL }; \ static const EVP_CIPHER camellia_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize, \ - keylen/8,ivlen, \ + keylen/8,ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ camellia_init_key, \ @@ -164,9 +164,9 @@ const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ #else -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,seccat,nmode,mode,MODE,flags) \ static const EVP_CIPHER camellia_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, seccat, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ camellia_init_key, \ @@ -179,14 +179,14 @@ const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ #endif -#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ - BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ - BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) +#define BLOCK_CIPHER_generic_pack(nid,keylen,seccat,flags) \ + BLOCK_CIPHER_generic(nid,keylen,16,16,seccat,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,16,0,seccat,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,seccat,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,seccat,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,seccat,cfb1,cfb1,CFB,flags) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,seccat,cfb8,cfb8,CFB,flags) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, seccat, ctr, ctr, CTR, flags) /* The subkey for Camellia is generated. */ static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -344,6 +344,6 @@ static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0) - BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0) - BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0) +BLOCK_CIPHER_generic_pack(NID_camellia, 128, 1, 0) +BLOCK_CIPHER_generic_pack(NID_camellia, 192, 3, 0) +BLOCK_CIPHER_generic_pack(NID_camellia, 256, 5, 0) diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c index 5e9be2dc7d..b200bc90df 100644 --- a/crypto/evp/e_cast.c +++ b/crypto/evp/e_cast.c @@ -33,7 +33,7 @@ typedef struct { # define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, - NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, + NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, 0, EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index fd012e4cee..696da6bd65 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -130,6 +130,7 @@ static const EVP_CIPHER chacha20 = { 1, /* block_size */ CHACHA_KEY_SIZE, /* key_len */ CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */ + 5, /* PQ security strength category */ EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT, EVP_ORIG_GLOBAL, chacha_init_key, @@ -607,11 +608,12 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, } } -static EVP_CIPHER chacha20_poly1305 = { +static const EVP_CIPHER chacha20_poly1305 = { NID_chacha20_poly1305, 1, /* block_size */ CHACHA_KEY_SIZE, /* key_len */ 12, /* iv_len, 96-bit nonce in the context */ + 5, /* PQ security strength category */ EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER | diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index 6eb49c0339..7e0cdb1547 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -195,17 +195,17 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64, +BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64, 0, EVP_CIPH_RAND_KEY, des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) - BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) +BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1, 0, + EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) - BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) +BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8, 0, + EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index cb8050c23b..5bd1a03a4c 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -203,22 +203,22 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, +BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, 0, EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede_init_key, NULL, NULL, NULL, des3_ctrl) # define des_ede3_cfb64_cipher des_ede_cfb64_cipher # define des_ede3_ofb_cipher des_ede_ofb_cipher # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher - BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, + BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, 0, EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) - BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, + BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, 0, EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) - BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, + BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, 0, EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) @@ -410,7 +410,7 @@ static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static const EVP_CIPHER des3_wrap = { NID_id_smime_alg_CMS3DESwrap, - 8, 24, 0, + 8, 24, 0, 0, EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1, EVP_ORIG_GLOBAL, diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index 93da93823d..55f4d6d6bb 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -50,7 +50,7 @@ BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks) BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks) BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, +BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, 1, 0, idea_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c index af900c5298..ca1d5c59fa 100644 --- a/crypto/evp/e_null.c +++ b/crypto/evp/e_null.c @@ -19,7 +19,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { NID_undef, - 1, 0, 0, 0, + 1, 0, 0, 0, 0, EVP_ORIG_GLOBAL, null_init_key, null_cipher, diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index ffeb17fb1e..5a942bed8d 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -41,7 +41,7 @@ typedef struct { IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, 8, - RC2_KEY_LENGTH, 8, 64, + RC2_KEY_LENGTH, 8, 64, 0, EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, rc2_init_key, NULL, rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, @@ -51,7 +51,7 @@ IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, # define RC2_128_MAGIC 0x3a static const EVP_CIPHER r2_64_cbc_cipher = { NID_rc2_64_cbc, - 8, 8 /* 64 bit */ , 8, + 8, 8 /* 64 bit */ , 8, 0, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, EVP_ORIG_GLOBAL, rc2_init_key, @@ -66,7 +66,7 @@ static const EVP_CIPHER r2_64_cbc_cipher = { static const EVP_CIPHER r2_40_cbc_cipher = { NID_rc2_40_cbc, - 8, 5 /* 40 bit */ , 8, + 8, 5 /* 40 bit */ , 8, 0, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, EVP_ORIG_GLOBAL, rc2_init_key, diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index e22e81d467..1291792bf0 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -36,7 +36,7 @@ static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); static const EVP_CIPHER r4_cipher = { NID_rc4, - 1, EVP_RC4_KEY_SIZE, 0, + 1, EVP_RC4_KEY_SIZE, 0, 0, EVP_CIPH_VARIABLE_LENGTH, EVP_ORIG_GLOBAL, rc4_init_key, @@ -51,7 +51,7 @@ static const EVP_CIPHER r4_cipher = { static const EVP_CIPHER r4_40_cipher = { NID_rc4_40, - 1, 5 /* 40 bit */ , 0, + 1, 5 /* 40 bit */ , 0, 0, EVP_CIPH_VARIABLE_LENGTH, EVP_ORIG_GLOBAL, rc4_init_key, diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index d64ba8ead2..6d7e5fd056 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -246,13 +246,13 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, } } -static EVP_CIPHER r4_hmac_md5_cipher = { +static const EVP_CIPHER r4_hmac_md5_cipher = { # ifdef NID_rc4_hmac_md5 NID_rc4_hmac_md5, # else NID_undef, # endif - 1, EVP_RC4_KEY_SIZE, 0, + 1, EVP_RC4_KEY_SIZE, 0, 0, EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_FLAG_AEAD_CIPHER, EVP_ORIG_GLOBAL, diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index 3496a70193..00d19190f5 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -36,7 +36,7 @@ typedef struct { # define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx) IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5, - 8, RC5_32_KEY_LENGTH, 8, 64, + 8, RC5_32_KEY_LENGTH, 8, 64, 0, EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, r_32_12_16_init_key, NULL, NULL, NULL, rc5_ctrl) diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c index 65ddb57335..434fcd1438 100644 --- a/crypto/evp/e_seed.c +++ b/crypto/evp/e_seed.c @@ -30,7 +30,7 @@ typedef struct { } EVP_SEED_KEY; IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed, - 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1, + 16, 16, 16, 128, 1, EVP_CIPH_FLAG_DEFAULT_ASN1, seed_init_key, 0, 0, 0, 0) static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c index eeb4fd8e09..831df33b6c 100644 --- a/crypto/evp/e_sm4.c +++ b/crypto/evp/e_sm4.c @@ -35,7 +35,7 @@ typedef struct { # define BLOCK_CIPHER_generic(nid,blocksize,ivlen,nmode,mode,MODE,flags) \ static const EVP_CIPHER sm4_##mode = { \ - nid##_##nmode,blocksize,128/8,ivlen, \ + nid##_##nmode,blocksize,128/8,ivlen, 1, \ flags|EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ sm4_init_key, \ diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c index f930941887..1ae4d9da4a 100644 --- a/crypto/evp/e_xcbc_d.c +++ b/crypto/evp/e_xcbc_d.c @@ -39,7 +39,7 @@ typedef struct { static const EVP_CIPHER d_xcbc_cipher = { NID_desx_cbc, - 8, 24, 8, + 8, 24, 8, 0, EVP_CIPH_CBC_MODE, EVP_ORIG_GLOBAL, desx_cbc_init_key, diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index c99d847974..f8f4d2ad6a 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -320,12 +320,13 @@ int EVP_CIPHER_get_type(const EVP_CIPHER *cipher) int evp_cipher_cache_constants(EVP_CIPHER *cipher) { int ok, aead = 0, custom_iv = 0, cts = 0, multiblock = 0, randkey = 0; + int security_category = -1; int encrypt_then_mac = 0; size_t ivlen = 0; size_t blksz = 0; size_t keylen = 0; unsigned int mode = 0; - OSSL_PARAM params[11]; + OSSL_PARAM params[12]; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &blksz); params[1] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &ivlen); @@ -341,13 +342,16 @@ int evp_cipher_cache_constants(EVP_CIPHER *cipher) &randkey); params[9] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_ENCRYPT_THEN_MAC, &encrypt_then_mac); - params[10] = OSSL_PARAM_construct_end(); + params[10] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_SECURITY_CATEGORY, + &security_category); + params[11] = OSSL_PARAM_construct_end(); ok = evp_do_ciph_getparams(cipher, params) > 0; if (ok) { cipher->block_size = (int)blksz; cipher->iv_len = (int)ivlen; cipher->key_len = (int)keylen; cipher->flags = mode; + cipher->security_category = security_category; if (aead) cipher->flags |= EVP_CIPH_FLAG_AEAD_CIPHER; if (custom_iv) @@ -672,6 +676,11 @@ int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx) return ctx->key_len; } +int EVP_CIPHER_get_security_category(const EVP_CIPHER *cipher) +{ + return cipher->security_category; +} + int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher) { return (cipher == NULL) ? NID_undef : cipher->nid; @@ -819,6 +828,24 @@ int EVP_MD_get_size(const EVP_MD *md) return md->md_size; } +int EVP_MD_get_security_category_collision(const EVP_MD *md) +{ + if (md == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL); + return -1; + } + return md->security_category_collision; +} + +int EVP_MD_get_security_category_preimage(const EVP_MD *md) +{ + if (md == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL); + return -1; + } + return md->security_category_preimage; +} + int EVP_MD_xof(const EVP_MD *md) { return md != NULL && ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0); diff --git a/crypto/evp/legacy_blake2.c b/crypto/evp/legacy_blake2.c index 5a5f05044c..1bc01548c8 100644 --- a/crypto/evp/legacy_blake2.c +++ b/crypto/evp/legacy_blake2.c @@ -41,6 +41,7 @@ static const EVP_MD blake2b_md = { NID_blake2b512, 0, BLAKE2B_DIGEST_LENGTH, + 5, 5, 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(blake2b_int_init, blake2b_int_update, @@ -56,6 +57,7 @@ static const EVP_MD blake2s_md = { NID_blake2s256, 0, BLAKE2S_DIGEST_LENGTH, + 2, 5, 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(blake2s_int_init, blake2s_int_update, diff --git a/crypto/evp/legacy_md2.c b/crypto/evp/legacy_md2.c index 72cc99ad70..220f7adbdf 100644 --- a/crypto/evp/legacy_md2.c +++ b/crypto/evp/legacy_md2.c @@ -23,6 +23,7 @@ static const EVP_MD md2_md = { NID_md2, NID_md2WithRSAEncryption, MD2_DIGEST_LENGTH, + 0, 0, 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(md2_init, md2_update, md2_final, NULL, MD2_BLOCK) diff --git a/crypto/evp/legacy_md4.c b/crypto/evp/legacy_md4.c index 4bc852b520..225d1cac35 100644 --- a/crypto/evp/legacy_md4.c +++ b/crypto/evp/legacy_md4.c @@ -23,6 +23,7 @@ static const EVP_MD md4_md = { NID_md4, NID_md4WithRSAEncryption, MD4_DIGEST_LENGTH, + 0, 0, 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(md4_init, md4_update, md4_final, NULL, MD4_CBLOCK), diff --git a/crypto/evp/legacy_md5.c b/crypto/evp/legacy_md5.c index a67be9fef7..7849126657 100644 --- a/crypto/evp/legacy_md5.c +++ b/crypto/evp/legacy_md5.c @@ -23,6 +23,7 @@ static const EVP_MD md5_md = { NID_md5, NID_md5WithRSAEncryption, MD5_DIGEST_LENGTH, + 0, 0, 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(md5_init, md5_update, md5_final, NULL, MD5_CBLOCK) diff --git a/crypto/evp/legacy_md5_sha1.c b/crypto/evp/legacy_md5_sha1.c index b84bf3deaa..4976e85675 100644 --- a/crypto/evp/legacy_md5_sha1.c +++ b/crypto/evp/legacy_md5_sha1.c @@ -28,6 +28,7 @@ static const EVP_MD md5_sha1_md = { NID_md5_sha1, NID_md5_sha1, MD5_SHA1_DIGEST_LENGTH, + SHA1_COLLISION_CATEGORY, SHA1_PREIMAGE_CATEGORY, 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(md5_sha1_int_init, md5_sha1_int_update, diff --git a/crypto/evp/legacy_mdc2.c b/crypto/evp/legacy_mdc2.c index 317d87c61b..d71f41002a 100644 --- a/crypto/evp/legacy_mdc2.c +++ b/crypto/evp/legacy_mdc2.c @@ -23,6 +23,7 @@ static const EVP_MD mdc2_md = { NID_mdc2, NID_mdc2WithRSA, MDC2_DIGEST_LENGTH, + 0, 0, 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(mdc2_init, mdc2_update, mdc2_final, NULL, diff --git a/crypto/evp/legacy_ripemd.c b/crypto/evp/legacy_ripemd.c index 1fa1ebc049..91e49baa6a 100644 --- a/crypto/evp/legacy_ripemd.c +++ b/crypto/evp/legacy_ripemd.c @@ -23,6 +23,7 @@ static const EVP_MD ripemd160_md = { NID_ripemd160, NID_ripemd160WithRSA, RIPEMD160_DIGEST_LENGTH, + 0, 1, 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(ripe_init, ripe_update, ripe_final, NULL, diff --git a/crypto/evp/legacy_sha.c b/crypto/evp/legacy_sha.c index 72c4da985f..53d94ee2fa 100644 --- a/crypto/evp/legacy_sha.c +++ b/crypto/evp/legacy_sha.c @@ -93,6 +93,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, + SHA1_COLLISION_CATEGORY, SHA1_PREIMAGE_CATEGORY, EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha1_init, sha1_update, sha1_final, sha1_int_ctrl, @@ -108,6 +109,7 @@ static const EVP_MD sha224_md = { NID_sha224, NID_sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, + SHA224_COLLISION_CATEGORY, SHA224_PREIMAGE_CATEGORY, EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha224_init, sha224_update, sha224_final, NULL, @@ -123,6 +125,7 @@ static const EVP_MD sha256_md = { NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, + SHA256_COLLISION_CATEGORY, SHA256_PREIMAGE_CATEGORY, EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha256_init, sha256_update, sha256_final, NULL, @@ -138,6 +141,7 @@ static const EVP_MD sha512_224_md = { NID_sha512_224, NID_sha512_224WithRSAEncryption, SHA224_DIGEST_LENGTH, + SHA224_COLLISION_CATEGORY, SHA224_PREIMAGE_CATEGORY, EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha512_224_int_init, sha512_224_int_update, @@ -153,6 +157,7 @@ static const EVP_MD sha512_256_md = { NID_sha512_256, NID_sha512_256WithRSAEncryption, SHA256_DIGEST_LENGTH, + SHA256_COLLISION_CATEGORY, SHA256_PREIMAGE_CATEGORY, EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha512_256_int_init, sha512_256_int_update, @@ -168,6 +173,7 @@ static const EVP_MD sha384_md = { NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, + SHA384_COLLISION_CATEGORY, SHA384_PREIMAGE_CATEGORY, EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha384_init, sha384_update, sha384_final, NULL, @@ -183,6 +189,7 @@ static const EVP_MD sha512_md = { NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, + SHA512_COLLISION_CATEGORY, SHA512_PREIMAGE_CATEGORY, EVP_MD_FLAG_DIGALGID_ABSENT, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sha512_init, sha512_update, sha512_final, NULL, @@ -194,13 +201,14 @@ const EVP_MD *EVP_sha512(void) return &sha512_md; } -#define EVP_MD_SHA3(bitlen) \ +#define EVP_MD_SHA3(bitlen, seccat_collision, seccat_preimage) \ const EVP_MD *EVP_sha3_##bitlen(void) \ { \ static const EVP_MD sha3_##bitlen##_md = { \ NID_sha3_##bitlen, \ NID_RSA_SHA3_##bitlen, \ bitlen / 8, \ + seccat_collision, seccat_preimage, \ EVP_MD_FLAG_DIGALGID_ABSENT, \ EVP_ORIG_GLOBAL, \ LEGACY_EVP_MD_METH_TABLE(sha3_int_init, sha3_int_update, \ @@ -209,13 +217,14 @@ const EVP_MD *EVP_sha3_##bitlen(void) \ }; \ return &sha3_##bitlen##_md; \ } -#define EVP_MD_SHAKE(bitlen) \ +#define EVP_MD_SHAKE(bitlen, seccat_collision, seccat_preimage) \ const EVP_MD *EVP_shake##bitlen(void) \ { \ static const EVP_MD shake##bitlen##_md = { \ NID_shake##bitlen, \ 0, \ bitlen / 8, \ + seccat_collision, seccat_preimage, \ EVP_MD_FLAG_XOF | EVP_MD_FLAG_DIGALGID_ABSENT, \ EVP_ORIG_GLOBAL, \ LEGACY_EVP_MD_METH_TABLE(shake_init, sha3_int_update, sha3_int_final, \ @@ -224,10 +233,10 @@ const EVP_MD *EVP_shake##bitlen(void) \ return &shake##bitlen##_md; \ } -EVP_MD_SHA3(224) -EVP_MD_SHA3(256) -EVP_MD_SHA3(384) -EVP_MD_SHA3(512) +EVP_MD_SHA3(224, SHA3_224_COLLISION_CATEGORY, SHA3_224_PREIMAGE_CATEGORY) +EVP_MD_SHA3(256, SHA3_256_COLLISION_CATEGORY, SHA3_256_PREIMAGE_CATEGORY) +EVP_MD_SHA3(384, SHA3_384_COLLISION_CATEGORY, SHA3_384_PREIMAGE_CATEGORY) +EVP_MD_SHA3(512, SHA3_512_COLLISION_CATEGORY, SHA3_512_PREIMAGE_CATEGORY) -EVP_MD_SHAKE(128) -EVP_MD_SHAKE(256) +EVP_MD_SHAKE(128, SHAKE128_COLLISION_CATEGORY, SHAKE128_PREIMAGE_CATEGORY) +EVP_MD_SHAKE(256, SHAKE256_COLLISION_CATEGORY, SHAKE256_PREIMAGE_CATEGORY) diff --git a/crypto/evp/legacy_wp.c b/crypto/evp/legacy_wp.c index 3976ff73fb..2c964aaace 100644 --- a/crypto/evp/legacy_wp.c +++ b/crypto/evp/legacy_wp.c @@ -23,6 +23,7 @@ static const EVP_MD whirlpool_md = { NID_whirlpool, 0, WHIRLPOOL_DIGEST_LENGTH, + 5, 5, 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(wp_init, wp_update, wp_final, NULL, diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c index 7b310d7047..40eb84d87c 100644 --- a/crypto/evp/m_null.c +++ b/crypto/evp/m_null.c @@ -33,6 +33,8 @@ static const EVP_MD null_md = { NID_undef, NID_undef, 0, + 0, /* Collision security category */ + 0, /* Preimage security category */ 0, EVP_ORIG_GLOBAL, init, diff --git a/crypto/sm3/legacy_sm3.c b/crypto/sm3/legacy_sm3.c index c81f3b4ab4..715367112a 100644 --- a/crypto/sm3/legacy_sm3.c +++ b/crypto/sm3/legacy_sm3.c @@ -19,6 +19,7 @@ static const EVP_MD sm3_md = { NID_sm3, NID_sm3WithRSAEncryption, SM3_DIGEST_LENGTH, + 2, 5, 0, EVP_ORIG_GLOBAL, LEGACY_EVP_MD_METH_TABLE(sm3_int_init, sm3_int_update, sm3_int_final, NULL, diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index ddad2f8f88..dfd7b0ad2b 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -16,6 +16,7 @@ EVP_DigestSqueeze, EVP_MD_is_a, EVP_MD_get0_name, EVP_MD_get0_description, EVP_MD_names_do_all, EVP_MD_get0_provider, EVP_MD_get_type, EVP_MD_get_pkey_type, EVP_MD_get_size, EVP_MD_get_block_size, EVP_MD_get_flags, +EVP_MD_get_security_category_collision, EVP_MD_get_security_category_preimage, EVP_MD_CTX_get0_name, EVP_MD_CTX_md, EVP_MD_CTX_get0_md, EVP_MD_CTX_get1_md, EVP_MD_CTX_get_type, EVP_MD_CTX_get_size_ex, EVP_MD_CTX_get_block_size, EVP_MD_CTX_get0_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, @@ -85,6 +86,8 @@ EVP_MD_CTX_type, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_md_data int EVP_MD_get_pkey_type(const EVP_MD *md); int EVP_MD_get_size(const EVP_MD *md); int EVP_MD_get_block_size(const EVP_MD *md); + int EVP_MD_get_security_category_collision(const EVP_MD *md); + int EVP_MD_get_security_category_preimage(const EVP_MD *md); unsigned long EVP_MD_get_flags(const EVP_MD *md); int EVP_MD_xof(const EVP_MD *md); @@ -441,6 +444,48 @@ Returns the update function for I. Returns the I flags. Note that these are different from the B ones. See L for more information. +=item EVP_MD_get_security_category_collision(), +EVP_MD_get_security_category_preimage() + +These functions return the +L +for the digest as defined by NIST. +EVP_MD_get_security_category_collision() returns the security category with respect +to the generation of two inputs that output an identical digest value. +EVP_MD_get_security_category_preimage() returns the security category with respect +to the generation of an input that outputs a specific digest value. +The post-quantum security category is an integer value from 0 to 5 that +is based on an algorithm's classification on the range of security strengths +offered by the existing standards in symmetric cryptography: + +=begin text + + Security Attack + Category Type + ============================================================== + 0 Weak + 1 Key search on a block cipher with a 128-bit key + 2 Collision search on a 256-bit hash function + 3 Key search on a block cipher with a 192-bit key + 4 Collision search on a 384-bit hash function + 5 Key search on a block cipher with a 256-bit key + +=end text + +=begin html + + +> + + + + + + +
Security CategoryAttack Type
0Weak
1Key search on a block cipher with a 128-bit key
2Collision search on a 256-bit hash function
3Key search on a block cipher with a 192-bit key
4Collision search on a 384-bit hash function
5Key search on a block cipher with a 256-bit key
+ +=end html + =item EVP_MD_get_pkey_type() Returns the NID of the public key signing algorithm associated with this @@ -692,6 +737,13 @@ This function has no return value. Returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. +=item EVP_MD_get_security_category_collision(), +EVP_MD_get_security_category_preimage() + +Return the post-quantum security category which is an integer in the range +zero to five inclusive. They returns -1 if the security category information +isn't available. + =back =head1 NOTES @@ -862,9 +914,12 @@ to be aliases for EVP_MD_CTX_get_size_ex(), previously they were aliases for EVP_MD_get_size which returned a constant value. This is required for XOF digests since they do not have a fixed size. +The EVP_MD_get_security_category_collision() and +EVP_MD_get_security_category_preimage() functions were added in OpenSSL 3.6. + =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 2c42e3969e..fcd4d1171e 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -51,6 +51,7 @@ EVP_CIPHER_gettable_params, EVP_CIPHER_get_block_size, EVP_CIPHER_get_key_length, EVP_CIPHER_get_iv_length, +EVP_CIPHER_get_security_category, EVP_CIPHER_get_flags, EVP_CIPHER_get_mode, EVP_CIPHER_get_type, @@ -207,6 +208,7 @@ EVP_CIPHER_CTX_mode int EVP_CIPHER_get_block_size(const EVP_CIPHER *e); int EVP_CIPHER_get_key_length(const EVP_CIPHER *e); int EVP_CIPHER_get_iv_length(const EVP_CIPHER *e); + int EVP_CIPHER_get_security_category(const EVP_CIPHER *e); unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *e); unsigned long EVP_CIPHER_get_mode(const EVP_CIPHER *e); int EVP_CIPHER_get_type(const EVP_CIPHER *cipher); @@ -613,6 +615,43 @@ the cipher has not yet been initialized within the B, or if the passed cipher is NULL. The constant B is the maximum IV length for all ciphers. +=item EVP_CIPHER_get_security_category() + +EVP_CIPHER_get_security_category() returns the +L +as defined by NIST. +The post-quantum security category is an integer value from 0 to 5 that +is based on an algorithm's classification on the range of security strengths +offered by the existing standards in symmetric cryptography: + +=begin text + + Security Attack + Category Type + ============================================================== + 0 Weak + 1 Key search on a block cipher with a 128-bit key + 2 Collision search on a 256-bit hash function + 3 Key search on a block cipher with a 192-bit key + 4 Collision search on a 384-bit hash function + 5 Key search on a block cipher with a 256-bit key + +=end text + +=begin html + + +> + + + + + + +
Security CategoryAttack Type
0Weak
1Key search on a block cipher with a 128-bit key
2Collision search on a 256-bit hash function
3Key search on a block cipher with a 192-bit key
4Collision search on a 384-bit hash function
5Key search on a block cipher with a 256-bit key
+ +=end html + =item EVP_CIPHER_CTX_get_tag_length() Returns the tag length of an AEAD cipher when passed a B. It will @@ -766,6 +805,13 @@ Use EVP_CIPHER_get_key_length() to retrieve the cached value. Gets the IV length for the associated cipher algorithm I. Use EVP_CIPHER_get_iv_length() to retrieve the cached value. +=item "security-category" (B) + +The value is the NIST +L +for the associated cipher algorithm. +It is an integer value in the range [0, 5] inclusive. + =item "blocksize" (B) Gets the block size for the associated cipher algorithm I. @@ -1429,6 +1475,10 @@ EVP_CIPHER_CTX_set_padding() always returns 1. EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() return the IV length, zero if the cipher does not use an IV and a negative value on error. +EVP_CIPHER_get_security_category() returns the post-quantum security category +which is an integer in the range zero to five inclusive. It returns -1 if +the security category information isn't available. + EVP_CIPHER_CTX_get_tag_length() return the tag length or zero if the cipher does not use a tag. @@ -1958,6 +2008,8 @@ Prior to OpenSSL 3.5, passing a NULL I to B would result in a NULL pointer dereference, rather than a 0 return value indicating an error. +EVP_CIPHER_get_security_category() was added in OpenSSL 3.6. + =head1 COPYRIGHT Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod index bb0b73bb6c..fd7bded8bc 100644 --- a/doc/man7/provider-digest.pod +++ b/doc/man7/provider-digest.pod @@ -197,6 +197,24 @@ The length of the "blocksize" parameter should not exceed that of a B. The digest output size. The length of the "size" parameter should not exceed that of a B. +=item "collision-security-category" (B) + +The value is the NIST +L +for the algorithm. +The digest collision security category represents the difficulty of producing two +different inputs that result in an identical digested output. +It is an integer value in the range [0, 5] inclusive. + +=item "preimage-security-category" (B) + +The value is the NIST +L +for the algorithm. +The digest collision security category represents the difficulty of producing an +inputs that results in a specific digested output. +It is an integer value in the range [0, 5] inclusive. + =item "flags" (B) Diverse flags that describe exceptional behaviour for the digest: diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 8623b48763..f70afa1b79 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -253,6 +253,37 @@ struct evp_kdf_st { #define EVP_ORIG_GLOBAL 1 #define EVP_ORIG_METH 2 +/* Security categories for SHA algorithms */ +# define SHA1_COLLISION_CATEGORY 0 +# define SHA256_192_COLLISION_CATEGORY 0 +# define SHA224_COLLISION_CATEGORY 0 +# define SHA256_COLLISION_CATEGORY 2 +# define SHA384_COLLISION_CATEGORY 4 +# define SHA512_COLLISION_CATEGORY 5 +# define SHA3_224_COLLISION_CATEGORY 0 +# define SHA3_256_COLLISION_CATEGORY 2 +# define SHA3_384_COLLISION_CATEGORY 4 +# define SHA3_512_COLLISION_CATEGORY 5 +# define SHAKE128_COLLISION_CATEGORY 2 +# define SHAKE256_COLLISION_CATEGORY 5 +# define KMAC128_COLLISION_CATEGORY 2 +# define KMAC256_COLLISION_CATEGORY 5 + +# define SHA1_PREIMAGE_CATEGORY 1 +# define SHA256_192_PREIMAGE_CATEGORY 1 +# define SHA224_PREIMAGE_CATEGORY 3 +# define SHA256_PREIMAGE_CATEGORY 5 +# define SHA384_PREIMAGE_CATEGORY 5 +# define SHA512_PREIMAGE_CATEGORY 5 +# define SHA3_224_PREIMAGE_CATEGORY 3 +# define SHA3_256_PREIMAGE_CATEGORY 5 +# define SHA3_384_PREIMAGE_CATEGORY 5 +# define SHA3_512_PREIMAGE_CATEGORY 5 +# define SHAKE128_PREIMAGE_CATEGORY 2 +# define SHAKE256_PREIMAGE_CATEGORY 5 +# define KMAC128_PREIMAGE_CATEGORY 2 +# define KMAC256_PREIMAGE_CATEGORY 5 + struct evp_md_st { /* nid */ int type; @@ -260,6 +291,8 @@ struct evp_md_st { /* Legacy structure members */ int pkey_type; int md_size; + int security_category_collision; + int security_category_preimage; unsigned long flags; int origin; int (*init) (EVP_MD_CTX *ctx); @@ -304,6 +337,7 @@ struct evp_cipher_st { /* Default value for variable length ciphers */ int key_len; int iv_len; + int security_category; /* Legacy structure members */ /* Various flags */ @@ -445,10 +479,10 @@ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) #define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ - key_len, iv_len, flags, init_key, cleanup, \ + key_len, iv_len, seccat, flags, init_key, cleanup, \ set_asn1, get_asn1, ctrl) \ static const EVP_CIPHER cname##_##mode = { \ - nid##_##nmode, block_size, key_len, iv_len, \ + nid##_##nmode, block_size, key_len, iv_len, seccat, \ flags | EVP_CIPH_##MODE##_MODE, \ EVP_ORIG_GLOBAL, \ init_key, \ @@ -462,41 +496,43 @@ static const EVP_CIPHER cname##_##mode = { \ const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } #define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) \ + iv_len, seccat, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ - iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + iv_len, seccat, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ - iv_len, cbits, flags, init_key, cleanup, \ + iv_len, cbits, seccat, flags, init_key, cleanup, \ set_asn1, get_asn1, ctrl) \ BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ - key_len, iv_len, flags, init_key, cleanup, set_asn1, \ + key_len, iv_len, seccat, flags, init_key, cleanup, set_asn1, \ get_asn1, ctrl) #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ - iv_len, cbits, flags, init_key, cleanup, \ + iv_len, cbits, seccat, flags, init_key, cleanup, \ set_asn1, get_asn1, ctrl) \ BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ - key_len, iv_len, flags, init_key, cleanup, set_asn1, \ + key_len, iv_len, seccat, flags, init_key, cleanup, set_asn1, \ get_asn1, ctrl) #define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ - flags, init_key, cleanup, set_asn1, \ + seccat, flags, init_key, cleanup, set_asn1, \ get_asn1, ctrl) \ BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ - 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + 0, seccat, flags, init_key, cleanup, set_asn1, get_asn1, \ + ctrl) #define BLOCK_CIPHER_defs(cname, kstruct, \ - nid, block_size, key_len, iv_len, cbits, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ + nid, block_size, key_len, iv_len, cbits, seccat, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, seccat, \ flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ +BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, seccat, \ flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ +BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, seccat, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, seccat, flags, \ init_key, cleanup, set_asn1, get_asn1, ctrl) /*- @@ -563,18 +599,18 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } #define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ block_size, key_len, iv_len, cbits, \ - flags, init_key, \ + seccat, flags, init_key, \ cleanup, set_asn1, get_asn1, ctrl) \ BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ - cbits, flags, init_key, cleanup, set_asn1, \ + cbits, seccat, flags, init_key, cleanup, set_asn1, \ get_asn1, ctrl) -#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ +#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,seccat,fl) \ BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ - (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ + seccat, (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ cipher##_init_key, NULL, NULL, NULL, NULL) typedef struct { diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 1603b450ff..ff561e91e7 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -578,6 +578,8 @@ int EVP_MD_get_size(const EVP_MD *md); # define EVP_MD_size EVP_MD_get_size int EVP_MD_get_block_size(const EVP_MD *md); # define EVP_MD_block_size EVP_MD_get_block_size +int EVP_MD_get_security_category_collision(const EVP_MD *md); +int EVP_MD_get_security_category_preimage(const EVP_MD *md); unsigned long EVP_MD_get_flags(const EVP_MD *md); # define EVP_MD_flags EVP_MD_get_flags int EVP_MD_xof(const EVP_MD *md); @@ -630,6 +632,7 @@ int EVP_CIPHER_get_key_length(const EVP_CIPHER *cipher); # define EVP_CIPHER_key_length EVP_CIPHER_get_key_length int EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher); # define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length +int EVP_CIPHER_get_security_category(const EVP_CIPHER *cipher); unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher); # define EVP_CIPHER_flags EVP_CIPHER_get_flags int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher); diff --git a/providers/implementations/ciphers/cipher_aes.c b/providers/implementations/ciphers/cipher_aes.c index 4063b1696f..9e026535b1 100644 --- a/providers/implementations/ciphers/cipher_aes.c +++ b/providers/implementations/ciphers/cipher_aes.c @@ -49,46 +49,46 @@ static void *aes_dupctx(void *ctx) } /* ossl_aes256ecb_functions */ -IMPLEMENT_generic_cipher(aes, AES, ecb, ECB, 0, 256, 128, 0, block) +IMPLEMENT_generic_cipher(aes, AES, ecb, ECB, 0, 256, 128, 0, 5, block) /* ossl_aes192ecb_functions */ -IMPLEMENT_generic_cipher(aes, AES, ecb, ECB, 0, 192, 128, 0, block) +IMPLEMENT_generic_cipher(aes, AES, ecb, ECB, 0, 192, 128, 0, 3, block) /* ossl_aes128ecb_functions */ -IMPLEMENT_generic_cipher(aes, AES, ecb, ECB, 0, 128, 128, 0, block) +IMPLEMENT_generic_cipher(aes, AES, ecb, ECB, 0, 128, 128, 0, 1, block) /* ossl_aes256cbc_functions */ -IMPLEMENT_generic_cipher(aes, AES, cbc, CBC, 0, 256, 128, 128, block) +IMPLEMENT_generic_cipher(aes, AES, cbc, CBC, 0, 256, 128, 128, 5, block) /* ossl_aes192cbc_functions */ -IMPLEMENT_generic_cipher(aes, AES, cbc, CBC, 0, 192, 128, 128, block) +IMPLEMENT_generic_cipher(aes, AES, cbc, CBC, 0, 192, 128, 128, 3, block) /* ossl_aes128cbc_functions */ -IMPLEMENT_generic_cipher(aes, AES, cbc, CBC, 0, 128, 128, 128, block) +IMPLEMENT_generic_cipher(aes, AES, cbc, CBC, 0, 128, 128, 128, 1, block) /* ossl_aes256ofb_functions */ -IMPLEMENT_generic_cipher(aes, AES, ofb, OFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, ofb, OFB, 0, 256, 8, 128, 5, stream) /* ossl_aes192ofb_functions */ -IMPLEMENT_generic_cipher(aes, AES, ofb, OFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, ofb, OFB, 0, 192, 8, 128, 3, stream) /* ossl_aes128ofb_functions */ -IMPLEMENT_generic_cipher(aes, AES, ofb, OFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, ofb, OFB, 0, 128, 8, 128, 1, stream) /* ossl_aes256cfb_functions */ -IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 256, 8, 128, 5, stream) /* ossl_aes192cfb_functions */ -IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 192, 8, 128, 3, stream) /* ossl_aes128cfb_functions */ -IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, cfb, CFB, 0, 128, 8, 128, 1, stream) /* ossl_aes256cfb1_functions */ -IMPLEMENT_generic_cipher(aes, AES, cfb1, CFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, cfb1, CFB, 0, 256, 8, 128, 5, stream) /* ossl_aes192cfb1_functions */ -IMPLEMENT_generic_cipher(aes, AES, cfb1, CFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, cfb1, CFB, 0, 192, 8, 128, 3, stream) /* ossl_aes128cfb1_functions */ -IMPLEMENT_generic_cipher(aes, AES, cfb1, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, cfb1, CFB, 0, 128, 8, 128, 1, stream) /* ossl_aes256cfb8_functions */ -IMPLEMENT_generic_cipher(aes, AES, cfb8, CFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, cfb8, CFB, 0, 256, 8, 128, 5, stream) /* ossl_aes192cfb8_functions */ -IMPLEMENT_generic_cipher(aes, AES, cfb8, CFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, cfb8, CFB, 0, 192, 8, 128, 3, stream) /* ossl_aes128cfb8_functions */ -IMPLEMENT_generic_cipher(aes, AES, cfb8, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, cfb8, CFB, 0, 128, 8, 128, 1, stream) /* ossl_aes256ctr_functions */ -IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 256, 8, 128, 5, stream) /* ossl_aes192ctr_functions */ -IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 192, 8, 128, 3, stream) /* ossl_aes128ctr_functions */ -IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 128, 8, 128, 1, stream) #include "cipher_aes_cts.inc" diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c index 5a4789adf9..21a2f765fd 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -20,13 +20,14 @@ #include #include #include "cipher_aes_cbc_hmac_sha.h" +#include "crypto/evp.h" #include "prov/implementations.h" #include "prov/providercommon.h" #ifndef AES_CBC_HMAC_SHA_CAPABLE -# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \ +# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, seccat, flags) \ const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \ - OSSL_DISPATCH_END \ + OSSL_DISPATCH_END \ }; #else @@ -392,7 +393,7 @@ static void aes_cbc_hmac_sha256_freectx(void *vctx) } } -# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \ +# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, seccat, flags) \ static OSSL_FUNC_cipher_newctx_fn nm##_##kbits##_##sub##_newctx; \ static void *nm##_##kbits##_##sub##_newctx(void *provctx) \ { \ @@ -402,7 +403,8 @@ static OSSL_FUNC_cipher_get_params_fn nm##_##kbits##_##sub##_get_params; \ static int nm##_##kbits##_##sub##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_CBC_MODE, \ - flags, kbits, blkbits, ivbits); \ + flags, kbits, blkbits, ivbits, \ + seccat); \ } \ const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \ { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))nm##_##kbits##_##sub##_newctx },\ @@ -430,11 +432,24 @@ const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \ #endif /* AES_CBC_HMAC_SHA_CAPABLE */ +/* + * Note about security categories. + * + * The security category of the combined algorithms will be the lower of + * the category for the cipher and the HMAC. NIST has not defined security + * categories for HMACs at this stage but it seems reasonable to equate + * these to the pre-image security category of the underlying digest. + */ +#define SC_SHA1(c) \ + ((c) < SHA1_PREIMAGE_CATEGORY ? (c) : SHA1_PREIMAGE_CATEGORY) +#define SC_SHA256(c)\ + ((c) < SHA256_PREIMAGE_CATEGORY ? (c) : SHA256_PREIMAGE_CATEGORY) + /* ossl_aes128cbc_hmac_sha1_functions */ -IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 128, 128, 128, AES_CBC_HMAC_SHA_FLAGS) +IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 128, 128, 128, SC_SHA1(1), AES_CBC_HMAC_SHA_FLAGS) /* ossl_aes256cbc_hmac_sha1_functions */ -IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 256, 128, 128, AES_CBC_HMAC_SHA_FLAGS) +IMPLEMENT_CIPHER(aes, cbc_hmac_sha1, 256, 128, 128, SC_SHA1(5), AES_CBC_HMAC_SHA_FLAGS) /* ossl_aes128cbc_hmac_sha256_functions */ -IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 128, 128, 128, AES_CBC_HMAC_SHA_FLAGS) +IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 128, 128, 128, SC_SHA256(1), AES_CBC_HMAC_SHA_FLAGS) /* ossl_aes256cbc_hmac_sha256_functions */ -IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 256, 128, 128, AES_CBC_HMAC_SHA_FLAGS) +IMPLEMENT_CIPHER(aes, cbc_hmac_sha256, 256, 128, 128, SC_SHA256(5), AES_CBC_HMAC_SHA_FLAGS) diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha_etm.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha_etm.c index 180cc10783..7478728578 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha_etm.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha_etm.c @@ -9,12 +9,13 @@ #include "internal/deprecated.h" #include "cipher_aes_cbc_hmac_sha_etm.h" +#include "crypto/evp.h" #include "prov/providercommon.h" #include "prov/ciphercommon_aead.h" #include "prov/implementations.h" #ifndef AES_CBC_HMAC_SHA_ETM_CAPABLE -# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \ +# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, seccat, flags) \ const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \ OSSL_DISPATCH_END \ }; @@ -296,7 +297,7 @@ static void *aes_cbc_hmac_sha512_etm_dupctx(void *provctx) return OPENSSL_memdup(ctx, sizeof(*ctx)); } -# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \ +# define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, seccat, flags) \ static OSSL_FUNC_cipher_newctx_fn nm##_##kbits##_##sub##_newctx; \ static void *nm##_##kbits##_##sub##_newctx(void *provctx) \ { \ @@ -306,7 +307,8 @@ static OSSL_FUNC_cipher_get_params_fn nm##_##kbits##_##sub##_get_params; \ static int nm##_##kbits##_##sub##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_CBC_MODE, \ - flags, kbits, blkbits, ivbits); \ + flags, kbits, blkbits, ivbits, \ + seccat); \ } \ const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \ { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))nm##_##kbits##_##sub##_newctx },\ @@ -333,21 +335,36 @@ const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \ }; #endif /* AES_CBC_HMAC_SHA_ETM_CAPABLE */ +/* + * Note about security categories. + * + * The security category of the combined algorithms will be the lower of + * the category for the cipher and the HMAC. NIST has not defined security + * categories for HMACs at this stage but it seems reasonable to equate + * these to the pre-image security category of the underlying digest. + */ +#define SC_SHA1(c) \ + ((c) < SHA1_PREIMAGE_CATEGORY ? (c) : SHA1_PREIMAGE_CATEGORY) +#define SC_SHA256(c)\ + ((c) < SHA256_PREIMAGE_CATEGORY ? (c) : SHA256_PREIMAGE_CATEGORY) +#define SC_SHA512(c)\ + ((c) < SHA512_PREIMAGE_CATEGORY ? (c) : SHA512_PREIMAGE_CATEGORY) + /* ossl_aes128cbc_hmac_sha1_etm_functions */ -IMPLEMENT_CIPHER(aes, cbc_hmac_sha1_etm, 128, 128, 128, EVP_CIPH_FLAG_ENC_THEN_MAC) +IMPLEMENT_CIPHER(aes, cbc_hmac_sha1_etm, 128, 128, 128, SC_SHA1(1), EVP_CIPH_FLAG_ENC_THEN_MAC) /* ossl_aes192cbc_hmac_sha1_etm_functions */ -IMPLEMENT_CIPHER(aes, cbc_hmac_sha1_etm, 192, 128, 128, EVP_CIPH_FLAG_ENC_THEN_MAC) +IMPLEMENT_CIPHER(aes, cbc_hmac_sha1_etm, 192, 128, 128, SC_SHA1(3), EVP_CIPH_FLAG_ENC_THEN_MAC) /* ossl_aes256cbc_hmac_sha1_etm_functions */ -IMPLEMENT_CIPHER(aes, cbc_hmac_sha1_etm, 256, 128, 128, EVP_CIPH_FLAG_ENC_THEN_MAC) +IMPLEMENT_CIPHER(aes, cbc_hmac_sha1_etm, 256, 128, 128, SC_SHA1(5), EVP_CIPH_FLAG_ENC_THEN_MAC) /* ossl_aes128cbc_hmac_sha256_etm_functions */ -IMPLEMENT_CIPHER(aes, cbc_hmac_sha256_etm, 128, 128, 128, EVP_CIPH_FLAG_ENC_THEN_MAC) +IMPLEMENT_CIPHER(aes, cbc_hmac_sha256_etm, 128, 128, 128, SC_SHA256(1), EVP_CIPH_FLAG_ENC_THEN_MAC) /* ossl_aes192cbc_hmac_sha256_etm_functions */ -IMPLEMENT_CIPHER(aes, cbc_hmac_sha256_etm, 192, 128, 128, EVP_CIPH_FLAG_ENC_THEN_MAC) +IMPLEMENT_CIPHER(aes, cbc_hmac_sha256_etm, 192, 128, 128, SC_SHA256(3), EVP_CIPH_FLAG_ENC_THEN_MAC) /* ossl_aes256cbc_hmac_sha256_etm_functions */ -IMPLEMENT_CIPHER(aes, cbc_hmac_sha256_etm, 256, 128, 128, EVP_CIPH_FLAG_ENC_THEN_MAC) +IMPLEMENT_CIPHER(aes, cbc_hmac_sha256_etm, 256, 128, 128, SC_SHA256(5), EVP_CIPH_FLAG_ENC_THEN_MAC) /* ossl_aes128cbc_hmac_sha512_etm_functions */ -IMPLEMENT_CIPHER(aes, cbc_hmac_sha512_etm, 128, 128, 128, EVP_CIPH_FLAG_ENC_THEN_MAC) +IMPLEMENT_CIPHER(aes, cbc_hmac_sha512_etm, 128, 128, 128, SC_SHA512(1), EVP_CIPH_FLAG_ENC_THEN_MAC) /* ossl_aes192cbc_hmac_sha512_etm_functions */ -IMPLEMENT_CIPHER(aes, cbc_hmac_sha512_etm, 192, 128, 128, EVP_CIPH_FLAG_ENC_THEN_MAC) +IMPLEMENT_CIPHER(aes, cbc_hmac_sha512_etm, 192, 128, 128, SC_SHA512(3), EVP_CIPH_FLAG_ENC_THEN_MAC) /* ossl_aes256cbc_hmac_sha512_etm_functions */ -IMPLEMENT_CIPHER(aes, cbc_hmac_sha512_etm, 256, 128, 128, EVP_CIPH_FLAG_ENC_THEN_MAC) +IMPLEMENT_CIPHER(aes, cbc_hmac_sha512_etm, 256, 128, 128, SC_SHA512(5), EVP_CIPH_FLAG_ENC_THEN_MAC) diff --git a/providers/implementations/ciphers/cipher_aes_ccm.c b/providers/implementations/ciphers/cipher_aes_ccm.c index e36ac03e61..2365907905 100644 --- a/providers/implementations/ciphers/cipher_aes_ccm.c +++ b/providers/implementations/ciphers/cipher_aes_ccm.c @@ -65,8 +65,8 @@ static void aes_ccm_freectx(void *vctx) } /* ossl_aes128ccm_functions */ -IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 128, 8, 96); +IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 128, 8, 96, 1); /* ossl_aes192ccm_functions */ -IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 192, 8, 96); +IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 192, 8, 96, 3); /* ossl_aes256ccm_functions */ -IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 256, 8, 96); +IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 256, 8, 96, 5); diff --git a/providers/implementations/ciphers/cipher_aes_cts.inc b/providers/implementations/ciphers/cipher_aes_cts.inc index 1fb5ec3553..58975a9de3 100644 --- a/providers/implementations/ciphers/cipher_aes_cts.inc +++ b/providers/implementations/ciphers/cipher_aes_cts.inc @@ -87,8 +87,8 @@ err: } /* ossl_aes256cbc_cts_functions */ -IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 256, 128, 128, block) +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 256, 128, 128, 5, block) /* ossl_aes192cbc_cts_functions */ -IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 192, 128, 128, block) +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 192, 128, 128, 3, block) /* ossl_aes128cbc_cts_functions */ -IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 128, 128, 128, block) +IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 128, 128, 128, 1, block) diff --git a/providers/implementations/ciphers/cipher_aes_gcm.c b/providers/implementations/ciphers/cipher_aes_gcm.c index c14c1e32fe..0f3ee8841a 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm.c +++ b/providers/implementations/ciphers/cipher_aes_gcm.c @@ -61,8 +61,8 @@ static void aes_gcm_freectx(void *vctx) } /* ossl_aes128gcm_functions */ -IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_FLAGS, 128, 8, 96); +IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_FLAGS, 128, 8, 96, 1); /* ossl_aes192gcm_functions */ -IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_FLAGS, 192, 8, 96); +IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_FLAGS, 192, 8, 96, 3); /* ossl_aes256gcm_functions */ -IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_FLAGS, 256, 8, 96); +IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_FLAGS, 256, 8, 96, 5); diff --git a/providers/implementations/ciphers/cipher_aes_gcm_siv.c b/providers/implementations/ciphers/cipher_aes_gcm_siv.c index c9afeddef6..46a49f170d 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm_siv.c +++ b/providers/implementations/ciphers/cipher_aes_gcm_siv.c @@ -270,7 +270,7 @@ static const OSSL_PARAM *ossl_aes_gcm_siv_settable_ctx_params(ossl_unused void * return aes_gcm_siv_known_settable_ctx_params; } -#define IMPLEMENT_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \ +#define IMPLEMENT_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits, seccat) \ static OSSL_FUNC_cipher_newctx_fn ossl_##alg##kbits##_##lc##_newctx; \ static OSSL_FUNC_cipher_freectx_fn ossl_##alg##_##lc##_freectx; \ static OSSL_FUNC_cipher_dupctx_fn ossl_##alg##_##lc##_dupctx; \ @@ -287,9 +287,9 @@ static OSSL_FUNC_cipher_settable_ctx_params_fn ossl_##alg##_##lc##_settable_ctx_ static int ossl_##alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ + flags, kbits, blkbits, ivbits, seccat); \ } \ -static void *ossl_##alg##kbits##_##lc##_newctx(void *provctx) \ +static void *ossl_##alg##kbits##_##lc##_newctx(void *provctx) \ { \ return ossl_##alg##_##lc##_newctx(provctx, kbits); \ } \ @@ -311,6 +311,6 @@ const OSSL_DISPATCH ossl_##alg##kbits##lc##_functions[] = { OSSL_DISPATCH_END \ } -IMPLEMENT_cipher(aes, gcm_siv, GCM_SIV, AEAD_FLAGS, 128, 8, 96); -IMPLEMENT_cipher(aes, gcm_siv, GCM_SIV, AEAD_FLAGS, 192, 8, 96); -IMPLEMENT_cipher(aes, gcm_siv, GCM_SIV, AEAD_FLAGS, 256, 8, 96); +IMPLEMENT_cipher(aes, gcm_siv, GCM_SIV, AEAD_FLAGS, 128, 8, 96, 1); +IMPLEMENT_cipher(aes, gcm_siv, GCM_SIV, AEAD_FLAGS, 192, 8, 96, 3); +IMPLEMENT_cipher(aes, gcm_siv, GCM_SIV, AEAD_FLAGS, 256, 8, 96, 5); diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c index 5cb67fef67..bc84616e05 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb.c +++ b/providers/implementations/ciphers/cipher_aes_ocb.c @@ -523,12 +523,13 @@ static int aes_ocb_cipher(void *vctx, unsigned char *out, size_t *outl, return 1; } -#define IMPLEMENT_cipher(mode, UCMODE, flags, kbits, blkbits, ivbits) \ +#define IMPLEMENT_cipher(mode, UCMODE, flags, kbits, blkbits, ivbits, seccat) \ static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##mode##_get_params; \ static int aes_##kbits##_##mode##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ + flags, kbits, blkbits, ivbits, \ + seccat); \ } \ static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_##mode##_newctx; \ static void *aes_##kbits##_##mode##_newctx(void *provctx) \ @@ -561,6 +562,6 @@ const OSSL_DISPATCH ossl_##aes##kbits##mode##_functions[] = { \ OSSL_DISPATCH_END \ } -IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 256, 128, OCB_DEFAULT_IV_LEN * 8); -IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 192, 128, OCB_DEFAULT_IV_LEN * 8); -IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 128, 128, OCB_DEFAULT_IV_LEN * 8); +IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 256, 128, OCB_DEFAULT_IV_LEN * 8, 5); +IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 192, 128, OCB_DEFAULT_IV_LEN * 8, 3); +IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 128, 128, OCB_DEFAULT_IV_LEN * 8, 1); diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c index ccac2bbe96..2191d6f194 100644 --- a/providers/implementations/ciphers/cipher_aes_siv.c +++ b/providers/implementations/ciphers/cipher_aes_siv.c @@ -241,7 +241,7 @@ static const OSSL_PARAM *aes_siv_settable_ctx_params(ossl_unused void *cctx, return aes_siv_known_settable_ctx_params; } -#define IMPLEMENT_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \ +#define IMPLEMENT_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits, seccat) \ static OSSL_FUNC_cipher_newctx_fn alg##kbits##lc##_newctx; \ static OSSL_FUNC_cipher_freectx_fn alg##_##lc##_freectx; \ static OSSL_FUNC_cipher_dupctx_fn lc##_dupctx; \ @@ -260,7 +260,8 @@ static OSSL_FUNC_cipher_settable_ctx_params_fn \ static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, 2*kbits, blkbits, ivbits); \ + flags, 2*kbits, blkbits, ivbits, \ + seccat); \ } \ static void *alg##kbits##lc##_newctx(void *provctx) \ { \ @@ -291,6 +292,6 @@ const OSSL_DISPATCH ossl_##alg##kbits##lc##_functions[] = { \ OSSL_DISPATCH_END \ }; -IMPLEMENT_cipher(aes, siv, SIV, SIV_FLAGS, 128, 8, 0) -IMPLEMENT_cipher(aes, siv, SIV, SIV_FLAGS, 192, 8, 0) -IMPLEMENT_cipher(aes, siv, SIV, SIV_FLAGS, 256, 8, 0) +IMPLEMENT_cipher(aes, siv, SIV, SIV_FLAGS, 128, 8, 0, 1) +IMPLEMENT_cipher(aes, siv, SIV, SIV_FLAGS, 192, 8, 0, 3) +IMPLEMENT_cipher(aes, siv, SIV, SIV_FLAGS, 256, 8, 0, 5) diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c index ea0ac5e85f..d69b60fe17 100644 --- a/providers/implementations/ciphers/cipher_aes_wrp.c +++ b/providers/implementations/ciphers/cipher_aes_wrp.c @@ -283,12 +283,13 @@ static int aes_wrap_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 1; } -#define IMPLEMENT_cipher(mode, fname, UCMODE, flags, kbits, blkbits, ivbits) \ +#define IMPLEMENT_cipher(mode, fname, UCMODE, flags, kbits, blkbits, ivbits, seccat) \ static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##fname##_get_params; \ static int aes_##kbits##_##fname##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE,\ - flags, kbits, blkbits, ivbits); \ + flags, kbits, blkbits, ivbits, \ + seccat); \ } \ static OSSL_FUNC_cipher_newctx_fn aes_##kbits##fname##_newctx; \ static void *aes_##kbits##fname##_newctx(void *provctx) \ @@ -320,16 +321,16 @@ static int aes_wrap_set_ctx_params(void *vctx, const OSSL_PARAM params[]) OSSL_DISPATCH_END \ } -IMPLEMENT_cipher(wrap, wrap, WRAP, WRAP_FLAGS, 256, 64, AES_WRAP_NOPAD_IVLEN * 8); -IMPLEMENT_cipher(wrap, wrap, WRAP, WRAP_FLAGS, 192, 64, AES_WRAP_NOPAD_IVLEN * 8); -IMPLEMENT_cipher(wrap, wrap, WRAP, WRAP_FLAGS, 128, 64, AES_WRAP_NOPAD_IVLEN * 8); -IMPLEMENT_cipher(wrap, wrappad, WRAP, WRAP_FLAGS, 256, 64, AES_WRAP_PAD_IVLEN * 8); -IMPLEMENT_cipher(wrap, wrappad, WRAP, WRAP_FLAGS, 192, 64, AES_WRAP_PAD_IVLEN * 8); -IMPLEMENT_cipher(wrap, wrappad, WRAP, WRAP_FLAGS, 128, 64, AES_WRAP_PAD_IVLEN * 8); +IMPLEMENT_cipher(wrap, wrap, WRAP, WRAP_FLAGS, 256, 64, AES_WRAP_NOPAD_IVLEN * 8, 5); +IMPLEMENT_cipher(wrap, wrap, WRAP, WRAP_FLAGS, 192, 64, AES_WRAP_NOPAD_IVLEN * 8, 3); +IMPLEMENT_cipher(wrap, wrap, WRAP, WRAP_FLAGS, 128, 64, AES_WRAP_NOPAD_IVLEN * 8, 1); +IMPLEMENT_cipher(wrap, wrappad, WRAP, WRAP_FLAGS, 256, 64, AES_WRAP_PAD_IVLEN * 8, 5); +IMPLEMENT_cipher(wrap, wrappad, WRAP, WRAP_FLAGS, 192, 64, AES_WRAP_PAD_IVLEN * 8, 3); +IMPLEMENT_cipher(wrap, wrappad, WRAP, WRAP_FLAGS, 128, 64, AES_WRAP_PAD_IVLEN * 8, 1); -IMPLEMENT_cipher(wrap, wrapinv, WRAP, WRAP_FLAGS_INV, 256, 64, AES_WRAP_NOPAD_IVLEN * 8); -IMPLEMENT_cipher(wrap, wrapinv, WRAP, WRAP_FLAGS_INV, 192, 64, AES_WRAP_NOPAD_IVLEN * 8); -IMPLEMENT_cipher(wrap, wrapinv, WRAP, WRAP_FLAGS_INV, 128, 64, AES_WRAP_NOPAD_IVLEN * 8); -IMPLEMENT_cipher(wrap, wrappadinv, WRAP, WRAP_FLAGS_INV, 256, 64, AES_WRAP_PAD_IVLEN * 8); -IMPLEMENT_cipher(wrap, wrappadinv, WRAP, WRAP_FLAGS_INV, 192, 64, AES_WRAP_PAD_IVLEN * 8); -IMPLEMENT_cipher(wrap, wrappadinv, WRAP, WRAP_FLAGS_INV, 128, 64, AES_WRAP_PAD_IVLEN * 8); +IMPLEMENT_cipher(wrap, wrapinv, WRAP, WRAP_FLAGS_INV, 256, 64, AES_WRAP_NOPAD_IVLEN * 8, 5); +IMPLEMENT_cipher(wrap, wrapinv, WRAP, WRAP_FLAGS_INV, 192, 64, AES_WRAP_NOPAD_IVLEN * 8, 3); +IMPLEMENT_cipher(wrap, wrapinv, WRAP, WRAP_FLAGS_INV, 128, 64, AES_WRAP_NOPAD_IVLEN * 8, 1); +IMPLEMENT_cipher(wrap, wrappadinv, WRAP, WRAP_FLAGS_INV, 256, 64, AES_WRAP_PAD_IVLEN * 8, 5); +IMPLEMENT_cipher(wrap, wrappadinv, WRAP, WRAP_FLAGS_INV, 192, 64, AES_WRAP_PAD_IVLEN * 8, 3); +IMPLEMENT_cipher(wrap, wrappadinv, WRAP, WRAP_FLAGS_INV, 128, 64, AES_WRAP_PAD_IVLEN * 8, 1); diff --git a/providers/implementations/ciphers/cipher_aes_xts.c b/providers/implementations/ciphers/cipher_aes_xts.c index 1e0081da94..ba5572d628 100644 --- a/providers/implementations/ciphers/cipher_aes_xts.c +++ b/providers/implementations/ciphers/cipher_aes_xts.c @@ -276,13 +276,13 @@ static int aes_xts_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 1; } -#define IMPLEMENT_cipher(lcmode, UCMODE, kbits, flags) \ +#define IMPLEMENT_cipher(lcmode, UCMODE, kbits, seccat, flags) \ static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params; \ static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ flags, 2 * kbits, AES_XTS_BLOCK_BITS, \ - AES_XTS_IV_BITS); \ + AES_XTS_IV_BITS, seccat); \ } \ static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_xts_newctx; \ static void *aes_##kbits##_xts_newctx(void *provctx) \ @@ -314,5 +314,5 @@ const OSSL_DISPATCH ossl_aes##kbits##xts_functions[] = { \ OSSL_DISPATCH_END \ } -IMPLEMENT_cipher(xts, XTS, 256, AES_XTS_FLAGS); -IMPLEMENT_cipher(xts, XTS, 128, AES_XTS_FLAGS); +IMPLEMENT_cipher(xts, XTS, 256, 5, AES_XTS_FLAGS); +IMPLEMENT_cipher(xts, XTS, 128, 1, AES_XTS_FLAGS); diff --git a/providers/implementations/ciphers/cipher_aria.c b/providers/implementations/ciphers/cipher_aria.c index ce4938d44a..c197d01795 100644 --- a/providers/implementations/ciphers/cipher_aria.c +++ b/providers/implementations/ciphers/cipher_aria.c @@ -41,44 +41,44 @@ static void *aria_dupctx(void *ctx) } /* ossl_aria256ecb_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 256, 128, 0, block) +IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 256, 128, 0, 5, block) /* ossl_aria192ecb_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 192, 128, 0, block) +IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 192, 128, 0, 3, block) /* ossl_aria128ecb_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 128, 128, 0, block) +IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 128, 128, 0, 1, block) /* ossl_aria256cbc_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 256, 128, 128, block) +IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 256, 128, 128, 5, block) /* ossl_aria192cbc_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 192, 128, 128, block) +IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 192, 128, 128, 3, block) /* ossl_aria128cbc_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 128, 128, 128, block) +IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 128, 128, 128, 1, block) /* ossl_aria256ofb_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 256, 8, 128, 5, stream) /* ossl_aria192ofb_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 192, 8, 128, 3, stream) /* ossl_aria128ofb_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 128, 8, 128, 1, stream) /* ossl_aria256cfb_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 256, 8, 128, 5, stream) /* ossl_aria192cfb_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 192, 8, 128, 3, stream) /* ossl_aria128cfb_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, cfb, CFB, 0, 128, 8, 128, 1, stream) /* ossl_aria256cfb1_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 256, 8, 128, 5, stream) /* ossl_aria192cfb1_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 192, 8, 128, 3, stream) /* ossl_aria128cfb1_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 128, 8, 128, 1, stream) /* ossl_aria256cfb8_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 256, 8, 128, 5, stream) /* ossl_aria192cfb8_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 192, 8, 128, 3, stream) /* ossl_aria128cfb8_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 128, 8, 128, 1, stream) /* ossl_aria256ctr_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 256, 8, 128, 5, stream) /* ossl_aria192ctr_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 192, 8, 128, 3, stream) /* ossl_aria128ctr_functions */ -IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 128, 8, 128, 1, stream) diff --git a/providers/implementations/ciphers/cipher_aria_ccm.c b/providers/implementations/ciphers/cipher_aria_ccm.c index 0a0f52cdcc..9737414ad3 100644 --- a/providers/implementations/ciphers/cipher_aria_ccm.c +++ b/providers/implementations/ciphers/cipher_aria_ccm.c @@ -51,9 +51,9 @@ static void aria_ccm_freectx(void *vctx) } /* aria128ccm functions */ -IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 128, 8, 96); +IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 128, 8, 96, 1); /* aria192ccm functions */ -IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 192, 8, 96); +IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 192, 8, 96, 3); /* aria256ccm functions */ -IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 256, 8, 96); +IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 256, 8, 96, 5); diff --git a/providers/implementations/ciphers/cipher_aria_gcm.c b/providers/implementations/ciphers/cipher_aria_gcm.c index e794a80a00..044a88840c 100644 --- a/providers/implementations/ciphers/cipher_aria_gcm.c +++ b/providers/implementations/ciphers/cipher_aria_gcm.c @@ -51,9 +51,9 @@ static void aria_gcm_freectx(void *vctx) } /* ossl_aria128gcm_functions */ -IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 128, 8, 96); +IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 128, 8, 96, 1); /* ossl_aria192gcm_functions */ -IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 192, 8, 96); +IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 192, 8, 96, 3); /* ossl_aria256gcm_functions */ -IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 256, 8, 96); +IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 256, 8, 96, 5); diff --git a/providers/implementations/ciphers/cipher_blowfish.c b/providers/implementations/ciphers/cipher_blowfish.c index 9f17f1200d..b444d569dc 100644 --- a/providers/implementations/ciphers/cipher_blowfish.c +++ b/providers/implementations/ciphers/cipher_blowfish.c @@ -49,10 +49,10 @@ static void *blowfish_dupctx(void *ctx) } /* bf_ecb_functions */ -IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, ecb, ECB, BF_FLAGS, 128, 64, 0, block) +IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, ecb, ECB, BF_FLAGS, 128, 64, 0, 0, block) /* bf_cbc_functions */ -IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, cbc, CBC, BF_FLAGS, 128, 64, 64, block) +IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, cbc, CBC, BF_FLAGS, 128, 64, 64, 0, block) /* bf_ofb_functions */ -IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, ofb64, OFB, BF_FLAGS, 128, 8, 64, stream) +IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, ofb64, OFB, BF_FLAGS, 128, 8, 64, 0, stream) /* bf_cfb_functions */ -IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, cfb64, CFB, BF_FLAGS, 128, 8, 64, stream) +IMPLEMENT_var_keylen_cipher(blowfish, BLOWFISH, cfb64, CFB, BF_FLAGS, 128, 8, 64, 0, stream) diff --git a/providers/implementations/ciphers/cipher_camellia.c b/providers/implementations/ciphers/cipher_camellia.c index c550af3f83..597e4f164d 100644 --- a/providers/implementations/ciphers/cipher_camellia.c +++ b/providers/implementations/ciphers/cipher_camellia.c @@ -47,46 +47,46 @@ static void *camellia_dupctx(void *ctx) } /* ossl_camellia256ecb_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 256, 128, 0, block) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 256, 128, 0, 5, block) /* ossl_camellia192ecb_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 192, 128, 0, block) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 192, 128, 0, 3, block) /* ossl_camellia128ecb_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 128, 128, 0, block) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 128, 128, 0, 1, block) /* ossl_camellia256cbc_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 256, 128, 128, block) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 256, 128, 128, 5, block) /* ossl_camellia192cbc_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 192, 128, 128, block) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 192, 128, 128, 3, block) /* ossl_camellia128cbc_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 128, 128, 128, block) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 128, 128, 128, 1, block) /* ossl_camellia256ofb_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 256, 8, 128, 5, stream) /* ossl_camellia192ofb_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 192, 8, 128, 3, stream) /* ossl_camellia128ofb_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 128, 8, 128, 1, stream) /* ossl_camellia256cfb_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 256, 8, 128, 5, stream) /* ossl_camellia192cfb_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 192, 8, 128, 3, stream) /* ossl_camellia128cfb_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb, CFB, 0, 128, 8, 128, 1, stream) /* ossl_camellia256cfb1_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 256, 8, 128, 5, stream) /* ossl_camellia192cfb1_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 192, 8, 128, 3, stream) /* ossl_camellia128cfb1_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 128, 8, 128, 1, stream) /* ossl_camellia256cfb8_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 256, 8, 128, 5, stream) /* ossl_camellia192cfb8_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 192, 8, 128, 3, stream) /* ossl_camellia128cfb8_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 128, 8, 128, 1, stream) /* ossl_camellia256ctr_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 256, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 256, 8, 128, 5, stream) /* ossl_camellia192ctr_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 192, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 192, 8, 128, 3, stream) /* ossl_camellia128ctr_functions */ -IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 128, 8, 128, 1, stream) #include "cipher_camellia_cts.inc" diff --git a/providers/implementations/ciphers/cipher_camellia_cts.inc b/providers/implementations/ciphers/cipher_camellia_cts.inc index 84ea992b8d..4a09921749 100644 --- a/providers/implementations/ciphers/cipher_camellia_cts.inc +++ b/providers/implementations/ciphers/cipher_camellia_cts.inc @@ -87,8 +87,8 @@ err: } /* ossl_camellia256cbc_cts_functions */ -IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 256, 128, 128, block) +IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 256, 128, 128, 5, block) /* ossl_camellia192cbc_cts_functions */ -IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 192, 128, 128, block) +IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 192, 128, 128, 3, block) /* ossl_camellia128cbc_cts_functions */ -IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 128, 128, 128, block) +IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 128, 128, 128, 1, block) diff --git a/providers/implementations/ciphers/cipher_cast5.c b/providers/implementations/ciphers/cipher_cast5.c index 84c88793b0..a6d903a7d0 100644 --- a/providers/implementations/ciphers/cipher_cast5.c +++ b/providers/implementations/ciphers/cipher_cast5.c @@ -50,10 +50,10 @@ static void *cast5_dupctx(void *ctx) } /* ossl_cast5128ecb_functions */ -IMPLEMENT_var_keylen_cipher(cast5, CAST, ecb, ECB, CAST5_FLAGS, 128, 64, 0, block) +IMPLEMENT_var_keylen_cipher(cast5, CAST, ecb, ECB, CAST5_FLAGS, 128, 64, 0, 0, block) /* ossl_cast5128cbc_functions */ -IMPLEMENT_var_keylen_cipher(cast5, CAST, cbc, CBC, CAST5_FLAGS, 128, 64, 64, block) +IMPLEMENT_var_keylen_cipher(cast5, CAST, cbc, CBC, CAST5_FLAGS, 128, 64, 64, 0, block) /* ossl_cast5128ofb64_functions */ -IMPLEMENT_var_keylen_cipher(cast5, CAST, ofb64, OFB, CAST5_FLAGS, 128, 8, 64, stream) +IMPLEMENT_var_keylen_cipher(cast5, CAST, ofb64, OFB, CAST5_FLAGS, 128, 8, 64, 0, stream) /* ossl_cast5128cfb64_functions */ -IMPLEMENT_var_keylen_cipher(cast5, CAST, cfb64, CFB, CAST5_FLAGS, 128, 8, 64, stream) +IMPLEMENT_var_keylen_cipher(cast5, CAST, cfb64, CFB, CAST5_FLAGS, 128, 8, 64, 0, stream) diff --git a/providers/implementations/ciphers/cipher_chacha20.c b/providers/implementations/ciphers/cipher_chacha20.c index fd550188a1..c40ae31474 100644 --- a/providers/implementations/ciphers/cipher_chacha20.c +++ b/providers/implementations/ciphers/cipher_chacha20.c @@ -97,7 +97,8 @@ static int chacha20_get_params(OSSL_PARAM params[]) return ossl_cipher_generic_get_params(params, 0, CHACHA20_FLAGS, CHACHA20_KEYLEN * 8, CHACHA20_BLKLEN * 8, - CHACHA20_IVLEN * 8); + CHACHA20_IVLEN * 8, + 5); } static int chacha20_get_ctx_params(void *vctx, OSSL_PARAM params[]) diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305.c.in b/providers/implementations/ciphers/cipher_chacha20_poly1305.c.in index da4956aba1..c8e321142b 100644 --- a/providers/implementations/ciphers/cipher_chacha20_poly1305.c.in +++ b/providers/implementations/ciphers/cipher_chacha20_poly1305.c.in @@ -97,7 +97,8 @@ static int chacha20_poly1305_get_params(OSSL_PARAM params[]) return ossl_cipher_generic_get_params(params, 0, CHACHA20_POLY1305_FLAGS, CHACHA20_POLY1305_KEYLEN * 8, CHACHA20_POLY1305_BLKLEN * 8, - CHACHA20_POLY1305_IVLEN * 8); + CHACHA20_POLY1305_IVLEN * 8, + 5); } {- produce_param_decoder('chacha20_poly1305_get_ctx_params', diff --git a/providers/implementations/ciphers/cipher_cts.h b/providers/implementations/ciphers/cipher_cts.h index a26e5a9e07..d133db17bd 100644 --- a/providers/implementations/ciphers/cipher_cts.h +++ b/providers/implementations/ciphers/cipher_cts.h @@ -11,12 +11,13 @@ /* NOTE: The underlying block cipher is CBC so we reuse most of the code */ #define IMPLEMENT_cts_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) \ + blkbits, ivbits, seccat, typ) \ static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ static int alg##_cts_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ + flags, kbits, blkbits, ivbits, \ + seccat); \ } \ const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = { \ { OSSL_FUNC_CIPHER_NEWCTX, \ diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c index e2c890979e..b46fde54f3 100644 --- a/providers/implementations/ciphers/cipher_des.c +++ b/providers/implementations/ciphers/cipher_des.c @@ -154,13 +154,13 @@ static void *des_##lcmode##_newctx(void *provctx) \ { \ return des_newctx(provctx, kbits, blkbits, ivbits, \ EVP_CIPH_##UCMODE##_MODE, flags, \ - ossl_prov_cipher_hw_des_##lcmode()); \ + ossl_prov_cipher_hw_des_##lcmode()); \ } \ static OSSL_FUNC_cipher_get_params_fn des_##lcmode##_get_params; \ static int des_##lcmode##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ + flags, kbits, blkbits, ivbits, 0); \ } \ const OSSL_DISPATCH ossl_##des_##lcmode##_functions[] = { \ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))des_einit }, \ diff --git a/providers/implementations/ciphers/cipher_idea.c b/providers/implementations/ciphers/cipher_idea.c index c69c6ac092..a1b38a8b7e 100644 --- a/providers/implementations/ciphers/cipher_idea.c +++ b/providers/implementations/ciphers/cipher_idea.c @@ -48,10 +48,10 @@ static void *idea_dupctx(void *ctx) } /* ossl_idea128ecb_functions */ -IMPLEMENT_generic_cipher(idea, IDEA, ecb, ECB, 0, 128, 64, 0, block) +IMPLEMENT_generic_cipher(idea, IDEA, ecb, ECB, 0, 128, 64, 0, 1, block) /* ossl_idea128cbc_functions */ -IMPLEMENT_generic_cipher(idea, IDEA, cbc, CBC, 0, 128, 64, 64, block) +IMPLEMENT_generic_cipher(idea, IDEA, cbc, CBC, 0, 128, 64, 64, 1, block) /* ossl_idea128ofb64_functions */ -IMPLEMENT_generic_cipher(idea, IDEA, ofb64, OFB, 0, 128, 8, 64, stream) +IMPLEMENT_generic_cipher(idea, IDEA, ofb64, OFB, 0, 128, 8, 64, 1, stream) /* ossl_idea128cfb64_functions */ -IMPLEMENT_generic_cipher(idea, IDEA, cfb64, CFB, 0, 128, 8, 64, stream) +IMPLEMENT_generic_cipher(idea, IDEA, cfb64, CFB, 0, 128, 8, 64, 1, stream) diff --git a/providers/implementations/ciphers/cipher_null.c b/providers/implementations/ciphers/cipher_null.c index 7e934093ce..264e516d2d 100644 --- a/providers/implementations/ciphers/cipher_null.c +++ b/providers/implementations/ciphers/cipher_null.c @@ -102,7 +102,7 @@ static int null_final(void *vctx, unsigned char *out, size_t *outl, static OSSL_FUNC_cipher_get_params_fn null_get_params; static int null_get_params(OSSL_PARAM params[]) { - return ossl_cipher_generic_get_params(params, 0, 0, 0, 8, 0); + return ossl_cipher_generic_get_params(params, 0, 0, 0, 8, 0, 0); } static const OSSL_PARAM null_known_gettable_ctx_params[] = { diff --git a/providers/implementations/ciphers/cipher_rc2.c b/providers/implementations/ciphers/cipher_rc2.c index 23ccbb82f7..a29770c629 100644 --- a/providers/implementations/ciphers/cipher_rc2.c +++ b/providers/implementations/ciphers/cipher_rc2.c @@ -237,7 +237,7 @@ static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ + flags, kbits, blkbits, ivbits, 0); \ } \ static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ static void *alg##_##kbits##_##lcmode##_newctx(void *provctx) \ diff --git a/providers/implementations/ciphers/cipher_rc4.c b/providers/implementations/ciphers/cipher_rc4.c index 733524d36f..280d25e490 100644 --- a/providers/implementations/ciphers/cipher_rc4.c +++ b/providers/implementations/ciphers/cipher_rc4.c @@ -73,7 +73,7 @@ static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_get_params; \ static int alg##_##kbits##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, 0, flags, \ - kbits, blkbits, ivbits); \ + kbits, blkbits, ivbits, 0); \ } \ static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_newctx; \ static void *alg##_##kbits##_newctx(void *provctx) \ diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c index ec18777143..f53f46e99e 100644 --- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c +++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c @@ -218,7 +218,8 @@ static int rc4_hmac_md5_get_params(OSSL_PARAM params[]) RC4_HMAC_MD5_FLAGS, RC4_HMAC_MD5_KEY_BITS, RC4_HMAC_MD5_BLOCK_BITS, - RC4_HMAC_MD5_IV_BITS); + RC4_HMAC_MD5_IV_BITS, + 0); } const OSSL_DISPATCH ossl_rc4_hmac_ossl_md5_functions[] = { diff --git a/providers/implementations/ciphers/cipher_rc5.c b/providers/implementations/ciphers/cipher_rc5.c index 6fa491d83e..ba649b2a67 100644 --- a/providers/implementations/ciphers/cipher_rc5.c +++ b/providers/implementations/ciphers/cipher_rc5.c @@ -133,7 +133,7 @@ static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ + flags, kbits, blkbits, ivbits, 0); \ } \ static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ static void *alg##_##kbits##_##lcmode##_newctx(void *provctx) \ diff --git a/providers/implementations/ciphers/cipher_seed.c b/providers/implementations/ciphers/cipher_seed.c index 3644cb5e22..6e66278d33 100644 --- a/providers/implementations/ciphers/cipher_seed.c +++ b/providers/implementations/ciphers/cipher_seed.c @@ -47,10 +47,10 @@ static void *seed_dupctx(void *ctx) } /* ossl_seed128ecb_functions */ -IMPLEMENT_generic_cipher(seed, SEED, ecb, ECB, 0, 128, 128, 0, block) +IMPLEMENT_generic_cipher(seed, SEED, ecb, ECB, 0, 128, 128, 0, 1, block) /* ossl_seed128cbc_functions */ -IMPLEMENT_generic_cipher(seed, SEED, cbc, CBC, 0, 128, 128, 128, block) +IMPLEMENT_generic_cipher(seed, SEED, cbc, CBC, 0, 128, 128, 128, 1, block) /* ossl_seed128ofb128_functions */ -IMPLEMENT_generic_cipher(seed, SEED, ofb128, OFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(seed, SEED, ofb128, OFB, 0, 128, 8, 128, 1, stream) /* ossl_seed128cfb128_functions */ -IMPLEMENT_generic_cipher(seed, SEED, cfb128, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(seed, SEED, cfb128, CFB, 0, 128, 8, 128, 1, stream) diff --git a/providers/implementations/ciphers/cipher_sm4.c b/providers/implementations/ciphers/cipher_sm4.c index 863c9997f5..3b2b6df70b 100644 --- a/providers/implementations/ciphers/cipher_sm4.c +++ b/providers/implementations/ciphers/cipher_sm4.c @@ -41,12 +41,12 @@ static void *sm4_dupctx(void *ctx) } /* ossl_sm4128ecb_functions */ -IMPLEMENT_generic_cipher(sm4, SM4, ecb, ECB, 0, 128, 128, 0, block) +IMPLEMENT_generic_cipher(sm4, SM4, ecb, ECB, 0, 128, 128, 0, 1, block) /* ossl_sm4128cbc_functions */ -IMPLEMENT_generic_cipher(sm4, SM4, cbc, CBC, 0, 128, 128, 128, block) +IMPLEMENT_generic_cipher(sm4, SM4, cbc, CBC, 0, 128, 128, 128, 1, block) /* ossl_sm4128ctr_functions */ -IMPLEMENT_generic_cipher(sm4, SM4, ctr, CTR, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(sm4, SM4, ctr, CTR, 0, 128, 8, 128, 1, stream) /* ossl_sm4128ofb128_functions */ -IMPLEMENT_generic_cipher(sm4, SM4, ofb128, OFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(sm4, SM4, ofb128, OFB, 0, 128, 8, 128, 1, stream) /* ossl_sm4128cfb128_functions */ -IMPLEMENT_generic_cipher(sm4, SM4, cfb128, CFB, 0, 128, 8, 128, stream) +IMPLEMENT_generic_cipher(sm4, SM4, cfb128, CFB, 0, 128, 8, 128, 1, stream) diff --git a/providers/implementations/ciphers/cipher_sm4_ccm.c b/providers/implementations/ciphers/cipher_sm4_ccm.c index 3af84d85b7..d72b043a82 100644 --- a/providers/implementations/ciphers/cipher_sm4_ccm.c +++ b/providers/implementations/ciphers/cipher_sm4_ccm.c @@ -51,4 +51,4 @@ static void sm4_ccm_freectx(void *vctx) } /* sm4128ccm functions */ -IMPLEMENT_aead_cipher(sm4, ccm, CCM, AEAD_FLAGS, 128, 8, 96); +IMPLEMENT_aead_cipher(sm4, ccm, CCM, AEAD_FLAGS, 128, 8, 96, 1); diff --git a/providers/implementations/ciphers/cipher_sm4_gcm.c b/providers/implementations/ciphers/cipher_sm4_gcm.c index 1128f65939..e7c12219b5 100644 --- a/providers/implementations/ciphers/cipher_sm4_gcm.c +++ b/providers/implementations/ciphers/cipher_sm4_gcm.c @@ -52,4 +52,4 @@ static void sm4_gcm_freectx(void *vctx) } /* ossl_sm4128gcm_functions */ -IMPLEMENT_aead_cipher(sm4, gcm, GCM, AEAD_FLAGS, 128, 8, 96); +IMPLEMENT_aead_cipher(sm4, gcm, GCM, AEAD_FLAGS, 128, 8, 96, 1); diff --git a/providers/implementations/ciphers/cipher_sm4_xts.c b/providers/implementations/ciphers/cipher_sm4_xts.c index 31e86d6a8a..d9bc62b092 100644 --- a/providers/implementations/ciphers/cipher_sm4_xts.c +++ b/providers/implementations/ciphers/cipher_sm4_xts.c @@ -246,7 +246,7 @@ static int sm4_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ flags, 2 * kbits, SM4_XTS_BLOCK_BITS,\ - SM4_XTS_IV_BITS); \ + SM4_XTS_IV_BITS, 1); \ } \ static OSSL_FUNC_cipher_newctx_fn sm4_##kbits##_xts_newctx; \ static void *sm4_##kbits##_xts_newctx(void *provctx) \ diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c index 686167640f..4165dae444 100644 --- a/providers/implementations/ciphers/cipher_tdes_common.c +++ b/providers/implementations/ciphers/cipher_tdes_common.c @@ -200,5 +200,5 @@ int ossl_tdes_get_params(OSSL_PARAM params[], unsigned int md, uint64_t flags, } return ossl_cipher_generic_get_params(params, md, flags, - kbits, blkbits, ivbits); + kbits, blkbits, ivbits, 0); } diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c index 8dbe31dd1b..4df72adab1 100644 --- a/providers/implementations/ciphers/cipher_tdes_wrap.c +++ b/providers/implementations/ciphers/cipher_tdes_wrap.c @@ -181,7 +181,7 @@ static OSSL_FUNC_cipher_get_params_fn tdes_wrap_get_params; \ static int tdes_wrap_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_WRAP_MODE, flags, \ - kbits, blkbits, ivbits); \ + kbits, blkbits, ivbits, 0); \ } \ const OSSL_DISPATCH ossl_tdes_wrap_cbc_functions[] = \ { \ diff --git a/providers/implementations/ciphers/ciphercommon.c.in b/providers/implementations/ciphers/ciphercommon.c.in index 4b33caaf01..13d5dc89d9 100644 --- a/providers/implementations/ciphers/ciphercommon.c.in +++ b/providers/implementations/ciphers/ciphercommon.c.in @@ -33,6 +33,7 @@ use OpenSSL::paramnames qw(produce_param_decoder); ['CIPHER_PARAM_KEYLEN', 'keylen', 'size_t'], ['CIPHER_PARAM_IVLEN', 'ivlen', 'size_t'], ['CIPHER_PARAM_BLOCK_SIZE', 'bsize', 'size_t'], + ['CIPHER_PARAM_SECURITY_CATEGORY','sc', 'int'], ['CIPHER_PARAM_AEAD', 'aead', 'int' ], ['CIPHER_PARAM_CUSTOM_IV', 'custiv', 'int' ], ['CIPHER_PARAM_CTS', 'cts', 'int' ], @@ -48,7 +49,8 @@ const OSSL_PARAM *ossl_cipher_generic_gettable_params(ossl_unused void *provctx) int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, uint64_t flags, - size_t kbits, size_t blkbits, size_t ivbits) + size_t kbits, size_t blkbits, size_t ivbits, + int security_category) { struct ossl_cipher_generic_get_params_st p; @@ -100,6 +102,10 @@ int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } + if (p.sc != NULL && !OSSL_PARAM_set_int(p.sc, security_category)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } return 1; } diff --git a/providers/implementations/digests/blake2_prov.c b/providers/implementations/digests/blake2_prov.c index 5495aab61a..7817399864 100644 --- a/providers/implementations/digests/blake2_prov.c +++ b/providers/implementations/digests/blake2_prov.c @@ -15,7 +15,8 @@ #include "prov/digestcommon.h" #include "prov/implementations.h" -#define IMPLEMENT_BLAKE_functions(variant, VARIANT, variantsize) \ +#define IMPLEMENT_BLAKE_functions(variant, VARIANT, variantsize, \ + seccat_collision, seccat_preimage) \ static const OSSL_PARAM known_blake##variant##_ctx_params[] = { \ {OSSL_DIGEST_PARAM_SIZE, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0, 0}, \ OSSL_PARAM_END \ @@ -169,7 +170,11 @@ static int blake##variantsize##_internal_final(void *ctx, unsigned char *out, \ \ static int blake##variantsize##_get_params(OSSL_PARAM params[]) \ { \ - return ossl_digest_default_get_params(params, BLAKE##VARIANT##_BLOCKBYTES, BLAKE##VARIANT##_OUTBYTES, 0); \ + return ossl_digest_default_get_params(params, \ + BLAKE##VARIANT##_BLOCKBYTES, \ + BLAKE##VARIANT##_OUTBYTES, \ + seccat_collision, seccat_preimage, \ + 0); \ } \ \ const OSSL_DISPATCH ossl_blake##variantsize##_functions[] = { \ @@ -194,5 +199,5 @@ const OSSL_DISPATCH ossl_blake##variantsize##_functions[] = { \ {0, NULL} \ }; -IMPLEMENT_BLAKE_functions(2s, 2S, 2s256) -IMPLEMENT_BLAKE_functions(2b, 2B, 2b512) +IMPLEMENT_BLAKE_functions(2s, 2S, 2s256, 2, 5) +IMPLEMENT_BLAKE_functions(2b, 2B, 2b512, 5, 5) diff --git a/providers/implementations/digests/digestcommon.c.in b/providers/implementations/digests/digestcommon.c.in index 3c4e5f7e32..1d960009d3 100644 --- a/providers/implementations/digests/digestcommon.c.in +++ b/providers/implementations/digests/digestcommon.c.in @@ -17,14 +17,17 @@ use OpenSSL::paramnames qw(produce_param_decoder); #include "internal/common.h" {- produce_param_decoder('digest_default_get_params', - (['DIGEST_PARAM_BLOCK_SIZE', 'bsize', 'size_t'], - ['DIGEST_PARAM_SIZE', 'size', 'size_t'], - ['DIGEST_PARAM_XOF', 'xof', 'int'], - ['DIGEST_PARAM_ALGID_ABSENT', 'aldid', 'int'], + (['DIGEST_PARAM_BLOCK_SIZE', 'bsize', 'size_t'], + ['DIGEST_PARAM_SIZE', 'size', 'size_t'], + ['DIGEST_PARAM_SECURITY_CATEGORY_COLLISION', 'sc_c', 'int'], + ['DIGEST_PARAM_SECURITY_CATEGORY_PREIMAGE', 'sc_pi', 'int'], + ['DIGEST_PARAM_XOF', 'xof', 'int'], + ['DIGEST_PARAM_ALGID_ABSENT', 'aldid', 'int'], )); -} int ossl_digest_default_get_params(OSSL_PARAM params[], size_t blksz, - size_t paramsz, unsigned long flags) + size_t paramsz, int seccat_collision, + int seccat_preimage, unsigned long flags) { struct digest_default_get_params_st p; @@ -48,6 +51,14 @@ int ossl_digest_default_get_params(OSSL_PARAM params[], size_t blksz, ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } + if (p.sc_c != NULL && !OSSL_PARAM_set_int(p.sc_c, seccat_collision)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + if (p.sc_pi != NULL && !OSSL_PARAM_set_int(p.sc_pi, seccat_preimage)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } return 1; } diff --git a/providers/implementations/digests/md2_prov.c b/providers/implementations/digests/md2_prov.c index a41a02c198..608f37da93 100644 --- a/providers/implementations/digests/md2_prov.c +++ b/providers/implementations/digests/md2_prov.c @@ -20,5 +20,5 @@ /* ossl_md2_functions */ IMPLEMENT_digest_functions(md2, MD2_CTX, - MD2_BLOCK, MD2_DIGEST_LENGTH, 0, + MD2_BLOCK, MD2_DIGEST_LENGTH, 0, 0, 0, MD2_Init, MD2_Update, MD2_Final) diff --git a/providers/implementations/digests/md4_prov.c b/providers/implementations/digests/md4_prov.c index 97f73018c2..1a6aa9c1c7 100644 --- a/providers/implementations/digests/md4_prov.c +++ b/providers/implementations/digests/md4_prov.c @@ -20,5 +20,5 @@ /* ossl_md4_functions */ IMPLEMENT_digest_functions(md4, MD4_CTX, - MD4_CBLOCK, MD4_DIGEST_LENGTH, 0, + MD4_CBLOCK, MD4_DIGEST_LENGTH, 0, 0, 0, MD4_Init, MD4_Update, MD4_Final) diff --git a/providers/implementations/digests/md5_prov.c b/providers/implementations/digests/md5_prov.c index a330e057f5..271526c30b 100644 --- a/providers/implementations/digests/md5_prov.c +++ b/providers/implementations/digests/md5_prov.c @@ -20,5 +20,5 @@ /* ossl_md5_functions */ IMPLEMENT_digest_functions(md5, MD5_CTX, - MD5_CBLOCK, MD5_DIGEST_LENGTH, 0, + MD5_CBLOCK, MD5_DIGEST_LENGTH, 0, 0, 0, MD5_Init, MD5_Update, MD5_Final) diff --git a/providers/implementations/digests/md5_sha1_prov.c b/providers/implementations/digests/md5_sha1_prov.c index ef15944c8c..009c062d2f 100644 --- a/providers/implementations/digests/md5_sha1_prov.c +++ b/providers/implementations/digests/md5_sha1_prov.c @@ -56,6 +56,6 @@ static int md5_sha1_set_ctx_params(void *vctx, const OSSL_PARAM params[]) /* ossl_md5_sha1_functions */ IMPLEMENT_digest_functions_with_settable_ctx( - md5_sha1, MD5_SHA1_CTX, MD5_SHA1_CBLOCK, MD5_SHA1_DIGEST_LENGTH, 0, + md5_sha1, MD5_SHA1_CTX, MD5_SHA1_CBLOCK, MD5_SHA1_DIGEST_LENGTH, 0, 1, 0, ossl_md5_sha1_init, ossl_md5_sha1_update, ossl_md5_sha1_final, md5_sha1_settable_ctx_params, md5_sha1_set_ctx_params) diff --git a/providers/implementations/digests/mdc2_prov.c b/providers/implementations/digests/mdc2_prov.c index e1fc477d21..e93ba81888 100644 --- a/providers/implementations/digests/mdc2_prov.c +++ b/providers/implementations/digests/mdc2_prov.c @@ -56,6 +56,6 @@ static int mdc2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) /* ossl_mdc2_functions */ IMPLEMENT_digest_functions_with_settable_ctx( - mdc2, MDC2_CTX, MDC2_BLOCK, MDC2_DIGEST_LENGTH, 0, + mdc2, MDC2_CTX, MDC2_BLOCK, MDC2_DIGEST_LENGTH, 0, 0, 0, MDC2_Init, MDC2_Update, MDC2_Final, mdc2_settable_ctx_params, mdc2_set_ctx_params) diff --git a/providers/implementations/digests/null_prov.c b/providers/implementations/digests/null_prov.c index b220a1966f..3c97da9a7b 100644 --- a/providers/implementations/digests/null_prov.c +++ b/providers/implementations/digests/null_prov.c @@ -48,5 +48,5 @@ static int name##_internal_final(void *ctx, unsigned char *out, size_t *outl, \ } IMPLEMENT_digest_functions(nullmd, NULLMD_CTX, - 0, 0, 0, + 0, 0, 0, 0, 0, null_init, null_update, null_final) diff --git a/providers/implementations/digests/ripemd_prov.c b/providers/implementations/digests/ripemd_prov.c index 526706c06d..6e28658a70 100644 --- a/providers/implementations/digests/ripemd_prov.c +++ b/providers/implementations/digests/ripemd_prov.c @@ -20,5 +20,5 @@ /* ossl_ripemd160_functions */ IMPLEMENT_digest_functions(ripemd160, RIPEMD160_CTX, - RIPEMD160_CBLOCK, RIPEMD160_DIGEST_LENGTH, 0, + RIPEMD160_CBLOCK, RIPEMD160_DIGEST_LENGTH, 0, 1, 0, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final) diff --git a/providers/implementations/digests/sha2_prov.c b/providers/implementations/digests/sha2_prov.c index 883915dfa9..f78e574ec7 100644 --- a/providers/implementations/digests/sha2_prov.c +++ b/providers/implementations/digests/sha2_prov.c @@ -58,39 +58,56 @@ static int sha1_set_ctx_params(void *vctx, const OSSL_PARAM params[]) /* ossl_sha1_functions */ IMPLEMENT_digest_functions_with_settable_ctx( - sha1, SHA_CTX, SHA_CBLOCK, SHA_DIGEST_LENGTH, SHA2_FLAGS, + sha1, SHA_CTX, SHA_CBLOCK, SHA_DIGEST_LENGTH, + SHA1_COLLISION_CATEGORY, SHA1_PREIMAGE_CATEGORY, SHA2_FLAGS, SHA1_Init, SHA1_Update, SHA1_Final, sha1_settable_ctx_params, sha1_set_ctx_params) /* ossl_sha224_functions */ IMPLEMENT_digest_functions(sha224, SHA256_CTX, - SHA256_CBLOCK, SHA224_DIGEST_LENGTH, SHA2_FLAGS, + SHA256_CBLOCK, SHA224_DIGEST_LENGTH, + SHA224_COLLISION_CATEGORY, + SHA224_PREIMAGE_CATEGORY, SHA2_FLAGS, SHA224_Init, SHA224_Update, SHA224_Final) /* ossl_sha256_functions */ IMPLEMENT_digest_functions(sha256, SHA256_CTX, - SHA256_CBLOCK, SHA256_DIGEST_LENGTH, SHA2_FLAGS, + SHA256_CBLOCK, SHA256_DIGEST_LENGTH, + SHA256_COLLISION_CATEGORY, + SHA256_PREIMAGE_CATEGORY, SHA2_FLAGS, SHA256_Init, SHA256_Update, SHA256_Final) + /* ossl_sha256_192_internal_functions */ IMPLEMENT_digest_functions(sha256_192_internal, SHA256_CTX, - SHA256_CBLOCK, SHA256_192_DIGEST_LENGTH, SHA2_FLAGS, + SHA256_CBLOCK, SHA256_192_DIGEST_LENGTH, + SHA256_192_COLLISION_CATEGORY, + SHA256_192_PREIMAGE_CATEGORY, SHA2_FLAGS, ossl_sha256_192_init, SHA256_Update, SHA256_Final) + /* ossl_sha384_functions */ IMPLEMENT_digest_functions(sha384, SHA512_CTX, - SHA512_CBLOCK, SHA384_DIGEST_LENGTH, SHA2_FLAGS, + SHA512_CBLOCK, SHA384_DIGEST_LENGTH, + SHA384_COLLISION_CATEGORY, + SHA384_PREIMAGE_CATEGORY, SHA2_FLAGS, SHA384_Init, SHA384_Update, SHA384_Final) /* ossl_sha512_functions */ IMPLEMENT_digest_functions(sha512, SHA512_CTX, - SHA512_CBLOCK, SHA512_DIGEST_LENGTH, SHA2_FLAGS, + SHA512_CBLOCK, SHA512_DIGEST_LENGTH, + SHA512_COLLISION_CATEGORY, + SHA512_PREIMAGE_CATEGORY, SHA2_FLAGS, SHA512_Init, SHA512_Update, SHA512_Final) /* ossl_sha512_224_functions */ IMPLEMENT_digest_functions(sha512_224, SHA512_CTX, - SHA512_CBLOCK, SHA224_DIGEST_LENGTH, SHA2_FLAGS, + SHA512_CBLOCK, SHA224_DIGEST_LENGTH, + SHA224_COLLISION_CATEGORY, + SHA224_PREIMAGE_CATEGORY, SHA2_FLAGS, sha512_224_init, SHA512_Update, SHA512_Final) /* ossl_sha512_256_functions */ IMPLEMENT_digest_functions(sha512_256, SHA512_CTX, - SHA512_CBLOCK, SHA256_DIGEST_LENGTH, SHA2_FLAGS, + SHA512_CBLOCK, SHA256_DIGEST_LENGTH, + SHA256_COLLISION_CATEGORY, + SHA256_PREIMAGE_CATEGORY, SHA2_FLAGS, sha512_256_init, SHA512_Update, SHA512_Final) diff --git a/providers/implementations/digests/sha3_prov.c b/providers/implementations/digests/sha3_prov.c index a006cf4851..9645e1022c 100644 --- a/providers/implementations/digests/sha3_prov.c +++ b/providers/implementations/digests/sha3_prov.c @@ -528,8 +528,11 @@ static void *uname##_newctx(void *provctx) \ return ctx; \ } -#define PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags) \ -PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags) \ +#define PROV_FUNC_SHA3_DIGEST_COMMON( \ + name, bitlen, blksize, dgstsize, seccat_collision, seccat_preimage, \ + flags) \ +PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, seccat_collision, \ + seccat_preimage, flags) \ const OSSL_DISPATCH ossl_##name##_functions[] = { \ { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))keccak_update }, \ @@ -539,14 +542,16 @@ const OSSL_DISPATCH ossl_##name##_functions[] = { \ { OSSL_FUNC_DIGEST_COPYCTX, (void (*)(void))keccak_copyctx }, \ PROV_DISPATCH_FUNC_DIGEST_GET_PARAMS(name) -#define PROV_FUNC_SHA3_DIGEST(name, bitlen, blksize, dgstsize, flags) \ - PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags), \ +#define PROV_FUNC_SHA3_DIGEST(name, bitlen, blksize, dgstsize, seccat_collision, seccat_preimage, flags) \ + PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, \ + seccat_collision, seccat_preimage, flags), \ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init }, \ PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END -#define PROV_FUNC_SHAKE_DIGEST(name, bitlen, blksize, dgstsize, flags) \ - PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, flags), \ - { OSSL_FUNC_DIGEST_SQUEEZE, (void (*)(void))shake_squeeze }, \ +#define PROV_FUNC_SHAKE_DIGEST(name, bitlen, blksize, dgstsize, seccat_collision, seccat_preimage, flags) \ + PROV_FUNC_SHA3_DIGEST_COMMON(name, bitlen, blksize, dgstsize, \ + seccat_collision, seccat_preimage, flags), \ +{ OSSL_FUNC_DIGEST_SQUEEZE, (void (*)(void))shake_squeeze }, \ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))keccak_init_params }, \ { OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))shake_set_ctx_params }, \ { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, \ @@ -650,52 +655,64 @@ static int shake_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 1; } -#define IMPLEMENT_SHA3_functions(bitlen) \ +#define IMPLEMENT_SHA3_functions(bitlen, seccat_collision, seccat_preimage) \ SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \ PROV_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, \ SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \ - SHA3_FLAGS) + seccat_collision, seccat_preimage, SHA3_FLAGS) -#define IMPLEMENT_KECCAK_functions(bitlen) \ +#define IMPLEMENT_KECCAK_functions(bitlen, seccat_collision, seccat_preimage) \ SHA3_newctx(keccak, KECCAK_##bitlen, keccak_##bitlen, bitlen, '\x01') \ PROV_FUNC_SHA3_DIGEST(keccak_##bitlen, bitlen, \ SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \ - SHA3_FLAGS) + seccat_collision, seccat_preimage, SHA3_FLAGS) -#define IMPLEMENT_SHAKE_functions(bitlen) \ +#define IMPLEMENT_SHAKE_functions(bitlen, seccat_collision, seccat_preimage) \ SHAKE_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, \ 0 /* no default md length */, '\x1f') \ PROV_FUNC_SHAKE_DIGEST(shake_##bitlen, bitlen, \ SHA3_BLOCKSIZE(bitlen), 0, \ - SHAKE_FLAGS) + seccat_collision, seccat_preimage, SHAKE_FLAGS) -#define IMPLEMENT_KMAC_functions(bitlen) \ +#define IMPLEMENT_KMAC_functions(bitlen, seccat_collision, seccat_preimage) \ KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \ PROV_FUNC_SHAKE_DIGEST(keccak_kmac_##bitlen, bitlen, \ SHA3_BLOCKSIZE(bitlen), KMAC_MDSIZE(bitlen), \ - KMAC_FLAGS) + seccat_collision, seccat_preimage, KMAC_FLAGS) /* ossl_sha3_224_functions */ -IMPLEMENT_SHA3_functions(224) +IMPLEMENT_SHA3_functions(224, SHA224_COLLISION_CATEGORY, + SHA224_PREIMAGE_CATEGORY) /* ossl_sha3_256_functions */ -IMPLEMENT_SHA3_functions(256) +IMPLEMENT_SHA3_functions(256, SHA256_COLLISION_CATEGORY, + SHA256_PREIMAGE_CATEGORY) /* ossl_sha3_384_functions */ -IMPLEMENT_SHA3_functions(384) +IMPLEMENT_SHA3_functions(384, SHA384_COLLISION_CATEGORY, + SHA384_PREIMAGE_CATEGORY) /* ossl_sha3_512_functions */ -IMPLEMENT_SHA3_functions(512) +IMPLEMENT_SHA3_functions(512, SHA512_COLLISION_CATEGORY, + SHA512_PREIMAGE_CATEGORY) /* ossl_keccak_224_functions */ -IMPLEMENT_KECCAK_functions(224) +IMPLEMENT_KECCAK_functions(224, SHA224_COLLISION_CATEGORY, + SHA224_PREIMAGE_CATEGORY) /* ossl_keccak_256_functions */ -IMPLEMENT_KECCAK_functions(256) +IMPLEMENT_KECCAK_functions(256, SHA256_COLLISION_CATEGORY, + SHA256_PREIMAGE_CATEGORY) /* ossl_keccak_384_functions */ -IMPLEMENT_KECCAK_functions(384) +IMPLEMENT_KECCAK_functions(384, SHA384_COLLISION_CATEGORY, + SHA384_PREIMAGE_CATEGORY) /* ossl_keccak_512_functions */ -IMPLEMENT_KECCAK_functions(512) +IMPLEMENT_KECCAK_functions(512, SHA512_COLLISION_CATEGORY, + SHA512_PREIMAGE_CATEGORY) /* ossl_shake_128_functions */ -IMPLEMENT_SHAKE_functions(128) +IMPLEMENT_SHAKE_functions(128, SHAKE128_COLLISION_CATEGORY, + SHAKE128_PREIMAGE_CATEGORY) /* ossl_shake_256_functions */ -IMPLEMENT_SHAKE_functions(256) +IMPLEMENT_SHAKE_functions(256, SHAKE256_COLLISION_CATEGORY, + SHAKE256_PREIMAGE_CATEGORY) /* ossl_keccak_kmac_128_functions */ -IMPLEMENT_KMAC_functions(128) +IMPLEMENT_KMAC_functions(128, KMAC128_COLLISION_CATEGORY, + KMAC128_PREIMAGE_CATEGORY) /* ossl_keccak_kmac_256_functions */ -IMPLEMENT_KMAC_functions(256) +IMPLEMENT_KMAC_functions(256, KMAC256_COLLISION_CATEGORY, + KMAC256_PREIMAGE_CATEGORY) diff --git a/providers/implementations/digests/sm3_prov.c b/providers/implementations/digests/sm3_prov.c index 9d6de5b6ac..07851fa64e 100644 --- a/providers/implementations/digests/sm3_prov.c +++ b/providers/implementations/digests/sm3_prov.c @@ -14,5 +14,5 @@ /* ossl_sm3_functions */ IMPLEMENT_digest_functions(sm3, SM3_CTX, - SM3_CBLOCK, SM3_DIGEST_LENGTH, 0, + SM3_CBLOCK, SM3_DIGEST_LENGTH, 2, 5, 0, ossl_sm3_init, ossl_sm3_update, ossl_sm3_final) diff --git a/providers/implementations/digests/wp_prov.c b/providers/implementations/digests/wp_prov.c index 2af70b3372..17c170b434 100644 --- a/providers/implementations/digests/wp_prov.c +++ b/providers/implementations/digests/wp_prov.c @@ -20,5 +20,6 @@ /* ossl_wp_functions */ IMPLEMENT_digest_functions(wp, WHIRLPOOL_CTX, - WHIRLPOOL_BBLOCK / 8, WHIRLPOOL_DIGEST_LENGTH, 0, + WHIRLPOOL_BBLOCK / 8, WHIRLPOOL_DIGEST_LENGTH, + 5, 5, 0, WHIRLPOOL_Init, WHIRLPOOL_Update, WHIRLPOOL_Final) diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h index b5f0b92c43..beef96b3e8 100644 --- a/providers/implementations/include/prov/ciphercommon.h +++ b/providers/implementations/include/prov/ciphercommon.h @@ -127,7 +127,8 @@ OSSL_FUNC_cipher_decrypt_skey_init_fn ossl_cipher_generic_skey_dinit; int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, uint64_t flags, - size_t kbits, size_t blkbits, size_t ivbits); + size_t kbits, size_t blkbits, size_t ivbits, + int security_category); void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits, size_t ivbits, unsigned int mode, uint64_t flags, @@ -192,13 +193,14 @@ const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = { \ }; -# define IMPLEMENT_generic_cipher_genfn(alg, UCALG, lcmode, UCMODE, flags, \ - kbits, blkbits, ivbits, typ) \ +# define IMPLEMENT_generic_cipher_genfn(alg, UCALG, lcmode, UCMODE, flags, \ + kbits, blkbits, ivbits, seccat, typ) \ static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ + flags, kbits, blkbits, ivbits, \ + seccat); \ } \ static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \ @@ -214,17 +216,17 @@ static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \ return ctx; \ } \ -# define IMPLEMENT_generic_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) \ +# define IMPLEMENT_generic_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ + blkbits, ivbits, seccat, typ) \ IMPLEMENT_generic_cipher_genfn(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) \ + blkbits, ivbits, seccat, typ) \ IMPLEMENT_generic_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits, \ blkbits, ivbits, typ) -# define IMPLEMENT_var_keylen_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) \ +# define IMPLEMENT_var_keylen_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ + blkbits, ivbits, seccat, typ) \ IMPLEMENT_generic_cipher_genfn(alg, UCALG, lcmode, UCMODE, flags, kbits, \ - blkbits, ivbits, typ) \ + blkbits, ivbits, seccat, typ) \ IMPLEMENT_var_keylen_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits, \ blkbits, ivbits, typ) diff --git a/providers/implementations/include/prov/ciphercommon_aead.h b/providers/implementations/include/prov/ciphercommon_aead.h index 12369b58aa..03f00a39dd 100644 --- a/providers/implementations/include/prov/ciphercommon_aead.h +++ b/providers/implementations/include/prov/ciphercommon_aead.h @@ -15,12 +15,13 @@ # define AEAD_FLAGS (PROV_CIPHER_FLAG_AEAD | PROV_CIPHER_FLAG_CUSTOM_IV) -# define IMPLEMENT_aead_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits) \ +# define IMPLEMENT_aead_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits, seccat) \ static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \ static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ + flags, kbits, blkbits, ivbits, \ + seccat); \ } \ static OSSL_FUNC_cipher_newctx_fn alg##kbits##lc##_newctx; \ static void * alg##kbits##lc##_newctx(void *provctx) \ diff --git a/providers/implementations/include/prov/digestcommon.h b/providers/implementations/include/prov/digestcommon.h index 332d473490..8b378d3d3e 100644 --- a/providers/implementations/include/prov/digestcommon.h +++ b/providers/implementations/include/prov/digestcommon.h @@ -13,6 +13,7 @@ # include # include # include +# include "crypto/evp.h" # include "prov/providercommon.h" /* Internal flags that can be queried */ @@ -23,11 +24,14 @@ extern "C" { # endif -#define PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags) \ +#define PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, seccat_collision, \ + seccat_preimage, flags) \ static OSSL_FUNC_digest_get_params_fn name##_get_params; \ static int name##_get_params(OSSL_PARAM params[]) \ { \ - return ossl_digest_default_get_params(params, blksize, dgstsize, flags); \ + return ossl_digest_default_get_params(params, blksize, dgstsize, \ + seccat_collision, \ + seccat_preimage, flags); \ } #define PROV_DISPATCH_FUNC_DIGEST_GET_PARAMS(name) \ @@ -48,7 +52,8 @@ static int name##_internal_final(void *ctx, unsigned char *out, size_t *outl, \ } # define PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_START( \ - name, CTX, blksize, dgstsize, flags, upd, fin) \ + name, CTX, blksize, dgstsize, settable_ctx_params, set_ctx_params, \ + seccat_collision, seccat_preimage, flags, upd, fin) \ static OSSL_FUNC_digest_newctx_fn name##_newctx; \ static OSSL_FUNC_digest_freectx_fn name##_freectx; \ static OSSL_FUNC_digest_dupctx_fn name##_dupctx; \ @@ -77,7 +82,8 @@ static void name##_copyctx(void *voutctx, void *vinctx) \ *outctx = *inctx; \ } \ PROV_FUNC_DIGEST_FINAL(name, dgstsize, fin) \ -PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags) \ +PROV_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, seccat_collision, \ + seccat_preimage, flags) \ const OSSL_DISPATCH ossl_##name##_functions[] = { \ { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))name##_newctx }, \ { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))upd }, \ @@ -92,21 +98,24 @@ const OSSL_DISPATCH ossl_##name##_functions[] = { \ }; # define IMPLEMENT_digest_functions( \ - name, CTX, blksize, dgstsize, flags, init, upd, fin) \ + name, CTX, blksize, dgstsize, seccat_collision, seccat_preimage, flags, \ + init, upd, fin) \ static OSSL_FUNC_digest_init_fn name##_internal_init; \ static int name##_internal_init(void *ctx, \ ossl_unused const OSSL_PARAM params[]) \ { \ return ossl_prov_is_running() && init(ctx); \ } \ -PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, flags, \ - upd, fin), \ +PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, \ + settable_ctx_params, set_ctx_params, \ + seccat_collision, seccat_preimage, \ + flags, upd, fin), \ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))name##_internal_init }, \ PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END # define IMPLEMENT_digest_functions_with_settable_ctx( \ - name, CTX, blksize, dgstsize, flags, init, upd, fin, \ - settable_ctx_params, set_ctx_params) \ + name, CTX, blksize, dgstsize, seccat_collision, seccat_preimage, flags, \ + init, upd, fin, settable_ctx_params, set_ctx_params) \ static OSSL_FUNC_digest_init_fn name##_internal_init; \ static int name##_internal_init(void *ctx, const OSSL_PARAM params[]) \ { \ @@ -114,8 +123,10 @@ static int name##_internal_init(void *ctx, const OSSL_PARAM params[]) \ && init(ctx) \ && set_ctx_params(ctx, params); \ } \ -PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, flags, \ - upd, fin), \ +PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, \ + settable_ctx_params, set_ctx_params, \ + seccat_collision, seccat_preimage, \ + flags, upd, fin), \ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))name##_internal_init }, \ { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, (void (*)(void))settable_ctx_params }, \ { OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))set_ctx_params }, \ @@ -124,7 +135,8 @@ PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END const OSSL_PARAM *ossl_digest_default_gettable_params(void *provctx); int ossl_digest_default_get_params(OSSL_PARAM params[], size_t blksz, - size_t paramsz, unsigned long flags); + size_t paramsz, int seccat_collision, + int seccat_preimage, unsigned long flags); # ifdef __cplusplus } diff --git a/test/evp_test.c b/test/evp_test.c index 4169bd7cba..9d239c4781 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -224,7 +224,8 @@ static int rand_check_fips_approved(EVP_RAND_CTX *ctx, EVP_TEST *t) } static int check_security_category(EVP_TEST *t, void *alg_obj, - int (*get_param)(void *, OSSL_PARAM *)) { + int (*get_param)(void *, OSSL_PARAM *), + int (*get_security_category)(void *)) { OSSL_PARAM p[2]; int security_category = -1; @@ -233,7 +234,9 @@ static int check_security_category(EVP_TEST *t, void *alg_obj, p[0] = OSSL_PARAM_construct_int(OSSL_ALG_PARAM_SECURITY_CATEGORY, &security_category); p[1] = OSSL_PARAM_construct_end(); - if (!TEST_int_gt(get_param(alg_obj, p), 0) + if (!TEST_int_eq(get_security_category(alg_obj), t->security_category) + /* Test getting via the param too */ + || !TEST_int_gt(get_param(alg_obj, p), 0) || !TEST_true(OSSL_PARAM_modified(p)) || !TEST_int_eq(security_category, t->security_category)) { t->err = "INCORRECT_SECURITY_CATEGORY"; @@ -244,7 +247,8 @@ static int check_security_category(EVP_TEST *t, void *alg_obj, static int pkey_check_security_category(EVP_TEST *t, EVP_PKEY *pkey) { return check_security_category(t, pkey, - (int (*)(void *, OSSL_PARAM *))EVP_PKEY_get_params); + (int (*)(void *, OSSL_PARAM *))EVP_PKEY_get_params, + (int (*)(void *))EVP_PKEY_get_security_category); } static int ctrladd(STACK_OF(OPENSSL_STRING) *controls, const char *value) @@ -709,8 +713,46 @@ typedef struct digest_data_st { int xof; /* Size for variable output length but non-XOF */ size_t digest_size; + /* NIST security categories */ + int security_category_collision; + int security_category_preimage; } DIGEST_DATA; +static int md_check_security_categories(EVP_TEST *t, const DIGEST_DATA *mdat) { + OSSL_PARAM p[3]; + int security_category_collision = -1; + int security_category_preimage = -1; + const EVP_MD *md = mdat->digest; + + p[0] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_SECURITY_CATEGORY_COLLISION, + &security_category_collision); + p[1] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_SECURITY_CATEGORY_PREIMAGE, + &security_category_preimage); + p[2] = OSSL_PARAM_construct_end(); + if (!TEST_int_gt(EVP_MD_get_params(md, p), 0)) + goto err; + + if (mdat->security_category_collision >= 0) + if (!TEST_int_eq(EVP_MD_get_security_category_collision(md), + mdat->security_category_collision) + || !TEST_true(OSSL_PARAM_modified(p)) + || !TEST_int_eq(security_category_collision, + mdat->security_category_collision)) + goto err; + if (mdat->security_category_preimage >= 0) + if (!TEST_int_eq(EVP_MD_get_security_category_preimage(md), + mdat->security_category_preimage) + || !TEST_true(OSSL_PARAM_modified(p + 1)) + || !TEST_int_eq(security_category_preimage, + mdat->security_category_preimage)) + goto err; + return 1; + +err: + t->err = "INCORRECT_SECURITY_CATEGORY"; + return 0; +} + static int digest_test_init(EVP_TEST *t, const char *alg) { DIGEST_DATA *mdat; @@ -735,6 +777,8 @@ static int digest_test_init(EVP_TEST *t, const char *alg) mdat->fetched_digest = fetched_digest; mdat->pad_type = 0; mdat->xof = 0; + mdat->security_category_collision = -1; + mdat->security_category_preimage = -1; if (fetched_digest != NULL) TEST_info("%s is fetched", alg); return 1; @@ -753,6 +797,7 @@ static int digest_test_parse(EVP_TEST *t, const char *keyword, const char *value) { DIGEST_DATA *mdata = t->data; + int n; if (strcmp(keyword, "Input") == 0) return evp_test_buffer_append(value, data_chunk_size, &mdata->input); @@ -767,12 +812,24 @@ static int digest_test_parse(EVP_TEST *t, if (strcmp(keyword, "XOF") == 0) return (mdata->xof = atoi(value)) > 0; if (strcmp(keyword, "OutputSize") == 0) { - int sz; - - sz = atoi(value); - if (sz < 0) + n = atoi(value); + if (n < 0) return -1; - mdata->digest_size = sz; + mdata->digest_size = n; + return 1; + } + if (strcmp(keyword, "Security-Category-Collision") == 0) { + n = atoi(value); + if (n < 0) + return -1; + mdata->security_category_collision = n; + return 1; + } + if (strcmp(keyword, "Security-Category-Preimage") == 0) { + n = atoi(value); + if (n < 0) + return -1; + mdata->security_category_preimage = n; return 1; } return 0; @@ -807,13 +864,21 @@ static int digest_test_run(EVP_TEST *t) { DIGEST_DATA *expected = t->data; EVP_TEST_BUFFER *inbuf; - EVP_MD_CTX *mctx; + EVP_MD_CTX *mctx = NULL; unsigned char *got = NULL; unsigned int got_len; size_t size = 0; int xof = 0; OSSL_PARAM params[4], *p = ¶ms[0]; + /* Digests don't have a single security category so fail if test is bad */ + if (!TEST_int_eq(t->security_category, -1)) { + t->err = "INVALID_TEST_SECURITY_CATEGORY"; + goto err; + } + if (!md_check_security_categories(t, expected)) + goto err; + t->err = "TEST_FAILURE"; if (!TEST_ptr(mctx = EVP_MD_CTX_new())) goto err; @@ -1592,6 +1657,12 @@ static int cipher_test_run(EVP_TEST *t) size_t params_n = 0; TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher)); + + if (!TEST_true(check_security_category(t, (void *)cdat->cipher, + (int (*)(void *, OSSL_PARAM *))EVP_CIPHER_get_params, + (int (*)(void *))EVP_CIPHER_get_security_category))) + return 0; + if (!cdat->key) { t->err = "NO_KEY"; return 0; diff --git a/test/fake_pipelineprov.c b/test/fake_pipelineprov.c index 4761d2fde5..878fd3cc89 100644 --- a/test/fake_pipelineprov.c +++ b/test/fake_pipelineprov.c @@ -250,12 +250,12 @@ int fake_pipeline_aead_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } #define IMPLEMENT_aead_cipher_pipeline(alg, lc, UCMODE, flags, kbits, blkbits, \ - ivbits, ciphername) \ + ivbits, seccat, ciphername) \ static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lc##_get_params; \ static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[]) \ { \ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ + flags, kbits, blkbits, ivbits, seccat); \ } \ static OSSL_FUNC_cipher_newctx_fn fake_pipeline_##alg##_##kbits##_##lc##_newctx; \ static void * fake_pipeline_##alg##_##kbits##_##lc##_newctx(void *provctx) \ @@ -290,7 +290,7 @@ int fake_pipeline_aead_set_ctx_params(void *vctx, const OSSL_PARAM params[]) OSSL_DISPATCH_END \ } -IMPLEMENT_aead_cipher_pipeline(aes, gcm, GCM, AEAD_FLAGS, 256, 8, 96, "AES-256-GCM"); +IMPLEMENT_aead_cipher_pipeline(aes, gcm, GCM, AEAD_FLAGS, 256, 8, 96, 5, "AES-256-GCM"); static const OSSL_ALGORITHM fake_ciphers[] = { {"AES-256-GCM", "provider=fake-pipeline", fake_pipeline_aes256gcm_functions}, diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 0fdcde6528..399bf61c16 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -51,6 +51,7 @@ my @files = qw( evpciph_aes_wrap.txt evpciph_aes_stitched.txt evpciph_des3_common.txt + evpciph_security_category.txt evpkdf_hkdf.txt evpkdf_kbkdf_counter.txt evpkdf_kbkdf_kmac.txt @@ -63,6 +64,7 @@ my @files = qw( evpkdf_x942.txt evpkdf_x963.txt evpmac_common.txt + evpmd_security_category.txt evpmd_sha.txt evppbe_pbkdf2.txt evppkey_kdf_hkdf.txt diff --git a/test/recipes/30-test_evp_data/evpciph_security_category.txt b/test/recipes/30-test_evp_data/evpciph_security_category.txt new file mode 100644 index 0000000000..08c1073b6a --- /dev/null +++ b/test/recipes/30-test_evp_data/evpciph_security_category.txt @@ -0,0 +1,1053 @@ +# +# Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Test cases taken from other existing tests + +Title = Post Quantum Security Strength Category test + +# AES CBC Mode + +FIPSversion = >=3.6.0 +Cipher = aes-128-cbc +Key = 00000000000000000000000000000000 +IV = 00000000000000000000000000000000 +Plaintext = 00000000000000000000000000000000 +Ciphertext = 66e94bd4ef8a2c3b884cfa59ca342b2e +Security-Category = 1 + +FIPSversion = >=3.6.0 +Cipher = aes-192-cbc +Key = 000000000000000000000000000000000000000000000000 +IV = 00000000000000000000000000000000 +Plaintext = 00000000000000000000000000000000 +Ciphertext = aae06992acbf52a3e8f4a96ec9300bd7 +Security-Category = 3 + +FIPSversion = >=3.6.0 +Cipher = aes-256-cbc +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 00000000000000000000000000000000 +Plaintext = 00000000000000000000000000000000 +Ciphertext = dc95c078a2408989ad48a21492842087 +Security-Category = 5 + +# AES CCM Mode + +FIPSversion = >=3.6.0 +Cipher = aes-128-ccm +Key = ddf9f150cc3f1c15e8e773663c5b061c +IV = 98c5036b7d54da9a1177105600 +AAD = 48043560d60381e83c11d4bc9d997d3ee2add6b0524b779c62dfaa73ce0a +Tag = 31f5be8c9965345c760c72cc1b7908d1 +Plaintext = d44bf28b010e076b45db1b053af03db718b60748da51db1f +Ciphertext = 7d9e5fa8d6c6e0701ba89259e23a041d0f768a48542e4d29 +Security-Category = 1 + +FIPSversion = >=3.6.0 +Cipher = aes-192-ccm +Key = 13f179aa2a23bc90a85660306394940e9bb226ce3885ec01 +IV = aaa52c63ca1f74a203d08c2078 +AAD = 21fb9cdd9b110bbbc6832275dfa7 +Tag = 3fa5ad4142e0b4650fa5cc8f7ef70d62 +Plaintext = a7742dd9c3e8bbad08157fbd01ebfb94e1639117c4b4eb5d +Ciphertext = c8888f4f4b87309b0ef8890c700374cef211ca3f325898b2 +Security-Category = 3 + +FIPSversion = >=3.6.0 +Cipher = aes-256-ccm +Key = 8a56588fe5e125237b6cdc30f940b8d88b2863ec501a0cb00b1abade1b5ce0ed +IV = d80210b9f9776ea36dc0e0a787 +AAD = 6e80dd7f1badf3a1c9ab25c7 +Tag = 279442c88d612ed1a39ae0005f88155d +Plaintext = ac2c44263363810bec3a309aa618b303e05099dfdbeb5c16 +Ciphertext = dcba605b7fedffea30ebb4f8f09aaba26dea0fa4c8218b59 +Security-Category = 5 + +# AES CFB Mode + +FIPSversion = >=3.6.0 +Cipher = AES-128-CBC-CTS +Key = 636869636b656e207465726979616b69 +IV = 00000000000000000000000000000000 +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c +Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5b3fffd940c16a18c1b5549d2f838029e +NextIV = b3fffd940c16a18c1b5549d2f838029e +Security-Category = 1 + +FIPSversion = >=3.6.0 +Cipher = AES-192-CBC-CTS +CTSMode = CS1 +Key = 636869636b656e207465726979616b69636869636b656e20 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 +Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1 +Security-Category = 3 + +FIPSversion = >=3.6.0 +Cipher = AES-256-CBC-CTS +CTSMode = CS3 +Key = 636869636b656e207465726979616b69636869636b656e207465726979616b69 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 +Ciphertext = 2c0463982174df10baa9d8f782c5a5b3e954e79fae9310dc75b6070e1d625346 +Security-Category = 5 + +# AES CFB Mode + +FIPSversion = >=3.6.0 +Cipher = aes-128-cfb +Key = 2b7e151628aed2a6abf7158809cf4f3c +IV = 000102030405060708090a0b0c0d0e0f +Plaintext = 6bc1bee22e409f96e93d7e117393172a +Ciphertext = 3b3fd92eb72dad20333449f8e83cfb4a +Security-Category = 1 + +FIPSversion = >=3.6.0 +Cipher = aes-192-cfb +Key = 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b +IV = 000102030405060708090a0b0c0d0e0f +Plaintext = 6bc1bee22e409f96e93d7e117393172a +Ciphertext = cdc80d6fddf18cab34c25909c99a4174 +Security-Category = 3 + +FIPSversion = >=3.6.0 +Cipher = aes-256-cfb +Key = 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4 +IV = 000102030405060708090a0b0c0d0e0f +Plaintext = 6bc1bee22e409f96e93d7e117393172a +Ciphertext = dc7e84bfda79164b7ecd8486985d3860 +Security-Category = 5 + +# AES CTR Mode + +FIPSversion = >=3.6.0 +Cipher = aes-128-ctr +Key = ae6852f8121067cc4bf7a5765577f39e +IV = 00000030000000000000000000000001 +Plaintext = 53696e676c6520626c6f636b206d7367 +Ciphertext = e4095d4fb7a7b3792d6175a3261311b8 +Security-Category = 1 + +FIPSversion = >=3.6.0 +Cipher = aes-192-ctr +Key = 16af5b145fc9f579c175f93e3bfb0eed863d06ccfdb78515 +IV = 0000004836733c147d6d93cb00000001 +Plaintext = 53696e676c6520626c6f636b206d7367 +Ciphertext = 4b55384fe259c9c84e7935a003cbe928 +Security-Category = 3 + +FIPSversion = >=3.6.0 +Cipher = aes-256-ctr +Key = 776beff2851db06f4c8a0542c8696f6c6a81af1eec96b4d37fc1d689e6c1c104 +IV = 00000060db5672c97aa8f0b200000001 +Plaintext = 53696e676c6520626c6f636b206d7367 +Ciphertext = 145ad01dbf824ec7560863dc71e3e0c0 +Security-Category = 5 + +# AES ECB Mode +FIPSversion = >=3.6.0 +Cipher = aes-128-ecb +Key = 00000000000000000000000000000000 +Plaintext = 00000000000000000000000000000000 +Ciphertext = 66e94bd4ef8a2c3b884cfa59ca342b2e +Security-Category = 1 + +FIPSversion = >=3.6.0 +Cipher = aes-192-ecb +Key = 000000000000000000000000000000000000000000000000 +Plaintext = 00000000000000000000000000000000 +Ciphertext = aae06992acbf52a3e8f4a96ec9300bd7 +Security-Category = 3 + +FIPSversion = >=3.6.0 +Cipher = aes-256-ecb +Key = 0000000000000000000000000000000000000000000000000000000000000000 +Plaintext = 00000000000000000000000000000000 +Ciphertext = dc95c078a2408989ad48a21492842087 +Security-Category = 5 + +# AES GCM Mode +FIPSversion = >=3.6.0 +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 5bc94fbc3221a5db94fae95ae7121a47 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091 +NextIV = cafebabefacedbaddecaf888 +Security-Category = 1 + +FIPSversion = >=3.6.0 +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = dcf566ff291c25bbb8568fc3d376a6d9 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b +Security-Category = 3 + +FIPSversion = >=3.6.0 +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = a44a8266ee1c8eb0c8b5d4cf5ae9f19a +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f +Security-Category = 5 + +# AES GCM SIV Mode + +Availablein = default +Cipher = aes-128-gcm-siv +Key = 01000000000000000000000000000000 +IV = 030000000000000000000000 +Tag = 1a8e45dcd4578c667cd86847bf6155ff +Plaintext = 0100000000000000000000000000000002000000000000000000000000000000 +Ciphertext = 84e07e62ba83a6585417245d7ec413a9fe427d6315c09b57ce45f2e3936a9445 +Security-Category = 1 + +Availablein = default +Cipher = aes-256-gcm-siv +AAD = 01 +Key = 0100000000000000000000000000000000000000000000000000000000000000 +IV = 030000000000000000000000 +Tag = 03332742b228c647173616cfd44c54eb +Plaintext = 020000000000000000000000000000000300000000000000000000000000000004000000000000000000000000000000 +Ciphertext = c67a1f0f567a5198aa1fcc8e3f21314336f7f51ca8b1af61feac35a86416fa47fbca3b5f749cdf564527f2314f42fe25 +Security-Category = 5 + +# AES OCB Mode + +Availablein = default +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 0001020304050607 +Tag = 16DC76A46D47E1EAD537209E8A96D14E +Plaintext = 0001020304050607 +Ciphertext = 92B657130A74B85A +Security-Category = 1 + +# AES OFB Mode + +FIPSversion = >=3.6.0 +Cipher = aes-128-ofb +Key = 2b7e151628aed2a6abf7158809cf4f3c +IV = 000102030405060708090a0b0c0d0e0f +Plaintext = 6bc1bee22e409f96e93d7e117393172a +Ciphertext = 3b3fd92eb72dad20333449f8e83cfb4a +Security-Category = 1 + +FIPSversion = >=3.6.0 +Cipher = aes-192-ofb +Key = 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b +IV = 000102030405060708090a0b0c0d0e0f +Plaintext = 6bc1bee22e409f96e93d7e117393172a +Ciphertext = cdc80d6fddf18cab34c25909c99a4174 +Security-Category = 3 + +FIPSversion = >=3.6.0 +Cipher = aes-256-ofb +Key = 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4 +IV = 000102030405060708090a0b0c0d0e0f +Plaintext = 6bc1bee22e409f96e93d7e117393172a +Ciphertext = dc7e84bfda79164b7ecd8486985d3860 +Security-Category = 5 + +# AES WRAP Mode + +FIPSversion = >=3.6.0 +Cipher = id-aes128-wrap +Key = 000102030405060708090A0B0C0D0E0F +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5 +Security-Category = 1 + +FIPSversion = >=3.6.0 +Cipher = id-aes192-wrap +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D +Security-Category = 3 + +FIPSversion = >=3.6.0 +Cipher = id-aes256-wrap +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7 +Security-Category = 5 + +# ARIA + +Availablein = default +Cipher = ARIA-128-ECB +Key = 000102030405060708090a0b0c0d0e0f +Plaintext = 00112233445566778899aabbccddeeff +Ciphertext = d718fbd6ab644c739da95f3be6451778 +Security-Category = 1 + +Availablein = default +Cipher = ARIA-192-ECB +Key = 000102030405060708090a0b0c0d0e0f1011121314151617 +Plaintext = 00112233445566778899aabbccddeeff +Ciphertext = 26449c1805dbe7aa25a468ce263a9e79 +Security-Category = 3 + +Availablein = default +Cipher = ARIA-256-ECB +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +Plaintext = 00112233445566778899aabbccddeeff +Ciphertext = f92bd7c79fb72e2f2b8f80c1972d24fc +Security-Category = 5 + +Availablein = default +Cipher = ARIA-128-CBC +Key = 00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 49d61860b14909109cef0d22a9268134fadf9fb23151e9645fba75018bdb1538b53334634bbf7d4cd4b5377033060c155fe3948ca75de1031e1d85619e0ad61eb419a866b3c2dbfd10a4ed18b22149f75897f0b8668b0c1c542c687778835fb7cd46e45f85eaa7072437dd9fa6793d6f8d4ccefc4eb1ac641ac1bd30b18c6d64c49bca137eb21c2e04da62712ca2b4f540c57112c38791852cfac7a5d19ed83a +NextIV = 40c57112c38791852cfac7a5d19ed83a +Security-Category = 1 + +Availablein = default +Cipher = ARIA-128-CFB +Key = 00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 3720e53ba7d615383406b09f0a05a200c07c21e6370f413a5d132500a68285017c61b434c7b7ca9685a51071861e4d4bb873b599b479e2d573dddeafba89f812ac6a9e44d554078eb3be94839db4b33da3f59c063123a7ef6f20e10579fa4fd239100ca73b52d4fcafeadee73f139f78f9b7614c2b3b9dbe010f87db06a89a9435f79ce8121431371f4e87b984e0230c22a6dacb32fc42dcc6accef33285bf11 +NextIV = 22a6dacb32fc42dcc6accef33285bf11 +Security-Category = 1 + +Availablein = default +Cipher = ARIA-128-CFB8 +Key = 00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 373c8f6a965599ec785cc8f8149f6c81b632ccb8e0c6eb6a9707ae52c59257a41f94701c1096933127a90195ed0c8e98690547572423bb45c3d70e4a18ee56b967c10e000ba4df5fba7c404134a343d8375d04b151d161ef83417fe1748447d30a6723c406733df7d18aa39a20752d2381942e244811bb97f72eae446b1815aa690cd1b1adcbd007c0088ecdc91cb2e2caf0e11e72459878137eea64ac62a9a1 +Security-Category = 1 + +Availablein = default +Cipher = ARIA-128-OFB +Key = 00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 3720e53ba7d615383406b09f0a05a2000063063f0560083483faeb041c8adecef30cf80cefb002a0d280759168ec01db3d49f61aced260bd43eec0a2731730eec6fa4f2304319cf8ccac2d7be7833e4f8ae6ce967012c1c6badc5d28e7e4144f6bf5cebe01253ee202afce4bc61f28dec069a6f16f6c8a7dd2afae44148f6ff4d0029d5c607b5fa6b8c8a6301cde5c7033565cd0b8f0974ab490b236197ba04a +NextIV = 66030985743c5b86e1c5e763c4a67d97 +Security-Category = 1 + +Availablein = default +Cipher = ARIA-128-CTR +Key = 00112233445566778899aabbccddeeff +IV = 00000000000000000000000000000000 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = ac5d7de805a0bf1c57c854501af60fa11497e2a34519dea1569e91e5b5ccae2ff3bfa1bf975f4571f48be191613546c3911163c085f871f0e7ae5f2a085b81851c2a3ddf20ecb8fa51901aec8ee4ba32a35dab67bb72cd9140ad188a967ac0fbbdfa94ea6cce47dcf8525ab5a814cfeb2bb60ee2b126e2d9d847c1a9e96f9019e3e6a7fe40d3829afb73db1cc245646addb62d9b907baaafbe46a73dbc131d3d +NextIV = 0000000000000000000000000000000a +Security-Category = 1 + +Availablein = default +Cipher = ARIA-192-ECB +Key = 00112233445566778899aabbccddeeff0011223344556677 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 8d1470625f59ebacb0e55b534b3e462b5f23d33bff78f46c3c15911f4a21809aaccad80b4bda915aa9dae6bcebe06a6c83f77fd5391acfe61de2f646b5d447edbfd5bb49b12fbb9145b227895a757b2af1f7188734863d7b8b6ede5a5b2f06a0a233c8523d2db778fb31b0e311f32700152f33861e9d040c83b5eb40cd88ea49975709dc629365a189f78a3ec40345fc6a5a307a8f9a4413091e007eca5645a0 +Security-Category = 3 + +Availablein = default +Cipher = ARIA-192-CBC +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = afe6cf23974b533c672a826264ea785f4e4f7f780dc7f3f1e0962b80902386d514e9c3e77259de92dd1102ffab086c1ea52a71260db5920a83295c25320e421147ca45d532f327b856ea947cd2196ae2e040826548b4c891b0ed0ca6e714dbc4631998d548110d666b3d54c2a091955c6f05beb4f62309368696c9791fc4c551564a2637f194346ec45fbca6c72a5b4612e208d531d6c34cc5c64eac6bd0cf8c +NextIV = 12e208d531d6c34cc5c64eac6bd0cf8c +Security-Category = 3 + +Availablein = default +Cipher = ARIA-192-CFB +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 4171f7192bf4495494d2736129640f5c4d87a9a213664c9448477c6ecc2013598d9766952dd8c3868f17e36ef66fd84bfa45d1593d2d6ee3ea2115047d710d4fb66187caa3a315b3c8ea2d313962edcfe5a3e2028d5ba9a09fd5c65c19d3440e477f0cab0628ec6902c73ee02f1afee9f80115be7b9df82d1e28228e28581a20560e195cbb9e2b327bf56fd2d0ae5502e42c13e9b4015d4da42dc859252e7da4 +NextIV = e42c13e9b4015d4da42dc859252e7da4 +Security-Category = 3 + +Availablein = default +Cipher = ARIA-192-CFB8 +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 411d3b4f57f705aa4d13c46e2cf426af7c8c916ed7923d889f0047bbf11471b6d54f8757ef519339105be3cb69babb976a57d5631fc23cc3051fe9d36e8b8e27a2b2c0c4d31928ccbf30ea8239b46ba1b77f6198e7ecd2ce27b35958148e826f06aaf385bd30362ff141583e7c1d8924d44d36a1133094074631e18adafa9d2e55de98f6895c89d4266ebd33f3d4be5153a96fa12132ece2e81e66e55baa7ade +Security-Category = 3 + +Availablein = default +Cipher = ARIA-192-OFB +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 4171f7192bf4495494d2736129640f5cc224d26d364b5a06ddde13d0f1e74faa846de354c63cda77469d1a2d425c47ff41734c71b3fa1fcdc11e0b2de22bfeed54898e233df652c75ae136e61de6524e62b3f806fb2e8e616eb410a1b9500537e327ffb04f19f7f82fde2b122100261f81b82723bf936be7beaaf3067d1c036001f1ade71422268d274d7dc6c6ae1970b27a5f2c2f39c1d241fe8cac5ccd74e9 +NextIV = e72f0a79e3f50d1e14abd9f98110a934 +Security-Category = 3 + +Availablein = default +Cipher = ARIA-192-CTR +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 00000000000000000000000000000000 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 08625ca8fe569c19ba7af3760a6ed1cef4d199263e999dde14082dbba7560b79a4c6b456b8707dce751f9854f18893dfdb3f4e5afa539733e6f1e70b98ba37891f8f81e95df8efc26c7ce043504cb18958b865e4e316cd2aa1c97f31bf23dc046ef326b95a692a191ba0f2a41c5fe9ae070f236ff7078e703b42666caafbdd20bad74ac4c20c0f46c7ca24c151716575c947da16c90cfe1bf217a41cfebe7531 +NextIV = 0000000000000000000000000000000a +Security-Category = 3 + +Availablein = default +Cipher = ARIA-256-ECB +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 58a875e6044ad7fffa4f58420f7f442d8e191016f28e79aefc01e204773280d7018e5f7a938ec30711719953bae86542cd7ebc752474c1a5f6eaaace2a7e29462ee7dfa5afdb84177ead95ccd4b4bb6e1ed17b9534cff0a5fc2941429cfee2ee49c7adbeb7e9d1b0d2a8531d942079596a27ed79f5b1dd13ecd604b07a48885a3afa0627a0e4e60a3c703af292f1baa77b702f16c54aa74bc727ea95c7468b00 +Security-Category = 5 + +Availablein = default +Cipher = ARIA-256-CBC +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 523a8a806ae621f155fdd28dbc34e1ab7b9b42432ad8b2efb96e23b13f0a6e52f36185d50ad002c5f601bee5493f118b243ee2e313642bffc3902e7b2efd9a12fa682edd2d23c8b9c5f043c18b17c1ec4b5867918270fbec1027c19ed6af833da5d620994668ca22f599791d292dd6273b2959082aafb7a996167cce1eec5f0cfd15f610d87e2dda9ba68ce1260ca54b222491418374294e7909b1e8551cd8de +NextIV = 222491418374294e7909b1e8551cd8de +Security-Category = 5 + +Availablein = default +Cipher = ARIA-256-CFB +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 26834705b0f2c0e2588d4a7f09009635f28bb93d8c31f870ec1e0bdb082b66fa402dd9c202be300c4517d196b14d4ce11dce97f7aaba54341b0d872cc9b63753a3e8556a14be6f7b3e27e3cfc39caf80f2a355aa50dc83c09c7b11828694f8e4aa726c528976b53f2c877f4991a3a8d28adb63bd751846ffb2350265e179d4990753ae8485ff9b4133ddad5875b84a90cbcfa62a045d726df71b6bda0eeca0be +NextIV = cbcfa62a045d726df71b6bda0eeca0be +Security-Category = 5 + +Availablein = default +Cipher = ARIA-256-CFB8 +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 26baa33651e1f66434fec88ef27fd2b9a79e246dd89a3ffa00e8bdb37155433e6c24bd0b87d9a85baa9f485ccb984f5ec24d6a3ef5e3c81396177f039cf580dfdb55d6e1c47a28921dfe369e12fd357b289ad3a5544e1c1bd616d454db9c5f91f603373f29d5b2ed1b4b51de80f28537bbd43d5e3b5dd071dc91153cbbe732dfc325821b06ed8acaae656dcf2da9f13e4f29db671476f1e644ff06d9b67d6bd4 +Security-Category = 5 + +Availablein = default +Cipher = ARIA-256-OFB +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 26834705b0f2c0e2588d4a7f0900963584c256815c4292b59f8d3f966a75b52345b4f5f98c785d3f368a8d5ff89b7f950ceab3cd63773c2621d652b8ef98b4196afb2c2b30496bc5b7d9e7f9084f9d855f63a511751c8909e7a6deadbe0a67a4fb89383ca5d209c6f66f793fc471195c476fb9c1eab2ac91e680e454b4f3ed9a67fb52f09c29b965b23cfa6f3f6bbb2a86c6cdbaa2857bf2486f543231892a52 +NextIV = d39398ef6e49b73e1d3a0167ec54f78f +Security-Category = 5 + +Availablein = default +Cipher = ARIA-256-CTR +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 00000000000000000000000000000000 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 30026c329666141721178b99c0a1f1b2f06940253f7b3089e2a30ea86aa3c88f5940f05ad7ee41d71347bb7261e348f18360473fdf7d4e7723bffb4411cc13f6cdd89f3bc7b9c768145022c7a74f14d7c305cd012a10f16050c23f1ae5c23f45998d13fbaa041e51619577e0772764896a5d4516d8ffceb3bf7e05f613edd9a60cdcedaff9cfcaf4e00d445a54334f73ab2cad944e51d266548e61c6eb0aa1cd +NextIV = 0000000000000000000000000000000a +Security-Category = 5 + +Availablein = default +Cipher = ARIA-128-GCM +Key = e91e5e75da65554a48181f3846349562 +IV = 000020e8f5eb00000000315e +AAD = 8008315ebf2e6fe020e8f5eb +Tag = 5abace3f37f5a736f4be984bbffbedc1 +Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 +Ciphertext = 4d8a9a0675550c704b17d8c9ddc81a5cd6f7da34f2fe1b3db7cb3dfb9697102ea0f3c1fc2dbc873d44bceeae8e4442974ba21ff6789d3272613fb9631a7cf3f14bacbeb421633a90ffbe58c2fa6bdca534f10d0de0502ce1d531b6336e58878278531e5c22bc6c85bbd784d78d9e680aa19031aaf89101d669d7a3965c1f7e16229d7463e0535f4e253f5d18187d40b8ae0f564bd970b5e7e2adfb211e89a953 +Security-Category = 1 + +Availablein = default +Cipher = ARIA-256-GCM +Key = 0c5ffd37a11edc42c325287fc0604f2e3e8cd5671a00fe3216aa5eb105783b54 +IV = 000020e8f5eb00000000315e +AAD = 8008315ebf2e6fe020e8f5eb +Tag = e210d6ced2cf430ff841472915e7ef48 +Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 +Ciphertext = 6f9e4bcbc8c85fc0128fb1e4a0a20cb9932ff74581f54fc013dd054b19f99371425b352d97d3f337b90b63d1b082adeeea9d2d7391897d591b985e55fb50cb5350cf7d38dc27dda127c078a149c8eb98083d66363a46e3726af217d3a00275ad5bf772c7610ea4c23006878f0ee69a8397703169a419303f40b72e4573714d19e2697df61e7c7252e5abc6bade876ac4961bfac4d5e867afca351a48aed52822 +Security-Category = 5 + +Availablein = default +Cipher = ARIA-128-CCM +Key = 974bee725d44fc3992267b284c3c6750 +IV = 000020e8f5eb00000000315e +AAD = 8008315ebf2e6fe020e8f5eb +Tag = 40f04b6467e300f6b336aedf9df4185b +Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 +Ciphertext = 621e408a2e455505b39f704dcbac4307daabbd6d670abc4e42f2fd2fca263f094f4683e6fb0b10c5093d42b69dce0ba546520e7c4400975713f3bde93ef131160b9cbcd6df78a1502be7c6ea8d395b9ed0078819c3105c0ab92cb67b16ba51bb1f53508738bf7a37c9a905439b88b7af9d51a407916fdfea8d43bf253721846dc1671391225fc58d9d0693c8ade6a4ffb034ee6543dd4e651b7a084eae60f855 +Security-Category = 1 + +Availablein = default +Cipher = ARIA-256-CCM +Key = 0c5ffd37a11edc42c325287fc0604f2e3e8cd5671a00fe3216aa5eb105783b54 +IV = 000020e8f5eb00000000315e +AAD = 8008315ebf2e6fe020e8f5eb +Tag = 87b6bd222c55365a9c7d0b215b77ea41 +Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 +Ciphertext = ff78128ee18ee3cb9fb0d20726a017ff67fbd09d3a4c38aa32f6d306d3fdda378e459b83ed005507449d6cd981a4c1e3ff4193870c276ef09b6317a01a2283206ae4b4be0d0b235422c8abb00122410656b75e1ffc7fb49c0d0c5d6169aa7623610579968037aee8e83fc26264ea866590fd620aa3c0a5f323d953aa7f8defb0d0d60ab5a9de44dbaf8eae74ea3ab5f30594154f405fd630aa4c4d5603efdfa1 +Security-Category = 5 + +# Blowfish + +Availablein = legacy +Cipher = BF-ECB +Key = 000102030405060708090a0b0c0d0e0f +Plaintext = 0f0e0c0d0b0a09080706050403020100 +Ciphertext = 079590e0010626685653b9b6c2a406e0 +Security-Category = 0 + +Availablein = legacy +Cipher = BF-CBC +Key = 000102030405060708090a0b0c0d0e0f +IV = 0101010101010101 +Plaintext = 0f0e0c0d0b0a09080706050403020100 +Ciphertext = 39c65006742b62a49f7a40ff69749c0a +Security-Category = 0 + +Availablein = legacy +Cipher = BF-OFB +Key = 0001020304050607 +IV = 0101010101010101 +Plaintext = 0f0e0c0d0b0a09080706050403020100 +Ciphertext = 27be8331cdc52dc61724029d302b9358 +Security-Category = 0 + +Availablein = legacy +Cipher = BF-OFB +Key = 000102030405060700000000 +IV = 0101010101010101 +Plaintext = 0f0e0c0d0b0a09080706050403020100 +Ciphertext = f108f229cc1cbe228aa3b2407979289a +Security-Category = 0 + +# Camellia + +Availablein = default +Cipher = CAMELLIA-128-ECB +Key = 0123456789abcdeffedcba9876543210 +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = 67673138549669730857065648eabe43 +Security-Category = 1 + +Availablein = default +Cipher = CAMELLIA-192-ECB +Key = 0123456789abcdeffedcba98765432100011223344556677 +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = b4993401b3e996f84ee5cee7d79b09b9 +Security-Category = 3 + +Availablein = default +Cipher = CAMELLIA-256-ECB +Key = 0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = 9acc237dff16d76c20ef7c919e3a7509 +Security-Category = 5 + +Availablein = default +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 1607CF494B36BBF00DAEB0B503C831AB +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = A2F2CF671629EF7840C5A5DFB5074887 +NextIV = a2f2cf671629ef7840c5a5dfb5074887 +Security-Category = 1 + +Availablein = default +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 2A4830AB5AC4A1A2405955FD2195CF93 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 5D5A869BD14CE54264F892A6DD2EC3D5 +NextIV = 5d5a869bd14ce54264f892a6dd2ec3d5 +Security-Category = 3 + +Availablein = default +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E6CFA35FC02B134A4D2C0B6737AC3EDA +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 36CBEB73BD504B4070B1B7DE2B21EB50 +NextIV = 36cbeb73bd504b4070b1b7de2b21eb50 +Security-Category = 5 + +Availablein = default +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 14F7646187817EB586599146B82BD719 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = A53D28BB82DF741103EA4F921A44880B +NextIV = a53d28bb82df741103ea4f921a44880b +Security-Category = 1 + +Availablein = default +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = C832BB9780677DAA82D9B6860DCD565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 86F8491627906D780C7A6D46EA331F98 +NextIV = 86f8491627906d780c7a6d46ea331f98 +Security-Category = 3 + +Availablein = default +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4 +NextIV = 555fc3f34bdd2d54c62d9e3bf338c1c4 +Security-Category = 5 + +Availablein = default +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = C776634A60729DC657D12B9FCA801E98 +NextIV = f7be7f0cc32e79d7b22aea86d08a4c77 +Security-Category = 1 + +Availablein = default +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339 +NextIV = 20e33d872b0ede5b69320d02f8561d68 +Security-Category = 3 + +Availablein = default +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E +NextIV = 5b377e2305fa53b4d047a4b1111d73a1 +Security-Category = 5 + +Availablein = default +Cipher = CAMELLIA-128-CTR +Key = 7691BE035E5020A8AC6E618529F9A0DC +IV = 00E0017B27777F3F4A1786F000000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = B19D1FCDCB75EB882F849CE24D85CF739CE64B2B5C9D73F14F2D5D9DCE9889CDDF508696 +Security-Category = 1 + +Availablein = default +Cipher = CAMELLIA-192-CTR +Key = 7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A +IV = 0096B03B020C6EADC2CB500D00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = 7DEF34F7A5D0E415674B7FFCAE67C75DD018B86FF23051E056392A99F35A4CED +Security-Category = 3 + +Availablein = default +Cipher = CAMELLIA-256-CTR +Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884 +IV = 00FAAC24C1585EF15A43D87500000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = D6C30392246F7808A83C2B22A8839E45E51CD48A1CDF406EBC9CC2D3AB834108 +Security-Category = 5 + +Availablein = default +Cipher = CAMELLIA-128-CBC-CTS +CTSMode = CS3 +Key = A7EDCD5397EA6D12B0AFF4CB8DAA57AD +IV = 00000000000000000000000000000000 +Plaintext = 6F2FC3C2A166FD8898967A83DE9596D931 +Ciphertext = 842D21FD950311C0DD464A3F4BE8D6DA88 +Security-Category = 1 + +Availablein = default +Cipher = CAMELLIA-256-CBC-CTS +CTSMode = CS3 +Key = 1D5147F34BB001A04A68A71346E7654E0223A60D90BC2B79B4D87956D47CD42A +IV = 00000000000000000000000000000000 +Plaintext = 644DEF38DA35007275878D216855E228333020627974657320627974657320627974657320627974657320627974 +Ciphertext = 0E44680985855F2D1F1812529CA83BFD8E349DE6FD9ADA0BAAA048D68E265FEBF34AD1255A344999AD37146887A6 +Security-Category = 5 + +# CAST5 + +Availablein = legacy +Cipher = CAST5-CBC +Key = 1f8e4973953f3fb0bd6b16662e9a3c17 +IV = 2fe2b333ceda8f98 +Plaintext = 45cf12964fc824ab76616ae2f4bf0822 +Ciphertext = 327c198b9d0a59456a2194bd21fc3ff0 +Security-Category = 0 + +Availablein = legacy +Cipher = CAST5-CFB +Key = 9f56e19b09dd3fee0e110f71e9967b7a +IV = 1155cf4231bf7ac5 +Plaintext = ad1e4d3162a5084f581117639a13fc35df5449625ffe0f01e57d9a8726875be8515926ffe7449e30cd69ed4ca0c1b8b4486051c2d0fa2f6474a69c0afce2aec349d778a22edf81678145765b714c1b7c197287da56f59141d6978618729e1d89be20ace3de7d9b3c9b2d195ab6bc0fd4 +Ciphertext = ae27a1f299072d0bf7ea533d6ef2b490b78fa926bc5e7195300a2676b8e8a54bacac00d91c1f734ec959c2260dcb123e22b4d10cb810625dff0810f570755cdc520c3eaaa86412b1b382f4ca6c25953144d8a959ee9db4771aad2a1dfc812e3f0016d75d95168629be284adf3734c0b6 +Security-Category = 0 + +Availablein = legacy +Cipher = CAST5-OFB +Key = c9f4ce21b4c7daaa4f93e292dc605bc5 +IV = 5e5a8cf2808c720e +Plaintext = 8e19c5cacd015a662e7f40cdecadbf79a68081c06d9544b41c2dd248e77633b4 +Ciphertext = 834fc0990736575be34b56f7af26a1cc4d801cfd36eb0d0830c5264a7050db77 +Security-Category = 0 + +Availablein = legacy +Cipher = CAST5-ECB +Key = 01234567123456782345 +Plaintext = 0123456789ABCDEF +Ciphertext = EB6A711A2C02271B +Security-Category = 0 + +# CHACHA20 + +Availablein = default +Cipher = chacha20 +Key = 0000000000000000000000000000000000000000000000000000000000000001 +IV = 00000000000000000000000000000000 +Plaintext = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 4540f05a9f1fb296d7736e7b208e3c96eb4fe1834688d2604f450952ed432d41bbe2a0b6ea7566d2a5d1e7e20d42af2c53d792b1c43fea817e9ad275ae546963 +NextIV = 01000000000000000000000000000000 +Security-Category = 5 + +Availablein = default +Cipher = chacha20-poly1305 +Key = 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0 +IV = 000000000102030405060708 +AAD = f33388860000000000004e91 +Tag = 53aee3189d2b747032378a6186feb43f +Plaintext = 496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67 +Ciphertext = 64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c299da65ba25e6a85842bf0440fd98a9a2266b061c4b3a13327c090f9a0789f58aad805275e4378a525f19232bfbfb749ede38480f405cf43ec2f1f8619ebcbc80a89e92a859c7911e674977ab17d4a7126a6b8a477358ff14a344d276ef6e504e10268ac3619fcf90c2d6c03fc2e3d1f290d9bf26c1fa1495dd8f97eec6229a55c2354e4524143551a5cc370a1c622c9390530cff21c3e1ed50c5e3daf97518ccce34156bdbd7eafab8bd417aef25c6c927301731bd319d247a1d5c3186ed10bfd9a7a24bac30e3e4503ed9204154d338b79ea276e7058e7f20f4d4fd1ac93d63f611af7b6d006c2a72add0eedc497b19cb30a198816664f0da00155f2e2d6ac61 +Security-Category = 5 + +# DES + +Availablein = legacy +Cipher = DES-ECB +Key = FFFFFFFFFFFFFFFF +Plaintext = FFFFFFFFFFFFFFFF +Ciphertext = 7359B2163E4EDC58 +Security-Category = 0 + +Availablein = legacy +Cipher = DES-CBC +Key = 0123456789abcdef +IV = 1234567890abcdef +Plaintext = 4e6f772069732074 +Ciphertext = e5c7cdde872bf27c +NextIV = e5c7cdde872bf27c +Security-Category = 0 + +Availablein = legacy +Cipher = DES-CFB8 +Key = 0123456789abcdef +IV = 1234567890abcdef +Plaintext = 4e6f7720697320746865 +Ciphertext = f31fda07011462ee187f +Security-Category = 0 + +Availablein = legacy +Cipher = DES-CFB +Key = 0123456789abcdef +IV = 1234567890abcdef +Plaintext = 4e6f77206973207468652074696d6520666f7220616c6c20 +Ciphertext = f3096249c7f46e51a69e839b1a92f78403467133898ea622 +NextIV = 03467133898ea622 +Security-Category = 0 + +Availablein = default +Cipher = DES-EDE-ECB +Key = 0123456789abcdeffedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 4d1332e49f380e23d80a0d8b2bae5e4e6a0094171abcfc27df2bfd40da9f4e4d +Security-Category = 0 + +Availablein = legacy +Cipher = DES-EDE3-CFB1 +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +IV = 0001020304050607 +Operation = DECRYPT +Plaintext = "Hello World" +Ciphertext = 3CF55D656E9C0664513358 +Security-Category = 0 + +Availablein = legacy +Cipher = DESX-CBC +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4 +Security-Category = 0 + +Availablein = default +Cipher = DES-EDE3-CBC +Operation = ENCRYPT +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 +Security-Category = 0 + +# IDEA + +Availablein = legacy +Cipher = IDEA-CBC +Key = 0700d603a1c514e46b6191ba430a3a0c +IV = aad1583cd91365e3 +Plaintext = 068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91 +Ciphertext = 4af8370c69ae4e45cc5a395e790272d5a5a0895dee1f336f0067963bd9ed55c7 +Security-Category = 1 + +Availablein = legacy +Cipher = IDEA-ECB +Key = E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0E0 +Ciphertext = E0E0E0E0E0E0E0E0 +Plaintext = 242588C5F782A93F +Security-Category = 1 + +Availablein = legacy +Cipher = IDEA-OFB +Key = 7a70cc6b261eeccb05c57117d5763197 +IV = bb7b9667fbd76d5e +Plaintext = 823cbaae3760c85512a3c83fd60bb54b7cfc739b295b63e05ef435d86e19fd15368c89ff08a0f21ce89a728ffb5d75df +Ciphertext = ab6e0f15cedf272c78fbc7fadcc4ba1ded256668b9bc8302dc3312c0149e656e8fea632b8e20f5ae8675106d7761a366 +Security-Category = 1 + +Availablein = legacy +Cipher = IDEA-CFB +Key = 701ccc4c0e36e512ce077f5af6ccb957 +IV = 5337ddeaf89a00dd +Plaintext = cc1172f2f80866d0768b25f70fcf6361aab7c627c8488f97525d7d88949beeea +Ciphertext = 4ec6f34be3335024cbfbbf80f3e7501b8c9f7a6cbd630cf8debba4a4c3f1daa4 +Security-Category = 1 + +# RC2 + +Availablein = legacy +Cipher = RC2-CBC +Key = 0000000000000000 +IV = 0000000000000000 +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = a4085a9f3e710563d1091a1552ba8962 +Security-Category = 0 + +Availablein = legacy +Cipher = RC2-ECB +Key = 0000000000000000 +KeyBits = 63 +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = b406b9037baf2d86982af542e6d70b13 +Security-Category = 0 + +Availablein = legacy +Cipher = RC2-40-CBC +Key = 0000000000 +KeyBits = 63 +IV = 0000000000000000 +Plaintext = 0102030405060708 +Ciphertext = c1d8e65290b2f06d +Security-Category = 0 + +Availablein = legacy +Cipher = RC2-64-CBC +Key = 0000000000000000 +IV = 0000000000000000 +Plaintext = 0102030405060708 +Ciphertext = 191d1abf767bfbe7 +Security-Category = 0 + +Availablein = legacy +Cipher = RC2-CFB +Key = 0000000000000000 +IV = 0000000000000000 +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 81b5cc4d43119e987a2b526ea152f3fe +Security-Category = 0 + +Availablein = legacy +Cipher = RC2-OFB +Key = 0000000000000000 +IV = 0000000000000000 +KeyBits = 63 +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = ebb671fa972288f8f8587d8069d61d58 +NextIV = f051778b65db1357 +Security-Category = 0 + +# RC4 +Availablein = legacy +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 0123456789abcdef +Ciphertext = 75b7878099e0c596 +Security-Category = 0 + +Availablein = legacy +Cipher = RC4-HMAC-MD5 +Key = d48ecc0a163a06626bd1b7e172dfb5b3 +MACKey = 5973581f63768353af37d3f51ec9f6ef +TLSAAD = 90a1b2c3e4f506172803010050 +TLSVersion = 0x0301 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8c5792501fca9d8455160d626dc1a9716 +Operation = ENCRYPT +Security-Category = 0 + +# RC5 + +Availablein = legacy +Cipher = RC5-ECB +Key = 00000000000000000000000000000000 +Plaintext = 0000000000000000 +Ciphertext = 21a5dbee154b8f6d +Security-Category = 0 + +Availablein = legacy +Cipher = RC5-CBC +Key = 00000000000000000000000000000000 +IV = 0000000000000000 +Plaintext = 0000000000000000 +Ciphertext = 21a5dbee154b8f6d +NextIV = 21a5dbee154b8f6d +Security-Category = 0 + +Availablein = legacy +Cipher = RC5-OFB +Key = 00000000000000000000000000000000 +IV = 0000000000000000 +Plaintext = 0000000000000000 +Ciphertext = 21a5dbee154b8f6d +NextIV = 21a5dbee154b8f6d +Security-Category = 0 + +Availablein = legacy +Cipher = RC5-CFB +Key = 0102030405060708090A0B0C0D0E0F10 +IV = 0102030405060708 +Rounds = 8 +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 439945301dfa830885ac2f3cf5e61d0e +Security-Category = 0 + +# SEED + +Availablein = legacy +Cipher = SEED-CBC +Key = ed2401ad22fa255991bafdb01fefd697 +IV = 93eb149f92c9905bae5cd34da06c3c8e +Plaintext = b40d7003d9b6904b35622750c91a24575bb9a632364aa26e3ac0cf3a9c9d0dcb +Ciphertext = f072c5b1a0588c105af8301adcd91dd067f6822155304bf3aad75ceb44341c25 +NextIV = 67f6822155304bf3aad75ceb44341c25 +Security-Category = 1 + +Availablein = legacy +Cipher = SEED-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 00000000000000000000000000000000 +Ciphertext = C11F22F20140505084483597E4370F43 +Security-Category = 1 + +Availablein = legacy +Cipher = SEED-CFB +Key = 085b8af6788fa6bc1a0b47dcf50fbd35 +IV = 58cb2b12bb52c6f14b56da9210524864 +Plaintext = 4b5a872260293312eea1a570fd39c788 +Ciphertext = 5c460dc6a83060ee36ec55c5ce6448c1 +NextIV = 5c460dc6a83060ee36ec55c5ce6448c1 +Security-Category = 1 + +Availablein = legacy +Cipher = SEED-OFB +Key = 7a70cc6b261eeccb05c57117d5763197 +IV = bb7b9667fbd76d5ee204828769a341b1 +Plaintext = 823cbaae3760c85512a3c83fd60bb54b7cfc739b295b63e05ef435d86e19fd15368c89ff08a0f21ce89a728ffb5d75df +Ciphertext = edeae6665592ab617f52e495e9177108399a2d073e0e7d9e4ede0545bdf9294f32a1ac2f4c915b1432024b5ca05cf91d +NextIV = 042d25d04431a908da9839d35b018cc2 +Security-Category = 1 + +# SM4 + +Availablein = default +Cipher = SM4-ECB +Key = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA9876543210 +Ciphertext = 681EDF34D206965E86B3E94F536E4246 +Security-Category = 1 + +Availablein = default +Cipher = SM4-CBC +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 +Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B +Security-Category = 1 + +Availablein = default +Cipher = SM4-OFB +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 +Ciphertext = 693D9A535BAD5BB1786F53D7253A7056F2075D28B5235F58D50027E4177D2BCE +Security-Category = 1 + +Availablein = default +Cipher = SM4-CFB +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 +Ciphertext = 693D9A535BAD5BB1786F53D7253A70569ED258A85A0467CC92AAB393DD978995 +Security-Category = 1 + +Availablein = default +Cipher = SM4-CTR +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA +Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0B17E1B85B060D0FBA612D8A95831638B361FD5FFACD942F081485A83CA35D +Security-Category = 1 + +Availablein = default +Cipher = SM4-GCM +Key = 0123456789abcdeffedcba9876543210 +IV = 00001234567800000000abcd +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 83de3541e4c2b58177e065a9bf7b62ec +Plaintext = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffeeeeeeeeeeeeeeeeaaaaaaaaaaaaaaaa +Ciphertext = 17f399f08c67d5ee19d0dc9969c4bb7d5fd46fd3756489069157b282bb200735d82710ca5c22f0ccfa7cbf93d496ac15a56834cbcf98c397b4024a2691233b8d +Security-Category = 1 + +Availablein = default +Cipher = SM4-CCM +Key = 0123456789abcdeffedcba9876543210 +IV = 00001234567800000000abcd +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 16842d4fa186f56ab33256971fa110f4 +Plaintext = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffeeeeeeeeeeeeeeeeaaaaaaaaaaaaaaaa +Ciphertext = 48af93501fa62adbcd414cce6034d895dda1bf8f132f042098661572e7483094fd12e518ce062c98acee28d95df4416bed31a2f04476c18bb40c84a74b97dc5b +Security-Category = 1 + +Availablein = default +Cipher = SM4-XTS +Key = 2B7E151628AED2A6ABF7158809CF4F3C000102030405060708090A0B0C0D0E0F +IV = F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF +Plaintext = 6BC1BEE22E409F96E93D7E117393172AAE2D8A571E03AC9C9EB76FAC45AF8E5130C81C46A35CE411E5FBC1191A0A52EFF69F2445DF4F9B17 +Ciphertext = E9538251C71D7B80BBE4483FEF497BD12C5C581BD6242FC51E08964FB4F60FDB0BA42F63499279213D318D2C11F6886E903BE7F93A1B3479 +Security-Category = 1 + diff --git a/test/recipes/30-test_evp_data/evpmd_security_category.txt b/test/recipes/30-test_evp_data/evpmd_security_category.txt new file mode 100644 index 0000000000..87b63b607f --- /dev/null +++ b/test/recipes/30-test_evp_data/evpmd_security_category.txt @@ -0,0 +1,209 @@ +# +# Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +Title = Post Quantum Security Strength Category test + +Availablein = default +Digest = BLAKE2s256 +Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a +Output = bdf88eb1f86a0cdf0e840ba88fa118508369df186c7355b4b16cf79fa2710a12 +Security-Category-Collision = 2 +Security-Category-Preimage = 5 + +Availablein = default +Digest = BLAKE2b512 +Input = 6d65737361676520646967657374 +Output = 3c26ce487b1c0f062363afa3c675ebdbf5f4ef9bdc022cfbef91e3111cdc283840d8331fc30a8a0906cff4bcdbcd230c61aaec60fdfad457ed96b709a382359a +Security-Category-Collision = 5 +Security-Category-Preimage = 5 + +Availablein = legacy +Digest = MD2 +Input = "abcdefghijklmnopqrstuvwxyz" +Output = 4e8ddff3650292ab5a4108c3aa47940b +Security-Category-Collision = 0 +Security-Category-Preimage = 0 + +Availablein = legacy +Digest = MD4 +Input = "abcdefghijklmnopqrstuvwxyz" +Output = d79e1c308aa5bbcdeea8ed63df412da9 +Security-Category-Collision = 0 +Security-Category-Preimage = 0 + +Availablein = default +Digest = MD5 +Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a +Output = c3fcd3d76192e4007dfb496cca67e13b +Security-Category-Collision = 0 +Security-Category-Preimage = 0 + +Availablein = default +Digest = MD5-SHA1 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 8215ef0796a20bcaaae116d3876c664a84983e441c3bd26ebaae4aa1f95129e5e54670f1 +Security-Category-Collision = 0 +Security-Category-Preimage = 1 + +Availablein = legacy +Digest = MDC2 +Input = "Now is the time for all " +Output = 42e50cd224baceba760bdd2bd409281a +Security-Category-Collision = 0 +Security-Category-Preimage = 0 + +Availablein = legacy default +Digest = RIPEMD160 +Input = "message digest" +Output = 5d0689ef49d2fae572b881b123a85ffa21595f36 +Security-Category-Collision = 0 +Security-Category-Preimage = 1 + +Availablein = legacy +Digest = whirlpool +Input = "abcdefghijklmnopqrstuvwxyz" +Output = F1D754662636FFE92C82EBB9212A484A8D38631EAD4238F5442EE13B8054E41B08BF2A9251C30B6A0B8AAE86177AB4A6F68F673E7207865D5D9819A3DBA4EB3B +Security-Category-Collision = 5 +Security-Category-Preimage = 5 + +Availablein = default +Digest = SM3 +Input = 0090414C494345313233405941484F4F2E434F4D787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E49863E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A20AE4C7798AA0F119471BEE11825BE46202BB79E2A5844495E97C04FF4DF2548A7C0240F88F1CD4E16352A73C17B7F16F07353E53A176D684A9FE0C6BB798E857 +Output = F4A38489E32B45B6F876E3AC2168CA392362DC8F23459C1D1146FC3DBFB7BC9A +Security-Category-Collision = 2 +Security-Category-Preimage = 5 + +FIPSversion = >=3.6.0 +Digest = SHA1 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 84983e441c3bd26ebaae4aa1f95129e5e54670f1 +Security-Category-Collision = 0 +Security-Category-Preimage = 1 + +FIPSversion = >=3.6.0 +Digest = SHA224 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525 +Security-Category-Collision = 0 +Security-Category-Preimage = 3 + +FIPSversion = >=3.6.0 +Digest = SHA256 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1 +Security-Category-Collision = 2 +Security-Category-Preimage = 5 + +Availablein = default +Digest = SHA256-192 +Input = "abc" +Output = ba7816bf8f01cfea414140de5dae2223b00361a396177a9c +Security-Category-Collision = 0 +Security-Category-Preimage = 1 + +FIPSversion = >=3.6.0 +Digest = SHA384 +Input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +Output = 09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039 +Security-Category-Collision = 4 +Security-Category-Preimage = 5 + +FIPSversion = >=3.6.0 +Digest = SHA512 +Input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +Output = 8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909 +Security-Category-Collision = 5 +Security-Category-Preimage = 5 + +FIPSversion = >=3.6.0 +Digest = SHA512-224 +Input = 6963446913771410 +Output = 21f6c373637e6a5e89d6e88811110c5c3fa12e497144912914c546e1 +Security-Category-Collision = 0 +Security-Category-Preimage = 3 + +FIPSversion = >=3.6.0 +Digest = SHA512-256 +Input = 63188781f4e9cbd1e89a54a65da053b93722e1106f00f024ad1582421ab919326f8a6e17536d6596e3cf413a9231141733e37aae540f8711cefafe489a87c4f2e6fd942f6809f3bef3076763487de48c2ee88733c5bc870617a668c6f01471ed +Output = 91a8e285029085e224987078066486b6c605cbac27e49e84f4639710ddd05d33 +Security-Category-Collision = 2 +Security-Category-Preimage = 5 + +FIPSversion = >=3.6.0 +Digest = SHA3-224 +Input = 31c82d71785b7ca6b651cb6c8c9ad5e2aceb0b0633c088d33aa247ada7a594ff4936c023251319820a9b19fc6c48de8a6f7ada214176ccdaadaeef51ed43714ac0c8269bbd497e46e78bb5e58196494b2471b1680e2d4c6dbd249831bd83a4d3be06c8a2e903933974aa05ee748bfe6ef359f7a143edf0d4918da916bd6f15e26a790cff514b40a5da7f72e1ed2fe63a05b8149587bea05653718cc8980eadbfeca85b7c9c286dd040936585938be7f98219700c83a9443c2856a80ff46852b26d1b1edf72a30203cf6c44a10fa6eaf1920173cedfb5c4cf3ac665b37a86ed02155bbbf17dc2e786af9478fe0889d86c5bfa85a242eb0854b1482b7bd16f67f80bef9c7a628f05a107936a64273a97b0088b0e515451f916b5656230a12ba6dc78 +Output = aab23c9e7fb9d7dacefdfd0b1ae85ab1374abff7c4e3f7556ecae412 +Security-Category-Collision = 0 +Security-Category-Preimage = 3 + +FIPSversion = >=3.6.0 +Digest = SHA3-256 +Input = b1caa396771a09a1db9bc20543e988e359d47c2a616417bbca1b62cb02796a888fc6eeff5c0b5c3d5062fcb4256f6ae1782f492c1cf03610b4a1fb7b814c057878e1190b9835425c7a4a0e182ad1f91535ed2a35033a5d8c670e21c575ff43c194a58a82d4a1a44881dd61f9f8161fc6b998860cbe4975780be93b6f87980bad0a99aa2cb7556b478ca35d1f3746c33e2bb7c47af426641cc7bbb3425e2144820345e1d0ea5b7da2c3236a52906acdc3b4d34e474dd714c0c40bf006a3a1d889a632983814bbc4a14fe5f159aa89249e7c738b3b73666bac2a615a83fd21ae0a1ce7352ade7b278b587158fd2fabb217aa1fe31d0bda53272045598015a8ae4d8cec226fefa58daa05500906c4d85e7567 +Output = cb5648a1d61c6c5bdacd96f81c9591debc3950dcf658145b8d996570ba881a05 +Security-Category-Collision = 2 +Security-Category-Preimage = 5 + +FIPSversion = >=3.6.0 +Digest = SHA3-384 +Input = 5fe35923b4e0af7dd24971812a58425519850a506dfa9b0d254795be785786c319a2567cbaa5e35bcf8fe83d943e23fa5169b73adc1fcf8b607084b15e6a013df147e46256e4e803ab75c110f77848136be7d806e8b2f868c16c3a90c14463407038cb7d9285079ef162c6a45cedf9c9f066375c969b5fcbcda37f02aacff4f31cded3767570885426bebd9eca877e44674e9ae2f0c24cdd0e7e1aaf1ff2fe7f80a1c4f5078eb34cd4f06fa94a2d1eab5806ca43fd0f06c60b63d5402b95c70c21ea65a151c5cfaf8262a46be3c722264b +Output = 3054d249f916a6039b2a9c3ebec1418791a0608a170e6d36486035e5f92635eaba98072a85373cb54e2ae3f982ce132b +Security-Category-Collision = 4 +Security-Category-Preimage = 5 + +FIPSversion = >=3.6.0 +Digest = SHA3-512 +Input = 664ef2e3a7059daf1c58caf52008c5227e85cdcb83b4c59457f02c508d4f4f69f826bd82c0cffc5cb6a97af6e561c6f96970005285e58f21ef6511d26e709889a7e513c434c90a3cf7448f0caeec7114c747b2a0758a3b4503a7cf0c69873ed31d94dbef2b7b2f168830ef7da3322c3d3e10cafb7c2c33c83bbf4c46a31da90cff3bfd4ccc6ed4b310758491eeba603a76 +Output = e5825ff1a3c070d5a52fbbe711854a440554295ffb7a7969a17908d10163bfbe8f1d52a676e8a0137b56a11cdf0ffbb456bc899fc727d14bd8882232549d914e +Security-Category-Collision = 5 +Security-Category-Preimage = 5 + +FIPSversion = >=3.6.0 +Digest = SHAKE128 +Input = a6fe00064257aa318b621c5eb311d32bb8004c2fa1a969d205d71762cc5d2e633907992629d1b69d9557ff6d5e8deb454ab00f6e497c89a4fea09e257a6fa2074bd818ceb5981b3e3faefd6e720f2d1edd9c5e4a5c51e5009abf636ed5bca53fe159c8287014a1bd904f5c8a7501625f79ac81eb618f478ce21cae6664acffb30572f059e1ad0fc2912264e8f1ca52af26c8bf78e09d75f3dd9fc734afa8770abe0bd78c90cc2ff448105fb16dd2c5b7edd8611a62e537db9331f5023e16d6ec150cc6e706d7c7fcbfff930c7281831fd5c4aff86ece57ed0db882f59a5fe403105d0592ca38a081fed84922873f538ee774f13b8cc09bd0521db4374aec69f4bae6dcb66455822c0b84c91a3474ffac2ad06f0a4423cd2c6a49d4f0d6242d6a1890937b5d9835a5f0ea5b1d01884d22a6c1718e1f60b3ab5e232947c76ef70b344171083c688093b5f1475377e3069863 +Output = 3109d9472ca436e805c6b3db2251a9bc +Security-Category-Collision = 2 +Security-Category-Preimage = 2 + +FIPSversion = >=3.6.0 +Digest = SHAKE256 +Input = dc5a100fa16df1583c79722a0d72833d3bf22c109b8889dbd35213c6bfce205813edae3242695cfd9f59b9a1c203c1b72ef1a5423147cb990b5316a85266675894e2644c3f9578cebe451a09e58c53788fe77a9e850943f8a275f830354b0593a762bac55e984db3e0661eca3cb83f67a6fb348e6177f7dee2df40c4322602f094953905681be3954fe44c4c902c8f6bba565a788b38f13411ba76ce0f9f6756a2a2687424c5435a51e62df7a8934b6e141f74c6ccf539e3782d22b5955d3baf1ab2cf7b5c3f74ec2f9447344e937957fd7f0bdfec56d5d25f61cde18c0986e244ecf780d6307e313117256948d4230ebb9ea62bb302cfe80d7dfebabc4a51d7687967ed5b416a139e974c005fff507a96 +Output = 2bac5716803a9cda8f9e84365ab0a681327b5ba34fdedfb1c12e6e807f45284b +Security-Category-Collision = 5 +Security-Category-Preimage = 5 + +FIPSversion = >=3.6.0 +Availablein = default +Digest = KECCAK-224 +Input = 20FF454369A5D05B81A78F3DB05819FEA9B08C2384F75CB0AB6AA115DD690DA3131874A1CA8F708AD1519EA952C1E249CB540D196392C79E87755424FEE7C890808C562722359EEA52E8A12FBBB969DD7961D2BA52037493755A5FA04F0D50A1AA26C9B44148C0D3B94D1C4A59A31ACA15AE8BD44ACB7833D8E91C4B86FA3135A423387B8151B4133ED23F6D7187B50EC2204AD901AD74D396E44274E0ECAFAAE17B3B9085E22260B35CA53B15CC52ABBA758AF6798FBD04ECEECED648F3AF4FDB3DED7557A9A5CFB7382612A8A8F3F45947D1A29CE29072928EC193CA25D51071BD5E1984ECF402F306EA762F0F25282F5296D997658BE3F983696FFA6D095C6369B4DAF79E9A5D3136229128F8EB63C12B9E9FA78AFF7A3E9E19A62022493CD136DEFBB5BB7BA1B938F367FD2F63EB5CA76C0B0FF21B9E36C3F07230CF3C3074E5DA587040A76975D7E39F4494ACE5486FCBF380AB7558C4FE89656335B82E4DB8659509EAB46A19613126E594042732DD4C411F41AA8CDEAC71C0FB40A94E6DA558C05E77B6182806F26D9AFDF3DA00C69419222C8186A6EFAD600B410E6CE2F2A797E49DC1F135319801FA6F396B06F975E2A190A023E474B618E7 +Output = 34A58DDFC5C2222281FA73EB34BFB5E152272CC3AC7FE97AC58C08B0 +Security-Category-Collision = 0 +Security-Category-Preimage = 3 + +FIPSversion = >=3.6.0 +Availablein = default +Digest = KECCAK-256 +Input = 20FF454369A5D05B81A78F3DB05819FEA9B08C2384F75CB0AB6AA115DD690DA3131874A1CA8F708AD1519EA952C1E249CB540D196392C79E87755424FEE7C890808C562722359EEA52E8A12FBBB969DD7961D2BA52037493755A5FA04F0D50A1AA26C9B44148C0D3B94D1C4A59A31ACA15AE8BD44ACB7833D8E91C4B86FA3135A423387B8151B4133ED23F6D7187B50EC2204AD901AD74D396E44274E0ECAFAAE17B3B9085E22260B35CA53B15CC52ABBA758AF6798FBD04ECEECED648F3AF4FDB3DED7557A9A5CFB7382612A8A8F3F45947D1A29CE29072928EC193CA25D51071BD5E1984ECF402F306EA762F0F25282F5296D997658BE3F983696FFA6D095C6369B4DAF79E9A5D3136229128F8EB63C12B9E9FA78AFF7A3E9E19A62022493CD136DEFBB5BB7BA1B938F367FD2F63EB5CA76C0B0FF21B9E36C3F07230CF3C3074E5DA587040A76975D7E39F4494ACE5486FCBF380AB7558C4FE89656335B82E4DB8659509EAB46A19613126E594042732DD4C411F41AA8CDEAC71C0FB40A94E6DA558C05E77B6182806F26D9AFDF3DA00C69419222C8186A6EFAD600B410E6CE2F2A797E49DC1F135319801FA6F396B06F975E2A190A023E474B618E7 +Output = 0EC8D9D20DDF0A7B0251E941A7261B557507FF6287B504362A8F1734C5A91012 +Security-Category-Collision = 2 +Security-Category-Preimage = 5 + +FIPSversion = >=3.6.0 +Availablein = default +Digest = KECCAK-384 +Input = 20FF454369A5D05B81A78F3DB05819FEA9B08C2384F75CB0AB6AA115DD690DA3131874A1CA8F708AD1519EA952C1E249CB540D196392C79E87755424FEE7C890808C562722359EEA52E8A12FBBB969DD7961D2BA52037493755A5FA04F0D50A1AA26C9B44148C0D3B94D1C4A59A31ACA15AE8BD44ACB7833D8E91C4B86FA3135A423387B8151B4133ED23F6D7187B50EC2204AD901AD74D396E44274E0ECAFAAE17B3B9085E22260B35CA53B15CC52ABBA758AF6798FBD04ECEECED648F3AF4FDB3DED7557A9A5CFB7382612A8A8F3F45947D1A29CE29072928EC193CA25D51071BD5E1984ECF402F306EA762F0F25282F5296D997658BE3F983696FFA6D095C6369B4DAF79E9A5D3136229128F8EB63C12B9E9FA78AFF7A3E9E19A62022493CD136DEFBB5BB7BA1B938F367FD2F63EB5CA76C0B0FF21B9E36C3F07230CF3C3074E5DA587040A76975D7E39F4494ACE5486FCBF380AB7558C4FE89656335B82E4DB8659509EAB46A19613126E594042732DD4C411F41AA8CDEAC71C0FB40A94E6DA558C05E77B6182806F26D9AFDF3DA00C69419222C8186A6EFAD600B410E6CE2F2A797E49DC1F135319801FA6F396B06F975E2A190A023E474B618E7 +Output = 5975FA4BCEFC79FADC79CCF1254BBA9EAC252E24C7DEC7EB8972D265EFAD3F6CF648C49DFFF5453AD27D62FF867A2F03 +Security-Category-Collision = 4 +Security-Category-Preimage = 5 + +FIPSversion = >=3.6.0 +Availablein = default +Digest = KECCAK-512 +Input = 20FF454369A5D05B81A78F3DB05819FEA9B08C2384F75CB0AB6AA115DD690DA3131874A1CA8F708AD1519EA952C1E249CB540D196392C79E87755424FEE7C890808C562722359EEA52E8A12FBBB969DD7961D2BA52037493755A5FA04F0D50A1AA26C9B44148C0D3B94D1C4A59A31ACA15AE8BD44ACB7833D8E91C4B86FA3135A423387B8151B4133ED23F6D7187B50EC2204AD901AD74D396E44274E0ECAFAAE17B3B9085E22260B35CA53B15CC52ABBA758AF6798FBD04ECEECED648F3AF4FDB3DED7557A9A5CFB7382612A8A8F3F45947D1A29CE29072928EC193CA25D51071BD5E1984ECF402F306EA762F0F25282F5296D997658BE3F983696FFA6D095C6369B4DAF79E9A5D3136229128F8EB63C12B9E9FA78AFF7A3E9E19A62022493CD136DEFBB5BB7BA1B938F367FD2F63EB5CA76C0B0FF21B9E36C3F07230CF3C3074E5DA587040A76975D7E39F4494ACE5486FCBF380AB7558C4FE89656335B82E4DB8659509EAB46A19613126E594042732DD4C411F41AA8CDEAC71C0FB40A94E6DA558C05E77B6182806F26D9AFDF3DA00C69419222C8186A6EFAD600B410E6CE2F2A797E49DC1F135319801FA6F396B06F975E2A190A023E474B618E7 +Output = 116AE94C86F68F96B8AEF298A9F5852CC9913A2AD3C3C344F28DCC9B29292A716FAF51DD04A9433D8A12572E1DBC581A7CDC4E50BC1CA9051DDBC121F2E864E2 +Security-Category-Collision = 5 +Security-Category-Preimage = 5 diff --git a/util/libcrypto.num b/util/libcrypto.num index d1667ee2a6..e69f2279c4 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5926,10 +5926,13 @@ OSSL_AA_DIST_POINT_it ? 3_5_0 EXIST::FUNCTION: PEM_ASN1_write_bio_ctx ? 3_5_0 EXIST::FUNCTION: EVP_PKEY_get_security_category ? 3_6_0 EXIST::FUNCTION: X509_STORE_CTX_set_ocsp_resp ? 3_6_0 EXIST::FUNCTION:OCSP +EVP_CIPHER_get_security_category ? 3_6_0 EXIST::FUNCTION: OPENSSL_sk_set_thunks ? 3_6_0 EXIST::FUNCTION: i2d_PKCS8PrivateKey ? 3_6_0 EXIST::FUNCTION: OSSL_PARAM_set_octet_string_or_ptr ? 3_6_0 EXIST::FUNCTION: OSSL_STORE_LOADER_settable_ctx_params ? 3_6_0 EXIST::FUNCTION: +EVP_MD_get_security_category_collision ? 3_6_0 EXIST::FUNCTION: +EVP_MD_get_security_category_preimage ? 3_6_0 EXIST::FUNCTION: X509_CRL_get0_tbs_sigalg ? 3_6_0 EXIST::FUNCTION: CMS_RecipientInfo_kemri_cert_cmp ? 3_6_0 EXIST::FUNCTION:CMS CMS_RecipientInfo_kemri_set0_pkey ? 3_6_0 EXIST::FUNCTION:CMS diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm index 203c6f73b3..53e723f5c5 100644 --- a/util/perl/OpenSSL/paramnames.pm +++ b/util/perl/OpenSSL/paramnames.pm @@ -113,6 +113,7 @@ my %params = ( 'CIPHER_PARAM_TLS_MAC_SIZE' => "tls-mac-size",# size_t 'CIPHER_PARAM_MODE' => "mode", # uint 'CIPHER_PARAM_BLOCK_SIZE' => "blocksize", # size_t + 'CIPHER_PARAM_SECURITY_CATEGORY' => '*ALG_PARAM_SECURITY_CATEGORY', 'CIPHER_PARAM_AEAD' => "aead", # int, 0 or 1 'CIPHER_PARAM_CUSTOM_IV' => "custom-iv", # int, 0 or 1 'CIPHER_PARAM_CTS' => "cts", # int, 0 or 1 @@ -171,6 +172,8 @@ my %params = ( 'DIGEST_PARAM_SIZE' => "size", # size_t 'DIGEST_PARAM_XOF' => "xof", # int, 0 or 1 'DIGEST_PARAM_ALGID_ABSENT' => "algid-absent", # int, 0 or 1 + 'DIGEST_PARAM_SECURITY_CATEGORY_COLLISION' => "collision-security-category", # Security Category + 'DIGEST_PARAM_SECURITY_CATEGORY_PREIMAGE' => "preimage-security-category", # Security Category # MAC parameters 'MAC_PARAM_KEY' => "key", # octet string